summaryrefslogtreecommitdiff
path: root/lib/libssl
AgeCommit message (Expand)Author
2018-12-07Remove an ugly hack in the client certificate verification code that worksTheo Buehler
2018-12-03Send SSL_AD_DECODE alerts in the case of a bad hello request or anTheo Buehler
2018-11-29Refactor a tangle in ssl3_send_client_verify() into one function for eachTheo Buehler
2018-11-21Fix DTLS transcript handling for HelloVerifyRequest.Joel Sing
2018-11-19Revert previous - DTLSv1 uses MD5+SHA1 for RSA signature verification.Joel Sing
2018-11-19Revert previous - the default sigalg for RSA key exchange is {sha1,rsa}.Joel Sing
2018-11-17Fix DTLS, because DTLS still remains a special flower, allows regress to passBob Beck
2018-11-16revert previousBob Beck
2018-11-16Fix DTLS. Because the DTLS code is strange. I am really coming around toBob Beck
2018-11-16Unbreak legacy ciphers for prior to 1.1 by setting having a legacyBob Beck
2018-11-14Fix wrong sizeof argument by using 'uint16_t *', with minor nit from tb@,Ricardo Mestre
2018-11-14In TLS1.2 we use evp_sha1 if we fall back this far, not evp_md5_sha1 as in 1.1Bob Beck
2018-11-13Temporary workaround for breakage seen in www.videolan.org with curve mismatchBob Beck
2018-11-13NULL out mdctx to prevent possible double free introduced in version 1.4Bob Beck
2018-11-13Fix pkey_ok to be less strange, and add cuve checks required for the EC onesBob Beck
2018-11-11Add check function to verify that pkey is usable with a sigalg.Bob Beck
2018-11-11quiet warning on other compilersBrent Cook
2018-11-11bump minors after symbol addition.Theo Buehler
2018-11-11Add SSL_set1_host(), a thin wrapper around X509_VERIFY_PARAM_set1_host().Theo Buehler
2018-11-11Nuke trailing whitespaceBob Beck
2018-11-11Free the server tls transcript in case session reuse did not work.Alexander Bluhm
2018-11-11Add support for RSA PSS algorithims being used in sigalgs.Bob Beck
2018-11-11Convert signatures and verifcation to use the EVP_DigestXXX apiBob Beck
2018-11-10Remove dead codeBob Beck
2018-11-10Tweak and improve the TLSv1.3 state machine.Joel Sing
2018-11-10Avoid a double allocation and memory leak.Joel Sing
2018-11-10Stop keeping track of sigalgs by guessing it from digest and pkey,Bob Beck
2018-11-10Use TLS13_HS_{CLIENT,SERVER} instead of using a redundant _SEND{,S}.Theo Buehler
2018-11-10Fix last of the empty hash nonsenseBob Beck
2018-11-09Fix the TLSv1.3 key schedule implementation.Joel Sing
2018-11-09Use "send" and "recv" consistently instead of mixing them with "read"Theo Buehler
2018-11-09Ensure we free the handshake transcript upon session resumption.Joel Sing
2018-11-09Ensure we only choose sigalgs from our prefernce list, not the whole listBob Beck
2018-11-09Add the ability to have a separate priority list for sigalgs.Bob Beck
2018-11-09Correct defines for writer tests in connect/accept loops.Joel Sing
2018-11-09Correct function naming for tls13_handshake_advance_state_machine().Joel Sing
2018-11-09Avoid leak: free existing SRTP connection profiles beforeTheo Buehler
2018-11-09Add header guards and hidden declarations.Joel Sing
2018-11-09Add header guards and hidden declarations.Joel Sing
2018-11-09Reimplement the sigalgs processing code into a new implementationBob Beck
2018-11-08First skeleton of the TLS 1.3 state machine. Based on RFC 8446 andTheo Buehler
2018-11-08KNFBob Beck
2018-11-08Clean up and simplify the handshake transcript code.Joel Sing
2018-11-08Stop pretending that a cert member in a SSL and SSL_CTX can be NULL.Joel Sing
2018-11-08Move #include <openssl/evp.h> to the header.Theo Buehler
2018-11-08Ensure the handshake transcript is cleaned up.Joel Sing
2018-11-07Add initial TLS 1.3 key schedule support with basic regress testsBob Beck
2018-11-07Add TLSv1.3 cipher suites (with appropriate guards).Joel Sing
2018-11-06Add TLS extension type values for TLSv1.3 (under guards).Joel Sing
2018-11-06Include TLSv1.3 in version handling code.Joel Sing