aboutsummaryrefslogtreecommitdiffstats
path: root/ssl
Commit message (Collapse)AuthorAgeFilesLines
* add GCM ciphers in SSL_library_initDr. Stephen Henson2011-10-101-0/+2
|
* disable GCM if not availableDr. Stephen Henson2011-10-101-0/+2
|
* Don't disable TLS v1.2 by default now.Dr. Stephen Henson2011-10-091-2/+0
|
* use client version when eliminating TLS v1.2 ciphersuites in client helloDr. Stephen Henson2011-10-072-1/+4
|
* fix signed/unsigned warningDr. Stephen Henson2011-09-261-1/+1
|
* make sure eivlen is initialisedDr. Stephen Henson2011-09-241-0/+2
|
* PR: 2602Dr. Stephen Henson2011-09-234-6/+15
| | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS bug which prevents manual MTU setting
* Fix session handling.Bodo Möller2011-09-057-160/+266
|
* Fix d2i_SSL_SESSION.Bodo Möller2011-09-052-4/+19
|
* (EC)DH memory handling fixes.Bodo Möller2011-09-053-9/+22
| | | | Submitted by: Adam Langley
* PR: 2573Dr. Stephen Henson2011-09-011-9/+11
| | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug.
* Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.Andy Polyakov2011-08-231-0/+7
|
* Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSADr. Stephen Henson2011-08-141-19/+13
| | | | | | | using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites.
* Expand range of ctrls for AES GCM to support retrieval and setting ofDr. Stephen Henson2011-08-037-16/+440
| | | | | | | invocation field. Add complete support for AES GCM ciphersuites including all those in RFC5288 and RFC5289.
* oops, remove debug optionDr. Stephen Henson2011-07-251-2/+0
|
* Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support andDr. Stephen Henson2011-07-257-6/+203
| | | | prohibit use of these ciphersuites for TLS < 1.2
* PR: 2555Dr. Stephen Henson2011-07-201-0/+8
| | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS sequence number bug
* PR: 2550Dr. Stephen Henson2011-07-201-1/+0
| | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS HelloVerifyRequest Timer bug
* ssl/ssl_ciph.c: allow to switch to predefined "composite" cipher/macAndy Polyakov2011-07-111-1/+22
| | | | combos that can be implemented as AEAD ciphers.
* ssl/t1_enc.c: initial support for AEAD ciphers.Andy Polyakov2011-07-111-16/+65
|
* PR: 2543Dr. Stephen Henson2011-06-221-1/+1
| | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Correctly handle errors in DTLSv1_handle_timeout()
* set FIPS allow before initialising ctxDr. Stephen Henson2011-06-141-2/+2
|
* fix memory leakDr. Stephen Henson2011-06-081-0/+2
|
* Set SSL_FIPS flag in ECC ciphersuites.Dr. Stephen Henson2011-06-061-20/+20
|
* fix error discrepancyDr. Stephen Henson2011-06-031-1/+1
|
* typoDr. Stephen Henson2011-06-011-1/+1
|
* set FIPS permitted flag before initalising digestDr. Stephen Henson2011-05-311-1/+1
|
* Don't round up partitioned premaster secret length if there is only oneDr. Stephen Henson2011-05-311-0/+2
| | | | | digest in use: this caused the PRF to fail for an odd premaster secret length.
* Output supported curves in preference order instead of numerically.Dr. Stephen Henson2011-05-301-5/+38
|
* Don't advertise or use MD5 for TLS v1.2 in FIPS modeDr. Stephen Henson2011-05-251-2/+12
|
* PR: 2533Dr. Stephen Henson2011-05-251-2/+4
| | | | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes the program to crash. This is due to missing version checks and is fixed with this patch.
* PR: 2529Dr. Stephen Henson2011-05-251-0/+4
| | | | | | | | Submitted by: Marcus Meissner <meissner@suse.de> Reviewed by: steve Call ssl_new() to reallocate SSL BIO internals if we want to replace the existing internal SSL structure.
* Some nextproto patches broke DTLS: fixDr. Stephen Henson2011-05-251-4/+0
|
* Oops use up to date patch for PR#2506Dr. Stephen Henson2011-05-252-2/+16
|
* PR: 2506Dr. Stephen Henson2011-05-251-8/+44
| | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fully implement SSL_clear for DTLS.
* PR: 2505Dr. Stephen Henson2011-05-251-2/+4
| | | | | | | Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS session resumption timer bug.
* use TLS1_get_version macro to check version so TLS v1.2 changes don't ↵Dr. Stephen Henson2011-05-256-20/+22
| | | | interfere with DTLS
* PR: 2295Dr. Stephen Henson2011-05-205-8/+127
| | | | | | | | Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com> Reviewed by: steve OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code elimination.
* Implement FIPS_mode and FIPS_mode_setDr. Stephen Henson2011-05-199-1/+91
|
* set encodedPoint to NULL after freeing itDr. Stephen Henson2011-05-191-0/+1
|
* Provisional support for TLS v1.2 client authentication: client side only.Dr. Stephen Henson2011-05-121-5/+54
| | | | | | | | Parse certificate request message and set digests appropriately. Generate new TLS v1.2 format certificate verify message. Keep handshake caches around for longer as they are needed for client auth.
* Process signature algorithms during TLS v1.2 client authentication.Dr. Stephen Henson2011-05-125-11/+27
| | | | Make sure message is long enough for signature algorithms.
* make kerberos work with OPENSSL_NO_SSL_INTERNDr. Stephen Henson2011-05-112-0/+20
|
* Reorder signature algorithms in strongest hash first order.Dr. Stephen Henson2011-05-111-50/+52
|
* Initial TLS v1.2 client support. Include a default supported signatureDr. Stephen Henson2011-05-098-80/+185
| | | | | | | | algorithms extension (including everything we support). Swicth to new signature format where needed and relax ECC restrictions. Not TLS v1.2 client certifcate support yet but client will handle case where a certificate is requested and we don't have one.
* Continuing TLS v1.2 support: add support for server parsing ofDr. Stephen Henson2011-05-067-36/+275
| | | | | | | | signature algorithms extension and correct signature format for server key exchange. All ciphersuites should now work on the server but no client support and no client certificate support yet.
* Disable SHA256 if not supported.Dr. Stephen Henson2011-05-011-0/+1
|
* Initial incomplete TLS v1.2 support. New ciphersuites added, new versionDr. Stephen Henson2011-04-2918-29/+393
| | | | | | | checking added, SHA256 PRF support added. At present only RSA key exchange ciphersuites work with TLS v1.2 as the new signature format is not yet implemented.
* Initial "opaque SSL" framework. If an application definesDr. Stephen Henson2011-04-298-12/+109
| | | | | | | | | | OPENSSL_NO_SSL_INTERN all ssl related structures are opaque and internals cannot be directly accessed. Many applications will need some modification to support this and most likely some additional functions added to OpenSSL. The advantage of this option is that any application supporting it will still be binary compatible if SSL structures change.
* Reorder headers to get definitions before they are used.Dr. Stephen Henson2011-04-111-2/+4
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 19:29:54 +0000