summaryrefslogtreecommitdiffstats
path: root/ssl
Commit message (Collapse)AuthorAgeFilesLines
* Initialize sigsize.Dr. Stephen Henson2007-12-141-1/+1
|
* Fix from stable branch.Dr. Stephen Henson2007-11-031-1/+4
|
* Fix duplicate error codes.Dr. Stephen Henson2007-10-262-16/+7
|
* 1. Changes for s_client.c to make it return non-zero exit code in caseDr. Stephen Henson2007-10-2610-35/+319
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | of handshake failure 2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH (required for s3_srvr to accept GOST client certificates). 3. Changes to EVP - adding of function EVP_PKEY_CTX_get0_peerkey - Make function EVP_PKEY_derive_set_peerkey work for context with ENCRYPT operation, because we use peerkey field in the context to pass non-ephemeral secret key to GOST encrypt operation. - added EVP_PKEY_CTRL_SET_IV control command. It is really GOST-specific, but it is used in SSL code, so it has to go in some header file, available during libssl compilation 4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data 5. Include des.h if KSSL_DEBUG is defined into some libssl files, to make debugging output which depends on constants defined there, work and other KSSL_DEBUG output fixes 6. Declaration of real GOST ciphersuites, two authentication methods SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST 7. Implementation of these methods. 8. Support for sending unsolicited serverhello extension if GOST ciphersuite is selected. It is require for interoperability with CryptoPro CSP 3.0 and 3.6 and controlled by SSL_OP_CRYPTOPRO_TLSEXT_BUG constant. This constant is added to SSL_OP_ALL, because it does nothing, if non-GOST ciphersuite is selected, and all implementation of GOST include compatibility with CryptoPro. 9. Support for CertificateVerify message without length field. It is another CryptoPro bug, but support is made unconditional, because it does no harm for draft-conforming implementation. 10. In tls1_mac extra copy of stream mac context is no more done. When I've written currently commited code I haven't read EVP_DigestSignFinal manual carefully enough and haven't noticed that it does an internal digest ctx copying. This implementation was tested against 1. CryptoPro CSP 3.6 client and server 2. Cryptopro CSP 3.0 server
* Fix from stable branch.Dr. Stephen Henson2007-10-181-0/+1
|
* Don't let DTLS ChangeCipherSpec increment handshake sequence number.Andy Polyakov2007-10-172-5/+4
| | | | PR: 1587
* Don't lookup zero length session ID.Dr. Stephen Henson2007-10-171-1/+3
| | | | PR: 1591
* Fix from stable branch.Dr. Stephen Henson2007-10-171-5/+8
|
* Make ssl compile [from 098-stable, bug is masked by default].Andy Polyakov2007-10-142-0/+2
|
* Fix warnings in d1_both.c [from 0.9.8-stable].Andy Polyakov2007-10-131-8/+8
|
* DTLS fixes from 0.9.8-stable.Andy Polyakov2007-10-133-303/+230
|
* Respect cookie length set by app_gen_cookie_cb.Andy Polyakov2007-10-091-2/+1
| | | | Submitted by: Alex Lam
* Make DTLS1 record layer MAC calculation RFC compliant.Andy Polyakov2007-10-091-6/+19
| | | | Submitted by: Alex Lam
* Prohibit RC4 in DTLS.Andy Polyakov2007-10-052-1/+22
|
* Off by one fix from stable branch.Dr. Stephen Henson2007-10-041-11/+11
|
* Oops! This was erroneously left out commit #16632.Andy Polyakov2007-10-011-1/+1
|
* Basic idea behind explicit IV is to make it unpredictable for attacker.Andy Polyakov2007-09-301-2/+9
| | | | | Until now it was xor between CBC residue and 1st block from last datagram, or in other words still predictable.
