root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
10,409 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

217 Commits

Author SHA1 Message Date
Dr. Stephen Henson 1f59a84308 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA 
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
 2011-08-14 13:45:19 +00:00
Dr. Stephen Henson d09677ac45 Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and 
prohibit use of these ciphersuites for TLS < 1.2
 2011-07-25 20:41:32 +00:00
Dr. Stephen Henson 238b63613b use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS 2011-05-25 11:43:07 +00:00
Dr. Stephen Henson 086e32a6c7 Implement FIPS_mode and FIPS_mode_set 2011-05-19 18:09:02 +00:00
Dr. Stephen Henson a2f9200fba Initial TLS v1.2 client support. Include a default supported signature 
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.

Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
 2011-05-09 15:44:01 +00:00
Dr. Stephen Henson 6b7be581e5 Continuing TLS v1.2 support: add support for server parsing of 
signature algorithms extension and correct signature format for
server key exchange.

All ciphersuites should now work on the server but no client support and
no client certificate support yet.
 2011-05-06 13:00:07 +00:00
Dr. Stephen Henson 7409d7ad51 Initial incomplete TLS v1.2 support. New ciphersuites added, new version 
checking added, SHA256 PRF support added.

At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
 2011-04-29 22:56:51 +00:00
Dr. Stephen Henson 08557cf22c Initial "opaque SSL" framework. If an application defines 
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.

The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
 2011-04-29 22:37:12 +00:00
Ben Laurie edc032b5e3 Add SRP support. 2011-03-12 17:01:19 +00:00
Dr. Stephen Henson a3654f0586 Include openssl/crypto.h first in several other files so FIPS renaming 
is picked up.
 2011-02-16 17:25:01 +00:00
Dr. Stephen Henson b71f815f6b remove duplicate statement 2010-11-18 17:33:17 +00:00
Dr. Stephen Henson ac7797a722 oops, reinstate TLSv1 string 2010-11-17 18:17:08 +00:00
Ben Laurie bf48836c7c Fixes to NPN from Adam Langley. 2010-09-05 17:14:01 +00:00
Dr. Stephen Henson bdd5350804 PR: 1833 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix other cases not covered by original patch.
 2010-08-27 11:29:15 +00:00
Bodo Möller 7c2d4fee25 For better forward-security support, add functions 
SSL_[CTX_]set_not_resumable_session_callback.

Submitted by: Emilia Kasper (Google)

[A part of this change affecting ssl/s3_lib.c was accidentally commited
separately, together with a compilation fix for that file;
see s3_lib.c CVS revision 1.133 (http://cvs.openssl.org/chngview?cn=19855).]
 2010-08-26 15:15:47 +00:00
Dr. Stephen Henson 44959ee456 PR: 1833 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Support for abbreviated handshakes when renegotiating.
 2010-08-26 14:23:52 +00:00
Ben Laurie ee2ffc2794 Add Next Protocol Negotiation. 2010-07-28 10:06:55 +00:00
Ben Laurie c8bbd98a2b Fix warnings. 2010-06-12 14:13:23 +00:00
Dr. Stephen Henson 7512141162 OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved 2010-02-17 19:43:56 +00:00
Dr. Stephen Henson 423c66f10e Simplify RI+SCSV logic: 
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
 2010-01-07 19:04:52 +00:00
Dr. Stephen Henson 76998a71bc Updates to conform with draft-ietf-tls-renegotiation-03.txt: 
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
 2010-01-06 17:37:09 +00:00
Dr. Stephen Henson 73527122c9 Typo 2009-12-27 23:02:50 +00:00
Dr. Stephen Henson d68015764e Update RI to match latest spec. 
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
 2009-12-27 22:58:55 +00:00
Dr. Stephen Henson ef51b4b9b4 New option to enable/disable connection to unpatched servers 2009-12-16 20:25:59 +00:00
Dr. Stephen Henson a8640f0a7d Check s3 is not NULL 2009-12-09 15:03:44 +00:00
Dr. Stephen Henson 7661ccadf0 Add ctrls to clear options and mode. 
Change RI ctrl so it doesn't clash.
 2009-12-09 13:25:16 +00:00
Dr. Stephen Henson 5430200b8b Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:08 +00:00
Dr. Stephen Henson 13f6d57b1e Add support for magic cipher suite value (MCSV). Make secure renegotiation 
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
 2009-12-08 13:14:03 +00:00
Dr. Stephen Henson 637f374ad4 Initial experimental TLSv1.1 support 2009-12-07 13:31:02 +00:00
Dr. Stephen Henson 7f354fa42d Ooops... 2009-12-01 18:40:50 +00:00
Dr. Stephen Henson 6732e14278 check DSA_sign() return value properly 2009-12-01 18:39:33 +00:00
Dr. Stephen Henson 7c3908dd19 PR: 2073 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Don't access freed SSL_CTX in SSL_free().
 2009-10-16 13:41:39 +00:00
Dr. Stephen Henson ccf117510d Update from 1.0.0-stable. 2009-06-30 11:58:10 +00:00
Dr. Stephen Henson 48fd490c6d Update from 1.0.0-stable. 2009-05-16 11:16:43 +00:00
Dr. Stephen Henson 6f71e5ee6a Update from stable branch. 2009-05-13 16:38:51 +00:00
Dr. Stephen Henson b3f6fe919a Updates from 1.0.0 stable branch. 2009-04-29 14:13:22 +00:00
Dr. Stephen Henson ef236ec3b2 Merge from 1.0.0-stable branch. 2009-04-23 16:32:42 +00:00
Dr. Stephen Henson 8711efb498 Updates from 1.0.0-stable branch. 2009-04-20 11:33:12 +00:00
Dr. Stephen Henson 06ddf8eb08 Updates from 1.0.0-stable 2009-04-04 19:54:06 +00:00
Ben Laurie 7587347bc4 Fix memory leak. 2009-02-23 16:40:59 +00:00
Geoff Thorpe 6343829a39 Revert the size_t modifications from HEAD that had led to more 
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
 2008-11-12 03:58:08 +00:00
Dr. Stephen Henson c76fd290be Fix warnings about mismatched prototypes, undefined size_t and value computed 
not used.
 2008-11-02 12:50:48 +00:00
Ben Laurie babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Bodo Möller 474b3b1cc8 Fix error codes for memory-saving patch. 
Also, get rid of compile-time switch OPENSSL_NO_RELEASE_BUFFERS
because it was rather pointless (the new behavior has to be explicitly
requested by setting SSL_MODE_RELEASE_BUFFERS anyway).
 2008-08-04 22:10:38 +00:00
Dr. Stephen Henson 7555c9337f Update from stable branch. 2008-06-05 15:13:45 +00:00
Dr. Stephen Henson 0b44c26d78 Remove test fprintf. 2008-06-04 22:39:05 +00:00
Dr. Stephen Henson 4db9677bac Compilation option to use a specific ssl client auth engine automatically. 2008-06-04 22:34:38 +00:00
Ben Laurie 8671b89860 Memory saving patch. 2008-06-03 02:48:34 +00:00
Dr. Stephen Henson bdfe932dca Release engine reference when calling SSL_CTX_free(). 2008-06-01 23:06:48 +00:00
Ben Laurie 3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00