wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11428 commits 20 branches 302 tags 153 MiB
Commit graph

129 commits

Author SHA1 Message Date
Richard Levitte
53332a75d1 Clear warnings/errors within KSSL_DEBUG code sections 
Reviewed-by: Andy Polyakov <appro@openssl.org>
 2014-12-17 14:17:54 +01:00
Richard Levitte
0c403e80a9 Clear warnings/errors within CIPHER_DEBUG code sections 
Reviewed-by: Andy Polyakov <appro@openssl.org>
 2014-12-17 14:17:54 +01:00
Matt Caswell
f74f5c8586 Add more meaningful OPENSSL_NO_ECDH error message for suite b mode 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit db812f2d70)
 2014-12-16 14:17:32 +00:00
Matt Caswell
a38ae11c48 Add OPENSSL_NO_ECDH guards 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit af6e2d51bf)
 2014-12-16 14:17:12 +00:00
Daniel Kahn Gillmor
0ec6898c67 Allow ECDHE and DHE as forward-compatible aliases for EECDH and EDH 
see RT #3203

Future versions of OpenSSL use the canonical terms "ECDHE" and "DHE"
as configuration strings and compilation constants.  This patch
introduces aliases so that the stable 1.0.2 branch can be
forward-compatible with code and configuration scripts that use the
normalized terms, while avoiding changing any library output for
stable users.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-11-10 10:58:49 +01:00
Dr. Stephen Henson
fa2b54c83a Use more common name for GOST key exchange. 
(cherry picked from commit 7aabd9c92fe6f0ea2a82869e5171dcc4518cee85)
 2014-07-14 18:31:55 +01:00
Peter Mosmans
2fbd94252a Add names of GOST algorithms. 
PR#3440
(cherry picked from commit 924e5eda2c)
 2014-07-13 18:31:09 +01:00
Thijs Alkemade
8f243ab6c1 Make disabling last cipher work. 
(cherry picked from commit 7cb472bd0d)
 2014-07-02 03:32:42 +01:00
Miod Vallat
d15f2d98ef Fix off-by-one errors in ssl_cipher_get_evp() 
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

Bug discovered and fixed by Miod Vallat from the OpenBSD team.

PR#3375
 2014-06-22 23:18:15 +01:00
Matt Caswell
00f5ee445b Revert "Fix off-by-one errors in ssl_cipher_get_evp()" 
This reverts commit 3d86077427.

Incorrect attribution.
 2014-06-22 23:17:40 +01:00
Kurt Cancemi
3d86077427 Fix off-by-one errors in ssl_cipher_get_evp() 
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

PR#3375
 2014-06-12 21:12:43 +01:00
Dr. Stephen Henson
f472ada006 SRP ciphersuite correction. 
SRP ciphersuites do not have no authentication. They have authentication
based on SRP. Add new SRP authentication flag and cipher string.
(cherry picked from commit a86b88acc373ac1fb0ca709a5fb8a8fa74683f67)
 2014-06-09 12:09:51 +01:00
Dr. Stephen Henson
976c58302b Add function to free compression methods. 
Although the memory allocated by compression methods is fixed and
cannot grow over time it can cause warnings in some leak checking
tools. The function SSL_COMP_free_compression_methods() will free
and zero the list of supported compression methods. This should
*only* be called in a single threaded context when an application
is shutting down to avoid interfering with existing contexts
attempting to look up compression methods.
 2014-03-01 23:14:08 +00:00
Dr. Stephen Henson
c41e242e5c Return previous compression methods when setting them. 
(cherry picked from commit b45e874d7c)
 2014-02-06 13:58:18 +00:00
Andy Polyakov
9071b36d9a Add AES-NI+SHA256 stitch registrations (from master). 2014-02-02 00:05:02 +01:00
Dr. Stephen Henson
9f1979b94a New function to set compression methods so they can be safely freed. 
(cherry picked from commit cbb6744827)
 2014-01-27 14:32:44 +00:00
Dr. Stephen Henson
d307176931 Suite B support for DTLS 1.2 
Check for Suite B support using method flags instead of version numbers:
anything supporting TLS 1.2 cipher suites will also support Suite B.

Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
(cherry picked from commit 4544f0a691)
 2013-09-18 13:46:03 +01:00
Dr. Stephen Henson
5b430cfc44 Make no-ec compilation work. 
(cherry picked from commit 14536c8c9c)
 2013-08-19 14:13:38 +01:00
Dr. Stephen Henson
50b5966e57 Add support for broken protocol tests (backport from master branch) 2013-01-15 16:18:13 +00:00
Dr. Stephen Henson
b79df62eff return error if Suite B mode is selected and TLS 1.2 can't be used. 
(backport from HEAD)
 2012-12-26 17:39:02 +00:00
Dr. Stephen Henson
e3c76874ad set auto ecdh parameter selction for Suite B 
(backport from HEAD)
 2012-12-26 17:35:02 +00:00
Dr. Stephen Henson
4347394a27 add Suite B 128 bit mode offering only combination 2 
(backport from HEAD)
 2012-12-26 17:34:50 +00:00
Dr. Stephen Henson
1520e6c084 Add ctrl and utility functions to retrieve raw cipher list sent by client in 
client hello message. Previously this could only be retrieved on an initial
connection and it was impossible to determine the cipher IDs of any uknown
ciphersuites.
(backport from HEAD)
 2012-12-26 16:25:06 +00:00
Dr. Stephen Henson
67d9dcf003 perform sanity checks on server certificate type as soon as it is received instead of waiting until server key exchange 
(backport from HEAD)
 2012-12-26 16:22:19 +00:00
Dr. Stephen Henson
ccf6a19e2d Add three Suite B modes to TLS code, supporting RFC6460. 
(backport from HEAD)
 2012-12-26 16:17:40 +00:00
Dr. Stephen Henson
6f539399ef add "missing" TLSv1.2 cipher alias 2012-11-15 19:15:07 +00:00
Dr. Stephen Henson
a56f9a612b Don't try to use unvalidated composite ciphers in FIPS mode 2012-04-26 18:51:26 +00:00
Dr. Stephen Henson
0ffa49970b Backport support for fixed DH ciphersuites (from HEAD) 2012-04-06 11:33:12 +00:00
Andy Polyakov
1b0ae81f4a ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444) [from HEAD]. 
PR: 2778
 2012-04-04 20:50:58 +00:00
Bodo Möller
9f2b453338 Resolve a stack set-up race condition (if the list of compression 
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
 2011-12-02 12:51:41 +00:00
Dr. Stephen Henson
58e4205d6c disable GCM if not available 2011-10-10 12:40:13 +00:00
Dr. Stephen Henson
aed53d6c5a Backport GCM support from HEAD. 2011-08-04 11:13:28 +00:00
Dr. Stephen Henson
c8c6e9ecd9 Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and 
prohibit use of these ciphersuites for TLS < 1.2
 2011-07-25 21:45:17 +00:00
Andy Polyakov
90f3e4cf05 Back-port TLS AEAD framework [from HEAD]. 2011-07-21 19:22:57 +00:00
Dr. Stephen Henson
7043fa702f add FIPS support to ssl: doesn't do anything on this branch yet as there is no FIPS compilation support 2011-05-19 18:22:16 +00:00
Dr. Stephen Henson
9472baae0d Backport TLS v1.2 support from HEAD. 
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
 2011-05-11 13:37:52 +00:00
Dr. Stephen Henson
74096890ba Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN 
all ssl related structures are opaque and internals cannot be directly
accessed. Many applications will need some modification to support this and
most likely some additional functions added to OpenSSL.

The advantage of this option is that any application supporting it will still
be binary compatible if SSL structures change.

(backport from HEAD).
 2011-05-11 12:56:38 +00:00
Ben Laurie
a149b2466e Add SRP. 2011-03-16 11:26:40 +00:00
Dr. Stephen Henson
e97359435e Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
a131de9bb2 PR: 2025 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Constify SSL_CIPHER_description
 2009-09-12 23:18:09 +00:00
Dr. Stephen Henson
9d80aa7e3f Update from 0.9.8-stable 2009-04-07 12:10:59 +00:00
Dr. Stephen Henson
78625cac82 Submitted by: Victor Duchovni <Victor.Duchovni@morganstanley.com> 
Reviewed by: steve@openssl.org

Check return value of sk_SSL_COMP_find() properly.
 2009-03-12 17:30:29 +00:00
Lutz Jänicke
fceac0bc74 Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP 
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
 2009-01-05 14:43:05 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should 
test for them!
 2008-12-29 16:11:58 +00:00
Dr. Stephen Henson
70531c147c Make no-engine work again. 2008-12-20 17:04:40 +00:00
Dr. Stephen Henson
349e78e2e8 Stop warning about different const qualifiers. 2008-11-24 17:39:42 +00:00
Ben Laurie
bfaead2b12 Fix warning. 2008-10-29 05:10:09 +00:00
Dr. Stephen Henson
ab7e09f59b Win32 fixes... add new directory to build system. Fix warnings. 2008-10-27 12:31:13 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
3ad74edce8 Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new 
strength "FIPS" to represent all FIPS approved ciphersuites without NULL
encryption.
 2008-09-10 16:02:09 +00:00