summaryrefslogtreecommitdiffstats
path: root/ssl
AgeCommit message (Collapse)Author
2011-10-14more vxworks patchesDr. Stephen Henson
2011-10-13In ssl3_clear, preserve s3->init_extra along with s3->rbuf.Bodo Möller
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-10add GCM ciphers in SSL_library_initDr. Stephen Henson
2011-10-10disable GCM if not availableDr. Stephen Henson
2011-10-09Don't disable TLS v1.2 by default now.Dr. Stephen Henson
2011-10-07use client version when eliminating TLS v1.2 ciphersuites in client helloDr. Stephen Henson
2011-09-26fix signed/unsigned warningDr. Stephen Henson
2011-09-24make sure eivlen is initialisedDr. Stephen Henson
2011-09-23PR: 2602Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS bug which prevents manual MTU setting
2011-09-05Fix session handling.Bodo Möller
2011-09-05Fix d2i_SSL_SESSION.Bodo Möller
2011-09-05(EC)DH memory handling fixes.Bodo Möller
Submitted by: Adam Langley
2011-09-01PR: 2573Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug.
2011-08-23Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.Andy Polyakov
2011-08-14Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSADr. Stephen Henson
using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites.
2011-08-03Expand range of ctrls for AES GCM to support retrieval and setting ofDr. Stephen Henson
invocation field. Add complete support for AES GCM ciphersuites including all those in RFC5288 and RFC5289.
2011-07-25oops, remove debug optionDr. Stephen Henson
2011-07-25Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support andDr. Stephen Henson
prohibit use of these ciphersuites for TLS < 1.2
2011-07-20PR: 2555Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS sequence number bug
2011-07-20PR: 2550Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS HelloVerifyRequest Timer bug
2011-07-11ssl/ssl_ciph.c: allow to switch to predefined "composite" cipher/macAndy Polyakov
combos that can be implemented as AEAD ciphers.
2011-07-11ssl/t1_enc.c: initial support for AEAD ciphers.Andy Polyakov
2011-06-22PR: 2543Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Correctly handle errors in DTLSv1_handle_timeout()
2011-06-14set FIPS allow before initialising ctxDr. Stephen Henson
2011-06-08fix memory leakDr. Stephen Henson
2011-06-06Set SSL_FIPS flag in ECC ciphersuites.Dr. Stephen Henson
2011-06-03fix error discrepancyDr. Stephen Henson
2011-06-01typoDr. Stephen Henson
2011-05-31set FIPS permitted flag before initalising digestDr. Stephen Henson
2011-05-31Don't round up partitioned premaster secret length if there is only oneDr. Stephen Henson
digest in use: this caused the PRF to fail for an odd premaster secret length.
2011-05-30Output supported curves in preference order instead of numerically.Dr. Stephen Henson
2011-05-25Don't advertise or use MD5 for TLS v1.2 in FIPS modeDr. Stephen Henson
2011-05-25PR: 2533Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes the program to crash. This is due to missing version checks and is fixed with this patch.
2011-05-25PR: 2529Dr. Stephen Henson
Submitted by: Marcus Meissner <meissner@suse.de> Reviewed by: steve Call ssl_new() to reallocate SSL BIO internals if we want to replace the existing internal SSL structure.
2011-05-25Some nextproto patches broke DTLS: fixDr. Stephen Henson
2011-05-25Oops use up to date patch for PR#2506Dr. Stephen Henson
2011-05-25PR: 2506Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fully implement SSL_clear for DTLS.
2011-05-25PR: 2505Dr. Stephen Henson
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS session resumption timer bug.
2011-05-25use TLS1_get_version macro to check version so TLS v1.2 changes don't ↵Dr. Stephen Henson
interfere with DTLS
2011-05-20PR: 2295Dr. Stephen Henson
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com> Reviewed by: steve OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code elimination.
2011-05-19Implement FIPS_mode and FIPS_mode_setDr. Stephen Henson
2011-05-19set encodedPoint to NULL after freeing itDr. Stephen Henson
2011-05-12Provisional support for TLS v1.2 client authentication: client side only.Dr. Stephen Henson
Parse certificate request message and set digests appropriately. Generate new TLS v1.2 format certificate verify message. Keep handshake caches around for longer as they are needed for client auth.
2011-05-12Process signature algorithms during TLS v1.2 client authentication.Dr. Stephen Henson
Make sure message is long enough for signature algorithms.
2011-05-11make kerberos work with OPENSSL_NO_SSL_INTERNDr. Stephen Henson
2011-05-11Reorder signature algorithms in strongest hash first order.Dr. Stephen Henson
2011-05-09Initial TLS v1.2 client support. Include a default supported signatureDr. Stephen Henson
algorithms extension (including everything we support). Swicth to new signature format where needed and relax ECC restrictions. Not TLS v1.2 client certifcate support yet but client will handle case where a certificate is requested and we don't have one.
2011-05-06Continuing TLS v1.2 support: add support for server parsing ofDr. Stephen Henson
signature algorithms extension and correct signature format for server key exchange. All ciphersuites should now work on the server but no client support and no client certificate support yet.
2011-05-01Disable SHA256 if not supported.Dr. Stephen Henson
2011-04-29Initial incomplete TLS v1.2 support. New ciphersuites added, new versionDr. Stephen Henson
checking added, SHA256 PRF support added. At present only RSA key exchange ciphersuites work with TLS v1.2 as the new signature format is not yet implemented.
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-27 04:06:11 +0000