Commit graph

1284 commits

Author SHA1 Message Date
Bodo Möller
1aeb3da83f Fixes for TLS server_name extension
Submitted by: Peter Sylvester
2006-01-06 09:08:59 +00:00
Bodo Möller
e8e5b46e2b Add names for people who provided the TLS extension patch. 2006-01-04 17:35:51 +00:00
Bodo Möller
f1fd4544a3 Various changes in the new TLS extension code, including the following:
- fix indentation
 - rename some functions and macros
 - fix up confusion between SSL_ERROR_... and SSL_AD_... values
2006-01-03 03:27:19 +00:00
Bodo Möller
b1277b9902 C style fix-up 2006-01-02 23:29:12 +00:00
Andy Polyakov
ed26604a71 Engage Whirlpool assembler and mention Whirlpool in CHANGES. 2005-12-16 12:55:33 +00:00
Andy Polyakov
0cb9d93d0c Mention bn(64,64) to bn(64,32) switch on 64-bit SPARCv9 targets in CHANGES. 2005-12-16 11:12:42 +00:00
Bodo Möller
d56349a2aa update TLS-ECC code
Submitted by: Douglas Stebila
2005-12-13 07:33:35 +00:00
Dr. Stephen Henson
ad2695b1b7 Update from 0.9.8-stable. 2005-12-05 13:46:46 +00:00
Dr. Stephen Henson
b40228a61d New functions to support opaque EVP_CIPHER_CTX handling. 2005-12-02 13:46:39 +00:00
Dr. Stephen Henson
452ae49db5 Extensive OID code enhancement and fixes. 2005-11-20 13:07:47 +00:00
Bodo Möller
d804f86b88 disable some invalid ciphersuites 2005-11-15 23:32:11 +00:00
Bodo Möller
8dee9f844f deFUDify: don't require OPENSSL_EC_BIN_PT_COMP 2005-11-15 21:08:38 +00:00
Dr. Stephen Henson
fbf002bb88 Update from stable branch. 2005-11-06 17:58:26 +00:00
Richard Levitte
998ac55e19 Document it 2005-11-01 07:53:37 +00:00
Bodo Möller
a1006c373d harmonize with 0.9.7-stable and 0.9.8-stable variants of CHANGES 2005-10-26 19:28:04 +00:00
Andy Polyakov
4d524040bc Change bn_mul_mont declaration and BN_MONT_CTX. Update CHANGES. 2005-10-22 17:57:18 +00:00
Mark J. Cox
04fac37311 one time CAN->CVE update 2005-10-19 11:00:39 +00:00
Richard Levitte
89ec4332ec Add in CHANGES for 0.9.7i. 2005-10-15 04:26:57 +00:00
Mark J. Cox
d357be38b9 Make sure head CHANGES is up to date, we refer to this in announce.txt 2005-10-11 11:10:19 +00:00
Dr. Stephen Henson
566dda07ba New option SSL_OP_NO_COMP to disable compression. New ctrls to set
maximum send fragment size. Allocate I/O buffers accordingly.
2005-10-08 00:18:53 +00:00
Bodo Möller
13e4670c29 new option "openssl ciphers -V" 2005-10-01 04:08:48 +00:00
Dr. Stephen Henson
f022c177db Two new verify flags functions. 2005-09-02 22:49:54 +00:00
Dr. Stephen Henson
1ef7acfe92 Initial support for ASN1 print code.
WARNING WARNING WARNING, experimental code, handle with care, use at
your own risk, may contain nuts.
2005-09-01 13:59:16 +00:00
Dr. Stephen Henson
a0156a926f Integrated support for PVK files. 2005-08-31 16:37:54 +00:00
Nils Larsch
6e119bb02e Keep cipher lists sorted in the source instead of sorting them at
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.
2005-08-25 07:29:54 +00:00
Bodo Möller
770bc596e1 recent DH change does not avoid *all* possible small-subgroup attacks;
let's be clear about that
2005-08-23 06:54:33 +00:00
Ben Laurie
bf3d6c0c9b Make D-H safer, include well-known primes. 2005-08-21 16:00:17 +00:00
Dr. Stephen Henson
eea374fd19 Command line support for RSAPublicKey format. 2005-08-21 00:18:26 +00:00
Dr. Stephen Henson
45e2738585 Remove ASN1_METHOD code replace with new ASN1 alternative. 2005-08-20 18:12:45 +00:00
Nils Larsch
4ebb342fcd Let the TLSv1_method() etc. functions return a const SSL_METHOD
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-14 21:48:33 +00:00
Andy Polyakov
0491e05833 Final(?) WinCE update. 2005-08-07 22:21:49 +00:00
Dr. Stephen Henson
f3b656b246 Initialize SSL_METHOD structures at compile time. This removes the need
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-08-05 23:56:11 +00:00
Dr. Stephen Henson
8f2e4fdf86 Allow PKCS7_decrypt() to work if no cert supplied. 2005-08-04 22:15:22 +00:00
Dr. Stephen Henson
0537f9689c Add support for setting IDP too. 2005-07-25 22:35:36 +00:00
Dr. Stephen Henson
0745d0892d Allow setting of all fields in CRLDP. Few cosmetic changes to output. 2005-07-25 18:42:29 +00:00
Dr. Stephen Henson
9aa9d70ddb Print out previously unsupported fields in CRLDP by i2r instead of i2v.
Cosmetic changes to IDP printout.
2005-07-24 00:23:57 +00:00
Dr. Stephen Henson
231493c93c Initial print only support for IDP CRL extension. 2005-07-23 23:33:06 +00:00
Richard Levitte
2bd2cd9b78 Changes from the 0.9.8 branch. 2005-07-05 19:16:24 +00:00
Richard Levitte
c83101248a Changes from the 0.9.8 branch. 2005-07-05 18:36:42 +00:00
Andy Polyakov
8d3509b937 CHANGES and TABLE sync with 0.9.8. 2005-07-05 11:48:38 +00:00
Dr. Stephen Henson
cbdac46d58 Update from stable branch. 2005-07-04 23:12:04 +00:00
Dr. Stephen Henson
5d6c4985d1 Typo. 2005-06-02 20:29:32 +00:00
Dr. Stephen Henson
b615ad90c8 Update CHANGES. 2005-06-02 20:11:16 +00:00
Geoff Thorpe
a2c32e2d7f Change the source and output paths for 'chil' and '4758cca' engines so that
dynamic loading is consistent with respect to engine ids.
2005-05-29 19:14:21 +00:00
Bodo Möller
0ebfcc8f92 make sure DSA signing exponentiations really are constant-time 2005-05-26 04:40:52 +00:00
Richard Levitte
28e4fe34e4 Version changes where needed. 2005-05-18 04:04:12 +00:00
Bodo Möller
91b17fbad4 Change wording for BN_mod_exp_mont_consttime() entry 2005-05-16 19:14:34 +00:00
Bodo Möller
46a643763d Implement fixed-window exponentiation to mitigate hyper-threading
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2005-05-16 01:43:31 +00:00
Dr. Stephen Henson
b6995add5c Make -CSP option work again in pkcs12 utility by checking for
attribute in EVP_PKEY structure.
2005-05-15 00:54:45 +00:00
Bodo Möller
c6c2e3135d Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled
with the SSL_OP_NO_SSLv2 option.
2005-05-11 18:25:49 +00:00