Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | add GCM ciphers in SSL_library_init | Dr. Stephen Henson | 2011-10-10 | 1 | -0/+2 |
| | |||||
* | disable GCM if not available | Dr. Stephen Henson | 2011-10-10 | 1 | -0/+2 |
| | |||||
* | Don't disable TLS v1.2 by default now. | Dr. Stephen Henson | 2011-10-09 | 1 | -2/+0 |
| | |||||
* | use client version when eliminating TLS v1.2 ciphersuites in client hello | Dr. Stephen Henson | 2011-10-07 | 2 | -1/+4 |
| | |||||
* | fix signed/unsigned warning | Dr. Stephen Henson | 2011-09-26 | 1 | -1/+1 |
| | |||||
* | make sure eivlen is initialised | Dr. Stephen Henson | 2011-09-24 | 1 | -0/+2 |
| | |||||
* | PR: 2602 | Dr. Stephen Henson | 2011-09-23 | 4 | -6/+15 |
| | | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS bug which prevents manual MTU setting | ||||
* | Fix session handling. | Bodo Möller | 2011-09-05 | 7 | -160/+266 |
| | |||||
* | Fix d2i_SSL_SESSION. | Bodo Möller | 2011-09-05 | 2 | -4/+19 |
| | |||||
* | (EC)DH memory handling fixes. | Bodo Möller | 2011-09-05 | 3 | -9/+22 |
| | | | | Submitted by: Adam Langley | ||||
* | PR: 2573 | Dr. Stephen Henson | 2011-09-01 | 1 | -9/+11 |
| | | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug. | ||||
* | Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. | Andy Polyakov | 2011-08-23 | 1 | -0/+7 |
| | |||||
* | Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA | Dr. Stephen Henson | 2011-08-14 | 1 | -19/+13 |
| | | | | | | | using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites. | ||||
* | Expand range of ctrls for AES GCM to support retrieval and setting of | Dr. Stephen Henson | 2011-08-03 | 7 | -16/+440 |
| | | | | | | | invocation field. Add complete support for AES GCM ciphersuites including all those in RFC5288 and RFC5289. | ||||
* | oops, remove debug option | Dr. Stephen Henson | 2011-07-25 | 1 | -2/+0 |
| | |||||
* | Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and | Dr. Stephen Henson | 2011-07-25 | 7 | -6/+203 |
| | | | | prohibit use of these ciphersuites for TLS < 1.2 | ||||
* | PR: 2555 | Dr. Stephen Henson | 2011-07-20 | 1 | -0/+8 |
| | | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS sequence number bug | ||||
* | PR: 2550 | Dr. Stephen Henson | 2011-07-20 | 1 | -1/+0 |
| | | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS HelloVerifyRequest Timer bug | ||||
* | ssl/ssl_ciph.c: allow to switch to predefined "composite" cipher/mac | Andy Polyakov | 2011-07-11 | 1 | -1/+22 |
| | | | | combos that can be implemented as AEAD ciphers. | ||||
* | ssl/t1_enc.c: initial support for AEAD ciphers. | Andy Polyakov | 2011-07-11 | 1 | -16/+65 |
| | |||||
* | PR: 2543 | Dr. Stephen Henson | 2011-06-22 | 1 | -1/+1 |
| | | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Correctly handle errors in DTLSv1_handle_timeout() | ||||
* | set FIPS allow before initialising ctx | Dr. Stephen Henson | 2011-06-14 | 1 | -2/+2 |
| | |||||
* | fix memory leak | Dr. Stephen Henson | 2011-06-08 | 1 | -0/+2 |
| | |||||
* | Set SSL_FIPS flag in ECC ciphersuites. | Dr. Stephen Henson | 2011-06-06 | 1 | -20/+20 |
| | |||||
* | fix error discrepancy | Dr. Stephen Henson | 2011-06-03 | 1 | -1/+1 |
| | |||||
* | typo | Dr. Stephen Henson | 2011-06-01 | 1 | -1/+1 |
| | |||||
* | set FIPS permitted flag before initalising digest | Dr. Stephen Henson | 2011-05-31 | 1 | -1/+1 |
| | |||||
* | Don't round up partitioned premaster secret length if there is only one | Dr. Stephen Henson | 2011-05-31 | 1 | -0/+2 |
| | | | | | digest in use: this caused the PRF to fail for an odd premaster secret length. | ||||
* | Output supported curves in preference order instead of numerically. | Dr. Stephen Henson | 2011-05-30 | 1 | -5/+38 |
| | |||||
* | Don't advertise or use MD5 for TLS v1.2 in FIPS mode | Dr. Stephen Henson | 2011-05-25 | 1 | -2/+12 |
| | |||||
* | PR: 2533 | Dr. Stephen Henson | 2011-05-25 | 1 | -2/+4 |
| | | | | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes the program to crash. This is due to missing version checks and is fixed with this patch. | ||||
