openssl.git
9 years agooops, typo
Dr. Stephen Henson [Thu, 20 May 2010 17:35:37 +0000 (17:35 +0000)]
oops, typo

9 years agoUpdate cms-test.pl to handle some Unix like Windows environments where
Dr. Stephen Henson [Thu, 20 May 2010 17:28:51 +0000 (17:28 +0000)]
Update cms-test.pl to handle some Unix like Windows environments where
calling shlib_wrap.sh doesn't work.

9 years agoPR: 2259
Dr. Stephen Henson [Mon, 17 May 2010 11:26:56 +0000 (11:26 +0000)]
PR: 2259
Submitted By: Artem Chuprina <ran@cryptocom.ru>

Check return values of HMAC in tls_P_hash and tls1_generate_key_block.

Although the previous version could in theory crash that would only happen if a
digest call failed. The standard software methods can never fail and only one
ENGINE currently uses digests and it is not compiled in by default.

9 years agoPR: 2253
Dr. Stephen Henson [Sat, 15 May 2010 00:36:12 +0000 (00:36 +0000)]
PR: 2253
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Check callback return value when outputting errors.

9 years agoPR: 2255
Dr. Stephen Henson [Sat, 15 May 2010 00:19:57 +0000 (00:19 +0000)]
PR: 2255
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Place RSA dependent variable under #ifndef OPENSSL_NO_RSA

9 years agoPR: 2252
Dr. Stephen Henson [Mon, 3 May 2010 15:29:51 +0000 (15:29 +0000)]
PR: 2252
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Update docs to BIO_f_buffer()

9 years agoPR: 2230
Dr. Stephen Henson [Mon, 3 May 2010 13:01:50 +0000 (13:01 +0000)]
PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix bug in bitmask macros and stop warnings.

9 years agoPR: 2244
Dr. Stephen Henson [Mon, 3 May 2010 12:50:52 +0000 (12:50 +0000)]
PR: 2244
Submitted By: "PMHager" <hager@dortmund.net>

Initialise pkey callback to 0.

9 years agobss_file.c: reserve for option to encode file name in UTF-8 on Windows
Andy Polyakov [Wed, 28 Apr 2010 20:04:37 +0000 (20:04 +0000)]
bss_file.c: reserve for option to encode file name in UTF-8 on Windows
[from HEAD].

9 years agomd5-ia64.S: fix assembler warning [from HEAD].
Andy Polyakov [Tue, 20 Apr 2010 20:41:23 +0000 (20:41 +0000)]
md5-ia64.S: fix assembler warning [from HEAD].

9 years agoPR: 2241
Dr. Stephen Henson [Tue, 20 Apr 2010 12:53:05 +0000 (12:53 +0000)]
PR: 2241
Submitted By: Artemy Lebedev <vagran.ast@gmail.com>

Typo.

9 years agooops, commit Configure part of PR#2234
Dr. Stephen Henson [Thu, 15 Apr 2010 13:17:05 +0000 (13:17 +0000)]
oops, commit Configure part of PR#2234

9 years agoPR: 2234
Dr. Stephen Henson [Wed, 14 Apr 2010 23:07:28 +0000 (23:07 +0000)]
PR: 2234
Submitted By: Matthias Andree <matthias.andree@gmx.de>

Use correct path to openssl utility in c_rehash script.

9 years agoPR: 2235
Dr. Stephen Henson [Wed, 14 Apr 2010 23:04:19 +0000 (23:04 +0000)]
PR: 2235
Submitted By: Bruce Stephens <bruce.stephens@isode.com>

Make ts/Makefile consistent with other Makefiles.

9 years agox86_64cpuid.pl: ml64 is allergic to db on label line [from HEAD].
Andy Polyakov [Wed, 14 Apr 2010 19:25:09 +0000 (19:25 +0000)]
x86_64cpuid.pl: ml64 is allergic to db on label line [from HEAD].

9 years agoupdate FAQ
Dr. Stephen Henson [Wed, 14 Apr 2010 13:20:53 +0000 (13:20 +0000)]
update FAQ

9 years ago[co]cf128.c: fix "n=0" bug [from HEAD].
Andy Polyakov [Wed, 14 Apr 2010 07:47:53 +0000 (07:47 +0000)]
[co]cf128.c: fix "n=0" bug [from HEAD].

