openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	6bd173fced	Don't disable TLS v1.2 by default any more.	2011-10-09 23:28:25 +00:00
Dr. Stephen Henson	b08b158b44	use client version when eliminating TLS v1.2 ciphersuites in client hello	2011-10-07 15:07:36 +00:00
Dr. Stephen Henson	928bd9a149	fix signed/unsigned warning	2011-09-26 17:04:41 +00:00
Dr. Stephen Henson	e53113b8ac	make sure eivlen is initialised	2011-09-24 23:06:35 +00:00
Dr. Stephen Henson	56f5ab43c2	PR: 2602 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS bug which prevents manual MTU setting	2011-09-23 13:35:05 +00:00
Bodo Möller	3c3f025923	Fix session handling.	2011-09-05 13:36:55 +00:00
Bodo Möller	5ff6e2dfbb	Fix d2i_SSL_SESSION.	2011-09-05 13:31:07 +00:00
Bodo Möller	61ac68f9f6	(EC)DH memory handling fixes. Submitted by: Adam Langley	2011-09-05 10:25:27 +00:00
Dr. Stephen Henson	ec5d74f868	PR: 2573 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug.	2011-09-01 14:02:14 +00:00
Andy Polyakov	84e7485bfb	Add RC4-MD5 and AESNI-SHA1 "stitched" implementations [from HEAD].	2011-08-23 20:53:34 +00:00
Dr. Stephen Henson	cf199fec52	Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites.	2011-08-14 13:47:30 +00:00
Dr. Stephen Henson	aed53d6c5a	Backport GCM support from HEAD.	2011-08-04 11:13:28 +00:00
Dr. Stephen Henson	c8c6e9ecd9	Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and prohibit use of these ciphersuites for TLS < 1.2	2011-07-25 21:45:17 +00:00
Andy Polyakov	90f3e4cf05	Back-port TLS AEAD framework [from HEAD].	2011-07-21 19:22:57 +00:00
Dr. Stephen Henson	f1c8db9f8c	PR: 2555 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS sequence number bug	2011-07-20 15:17:42 +00:00
Dr. Stephen Henson	2c9abbd554	PR: 2550 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS HelloVerifyRequest Timer bug	2011-07-20 15:13:43 +00:00
Dr. Stephen Henson	6abc406a69	PR: 2543 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Correctly handle errors in DTLSv1_handle_timeout()	2011-06-22 15:30:04 +00:00
Dr. Stephen Henson	4bea454021	set FIPS allow before initialising ctx	2011-06-14 15:25:41 +00:00
Dr. Stephen Henson	8e2f3c1c83	fix memory leak	2011-06-08 15:55:57 +00:00
Dr. Stephen Henson	a6dc77822b	Set SSL_FIPS flag in ECC ciphersuites.	2011-06-06 14:14:14 +00:00
Dr. Stephen Henson	f610a516a0	Backport from HEAD: New option to disable characteristic two fields in EC code. Make no-ec2m work on Win32 build.	2011-06-06 11:49:36 +00:00
Dr. Stephen Henson	7978dc989d	fix error discrepancy	2011-06-03 18:50:49 +00:00
Dr. Stephen Henson	9ddc574f9a	typo	2011-06-01 11:10:50 +00:00
Dr. Stephen Henson	2dd9e67874	set FIPS permitted flag before initalising digest	2011-05-31 16:24:06 +00:00
Dr. Stephen Henson	f93b03a5e6	Don't round up partitioned premaster secret length if there is only one digest in use: this caused the PRF to fail for an odd premaster secret length.	2011-05-31 10:35:22 +00:00
Dr. Stephen Henson	55a47cd30f	Output supported curves in preference order instead of numerically.	2011-05-30 17:58:29 +00:00
Dr. Stephen Henson	9c34782478	Don't advertise or use MD5 for TLS v1.2 in FIPS mode	2011-05-25 15:33:29 +00:00
Dr. Stephen Henson	20e6d22709	PR: 2533 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes the program to crash. This is due to missing version checks and is fixed with this patch.	2011-05-25 15:21:01 +00:00
Dr. Stephen Henson	24dd0c61ef	PR: 2529 Submitted by: Marcus Meissner <meissner@suse.de> Reviewed by: steve Call ssl_new() to reallocate SSL BIO internals if we want to replace the existing internal SSL structure.	2011-05-25 15:16:01 +00:00
Dr. Stephen Henson	4159ac43aa	Oops use up to date patch for PR#2506	2011-05-25 14:30:05 +00:00
Dr. Stephen Henson	88530f6b76	PR: 2506 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fully implement SSL_clear for DTLS.	2011-05-25 12:28:16 +00:00
