openssl

Author	SHA1	Message	Date
Michael Tuexen	3f84d34c37	Avoid unnecessary fragmentation. (cherry picked from commit `80ccc66d7e`)	2013-03-18 14:32:59 +00:00
Dr. Stephen Henson	3c53fd892c	Fix error codes. (cherry picked from commit `388aff08dc`)	2013-02-26 17:05:39 +00:00
David Woodhouse	3a3a1af1da	Check DTLS_BAD_VER for version number. The version check for DTLS1_VERSION was redundant as DTLS1_VERSION > TLS1_1_VERSION, however we do need to check for DTLS1_BAD_VER for compatibility. PR:2984 (cherry picked from commit `d980abb22e`)	2013-02-12 15:15:32 +00:00
Dr. Stephen Henson	0ced72c608	Fix in ssltest is no-ssl2 configured (cherry picked from commit `cbf9b4aed3`)	2013-02-11 18:28:48 +00:00
Andy Polyakov	919eab8a8b	s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal. (cherry picked from commit `f93a41877d`)	2013-02-08 21:36:06 +01:00
Andy Polyakov	e9baceab5a	s3_cbc.c: get rid of expensive divisions [from master].	2013-02-08 16:59:26 +01:00
Andy Polyakov	b05561c4b7	ssl/[d1\|s3]_pkt.c: harmomize orig_len handling. (cherry picked from commit `8545f73b89`)	2013-02-08 10:40:51 +01:00
Dr. Stephen Henson	b7355af421	Fix IV check and padding removal. Fix the calculation that checks there is enough room in a record after removing padding and optional explicit IV. (by Steve) For AEAD remove the correct number of padding bytes (by Andy) (cherry picked from commit `32cc2479b4`)	2013-02-08 10:40:39 +01:00
Adam Langley	0462eedf5e	Fix for EXP-RC2-CBC-MD5 MD5 should use little endian order. Fortunately the only ciphersuite affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which is a rarely used export grade ciphersuite. (cherry picked from commit `f306b87d76`)	2013-02-08 10:40:13 +01:00
Andy Polyakov	5966f4d973	e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues. Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch. (cherry picked from commit `125093b59f`)	2013-02-06 13:56:15 +00:00
Andy Polyakov	eeb486a5f4	ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. Kludge alert. This is arranged by passing padding length in unused bits of SSL3_RECORD->type, so that orig_len can be reconstructed. (cherry picked from commit `8bfd4c659f`)	2013-02-06 13:56:15 +00:00
Dr. Stephen Henson	d7f55e76f2	Don't access EVP_MD_CTX internals directly. (cherry picked from commit `04e45b52ee`)	2013-02-06 13:56:14 +00:00
Andy Polyakov	7d9e781a1d	s3/s3_cbc.c: allow for compilations with NO_SHA256\|512. (cherry picked from commit `d5371324d9`)	2013-02-06 13:56:14 +00:00
Andy Polyakov	e0c21a0b6b	ssl/s3_cbc.c: md_state alignment portability fix. RISCs are picky and alignment granted by compiler for md_state can be insufficient for SHA512. (cherry picked from commit `36260233e7`)	2013-02-06 13:56:14 +00:00
Andy Polyakov	1dfb4b9400	ssl/s3_cbc.c: uint64_t portability fix. Break dependency on uint64_t. It's possible to declare bits as unsigned int, because TLS packets are limited in size and 32-bit value can't overflow. (cherry picked from commit `cab13fc847`)	2013-02-06 13:56:14 +00:00
Dr. Stephen Henson	e5cb774323	typo. (cherry picked from commit `34ab3c8c71`)	2013-02-06 13:56:14 +00:00
Dr. Stephen Henson	d91d9acc58	Timing fix mitigation for FIPS mode. We have to use EVP in FIPS mode so we can only partially mitigate timing differences. Make an extra call to EVP_DigestSignUpdate to hash additonal blocks to cover any timing differences caused by removal of padding. (cherry picked from commit `b908e88ec1`)	2013-02-06 13:56:13 +00:00
Ben Laurie	820988a0c0	Oops. Add missing file. (cherry picked from commit `014265eb02`)	2013-02-06 13:56:13 +00:00
Ben Laurie	1326a64a33	Update DTLS code to match CBC decoding in TLS. This change updates the DTLS code to match the constant-time CBC behaviour in the TLS. (cherry picked from commit `9f27de170d`)	2013-02-06 13:56:13 +00:00
Ben Laurie	e0da2c2ed2	Don't crash when processing a zero-length, TLS >= 1.1 record. The previous CBC patch was bugged in that there was a path through enc() in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left at the previous value which could suggest that the packet was a sufficient length when it wasn't. (cherry picked from commit `6cb19b7681`)	2013-02-06 13:56:13 +00:00
Ben Laurie	fb0a59cc58	Make CBC decoding constant time. This patch makes the decoding of SSLv3 and TLS CBC records constant time. Without this, a timing side-channel can be used to build a padding oracle and mount Vaudenay's attack. This patch also disables the stitched AESNI+SHA mode pending a similar fix to that code. In order to be easy to backport, this change is implemented in ssl/, rather than as a generic AEAD mode. In the future this should be changed around so that HMAC isn't in ssl/, but crypto/ as FIPS expects. (cherry picked from commit `e130841bcc`)	2013-02-06 13:56:12 +00:00
Ben Laurie	f5cd3561ba	Add and use a constant-time memcmp. This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. (cherry picked from commit `2ee798880a`)	2013-02-06 13:56:12 +00:00
Dr. Stephen Henson	c867d87180	Fix for trace code: SSL3 doesn't include a length value for encrypted premaster secret value. (cherry picked from commit `ea34a58385`)	2013-02-04 15:14:00 +00:00
Dr. Stephen Henson	f8435919a1	Fix warning: lenmax isn't used any more.	2013-01-24 14:08:28 +00:00
Ben Laurie	92745f8116	Remove extraneous brackets (clang doesn't like them).	2013-01-19 18:24:00 +00:00
Ben Laurie	9ccc6f4382	Can't check a size_t for < 0.	2013-01-19 15:01:18 +00:00
Dr. Stephen Henson	75a8ff9263	make update	2013-01-15 16:24:07 +00:00
Dr. Stephen Henson	50b5966e57	Add support for broken protocol tests (backport from master branch)	2013-01-15 16:18:13 +00:00
Dr. Stephen Henson	8eb4456f93	Make whitespace consistent with master branch.	2013-01-15 15:55:54 +00:00
Dr. Stephen Henson	2e00f46b51	stop warning when compiling with no-comp	2012-12-30 01:12:19 +00:00
Dr. Stephen Henson	49ef33fa34	add SSL_CONF functions and documentation (backport from HEAD)	2012-12-29 13:30:56 +00:00
Dr. Stephen Henson	bc200e691c	SSL/TLS record tracing code (backport from HEAD).	2012-12-26 22:40:46 +00:00
Dr. Stephen Henson	a08f8d73cc	Reject zero length ec point format list. Give more meaningful error is attempt made to use incorrect curve. (from HEAD)	2012-12-26 18:26:11 +00:00
Dr. Stephen Henson	b52f12b3ba	handle point format list retrieval for clients too (from HEAD)	2012-12-26 18:20:07 +00:00