* | PR: 2529 | Dr. Stephen Henson | 2011-05-25 | 1 | -0/+4 |
| | | | | | | | | Submitted by: Marcus Meissner <meissner@suse.de> Reviewed by: steve Call ssl_new() to reallocate SSL BIO internals if we want to replace the existing internal SSL structure. | ||||
* | Some nextproto patches broke DTLS: fix | Dr. Stephen Henson | 2011-05-25 | 1 | -4/+0 |
| | |||||
* | Oops use up to date patch for PR#2506 | Dr. Stephen Henson | 2011-05-25 | 2 | -2/+16 |
| | |||||
* | PR: 2506 | Dr. Stephen Henson | 2011-05-25 | 1 | -8/+44 |
| | | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fully implement SSL_clear for DTLS. | ||||
* | PR: 2505 | Dr. Stephen Henson | 2011-05-25 | 1 | -2/+4 |
| | | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS session resumption timer bug. | ||||
* | use TLS1_get_version macro to check version so TLS v1.2 changes don't ↵ | Dr. Stephen Henson | 2011-05-25 | 6 | -20/+22 |
| | | | | interfere with DTLS | ||||
* | PR: 2295 | Dr. Stephen Henson | 2011-05-20 | 5 | -8/+127 |
| | | | | | | | | Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com> Reviewed by: steve OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code elimination. | ||||
* | Implement FIPS_mode and FIPS_mode_set | Dr. Stephen Henson | 2011-05-19 | 9 | -1/+91 |
| | |||||
* | set encodedPoint to NULL after freeing it | Dr. Stephen Henson | 2011-05-19 | 1 | -0/+1 |
| | |||||
* | Provisional support for TLS v1.2 client authentication: client side only. | Dr. Stephen Henson | 2011-05-12 | 1 | -5/+54 |
| | | | | | | | | Parse certificate request message and set digests appropriately. Generate new TLS v1.2 format certificate verify message. Keep handshake caches around for longer as they are needed for client auth. | ||||
* | Process signature algorithms during TLS v1.2 client authentication. | Dr. Stephen Henson | 2011-05-12 | 5 | -11/+27 |
| | | | | Make sure message is long enough for signature algorithms. | ||||
* | make kerberos work with OPENSSL_NO_SSL_INTERN | Dr. Stephen Henson | 2011-05-11 | 2 | -0/+20 |
| | |||||
* | Reorder signature algorithms in strongest hash first order. | Dr. Stephen Henson | 2011-05-11 | 1 | -50/+52 |
| | |||||
* | Initial TLS v1.2 client support. Include a default supported signature | Dr. Stephen Henson | 2011-05-09 | 8 | -80/+185 |
| | | | | | | | | algorithms extension (including everything we support). Swicth to new signature format where needed and relax ECC restrictions. Not TLS v1.2 client certifcate support yet but client will handle case where a certificate is requested and we don't have one. | ||||
* | Continuing TLS v1.2 support: add support for server parsing of | Dr. Stephen Henson | 2011-05-06 | 7 | -36/+275 |
| | | | | | | | | signature algorithms extension and correct signature format for server key exchange. All ciphersuites should now work on the server but no client support and no client certificate support yet. | ||||
* | Disable SHA256 if not supported. | Dr. Stephen Henson | 2011-05-01 | 1 | -0/+1 |
| | |||||
* | Initial incomplete TLS v1.2 support. New ciphersuites added, new version | Dr. Stephen Henson | 2011-04-29 | 18 | -29/+393 |
| | | | | | | | checking added, SHA256 PRF support added. At present only RSA key exchange ciphersuites work with TLS v1.2 as the new signature format is not yet implemented. | ||||
* | Initial "opaque SSL" framework. If an application defines | Dr. Stephen Henson | 2011-04-29 | 8 | -12/+109 |
| | | | | | | | | | | OPENSSL_NO_SSL_INTERN all ssl related structures are opaque and internals cannot be directly accessed. Many applications will need some modification to support this and most likely some additional functions added to OpenSSL. The advantage of this option is that any application supporting it will still be binary compatible if SSL structures change. | ||||
* | Reorder headers to get definitions before they are used. | Dr. Stephen Henson | 2011-04-11 | 1 | -2/+4 |
| |