aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add loaded dynamic ENGINEs to list.Dr. Stephen Henson2014-01-281-0/+1
| | | | | | Always add a dynamically loaded ENGINE to list. Otherwise it can cause problems when multiply loaded, especially if it adds new public key methods. For all current engines we only want a single implementation anyway.
* New function to set compression methods so they can be safely freed.Dr. Stephen Henson2014-01-272-0/+6
|
* Compare encodings in X509_cmp as well as hash.Dr. Stephen Henson2014-01-261-1/+14
|
* Add cert callback retry test.Dr. Stephen Henson2014-01-262-0/+19
|
* Certificate callback doc.Dr. Stephen Henson2014-01-261-0/+68
|
* Support retries in certificate callbackDr. Stephen Henson2014-01-263-14/+36
|
* Add new function SSL_CTX_get_ssl_method().Dr. Stephen Henson2014-01-162-0/+6
| | | | Partial fix for PR#3183.
* Omit initial status request callback check.Kaspar Brand2014-01-161-2/+1
| | | | PR#3178
* typoDr. Stephen Henson2014-01-121-1/+1
|
* Use rdrand as additional entropy source.Dr. Stephen Henson2014-01-113-0/+81
| | | | | If available rdrand is used as an additional entropy source for the PRNG and for additional input in FIPS mode.
* typoJeff Trawick2014-01-101-1/+1
|
* typoJeff Trawick2014-01-101-1/+1
|
* Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling.Dr. Stephen Henson2014-01-091-3/+2
|
* update remaining documentation to move from EDH to DHEDaniel Kahn Gillmor2014-01-094-26/+26
| | | | | change documentation and comments to indicate that we prefer the standard "DHE" naming scheme everywhere over the older "EDH"
* Replace EDH-RSA-DES-CBC-SHA, etc. with DHE-RSA-DES-CBC-SHADaniel Kahn Gillmor2014-01-093-6/+32
| | | | | | | | | Replace the full ciphersuites with "EDH-" in their labels with "DHE-" so that all DHE ciphersuites are referred to in the same way. Leave backward-compatible aliases for the ciphersuites in question so that configurations which specify these explicitly will continue working.
* change SSL3_CK_EDH_* to SSL_CK_DHE_* (with backward-compatibility)Daniel Kahn Gillmor2014-01-092-12/+18
| | | | | | This change normalizes the SSL_CK_DHE_ #defines to use the common term "DHE", while permitting older code that uses the more uncommon "EDH" constants to compile properly.
* documentation should use "DHE" instead of "EDH"Daniel Kahn Gillmor2014-01-093-3/+3
|
* use SSL_kDHE throughout instead of SSL_kEDHDaniel Kahn Gillmor2014-01-0910-75/+76
| | | | | | | | | | | DHE is the standard term used by the RFCs and by other TLS implementations. It's useful to have the internal variables use the standard terminology. This patch leaves a synonym SSL_kEDH in place, though, so that older code can still be built against it, since that has been the traditional API. SSL_kEDH should probably be deprecated at some point, though.
* emit "DHE" instead of "edh" for kX packet trace outputDaniel Kahn Gillmor2014-01-091-1/+1
| | | | | | other parts of packet tracing emit the standard "DHE" label instead of "edh". This change brings the output of ssl_print_client_keyex() and ssl_print_server_keyex() into accordance with the standard term.
* Allow "DHE" and "kDHE" as synonyms of "EDH" and "kEDH" when specifiying ciphersDaniel Kahn Gillmor2014-01-092-2/+6
| | | | | | | | | | The standard terminology in https://tools.ietf.org/html/rfc5426 is "DHE". "openssl ciphers" outputs "DHE" (for the most part). But users of the library currently cannot specify "DHE", they must currently specify "EDH". This change allows users to specify the common term in cipher suite strings without breaking backward compatibility.
* use SSL_kECDHE throughout instead of SSL_kEECDHDaniel Kahn Gillmor2014-01-099-58/+59
| | | | | | | | | | | ECDHE is the standard term used by the RFCs and by other TLS implementations. It's useful to have the internal variables use the standard terminology. This patch leaves a synonym SSL_kEECDH in place, though, so that older code can still be built against it, since that has been the traditional API. SSL_kEECDH should probably be deprecated at some point, though.
* emit "ECDHE" instead of "EECDH" for kX packet trace outputDaniel Kahn Gillmor2014-01-091-1/+1
| | | | | | other parts of packet tracing emit the standard "ECDHE" label instead of "EECDH". This change brings the output of ssl_print_client_keyex() and ssl_print_server_keyex() into accordance with the standard term.
