1349 commits

Author	SHA1	Message	Date
Dr. Stephen Henson	d0595f170c	Initial revision of ECC extension handling. ... Tidy some code up. Don't allocate a structure to handle ECC extensions when it is used for default values. Make supported curves configurable. Add ctrls to retrieve shared curves: not fully integrated with rest of ECC code yet.	2012-03-28 15:05:04 +00:00
Dr. Stephen Henson	7744ef1ada	use client version when deciding whether to send supported signature algorithms extension	2012-03-21 21:33:23 +00:00
Dr. Stephen Henson	156421a2af	oops, revert unrelated patches	2012-03-14 13:46:50 +00:00
Dr. Stephen Henson	61ad8262a0	update FAQ, NEWS	2012-03-14 13:44:57 +00:00
Andy Polyakov	d2add2efaa	ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER.	2012-03-13 19:20:55 +00:00
Dr. Stephen Henson	15a40af2ed	Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> ... Add more extension names in s_cb.c extension printing code.	2012-03-09 18:38:35 +00:00
Dr. Stephen Henson	ea6e386008	PR: 2756 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS timeout handling.	2012-03-09 15:52:33 +00:00
Dr. Stephen Henson	e7f8ff4382	New ctrls to retrieve supported signature algorithms and curves and ... extensions to s_client and s_server to print out retrieved valued. Extend CERT structure to cache supported signature algorithm data.	2012-03-06 14:28:21 +00:00
Dr. Stephen Henson	62b6948a27	PR: 2755 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions.	2012-03-06 13:47:43 +00:00
Dr. Stephen Henson	0fbf8b9cea	PR: 2748 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix possible DTLS timer deadlock.	2012-03-06 13:26:15 +00:00
Dr. Stephen Henson	57cb030cea	PR: 2739 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix padding bugs in Heartbeat support.	2012-02-27 16:38:24 +00:00
Dr. Stephen Henson	8f27a92754	ABI fixes from 1.0.1-stable	2012-02-23 22:25:52 +00:00
Dr. Stephen Henson	5421196eca	ABI compliance fixes. ... Move new structure fields to end of structures.	2012-02-22 15:39:54 +00:00
Dr. Stephen Henson	74b4b49494	SSL export fixes (from Adam Langley) [original from 1.0.1]	2012-02-22 15:06:56 +00:00
Dr. Stephen Henson	de2b5b7439	initialise i if n == 0	2012-02-22 15:03:44 +00:00
Dr. Stephen Henson	206310c305	Fix bug in CVE-2011-4619: check we have really received a client hello ... before rejecting multiple SGC restarts.	2012-02-16 15:26:04 +00:00
Dr. Stephen Henson	11eaec9ae4	Submitted by: Eric Rescorla <ekr@rtfm.com> ... Further fixes for use_srtp extension.	2012-02-11 22:53:31 +00:00
Dr. Stephen Henson	1df80b6561	PR: 2704 ... Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Fix srp extension.	2012-02-10 20:08:36 +00:00
Dr. Stephen Henson	5997efca83	Submitted by: Eric Rescorla <ekr@rtfm.com> ... Fix encoding of use_srtp extension to be compliant with RFC5764	2012-02-10 00:07:18 +00:00
Dr. Stephen Henson	57559471bf	oops, revert unrelated changes	2012-02-09 15:43:58 +00:00
Dr. Stephen Henson	f4e1169341	Modify client hello version when renegotiating to enhance interop with ... some servers.	2012-02-09 15:42:10 +00:00
Dr. Stephen Henson	febec8ff23	typo	2012-02-02 19:18:24 +00:00
Dr. Stephen Henson	f71c6e52f7	Add support for distinct certificate chains per key type and per SSL ... structure. Before this the only way to add a custom chain was in the parent SSL_CTX (which is shared by all key types and SSL structures) or rely on auto chain building (which is performed on each handshake) from the trust store.	2012-01-31 14:00:10 +00:00
Dr. Stephen Henson	9ade64dedf	code tidy	2012-01-27 14:21:38 +00:00
Dr. Stephen Henson	c526ed410c	Revise ssl code to use a CERT_PKEY structure when outputting a ... certificate chain instead of an X509 structure. This makes it easier to enhance code in future and the chain output functions have access to the CERT_PKEY structure being used.	2012-01-26 16:00:34 +00:00
