提交 · 82bf227e9170e144ca143af3d4b970c1500d0884 · btwise / openssl

29 11月, 2006 1 次提交
- B
  
  fix support for receiving fragmented handshake messages · 1e24b3a0
  由 Bodo Möller 提交于 11月 29, 2006
  
  1e24b3a0
28 9月, 2006 2 次提交

Fix buffer overflow in SSL_get_shared_ciphers() function. · 3ff55e96

由 Mark J. Cox 提交于 9月 28, 2006

(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

3ff55e96

Fixes for the following claims: · cbb92dfa

由 Richard Levitte 提交于 9月 28, 2006

  1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336

cbb92dfa

16 6月, 2006 1 次提交
- B
  Oops ... deleted too much in the previous commit when I deleted · 4dfc8f1f
  由 Bodo Möller 提交于 6月 15, 2006
```
the Fortezza stuff
```
  4dfc8f1f
15 6月, 2006 1 次提交
- B
  
  Ciphersuite string bugfixes, and ECC-related (re-)definitions. · 89bbe14c
  由 Bodo Möller 提交于 6月 14, 2006
  
  89bbe14c
30 3月, 2006 1 次提交
- B
  Implement Supported Elliptic Curves Extension. · 33273721
  由 Bodo Möller 提交于 3月 30, 2006
```
Submitted by: Douglas Stebila
```
  33273721
13 3月, 2006 1 次提交
- R
  
  Resolve signed vs. unsigned issues · 07ef6129
  由 Richard Levitte 提交于 3月 13, 2006
  
  07ef6129
12 3月, 2006 1 次提交
- B
  Implement the Supported Point Formats Extension for ECC ciphersuites · 36ca4ba6
  由 Bodo Möller 提交于 3月 11, 2006
```
Submitted by: Douglas Stebila
```
  36ca4ba6
11 3月, 2006 1 次提交
- N
  add initial support for RFC 4279 PSK SSL ciphersuites · ddac1974
  由 Nils Larsch 提交于 3月 10, 2006
```
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
```
  ddac1974
30 1月, 2006 1 次提交
- N
  add additional checks + cleanup · 8c5a2bd6
  由 Nils Larsch 提交于 1月 29, 2006
```
Submitted by: David Hartman <david_hartman@symantec.com>
```
  8c5a2bd6
13 1月, 2006 1 次提交
- B
  Further TLS extension improvements · 58ece833
  由 Bodo Möller 提交于 1月 13, 2006
```
Submitted by: Peter Sylvester
```
  58ece833
11 1月, 2006 1 次提交
- B
  More TLS extension related changes. · 241520e6
  由 Bodo Möller 提交于 1月 11, 2006
```
Submitted by: Peter Sylvester
```
  241520e6
10 1月, 2006 1 次提交
- B
  Further TLS extension updates · a13c20f6
  由 Bodo Möller 提交于 1月 09, 2006
```
Submitted by: Peter Sylvester
```
  a13c20f6
03 1月, 2006 2 次提交
- B
  Various changes in the new TLS extension code, including the following: · f1fd4544
  由 Bodo Möller 提交于 1月 03, 2006
```
 - fix indentation
 - rename some functions and macros
 - fix up confusion between SSL_ERROR_... and SSL_AD_... values
```
  f1fd4544
- B
  Support TLS extensions (specifically, HostName) · ed3883d2
  由 Bodo Möller 提交于 1月 02, 2006
```
Submitted by: Peter Sylvester
```
  ed3883d2
13 12月, 2005 1 次提交
- B
  update TLS-ECC code · d56349a2
  由 Bodo Möller 提交于 12月 13, 2005
```
Submitted by: Douglas Stebila
```
  d56349a2
06 12月, 2005 1 次提交
- D
  
  Avoid warnings on VC++ 2005. · 7bbcb2f6
  由 Dr. Stephen Henson 提交于 12月 05, 2005
  
  7bbcb2f6
08 10月, 2005 1 次提交
- D
  New option SSL_OP_NO_COMP to disable compression. New ctrls to set · 566dda07
  由 Dr. Stephen Henson 提交于 10月 08, 2005
```
maximum send fragment size. Allocate I/O buffers accordingly.
```
  566dda07
01 10月, 2005 1 次提交
- D
  
  Make OPENSSL_NO_COMP compile again. · 09b6c2ef
  由 Dr. Stephen Henson 提交于 9月 30, 2005
  