Dr. Stephen Henson	78b5d89ddf	Add support for printing out and retrieving EC point formats extension. (backport from HEAD)	2012-12-26 18:13:49 +00:00
Dr. Stephen Henson	b79df62eff	return error if Suite B mode is selected and TLS 1.2 can't be used. (backport from HEAD)	2012-12-26 17:39:02 +00:00
Dr. Stephen Henson	e3c76874ad	set auto ecdh parameter selction for Suite B (backport from HEAD)	2012-12-26 17:35:02 +00:00
Dr. Stephen Henson	4347394a27	add Suite B 128 bit mode offering only combination 2 (backport from HEAD)	2012-12-26 17:34:50 +00:00
Dr. Stephen Henson	53bb723834	Use client version when deciding which cipher suites to disable. (backport from HEAD)	2012-12-26 17:09:39 +00:00
Dr. Stephen Henson	684a2264c5	Use default point formats extension for server side as well as client side, if possible. Don't advertise compressed char2 for SuiteB as it is not supported. (backport from HEAD)	2012-12-26 17:09:14 +00:00
Dr. Stephen Henson	1520e6c084	Add ctrl and utility functions to retrieve raw cipher list sent by client in client hello message. Previously this could only be retrieved on an initial connection and it was impossible to determine the cipher IDs of any uknown ciphersuites. (backport from HEAD)	2012-12-26 16:25:06 +00:00
Dr. Stephen Henson	2001129f09	new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client (backport from HEAD)	2012-12-26 16:23:36 +00:00
Dr. Stephen Henson	a50ecaee56	store and print out message digest peer signed with in TLS 1.2 (backport from HEAD)	2012-12-26 16:23:13 +00:00
Dr. Stephen Henson	67d9dcf003	perform sanity checks on server certificate type as soon as it is received instead of waiting until server key exchange (backport from HEAD)	2012-12-26 16:22:19 +00:00
Dr. Stephen Henson	79dcae32ef	give more meaningful error if presented with wrong certificate type by server (backport from HEAD)	2012-12-26 16:18:15 +00:00
Dr. Stephen Henson	ccf6a19e2d	Add three Suite B modes to TLS code, supporting RFC6460. (backport from HEAD)	2012-12-26 16:17:40 +00:00
Dr. Stephen Henson	8d2dbe6ac0	New function X509_chain_up_ref to dup and up the reference count of a STACK_OF(X509): replace equivalent functionality in several places by the equivalent call. (backport from HEAD)	2012-12-26 16:04:03 +00:00
Dr. Stephen Henson	6660baee66	Make tls1_check_chain return a set of flags indicating checks passed by a certificate chain. Add additional tests to handle client certificates: checks for matching certificate type and issuer name comparison. Print out results of checks for each candidate chain tested in s_server/s_client. (backport from HEAD)	2012-12-26 15:27:44 +00:00
Dr. Stephen Henson	25d4c9254c	Abort handshake if signature algorithm used not supported by peer. (backport from HEAD)	2012-12-26 15:27:24 +00:00
Dr. Stephen Henson	44adfeb6c0	check EC tmp key matches preferences (backport from HEAD)	2012-12-26 15:27:04 +00:00
Dr. Stephen Henson	5ff2ef79e6	typo	2012-12-26 15:23:16 +00:00
Dr. Stephen Henson	b762acadeb	Add support for certificate stores in CERT structure. This makes it possible to have different stores per SSL structure or one store in the parent SSL_CTX. Include distint stores for certificate chain verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN to build and store a certificate chain in CERT structure: returing an error if the chain cannot be built: this will allow applications to test if a chain is correctly configured. Note: if the CERT based stores are not set then the parent SSL_CTX store is used to retain compatibility with existing behaviour. (backport from HEAD)	2012-12-26 15:21:53 +00:00
Dr. Stephen Henson	7d779eefb4	add ssl_locl.h to err header files, rebuild ssl error strings (backport from HEAD)	2012-12-26 15:09:16 +00:00
Dr. Stephen Henson	35b7757f9b	set ciphers to NULL before calling cert_cb (backport from HEAD)	2012-12-26 14:56:40 +00:00
Dr. Stephen Henson	23195e4dcc	stop warning (backport from HEAD)	2012-12-26 14:56:27 +00:00
Dr. Stephen Henson	b28fbdfa7d	New function ssl_set_client_disabled to set masks for any ciphersuites that are disabled for this session (as opposed to always disabled by configuration). (backport from HEAD)	2012-12-26 14:55:46 +00:00
Dr. Stephen Henson	a897502cd9	Add new ctrl to retrieve client certificate types, print out details in s_client. Also add ctrl to set client certificate types. If not used sensible values will be included based on supported signature algorithms: for example if we don't include any DSA signing algorithms the DSA certificate type is omitted. Fix restriction in old code where certificate types would be truncated if it exceeded TLS_CT_NUMBER. (backport from HEAD)	2012-12-26 14:51:37 +00:00
Dr. Stephen Henson	731abd3bd7	new function SSL_is_server to which returns 1 is the corresponding SSL context is for a server (backport from HEAD)	2012-12-26 14:45:46 +00:00
Dr. Stephen Henson	7531dd18dc	no need to check s->server as default_nid is never used for TLS 1.2 client authentication (backport from HEAD)	2012-12-26 14:45:27 +00:00
Dr. Stephen Henson	04c32cddaa	Separate client and server permitted signature algorithm support: by default the permitted signature algorithms for server and client authentication are the same but it is now possible to set different algorithms for client authentication only. (backport from HEAD)	2012-12-26 14:44:56 +00:00
Dr. Stephen Henson	623a5e24cb	Add certificate callback. If set this is called whenever a certificate is required by client or server. An application can decide which certificate chain to present based on arbitrary criteria: for example supported signature algorithms. Add very simple example to s_server. This fixes many of the problems and restrictions of the existing client certificate callback: for example you can now clear existing certificates and specify the whole chain. (backport from HEAD)	2012-12-26 14:43:51 +00:00
Dr. Stephen Henson	c550f2e37b	Function tls1_check_ec_server_key is now redundant as we make appropriate checks in tls1_check_chain. (backport from HEAD)	2012-12-26 14:27:27 +00:00
Dr. Stephen Henson	484f876235	Add new "valid_flags" field to CERT_PKEY structure which determines what the certificate can be used for (if anything). Set valid_flags field in new tls1_check_chain function. Simplify ssl_set_cert_masks which used to have similar checks in it. Add new "cert_flags" field to CERT structure and include a "strict mode". This enforces some TLS certificate requirements (such as only permitting certificate signature algorithms contained in the supported algorithms extension) which some implementations ignore: this option should be used with caution as it could cause interoperability issues. (backport from HEAD)	2012-12-26 14:26:53 +00:00