9 years agofix signed/unsigned comparison warnings
Dr. Stephen Henson [Wed, 14 Apr 2010 00:41:01 +0000 (00:41 +0000)]
fix signed/unsigned comparison warnings

9 years agofix bug in ccgost CFB mode code
Dr. Stephen Henson [Wed, 14 Apr 2010 00:33:22 +0000 (00:33 +0000)]
fix bug in ccgost CFB mode code

9 years agocheck ASN1 type before using it
Dr. Stephen Henson [Wed, 14 Apr 2010 00:30:12 +0000 (00:30 +0000)]
check ASN1 type before using it

9 years agoPR: 2230
Dr. Stephen Henson [Wed, 14 Apr 2010 00:17:29 +0000 (00:17 +0000)]
PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix various DTLS fragment reassembly bugs.

9 years agoPR: 2229
Dr. Stephen Henson [Wed, 14 Apr 2010 00:09:55 +0000 (00:09 +0000)]
PR: 2229
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Don't drop DTLS connection if mac or decryption failed.

9 years agoPR: 2228
Dr. Stephen Henson [Wed, 14 Apr 2010 00:03:13 +0000 (00:03 +0000)]
PR: 2228
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS buffer record MAC failure bug.

9 years agomake update
Dr. Stephen Henson [Tue, 13 Apr 2010 17:08:50 +0000 (17:08 +0000)]
make update

9 years agoNo need to look for the file if none was entered.
Richard Levitte [Tue, 13 Apr 2010 14:39:58 +0000 (14:39 +0000)]
No need to look for the file if none was entered.

9 years agoA few more things that aren't built on VAX
Richard Levitte [Tue, 13 Apr 2010 14:39:08 +0000 (14:39 +0000)]
A few more things that aren't built on VAX

9 years agoSince test modules aren't copied to the test/ directory any more on
Richard Levitte [Tue, 13 Apr 2010 14:38:39 +0000 (14:38 +0000)]
Since test modules aren't copied to the test/ directory any more on
VMS, we need to rework this script with knowledge of where they are.

9 years agoRework the way engines are built
Richard Levitte [Tue, 13 Apr 2010 14:37:43 +0000 (14:37 +0000)]
Rework the way engines are built

9 years agoToo long symbols
Richard Levitte [Tue, 13 Apr 2010 14:36:58 +0000 (14:36 +0000)]
Too long symbols

9 years agoSpelling
Richard Levitte [Tue, 13 Apr 2010 14:34:48 +0000 (14:34 +0000)]
Spelling

9 years agoRework the configuration of avoided algorithms.
Richard Levitte [Tue, 13 Apr 2010 14:33:04 +0000 (14:33 +0000)]
Rework the configuration of avoided algorithms.
Avoid copying test modules.

9 years agoUndo the previous change, it was incorrect in this branch.
Richard Levitte [Tue, 13 Apr 2010 11:10:07 +0000 (11:10 +0000)]
Undo the previous change, it was incorrect in this branch.

9 years agoThird argument to dtls1_buffer_record is by reference
Richard Levitte [Tue, 13 Apr 2010 08:41:58 +0000 (08:41 +0000)]
Third argument to dtls1_buffer_record is by reference

9 years agoaes-ppc.pl: 10% performance improvement on Power6 [from HEAD].
Andy Polyakov [Sat, 10 Apr 2010 14:54:34 +0000 (14:54 +0000)]
aes-ppc.pl: 10% performance improvement on Power6 [from HEAD].

9 years agocryptlib.c: allow application to override OPENSSL_isservice [from HEAD].
Andy Polyakov [Sat, 10 Apr 2010 14:13:12 +0000 (14:13 +0000)]
cryptlib.c: allow application to override OPENSSL_isservice [from HEAD].

9 years agoctr129.c: fix typo, simplify ctr128_inc and fix "n=0" bug [from HEAD].
Andy Polyakov [Sat, 10 Apr 2010 13:47:11 +0000 (13:47 +0000)]
ctr129.c: fix typo, simplify ctr128_inc and fix "n=0" bug [from HEAD].

9 years agodarwin-ppc-cc: add -Wa,-force_cpusubtype_ALL to produce binaries not
Andy Polyakov [Sat, 10 Apr 2010 13:41:58 +0000 (13:41 +0000)]
darwin-ppc-cc: add -Wa,-force_cpusubtype_ALL to produce binaries not
specific to G5. This was already added to HEAD earlier.
PR: 2231

9 years agosparccpuid.S: some assembler is allergic to apostrophes in comments [from HEAD].
Andy Polyakov [Sat, 10 Apr 2010 13:37:06 +0000 (13:37 +0000)]
sparccpuid.S: some assembler is allergic to apostrophes in comments [from HEAD].