Dr. Stephen Henson	4379d0e457	Tidy/enhance certificate chain output code. ... New function ssl_add_cert_chain which adds a certificate chain to SSL internal BUF_MEM. Use this function in ssl3_output_cert_chain and dtls1_output_cert_chain instead of partly duplicating code.	2012-01-26 15:47:32 +00:00
Dr. Stephen Henson	08e4ea4884	initialise dh_clnt	2012-01-26 14:37:46 +00:00
Dr. Stephen Henson	0d60939515	add support for use of fixed DH client certificates	2012-01-25 14:51:49 +00:00
Dr. Stephen Henson	1db5f356f5	return error if md is NULL	2012-01-22 13:12:14 +00:00
Dr. Stephen Henson	855d29184e	Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. ... Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050)	2012-01-18 18:15:27 +00:00
Dr. Stephen Henson	8e1dc4d7ca	Support for fixed DH ciphersuites. ... The cipher definitions of these ciphersuites have been around since SSLeay but were always disabled. Now OpenSSL supports DH certificates they can be finally enabled. Various additional changes were needed to make them work properly: many unused fixed DH sections of code were untested.	2012-01-16 18:19:14 +00:00
Bodo Möller	7bb1cc9505	Fix for builds without DTLS support. ... Submitted by: Brian Carlstrom	2012-01-05 10:22:41 +00:00
Dr. Stephen Henson	59e68615ce	PR: 2671 ... Submitted by: steve Update maximum message size for certifiate verify messages to support 4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.	2012-01-05 00:28:43 +00:00
Dr. Stephen Henson	192540b522	Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> ... Reviewed by: steve Send fatal alert if heartbeat extension has an illegal value.	2012-01-05 00:23:17 +00:00
Dr. Stephen Henson	e745572493	Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> ... Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson.	2012-01-04 23:52:26 +00:00
Dr. Stephen Henson	27dfffd5b7	Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)	2012-01-04 23:16:15 +00:00
Dr. Stephen Henson	d0dc991c62	Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)	2012-01-04 23:15:51 +00:00
Dr. Stephen Henson	25536ea6a7	Submitted by: Adam Langley <agl@chromium.org> ... Reviewed by: steve Fix memory leaks.	2012-01-04 14:25:42 +00:00
Dr. Stephen Henson	b3720c34e5	oops, revert wrong patch	2012-01-03 22:06:21 +00:00
Dr. Stephen Henson	5733919dbc	only send heartbeat extension from server if client sent one	2012-01-03 22:03:20 +00:00
Dr. Stephen Henson	4817504d06	PR: 2658 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Support for TLS/DTLS heartbeats.	2011-12-31 22:59:57 +00:00
Dr. Stephen Henson	84b6e277d4	make update	2011-12-27 14:46:03 +00:00
Dr. Stephen Henson	c79f22c63a	PR: 1794 ... Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve - remove some unncessary SSL_err and permit an srp user callback to allow a worker to obtain a user verifier. - cleanup and comments in s_server and demonstration for asynchronous srp user lookup	2011-12-27 14:21:45 +00:00
Dr. Stephen Henson	f3d781bb43	PR: 2326 ... Submitted by: Tianjie Mao <tjmao@tjmao.net> Reviewed by: steve Fix incorrect comma expressions and goto f_err as alert has been set.	2011-12-26 19:37:58 +00:00
Dr. Stephen Henson	7e159e0133	PR: 2535 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Add SCTP support for DTLS (RFC 6083).	2011-12-25 14:45:15 +00:00
Dr. Stephen Henson	b9e1488865	typo	2011-12-23 15:03:03 +00:00
Dr. Stephen Henson	9c52c3e07c	delete unimplemented function from header file, update ordinals	2011-12-23 14:09:30 +00:00
Dr. Stephen Henson	b646fc409d	remove prototype for deleted SRP function	2011-12-22 16:05:02 +00:00
Dr. Stephen Henson	f9b0b45238	New ctrl values to clear or retrieve extra chain certs from an SSL_CTX. ... New function to retrieve compression method from SSL_SESSION structure. Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions as they duplicate functionality of SSL_SESSION_get_id. Note: these functions have never appeared in any release version of OpenSSL.	2011-12-22 15:14:32 +00:00