Dr. Stephen Henson	c70a1fee71	Reorganise supported signature algorithm extension processing. Only store encoded versions of peer and configured signature algorithms. Determine shared signature algorithms and cache the result along with NID equivalents of each algorithm. (backport from HEAD)	2012-12-26 14:26:16 +00:00
Dr. Stephen Henson	0b362de5f5	Add support for application defined signature algorithms for use with TLS v1.2. These are sent as an extension for clients and during a certificate request for servers. TODO: add support for shared signature algorithms, respect shared algorithms when deciding which ciphersuites and certificates to permit. (backport from HEAD)	2012-12-26 14:25:29 +00:00
Dr. Stephen Henson	d312f7be37	Make it possible to delete all certificates from an SSL structure. (backport from HEAD)	2012-12-26 14:18:50 +00:00
Dr. Stephen Henson	e6b650df0a	oops, revert	2012-12-20 19:01:34 +00:00
Dr. Stephen Henson	7b7b667ddc	apps/ocsp.c	2012-12-20 18:59:09 +00:00
Dr. Stephen Henson	e08c7f15b4	change inaccurate error message	2012-11-26 15:47:44 +00:00
Dr. Stephen Henson	7469af4484	reject zero length point format list or supported curves extensions	2012-11-22 14:15:36 +00:00
Dr. Stephen Henson	6f539399ef	add "missing" TLSv1.2 cipher alias	2012-11-15 19:15:07 +00:00
Richard Levitte	451cec33df	* ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug. Fortunately in debugging code that's seldom used.	2012-09-21 13:08:30 +00:00
Dr. Stephen Henson	dc14441757	Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate change the current certificate (in s->cert->key) to the one used and then SSL_get_certificate and SSL_get_privatekey will automatically work.	2012-09-11 13:35:14 +00:00
Ben Laurie	da8512aaff	Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836.	2012-09-11 12:00:25 +00:00
Dr. Stephen Henson	ccffdb3fdc	revert unrelated test code	2012-07-03 20:21:35 +00:00
Dr. Stephen Henson	74d89b0d93	PR: 2840 Reported by: David McCullough <david_mccullough@mcafee.com> Restore fips configuration module from 0.9.8.	2012-07-03 20:20:11 +00:00
Dr. Stephen Henson	a240ea8ab8	don't use pseudo digests for default values of keys	2012-06-27 14:12:01 +00:00
Ben Laurie	3c56d65a41	Fix memory leak.	2012-06-11 09:23:38 +00:00
Ben Laurie	835d104f46	Rearrange and test authz extension.	2012-06-07 13:20:20 +00:00
Ben Laurie	aeba1ef352	Fix memory leak.	2012-06-06 12:58:35 +00:00
Ben Laurie	49e9f751a4	Fix authz parsing.	2012-06-06 12:45:14 +00:00
Ben Laurie	ff46820da6	Version skew reduction.	2012-06-06 12:41:46 +00:00
Ben Laurie	68d2cf51bc	Reduce version skew: trivia (I hope).	2012-06-03 22:03:37 +00:00
Ben Laurie	19eedffcaf	Don't insert in the middle.	2012-05-29 18:58:43 +00:00
Ben Laurie	8a02a46a5c	RFC 5878 support.	2012-05-29 17:27:48 +00:00
Andy Polyakov	4d321e0767	s2_clnt.c: compensate for compiler bug [from HEAD].	2012-05-16 18:22:15 +00:00
Dr. Stephen Henson	5e145e54cc	PR: 2811 Reported by: Phil Pennock <openssl-dev@spodhuis.org> Make renegotiation work for TLS 1.2, 1.1 by not using a lower record version client hello workaround if renegotiating.	2012-05-11 13:33:34 +00:00
Dr. Stephen Henson	df73e68a43	PR: 2806 Submitted by: PK <runningdoglackey@yahoo.com> Correct ciphersuite signature algorithm definitions.	2012-05-10 18:25:31 +00:00
Dr. Stephen Henson	e7c8483891	Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333)	2012-05-10 16:03:36 +00:00
Richard Levitte	712d523484	Don't forget to install srtp.h as well	2012-05-10 15:01:26 +00:00
Dr. Stephen Henson	a56f9a612b	Don't try to use unvalidated composite ciphers in FIPS mode	2012-04-26 18:51:26 +00:00
Dr. Stephen Henson	a6df6702c6	Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and OpenSSL 1.0.0. Add CHANGES entry noting the consequences.	2012-04-25 23:06:31 +00:00
Andy Polyakov	f69abd5321	s23_clnt.c: ensure interoperability by maitaining client "version capability" vector contiguous [from HEAD]. PR: 2802	2012-04-25 22:07:03 +00:00
Dr. Stephen Henson	fe9ce2b7d6	Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve Improved localisation of TLS extension handling and code tidy.	2012-04-24 12:15:17 +00:00
Dr. Stephen Henson	b583ebb7dd	recognise X9.42 DH certificates on servers	2012-04-18 17:03:45 +00:00
Dr. Stephen Henson	f897fe4146	correct error code	2012-04-18 15:17:39 +00:00
Bodo Möller	bb3add20f3	Disable SHA-2 ciphersuites in < TLS 1.2 connections. (TLS 1.2 clients could end up negotiating these with an OpenSSL server with TLS 1.2 disabled, which is problematic.) Submitted by: Adam Langley	2012-04-17 15:21:29 +00:00
Dr. Stephen Henson	48e0f6667b	Additional workaround for PR#2771 If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client ciphersuites to this value. A value of 50 should be sufficient. Document workarounds in CHANGES.	2012-04-17 14:47:14 +00:00
Dr. Stephen Henson	32213fb25a	Partial workaround for PR#2771. Some servers hang when presented with a client hello record length exceeding 255 bytes but will work with longer client hellos if the TLS record version in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all cases...	2012-04-17 13:20:37 +00:00
Andy Polyakov	f6a1939f0f	OPENSSL_NO_SOCK fixes [from HEAD]. PR: 2791 Submitted by: Ben Noordhuis	2012-04-16 17:43:02 +00:00
Andy Polyakov	09f17419a6	s3_srvr.c: fix typo [from HEAD]. PR: 2538	2012-04-15 17:23:54 +00:00
Andy Polyakov	eb8a65db16	e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag countermeasure [from HEAD]. PR: 2778	2012-04-15 14:23:26 +00:00
Dr. Stephen Henson	e1a7db8fdd	use different variable for chain iteration	2012-04-11 16:01:20 +00:00
Dr. Stephen Henson	1d0c47fd55	Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Localize client hello extension parsing in t1_lib.c (backport from HEAD)	2012-04-06 20:16:09 +00:00
Dr. Stephen Henson	e46c807e4f	Add support for automatic ECDH temporary key parameter selection. When enabled instead of requiring an application to hard code a (possibly inappropriate) parameter set and delve into EC internals we just automatically use the preferred curve. (backport from HEAD)	2012-04-06 20:15:50 +00:00