9 years agoalpha-mont.pl: comply with stack alignment requirement [from HEAD].
Andy Polyakov [Sat, 10 Apr 2010 13:33:46 +0000 (13:33 +0000)]
alpha-mont.pl: comply with stack alignment requirement [from HEAD].

9 years agomake GOST MAC work again
Dr. Stephen Henson [Thu, 8 Apr 2010 10:54:54 +0000 (10:54 +0000)]
make GOST MAC work again

9 years agoAdd SHA2 algorithms to SSL_library_init(). Although these aren't used
Dr. Stephen Henson [Wed, 7 Apr 2010 13:18:30 +0000 (13:18 +0000)]
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.

9 years agoRemove obsolete PRNG note. Add comment about use of SHA256 et al.
Dr. Stephen Henson [Tue, 6 Apr 2010 15:05:47 +0000 (15:05 +0000)]
Remove obsolete PRNG note. Add comment about use of SHA256 et al.

9 years agoPR: 2209
Dr. Stephen Henson [Tue, 6 Apr 2010 14:45:31 +0000 (14:45 +0000)]
PR: 2209
Submitted Daniel Mentz <danielml@sent.com>

Documentation typo.

9 years agoPR: 2218
Dr. Stephen Henson [Tue, 6 Apr 2010 12:44:55 +0000 (12:44 +0000)]
PR: 2218
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS replay bug.

9 years agoPR: 2219
Dr. Stephen Henson [Tue, 6 Apr 2010 12:40:10 +0000 (12:40 +0000)]
PR: 2219
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS buffering bug.

9 years agoPR: 2223
Dr. Stephen Henson [Tue, 6 Apr 2010 12:29:21 +0000 (12:29 +0000)]
PR: 2223
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS timeout bug

9 years agoPR: 2220
Dr. Stephen Henson [Tue, 6 Apr 2010 11:18:32 +0000 (11:18 +0000)]
PR: 2220

Fixes to make OpenSSL compile with no-rc4

9 years agoupdates for next release
Dr. Stephen Henson [Tue, 30 Mar 2010 00:55:00 +0000 (00:55 +0000)]
updates for next release

9 years agoPrepare for 1.0.0 release - finally ;-) OpenSSL_1_0_0
Dr. Stephen Henson [Mon, 29 Mar 2010 13:11:54 +0000 (13:11 +0000)]
Prepare for 1.0.0 release - finally ;-)

9 years agoARMv4 assembler: [unconfirmed] fix for compilation failure [from HEAD].
Andy Polyakov [Mon, 29 Mar 2010 09:59:58 +0000 (09:59 +0000)]
ARMv4 assembler: [unconfirmed] fix for compilation failure [from HEAD].

9 years agodso_dlfcn.c: fix compile failure on Tru64 [from HEAD].
Andy Polyakov [Mon, 29 Mar 2010 09:50:33 +0000 (09:50 +0000)]
dso_dlfcn.c: fix compile failure on Tru64 [from HEAD].

9 years agoPR: 1696
Dr. Stephen Henson [Sun, 28 Mar 2010 00:42:29 +0000 (00:42 +0000)]
PR: 1696

Check return value if d2i_PBEPARAM().

9 years agoPR: 1763
Dr. Stephen Henson [Sat, 27 Mar 2010 23:28:23 +0000 (23:28 +0000)]
PR: 1763

Remove useless num = 0 assignment.

Remove redundant cases on sock_ctrl(): default case handles them.

9 years agoPR: 1904
Dr. Stephen Henson [Sat, 27 Mar 2010 19:27:51 +0000 (19:27 +0000)]
PR: 1904
Submitted by: David Woodhouse <dwmw2@infradead.org>

Pass passphrase minimum length down to UI.

9 years agoPR: 1813
Dr. Stephen Henson [Sat, 27 Mar 2010 18:28:13 +0000 (18:28 +0000)]
PR: 1813
Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com>

Fix memory leak when engine name cannot be loaded.

9 years agoupdate FAQ
Dr. Stephen Henson [Thu, 25 Mar 2010 12:07:45 +0000 (12:07 +0000)]
update FAQ

9 years agoFix for "Record of death" vulnerability CVE-2010-0740.
Bodo Möller [Thu, 25 Mar 2010 11:22:42 +0000 (11:22 +0000)]
Fix for "Record of death" vulnerability CVE-2010-0740.

Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010).

9 years agoinitialise buf if wrong_info not used
Dr. Stephen Henson [Wed, 24 Mar 2010 23:42:20 +0000 (23:42 +0000)]
initialise buf if wrong_info not used

9 years agoPR: 1731 and maybe 2197
Dr. Stephen Henson [Wed, 24 Mar 2010 23:16:49 +0000 (23:16 +0000)]
PR: 1731 and maybe 2197

Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.

