root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
7,950 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

810 Commits

Author SHA1 Message Date
Bodo Möller cb1bab1a04 All ciphersuites should have a strength designator. 2007-04-24 00:13:51 +00:00
Bodo Möller 96afc1cfd5 Add SEED encryption algorithm. 
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
 2007-04-23 23:48:59 +00:00
Ben Laurie fa9fed1c3a Don't use a negative number as a length. Coverity ID 57. 2007-04-05 16:28:48 +00:00
Dr. Stephen Henson 9981a51e42 Stage 1 GOST ciphersuite support. 
Submitted by: ran@cryptocom.ru
Reviewed by: steve@openssl.org
 2007-03-23 17:04:05 +00:00
Bodo Möller 0f32c841a6 stricter session ID context matching 2007-03-21 14:33:16 +00:00
Bodo Möller 882d29dd87 Fix incorrect substitution that happened during the recent ciphersuite 
selection remodeling

Submitted by: Victor Duchovni
 2007-02-22 21:31:19 +00:00
Bodo Möller aa79dd6895 prefer SHA1 over MD5 (this affects the Kerberos ciphersuites) 2007-02-21 09:33:14 +00:00
Bodo Möller 60cad2caed delete obsolete comment 2007-02-21 09:32:17 +00:00
Bodo Möller 114c9c36b1 SSL_kKRB5 ciphersuites shouldn't be preferred by default 2007-02-20 16:39:58 +00:00
Bodo Möller fd5bc65cc8 Improve ciphersuite order stability when disabling ciphersuites. 
Change ssl_create_cipher_list() to prefer ephemeral ECDH over
ephemeral DH.
 2007-02-20 16:36:58 +00:00
Bodo Möller e041863905 fix a typo in the new ciphersuite ordering code 2007-02-20 13:25:36 +00:00
Bodo Möller 0a05123a6c Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a 
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.

Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".
 2007-02-19 18:41:41 +00:00
Bodo Möller 2afe316721 fix warnings for CIPHER_DEBUG builds 2007-02-19 16:59:13 +00:00
Bodo Möller 7e69565fe6 fix warnings/inconsistencies caused by the recent changes to the 
ciphersuite selection code in HEAD

Submitted by: Victor Duchovni
 2007-02-19 14:53:18 +00:00
Bodo Möller ccae144d62 fix incorrect strength bit values for certain Kerberos ciphersuites 
Submitted by: Victor Duchovni
 2007-02-19 14:49:12 +00:00
Bodo Möller 52b8dad8ec Reorganize the data used for SSL ciphersuite pattern matching. 
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).