Dr. Stephen Henson	f2fc30751e	PR: 1794 ... Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve Remove unnecessary code for srp and to add some comments to s_client. - the callback to provide a user during client connect is no longer necessary since rfc 5054 a connection attempt with an srp cipher and no user is terminated when the cipher is acceptable - comments to indicate in s_client the (non-)usefulness of th primalaty tests for non known group parameters.	2011-12-14 22:17:06 +00:00
Ben Laurie	3c0ff9f939	Remove redundant TLS exporter.	2011-12-13 15:57:39 +00:00
Dr. Stephen Henson	7a2362611f	fix error discrepancy	2011-12-07 12:28:40 +00:00
Bodo Möller	19b0d0e75b	Resolve a stack set-up race condition (if the list of compression ... methods isn't presorted, it will be sorted on first read). Submitted by: Adam Langley	2011-12-02 12:52:00 +00:00
Dr. Stephen Henson	ebba6c4895	PR: 1794 ... Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve Make SRP conformant to rfc 5054. Changes are: - removal of the addition state after client hello - removal of all pre-rfc srp alert ids - sending a fatal alert when there is no srp extension but when the server wants SRP - removal of unnecessary code in the client.	2011-11-25 00:17:44 +00:00
Bodo Möller	6f31dd72d2	Fix NPN implementation for renegotiation. ... (Problem pointed out by Ben Murphy.) Submitted by: Adam Langley	2011-11-24 21:07:01 +00:00
Dr. Stephen Henson	1c78c43bd3	move internal functions to ssl_locl.h	2011-11-21 22:52:13 +00:00
Dr. Stephen Henson	21b52dd3eb	bcmp doesn't exist on all platforms, replace with memcmp	2011-11-21 22:28:29 +00:00
Ben Laurie	e0af04056c	Add TLS exporter.	2011-11-15 23:50:52 +00:00
Ben Laurie	333f926d67	Add DTLS-SRTP.	2011-11-15 22:59:20 +00:00
Ben Laurie	ae55176091	Fix some warnings caused by __owur. Temporarily (I hope) remove the more ... aspirational __owur annotations.	2011-11-14 00:36:10 +00:00
Dr. Stephen Henson	0c58d22ad9	PR: 1794 ... Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve Document unknown_psk_identify alert, remove pre-RFC 5054 string from ssl_stat.c	2011-11-13 13:13:01 +00:00
Dr. Stephen Henson	930e801214	PR: 2628 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Send alert instead of assertion failure for incorrectly formatted DTLS fragments.	2011-10-27 13:06:52 +00:00
Dr. Stephen Henson	fe0e302dff	PR: 2628 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix for ECC keys and DTLS.	2011-10-27 13:01:33 +00:00
Dr. Stephen Henson	45906fe63b	Use correct tag for SRP username.	2011-10-25 12:51:22 +00:00
Dr. Stephen Henson	ffbfbef943	more vxworks patches	2011-10-14 22:04:14 +00:00
Bodo Möller	3ddc06f082	In ssl3_clear, preserve s3->init_extra along with s3->rbuf. ... Submitted by: Bob Buckholz <bbuckholz@google.com>	2011-10-13 13:05:58 +00:00
Dr. Stephen Henson	eb47b2fb13	add GCM ciphers in SSL_library_init	2011-10-10 12:56:18 +00:00
Dr. Stephen Henson	a0f21307e0	disable GCM if not available	2011-10-10 12:41:11 +00:00
Dr. Stephen Henson	7d7c13cbab	Don't disable TLS v1.2 by default now.	2011-10-09 23:26:39 +00:00
Dr. Stephen Henson	6dd547398a	use client version when eliminating TLS v1.2 ciphersuites in client hello	2011-10-07 15:07:19 +00:00
Dr. Stephen Henson	fca38e350b	fix signed/unsigned warning	2011-09-26 17:04:32 +00:00
Dr. Stephen Henson	d18a0df0a6	make sure eivlen is initialised	2011-09-24 23:06:20 +00:00
Dr. Stephen Henson	1d7392f219	PR: 2602 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS bug which prevents manual MTU setting	2011-09-23 13:34:48 +00:00
Bodo Möller	c519e89f5c	Fix session handling.	2011-09-05 13:36:23 +00:00
Bodo Möller	612fcfbd29	Fix d2i_SSL_SESSION.	2011-09-05 13:31:17 +00:00
Bodo Möller	e7928282d0	(EC)DH memory handling fixes. ... Submitted by: Adam Langley	2011-09-05 10:25:31 +00:00
