| Age | Commit message (Collapse) | Author |
|---|
|
invocation field.
Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.
|
|
|
|
digest in use: this caused the PRF to fail for an odd premaster secret
length.
|
|
|
|
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.
Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
|
|
checking added, SHA256 PRF support added.
At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
|
|
|
|
|
|
|
|
|
|
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson
Support for RFC5705 key extractor.
|
|
|
|
|
|
|
|
|
|
Submitted By: Artem Chuprina <ran@cryptocom.ru>
Check return values of HMAC in tls_P_hash and tls1_generate_key_block.
Although the previous version could in theory crash that would only happen if a
digest call failed. The standard software methods can never fail and only one
ENGINE currently uses digests and it is not compiled in by default.
|
|
|
|
|
|
|
|
|
|
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
|
|
test for them!
|
|
|
|
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
|
|
|
|
|
|
of handshake failure
2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).
3. Changes to EVP
- adding of function EVP_PKEY_CTX_get0_peerkey
- Make function EVP_PKEY_derive_set_peerkey work for context with
ENCRYPT operation, because we use peerkey field in the context to
pass non-ephemeral secret key to GOST encrypt operation.
- added EVP_PKEY_CTRL_SET_IV control command. It is really
GOST-specific, but it is used in SSL code, so it has to go
in some header file, available during libssl compilation
4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data
5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
make debugging output which depends on constants defined there, work
and other KSSL_DEBUG output fixes
6. Declaration of real GOST ciphersuites, two authentication methods
SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST
7. Implementation of these methods.
8. Support for sending unsolicited serverhello extension if GOST
ciphersuite is selected. It is require for interoperability with
CryptoPro CSP 3.0 and 3.6 and controlled by
SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
This constant is added to SSL_OP_ALL, because it does nothing, if
non-GOST ciphersuite is selected, and all implementation of GOST
include compatibility with CryptoPro.
9. Support for CertificateVerify message without length field. It is
another CryptoPro bug, but support is made unconditional, because it
does no harm for draft-conforming implementation.
10. In tls1_mac extra copy of stream mac context is no more done.
When I've written currently commited code I haven't read
EVP_DigestSignFinal manual carefully enough and haven't noticed that
it does an internal digest ctx copying.
This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
|
|
Submitted by: Alex Lam
|
|
|
|
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way. In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().
Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
|
|
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
|
|
|
|
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).
In some cases the ciphersuite list generated from a given string is
affected by this change. I hope this is just in those cases where the
previous behaviour did not make sense.
|
|
PR: 1490
|
|
|
|
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
|
|
For now, anyway.
|
|
|
|
Submitted by: Peter Sylvester
|
|
|
|
|
|
I've covered all the memset()s I felt safe modifying, but may have missed some.
|
|
|
|
des_old.h redefines crypt:
#define crypt(b,s)\
DES_crypt((b),(s))
This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
|
|
(but noone uses it anyway)
fix t1_enc.c: use OPENSSL_NO_RC4, not NO_RC4
|
|
vulnerability workaround (included in SSL_OP_ALL).
PR: #90
|
|
Fix length checks in ssl3_get_client_hello().
Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
|
|
("D. Russell" <russelld@aol.net>)
Allow HMAC functions to use an alternative ENGINE.
|
|
|
|
|
