Commit Graph

1400 Commits

Author SHA1 Message Date
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Lutz Jänicke
11d01d371f Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f 2007-10-19 08:26:03 +00:00
Andy Polyakov
0d89e45690 Synchronize CHANGES between 0.9.8 and HEAD. 2007-10-13 10:55:30 +00:00
Dr. Stephen Henson
a6db6a0070 Update CHANGES. Keep ordinals consistent. 2007-10-12 00:15:09 +00:00
Andy Polyakov
0023adb47a Switch to bn-s390x (it's faster on keys longer than 512 bits) and mention
s390x assembler pack in CHANAGES.
2007-10-01 07:38:32 +00:00
Andy Polyakov
4c7c5ff667 ARMv4 assembler pack. 2007-09-27 07:09:46 +00:00
Dr. Stephen Henson
67c8e7f414 Support for certificate status TLS extension. 2007-09-26 21:56:59 +00:00
Bodo Möller
761772d7e1 Implement the Opaque PRF Input TLS extension
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way.  In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().

Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
2007-09-21 06:54:24 +00:00
Dr. Stephen Henson
a6fbcb4220 Change safestack reimplementation to match 0.9.8.
Fix additional gcc 4.2 value not used warnings.
2007-09-07 13:25:15 +00:00
Dr. Stephen Henson
81025661a9 Update ssl code to support digests other than MD5+SHA1 in handshake.
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
2007-08-31 12:42:53 +00:00
Dr. Stephen Henson
ec5d747328 Add Google sponsorship note. 2007-08-27 23:41:36 +00:00
Dr. Stephen Henson
ba0e826d83 Update from stable branch. 2007-08-23 22:59:09 +00:00
Dr. Stephen Henson
6434abbfc6 RFC4507 (including RFC4507bis) TLS stateless session resumption support
for OpenSSL.
2007-08-11 23:18:29 +00:00
Andy Polyakov
85a5668dba CHANGES update from 098-stable. 2007-06-20 17:46:43 +00:00
Dr. Stephen Henson
3c07d3a3d3 Finish gcc 4.2 changes. 2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
297e6f1917 Avoid use of function pointer casts in pem library. Modify safestack to
always use inline functions.
2007-06-04 17:53:04 +00:00
Dr. Stephen Henson
b948e2c59e Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. 2007-06-04 17:04:40 +00:00
Bodo Möller
19f6c524bf Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 2007-05-22 09:47:43 +00:00
Ben Laurie
69ab085290 More IGE speedup. 2007-05-13 15:14:38 +00:00
Ben Laurie
5f09d0ecc2 AES IGE mode speedup. 2007-05-13 12:57:59 +00:00
Bodo Möller
96afc1cfd5 Add SEED encryption algorithm.
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
9cfc8a9d5c Update smime utility to support streaming for -encrypt and -sign -nodetach
options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.

These all process content on the fly without storing it all in memory.
2007-04-13 01:06:41 +00:00
Dr. Stephen Henson
2022cfe07e New -mac and -macopt options to dgst utility. Reimplement -hmac option in
terms of new API.
2007-04-11 17:20:40 +00:00
Dr. Stephen Henson
47b71e6ee9 Update CHANGES. 2007-04-11 12:33:28 +00:00
Dr. Stephen Henson
d952c79a7b New -sigopt option for dgst utility. 2007-04-08 12:47:18 +00:00
Bodo Möller
b002265ee3 make BN_FLG_CONSTTIME semantics more fool-proof 2007-03-28 18:41:23 +00:00
Bodo Möller
bd31fb2145 Change to mitigate branch prediction attacks
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2007-03-28 00:15:28 +00:00
Bodo Möller
0f32c841a6 stricter session ID context matching 2007-03-21 14:33:16 +00:00
Bodo Möller
dd2b6750db include complete 0.9.7 history
include release date of 0.9.8e
2007-02-26 10:49:59 +00:00
Lutz Jänicke
8d72476e2b Extend SMTP and IMAP protocol handling to perform the required
EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
2007-02-21 18:20:41 +00:00
Dr. Stephen Henson
a2e623c011 Update from 0.9.7-stable. 2007-02-21 13:49:35 +00:00
Bodo Möller
fd5bc65cc8 Improve ciphersuite order stability when disabling ciphersuites.
Change ssl_create_cipher_list() to prefer ephemeral ECDH over
ephemeral DH.
2007-02-20 16:36:58 +00:00
Bodo Möller
0a05123a6c Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.

Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".
2007-02-19 18:41:41 +00:00
Bodo Möller
52b8dad8ec Reorganize the data used for SSL ciphersuite pattern matching.
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).

In some cases the ciphersuite list generated from a given string is
affected by this change.  I hope this is just in those cases where the
previous behaviour did not make sense.
2007-02-17 06:45:38 +00:00
Nils Larsch
357d5de5b9 add support for DSA with SHA2 2007-02-03 14:41:12 +00:00
Dr. Stephen Henson
11d8cdc6ad Experimental streaming PKCS#7 support.
I thought it was about time I dusted this off. This stuff had been sitting on
my hard drive for *ages* (2003 in fact). Hasn't been tested well and may not
work properly.

Nothing uses it at present which is just as well.

Think of this as a traditional Christmas present which looks far more
impressive in the adverts and on the box, some of the bits are missing and
falls to bits if you play with it too much.
2006-12-24 16:22:56 +00:00
Nils Larsch
fec38ca4ed fix typos
PR: 1354, 1355, 1398, 1408
2006-12-21 21:13:27 +00:00
Nils Larsch
06e2dd037e add support for ecdsa-with-sha256 etc. 2006-12-20 08:58:54 +00:00
Bodo Möller
772e3c07b4 Fix the BIT STRING encoding of EC points or parameter seeds
(need to prevent the removal of trailing zero bits).
2006-12-19 15:11:37 +00:00
Bodo Möller
1e24b3a09e fix support for receiving fragmented handshake messages 2006-11-29 14:45:50 +00:00
Ben Laurie
96ea4ae91c Add RFC 3779 support. 2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
de12116417 Initial, incomplete support for typesafe macros without using function
casts.
2006-11-16 00:19:39 +00:00
Andy Polyakov
3189772e07 Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even
recent mingw modifications.
2006-10-23 07:38:30 +00:00
Bodo Möller
3c5406b35c All 0.9.8d patches have been applied to HEAD now, so we no longer need
the redundant entries under the 0.9.9 heading.
2006-09-28 13:50:41 +00:00
Bodo Möller
61118caa86 include 0.9.8d and 0.9.7l information 2006-09-28 13:35:01 +00:00
Mark J. Cox
348be7ec60 Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]
2006-09-28 13:20:44 +00:00
Mark J. Cox
3ff55e9680 Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 13:18:43 +00:00
Dr. Stephen Henson
010fa0b331 Tidy up CRL handling by checking for critical extensions when it is
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.

Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
2006-09-21 12:42:15 +00:00
Dr. Stephen Henson
5d20c4fb35 Overhaul of by_dir code to handle dynamic loading of CRLs. 2006-09-17 17:16:28 +00:00