| #
5516fcc0 |
| 28-Jun-2015 |
Dr. Stephen Henson |
Add RFC4785 ciphersuites
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
ea6114c6 |
| 28-Jun-2015 |
Dr. Stephen Henson |
Add RFC4279, RFC5487 and RFC5489 ciphersuites.
Note: some of the RFC4279 ciphersuites were originally part of PR#2464.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
8a0a12e5 |
| 28-Jun-2015 |
Dr. Stephen Henson |
PSK premaster secret derivation.
Move PSK premaster secret algorithm to ssl_generate_master secret so
existing key exchange code can be used and modified slightly to add
the PSK wrap
PSK premaster secret derivation.
Move PSK premaster secret algorithm to ssl_generate_master secret so
existing key exchange code can be used and modified slightly to add
the PSK wrapping structure.
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
| #
12053a81 |
| 28-Jun-2015 |
Dr. Stephen Henson |
PSK PRF correction.
For SHA384 PRF PSK ciphersuites we have to switch to default PRF for
TLS < 1.2
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
fe5eef3a |
| 28-Jun-2015 |
Dr. Stephen Henson |
Disable all PSK if no callback.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
57787ac8 |
| 20-Jul-2015 |
Matt Caswell |
Remove support for SSL3_FLAGS_DELAY_CLIENT_FINISHED
This flag was not set anywhere within the codebase (only read). It could
only be set by an app reaching directly into s->s3->flags and
Remove support for SSL3_FLAGS_DELAY_CLIENT_FINISHED
This flag was not set anywhere within the codebase (only read). It could
only be set by an app reaching directly into s->s3->flags and setting it
directly. However that method became impossible when libssl was opaquified.
Even in 1.0.2/1.0.1 if an app set the flag directly it is only relevant to
ssl3_connect(), which calls SSL_clear() during initialisation that clears
any flag settings. Therefore it could take effect if the app set the flag
after the handshake has started but before it completed. It seems quite
unlikely that any apps really do this (especially as it is completely
undocumented).
The purpose of the flag is suppress flushing of the write bio on the client
side at the end of the handshake after the client has written the Finished
message whilst resuming a session. This enables the client to send
application data as part of the same flight as the Finished message.
This flag also controls the setting of a second flag SSL3_FLAGS_POP_BUFFER.
There is an interesting comment in the code about this second flag in the
implementation of ssl3_write:
/* This is an experimental flag that sends the
* last handshake message in the same packet as the first
* use data - used to see if it helps the TCP protocol during
* session-id reuse */
It seems the experiment did not work because as far as I can tell nothing
is using this code. The above comment has been in the code since SSLeay.
This commit removes support for SSL3_FLAGS_DELAY_CLIENT_FINISHED, as well
as the associated SSL3_FLAGS_POP_BUFFER.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
57b272b0 |
| 17-Jun-2015 |
Dr. Stephen Henson |
Use single master secret generation function.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
547dba74 |
| 17-Jun-2015 |
Dr. Stephen Henson |
Add PSK GCM ciphersuites from RFC5487
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
c7238204 |
| 20-Jun-2015 |
Dr. Stephen Henson |
Avoid duplication.
We always free the handshake buffer when digests are freed so move
it into ssl_free_digest_list()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by:
Avoid duplication.
We always free the handshake buffer when digests are freed so move
it into ssl_free_digest_list()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
| #
389ebcec |
| 21-Jun-2015 |
Dr. Stephen Henson |
Remove SESS_CERT entirely.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
8d92c1f8 |
| 21-Jun-2015 |
Dr. Stephen Henson |
Remove peer temp keys from SESS_CERT
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
f6a10313 |
| 21-Jun-2015 |
Dr. Stephen Henson |
Revert "Avoid duplication."
This reverts commit d480e182fe20fcaeca7817a4693eeaf594bb1a32.
Commit broke TLS handshakes due to fragility of digest caching: that will be
fixed sepa
Revert "Avoid duplication."
This reverts commit d480e182fe20fcaeca7817a4693eeaf594bb1a32.