Dr. Stephen Henson	c132ca95c0	Tidy up EC parameter check code: instead of accessing internal structures add utility functions to t1_lib.c to check if EC certificates and parameters are consistent with peer. (backport from HEAD)	2012-04-06 20:14:53 +00:00
Dr. Stephen Henson	6b870763ac	Initial revision of ECC extension handling. Tidy some code up. Don't allocate a structure to handle ECC extensions when it is used for default values. Make supported curves configurable. Add ctrls to retrieve shared curves: not fully integrated with rest of ECC code yet. (backport from HEAD)	2012-04-06 20:12:35 +00:00
Dr. Stephen Henson	5505818199	New ctrls to retrieve supported signature algorithms and curves and extensions to s_client and s_server to print out retrieved valued. Extend CERT structure to cache supported signature algorithm data. (backport from HEAD)	2012-04-06 19:29:49 +00:00
Dr. Stephen Henson	7493bcc659	initialise i if n == 0 (backport from HEAD)	2012-04-06 17:36:40 +00:00
Dr. Stephen Henson	37b16c84bb	Add support for distinct certificate chains per key type and per SSL structure. Before this the only way to add a custom chain was in the parent SSL_CTX (which is shared by all key types and SSL structures) or rely on auto chain building (which is performed on each handshake) from the trust store. (backport from HEAD)	2012-04-06 17:22:48 +00:00
Dr. Stephen Henson	0ac89e8f54	Backport: code tidy (from HEAD)	2012-04-06 12:02:43 +00:00
Dr. Stephen Henson	7e65b21a24	Backport: Revise ssl code to use CERT_PKEY structure when outputting a certificate chain (from HEAD)	2012-04-06 12:00:24 +00:00
Dr. Stephen Henson	736d69750d	Backport: tidy/enhance certificate chain output code (from HEAD)	2012-04-06 11:58:17 +00:00
Dr. Stephen Henson	6cfccfec33	Backport: initialise dh_clnt (from HEAD)	2012-04-06 11:35:45 +00:00
Dr. Stephen Henson	c523eb98d1	Backport DH client certificate support (from HEAD)	2012-04-06 11:34:42 +00:00
Dr. Stephen Henson	0ffa49970b	Backport support for fixed DH ciphersuites (from HEAD)	2012-04-06 11:33:12 +00:00
Andy Polyakov	1b0ae81f4a	ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444) [from HEAD]. PR: 2778	2012-04-04 20:50:58 +00:00
Dr. Stephen Henson	5e2187f7ee	PR: 2778(part) Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com> Time is always encoded as 4 bytes, not sizeof(Time).	2012-03-31 18:02:53 +00:00
Dr. Stephen Henson	78c5d2a9bb	use client version when deciding whether to send supported signature algorithms extension	2012-03-21 21:32:57 +00:00
Andy Polyakov	9cc42cb091	ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER [from HEAD].	2012-03-13 19:21:15 +00:00
Dr. Stephen Henson	267c950c5f	Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Add more extension names in s_cb.c extension printing code.	2012-03-09 18:37:41 +00:00
Dr. Stephen Henson	ce1605b508	PR: 2756 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS timeout handling.	2012-03-09 15:52:20 +00:00
Dr. Stephen Henson	25bfdca16a	PR: 2755 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions.	2012-03-06 13:47:27 +00:00
Dr. Stephen Henson	9c284f9651	PR: 2748 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix possible DTLS timer deadlock.	2012-03-06 13:24:16 +00:00
Dr. Stephen Henson	a54ce007e6	PR: 2739 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix padding bugs in Heartbeat support.	2012-02-27 16:38:10 +00:00
Dr. Stephen Henson	f1fa05b407	ABI compliance fixes. Move new structure fields to end of structures. Import library codes from 1.0.0 and recreate new ones.	2012-02-22 14:01:44 +00:00
Dr. Stephen Henson	b935714237	typo	2012-02-17 17:31:32 +00:00
Dr. Stephen Henson	a8314df902	Fix bug in CVE-2011-4619: check we have really received a client hello before rejecting multiple SGC restarts.	2012-02-16 15:25:39 +00:00
Dr. Stephen Henson	d40abf1689	Submitted by: Eric Rescorla <ekr@rtfm.com> Further fixes for use_srtp extension.	2012-02-11 22:53:48 +00:00
Dr. Stephen Henson	c489ea7d01	PR: 2704 Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Fix srp extension.	2012-02-10 20:08:49 +00:00
Dr. Stephen Henson	943cc09d8a	Submitted by: Eric Rescorla <ekr@rtfm.com> Fix encoding of use_srtp extension to be compliant with RFC5764	2012-02-10 00:03:37 +00:00
Dr. Stephen Henson	fc6800d19f	Modify client hello version when renegotiating to enhance interop with some servers.	2012-02-09 15:41:44 +00:00
Dr. Stephen Henson	adcea5a043	return error if md is NULL	2012-01-22 13:12:50 +00:00
Dr. Stephen Henson	2dc4b0dbe8	Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050)	2012-01-18 18:14:56 +00:00
Andy Polyakov	c8e0b5d7b6	1.0.1-specific OPNESSL vs. OPENSSL typo. PR: 2613 Submitted by: Leena Heino	2012-01-15 13:42:50 +00:00
Dr. Stephen Henson	285d9189c7	PR: 2652 Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se> OpenVMS fixes.	2012-01-05 14:30:08 +00:00
Bodo Möller	409d2a1b71	Fix for builds without DTLS support. Submitted by: Brian Carlstrom	2012-01-05 10:22:39 +00:00
Dr. Stephen Henson	e0b9678d7f	PR: 2671 Submitted by: steve Update maximum message size for certifiate verify messages to support 4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.	2012-01-05 00:28:29 +00:00
Dr. Stephen Henson	166dea6ac8	Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Send fatal alert if heartbeat extension has an illegal value.	2012-01-05 00:23:31 +00:00
Dr. Stephen Henson	0044739ae5	Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson.	2012-01-04 23:52:05 +00:00
Dr. Stephen Henson	4e44bd3650	Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)	2012-01-04 23:13:29 +00:00
Dr. Stephen Henson	aaa3850ccd	Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)	2012-01-04 23:07:54 +00:00
Dr. Stephen Henson	1cb4d65b87	Submitted by: Adam Langley <agl@chromium.org> Reviewed by: steve Fix memory leaks.	2012-01-04 14:25:28 +00:00
Dr. Stephen Henson	7b2dd292bc	only send heartbeat extension from server if client sent one	2012-01-03 22:03:07 +00:00
Dr. Stephen Henson	d9834ff24b	make update	2012-01-02 16:41:11 +00:00
Dr. Stephen Henson	bd6941cfaa	PR: 2658 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Support for TLS/DTLS heartbeats.	2011-12-31 23:00:36 +00:00
Dr. Stephen Henson	5c05f69450	make update	2011-12-27 14:38:27 +00:00
Dr. Stephen Henson	b300fb7734	PR: 1794 Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve - remove some unncessary SSL_err and permit an srp user callback to allow a worker to obtain a user verifier. - cleanup and comments in s_server and demonstration for asynchronous srp user lookup	2011-12-27 14:23:22 +00:00
