wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10186 commits 20 branches 302 tags 153 MiB
Commit graph

1151 commits

Author SHA1 Message Date
Dr. Stephen Henson
bbcf3a9b30 Some nextproto patches broke DTLS: fix 2011-05-25 14:31:47 +00:00
Dr. Stephen Henson
006b54a8eb Oops use up to date patch for PR#2506 2011-05-25 14:30:20 +00:00
Dr. Stephen Henson
7832d6ab1c PR: 2506 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.
 2011-05-25 12:28:06 +00:00
Dr. Stephen Henson
ee4b5cebef PR: 2505 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.
 2011-05-25 12:25:01 +00:00
Dr. Stephen Henson
238b63613b use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS 2011-05-25 11:43:07 +00:00
Dr. Stephen Henson
f37f20ffd3 PR: 2295 
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
 2011-05-20 14:56:29 +00:00
Dr. Stephen Henson
086e32a6c7 Implement FIPS_mode and FIPS_mode_set 2011-05-19 18:09:02 +00:00
Dr. Stephen Henson
4f7533eb84 set encodedPoint to NULL after freeing it 2011-05-19 16:17:47 +00:00
Dr. Stephen Henson
855a54a9a5 Provisional support for TLS v1.2 client authentication: client side only. 
Parse certificate request message and set digests appropriately.

Generate new TLS v1.2 format certificate verify message.

Keep handshake caches around for longer as they are needed for client auth.
 2011-05-12 17:35:03 +00:00
Dr. Stephen Henson
8f82912460 Process signature algorithms during TLS v1.2 client authentication. 
Make sure message is long enough for signature algorithms.
 2011-05-12 14:38:01 +00:00
Dr. Stephen Henson
4f7a2ab8b1 make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:50:18 +00:00
Dr. Stephen Henson
fc101f88b6 Reorder signature algorithms in strongest hash first order. 2011-05-11 16:33:28 +00:00
Dr. Stephen Henson
a2f9200fba Initial TLS v1.2 client support. Include a default supported signature 
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.

Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
 2011-05-09 15:44:01 +00:00
Dr. Stephen Henson
6b7be581e5 Continuing TLS v1.2 support: add support for server parsing of 
signature algorithms extension and correct signature format for
server key exchange.

All ciphersuites should now work on the server but no client support and
no client certificate support yet.
 2011-05-06 13:00:07 +00:00
Dr. Stephen Henson
823df31be7 Disable SHA256 if not supported. 2011-05-01 15:36:16 +00:00
Dr. Stephen Henson
7409d7ad51 Initial incomplete TLS v1.2 support. New ciphersuites added, new version 
checking added, SHA256 PRF support added.

At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
 2011-04-29 22:56:51 +00:00
Dr. Stephen Henson
08557cf22c Initial "opaque SSL" framework. If an application defines 
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.