Commit broke TLS handshakes due to fragility of digest caching: that will be
fixed separately.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
d480e182 |
| 20-Jun-2015 |
Dr. Stephen Henson |
Avoid duplication.
We always free the handshake buffer when digests are freed so move
it into ssl_free_digest_list()
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
85fb6fda |
| 20-Jun-2015 |
Dr. Stephen Henson |
remove unnecessary NULL checks
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
bc9567cd |
| 20-Jun-2015 |
Dr. Stephen Henson |
typo: should be OPENSSL_free
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
13f8eb47 |
| 22-May-2015 |
Matt Caswell |
Remove export static DH ciphersuites
Remove support for the two export grade static DH ciphersuites. These two
ciphersuites were newly added (along with a number of other static DH
c
Remove export static DH ciphersuites
Remove support for the two export grade static DH ciphersuites. These two
ciphersuites were newly added (along with a number of other static DH
ciphersuites) to 1.0.2. However the two export ones have *never* worked
since they were introduced. It seems strange in any case to be adding new
export ciphersuites, and given "logjam" it also does not seem correct to
fix them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
e481f9b9 |
| 15-May-2015 |
Matt Caswell |
Remove support for OPENSSL_NO_TLSEXT
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSS
Remove support for OPENSSL_NO_TLSEXT
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
4d69f9e6 |
| 18-May-2015 |
Dr. Stephen Henson |
move masks out of CERT structure
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
6383d316 |
| 12-May-2015 |
Dr. Stephen Henson |
Move certificate validity flags out of CERT.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
d376e57d |
| 12-May-2015 |
Dr. Stephen Henson |
Move signing digest out of CERT.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
76106e60 |
| 12-May-2015 |
Dr. Stephen Henson |
CERT tidy
Move per-connection state out of the CERT structure: which should just be
for shared configuration data (e.g. certificates to use).
In particular move temporary premas
CERT tidy
Move per-connection state out of the CERT structure: which should just be
for shared configuration data (e.g. certificates to use).
In particular move temporary premaster secret, raw ciphers, peer signature
algorithms and shared signature algorithms.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
a3680c8f |
| 31-Mar-2015 |
Matt Caswell |
Version negotiation rewrite cleanup
Following the version negotiation rewrite all of the previous code that was
dedicated to version negotiation can now be deleted - all six source files
Version negotiation rewrite cleanup
Following the version negotiation rewrite all of the previous code that was
dedicated to version negotiation can now be deleted - all six source files
of it!!
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
show more ...
|
| #
32ec4153 |
| 27-Mar-2015 |
Matt Caswell |
Server side version negotiation rewrite
This commit changes the way that we do server side protocol version
negotiation. Previously we had a whole set of code that had an "up front"
Server side version negotiation rewrite
This commit changes the way that we do server side protocol version
negotiation. Previously we had a whole set of code that had an "up front"
state machine dedicated to the negotiating the protocol version. This adds
significant complexity to the state machine. Historically the justification
for doing this was the support of SSLv2 which works quite differently to
SSLv3+. However, we have now removed support for SSLv2 so there is little
reason to maintain this complexity.
The one slight difficulty is that, although we no longer support SSLv2, we
do still support an SSLv3+ ClientHello in an SSLv2 backward compatible
ClientHello format. This is generally only used by legacy clients. This
commit adds support within the SSLv3 code for these legacy format
ClientHellos.
Server side version negotiation now works in much the same was as DTLS,
i.e. we introduce the concept of TLS_ANY_VERSION. If s->version is set to
that then when a ClientHello is received it will work out the most
appropriate version to respond with. Also, SSLv23_method and
SSLv23_server_method have been replaced with TLS_method and
TLS_server_method respectively. The old SSLv23* names still exist as
macros pointing at the new name, although they are deprecated.
Subsequent commits will look at client side version negotiation, as well of
removal of the old s23* code.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
show more ...
|
| #
55a9a16f |
| 12-May-2015 |
Matt Caswell |
Remove Kerberos support from libssl
Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.
Reviewed-by: Rich
Remove Kerberos support from libssl
Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
6b43bbf0 |
| 12-May-2015 |
Dr. Stephen Henson |
Fix cipherlist order.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