Dr. Stephen Henson	f89af47438	PR: 2326 Submitted by: Tianjie Mao <tjmao@tjmao.net> Reviewed by: steve Fix incorrect comma expressions and goto f_err as alert has been set.	2011-12-26 19:38:09 +00:00
Dr. Stephen Henson	e065e6cda2	PR: 2535 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Add SCTP support for DTLS (RFC 6083).	2011-12-25 14:45:40 +00:00
Dr. Stephen Henson	60553cc209	typo	2011-12-23 15:03:16 +00:00
Dr. Stephen Henson	2d4c9ab518	delete unimplemented function from header file, update ordinals	2011-12-23 14:10:35 +00:00
Dr. Stephen Henson	242f8d644c	remove prototype for deleted SRP function	2011-12-22 16:01:23 +00:00
Dr. Stephen Henson	f5575cd167	New ctrl values to clear or retrieve extra chain certs from an SSL_CTX. New function to retrieve compression method from SSL_SESSION structure. Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions as they duplicate functionality of SSL_SESSION_get_id. Note: these functions have never appeared in any release version of OpenSSL.	2011-12-22 15:01:16 +00:00
Ben Laurie	dd0ddc3e78	Fix DTLS.	2011-12-20 15:05:03 +00:00
Dr. Stephen Henson	b8a22c40e0	PR: 1794 Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve Remove unnecessary code for srp and to add some comments to s_client. - the callback to provide a user during client connect is no longer necessary since rfc 5054 a connection attempt with an srp cipher and no user is terminated when the cipher is acceptable - comments to indicate in s_client the (non-)usefulness of th primalaty tests for non known group parameters.	2011-12-14 22:18:03 +00:00
Ben Laurie	96fe35e7d4	Remove redundant TLS exporter.	2011-12-13 14:35:12 +00:00
Ben Laurie	e87afb1518	SSL export fixes (from Adam Langley).	2011-12-13 14:25:11 +00:00
Dr. Stephen Henson	7454cba4fa	fix error discrepancy	2011-12-07 12:28:50 +00:00
Ben Laurie	a0cf79e841	Fix exporter.	2011-12-02 16:49:32 +00:00
Ben Laurie	825e1a7c56	Fix warnings.	2011-12-02 14:39:41 +00:00
Bodo Möller	9f2b453338	Resolve a stack set-up race condition (if the list of compression methods isn't presorted, it will be sorted on first read). Submitted by: Adam Langley	2011-12-02 12:51:41 +00:00
Dr. Stephen Henson	2c7d978c2d	PR: 1794 Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve Make SRP conformant to rfc 5054. Changes are: - removal of the addition state after client hello - removal of all pre-rfc srp alert ids - sending a fatal alert when there is no srp extension but when the server wants SRP - removal of unnecessary code in the client.	2011-11-25 00:18:10 +00:00
Ben Laurie	8cd897a42c	Don't send NPN during renegotiation.	2011-11-24 18:22:06 +00:00
Ben Laurie	1dc44d3130	Indent.	2011-11-24 16:51:15 +00:00
Dr. Stephen Henson	d7125d8d85	move internal functions to ssl_locl.h	2011-11-21 22:52:01 +00:00
Dr. Stephen Henson	43716567f5	bcmp doesn't exist on all platforms, replace with memcmp	2011-11-21 22:29:16 +00:00
Ben Laurie	b1d7429186	Add TLS exporter.	2011-11-15 23:51:22 +00:00
Ben Laurie	060a38a2c0	Add DTLS-SRTP.	2011-11-15 23:02:16 +00:00
Ben Laurie	68b33cc5c7	Add Next Protocol Negotiation.	2011-11-13 21:55:42 +00:00
Ben Laurie	4c02cf8ecc	make depend.	2011-11-13 20:23:34 +00:00
Ben Laurie	271daaf768	Fix one of the no-tlsext build errors (there are more).	2011-11-13 20:19:21 +00:00
Dr. Stephen Henson	efbb7ee432	PR: 1794 Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve Document unknown_psk_identify alert, remove pre-RFC 5054 string from ssl_stat.c	2011-11-13 13:13:14 +00:00
Dr. Stephen Henson	5372f5f989	PR: 2628 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Send alert instead of assertion failure for incorrectly formatted DTLS fragments.	2011-10-27 13:06:43 +00:00
Dr. Stephen Henson	6d24c09a69	PR: 2628 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix for ECC keys and DTLS.	2011-10-27 13:01:20 +00:00
Dr. Stephen Henson	1f713e0106	Use correct tag for SRP username.	2011-10-25 12:52:47 +00:00
Bodo Möller	f72c1a58cb	In ssl3_clear, preserve s3->init_extra along with s3->rbuf. Submitted by: Bob Buckholz <bbuckholz@google.com>	2011-10-13 13:05:35 +00:00
Dr. Stephen Henson	06afa6eb94	add GCM ciphers in SSL_library_init	2011-10-10 12:56:11 +00:00
Dr. Stephen Henson	58e4205d6c	disable GCM if not available	2011-10-10 12:40:13 +00:00
Dr. Stephen Henson	6bd173fced	Don't disable TLS v1.2 by default any more.	2011-10-09 23:28:25 +00:00
Dr. Stephen Henson	b08b158b44	use client version when eliminating TLS v1.2 ciphersuites in client hello	2011-10-07 15:07:36 +00:00
Dr. Stephen Henson	928bd9a149	fix signed/unsigned warning	2011-09-26 17:04:41 +00:00
Dr. Stephen Henson	e53113b8ac	make sure eivlen is initialised	2011-09-24 23:06:35 +00:00
Dr. Stephen Henson	56f5ab43c2	PR: 2602 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS bug which prevents manual MTU setting	2011-09-23 13:35:05 +00:00
Bodo Möller	3c3f025923	Fix session handling.	2011-09-05 13:36:55 +00:00
Bodo Möller	5ff6e2dfbb	Fix d2i_SSL_SESSION.	2011-09-05 13:31:07 +00:00
Bodo Möller	61ac68f9f6	(EC)DH memory handling fixes. Submitted by: Adam Langley	2011-09-05 10:25:27 +00:00
Dr. Stephen Henson	ec5d74f868	PR: 2573 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug.	2011-09-01 14:02:14 +00:00
Andy Polyakov	84e7485bfb	Add RC4-MD5 and AESNI-SHA1 "stitched" implementations [from HEAD].	2011-08-23 20:53:34 +00:00
Dr. Stephen Henson	cf199fec52	Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites.	2011-08-14 13:47:30 +00:00
Dr. Stephen Henson	aed53d6c5a	Backport GCM support from HEAD.	2011-08-04 11:13:28 +00:00
Dr. Stephen Henson	c8c6e9ecd9	Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and prohibit use of these ciphersuites for TLS < 1.2	2011-07-25 21:45:17 +00:00
Andy Polyakov	90f3e4cf05	Back-port TLS AEAD framework [from HEAD].	2011-07-21 19:22:57 +00:00
Dr. Stephen Henson	f1c8db9f8c	PR: 2555 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS sequence number bug	2011-07-20 15:17:42 +00:00
Dr. Stephen Henson	2c9abbd554	PR: 2550 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS HelloVerifyRequest Timer bug	2011-07-20 15:13:43 +00:00
Dr. Stephen Henson	6abc406a69	PR: 2543 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Correctly handle errors in DTLSv1_handle_timeout()	2011-06-22 15:30:04 +00:00
Dr. Stephen Henson	4bea454021	set FIPS allow before initialising ctx	2011-06-14 15:25:41 +00:00
