Dr. Stephen Henson
a8cb8177f6
PR: 2505
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS session resumption timer bug.
2011-05-25 12:24:43 +00:00
Dr. Stephen Henson
277f8a34f4
use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS
2011-05-25 11:43:17 +00:00
Dr. Stephen Henson
4dde470865
Add tls12_sigalgs which somehow didn't get added to the backport.
2011-05-21 17:40:23 +00:00
Richard Levitte
ab08405984
LIBOBJ contained o_fips.c, now o_fips.o.
2011-05-21 09:17:54 +00:00
Dr. Stephen Henson
b81fde02aa
Add server client certificate support for TLS v1.2 . This is more complex
...
than client side as we need to keep the handshake record cache frozen when
it contains all the records need to process the certificate verify message.
(backport from HEAD).
2011-05-20 14:58:45 +00:00
Dr. Stephen Henson
57dd2ea808
add FIPS support to openssl utility (backport from HEAD)
2011-05-19 18:23:24 +00:00
Dr. Stephen Henson
7043fa702f
add FIPS support to ssl: doesn't do anything on this branch yet as there is no FIPS compilation support
2011-05-19 18:22:16 +00:00
Dr. Stephen Henson
f98d2e5cc1
Implement FIPS_mode and FIPS_mode_set
2011-05-19 18:19:07 +00:00
Dr. Stephen Henson
1a5538251f
update date
2011-05-19 17:56:12 +00:00
Dr. Stephen Henson
f4ddbb5ad1
inherit HMAC flags from MD_CTX
2011-05-19 17:38:57 +00:00
Dr. Stephen Henson
74bf705ea8
set encodedPoint to NULL after freeing it
2011-05-19 16:18:11 +00:00
Dr. Stephen Henson
676cd3a283
new flag to stop ENGINE methods being registered
2011-05-15 15:58:38 +00:00
Dr. Stephen Henson
c6ead3cdd3
Recognise and ignore no-ec-nistp224-64-gcc-128 (from HEAD).
2011-05-13 12:46:12 +00:00
Dr. Stephen Henson
2d53648ce7
typo
2011-05-13 12:44:37 +00:00
Dr. Stephen Henson
64ca6ac26b
Recognise NO_NISTP224-64-GCC-128
2011-05-13 12:38:02 +00:00
Dr. Stephen Henson
4fe4c00eca
Provisional support for TLS v1.2 client authentication: client side only.
...
Parse certificate request message and set digests appropriately.
Generate new TLS v1.2 format certificate verify message.
Keep handshake caches around for longer as they are needed for client auth.
2011-05-12 17:49:15 +00:00
Dr. Stephen Henson
376838a606
Process signature algorithms during TLS v1.2 client authentication.
...
Make sure message is long enough for signature algorithms.
(backport from HEAD).
2011-05-12 17:44:59 +00:00
Dr. Stephen Henson
d768a816aa
Ooops fix typo.
2011-05-12 13:59:04 +00:00
Dr. Stephen Henson
766e0cb7d1
SRP fixes from HEAD which weren't in 1.0.1-stable.
2011-05-12 13:46:40 +00:00
Dr. Stephen Henson
6a6b0c8b51
Add SSL_INTERN definition.
2011-05-12 13:12:49 +00:00
Dr. Stephen Henson
e24b01cc6f
Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have disabled by
...
default. If we don't do it this way, it screws up libeay.num.
(update from HEAD, original from levitte).
2011-05-12 13:10:27 +00:00
Dr. Stephen Henson
7f9ef5621a
Oops, add missing declaration.
2011-05-12 13:02:25 +00:00
Dr. Stephen Henson
d7fc9ffc51
Update ordinals.
2011-05-11 23:03:06 +00:00
Dr. Stephen Henson
39348038df
make kerberos work with OPENSSL_NO_SSL_INTERN
2011-05-11 22:52:34 +00:00
Dr. Stephen Henson
9472baae0d
Backport TLS v1.2 support from HEAD.
...
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
2011-05-11 13:37:52 +00:00
Dr. Stephen Henson
ae17b9ecd5
Typo.
2011-05-11 13:22:54 +00:00
Dr. Stephen Henson
74096890ba
Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN
...
all ssl related structures are opaque and internals cannot be directly
accessed. Many applications will need some modification to support this and
most likely some additional functions added to OpenSSL.