In some cases the ciphersuite list generated from a given string is
affected by this change.  I hope this is just in those cases where the
previous behaviour did not make sense.
 2007-02-17 06:45:38 +00:00
Nils Larsch cc684e330b ensure that the EVP_CIPHER_CTX object is initialized 
PR: 1490
 2007-02-16 20:34:15 +00:00
Nils Larsch 15780a1ea0 use user-supplied malloc functions for persistent kssl objects 
PR: 1467
Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>
 2007-02-10 10:42:48 +00:00
Nils Larsch feaaf1dbea ensure that a ec key is used 
PR: 1476
 2007-02-07 20:28:19 +00:00
Dr. Stephen Henson 42182852f5 Constify version strings is ssl lib. 2007-01-21 16:06:05 +00:00
Nils Larsch 39d764ed58 remove undefined constant 2007-01-03 20:00:32 +00:00
Nils Larsch fec38ca4ed fix typos 
PR: 1354, 1355, 1398, 1408
 2006-12-21 21:13:27 +00:00
Dr. Stephen Henson d137b56a5b Win32 fixes from stable branch. 2006-11-30 13:39:34 +00:00
Nils Larsch 7806f3dd4b replace macros with functions 
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
 2006-11-29 20:54:57 +00:00
Bodo Möller 1e24b3a09e fix support for receiving fragmented handshake messages 2006-11-29 14:45:50 +00:00
Dr. Stephen Henson 47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Nils Larsch 1611b9ed80 remove SSLEAY_MACROS code 2006-11-06 19:53:39 +00:00
Andy Polyakov a4d64c7f49 Align data payload for better performance. 2006-10-20 11:26:00 +00:00
Mark J. Cox 3ff55e9680 Fix buffer overflow in SSL_get_shared_ciphers() function. 
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
 2006-09-28 13:18:43 +00:00
Richard Levitte cbb92dfaf0 Fixes for the following claims: 
1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336
 2006-09-28 12:22:58 +00:00
Dr. Stephen Henson 89c9c66736 Submitted by: Brad Spencer <spencer@jacknife.org> 
Reviewed by: steve
 2006-09-23 17:29:49 +00:00
Bodo Möller ed65f7dc34 ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 
ciphersuite as well
 2006-09-11 09:49:03 +00:00
Ben Laurie 777c47acbe Make things static that should be. Declare stuff in headers that should be. 
Fix warnings.
 2006-08-28 17:01:04 +00:00
Bodo Möller ed3ecd801e Error messages for client ECC cert verification. 
Also, change the default ciphersuite to give some prefererence to
ciphersuites with forwared secrecy (rather than using a random order).
 2006-06-15 19:58:22 +00:00
Bodo Möller 076944d920 Fix algorithm handling for ECC ciphersuites: Adapt to recent changes, 
and allow more general RSA OIDs for ECC certs with RSA CA sig.
 2006-06-15 18:28:00 +00:00
Bodo Möller 09e20e0bd8 Fix another new bug in the cipherstring logic. 2006-06-15 17:17:06 +00:00
Bodo Möller a717831da4 Fix another bug introduced yesterday when deleting Fortezza stuff: 
make sure 'mask' is initialized in ssl_cipher_get_disabled().

Also simplify code by removing some unused arguments in static functions.
 2006-06-15 16:54:20 +00:00
Bodo Möller 4dfc8f1f0b Oops ... deleted too much in the previous commit when I deleted 
the Fortezza stuff
 2006-06-15 16:07:10 +00:00
Bodo Möller 5b57fe0a1e Disable invalid ciphersuites 2006-06-14 17:51:46 +00:00
Bodo Möller 89bbe14c50 Ciphersuite string bugfixes, and ECC-related (re-)definitions. 2006-06-14 17:40:31 +00:00
Bodo Möller 6635b48cd1 Make sure that AES ciphersuites get priority over Camellia 
ciphersuites in the default cipher string.
 2006-06-14 13:58:48 +00:00
Bodo Möller 675f605d44 Thread-safety fixes 2006-06-14 08:55:23 +00:00
Bodo Möller f3dea9a595 Camellia cipher, contributed by NTT 
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
 2006-06-09 15:44:59 +00:00
Richard Levitte 4d4e08ec1c Use a new signed int ii instead of j (which is unsigned) to handle the 
return value from sk_SSL_CIPHER_find().
 2006-05-28 19:44:27 +00:00
Dr. Stephen Henson 6657b9c73a Fix warnings. 2006-05-26 13:27:58 +00:00
Richard Levitte 7e76e56387 Someone made a mistake, and some function and reason codes got 
duplicate numbers.  Renumbering.
 2006-05-12 15:27:52 +00:00
Dr. Stephen Henson 5cda6c4582 Fix from stable branch. 2006-05-07 12:30:37 +00:00
Dr. Stephen Henson c20276e4ae Fix (most) WIN32 warnings and errors. 2006-04-17 12:08:22 +00:00
Dr. Stephen Henson ba1ba5f0fb If cipher list contains a match for an explicit ciphersuite only match that 
one suite.
 2006-04-15 00:22:05 +00:00
Dr. Stephen Henson 8795d38906 Update dependencies. 2006-04-08 13:04:31 +00:00