openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	eb38b26dbc	Update from 1.0.0-stable.	2009-05-15 22:58:40 +00:00
Dr. Stephen Henson	e5fa864f62	Updates from 1.0.0-stable.	2009-04-15 15:27:03 +00:00
Dr. Stephen Henson	cc7399e79c	Changes from 1.0.0-stable.	2009-04-07 16:33:26 +00:00
Lutz Jänicke	fceac0bc74	Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP Some #include statements were not properly protected. This will go unnoted on most systems as openssl/comp.h tends to be installed as a system header file by default but may become visible when cross compiling.	2009-01-05 14:43:05 +00:00
Ben Laurie	0eab41fb78	If we're going to return errors (no matter how stupid), then we should test for them!	2008-12-29 16:11:58 +00:00
Ben Laurie	6ba71a7173	Handle the unlikely event that BIO_get_mem_data() returns -ve.	2008-12-27 02:00:38 +00:00
Dr. Stephen Henson	e19106f5fb	Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros with the appropriate parameters which calls OBJ_bsearch(). A compiler will typically inline this. This avoids the need for cmp_xxx variables and fixes unchecked const issues with CHECKED_PTR_OF()	2008-10-22 15:43:01 +00:00
Dr. Stephen Henson	606f6c477a	Fix a shed load or warnings: Duplicate const. Use of ; outside function.	2008-10-20 15:12:00 +00:00
Ben Laurie	babb379849	Type-checked (and modern C compliant) OBJ_bsearch.	2008-10-12 14:32:47 +00:00
Bodo Möller	96562f2fb3	update comment	2008-09-14 19:50:55 +00:00
Dr. Stephen Henson	3ad74edce8	Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new strength "FIPS" to represent all FIPS approved ciphersuites without NULL encryption.	2008-09-10 16:02:09 +00:00
Bodo Möller	474b3b1cc8	Fix error codes for memory-saving patch. Also, get rid of compile-time switch OPENSSL_NO_RELEASE_BUFFERS because it was rather pointless (the new behavior has to be explicitly requested by setting SSL_MODE_RELEASE_BUFFERS anyway).	2008-08-04 22:10:38 +00:00
Dr. Stephen Henson	45d3767d28	Prevent signed/unsigned warning on VC++	2008-06-03 10:17:45 +00:00
Ben Laurie	8671b89860	Memory saving patch.	2008-06-03 02:48:34 +00:00
Dr. Stephen Henson	368888bcb6	Add client cert engine to SSL routines.	2008-06-01 22:33:24 +00:00
Andy Polyakov	5d58f1bbfe	Prohibit RC4 in DTLS.	2007-10-05 21:04:56 +00:00
Dr. Stephen Henson	67c8e7f414	Support for certificate status TLS extension.	2007-09-26 21:56:59 +00:00
Bodo Möller	761772d7e1	Implement the Opaque PRF Input TLS extension (draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and bugfixes on the way. In particular, this fixes the buffer bounds checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext(). Note that the opaque PRF Input TLS extension is not compiled by default; see CHANGES.	2007-09-21 06:54:24 +00:00
Dr. Stephen Henson	81025661a9	Update ssl code to support digests other than MD5+SHA1 in handshake. Submitted by: Victor B. Wagner <vitus@cryptocom.ru>	2007-08-31 12:42:53 +00:00
Dr. Stephen Henson	956006b741	Use SHA256 for ticket HMAC if possible.	2007-08-20 12:35:20 +00:00
Dr. Stephen Henson	367eb1f125	Fix warning and make no-tlsext work.	2007-08-12 18:56:14 +00:00
Dr. Stephen Henson	6434abbfc6	RFC4507 (including RFC4507bis) TLS stateless session resumption support for OpenSSL.	2007-08-11 23:18:29 +00:00
Dr. Stephen Henson	b948e2c59e	Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.	2007-06-04 17:04:40 +00:00
Bodo Möller	96afc1cfd5	Add SEED encryption algorithm. PR: 1503 Submitted by: KISA Reviewed by: Bodo Moeller	2007-04-23 23:48:59 +00:00
Dr. Stephen Henson	9981a51e42	Stage 1 GOST ciphersuite support. Submitted by: ran@cryptocom.ru Reviewed by: steve@openssl.org	2007-03-23 17:04:05 +00:00
Bodo Möller	52b8dad8ec	Reorganize the data used for SSL ciphersuite pattern matching. This change resolves a number of problems and obviates multiple kludges. A new feature is that you can now say "AES256" or "AES128" (not just "AES", which enables both). In some cases the ciphersuite list generated from a given string is affected by this change. I hope this is just in those cases where the previous behaviour did not make sense.	2007-02-17 06:45:38 +00:00