* Allow "ECDHE" as a synonym of "EECDH" when specifiying ciphersDaniel Kahn Gillmor2014-01-092-2/+6
| | | | | | | | | The standard terminology in https://tools.ietf.org/html/rfc4492 is ECDHE. "openssl ciphers" outputs ECDHE. But users of the library currently cannot specify ECDHE, they must specify EECDH. This change allows users to specify the common term in cipher suite strings without breaking backward compatibility.
* bn/asm/x86_64-mont5.pl: fix compilation error on Solaris.Andy Polyakov2014-01-091-1/+1
|
* update FAQDr. Stephen Henson2014-01-081-0/+3
|
* PPC assembly pack: relax 64-bit requirement for little-endian support.Andy Polyakov2014-01-073-55/+65
|
* aes/asm/vpaes-ppc.pl: add little-endian support.Andy Polyakov2014-01-073-132/+162
|
* update NEWSDr. Stephen Henson2014-01-071-0/+11
|
* Add fix for CVE-2013-4353Dr. Stephen Henson2014-01-071-1/+5
| | | | (cherry picked from commit 6b42ed4e7104898f4b5b69337589719913b36404)
* Sync NEWS.Dr. Stephen Henson2014-01-061-0/+11
|
* sha/asm/sha256-armv4.pl: add NEON code path.Andy Polyakov2014-01-041-17/+318
| | | | (and shave off cycle even from integer-only code)
* aesni-sha1-x86_64.pl: refine Atom-specific optimization.Andy Polyakov2014-01-042-21/+33
| | | | (and update performance data, and fix typo)
* Add ServerInfoFile to SSL_CONF, update docs.Dr. Stephen Henson2014-01-032-0/+19
|
* Use algorithm specific chains for certificates.Dr. Stephen Henson2014-01-033-21/+17
| | | | | | | Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm specific chains instead of the shared chain. Update docs.
* ssl/t1_enc.c: optimize PRF (suggested by Intel).Andy Polyakov2014-01-031-9/+8
|
* aesni-sha1-x86_64.pl: add stiched decrypt procedure,Andy Polyakov2014-01-033-79/+656
| | | | | but keep it disabled, too little gain... Add some Atom-specific optimization.
* Don't change version number if session establishedDr. Stephen Henson2014-01-022-5/+6
| | | | | | | | | | When sending an invalid version number alert don't change the version number to the client version if a session is already established. Thanks to Marek Majkowski for additional analysis of this issue. PR#3191
* Update curve list size.Dr. Stephen Henson2013-12-291-1/+1
| | | | (cherry picked from commit cfa86987a8d9d2b8cc5e5fea2d3260c46542cdb9)
* sparcv9cap.c: omit random detection.Andy Polyakov2013-12-281-0/+2
| | | | PR: 3202
* FAQ: why SIGILL?Andy Polyakov2013-12-281-0/+16
|
* ARM assembly pack: make it work with older toolchain.Andy Polyakov2013-12-282-3/+4
|
* Canonicalise input in CMS_verify.Dr. Stephen Henson2013-12-221-21/+73
| | | | | | If content is detached and not binary mode translate the input to CRLF format. Before this change the input was verified verbatim which lead to a discrepancy between sign and verify.
* Fix DTLS retransmission from previous session.Dr. Stephen Henson2013-12-203-6/+22
| | | | | | | For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. CVE-2013-6450. (cherry picked from commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b)
* Ignore NULL parameter in EVP_MD_CTX_destroy.Dr. Stephen Henson2013-12-201-2/+5
| | | | (cherry picked from commit a6c62f0c25a756c263a80ce52afbae888028e986)
* sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes.Andy Polyakov2013-12-181-57/+77
| | | | (and ensure stack alignment in the process)
* evp/e_[aes|camellia].c: fix typo in CBC subroutine.Andy Polyakov2013-12-182-2/+2
| | | | It worked because it was never called.
* PPC assembly pack update addendum.Andy Polyakov2013-12-181-1/+1
|
* sha512.c: fullfull implicit API contract in SHA512_Transform.Andy Polyakov2013-12-181-1/+8
| | | | | | | SHA512_Transform was initially added rather as tribute to tradition than for practucal reasons. But use was recently found in ssl/s3_cbc.c and it turned to be problematic on platforms that don't tolerate misasligned references to memory and lack assembly subroutine.
* PPC assembly pack: improve AIX support (enable vpaes-ppc).Andy Polyakov2013-12-183-9/+9
|
* Check EVP errors for handshake digests.Dr. Stephen Henson2013-12-183-6/+15
| | | | | Partial mitigation of PR#3200 (cherry picked from commit 0294b2be5f4c11e60620c0018674ff0e17b14238)
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-19 00:11:20 +0000