checking added, SHA256 PRF support added.

At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.

Submitted by: Tomas Mraz <tmraz@redhat.com>

Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.

Also can now use SSL2 compatible client hello because RFC5746 supports it.

Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.

 - fix indentation
 - rename some functions and macros
 - fix up confusion between SSL_ERROR_... and SSL_AD_... values

Submitted by: Peter Sylvester

(This were in 0.9.7-stable and 0.9.8-stable, but not in HEAD so far.)

pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.

for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.

Submitted by: "Patrick McCormick" <patrick@tellme.com>

PR: 262
PR: 291

PR: 262

des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:

(the bug was introduced with message callback support)

Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).

never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.

New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.

SSL 2.0 client hellos added with the previous commit was totally wrong --
it must start with the message type, not the protocol version.
(Not that this particular header is actually used anywhere ...)

'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.

(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)

It did not work, it was deactivated by #if 0/#endif anyway _and_ we now have
the working SSL_OP_CIPHER_SERVER_PREFERENCE.

missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.

test was never triggered due to an off-by-one error.

In s23_clnt.c, don't use special rollback-attack detection padding
(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
client; similarly, in s23_srvr.c, don't do the rollback check if
SSL 2.0 is the only protocol enabled in the server.

like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.

the old functionality.

Various warning fixes.

Initial EVP symmetric cipher docs.

NO_SSL2 is defined, not SSL_R_UNKNOWN_PROTOCOL.

as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.

Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller

returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.