1. 21 2月, 2014 1 次提交
  2. 06 2月, 2014 3 次提交
  3. 28 1月, 2014 1 次提交
  4. 26 1月, 2014 1 次提交
  5. 09 1月, 2014 2 次提交
    • D
      use SSL_kDHE throughout instead of SSL_kEDH · 5a21cadb
      Daniel Kahn Gillmor 提交于
      DHE is the standard term used by the RFCs and by other TLS
      implementations.  It's useful to have the internal variables use the
      standard terminology.
      
      This patch leaves a synonym SSL_kEDH in place, though, so that older
      code can still be built against it, since that has been the
      traditional API.  SSL_kEDH should probably be deprecated at some
      point, though.
      5a21cadb
    • D
      use SSL_kECDHE throughout instead of SSL_kEECDH · 4082fea8
      Daniel Kahn Gillmor 提交于
      ECDHE is the standard term used by the RFCs and by other TLS
      implementations.  It's useful to have the internal variables use the
      standard terminology.
      
      This patch leaves a synonym SSL_kEECDH in place, though, so that older
      code can still be built against it, since that has been the
      traditional API.  SSL_kEECDH should probably be deprecated at some
      point, though.
      4082fea8
  6. 02 1月, 2014 1 次提交
  7. 18 11月, 2013 1 次提交
  8. 21 10月, 2013 2 次提交
    • N
      Fix another gmt_unix_time case in server_random · 2927791d
      Nick Mathewson 提交于
      2927791d
    • N
      Do not include a timestamp in the Client/ServerHello Random field. · 2016265d
      Nick Mathewson 提交于
      Instead, send random bytes, unless SSL_SEND_{CLIENT,SERVER}RANDOM_MODE
      is set.
      
      This is a forward-port of commits:
        4af793036f6ef4f0a1078e5d7155426a98d50e37
        f4c93b46edb51da71f09eda99e83eaf193a33c08
        3da721dac9382c48812c8eba455528fd59af2eef
        2583270191a8b27eed303c03ece1da97b9b69fd3
      
      While the gmt_unix_time record was added in an ostensible attempt to
      mitigate the dangers of a bad RNG, its presence leaks the host's view
      of the current time in the clear.  This minor leak can help
      fingerprint TLS instances across networks and protocols... and what's
      worse, it's doubtful thet the gmt_unix_time record does any good at
      all for its intended purpose, since:
      
          * It's quite possible to open two TLS connections in one second.
      
          * If the PRNG output is prone to repeat itself, ephemeral
            handshakes (and who knows what else besides) are broken.
      2016265d
  9. 06 9月, 2013 3 次提交
    • B
      More cleanup. · 5eda213e
      Ben Laurie 提交于
      5eda213e
    • B
      Make it build. · a6a48e87
      Ben Laurie 提交于
      a6a48e87
    • S
      Add callbacks supporting generation and retrieval of supplemental data... · 36086186
      Scott Deboy 提交于
      Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
      Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
      Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
      Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
      36086186
  10. 13 6月, 2013 1 次提交
  11. 09 4月, 2013 3 次提交
    • D
      Suite B support for DTLS 1.2 · 4544f0a6
      Dr. Stephen Henson 提交于
      Check for Suite B support using method flags instead of version numbers:
      anything supporting TLS 1.2 cipher suites will also support Suite B.
      
      Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
      4544f0a6
    • D
      Always return errors in ssl3_get_client_hello · c56f5b8e
      Dr. Stephen Henson 提交于
      If we successfully match a cookie don't set return value to 2 as this
      results in other error conditions returning 2 as well.
      
      Instead set return value to -2 which can be checked later if everything
      else is OK.
      c56f5b8e
    • D
      Dual DTLS version methods. · c6913eeb
      Dr. Stephen Henson 提交于
      Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
      pick the highest version the peer supports during negotiation.
      
      As with SSL/TLS options can change this behaviour specifically
      SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
      c6913eeb
  12. 18 3月, 2013 2 次提交
    • D
      Use enc_flags when deciding protocol variations. · cbd64894
      Dr. Stephen Henson 提交于
      Use the enc_flags field to determine whether we should use explicit IV,
      signature algorithms or SHA256 default PRF instead of hard coding which
      versions support each requirement.
      cbd64894
    • D
      DTLS revision. · 173e72e6
      Dr. Stephen Henson 提交于
      Revise DTLS code. There was a *lot* of code duplication in the
      DTLS code that generates records. This makes it harder to maintain and
      sometimes a TLS update is omitted by accident from the DTLS code.
      
      Specifically almost all of the record generation functions have code like
      this:
      
      some_pointer = buffer + HANDSHAKE_HEADER_LENGTH;
      ... Record creation stuff ...
      set_handshake_header(ssl, SSL_MT_SOMETHING, message_len);
      
      ...
      
      write_handshake_message(ssl);
      
      Where the "Record creation stuff" is identical between SSL/TLS and DTLS or
      in some cases has very minor differences.
      
      By adding a few fields to SSL3_ENC to include the header length, some flags
      and function pointers for handshake header setting and handshake writing the
      code can cope with both cases.
      
      Note: although this passes "make test" and some simple DTLS tests there may
      be some minor differences in the DTLS code that have to be accounted for.
      173e72e6
  13. 30 12月, 2012 1 次提交
  14. 26 11月, 2012 1 次提交
  15. 11 9月, 2012 1 次提交
  16. 15 8月, 2012 1 次提交
  17. 25 7月, 2012 1 次提交
  18. 20 7月, 2012 1 次提交
  19. 18 7月, 2012 1 次提交
  20. 29 6月, 2012 1 次提交
    • D
      Add certificate callback. If set this is called whenever a certificate · 18d71588
      Dr. Stephen Henson 提交于
      is required by client or server. An application can decide which
      certificate chain to present based on arbitrary criteria: for example
      supported signature algorithms. Add very simple example to s_server.
      This fixes many of the problems and restrictions of the existing client
      certificate callback: for example you can now clear existing certificates
      and specify the whole chain.
      18d71588
  21. 22 6月, 2012 1 次提交
  22. 06 6月, 2012 1 次提交
  23. 04 6月, 2012 1 次提交
  24. 30 5月, 2012 1 次提交
  25. 24 4月, 2012 3 次提交
  26. 16 4月, 2012 1 次提交
  27. 06 4月, 2012 1 次提交
  28. 05 4月, 2012 1 次提交
  29. 22 2月, 2012 1 次提交