The advantage of this option is that any application supporting it will still
be binary compatible if SSL structures change.
(backport from HEAD).
2011-05-11 12:56:38 +00:00
Dr. Stephen Henson
889c2282a5
allow SHA384, SHA512 with DSA
2011-05-08 12:38:51 +00:00
Dr. Stephen Henson
dca30c44f5
no need to include memory.h
2011-04-30 23:38:05 +00:00
Dr. Stephen Henson
f2c358c6ce
check buffer is larger enough before overwriting
2011-04-06 18:06:54 +00:00
Dr. Stephen Henson
2ab42de1ec
PR: 2462
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS Retransmission Buffer Bug
2011-04-03 17:14:48 +00:00
Dr. Stephen Henson
ac2024ccbf
PR: 2458
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Don't change state when answering DTLS ClientHello.
2011-04-03 16:25:54 +00:00
Dr. Stephen Henson
93164a7d64
PR: 2457
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS fragment reassembly bug.
2011-04-03 15:48:32 +00:00
Richard Levitte
ecff2e5ce1
Corrections to the VMS build system.
...
Submitted by Steven M. Schweda <sms@antinode.info>
2011-03-25 16:21:08 +00:00
Dr. Stephen Henson
c9d630dab6
make some non-VMS builds work again
2011-03-25 15:07:18 +00:00
Richard Levitte
d135906dbc
For VMS, implement the possibility to choose 64-bit pointers with
...
different options:
"64" The build system will choose /POINTER_SIZE=64=ARGV if
the compiler supports it, otherwise /POINTER_SIZE=64.
"64=" The build system will force /POINTER_SIZE=64.
"64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.
2011-03-25 09:39:46 +00:00
Richard Levitte
9f427a52cb
make update (1.0.1-stable)
...
This meant a slight renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable. However, since there's been no release on
this branch yet, it should be harmless.
2011-03-23 00:06:04 +00:00
Richard Levitte
5a39d3a838
* util/mkdef.pl: Add crypto/o_str.h and crypto/o_time.h. Maybe some
...
more need to be added...
2011-03-22 23:54:15 +00:00
Richard Levitte
013f3d999f
* apps/makeapps.com: Add srp.
2011-03-20 17:34:06 +00:00
Richard Levitte
64d30d7adc
* apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV
...
with turning trapping back on.
* test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV
here.
* test/clean-test.com: A new script for cleaning up.
2011-03-20 14:01:49 +00:00
Richard Levitte
7062cb56a9
file clean_test.com was added on branch OpenSSL_1_0_1-stable on 2011-03-20 14:01:48 +0000
2011-03-20 14:01:18 +00:00
Richard Levitte
9d57828d66
* apps/openssl.c: For VMS, take care of copying argv if needed much earlier,
...
directly in main(). 'if needed' also includes when argv is a 32 bit
pointer in an otherwise 64 bit environment.
* apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional
=ARGV, but only if it's supported. Fortunately, DCL is very helpful
telling us in this case.
2011-03-20 13:15:37 +00:00
Richard Levitte
9ed8dee71b
A few more long symbols needing shortening.
2011-03-19 11:03:41 +00:00
Richard Levitte
4692b3345d
Keep file references in the VMS build files in the same order as they
...
are in the Unix Makefiles, and add SRP tests.
2011-03-19 10:46:21 +00:00
Richard Levitte
e59fb00735
SRP was introduced, add it for OpenVMS.
2011-03-19 09:55:35 +00:00
Richard Levitte
9275853084
A few more symbols that need shorter versions on OpenVMS.
2011-03-19 09:54:47 +00:00
Richard Levitte
0c81aa29f9
Change INSTALL.VMS to reflect the changes done on the build and
...
install scripts. This could need some more work.
2011-03-19 09:48:15 +00:00
Richard Levitte
01d2e27a2b
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 09:47:47 +00:00
Richard Levitte
dd7aadf7b2
file install-ssl.com was added on branch OpenSSL_1_0_1-stable on 2011-03-19 09:47:33 +0000
2011-03-19 09:44:39 +00:00
Richard Levitte
b2fdf501c5
file vms_rms.h was added on branch OpenSSL_1_0_1-stable on 2011-03-19 09:47:25 +0000
2011-03-19 09:44:30 +00:00