The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
 2011-04-29 22:37:12 +00:00
Dr. Stephen Henson
b93e331ba4 Reorder headers to get definitions before they are used. 2011-04-11 14:01:33 +00:00
Dr. Stephen Henson
4058861f69 PR: 2462 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug
 2011-04-03 17:14:35 +00:00
Dr. Stephen Henson
f74a0c0c93 PR: 2458 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Don't change state when answering DTLS ClientHello.
 2011-04-03 16:25:29 +00:00
Dr. Stephen Henson
6e28b60aa5 PR: 2457 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS fragment reassembly bug.
 2011-04-03 15:47:58 +00:00
Richard Levitte
3a660e7364 Corrections to the VMS build system. 
Submitted by Steven M. Schweda <sms@antinode.info>
 2011-03-25 16:20:35 +00:00
Richard Levitte
4ec3e8ca51 For VMS, implement the possibility to choose 64-bit pointers with 
different options:
"64"		The build system will choose /POINTER_SIZE=64=ARGV if
		the compiler supports it, otherwise /POINTER_SIZE=64.
"64="		The build system will force /POINTER_SIZE=64.
"64=ARGV"	The build system will force /POINTER_SIZE=64=ARGV.
 2011-03-25 09:40:48 +00:00
Richard Levitte
487b023f3d make update (1.1.0-dev) 
This meant alarger renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable and 1.0.1-stable.  However, since there's
been no release on this branch yet, it should be harmless.
 2011-03-23 00:11:32 +00:00
Richard Levitte
537c982306 After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS 
submitted by Steven M. Schweda <sms@antinode.info>
 2011-03-19 10:58:14 +00:00
Dr. Stephen Henson
23bc7961d2 Fix broken SRP error/function code assignment. 2011-03-16 16:17:46 +00:00
Dr. Stephen Henson
d70fcb96ac Fix warnings: signed/unisgned comparison, shadowing (in some cases global 
functions such as rand() ).
 2011-03-12 17:27:03 +00:00
Dr. Stephen Henson
5e374d2ee8 Remove redundant check to stop compiler warning. 2011-03-12 17:06:35 +00:00
Ben Laurie
edc032b5e3 Add SRP support. 2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
a3654f0586 Include openssl/crypto.h first in several other files so FIPS renaming 
is picked up.
 2011-02-16 17:25:01 +00:00
Dr. Stephen Henson
b331016124 New option to disable characteristic two fields in EC code. 2011-02-12 17:23:32 +00:00
Bodo Möller
9770924f9b OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) 
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
 2011-02-08 17:48:57 +00:00
Bodo Möller
e2b798c8b3 Assorted bugfixes: 
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check

Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
 2011-02-03 12:03:51 +00:00
Bodo Möller
88f2a4cf9c CVE-2010-4180 fix (from OpenSSL_1_0_0-stable) 2011-02-03 10:43:00 +00:00
Bodo Möller
9d0397e977 make update 2011-02-03 10:17:53 +00:00
Dr. Stephen Henson
9bafd8f7b3 FIPS_allow_md5() no longer exists and is no longer required 2011-01-26 12:23:58 +00:00
Dr. Stephen Henson
722521594c Don't use decryption_failed alert for TLS v1.1 or later. 2011-01-04 19:39:27 +00:00
Dr. Stephen Henson
a47577164c Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed 
alert.
 2011-01-04 19:34:20 +00:00
Richard Levitte
b7ef916c38 First attempt at adding the possibility to set the pointer size for the builds on VMS. 
PR: 2393
 2010-12-14 19:19:04 +00:00
Dr. Stephen Henson
d0205686bb PR: 2240 
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve

As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.
 2010-11-25 12:27:09 +00:00
Dr. Stephen Henson
290be870d6 using_ecc doesn't just apply to TLSv1 2010-11-25 11:51:31 +00:00
Dr. Stephen Henson
6f678c4081 oops, revert invalid change 2010-11-24 14:03:25 +00:00
Dr. Stephen Henson
e9be051f3a use generalise mac API for SSL key generation 2010-11-24 13:16:59 +00:00
Richard Levitte
ec44f0ebfa Taken from OpenSSL_1_0_0-stable: 
Include proper header files for time functions.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
 2010-11-22 18:25:04 +00:00
Dr. Stephen Henson
b71f815f6b remove duplicate statement 2010-11-18 17:33:17 +00:00
Dr. Stephen Henson
ac7797a722 oops, reinstate TLSv1 string 2010-11-17 18:17:08 +00:00
Dr. Stephen Henson
7d5686d355 Don't assume a decode error if session tlsext_ecpointformatlist is not NULL: it can be legitimately set elsewhere. 2010-11-17 17:37:23 +00:00
Dr. Stephen Henson
732d31beee bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files 2010-11-16 14:18:51 +00:00
Dr. Stephen Henson
e15320f652 Only use explicit IV if cipher is in CBC mode. 2010-11-14 17:47:45 +00:00
Dr. Stephen Henson
e827b58711 Get correct GOST private key instead of just assuming the last one is 
correct: this isn't always true if we have more than one certificate.
 2010-11-14 13:50:55 +00:00