* Make ChangeCipherSpec compliant with DTLS RFC4347.Andy Polyakov2007-09-302-38/+28
|
* DTLS RFC4347 says HelloVerifyRequest resets Finished MAC.Andy Polyakov2007-09-302-2/+7
|
* DTLS RFC4347 requires client to use rame random field in reply toAndy Polyakov2007-09-301-6/+16
| | | | HelloVerifyRequest.
* Switch to RFC-compliant version encoding in DTLS.Andy Polyakov2007-09-304-17/+16
|
* Move no status notification to ssl_check_serverhello_tlsext() to ensureDr. Stephen Henson2007-09-281-29/+29
| | | | no status is notified even if no server extensions are present.
* Support for certificate status TLS extension.Dr. Stephen Henson2007-09-2612-6/+514
|
* Use accept flag for new session ticket write.Dr. Stephen Henson2007-09-231-2/+2
|
* properly handle length-zero opaque PRF input valuesBodo Möller2007-09-232-6/+20
| | | | (which are pointless, but still might occur)
* Implement the Opaque PRF Input TLS extensionBodo Möller2007-09-2112-89/+469
| | | | | | | | | (draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and bugfixes on the way. In particular, this fixes the buffer bounds checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext(). Note that the opaque PRF Input TLS extension is not compiled by default; see CHANGES.
* Fix indentation in d1_both.c.Andy Polyakov2007-09-191-558/+557
|
* Fix dependencies. Make depend.Ben Laurie2007-09-191-48/+50
|
* The other half of make errors.Ben Laurie2007-09-191-0/+1
|
* make errors.Ben Laurie2007-09-191-0/+1
|
* fix warningBodo Möller2007-09-191-1/+1
|
* Clean up error codes a bit.Bodo Möller2007-09-192-15/+12
| | | | (engines/ccgost/ remains utter chaos, though; "make errors" is not happy.)
* Update from stable branch.Dr. Stephen Henson2007-09-171-0/+5
|
* Change safestack reimplementation to match 0.9.8.Dr. Stephen Henson2007-09-074-5/+5
| | | | Fix additional gcc 4.2 value not used warnings.
* Fix warnings: computed value not use, incompatible pointer initializationDr. Stephen Henson2007-09-073-7/+9
| | | | and cast from pointer to int of different size (linux-x86_64 and align).
* Update ssl code to support digests other than MD5+SHA1 in handshake.Dr. Stephen Henson2007-08-3117-217/+414
| | | | Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
* Check return code when attempting to receive new session ticket message.Dr. Stephen Henson2007-08-311-0/+1
|
* Add ctrls to set and get RFC4507bis keys to enable several contexts toDr. Stephen Henson2007-08-284-0/+34
| | | | reuse the same tickets.
* Use SHA256 for ticket HMAC if possible.Dr. Stephen Henson2007-08-203-3/+8
|
* OPENSSL_NO_TLS1 WIN32 build support. Fix so normal build works again.Dr. Stephen Henson2007-08-121-97/+97
|
* Fix warning and make no-tlsext work.Dr. Stephen Henson2007-08-125-100/+107
|
* Typo.Dr. Stephen Henson2007-08-121-1/+1
|
* Fix warnings.Dr. Stephen Henson2007-08-121-1/+1
|
* Remove debugging fprintfs, fix typo.Dr. Stephen Henson2007-08-122-5/+1
|
* RFC4507 (including RFC4507bis) TLS stateless session resumption supportDr. Stephen Henson2007-08-1114-22/+604
| | | | for OpenSSL.
* Finish gcc 4.2 changes.Dr. Stephen Henson2007-06-072-8/+3
|
* Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.Dr. Stephen Henson2007-06-0417-65/+237
|
* fix function codes for errorBodo Möller2007-04-245-8/+14
|
* All ciphersuites should have a strength designator.Bodo Möller2007-04-241-10/+10
|
* Add SEED encryption algorithm.Bodo Möller2007-04-236-3/+136
| | | | | | PR: 1503 Submitted by: KISA Reviewed by: Bodo Moeller
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-09 23:33:03 +0000