| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| | |
Conflicts:
apps/s_client.c
apps/s_server.c
|
| |
| |
| |
| | |
use of num_renegotiations in TLS and supp data generation callbacks
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| | |
| | |
| | |
| | |
| | | |
Conflicts:
ssl/s23_clnt.c
ssl/ssl_rsa.c
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
(cherry picked from commit 90e7f983b573c3f3c722a02db4491a1b1cd87e8c)
|
| | |
| | |
| | |
| | |
| | | |
Preliminary documentation for chain and verify stores and certificate chain
setting functions.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.
|
| | |
| | |
| | |
| | |
| | |
| | | |
Reported by: Prashant Jaikumar <rmstar@gmail.com>
Fix handling of application data received before a handshake.
|
| | |
| | |
| | |
| | |
| | |
| | | |
PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
|
| | |
| | |
| | |
| | |
| | | |
Add support for DH parameter generation using DSA methods including
FIPS 186-3.
|
| | |
| | |
| | |
| | | |
Make DHparams_dup work properly with X9.42 DH parameters.
|
| | | |
|
| | |
| | |
| | |
| | | |
Don't need to use temporary buffer if remaining length equals digest length.
|
| | |
| | |
| | |
| | |
| | | |
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
|
| | |
| | |
| | |
| | |
| | | |
Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
|
| | | |
|
| |/
|/| |
|
|/
|
|
|
|
| |
Force no SSL2 when custom extensions in use.
Don't clear extension state when cert is set.
Clear on renegotiate.
|
|
|
|
|
| |
Conflicts:
ssl/ssltest.c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.
[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00
Conflicts:
ssl/ssl3.h
ssl/t1_lib.c
|
|
|
|
|
|
|
| |
Update ecdsatest to use ECDSA_sign_setup and ECDSA_sign_ex, this
avoids the nonce generation which would otherwise break the test.
Reinstate ecdsatest.
|
|
|
|
| |
Disable ECDSA test temporarily: it is incompatible with ECDSA nonces.
|
|
|
|
| |
Add some ECDH CMS tests.
|
|
|
|
|
|
|
| |
Add a script to generate keys and certificates for the S/MIME and CMS
tests.
Update certificates and add EC examples.
|
| |
|