| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Add patch missed from backport of SRP ciphersuite fix.
PR#3490
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
SRP ciphersuites do not have no authentication. They have authentication
based on SRP. Add new SRP authentication flag and cipher string.
(cherry picked from commit a86b88acc373ac1fb0ca709a5fb8a8fa74683f67)
|
|
Fix strength_bits to 112 for 3DES.
(cherry picked from commit 837c203719205ab19b5609b2df7151be8df05687)
|
|
When deciding whether to use TLS 1.2 PRF and record hash algorithms
use the version number in the corresponding SSL_METHOD structure
instead of the SSL structure. The SSL structure version is sometimes
inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449)
|
|
Enable PSK ciphersuites with AES or DES3 in FIPS mode.
(cherry picked from commit e0ffd129c16af90eb5e2ce54e57832c0046d1aaf)
|
|
|
|
|
|
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
|
|
Submitted by: PK <runningdoglackey@yahoo.com>
Correct ciphersuite signature algorithm definitions.
|
|
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)
Submitted by: Adam Langley
|
|
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Fix srp extension.
|
|
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
|
|
New function to retrieve compression method from SSL_SESSION structure.
Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.
|
|
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Remove unnecessary code for srp and to add some comments to
s_client.
- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable
- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
|
|
|
|
|
|
|
|
Submitted by: Bob Buckholz <bbuckholz@google.com>
|
|
Submitted by: Adam Langley
|
|
|
|
prohibit use of these ciphersuites for TLS < 1.2
|
|
|
|
interfere with DTLS
|
|
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
|
|
|
|
(only s->new_session).
|
|
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Support for abbreviated handshakes when renegotiating.
|
|
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org
Avoid potential doublefree and reuse of freed handshake_buffer.
|
|
Reviewed by: steve@openssl.org
Fix to match latest GOST in TLS draft.
|
|
|
|
|
|
test for them!
|
|
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.
This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
|
|
|
|
strength "FIPS" to represent all FIPS approved ciphersuites without NULL
encryption.
|
|
|
|
|
|
of handshake failure
2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).
3. Changes to EVP
- adding of function EVP_PKEY_CTX_get0_peerkey
- Make function EVP_PKEY_derive_set_peerkey work for context with
ENCRYPT operation, because we use peerkey field in the context to
pass non-ephemeral secret key to GOST encrypt operation.
- added EVP_PKEY_CTRL_SET_IV control command. It is really
GOST-specific, but it is used in SSL code, so it has to go
in some header file, available during libssl compilation
4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data
5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
make debugging output which depends on constants defined there, work
and other KSSL_DEBUG output fixes
6. Declaration of real GOST ciphersuites, two authentication methods
SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST
7. Implementation of these methods.
8. Support for sending unsolicited serverhello extension if GOST
ciphersuite is selected. It is require for interoperability with
CryptoPro CSP 3.0 and 3.6 and controlled by
SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
This constant is added to SSL_OP_ALL, because it does nothing, if
non-GOST ciphersuite is selected, and all implementation of GOST
include compatibility with CryptoPro.
9. Support for CertificateVerify message without length field. It is
another CryptoPro bug, but support is made unconditional, because it
does no harm for draft-conforming implementation.
10. In tls1_mac extra copy of stream mac context is no more done.
When I've written currently commited code I haven't read
EVP_DigestSignFinal manual carefully enough and haven't noticed that
it does an internal digest ctx copying.
This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
|
|
|
|
(which are pointless, but still might occur)
|
|
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way. In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().
Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
|
|
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
|
|
reuse the same tickets.
|
|
|
|
for OpenSSL.
|
|
|
|
|
|
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
|
|
Submitted by: ran@cryptocom.ru
Reviewed by: steve@openssl.org
|