Dr. Stephen Henson	d41ce00b8c	PR: 2573 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug.	2011-09-01 14:02:23 +00:00
Andy Polyakov	c608171d9c	Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.	2011-08-23 20:51:38 +00:00
Dr. Stephen Henson	1f59a84308	Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA ... using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites.	2011-08-14 13:45:19 +00:00
Dr. Stephen Henson	28dd49faec	Expand range of ctrls for AES GCM to support retrieval and setting of ... invocation field. Add complete support for AES GCM ciphersuites including all those in RFC5288 and RFC5289.	2011-08-03 15:37:22 +00:00
Dr. Stephen Henson	31475a370c	oops, remove debug option	2011-07-25 21:38:41 +00:00
Dr. Stephen Henson	d09677ac45	Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and ... prohibit use of these ciphersuites for TLS < 1.2	2011-07-25 20:41:32 +00:00
Dr. Stephen Henson	0445ab3ae0	PR: 2555 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS sequence number bug	2011-07-20 15:17:51 +00:00
Dr. Stephen Henson	bb48f4ce6e	PR: 2550 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS HelloVerifyRequest Timer bug	2011-07-20 15:14:24 +00:00
Andy Polyakov	146e1fc7b3	ssl/ssl_ciph.c: allow to switch to predefined "composite" cipher/mac ... combos that can be implemented as AEAD ciphers.	2011-07-11 14:00:43 +00:00
Andy Polyakov	7532071aa3	ssl/t1_enc.c: initial support for AEAD ciphers.	2011-07-11 13:58:59 +00:00
Dr. Stephen Henson	861a7e5c9f	PR: 2543 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Correctly handle errors in DTLSv1_handle_timeout()	2011-06-22 15:30:14 +00:00
Dr. Stephen Henson	70051b1d88	set FIPS allow before initialising ctx	2011-06-14 15:25:21 +00:00
Dr. Stephen Henson	ca9335760b	fix memory leak	2011-06-08 15:55:43 +00:00
Dr. Stephen Henson	1c13c122d8	Set SSL_FIPS flag in ECC ciphersuites.	2011-06-06 14:14:41 +00:00
Dr. Stephen Henson	4f8f8bf3a4	fix error discrepancy	2011-06-03 18:50:24 +00:00
Dr. Stephen Henson	654ac273c1	typo	2011-06-01 11:10:35 +00:00
Dr. Stephen Henson	8f119a0357	set FIPS permitted flag before initalising digest	2011-05-31 16:24:19 +00:00
Dr. Stephen Henson	1b2047c5c0	Don't round up partitioned premaster secret length if there is only one ... digest in use: this caused the PRF to fail for an odd premaster secret length.	2011-05-31 10:34:43 +00:00
Dr. Stephen Henson	eda3766b53	Output supported curves in preference order instead of numerically.	2011-05-30 17:58:13 +00:00
Dr. Stephen Henson	ebc5e72fe5	Don't advertise or use MD5 for TLS v1.2 in FIPS mode	2011-05-25 15:31:32 +00:00
Dr. Stephen Henson	3d52f1d52b	PR: 2533 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes the program to crash. This is due to missing version checks and is fixed with this patch.	2011-05-25 15:20:49 +00:00
Dr. Stephen Henson	fd60dfa0f2	PR: 2529 ... Submitted by: Marcus Meissner <meissner@suse.de> Reviewed by: steve Call ssl_new() to reallocate SSL BIO internals if we want to replace the existing internal SSL structure.	2011-05-25 15:16:10 +00:00
Dr. Stephen Henson	bbcf3a9b30	Some nextproto patches broke DTLS: fix	2011-05-25 14:31:47 +00:00
Dr. Stephen Henson	006b54a8eb	Oops use up to date patch for PR#2506	2011-05-25 14:30:20 +00:00
Dr. Stephen Henson	7832d6ab1c	PR: 2506 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fully implement SSL_clear for DTLS.	2011-05-25 12:28:06 +00:00
Dr. Stephen Henson	ee4b5cebef	PR: 2505 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS session resumption timer bug.	2011-05-25 12:25:01 +00:00
Dr. Stephen Henson	238b63613b	use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS	2011-05-25 11:43:07 +00:00
Dr. Stephen Henson	f37f20ffd3	PR: 2295 ... Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com> Reviewed by: steve OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code elimination.	2011-05-20 14:56:29 +00:00
