generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,022 Commits 16 Branches 258 Tags 86 MiB
a8314df902
Commit Graph

128 Commits

Author SHA1 Message Date
Dr. Stephen Henson
bd6941cfaa PR: 2658 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
 2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
e065e6cda2 PR: 2535 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Add SCTP support for DTLS (RFC 6083).
 2011-12-25 14:45:40 +00:00
Ben Laurie
e87afb1518 SSL export fixes (from Adam Langley). 2011-12-13 14:25:11 +00:00
Ben Laurie
1dc44d3130 Indent. 2011-11-24 16:51:15 +00:00
Dr. Stephen Henson
d7125d8d85 move internal functions to ssl_locl.h 2011-11-21 22:52:01 +00:00
Ben Laurie
b1d7429186 Add TLS exporter. 2011-11-15 23:51:22 +00:00
Ben Laurie
68b33cc5c7 Add Next Protocol Negotiation. 2011-11-13 21:55:42 +00:00
Dr. Stephen Henson
56f5ab43c2 PR: 2602 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting
 2011-09-23 13:35:05 +00:00
Dr. Stephen Henson
aed53d6c5a Backport GCM support from HEAD. 2011-08-04 11:13:28 +00:00
Dr. Stephen Henson
c8c6e9ecd9 Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and 
prohibit use of these ciphersuites for TLS < 1.2
 2011-07-25 21:45:17 +00:00
Dr. Stephen Henson
b81fde02aa Add server client certificate support for TLS v1.2 . This is more complex 
than client side as we need to keep the handshake record cache frozen when
it contains all the records need to process the certificate verify message.
(backport from HEAD).
 2011-05-20 14:58:45 +00:00
Dr. Stephen Henson
376838a606 Process signature algorithms during TLS v1.2 client authentication. 
Make sure message is long enough for signature algorithms.

(backport from HEAD).
 2011-05-12 17:44:59 +00:00
Dr. Stephen Henson
9472baae0d Backport TLS v1.2 support from HEAD. 
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
 2011-05-11 13:37:52 +00:00
Ben Laurie
a149b2466e Add SRP. 2011-03-16 11:26:40 +00:00
Dr. Stephen Henson
2eab92f8e3 make no-dsa work again 2011-03-10 18:27:13 +00:00
Dr. Stephen Henson
b4b15f68c0 Backport TLS v1.1 support from HEAD, ssl/ changes 2010-06-27 14:22:11 +00:00
Dr. Stephen Henson
593222afe1 PR: 2121 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.
 2009-12-08 11:38:18 +00:00
Dr. Stephen Henson
d5b8c46499 PR: 2115 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
 2009-12-01 17:41:42 +00:00
Dr. Stephen Henson
ec4346f6f9 oops, add missing prototypes 2009-11-09 18:58:50 +00:00
Dr. Stephen Henson
a4bade7aac PR: 1997 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.
 2009-08-12 13:21:26 +00:00
Dr. Stephen Henson
f99c9daa39 Make the stuff compile again, fix missing prototype warnings. 2009-05-16 11:14:55 +00:00
Dr. Stephen Henson
d6584eba8c PR: 1922 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Timer bug fix.
 2009-05-15 22:58:13 +00:00
Dr. Stephen Henson
c900a78c99 PR: 1828 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Updated DTLS Rentransmission bug patch.
 2009-04-15 14:49:36 +00:00
Dr. Stephen Henson
46ffb2dc97 PR #1828 reverted: state save/restore incompatible with 1.0.0-stable. 2009-04-14 15:29:34 +00:00
Dr. Stephen Henson
9fcbefebdb PR: 1828 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Update from 0.9.8-stable.
 2009-04-14 14:19:46 +00:00
Dr. Stephen Henson
c184b140df Update from 0.9.8-stable. 2009-04-07 16:30:32 +00:00
Lutz Jänicke
fceac0bc74 Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP 
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
 2009-01-05 14:43:05 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should 
test for them!
 2008-12-29 16:11:58 +00:00
Ben Laurie
6ba71a7173 Handle the unlikely event that BIO_get_mem_data() returns -ve. 2008-12-27 02:00:38 +00:00
Dr. Stephen Henson
e19106f5fb Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros 
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.

This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
 2008-10-22 15:43:01 +00:00
Dr. Stephen Henson
606f6c477a Fix a shed load or warnings: 
Duplicate const.
Use of ; outside function.
 2008-10-20 15:12:00 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Bodo Möller
96562f2fb3 update comment 2008-09-14 19:50:55 +00:00
Dr. Stephen Henson
3ad74edce8 Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new 
strength "FIPS" to represent all FIPS approved ciphersuites without NULL
encryption.
 2008-09-10 16:02:09 +00:00
Bodo Möller
474b3b1cc8 Fix error codes for memory-saving patch. 
Also, get rid of compile-time switch OPENSSL_NO_RELEASE_BUFFERS
because it was rather pointless (the new behavior has to be explicitly
requested by setting SSL_MODE_RELEASE_BUFFERS anyway).
 2008-08-04 22:10:38 +00:00
Dr. Stephen Henson
45d3767d28 Prevent signed/unsigned warning on VC++ 2008-06-03 10:17:45 +00:00
Ben Laurie
8671b89860 Memory saving patch. 2008-06-03 02:48:34 +00:00
Dr. Stephen Henson
368888bcb6 Add client cert engine to SSL routines. 2008-06-01 22:33:24 +00:00
Andy Polyakov
5d58f1bbfe Prohibit RC4 in DTLS. 2007-10-05 21:04:56 +00:00
Dr. Stephen Henson
67c8e7f414 Support for certificate status TLS extension. 2007-09-26 21:56:59 +00:00
Bodo Möller
761772d7e1 Implement the Opaque PRF Input TLS extension 
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way.  In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().

Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
 2007-09-21 06:54:24 +00:00
Dr. Stephen Henson
81025661a9 Update ssl code to support digests other than MD5+SHA1 in handshake. 
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
 2007-08-31 12:42:53 +00:00
Dr. Stephen Henson
956006b741 Use SHA256 for ticket HMAC if possible. 2007-08-20 12:35:20 +00:00
Dr. Stephen Henson
367eb1f125 Fix warning and make no-tlsext work. 2007-08-12 18:56:14 +00:00
Dr. Stephen Henson
6434abbfc6 RFC4507 (including RFC4507bis) TLS stateless session resumption support 
for OpenSSL.
 2007-08-11 23:18:29 +00:00
Dr. Stephen Henson
b948e2c59e Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. 2007-06-04 17:04:40 +00:00
Bodo Möller
96afc1cfd5 Add SEED encryption algorithm. 
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
 2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
9981a51e42 Stage 1 GOST ciphersuite support. 
Submitted by: ran@cryptocom.ru
Reviewed by: steve@openssl.org
 2007-03-23 17:04:05 +00:00
Bodo Möller
52b8dad8ec Reorganize the data used for SSL ciphersuite pattern matching. 
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).

In some cases the ciphersuite list generated from a given string is
affected by this change.  I hope this is just in those cases where the
previous behaviour did not make sense.
 2007-02-17 06:45:38 +00:00
Bodo Möller
ed3ecd801e Error messages for client ECC cert verification. 
Also, change the default ciphersuite to give some prefererence to
ciphersuites with forwared secrecy (rather than using a random order).
 2006-06-15 19:58:22 +00:00