Bodo Möller	ed3ecd801e	Error messages for client ECC cert verification. Also, change the default ciphersuite to give some prefererence to ciphersuites with forwared secrecy (rather than using a random order).	2006-06-15 19:58:22 +00:00
Bodo Möller	89bbe14c50	Ciphersuite string bugfixes, and ECC-related (re-)definitions.	2006-06-14 17:40:31 +00:00
Bodo Möller	f3dea9a595	Camellia cipher, contributed by NTT Submitted by: Masashi Fujita Reviewed by: Bodo Moeller	2006-06-09 15:44:59 +00:00
Bodo Möller	332737217a	Implement Supported Elliptic Curves Extension. Submitted by: Douglas Stebila	2006-03-30 02:44:56 +00:00
Bodo Möller	36ca4ba63d	Implement the Supported Point Formats Extension for ECC ciphersuites Submitted by: Douglas Stebila	2006-03-11 23:46:37 +00:00
Nils Larsch	ddac197404	add initial support for RFC 4279 PSK SSL ciphersuites PR: 1191 Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation Reviewed by: Nils Larsch	2006-03-10 23:06:27 +00:00
Bodo Möller	58ece83395	Further TLS extension improvements Submitted by: Peter Sylvester	2006-01-13 09:21:10 +00:00
Bodo Möller	f1fd4544a3	Various changes in the new TLS extension code, including the following: - fix indentation - rename some functions and macros - fix up confusion between SSL_ERROR_... and SSL_AD_... values	2006-01-03 03:27:19 +00:00
Bodo Möller	ed3883d21b	Support TLS extensions (specifically, HostName) Submitted by: Peter Sylvester	2006-01-02 23:14:37 +00:00
Nils Larsch	7f3c9036ea	initialize cipher/digest methods table in SSL_library_init() and hence remove the need for a lock	2005-08-21 23:06:23 +00:00
Nils Larsch	4ebb342fcd	Let the TLSv1_method() etc. functions return a const SSL_METHOD pointer and make the SSL_METHOD parameter in SSL_CTX_new, SSL_CTX_set_ssl_version and SSL_set_ssl_method const.	2005-08-14 21:48:33 +00:00
Nils Larsch	01a9792f05	remove unused internal foo_base_method functions	2005-08-08 19:04:37 +00:00
Dr. Stephen Henson	f3b656b246	Initialize SSL_METHOD structures at compile time. This removes the need for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.	2005-08-05 23:56:11 +00:00
Nils Larsch	3eeaab4bed	make ./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa] make depend all test work again PR: 1159	2005-07-16 12:37:36 +00:00
Bodo Möller	c6c2e3135d	Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled with the SSL_OP_NO_SSLv2 option.	2005-05-11 18:25:49 +00:00
Dr. Stephen Henson	6c61726b2a	Lots of Win32 fixes for DTLS. 1. "unsigned long long" isn't portable changed: to BN_ULLONG. 2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used. 2. Avoid lots of compiler warnings about signed/unsigned mismatches. 3. Include new library directory pqueue in mk1mf build system. 4. Update symbols.	2005-04-27 16:27:14 +00:00
Bodo Möller	480506bd49	remove some functions from exported headers	2005-04-26 18:18:35 +00:00
Bodo Möller	beb056b303	fix SSLerr stuff for DTLS1 code; move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h"; fix silly indentation (a TAB is not always 4 spaces)	2005-04-26 18:08:00 +00:00
Ben Laurie	36d16f8ee0	Add DTLS support.	2005-04-26 16:02:40 +00:00
Andy Polyakov	3ed449e94a	More cover-ups, removing OPENSSL_GLOBAL/EXTERNS. We can remove more...	2005-04-13 21:46:30 +00:00
Ben Laurie	41a15c4f0f	Give everything prototypes (well, everything that's actually used).	2005-03-31 09:26:39 +00:00
Ben Laurie	0821bcd4de	Constification.	2005-03-30 10:26:02 +00:00
Geoff Thorpe	d095b68d63	Deprecate quite a few recursive includes from the ssl.h API header and remove some unnecessary includes from the internal header ssl_locl.h. This then requires adding includes for bn.h in four C files.	2004-05-17 18:53:47 +00:00
Geoff Thorpe	60a938c6bc	(oops) Apologies all, that last header-cleanup commit was from the wrong tree. This further reduces header interdependencies, and makes some associated cleanups.	2004-04-19 18:09:28 +00:00

1 2 3

105 commits