wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9887 commits 20 branches 302 tags 153 MiB
Commit graph

1188 commits

Author SHA1 Message Date
Ben Laurie
68b33cc5c7 Add Next Protocol Negotiation. 2011-11-13 21:55:42 +00:00
Ben Laurie
4c02cf8ecc make depend. 2011-11-13 20:23:34 +00:00
Ben Laurie
271daaf768 Fix one of the no-tlsext build errors (there are more). 2011-11-13 20:19:21 +00:00
Dr. Stephen Henson
efbb7ee432 PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
 2011-11-13 13:13:14 +00:00
Dr. Stephen Henson
5372f5f989 PR: 2628 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
 2011-10-27 13:06:43 +00:00
Dr. Stephen Henson
6d24c09a69 PR: 2628 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix for ECC keys and DTLS.
 2011-10-27 13:01:20 +00:00
Dr. Stephen Henson
1f713e0106 Use correct tag for SRP username. 2011-10-25 12:52:47 +00:00
Bodo Möller
f72c1a58cb In ssl3_clear, preserve s3->init_extra along with s3->rbuf. 
Submitted by: Bob Buckholz <bbuckholz@google.com>
 2011-10-13 13:05:35 +00:00
Dr. Stephen Henson
06afa6eb94 add GCM ciphers in SSL_library_init 2011-10-10 12:56:11 +00:00
Dr. Stephen Henson
58e4205d6c disable GCM if not available 2011-10-10 12:40:13 +00:00
Dr. Stephen Henson
6bd173fced Don't disable TLS v1.2 by default any more. 2011-10-09 23:28:25 +00:00
Dr. Stephen Henson
b08b158b44 use client version when eliminating TLS v1.2 ciphersuites in client hello 2011-10-07 15:07:36 +00:00
Dr. Stephen Henson
928bd9a149 fix signed/unsigned warning 2011-09-26 17:04:41 +00:00
Dr. Stephen Henson
e53113b8ac make sure eivlen is initialised 2011-09-24 23:06:35 +00:00
Dr. Stephen Henson
56f5ab43c2 PR: 2602 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting
 2011-09-23 13:35:05 +00:00
Bodo Möller
3c3f025923 Fix session handling. 2011-09-05 13:36:55 +00:00
Bodo Möller
5ff6e2dfbb Fix d2i_SSL_SESSION. 2011-09-05 13:31:07 +00:00
Bodo Möller
61ac68f9f6 (EC)DH memory handling fixes. 
Submitted by: Adam Langley
 2011-09-05 10:25:27 +00:00
Dr. Stephen Henson
ec5d74f868 PR: 2573 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS buffering and decryption bug.
 2011-09-01 14:02:14 +00:00
Andy Polyakov
84e7485bfb Add RC4-MD5 and AESNI-SHA1 "stitched" implementations [from HEAD]. 2011-08-23 20:53:34 +00:00
Dr. Stephen Henson
cf199fec52 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA 
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
 2011-08-14 13:47:30 +00:00
Dr. Stephen Henson
aed53d6c5a Backport GCM support from HEAD. 2011-08-04 11:13:28 +00:00
Dr. Stephen Henson
c8c6e9ecd9 Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and 
prohibit use of these ciphersuites for TLS < 1.2
 2011-07-25 21:45:17 +00:00
Andy Polyakov
90f3e4cf05 Back-port TLS AEAD framework [from HEAD]. 2011-07-21 19:22:57 +00:00
Dr. Stephen Henson
f1c8db9f8c PR: 2555 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS sequence number bug
 2011-07-20 15:17:42 +00:00
Dr. Stephen Henson
2c9abbd554 PR: 2550 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS HelloVerifyRequest Timer bug
 2011-07-20 15:13:43 +00:00
Dr. Stephen Henson
6abc406a69 PR: 2543 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Correctly handle errors in DTLSv1_handle_timeout()
 2011-06-22 15:30:04 +00:00
Dr. Stephen Henson
4bea454021 set FIPS allow before initialising ctx 2011-06-14 15:25:41 +00:00
Dr. Stephen Henson
8e2f3c1c83 fix memory leak 2011-06-08 15:55:57 +00:00
Dr. Stephen Henson
a6dc77822b Set SSL_FIPS flag in ECC ciphersuites. 2011-06-06 14:14:14 +00:00
Dr. Stephen Henson
f610a516a0 Backport from HEAD: 
New option to disable characteristic two fields in EC code.

Make no-ec2m work on Win32 build.
 2011-06-06 11:49:36 +00:00
Dr. Stephen Henson
7978dc989d fix error discrepancy 2011-06-03 18:50:49 +00:00
Dr. Stephen Henson
9ddc574f9a typo 2011-06-01 11:10:50 +00:00
Dr. Stephen Henson
2dd9e67874 set FIPS permitted flag before initalising digest 2011-05-31 16:24:06 +00:00
Dr. Stephen Henson
f93b03a5e6 Don't round up partitioned premaster secret length if there is only one 
digest in use: this caused the PRF to fail for an odd premaster secret
length.
 2011-05-31 10:35:22 +00:00
Dr. Stephen Henson
55a47cd30f Output supported curves in preference order instead of numerically. 2011-05-30 17:58:29 +00:00
Dr. Stephen Henson
9c34782478 Don't advertise or use MD5 for TLS v1.2 in FIPS mode 2011-05-25 15:33:29 +00:00
Dr. Stephen Henson
20e6d22709 PR: 2533 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes
the program to crash. This is due to missing version checks and is fixed with
this patch.
 2011-05-25 15:21:01 +00:00
Dr. Stephen Henson
24dd0c61ef PR: 2529 
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.
 2011-05-25 15:16:01 +00:00
Dr. Stephen Henson
4159ac43aa Oops use up to date patch for PR#2506 2011-05-25 14:30:05 +00:00
Dr. Stephen Henson
88530f6b76 PR: 2506 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.
 2011-05-25 12:28:16 +00:00
Dr. Stephen Henson
a8cb8177f6 PR: 2505 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.
 2011-05-25 12:24:43 +00:00
Dr. Stephen Henson
277f8a34f4 use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS 2011-05-25 11:43:17 +00:00
Dr. Stephen Henson
4dde470865 Add tls12_sigalgs which somehow didn't get added to the backport. 2011-05-21 17:40:23 +00:00
Dr. Stephen Henson
b81fde02aa Add server client certificate support for TLS v1.2 . This is more complex 
than client side as we need to keep the handshake record cache frozen when
it contains all the records need to process the certificate verify message.
(backport from HEAD).
 2011-05-20 14:58:45 +00:00
Dr. Stephen Henson
7043fa702f add FIPS support to ssl: doesn't do anything on this branch yet as there is no FIPS compilation support 2011-05-19 18:22:16 +00:00
Dr. Stephen Henson
74bf705ea8 set encodedPoint to NULL after freeing it 2011-05-19 16:18:11 +00:00
Dr. Stephen Henson
4fe4c00eca Provisional support for TLS v1.2 client authentication: client side only. 
Parse certificate request message and set digests appropriately.

Generate new TLS v1.2 format certificate verify message.

Keep handshake caches around for longer as they are needed for client auth.
 2011-05-12 17:49:15 +00:00
Dr. Stephen Henson
376838a606 Process signature algorithms during TLS v1.2 client authentication. 
Make sure message is long enough for signature algorithms.

(backport from HEAD).
 2011-05-12 17:44:59 +00:00
Dr. Stephen Henson
766e0cb7d1 SRP fixes from HEAD which weren't in 1.0.1-stable. 2011-05-12 13:46:40 +00:00