Dr. Stephen Henson	8e2f3c1c83	fix memory leak	2011-06-08 15:55:57 +00:00
Dr. Stephen Henson	a6dc77822b	Set SSL_FIPS flag in ECC ciphersuites.	2011-06-06 14:14:14 +00:00
Dr. Stephen Henson	f610a516a0	Backport from HEAD: New option to disable characteristic two fields in EC code. Make no-ec2m work on Win32 build.	2011-06-06 11:49:36 +00:00
Dr. Stephen Henson	7978dc989d	fix error discrepancy	2011-06-03 18:50:49 +00:00
Dr. Stephen Henson	9ddc574f9a	typo	2011-06-01 11:10:50 +00:00
Dr. Stephen Henson	2dd9e67874	set FIPS permitted flag before initalising digest	2011-05-31 16:24:06 +00:00
Dr. Stephen Henson	f93b03a5e6	Don't round up partitioned premaster secret length if there is only one digest in use: this caused the PRF to fail for an odd premaster secret length.	2011-05-31 10:35:22 +00:00
Dr. Stephen Henson	55a47cd30f	Output supported curves in preference order instead of numerically.	2011-05-30 17:58:29 +00:00
Dr. Stephen Henson	9c34782478	Don't advertise or use MD5 for TLS v1.2 in FIPS mode	2011-05-25 15:33:29 +00:00
Dr. Stephen Henson	20e6d22709	PR: 2533 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes the program to crash. This is due to missing version checks and is fixed with this patch.	2011-05-25 15:21:01 +00:00
Dr. Stephen Henson	24dd0c61ef	PR: 2529 Submitted by: Marcus Meissner <meissner@suse.de> Reviewed by: steve Call ssl_new() to reallocate SSL BIO internals if we want to replace the existing internal SSL structure.	2011-05-25 15:16:01 +00:00
Dr. Stephen Henson	4159ac43aa	Oops use up to date patch for PR#2506	2011-05-25 14:30:05 +00:00
Dr. Stephen Henson	88530f6b76	PR: 2506 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fully implement SSL_clear for DTLS.	2011-05-25 12:28:16 +00:00
Dr. Stephen Henson	a8cb8177f6	PR: 2505 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS session resumption timer bug.	2011-05-25 12:24:43 +00:00
Dr. Stephen Henson	277f8a34f4	use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS	2011-05-25 11:43:17 +00:00
Dr. Stephen Henson	4dde470865	Add tls12_sigalgs which somehow didn't get added to the backport.	2011-05-21 17:40:23 +00:00
Dr. Stephen Henson	b81fde02aa	Add server client certificate support for TLS v1.2 . This is more complex than client side as we need to keep the handshake record cache frozen when it contains all the records need to process the certificate verify message. (backport from HEAD).	2011-05-20 14:58:45 +00:00
Dr. Stephen Henson	7043fa702f	add FIPS support to ssl: doesn't do anything on this branch yet as there is no FIPS compilation support	2011-05-19 18:22:16 +00:00
Dr. Stephen Henson	74bf705ea8	set encodedPoint to NULL after freeing it	2011-05-19 16:18:11 +00:00
Dr. Stephen Henson	4fe4c00eca	Provisional support for TLS v1.2 client authentication: client side only. Parse certificate request message and set digests appropriately. Generate new TLS v1.2 format certificate verify message. Keep handshake caches around for longer as they are needed for client auth.	2011-05-12 17:49:15 +00:00
Dr. Stephen Henson	376838a606	Process signature algorithms during TLS v1.2 client authentication. Make sure message is long enough for signature algorithms. (backport from HEAD).	2011-05-12 17:44:59 +00:00
Dr. Stephen Henson	766e0cb7d1	SRP fixes from HEAD which weren't in 1.0.1-stable.	2011-05-12 13:46:40 +00:00
Dr. Stephen Henson	39348038df	make kerberos work with OPENSSL_NO_SSL_INTERN	2011-05-11 22:52:34 +00:00
Dr. Stephen Henson	9472baae0d	Backport TLS v1.2 support from HEAD. This includes TLS v1.2 server and client support but at present client certificate support is not implemented.	2011-05-11 13:37:52 +00:00
Dr. Stephen Henson	74096890ba	Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN all ssl related structures are opaque and internals cannot be directly accessed. Many applications will need some modification to support this and most likely some additional functions added to OpenSSL. The advantage of this option is that any application supporting it will still be binary compatible if SSL structures change. (backport from HEAD).	2011-05-11 12:56:38 +00:00
Dr. Stephen Henson	2ab42de1ec	PR: 2462 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS Retransmission Buffer Bug	2011-04-03 17:14:48 +00:00
Dr. Stephen Henson	ac2024ccbf	PR: 2458 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Don't change state when answering DTLS ClientHello.	2011-04-03 16:25:54 +00:00
Dr. Stephen Henson	93164a7d64	PR: 2457 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS fragment reassembly bug.	2011-04-03 15:48:32 +00:00
Richard Levitte	ecff2e5ce1	Corrections to the VMS build system. Submitted by Steven M. Schweda <sms@antinode.info>	2011-03-25 16:21:08 +00:00
Richard Levitte	d135906dbc	For VMS, implement the possibility to choose 64-bit pointers with different options: "64" The build system will choose /POINTER_SIZE=64=ARGV if the compiler supports it, otherwise /POINTER_SIZE=64. "64=" The build system will force /POINTER_SIZE=64. "64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.	2011-03-25 09:39:46 +00:00
Richard Levitte	9f427a52cb	make update (1.0.1-stable) This meant a slight renumbering in util/libeay.num due to symbols appearing in 1.0.0-stable. However, since there's been no release on this branch yet, it should be harmless.	2011-03-23 00:06:04 +00:00
Richard Levitte	e59fb00735	SRP was introduced, add it for OpenVMS.	2011-03-19 09:55:35 +00:00
Richard Levitte	01d2e27a2b	Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>	2011-03-19 09:47:47 +00:00
Dr. Stephen Henson	3393e0c02c	Fix SRP error codes (from HEAD).	2011-03-16 16:55:12 +00:00
Ben Laurie	a149b2466e	Add SRP.	2011-03-16 11:26:40 +00:00
Dr. Stephen Henson	80b3d7a3c9	Remove redundant check to stop compiler warning.	2011-03-12 17:05:58 +00:00
Ben Laurie	4bd48de60c	Fix warning.	2011-03-12 12:18:34 +00:00
Dr. Stephen Henson	2eab92f8e3	make no-dsa work again	2011-03-10 18:27:13 +00:00
Bodo Möller	8c93c4dd42	OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) Submitted by: Neel Mehta, Adam Langley, Bodo Moeller	2011-02-08 17:48:41 +00:00
Bodo Möller	a288aaefc4	Assorted bugfixes: - safestack macro changes for C++ were incomplete - RLE decompression boundary case - SSL 2.0 key arg length check Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)	2011-02-03 12:03:57 +00:00
Bodo Möller	346601bc32	CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)	2011-02-03 10:42:00 +00:00
