summaryrefslogtreecommitdiffstats
path: root/ssl/s3_lib.c
AgeCommit message (Collapse)Author
2011-10-19Oops: this change (http://cvs.openssl.org/chngview?cn=21503)Bodo Möller
wasn't right for 0.9.8-stable (it's actually a fix for http://cvs.openssl.org/chngview?cn=14494, which introduced SSL_CTRL_SET_MAX_SEND_FRAGMENT).
2011-10-13In ssl3_clear, preserve s3->init_extra along with s3->rbuf.Bodo Möller
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-09-05(EC)DH memory handling fixes.Bodo Möller
Submitted by: Adam Langley
2009-04-07Submitted by: Darryl Miles <darryl-mailinglists@netbauds.net>Dr. Stephen Henson
Approved by: steve@openssl.org Handle non-blocking I/O properly in SSL_shutdown() call.
2008-06-16Make ssl code consistent with FIPS branch. The new code has no effectDr. Stephen Henson
at present because it asserts either noop flags or is inside OPENSSL_FIPS #ifdef's.
2008-04-30TLS ticket key setting callback: this allows and application to setDr. Stephen Henson
its own TLS ticket keys.
2007-10-12Backport certificate status request TLS extension support to 0.9.8.Dr. Stephen Henson
2007-09-21More changes from HEAD:Bodo Möller
- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME now that ssl23_client_hello takes care of that - fix buffer overrun checks in ssl_add_serverhello_tlsext()
2007-09-21Fixes from HEAD.Dr. Stephen Henson
2007-08-28Update from HEAD.Dr. Stephen Henson
2007-08-12Backport of TLS extension code to OpenSSL 0.9.8.Dr. Stephen Henson
Include server name and RFC4507bis support. This is not compiled in by default and must be explicitly enabled with the Configure option enable-tlsext
2007-04-23Add SEED encryption algorithm.Bodo Möller
PR: 1503 Submitted by: KISA Reviewed by: Bodo Moeller
2007-02-19fix incorrect strength bit values for certain Kerberos ciphersuitesBodo Möller
Submitted by: Victor Duchovni
2007-01-21Update from HEAD.Dr. Stephen Henson
2006-06-22Put ECCdraft ciphersuites back into default build (but disabledBodo Möller
unless specifically requested)
2006-06-20Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)Bodo Möller
2006-06-14Disable invalid ciphersuitesBodo Möller
2006-06-09Camellia cipher, contributed by NTTBodo Möller
Submitted by: Masashi Fujita Reviewed by: Bodo Moeller
2006-01-15fix cipher list orderNils Larsch
2005-12-13update TLS-ECC codeBodo Möller
Submitted by: Douglas Stebila
2005-09-21Fix from HEAD.Dr. Stephen Henson
2005-08-27Fix warnings.Ben Laurie
2005-08-25Keep cipher lists sorted in the source instead of sorting them atNils Larsch
runtime, thus removing the need for a lock. Add a test to ssltest to verify that the cipher lists are sorted.
2005-08-08a ssl object needs it's own instance of a ecdh key; remove obsolete commentNils Larsch
2005-08-05Initialize SSL_METHOD structures at compile time. This removes the needDr. Stephen Henson
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-07-16makeNils Larsch
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa] make all test work again (+ make update) PR: 1159
2005-05-30pqueue and dtls uses 64-bit values. Unfortunately, OpenSSL doesn'tRichard Levitte
have a uniform representation for those over all architectures, so a little bit of hackery is needed. Contributed by nagendra modadugu <nagendra@cs.stanford.edu>
2005-04-26Fix various incorrect error function codes.Bodo Möller
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26Add DTLS support.Ben Laurie
2005-03-31Give everything prototypes (well, everything that's actually used).Ben Laurie
2005-03-30Constification.Ben Laurie
2004-04-19(oops) Apologies all, that last header-cleanup commit was from the wrongGeoff Thorpe
tree. This further reduces header interdependencies, and makes some associated cleanups.
2003-12-27Avoid including cryptlib.h, it's not really needed.Richard Levitte
Check if IDEA is being built or not. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-10-29A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.Geoff Thorpe
I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate.
2002-11-28Cleanse memory using the new OPENSSL_cleanse() function.Richard Levitte
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-10-29Sun has agreed to removing the covenant language from most files.Bodo Möller
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
2002-10-15Typos.Richard Levitte
PR: 189
2002-10-10RFC 2712 redefines the codes for use of Kerberos 5 in SSL/TLS.Richard Levitte
PR: 189
2002-09-25really fix race conditionsBodo Möller
Submitted by: "Patrick McCormick" <patrick@tellme.com> PR: 262 PR: 291
2002-08-09ECC ciphersuite supportBodo Möller
Submitted by: Douglas Stebila <douglas.stebila@sun.com> (Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
2002-07-10Ciphers with NULL encryption were not properly handled because they wereLutz Jänicke
not covered by the strength bit mask. Submitted by: Reviewed by: PR: 130
2002-04-13Implement known-IV countermeasure.Bodo Möller
Fix length checks in ssl3_get_client_hello(). Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-03-15fix ssl3_pendingBodo Möller
2002-03-14Add missing strength entries.Lutz Jänicke
2001-10-20New functions SSL[_CTX]_set_msg_callback().Bodo Möller
New macros SSL[_CTX]_set_msg_callback_arg(). Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet). New '-msg' option for 'openssl s_client' and 'openssl s_server' that enable a message callback that displays all protocol messages. In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if client_version is smaller than the protocol version in use. Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the client will at least see that alert. Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic pointer). Add/update some OpenSSL copyright notices.
2001-08-28Fix SSL memory leak.Ben Laurie
2001-07-30Really add the EVP and all of the DES changes.Ben Laurie
2001-07-11Include kssl_lcl.h where needed.Richard Levitte
2001-07-11Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu>Richard Levitte
His comments are: . adds use of replay cache to protect against replay attacks . adds functions kssl_tgt_is_available() and kssl_keytab_is_available() which are used within s3_lib.c and ssl_lib.c to determine at runtime whether or not KRB5 ciphers can be supported during the current session.
2001-06-19Change all calls to low level digest routines in the library andDr. Stephen Henson
applications to use EVP. Add missing calls to HMAC_cleanup() and don't assume HMAC_CTX can be copied using memcpy(). Note: this is almost identical to the patch submitted to openssl-dev by Verdon Walker <VWalker@novell.com> except some redundant EVP_add_digest_()/EVP_cleanup() calls were removed and some changes made to avoid compiler warnings.
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-03 04:18:53 +0000