Remove SSLv2 support The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte <levitte@openssl.org>
Check EVP_Cipher return values for SSL2 Reviewed-by: Richard Levitte <levitte@openssl.org>
Add and use a constant-time memcmp. This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. (cherry picked from commit 2ee798880a246d648ecddadc5b91367bee4a5d98)
Use new common flags and fix resulting warnings.
Put back a variable deleted by the previous revision, but used in the code.
Hopefully resolve signed vs unsigned issue.
Fix warnings properly this time ;-)
Fix sign-compare warnings.
If we're going to return errors (no matter how stupid), then we should test for them!
Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.
Avoid including cryptlib.h, it's not really needed. Check if IDEA is being built or not. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Security fixes brought forward from 0.9.7.
Implement msg_callback for SSL 2.0. Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't reveal whether illegal block cipher padding was found or a MAC verification error occured. In ssl/s2_pkt.c, verify that the purported number of padding bytes is in the legal range.
Consistently use 'void *' for SSL read, peek and write functions.
Use new-style system-id macros everywhere possible. I hope I haven't missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.
Finish SSL_peek/SSL_pending fixes.
Fix SSL_peek and SSL_pending.
Import s2_pkt.c wbuf fixes from OpenSSL_0_9_6-stable branch.
First step towards SSL_peek fix.