9 years agorand_win.c: fix logical bug in readscreen [from HEAD].
Andy Polyakov [Mon, 22 Mar 2010 22:44:35 +0000 (22:44 +0000)]
rand_win.c: fix logical bug in readscreen [from HEAD].

9 years agobss_file.c: fix MSC 6.0 warning [from HEAD].
Andy Polyakov [Mon, 22 Mar 2010 22:39:46 +0000 (22:39 +0000)]
bss_file.c: fix MSC 6.0 warning [from HEAD].

9 years agoe_capi.c: fix typo.
Andy Polyakov [Mon, 15 Mar 2010 22:29:20 +0000 (22:29 +0000)]
e_capi.c: fix typo.

9 years agoFix UPLINK typo [from HEAD].
Andy Polyakov [Mon, 15 Mar 2010 22:26:33 +0000 (22:26 +0000)]
Fix UPLINK typo [from HEAD].

9 years agoworkaround for missing definition in some headers
Dr. Stephen Henson [Mon, 15 Mar 2010 13:09:39 +0000 (13:09 +0000)]
workaround for missing definition in some headers

9 years agoPR: 2192
Dr. Stephen Henson [Fri, 12 Mar 2010 12:48:46 +0000 (12:48 +0000)]
PR: 2192
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

The prompt_info and wrong_info parameters can be empty strings which
can produce confusing prompts. Treat empty string same as NULL.

9 years agomissing goto meant signature was never printed out
Dr. Stephen Henson [Fri, 12 Mar 2010 12:07:05 +0000 (12:07 +0000)]
missing goto meant signature was never printed out

9 years agodon't leave bogus errors in the queue
Dr. Stephen Henson [Wed, 10 Mar 2010 13:48:21 +0000 (13:48 +0000)]
don't leave bogus errors in the queue

9 years agomake update
Dr. Stephen Henson [Tue, 9 Mar 2010 17:23:51 +0000 (17:23 +0000)]
make update

9 years agoPR: 2188
Dr. Stephen Henson [Tue, 9 Mar 2010 17:18:17 +0000 (17:18 +0000)]
PR: 2188
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

Add "missing" functions to get and set prompt constructor.

9 years agoPR: 2186
Dr. Stephen Henson [Tue, 9 Mar 2010 17:08:39 +0000 (17:08 +0000)]
PR: 2186
Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch@tecsys.com>

Detect aix64-gcc

9 years agoreserve a few more bits for future cipher modes
Dr. Stephen Henson [Mon, 8 Mar 2010 23:47:57 +0000 (23:47 +0000)]
reserve a few more bits for future cipher modes

9 years agoThe OID sanity check was incorrect. It should only disallow *leading* 0x80
Dr. Stephen Henson [Sun, 7 Mar 2010 16:40:19 +0000 (16:40 +0000)]
The OID sanity check was incorrect. It should only disallow *leading* 0x80
values.

9 years agodon't add digest alias if signature algorithm is undefined
Dr. Stephen Henson [Sat, 6 Mar 2010 20:47:45 +0000 (20:47 +0000)]
don't add digest alias if signature algorithm is undefined

9 years agoFix memory leak: free up ENGINE functional reference if digest is not
Dr. Stephen Henson [Fri, 5 Mar 2010 13:33:43 +0000 (13:33 +0000)]
Fix memory leak: free up ENGINE functional reference if digest is not
found in an ENGINE.

9 years agoPR: 2183
Dr. Stephen Henson [Wed, 3 Mar 2010 19:56:17 +0000 (19:56 +0000)]
PR: 2183

PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0

9 years agoSubmitted by: Tomas Hoger <thoger@redhat.com>
Dr. Stephen Henson [Wed, 3 Mar 2010 15:41:00 +0000 (15:41 +0000)]
Submitted by: Tomas Hoger <thoger@redhat.com>

Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).

9 years agodon't mix definitions and code
Dr. Stephen Henson [Wed, 3 Mar 2010 15:30:26 +0000 (15:30 +0000)]
don't mix definitions and code

9 years agoFix s390x-specific HOST_l2c|c2l [from HEAD].
Andy Polyakov [Tue, 2 Mar 2010 16:25:10 +0000 (16:25 +0000)]
Fix s390x-specific HOST_l2c|c2l [from HEAD].

Submitted by: Andreas Krebbel

9 years agoPR: 2178
Dr. Stephen Henson [Mon, 1 Mar 2010 23:54:34 +0000 (23:54 +0000)]
PR: 2178
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>

Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.

