generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
12,845 Commits 16 Branches 258 Tags
Commit Graph

100 Commits

Author SHA1 Message Date
Matt Caswell
35a1cc90bc More comment realignment 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:10 +00:00
Matt Caswell
50e735f9e5 Re-align some comments after running the reformat script. 
This should be a one off operation (subsequent invokation of the
script should not move them)

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:10 +00:00
Matt Caswell
739a5eee61 Rerun util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:10 +00:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:09 +00:00
Matt Caswell
dbd87ffc21 indent has problems with comments that are on the right hand side of a line. 
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:08 +00:00
Matt Caswell
e636e2acd7 Fix source where indent will not be able to cope 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:06 +00:00
Matt Caswell
3a83462dfe Further comment amendments to preserve formatting prior to source reformat 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-06 15:45:25 +00:00
Tim Hudson
1d97c84351 mark all block comments that need format preserving so that 
indent will not alter them when reformatting comments

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-30 22:10:26 +00:00
Jonas Maebe
fed5b55252 SSL_set_session: check for NULL after allocating s->kssl_ctx->client_princ 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-10 18:35:18 +01:00
Kurt Roeckx
45f55f6a5b Remove SSLv2 support 
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 11:55:03 +01:00
Emilia Kasper
d663df2399 Tighten session ticket handling 
Tighten client-side session ticket handling during renegotiation:
ensure that the client only accepts a session ticket if the server sends
the extension anew in the ServerHello. Previously, a TLS client would
reuse the old extension state and thus accept a session ticket if one was
announced in the initial ServerHello.

Reviewed-by: Bodo Moeller <bodo@openssl.org>
 2014-10-28 17:35:59 +01:00
Scott Deboy
36086186a9 Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) 
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
 2013-09-06 13:59:13 +01:00
Dr. Stephen Henson
c3b344e36a Provisional DTLS 1.2 support. 
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.

Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
 2013-03-26 15:16:41 +00:00
Ben Laurie
71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Ben Laurie
a9e1c50bb0 RFC 5878 support. 2012-05-30 10:10:58 +00:00
Dr. Stephen Henson
d0595f170c Initial revision of ECC extension handling. 
Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
 2012-03-28 15:05:04 +00:00
Dr. Stephen Henson
f9b0b45238 New ctrl values to clear or retrieve extra chain certs from an SSL_CTX. 
New function to retrieve compression method from SSL_SESSION structure.

Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.
 2011-12-22 15:14:32 +00:00
Bodo Möller
c519e89f5c Fix session handling. 2011-09-05 13:36:23 +00:00
Dr. Stephen Henson
7409d7ad51 Initial incomplete TLS v1.2 support. New ciphersuites added, new version 
checking added, SHA256 PRF support added.

At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
 2011-04-29 22:56:51 +00:00
Dr. Stephen Henson
08557cf22c Initial "opaque SSL" framework. If an application defines 
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.

The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
 2011-04-29 22:37:12 +00:00
Ben Laurie
edc032b5e3 Add SRP support. 2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
434745dc19 PR: 2160 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Make session tickets work with DTLS.
 2010-02-01 16:51:09 +00:00
Dr. Stephen Henson
637f374ad4 Initial experimental TLSv1.1 support 2009-12-07 13:31:02 +00:00
Dr. Stephen Henson
8711efb498 Updates from 1.0.0-stable branch. 2009-04-20 11:33:12 +00:00
Dr. Stephen Henson
12bf56c017 PR: 1574 
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.
 2008-11-15 17:18:12 +00:00
Dr. Stephen Henson
e8da6a1d0f Fix from stable branch. 2008-09-03 22:17:11 +00:00
Dr. Stephen Henson
d4cdbab99b Avoid warnings with -pedantic, specifically: 
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
 2008-07-04 23:12:52 +00:00
Dr. Stephen Henson
368888bcb6 Add client cert engine to SSL routines. 2008-06-01 22:33:24 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Dr. Stephen Henson
3d3bf9c730 Don't lookup zero length session ID. 
PR: 1591
 2007-10-17 17:31:57 +00:00
Dr. Stephen Henson
6434abbfc6 RFC4507 (including RFC4507bis) TLS stateless session resumption support 
for OpenSSL.
 2007-08-11 23:18:29 +00:00
Dr. Stephen Henson
3c07d3a3d3 Finish gcc 4.2 changes. 2007-06-07 13:14:42 +00:00
Bodo Möller
0f32c841a6 stricter session ID context matching 2007-03-21 14:33:16 +00:00
Nils Larsch
15780a1ea0 use user-supplied malloc functions for persistent kssl objects 
PR: 1467
Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>
 2007-02-10 10:42:48 +00:00
Dr. Stephen Henson
d137b56a5b Win32 fixes from stable branch. 2006-11-30 13:39:34 +00:00
Nils Larsch
7806f3dd4b replace macros with functions 
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
 2006-11-29 20:54:57 +00:00
Bodo Möller
332737217a Implement Supported Elliptic Curves Extension. 
Submitted by: Douglas Stebila
 2006-03-30 02:44:56 +00:00
Bodo Möller
b6acb8d0de udpate Supported Point Formats Extension code 
Submitted by: Douglas Stebila
 2006-03-13 01:24:38 +00:00
Bodo Möller
36ca4ba63d Implement the Supported Point Formats Extension for ECC ciphersuites 
Submitted by: Douglas Stebila
 2006-03-11 23:46:37 +00:00
Nils Larsch
ddac197404 add initial support for RFC 4279 PSK SSL ciphersuites 
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
 2006-03-10 23:06:27 +00:00
Bodo Möller
a13c20f603 Further TLS extension updates 
Submitted by: Peter Sylvester
 2006-01-09 19:49:05 +00:00
Bodo Möller
1aeb3da83f Fixes for TLS server_name extension 
Submitted by: Peter Sylvester
 2006-01-06 09:08:59 +00:00
Bodo Möller
f1fd4544a3 Various changes in the new TLS extension code, including the following: 
- fix indentation
 - rename some functions and macros
 - fix up confusion between SSL_ERROR_... and SSL_AD_... values
 2006-01-03 03:27:19 +00:00
Bodo Möller
ed3883d21b Support TLS extensions (specifically, HostName) 
Submitted by: Peter Sylvester
 2006-01-02 23:14:37 +00:00
Bodo Möller
7476f3ac3b Rewrite timeout computation in a way that is less prone to overflow. 
(Problem reported by Peter Sylvester.)
 2005-12-30 23:51:36 +00:00
Dr. Stephen Henson
7bbcb2f690 Avoid warnings on VC++ 2005. 2005-12-05 17:21:22 +00:00
Nils Larsch
4ebb342fcd Let the TLSv1_method() etc. functions return a const SSL_METHOD 
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
 2005-08-14 21:48:33 +00:00
Nils Larsch
7c7667b86b check return value of RAND_pseudo_bytes; backport from the stable branch 2005-04-29 20:10:06 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00
Ben Laurie
0821bcd4de Constification. 2005-03-30 10:26:02 +00:00