- 11 9月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
strength "FIPS" to represent all FIPS approved ciphersuites without NULL encryption.
-
- 26 10月, 2007 1 次提交
-
-
由 Dr. Stephen Henson 提交于
of handshake failure 2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH (required for s3_srvr to accept GOST client certificates). 3. Changes to EVP - adding of function EVP_PKEY_CTX_get0_peerkey - Make function EVP_PKEY_derive_set_peerkey work for context with ENCRYPT operation, because we use peerkey field in the context to pass non-ephemeral secret key to GOST encrypt operation. - added EVP_PKEY_CTRL_SET_IV control command. It is really GOST-specific, but it is used in SSL code, so it has to go in some header file, available during libssl compilation 4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data 5. Include des.h if KSSL_DEBUG is defined into some libssl files, to make debugging output which depends on constants defined there, work and other KSSL_DEBUG output fixes 6. Declaration of real GOST ciphersuites, two authentication methods SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST 7. Implementation of these methods. 8. Support for sending unsolicited serverhello extension if GOST ciphersuite is selected. It is require for interoperability with CryptoPro CSP 3.0 and 3.6 and controlled by SSL_OP_CRYPTOPRO_TLSEXT_BUG constant. This constant is added to SSL_OP_ALL, because it does nothing, if non-GOST ciphersuite is selected, and all implementation of GOST include compatibility with CryptoPro. 9. Support for CertificateVerify message without length field. It is another CryptoPro bug, but support is made unconditional, because it does no harm for draft-conforming implementation. 10. In tls1_mac extra copy of stream mac context is no more done. When I've written currently commited code I haven't read EVP_DigestSignFinal manual carefully enough and haven't noticed that it does an internal digest ctx copying. This implementation was tested against 1. CryptoPro CSP 3.6 client and server 2. Cryptopro CSP 3.0 server
-
- 07 9月, 2007 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix additional gcc 4.2 value not used warnings.
-
- 31 8月, 2007 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
-
- 05 6月, 2007 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 24 4月, 2007 1 次提交
-
-
由 Bodo Möller 提交于
PR: 1503 Submitted by: KISA Reviewed by: Bodo Moeller
-
- 24 3月, 2007 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: ran@cryptocom.ru Reviewed by: steve@openssl.org
-
- 21 2月, 2007 3 次提交
-
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
Change ssl_create_cipher_list() to prefer ephemeral ECDH over ephemeral DH.
-
- 20 2月, 2007 2 次提交
-
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
ciphersuite string such as "DEFAULT:RSA" cannot enable authentication-only ciphersuites. Also, change ssl_create_cipher_list() so that it no longer starts with an arbitrary ciphersuite ordering, but instead uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST. SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".
-
- 17 2月, 2007 1 次提交
-
-
由 Bodo Möller 提交于
This change resolves a number of problems and obviates multiple kludges. A new feature is that you can now say "AES256" or "AES128" (not just "AES", which enables both). In some cases the ciphersuite list generated from a given string is affected by this change. I hope this is just in those cases where the previous behaviour did not make sense.
-
- 04 1月, 2007 1 次提交
-
-
由 Nils Larsch 提交于
-
- 11 9月, 2006 1 次提交
-
-
由 Bodo Möller 提交于
ciphersuite as well
-
- 29 8月, 2006 1 次提交
-
-
由 Ben Laurie 提交于
Fix warnings.
-
- 16 6月, 2006 3 次提交
-
-
由 Bodo Möller 提交于
Also, change the default ciphersuite to give some prefererence to ciphersuites with forwared secrecy (rather than using a random order).
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
make sure 'mask' is initialized in ssl_cipher_get_disabled(). Also simplify code by removing some unused arguments in static functions.
-
- 15 6月, 2006 1 次提交
-
-
由 Bodo Möller 提交于
-
- 14 6月, 2006 1 次提交
-
-
由 Bodo Möller 提交于
-
- 09 6月, 2006 1 次提交
-
-
由 Bodo Möller 提交于
Submitted by: Masashi Fujita Reviewed by: Bodo Moeller
-
- 15 4月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
one suite.
-
- 11 3月, 2006 1 次提交
-
-
由 Nils Larsch 提交于
PR: 1191 Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation Reviewed by: Nils Larsch
-
- 01 10月, 2005 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 22 8月, 2005 1 次提交
-
-
由 Nils Larsch 提交于
-
- 11 6月, 2005 1 次提交
-
-
由 Nils Larsch 提交于
error if the cipher list is empty - fix last commit in ssl_create_cipher_list - clean up ssl_create_cipher_list
-
- 09 6月, 2005 2 次提交
-
-
由 Nils Larsch 提交于
-
由 Nils Larsch 提交于
collected (see SSL_CTX_set_cipher_list manpage). Fix handling of "cipher1+cipher2" expressions in ssl_cipher_process_rulestr. PR: 836 + 1005
-
- 30 3月, 2005 1 次提交
-
-
由 Ben Laurie 提交于
-
- 21 3月, 2005 1 次提交
-
-
由 Nils Larsch 提交于
-
- 25 10月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 28 12月, 2003 1 次提交
-
-
由 Richard Levitte 提交于
Check if IDEA is being built or not. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
-
- 29 11月, 2003 1 次提交
-
-
由 Richard Levitte 提交于
Therefore, change all instances of the symbol 'list' to something else. PR: 758 Submitted by: Frédéric Giudicelli <groups@newpki.org>
-
- 04 11月, 2003 1 次提交
-
-
由 Geoff Thorpe 提交于
Submitted by: Nils Larsch
-
- 06 10月, 2003 2 次提交
-
-
由 Richard Levitte 提交于
-
由 Richard Levitte 提交于
compression identity is already present among the registered compression methods, and if so, reject the addition request. Declare SSL_COMP_get_compression_method() so it can be used properly. Change ssltest.c so it checks what compression methods are available and enumerates them. As a side-effect, built-in compression methods will be automagically loaded that way. Additionally, change the identities for ZLIB and RLE to be conformant to draft-ietf-tls-compression-05.txt. Finally, make update. Next on my list: have the built-in compression methods added "automatically" instead of requiring that the author call SSL_COMP_add_compression_method() or SSL_COMP_get_compression_methods().
-
- 02 10月, 2003 1 次提交
-
-
由 Richard Levitte 提交于
-
- 08 4月, 2003 1 次提交
-
-
由 Lutz Jänicke 提交于
the cipher name in the list is not guaranteed to be at least "buflen" long. PR: 567 Submitted by: "Matt Harren" <matth@cs.berkeley.edu>
-
- 16 12月, 2002 1 次提交
-
-
由 Richard Levitte 提交于
PR: 373
-