Dr. Stephen Henson
a523276786
Backport certificate status request TLS extension support to 0.9.8.
2007-10-12 00:00:36 +00:00
Bodo Möller
4ab0088bfe
More changes from HEAD:
...
- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME
now that ssl23_client_hello takes care of that
- fix buffer overrun checks in ssl_add_serverhello_tlsext()
2007-09-21 14:05:08 +00:00
Dr. Stephen Henson
3bd1690bfb
Fixes from HEAD.
2007-09-21 13:40:51 +00:00
Dr. Stephen Henson
c2079de880
Update from HEAD.
2007-08-28 01:12:44 +00:00
Dr. Stephen Henson
865a90eb4f
Backport of TLS extension code to OpenSSL 0.9.8.
...
Include server name and RFC4507bis support.
This is not compiled in by default and must be explicitly enabled with
the Configure option enable-tlsext
2007-08-12 18:59:03 +00:00
Bodo Möller
c3cc4662af
Add SEED encryption algorithm.
...
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:50:26 +00:00
Bodo Möller
bbfcc4724d
fix incorrect strength bit values for certain Kerberos ciphersuites
...
Submitted by: Victor Duchovni
2007-02-19 14:47:21 +00:00
Dr. Stephen Henson
4479ce9c1c
Update from HEAD.
2007-01-21 16:07:25 +00:00
Bodo Möller
aa17ab7e57
Put ECCdraft ciphersuites back into default build (but disabled
...
unless specifically requested)
2006-06-22 12:35:54 +00:00
Bodo Möller
35908bd040
Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)
2006-06-20 08:50:33 +00:00
Bodo Möller
0e73294e26
Disable invalid ciphersuites
2006-06-14 17:52:01 +00:00
Bodo Möller
e18eef3d7a
Camellia cipher, contributed by NTT
...
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:42:21 +00:00
Nils Larsch
82a2cb6f51
fix cipher list order
2006-01-15 07:14:38 +00:00
Bodo Möller
bc9320452c
update TLS-ECC code
...
Submitted by: Douglas Stebila
2005-12-13 07:41:47 +00:00
Dr. Stephen Henson
daa657fb78
Fix from HEAD.
2005-09-21 00:57:28 +00:00
Ben Laurie
801136bcc2
Fix warnings.
2005-08-27 12:05:23 +00:00
Nils Larsch
3c0e39c539
Keep cipher lists sorted in the source instead of sorting them at
...
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.
2005-08-25 07:43:04 +00:00
Nils Larsch
cf1546a60e
a ssl object needs it's own instance of a ecdh key; remove obsolete comment
2005-08-08 19:39:29 +00:00
Dr. Stephen Henson
222f224664
Initialize SSL_METHOD structures at compile time. This removes the need
...
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-08-05 23:52:08 +00:00
Nils Larsch
4913b88f70
make
...
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make all test
work again (+ make update)
PR: 1159
2005-07-16 11:13:10 +00:00
Richard Levitte
e2ac4732cd
pqueue and dtls uses 64-bit values. Unfortunately, OpenSSL doesn't
...
have a uniform representation for those over all architectures, so a
little bit of hackery is needed.
Contributed by nagendra modadugu <nagendra@cs.stanford.edu>
2005-05-30 22:34:28 +00:00
Bodo Möller
aa4ce7315f
Fix various incorrect error function codes.
...
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Ben Laurie
36d16f8ee0
Add DTLS support.
2005-04-26 16:02:40 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
0821bcd4de
Constification.
2005-03-30 10:26:02 +00:00
Geoff Thorpe
60a938c6bc
(oops) Apologies all, that last header-cleanup commit was from the wrong
...
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Richard Levitte
5fdf06666c
Avoid including cryptlib.h, it's not really needed.
...
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 16:10:30 +00:00
Geoff Thorpe
2754597013
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
...
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Richard Levitte
4579924b7e
Cleanse memory using the new OPENSSL_cleanse() function.
...
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Bodo Möller
259cdf2af9
Sun has agreed to removing the covenant language from most files.
...
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
2002-10-29 10:59:32 +00:00
Richard Levitte
28c8a911bd
Typos.
...
PR: 189
2002-10-15 20:30:56 +00:00
Richard Levitte
7ba3a4c3d2
RFC 2712 redefines the codes for use of Kerberos 5 in SSL/TLS.
...
PR: 189
2002-10-10 07:59:03 +00:00
Bodo Möller
b8565a9af9
really fix race conditions
...
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
PR: 291
2002-09-25 15:38:57 +00:00
Bodo Möller
ea26226046
ECC ciphersuite support
...
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
2002-08-09 08:56:08 +00:00
Lutz Jänicke
063a8905bf
Ciphers with NULL encryption were not properly handled because they were
...
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
2002-07-10 06:41:55 +00:00
Bodo Möller
82b0bf0b87
Implement known-IV countermeasure.
...
Fix length checks in ssl3_get_client_hello().
Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-04-13 22:47:20 +00:00
Bodo Möller
304d90425f
fix ssl3_pending
2002-03-15 10:52:32 +00:00
Lutz Jänicke
bfaa8a89e1
Add missing strength entries.
2002-03-14 18:53:15 +00:00
Bodo Möller
a661b65357
New functions SSL[_CTX]_set_msg_callback().
...
New macros SSL[_CTX]_set_msg_callback_arg().
Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).
New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.
In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).
Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Ben Laurie
1f3b65801b
Fix SSL memory leak.
2001-08-28 13:45:41 +00:00
Ben Laurie
dbad169019
Really add the EVP and all of the DES changes.
2001-07-30 23:57:25 +00:00
Richard Levitte
2a96235bf7
Include kssl_lcl.h where needed.
2001-07-11 21:11:40 +00:00
Richard Levitte
a5224c3420
Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu>
...
His comments are:
. adds use of replay cache to protect against replay attacks
. adds functions kssl_tgt_is_available() and
kssl_keytab_is_available() which are used within s3_lib.c
and ssl_lib.c to determine at runtime whether or not
KRB5 ciphers can be supported during the current session.
2001-07-11 19:03:58 +00:00
Dr. Stephen Henson
323f289c48
Change all calls to low level digest routines in the library and
...
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().
Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Bodo Möller
e34cfcf7e1
Consistently use 'void *' for SSL read, peek and write functions.
2001-03-09 10:09:20 +00:00
Richard Levitte
bc36ee6227
Use new-style system-id macros everywhere possible. I hope I haven't
...
missed any.
This compiles and runs on Linux, and external applications have no
problems with it. The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Lutz Jänicke
836f996010
New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override
...
the clients choice; in SSLv2 the client uses the server's preferences.
2001-02-09 19:56:31 +00:00
Dr. Stephen Henson
deb2c1a1c5
Fix AES code.
...
Update Rijndael source to v3.0
Add AES OIDs.
Change most references of Rijndael to AES.
Add new draft AES ciphersuites.
2001-02-07 18:15:18 +00:00
Ben Laurie
259810e05b
Rijdael CBC mode and partial undebugged SSL support.
2001-02-06 14:09:13 +00:00
Bodo Möller
a0aae68cf6
Fix SSL_peek and SSL_pending.
2000-12-25 18:40:46 +00:00