9 years agouse supplied ENGINE in genrsa
Dr. Stephen Henson [Mon, 1 Mar 2010 14:22:02 +0000 (14:22 +0000)]
use supplied ENGINE in genrsa

9 years agouse correct prototype as in HEAD
Dr. Stephen Henson [Mon, 1 Mar 2010 03:01:56 +0000 (03:01 +0000)]
use correct prototype as in HEAD

9 years ago'typo'
Dr. Stephen Henson [Mon, 1 Mar 2010 01:52:47 +0000 (01:52 +0000)]
'typo'

9 years agomake USE_CRYPTODEV_DIGESTS work
Dr. Stephen Henson [Mon, 1 Mar 2010 01:19:36 +0000 (01:19 +0000)]
make USE_CRYPTODEV_DIGESTS work

9 years agoFix warning.
Ben Laurie [Sun, 28 Feb 2010 13:38:16 +0000 (13:38 +0000)]
Fix warning.

9 years agoalgorithms field has changed in 1.0.0 and later: update
Dr. Stephen Henson [Sun, 28 Feb 2010 00:24:24 +0000 (00:24 +0000)]
algorithms field has changed in 1.0.0 and later: update

9 years agoAdd Kerberos fix which was in 0.9.8-stable but never committed to HEAD and
Dr. Stephen Henson [Sat, 27 Feb 2010 23:04:10 +0000 (23:04 +0000)]
Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."

9 years agoRevert CFB block length change. Despite what SP800-38a says the input to
Dr. Stephen Henson [Fri, 26 Feb 2010 14:41:48 +0000 (14:41 +0000)]
Revert CFB block length change. Despite what SP800-38a says the input to
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.

9 years agooops, use correct date
Dr. Stephen Henson [Fri, 26 Feb 2010 12:14:30 +0000 (12:14 +0000)]
oops, use correct date

9 years agoupdate FAQ, NEWS
Dr. Stephen Henson [Thu, 25 Feb 2010 18:21:20 +0000 (18:21 +0000)]
update FAQ, NEWS

9 years agoThe meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and
Dr. Stephen Henson [Tue, 23 Feb 2010 14:09:22 +0000 (14:09 +0000)]
The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in
the verify application documentation.

9 years agoAlways check bn_wexpend() return values for failure (CVE-2009-3245).
Bodo Möller [Tue, 23 Feb 2010 10:36:30 +0000 (10:36 +0000)]
Always check bn_wexpend() return values for failure (CVE-2009-3245).

(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta

9 years agoFix X509_STORE locking
Bodo Möller [Fri, 19 Feb 2010 18:26:23 +0000 (18:26 +0000)]
Fix X509_STORE locking

9 years agoclarify documentation
Dr. Stephen Henson [Thu, 18 Feb 2010 12:41:50 +0000 (12:41 +0000)]
clarify documentation

9 years agoOR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved
Dr. Stephen Henson [Wed, 17 Feb 2010 19:43:46 +0000 (19:43 +0000)]
OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved

9 years agoAllow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
Dr. Stephen Henson [Wed, 17 Feb 2010 18:38:10 +0000 (18:38 +0000)]
Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.

9 years agoPR: 2100
Dr. Stephen Henson [Wed, 17 Feb 2010 14:32:25 +0000 (14:32 +0000)]
PR: 2100
Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.

9 years agoSubmitted by: Dmitry Ivanov <vonami@gmail.com>
Dr. Stephen Henson [Tue, 16 Feb 2010 14:30:19 +0000 (14:30 +0000)]
Submitted by:  Dmitry Ivanov <vonami@gmail.com>

Don't leave dangling pointers in GOST engine if calls fail.

9 years agoPR: 2171
Dr. Stephen Henson [Tue, 16 Feb 2010 14:20:40 +0000 (14:20 +0000)]
PR: 2171
Submitted by: Tomas Mraz <tmraz@redhat.com>

Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.

Also can now use SSL2 compatible client hello because RFC5746 supports it.

9 years agoThe "block length" for CFB mode was incorrectly coded as 1 all the time. It
Dr. Stephen Henson [Mon, 15 Feb 2010 19:40:30 +0000 (19:40 +0000)]
The "block length" for CFB mode was incorrectly coded as 1 all the time. It
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.

9 years agoCorrect ECB mode EVP_CIPHER definition: IV length is 0
Dr. Stephen Henson [Mon, 15 Feb 2010 19:25:52 +0000 (19:25 +0000)]
Correct ECB mode EVP_CIPHER definition: IV length is 0