Dr. Stephen Henson	086e32a6c7	Implement FIPS_mode and FIPS_mode_set	2011-05-19 18:09:02 +00:00
Dr. Stephen Henson	4f7533eb84	set encodedPoint to NULL after freeing it	2011-05-19 16:17:47 +00:00
Dr. Stephen Henson	855a54a9a5	Provisional support for TLS v1.2 client authentication: client side only. ... Parse certificate request message and set digests appropriately. Generate new TLS v1.2 format certificate verify message. Keep handshake caches around for longer as they are needed for client auth.	2011-05-12 17:35:03 +00:00
Dr. Stephen Henson	8f82912460	Process signature algorithms during TLS v1.2 client authentication. ... Make sure message is long enough for signature algorithms.	2011-05-12 14:38:01 +00:00
Dr. Stephen Henson	4f7a2ab8b1	make kerberos work with OPENSSL_NO_SSL_INTERN	2011-05-11 22:50:18 +00:00
Dr. Stephen Henson	fc101f88b6	Reorder signature algorithms in strongest hash first order.	2011-05-11 16:33:28 +00:00
Dr. Stephen Henson	a2f9200fba	Initial TLS v1.2 client support. Include a default supported signature ... algorithms extension (including everything we support). Swicth to new signature format where needed and relax ECC restrictions. Not TLS v1.2 client certifcate support yet but client will handle case where a certificate is requested and we don't have one.	2011-05-09 15:44:01 +00:00
Dr. Stephen Henson	6b7be581e5	Continuing TLS v1.2 support: add support for server parsing of ... signature algorithms extension and correct signature format for server key exchange. All ciphersuites should now work on the server but no client support and no client certificate support yet.	2011-05-06 13:00:07 +00:00
Dr. Stephen Henson	823df31be7	Disable SHA256 if not supported.	2011-05-01 15:36:16 +00:00
Dr. Stephen Henson	7409d7ad51	Initial incomplete TLS v1.2 support. New ciphersuites added, new version ... checking added, SHA256 PRF support added. At present only RSA key exchange ciphersuites work with TLS v1.2 as the new signature format is not yet implemented.	2011-04-29 22:56:51 +00:00
Dr. Stephen Henson	08557cf22c	Initial "opaque SSL" framework. If an application defines ... OPENSSL_NO_SSL_INTERN all ssl related structures are opaque and internals cannot be directly accessed. Many applications will need some modification to support this and most likely some additional functions added to OpenSSL. The advantage of this option is that any application supporting it will still be binary compatible if SSL structures change.	2011-04-29 22:37:12 +00:00
Dr. Stephen Henson	b93e331ba4	Reorder headers to get definitions before they are used.	2011-04-11 14:01:33 +00:00
Dr. Stephen Henson	4058861f69	PR: 2462 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS Retransmission Buffer Bug	2011-04-03 17:14:35 +00:00
Dr. Stephen Henson	f74a0c0c93	PR: 2458 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Don't change state when answering DTLS ClientHello.	2011-04-03 16:25:29 +00:00
Dr. Stephen Henson	6e28b60aa5	PR: 2457 ... Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS fragment reassembly bug.	2011-04-03 15:47:58 +00:00
Richard Levitte	3a660e7364	Corrections to the VMS build system. ... Submitted by Steven M. Schweda <sms@antinode.info>	2011-03-25 16:20:35 +00:00
Richard Levitte	4ec3e8ca51	For VMS, implement the possibility to choose 64-bit pointers with ... different options: "64" The build system will choose /POINTER_SIZE=64=ARGV if the compiler supports it, otherwise /POINTER_SIZE=64. "64=" The build system will force /POINTER_SIZE=64. "64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.	2011-03-25 09:40:48 +00:00
Richard Levitte	487b023f3d	make update (1.1.0-dev) ... This meant alarger renumbering in util/libeay.num due to symbols appearing in 1.0.0-stable and 1.0.1-stable. However, since there's been no release on this branch yet, it should be harmless.	2011-03-23 00:11:32 +00:00