Dr. Stephen Henson	e1435034ae	FIPS_allow_md5() no longer exists and is no longer required	2011-01-26 12:25:51 +00:00
Dr. Stephen Henson	4577b38d22	Don't use decryption_failed alert for TLS v1.1 or later.	2011-01-04 19:39:42 +00:00
Dr. Stephen Henson	a8515e2d28	Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed alert.	2011-01-04 19:33:30 +00:00
Richard Levitte	90d02be7c5	First attempt at adding the possibility to set the pointer size for the builds on VMS. PR: 2393	2010-12-14 19:18:58 +00:00
Dr. Stephen Henson	6c36ca4628	PR: 2240 Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve Reviewed by: steve As required by RFC4492 an absent supported points format by a server is not an error: it should be treated as equivalent to an extension only containing uncompressed.	2010-11-25 12:27:39 +00:00
Dr. Stephen Henson	9c61c57896	using_ecc doesn't just apply to TLSv1	2010-11-25 11:51:46 +00:00
Dr. Stephen Henson	95eef4df79	use generalised mac API for SSL key generation	2010-11-24 13:17:48 +00:00
Dr. Stephen Henson	a25c98ac73	remove duplicate statement	2010-11-18 17:33:44 +00:00
Dr. Stephen Henson	2d1e9ce753	oops, reinstate TLSv1 string	2010-11-17 18:16:57 +00:00
Dr. Stephen Henson	6e21ce592e	fix CVE-2010-3864	2010-11-17 17:36:29 +00:00
Dr. Stephen Henson	1a8ecda3ee	Only use explicit IV if cipher is in CBC mode.	2010-11-14 17:47:21 +00:00
Dr. Stephen Henson	d36c7b618d	Get correct GOST private key instead of just assuming the last one is correct: this isn't always true if we have more than one certificate.	2010-11-14 13:50:42 +00:00
Dr. Stephen Henson	3fa29765fd	PR: 2314 Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net> Reviewed by: steve Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939	2010-10-10 12:27:19 +00:00
Dr. Stephen Henson	36778eb231	PR: 1833 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix other cases not covered by original patch. (correct patch this time!)	2010-08-27 12:12:07 +00:00
Dr. Stephen Henson	c6dd154b3e	oops, revert previous patch	2010-08-27 12:10:12 +00:00
Dr. Stephen Henson	35cae95032	PR: 1833 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix other cases not covered by original patch.	2010-08-27 11:57:42 +00:00
Bodo Möller	02ba02604c	Patch from PR #1833 was broken: there's no s->s3->new_session (only s->new_session).	2010-08-26 14:54:18 +00:00
Dr. Stephen Henson	48ae85b6ff	PR: 1833 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Support for abbreviated handshakes when renegotiating.	2010-08-26 14:22:40 +00:00
Dr. Stephen Henson	53e7985c8d	PR: 1830 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson Support for RFC5705 key extractor.	2010-07-18 17:39:46 +00:00
Dr. Stephen Henson	28566b4966	no need for empty fragments with TLS 1.1 and later due to explicit IV	2010-06-27 14:42:43 +00:00
Dr. Stephen Henson	b4b15f68c0	Backport TLS v1.1 support from HEAD, ssl/ changes	2010-06-27 14:22:11 +00:00
Dr. Stephen Henson	e97359435e	Fix warnings (From HEAD, original patch by Ben).	2010-06-15 17:25:15 +00:00
Dr. Stephen Henson	72240ab31a	PR: 2259 Submitted By: Artem Chuprina <ran@cryptocom.ru> Check return values of HMAC in tls_P_hash and tls1_generate_key_block. Although the previous version could in theory crash that would only happen if a digest call failed. The standard software methods can never fail and only one ENGINE currently uses digests and it is not compiled in by default.	2010-05-17 11:26:56 +00:00
Dr. Stephen Henson	8c1e7de6cb	PR: 2230 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix bug in bitmask macros and stop warnings.	2010-05-03 13:01:50 +00:00
Dr. Stephen Henson	9f827ded1c	fix signed/unsigned comparison warnings	2010-04-14 00:41:01 +00:00
Dr. Stephen Henson	1507f3abba	PR: 2230 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix various DTLS fragment reassembly bugs.	2010-04-14 00:17:29 +00:00
Dr. Stephen Henson	30e8defe52	PR: 2229 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Don't drop DTLS connection if mac or decryption failed.	2010-04-14 00:09:55 +00:00
Dr. Stephen Henson	9f4dd3e3e3	PR: 2228 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS buffer record MAC failure bug.	2010-04-14 00:03:13 +00:00
Richard Levitte	d2f098b33d	Spelling	2010-04-13 14:34:48 +00:00
Richard Levitte	0a4fe6c8db	Undo the previous change, it was incorrect in this branch.	2010-04-13 11:10:07 +00:00
Richard Levitte	7bba401d5d	Third argument to dtls1_buffer_record is by reference	2010-04-13 08:41:58 +00:00
Dr. Stephen Henson	acc9938ba5	Add SHA2 algorithms to SSL_library_init(). Although these aren't used directly by SSL/TLS SHA2 certificates are becoming more common and applications that only call SSL_library_init() and not OpenSSL_add_all_alrgorithms() will fail when verifying certificates. Update docs.	2010-04-07 13:18:30 +00:00
Dr. Stephen Henson	6dfd3cf68e	PR: 2218 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS replay bug.	2010-04-06 12:44:55 +00:00
Dr. Stephen Henson	073775cbbb	PR: 2219 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS buffering bug.	2010-04-06 12:40:10 +00:00
Dr. Stephen Henson	e995d5044e	PR: 2223 Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS timeout bug	2010-04-06 12:29:21 +00:00
Bodo Möller	5b5464d525	Fix for "Record of death" vulnerability CVE-2010-0740. Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010).	2010-03-25 11:22:42 +00:00
Dr. Stephen Henson	7b52778eff	PR: 1731 and maybe 2197 Clear error queue in a few places in SSL code where errors are expected so they don't stay in the queue.	2010-03-24 23:16:49 +00:00
Dr. Stephen Henson	47333a34d5	Submitted by: Tomas Hoger <thoger@redhat.com> Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted).	2010-03-03 15:41:00 +00:00
Dr. Stephen Henson	90278430d9	make USE_CRYPTODEV_DIGESTS work	2010-03-01 01:19:36 +00:00
Dr. Stephen Henson	79363339b7	algorithms field has changed in 1.0.0 and later: update	2010-02-28 00:24:24 +00:00
Dr. Stephen Henson	fbe2c6b33e	Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and 1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos ciphersuite bugs introduced with PR:1336."	2010-02-27 23:04:10 +00:00
Dr. Stephen Henson	8321bab39c	OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved	2010-02-17 19:43:46 +00:00
Dr. Stephen Henson	989238802a	Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as initial connection to unpatched servers. There are no additional security concerns in doing this as clients don't see renegotiation during an attack anyway.	2010-02-17 18:38:10 +00:00