  09b6c2ef
15 8月, 2005 1 次提交
- N
  Let the TLSv1_method() etc. functions return a const SSL_METHOD · 4ebb342f
  由 Nils Larsch 提交于 8月 14, 2005
```
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
```
  4ebb342f
06 8月, 2005 1 次提交
- D
  Initialize SSL_METHOD structures at compile time. This removes the need · f3b656b2
  由 Dr. Stephen Henson 提交于 8月 05, 2005
```
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
```
  f3b656b2
16 7月, 2005 1 次提交

make · 3eeaab4b

由 Nils Larsch 提交于 7月 16, 2005

    	./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
    	make depend all test
work again

PR: 1159

3eeaab4b

16 5月, 2005 1 次提交

ecc api cleanup; summary: · 9dd84053

由 Nils Larsch 提交于 5月 16, 2005

- hide the EC_KEY structure definition in ec_lcl.c + add
  some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
  attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
  additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7

9dd84053

09 5月, 2005 1 次提交
- N
  give EC_GROUP_*_nid functions a more meaningful name · 7dc17a6c
  由 Nils Larsch 提交于 5月 08, 2005
```
	EC_GROUP_get_nid -> EC_GROUP_get_curve_name
	EC_GROUP_set_nid -> EC_GROUP_set_curve_name
```
  7dc17a6c
03 5月, 2005 1 次提交
- N
  
  backport fix from the stable branch · 9e5790ce
  由 Nils Larsch 提交于 5月 03, 2005
  
  9e5790ce
30 4月, 2005 1 次提交
- N
  
  check return value of RAND_pseudo_bytes; backport from the stable branch · 7c7667b8
  由 Nils Larsch 提交于 4月 29, 2005
  
  7c7667b8
28 4月, 2005 1 次提交

Lots of Win32 fixes for DTLS. · 6c61726b

由 Dr. Stephen Henson 提交于 4月 27, 2005

1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.

6c61726b

27 4月, 2005 3 次提交
- B
  Fix various incorrect error function codes. · aa4ce731
  由 Bodo Möller 提交于 4月 26, 2005
```
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
```
  aa4ce731
- B
  fix SSLerr stuff for DTLS1 code; · beb056b3
  由 Bodo Möller 提交于 4月 26, 2005
```
move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h";
fix silly indentation (a TAB is *not* always 4 spaces)
```
  beb056b3
- B
  
  Add DTLS support. · 36d16f8e
  由 Ben Laurie 提交于 4月 26, 2005
  
  36d16f8e
23 4月, 2005 1 次提交
- N
  
  change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible · 965a1cb9
  由 Nils Larsch 提交于 4月 23, 2005
  
  965a1cb9
10 4月, 2005 1 次提交
- D
  
  Make kerberos ciphersuite code work with newer header files · 0858b71b
  由 Dr. Stephen Henson 提交于 4月 09, 2005
  
  0858b71b
22 3月, 2005 1 次提交
- D
  Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and · 59b6836a
  由 Dr. Stephen Henson 提交于 3月 22, 2005
```
client random values.
```
  59b6836a
18 5月, 2004 1 次提交

Deprecate quite a few recursive includes from the ssl.h API header and · d095b68d

由 Geoff Thorpe 提交于 5月 17, 2004

remove some unnecessary includes from the internal header ssl_locl.h. This
then requires adding includes for bn.h in four C files.

d095b68d

20 4月, 2004 1 次提交
- G
  (oops) Apologies all, that last header-cleanup commit was from the wrong · 60a938c6
  由 Geoff Thorpe 提交于 4月 19, 2004
```
tree. This further reduces header interdependencies, and makes some
associated cleanups.
```
  60a938c6
16 3月, 2004 1 次提交

Constify d2i, s2i, c2i and r2i functions and other associated · 875a644a

由 Richard Levitte 提交于 3月 15, 2004

functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.

875a644a

28 12月, 2003 1 次提交

Avoid including cryptlib.h, it's not really needed. · 5fdf0666

由 Richard Levitte 提交于 12月 27, 2003

Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

5fdf0666

30 10月, 2003 1 次提交

A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. · 27545970

由 Geoff Thorpe 提交于 10月 29, 2003

I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.

27545970

28 9月, 2003 1 次提交
- R
  Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B. · e59659dc
  由 Richard Levitte 提交于 9月 27, 2003
```
PR: 680
```
  e59659dc
04 9月, 2003 1 次提交
- D
  Only accept a client certificate if the server requests · 14f3d7c5
  由 Dr. Stephen Henson 提交于 9月 03, 2003
```
one, as required by SSL/TLS specs.
```
  14f3d7c5