Commit graph

8845 commits

Author SHA1 Message Date
Andy Polyakov
256b3e9c5f Optimize bn_correct_top. 2008-10-15 10:48:52 +00:00
Andy Polyakov
762a2e3cab Remove redundant BN_ucmp, fix boundary condition in BN_nist_mod_224 and
reimplement BN_nist_mod_521.
2008-10-15 10:47:48 +00:00
Ben Laurie
28b6d5020e Set comparison function in v3_add_canonize(). 2008-10-14 19:27:07 +00:00
Ben Laurie
d5bbead449 Add XMPP STARTTLS support. 2008-10-14 19:11:26 +00:00
Dr. Stephen Henson
0f7efbc859 Ooops... remove code accidentally commited from FIPS version. 2008-10-14 15:44:14 +00:00
Dr. Stephen Henson
a7ae4abfd9 Add missing lock definitions... 2008-10-14 15:24:49 +00:00
Dr. Stephen Henson
30661b1b01 Add missing lock definitions. 2008-10-14 15:22:11 +00:00
Ben Laurie
1ea6472e60 Type-safe OBJ_bsearch_ex. 2008-10-14 08:10:52 +00:00
Lutz Jänicke
b8dfde2a36 Remove the DTLS1_BAD_VER thing from 0.9.9-dev. It is present in 0.9.8
but has been omitted from HEAD (0.9.9), see commit
  http://cvs.openssl.org/chngview?cn=16627
by appro.
2008-10-13 06:45:59 +00:00
Lutz Jänicke
570006f3a2 Half of the commit for 0.9.8 as the bitmap handling has changed.
(Firstly... ommitted)

Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-10-13 06:43:03 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Ben Laurie
6665ef303e Add missing DTLS1_BAD_VER (hope I got the value right). 2008-10-12 14:04:34 +00:00
Lutz Jänicke
7e7af0bc51 When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().

The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-10-10 10:41:35 +00:00
Dr. Stephen Henson
87d3a0cd90 Experimental new date handling routines. These fix issues with X509_time_adj()
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Lutz Jänicke
1e369b375e Fix incorrect command for assember file generation on IA64
Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>
2008-10-06 10:34:49 +00:00
Andy Polyakov
6bf24568bc Fix EC_KEY_check_key. 2008-09-23 17:33:11 +00:00
Bodo Möller
837f2fc7a4 Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.
2008-09-22 21:22:47 +00:00
Bodo Möller
1a489c9af1 From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.
Also, fix CHANGES (consistency with stable branch).
2008-09-15 20:41:24 +00:00
Dr. Stephen Henson
8c864e5466 Add missing CHANGES entry. 2008-09-15 20:30:58 +00:00
Bodo Möller
be5707c820 from 0.9.8 branch 2008-09-15 20:30:17 +00:00
Dr. Stephen Henson
4a4f3071ec Update FAQ. 2008-09-15 11:27:58 +00:00
Andy Polyakov
d7235a9d68 Fix yesterday typos in bss_dgram.c. 2008-09-15 05:43:04 +00:00
Geoff Thorpe
fa0f834c20 Fix build warnings. 2008-09-15 04:02:37 +00:00
Bodo Möller
96562f2fb3 update comment 2008-09-14 19:50:55 +00:00
Andy Polyakov
b9790c1cd4 Winsock handles SO_RCVTIMEO in unique manner...
PR: 1648
2008-09-14 19:22:52 +00:00
Bodo Möller
fcbdde0dfe oops 2008-09-14 18:16:07 +00:00
Andy Polyakov
51ec776b7d dtls1_write_bytes consumers expect amount of bytes written per call, not
overall.
PR: 1604
2008-09-14 17:56:15 +00:00
Bodo Möller
e65bcbcef0 Fix SSL state transitions.
Submitted by: Nagendra Modadugu
2008-09-14 14:02:07 +00:00
Bodo Möller
e710de12ce Note about CVS branch inconsistency. 2008-09-14 13:53:18 +00:00
Bodo Möller
db99c52509 Really get rid of unsafe double-checked locking.
Also, "CHANGES" clean-ups.
2008-09-14 13:51:44 +00:00
Bodo Möller
f8d6be3f81 Some precautions to avoid potential security-relevant problems. 2008-09-14 13:42:34 +00:00
Andy Polyakov
d493899579 DTLS didn't handle alerts correctly.
PR: 1632
2008-09-13 18:24:38 +00:00
Andy Polyakov
492279f6f3 AIX build updates. 2008-09-12 14:45:54 +00:00
Dr. Stephen Henson
3ad74edce8 Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new
strength "FIPS" to represent all FIPS approved ciphersuites without NULL
encryption.
2008-09-10 16:02:09 +00:00
Ben Laurie
2b7b1cad10 Ignoring errors in makedepend can hide problems. 2008-09-09 19:08:40 +00:00
Ben Laurie
43048d13c8 Fix warning. 2008-09-07 13:22:34 +00:00
Dr. Stephen Henson
e8da6a1d0f Fix from stable branch. 2008-09-03 22:17:11 +00:00
Dr. Stephen Henson
305514000c Do not discard cached handshake records during resumed sessions:
they are used for mac computation.
2008-09-03 12:36:16 +00:00
Dr. Stephen Henson
0702150f53 Make no-tlsext compile. 2008-09-03 12:29:57 +00:00
Dr. Stephen Henson
a0ee081515 Perl script to run and verify OpenSSL against PKITS RFC3280 compliance
test suite.
2008-09-01 15:53:53 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06 Add support for CRLs partitioned by reason code.
Tidy CRL scoring system.

Add new CRL path validation error.
2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
249a77f5fb Add support for freshest CRL extension. 2008-08-27 15:52:05 +00:00
Dr. Stephen Henson
d0fff69dc9 Initial indirect CRL support. 2008-08-20 16:42:19 +00:00
Dr. Stephen Henson
8c9bd89338 Support for certificateIssuer CRL entry extension. 2008-08-18 16:48:47 +00:00
Bodo Möller
2e415778f2 Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.
2008-08-14 21:37:51 +00:00
Bodo Möller
1cbf663a6c sanity check
PR: 1679
2008-08-13 19:45:06 +00:00
Bodo Möller
9be8035b11 fix error function codes 2008-08-13 19:44:15 +00:00
Bodo Möller
2ecd2edede Mention ERR_remove_state() deprecation, and ERR_remove_thread_state(NULL). 2008-08-13 19:30:01 +00:00
Dr. Stephen Henson
9d84d4ed5e Initial support for CRL path validation. This supports distinct certificate
and CRL signing keys.
2008-08-13 16:00:11 +00:00