wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10672 commits 20 branches 302 tags 153 MiB
Commit graph

1185 commits

Author SHA1 Message Date
Dr. Stephen Henson
ffbfbef943 more vxworks patches 2011-10-14 22:04:14 +00:00
Bodo Möller
3ddc06f082 In ssl3_clear, preserve s3->init_extra along with s3->rbuf. 
Submitted by: Bob Buckholz <bbuckholz@google.com>
 2011-10-13 13:05:58 +00:00
Dr. Stephen Henson
eb47b2fb13 add GCM ciphers in SSL_library_init 2011-10-10 12:56:18 +00:00
Dr. Stephen Henson
a0f21307e0 disable GCM if not available 2011-10-10 12:41:11 +00:00
Dr. Stephen Henson
7d7c13cbab Don't disable TLS v1.2 by default now. 2011-10-09 23:26:39 +00:00
Dr. Stephen Henson
6dd547398a use client version when eliminating TLS v1.2 ciphersuites in client hello 2011-10-07 15:07:19 +00:00
Dr. Stephen Henson
fca38e350b fix signed/unsigned warning 2011-09-26 17:04:32 +00:00
Dr. Stephen Henson
d18a0df0a6 make sure eivlen is initialised 2011-09-24 23:06:20 +00:00
Dr. Stephen Henson
1d7392f219 PR: 2602 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting
 2011-09-23 13:34:48 +00:00
Bodo Möller
c519e89f5c Fix session handling. 2011-09-05 13:36:23 +00:00
Bodo Möller
612fcfbd29 Fix d2i_SSL_SESSION. 2011-09-05 13:31:17 +00:00
Bodo Möller
e7928282d0 (EC)DH memory handling fixes. 
Submitted by: Adam Langley
 2011-09-05 10:25:31 +00:00
Dr. Stephen Henson
d41ce00b8c PR: 2573 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS buffering and decryption bug.
 2011-09-01 14:02:23 +00:00
Andy Polyakov
c608171d9c Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. 2011-08-23 20:51:38 +00:00
Dr. Stephen Henson
1f59a84308 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA 
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
 2011-08-14 13:45:19 +00:00
Dr. Stephen Henson
28dd49faec Expand range of ctrls for AES GCM to support retrieval and setting of 
invocation field.

Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.
 2011-08-03 15:37:22 +00:00
Dr. Stephen Henson
31475a370c oops, remove debug option 2011-07-25 21:38:41 +00:00
Dr. Stephen Henson
d09677ac45 Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and 
prohibit use of these ciphersuites for TLS < 1.2
 2011-07-25 20:41:32 +00:00
Dr. Stephen Henson
0445ab3ae0 PR: 2555 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS sequence number bug
 2011-07-20 15:17:51 +00:00
Dr. Stephen Henson
bb48f4ce6e PR: 2550 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS HelloVerifyRequest Timer bug
 2011-07-20 15:14:24 +00:00
Andy Polyakov
146e1fc7b3 ssl/ssl_ciph.c: allow to switch to predefined "composite" cipher/mac 
combos that can be implemented as AEAD ciphers.
 2011-07-11 14:00:43 +00:00
Andy Polyakov
7532071aa3 ssl/t1_enc.c: initial support for AEAD ciphers. 2011-07-11 13:58:59 +00:00
Dr. Stephen Henson
861a7e5c9f PR: 2543 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Correctly handle errors in DTLSv1_handle_timeout()
 2011-06-22 15:30:14 +00:00
Dr. Stephen Henson
70051b1d88 set FIPS allow before initialising ctx 2011-06-14 15:25:21 +00:00
Dr. Stephen Henson
ca9335760b fix memory leak 2011-06-08 15:55:43 +00:00
Dr. Stephen Henson
1c13c122d8 Set SSL_FIPS flag in ECC ciphersuites. 2011-06-06 14:14:41 +00:00
Dr. Stephen Henson
4f8f8bf3a4 fix error discrepancy 2011-06-03 18:50:24 +00:00
Dr. Stephen Henson
654ac273c1 typo 2011-06-01 11:10:35 +00:00
Dr. Stephen Henson
8f119a0357 set FIPS permitted flag before initalising digest 2011-05-31 16:24:19 +00:00
Dr. Stephen Henson
1b2047c5c0 Don't round up partitioned premaster secret length if there is only one 
digest in use: this caused the PRF to fail for an odd premaster secret
length.
 2011-05-31 10:34:43 +00:00
Dr. Stephen Henson
eda3766b53 Output supported curves in preference order instead of numerically. 2011-05-30 17:58:13 +00:00
Dr. Stephen Henson
ebc5e72fe5 Don't advertise or use MD5 for TLS v1.2 in FIPS mode 2011-05-25 15:31:32 +00:00
Dr. Stephen Henson
3d52f1d52b PR: 2533 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes
the program to crash. This is due to missing version checks and is fixed with
this patch.
 2011-05-25 15:20:49 +00:00
Dr. Stephen Henson
fd60dfa0f2 PR: 2529 
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.
 2011-05-25 15:16:10 +00:00
Dr. Stephen Henson
bbcf3a9b30 Some nextproto patches broke DTLS: fix 2011-05-25 14:31:47 +00:00
Dr. Stephen Henson
006b54a8eb Oops use up to date patch for PR#2506 2011-05-25 14:30:20 +00:00
Dr. Stephen Henson
7832d6ab1c PR: 2506 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.
 2011-05-25 12:28:06 +00:00
Dr. Stephen Henson
ee4b5cebef PR: 2505 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.
 2011-05-25 12:25:01 +00:00
Dr. Stephen Henson
238b63613b use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS 2011-05-25 11:43:07 +00:00
Dr. Stephen Henson
f37f20ffd3 PR: 2295 
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
 2011-05-20 14:56:29 +00:00
Dr. Stephen Henson
086e32a6c7 Implement FIPS_mode and FIPS_mode_set 2011-05-19 18:09:02 +00:00
Dr. Stephen Henson
4f7533eb84 set encodedPoint to NULL after freeing it 2011-05-19 16:17:47 +00:00
Dr. Stephen Henson
855a54a9a5 Provisional support for TLS v1.2 client authentication: client side only. 
Parse certificate request message and set digests appropriately.

Generate new TLS v1.2 format certificate verify message.

Keep handshake caches around for longer as they are needed for client auth.
 2011-05-12 17:35:03 +00:00
Dr. Stephen Henson
8f82912460 Process signature algorithms during TLS v1.2 client authentication. 
Make sure message is long enough for signature algorithms.
 2011-05-12 14:38:01 +00:00
Dr. Stephen Henson
4f7a2ab8b1 make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:50:18 +00:00
Dr. Stephen Henson
fc101f88b6 Reorder signature algorithms in strongest hash first order. 2011-05-11 16:33:28 +00:00
Dr. Stephen Henson
a2f9200fba Initial TLS v1.2 client support. Include a default supported signature 
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.

Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
 2011-05-09 15:44:01 +00:00
Dr. Stephen Henson
6b7be581e5 Continuing TLS v1.2 support: add support for server parsing of 
signature algorithms extension and correct signature format for
server key exchange.

All ciphersuites should now work on the server but no client support and
no client certificate support yet.
 2011-05-06 13:00:07 +00:00
Dr. Stephen Henson
823df31be7 Disable SHA256 if not supported. 2011-05-01 15:36:16 +00:00
Dr. Stephen Henson
7409d7ad51 Initial incomplete TLS v1.2 support. New ciphersuites added, new version 
checking added, SHA256 PRF support added.

At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
 2011-04-29 22:56:51 +00:00