Richard Levitte	537c982306	After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS ... submitted by Steven M. Schweda <sms@antinode.info>	2011-03-19 10:58:14 +00:00
Dr. Stephen Henson	23bc7961d2	Fix broken SRP error/function code assignment.	2011-03-16 16:17:46 +00:00
Dr. Stephen Henson	d70fcb96ac	Fix warnings: signed/unisgned comparison, shadowing (in some cases global ... functions such as rand() ).	2011-03-12 17:27:03 +00:00
Dr. Stephen Henson	5e374d2ee8	Remove redundant check to stop compiler warning.	2011-03-12 17:06:35 +00:00
Ben Laurie	edc032b5e3	Add SRP support.	2011-03-12 17:01:19 +00:00
Dr. Stephen Henson	a3654f0586	Include openssl/crypto.h first in several other files so FIPS renaming ... is picked up.	2011-02-16 17:25:01 +00:00
Dr. Stephen Henson	b331016124	New option to disable characteristic two fields in EC code.	2011-02-12 17:23:32 +00:00
Bodo Möller	9770924f9b	OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) ... Submitted by: Neel Mehta, Adam Langley, Bodo Moeller	2011-02-08 17:48:57 +00:00
Bodo Möller	e2b798c8b3	Assorted bugfixes: ... - safestack macro changes for C++ were incomplete - RLE decompression boundary case - SSL 2.0 key arg length check Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)	2011-02-03 12:03:51 +00:00
Bodo Möller	88f2a4cf9c	CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)	2011-02-03 10:43:00 +00:00
Bodo Möller	9d0397e977	make update	2011-02-03 10:17:53 +00:00
Dr. Stephen Henson	9bafd8f7b3	FIPS_allow_md5() no longer exists and is no longer required	2011-01-26 12:23:58 +00:00
Dr. Stephen Henson	722521594c	Don't use decryption_failed alert for TLS v1.1 or later.	2011-01-04 19:39:27 +00:00
Dr. Stephen Henson	a47577164c	Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed ... alert.	2011-01-04 19:34:20 +00:00
Richard Levitte	b7ef916c38	First attempt at adding the possibility to set the pointer size for the builds on VMS. ... PR: 2393	2010-12-14 19:19:04 +00:00
Dr. Stephen Henson	d0205686bb	PR: 2240 ... Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve Reviewed by: steve As required by RFC4492 an absent supported points format by a server is not an error: it should be treated as equivalent to an extension only containing uncompressed.	2010-11-25 12:27:09 +00:00
Dr. Stephen Henson	290be870d6	using_ecc doesn't just apply to TLSv1	2010-11-25 11:51:31 +00:00
Dr. Stephen Henson	6f678c4081	oops, revert invalid change	2010-11-24 14:03:25 +00:00
Dr. Stephen Henson	e9be051f3a	use generalise mac API for SSL key generation	2010-11-24 13:16:59 +00:00
Richard Levitte	ec44f0ebfa	Taken from OpenSSL_1_0_0-stable: ... Include proper header files for time functions. Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>	2010-11-22 18:25:04 +00:00
Dr. Stephen Henson	b71f815f6b	remove duplicate statement	2010-11-18 17:33:17 +00:00
Dr. Stephen Henson	ac7797a722	oops, reinstate TLSv1 string	2010-11-17 18:17:08 +00:00
Dr. Stephen Henson	7d5686d355	Don't assume a decode error if session tlsext_ecpointformatlist is not NULL: it can be legitimately set elsewhere.	2010-11-17 17:37:23 +00:00
Dr. Stephen Henson	732d31beee	bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files	2010-11-16 14:18:51 +00:00
Dr. Stephen Henson	e15320f652	Only use explicit IV if cipher is in CBC mode.	2010-11-14 17:47:45 +00:00
Dr. Stephen Henson	e827b58711	Get correct GOST private key instead of just assuming the last one is ... correct: this isn't always true if we have more than one certificate.	2010-11-14 13:50:55 +00:00
Dr. Stephen Henson	5759425810	PR: 2314 ... Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net> Reviewed by: steve Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939	2010-10-10 12:15:47 +00:00
Ben Laurie	bf48836c7c	Fixes to NPN from Adam Langley.	2010-09-05 17:14:01 +00:00