Dr. Stephen Henson	a8cb8177f6	PR: 2505 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS session resumption timer bug.	2011-05-25 12:24:43 +00:00
Dr. Stephen Henson	277f8a34f4	use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS	2011-05-25 11:43:17 +00:00
Dr. Stephen Henson	4dde470865	Add tls12_sigalgs which somehow didn't get added to the backport.	2011-05-21 17:40:23 +00:00
Dr. Stephen Henson	b81fde02aa	Add server client certificate support for TLS v1.2 . This is more complex than client side as we need to keep the handshake record cache frozen when it contains all the records need to process the certificate verify message. (backport from HEAD).	2011-05-20 14:58:45 +00:00
Dr. Stephen Henson	7043fa702f	add FIPS support to ssl: doesn't do anything on this branch yet as there is no FIPS compilation support	2011-05-19 18:22:16 +00:00
Dr. Stephen Henson	74bf705ea8	set encodedPoint to NULL after freeing it	2011-05-19 16:18:11 +00:00
Dr. Stephen Henson	4fe4c00eca	Provisional support for TLS v1.2 client authentication: client side only. Parse certificate request message and set digests appropriately. Generate new TLS v1.2 format certificate verify message. Keep handshake caches around for longer as they are needed for client auth.	2011-05-12 17:49:15 +00:00
Dr. Stephen Henson	376838a606	Process signature algorithms during TLS v1.2 client authentication. Make sure message is long enough for signature algorithms. (backport from HEAD).	2011-05-12 17:44:59 +00:00
Dr. Stephen Henson	766e0cb7d1	SRP fixes from HEAD which weren't in 1.0.1-stable.	2011-05-12 13:46:40 +00:00
Dr. Stephen Henson	39348038df	make kerberos work with OPENSSL_NO_SSL_INTERN	2011-05-11 22:52:34 +00:00
Dr. Stephen Henson	9472baae0d	Backport TLS v1.2 support from HEAD. This includes TLS v1.2 server and client support but at present client certificate support is not implemented.	2011-05-11 13:37:52 +00:00
Dr. Stephen Henson	74096890ba	Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN all ssl related structures are opaque and internals cannot be directly accessed. Many applications will need some modification to support this and most likely some additional functions added to OpenSSL. The advantage of this option is that any application supporting it will still be binary compatible if SSL structures change. (backport from HEAD).	2011-05-11 12:56:38 +00:00
Dr. Stephen Henson	2ab42de1ec	PR: 2462 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS Retransmission Buffer Bug	2011-04-03 17:14:48 +00:00
Dr. Stephen Henson	ac2024ccbf	PR: 2458 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Don't change state when answering DTLS ClientHello.	2011-04-03 16:25:54 +00:00
Dr. Stephen Henson	93164a7d64	PR: 2457 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS fragment reassembly bug.	2011-04-03 15:48:32 +00:00
Richard Levitte	ecff2e5ce1	Corrections to the VMS build system. Submitted by Steven M. Schweda <sms@antinode.info>	2011-03-25 16:21:08 +00:00
Richard Levitte	d135906dbc	For VMS, implement the possibility to choose 64-bit pointers with different options: "64" The build system will choose /POINTER_SIZE=64=ARGV if the compiler supports it, otherwise /POINTER_SIZE=64. "64=" The build system will force /POINTER_SIZE=64. "64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.	2011-03-25 09:39:46 +00:00
Richard Levitte	9f427a52cb	make update (1.0.1-stable) This meant a slight renumbering in util/libeay.num due to symbols appearing in 1.0.0-stable. However, since there's been no release on this branch yet, it should be harmless.	2011-03-23 00:06:04 +00:00
Richard Levitte	e59fb00735	SRP was introduced, add it for OpenVMS.	2011-03-19 09:55:35 +00:00

1 2 3 4 5 ...

1178 commits