Bodo Möller
1aeb3da83f
Fixes for TLS server_name extension
...
Submitted by: Peter Sylvester
2006-01-06 09:08:59 +00:00
Bodo Möller
e8e5b46e2b
Add names for people who provided the TLS extension patch.
2006-01-04 17:35:51 +00:00
Bodo Möller
f1fd4544a3
Various changes in the new TLS extension code, including the following:
...
- fix indentation
- rename some functions and macros
- fix up confusion between SSL_ERROR_... and SSL_AD_... values
2006-01-03 03:27:19 +00:00
Bodo Möller
b1277b9902
C style fix-up
2006-01-02 23:29:12 +00:00
Andy Polyakov
ed26604a71
Engage Whirlpool assembler and mention Whirlpool in CHANGES.
2005-12-16 12:55:33 +00:00
Andy Polyakov
0cb9d93d0c
Mention bn(64,64) to bn(64,32) switch on 64-bit SPARCv9 targets in CHANGES.
2005-12-16 11:12:42 +00:00
Bodo Möller
d56349a2aa
update TLS-ECC code
...
Submitted by: Douglas Stebila
2005-12-13 07:33:35 +00:00
Dr. Stephen Henson
ad2695b1b7
Update from 0.9.8-stable.
2005-12-05 13:46:46 +00:00
Dr. Stephen Henson
b40228a61d
New functions to support opaque EVP_CIPHER_CTX handling.
2005-12-02 13:46:39 +00:00
Dr. Stephen Henson
452ae49db5
Extensive OID code enhancement and fixes.
2005-11-20 13:07:47 +00:00
Bodo Möller
d804f86b88
disable some invalid ciphersuites
2005-11-15 23:32:11 +00:00
Bodo Möller
8dee9f844f
deFUDify: don't require OPENSSL_EC_BIN_PT_COMP
2005-11-15 21:08:38 +00:00
Dr. Stephen Henson
fbf002bb88
Update from stable branch.
2005-11-06 17:58:26 +00:00
Richard Levitte
998ac55e19
Document it
2005-11-01 07:53:37 +00:00
Bodo Möller
a1006c373d
harmonize with 0.9.7-stable and 0.9.8-stable variants of CHANGES
2005-10-26 19:28:04 +00:00
Andy Polyakov
4d524040bc
Change bn_mul_mont declaration and BN_MONT_CTX. Update CHANGES.
2005-10-22 17:57:18 +00:00
Mark J. Cox
04fac37311
one time CAN->CVE update
2005-10-19 11:00:39 +00:00
Richard Levitte
89ec4332ec
Add in CHANGES for 0.9.7i.
2005-10-15 04:26:57 +00:00
Mark J. Cox
d357be38b9
Make sure head CHANGES is up to date, we refer to this in announce.txt
2005-10-11 11:10:19 +00:00
Dr. Stephen Henson
566dda07ba
New option SSL_OP_NO_COMP to disable compression. New ctrls to set
...
maximum send fragment size. Allocate I/O buffers accordingly.
2005-10-08 00:18:53 +00:00
Bodo Möller
13e4670c29
new option "openssl ciphers -V"
2005-10-01 04:08:48 +00:00
Dr. Stephen Henson
f022c177db
Two new verify flags functions.
2005-09-02 22:49:54 +00:00
Dr. Stephen Henson
1ef7acfe92
Initial support for ASN1 print code.
...
WARNING WARNING WARNING, experimental code, handle with care, use at
your own risk, may contain nuts.
2005-09-01 13:59:16 +00:00
Dr. Stephen Henson
a0156a926f
Integrated support for PVK files.
2005-08-31 16:37:54 +00:00
Nils Larsch
6e119bb02e
Keep cipher lists sorted in the source instead of sorting them at
...
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.
2005-08-25 07:29:54 +00:00
Bodo Möller
770bc596e1
recent DH change does not avoid *all* possible small-subgroup attacks;
...
let's be clear about that
2005-08-23 06:54:33 +00:00
Ben Laurie
bf3d6c0c9b
Make D-H safer, include well-known primes.
2005-08-21 16:00:17 +00:00
Dr. Stephen Henson
eea374fd19
Command line support for RSAPublicKey format.
2005-08-21 00:18:26 +00:00
Dr. Stephen Henson
45e2738585
Remove ASN1_METHOD code replace with new ASN1 alternative.
2005-08-20 18:12:45 +00:00
Nils Larsch
4ebb342fcd
Let the TLSv1_method() etc. functions return a const SSL_METHOD
...
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-14 21:48:33 +00:00
Andy Polyakov
0491e05833
Final(?) WinCE update.
2005-08-07 22:21:49 +00:00
Dr. Stephen Henson
f3b656b246
Initialize SSL_METHOD structures at compile time. This removes the need
...
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-08-05 23:56:11 +00:00
Dr. Stephen Henson
8f2e4fdf86
Allow PKCS7_decrypt() to work if no cert supplied.
2005-08-04 22:15:22 +00:00
Dr. Stephen Henson
0537f9689c
Add support for setting IDP too.
2005-07-25 22:35:36 +00:00
Dr. Stephen Henson
0745d0892d
Allow setting of all fields in CRLDP. Few cosmetic changes to output.
2005-07-25 18:42:29 +00:00
Dr. Stephen Henson
9aa9d70ddb
Print out previously unsupported fields in CRLDP by i2r instead of i2v.
...
Cosmetic changes to IDP printout.
2005-07-24 00:23:57 +00:00
Dr. Stephen Henson
231493c93c
Initial print only support for IDP CRL extension.
2005-07-23 23:33:06 +00:00
Richard Levitte
2bd2cd9b78
Changes from the 0.9.8 branch.
2005-07-05 19:16:24 +00:00
Richard Levitte
c83101248a
Changes from the 0.9.8 branch.
2005-07-05 18:36:42 +00:00
Andy Polyakov
8d3509b937
CHANGES and TABLE sync with 0.9.8.
2005-07-05 11:48:38 +00:00
Dr. Stephen Henson
cbdac46d58
Update from stable branch.
2005-07-04 23:12:04 +00:00
Dr. Stephen Henson
5d6c4985d1
Typo.
2005-06-02 20:29:32 +00:00
Dr. Stephen Henson
b615ad90c8
Update CHANGES.
2005-06-02 20:11:16 +00:00
Geoff Thorpe
a2c32e2d7f
Change the source and output paths for 'chil' and '4758cca' engines so that
...
dynamic loading is consistent with respect to engine ids.
2005-05-29 19:14:21 +00:00
Bodo Möller
0ebfcc8f92
make sure DSA signing exponentiations really are constant-time
2005-05-26 04:40:52 +00:00
Richard Levitte
28e4fe34e4
Version changes where needed.
2005-05-18 04:04:12 +00:00
Bodo Möller
91b17fbad4
Change wording for BN_mod_exp_mont_consttime() entry
2005-05-16 19:14:34 +00:00
Bodo Möller
46a643763d
Implement fixed-window exponentiation to mitigate hyper-threading
...
timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:43:31 +00:00
Dr. Stephen Henson
b6995add5c
Make -CSP option work again in pkcs12 utility by checking for
...
attribute in EVP_PKEY structure.
2005-05-15 00:54:45 +00:00
Bodo Möller
c6c2e3135d
Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled
...
with the SSL_OP_NO_SSLv2 option.
2005-05-11 18:25:49 +00:00