Dr. Stephen Henson	45d6a15ae9	PR: 2171 Submitted by: Tomas Mraz <tmraz@redhat.com> Since SSLv2 doesn't support renegotiation at all don't reject it if legacy renegotiation isn't enabled. Also can now use SSL2 compatible client hello because RFC5746 supports it.	2010-02-16 14:20:40 +00:00
Dr. Stephen Henson	8b354e776b	PR: 2161 Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve. Make no-dsa, no-ecdsa and no-rsa compile again.	2010-02-02 13:36:05 +00:00
Dr. Stephen Henson	868f5e44ca	PR: 2160 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Make session tickets work with DTLS.	2010-02-01 16:49:42 +00:00
Dr. Stephen Henson	4e5fdd11ea	PR: 2159 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Typo in PR#1949 bug, oops!	2010-02-01 12:44:11 +00:00
Dr. Stephen Henson	57749b1b9f	PR: 1949 Submitted by: steve@openssl.org More robust fix and workaround for PR#1949. Don't try to work out if there is any write pending data as this can be unreliable: always flush.	2010-01-26 19:46:30 +00:00
Dr. Stephen Henson	f4f2b52995	oops	2010-01-26 13:56:15 +00:00
Dr. Stephen Henson	c7d5edbf5e	export OPENSSL_isservice and make update	2010-01-26 13:55:33 +00:00
Richard Levitte	c8ca769d3b	Compile t1_reneg on VMS as well. Submitted by Steven M. Schweda <sms@antinode.info>	2010-01-25 00:19:33 +00:00
Dr. Stephen Henson	a377811f15	PR: 2153, 2125 Submitted by: steve@openssl.org The original fix for PR#2125 broke compilation on some Unixware platforms: revert and make conditional on VMS.	2010-01-24 16:57:38 +00:00
Dr. Stephen Henson	ef1b6b2cf2	The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should both address the original bug and retain compatibility with the old behaviour.	2010-01-24 13:54:07 +00:00
Dr. Stephen Henson	ad8ee3d7d1	If legacy renegotiation is not permitted then send a fatal alert if a patched server attempts to renegotiate with an unpatched client.	2010-01-22 18:49:19 +00:00
Dr. Stephen Henson	2a4d0dcb89	The use of NIDs in the password based encryption table can result in algorithms not found when an application uses PKCS#12 and only calls SSL_library_init() instead of OpenSSL_add_all_algorithms(). Simple work around is to add the missing algorithm (40 bit RC2) in SSL_library_init().	2010-01-19 19:55:47 +00:00
Dr. Stephen Henson	04aa7441ab	PR: 2144 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Better fix for PR#2144	2010-01-19 19:11:21 +00:00
Dr. Stephen Henson	ddba003d5e	PR: 2144 Submitted by: steve@openssl.org Fix DTLS connection so new_session is reset if we read second client hello: new_session is used to detect renegotiation.	2010-01-16 19:45:59 +00:00
Dr. Stephen Henson	e59d9a34c9	PR: 2133 Submitted by: steve@openssl.org Add missing DTLS state strings.	2010-01-16 19:20:38 +00:00
Dr. Stephen Henson	8043f01b13	PR: 2125 Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com> Fix gcc-aix compilation issue.	2010-01-14 17:51:52 +00:00
Dr. Stephen Henson	41c0f68630	Fix version handling so it can cope with a major version >3. Although it will be many years before TLS v2.0 or later appears old versions of servers have a habit of hanging around for a considerable time so best if we handle this properly now.	2010-01-13 19:08:29 +00:00
Dr. Stephen Henson	73ff97ad76	Simplify RI+SCSV logic: 1. Send SCSV is not renegotiating, never empty RI. 2. Send RI if renegotiating.	2010-01-07 19:05:03 +00:00
Dr. Stephen Henson	eb17330837	Updates to conform with draft-ietf-tls-renegotiation-03.txt: 1. Add provisional SCSV value. 2. Don't send SCSV and RI at same time. 3. Fatal error is SCSV received when renegotiating.	2010-01-06 17:37:38 +00:00
Dr. Stephen Henson	1f67a3a985	compress_meth should be unsigned	2010-01-05 16:46:39 +00:00
Dr. Stephen Henson	4cba294d79	Client side compression algorithm sanity checks: ensure old compression algorithm matches current and give error if compression is disabled and server requests it (shouldn't happen unless server is broken).	2010-01-01 14:39:51 +00:00
Dr. Stephen Henson	e642fd7a1c	Compression handling on session resume was badly broken: it always used compression algorithms in client hello (a legacy from when the compression algorithm wasn't serialized with SSL_SESSION).	2010-01-01 00:44:36 +00:00
Dr. Stephen Henson	986093affa	Typo	2009-12-27 23:03:25 +00:00
Dr. Stephen Henson	f88e0acb0e	Update RI to match latest spec. MCSV is now called SCSV. Don't send SCSV if renegotiating. Also note if RI is empty in debug messages.	2009-12-27 22:59:09 +00:00
Dr. Stephen Henson	54bc369ad7	Alert to use is now defined in spec: update code	2009-12-17 15:42:43 +00:00
Dr. Stephen Henson	675564835c	New option to enable/disable connection to unpatched servers	2009-12-16 20:28:30 +00:00
Dr. Stephen Henson	2456cd58c4	Allow initial connection (but no renegoriation) to servers which don't support RI. Reorganise RI checking code and handle some missing cases.	2009-12-14 13:55:39 +00:00
Ben Laurie	43a107026d	Missing error code.	2009-12-12 15:57:53 +00:00
Dr. Stephen Henson	f1784f2fd2	Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL	2009-12-11 00:20:58 +00:00
Dr. Stephen Henson	b41a614686	Check s3 is not NULL	2009-12-09 14:53:51 +00:00
Dr. Stephen Henson	52a08e90d1	Add ctrls to clear options and mode. Change RI ctrl so it doesn't clash.	2009-12-09 13:25:38 +00:00
Dr. Stephen Henson	6b5f0458fe	Send no_renegotiation alert as required by spec.	2009-12-08 19:06:09 +00:00
Dr. Stephen Henson	b52a2738d4	Add ctrl and macro so we can determine if peer support secure renegotiation.	2009-12-08 13:42:32 +00:00
Dr. Stephen Henson	10f99d7b77	Add support for magic cipher suite value (MCSV). Make secure renegotiation work in SSLv3: initial handshake has no extensions but includes MCSV, if server indicates RI support then renegotiation handshakes include RI. NB: current MCSV value is bogus for testing only, will be updated when we have an official value. Change mismatch alerts to handshake_failure as required by spec. Also have some debugging fprintfs so we can clearly see what is going on if OPENSSL_RI_DEBUG is set.	2009-12-08 13:15:12 +00:00
Dr. Stephen Henson	593222afe1	PR: 2121 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Add extension support to DTLS code mainly using existing implementation for TLS.	2009-12-08 11:38:18 +00:00
Dr. Stephen Henson	d5b8c46499	PR: 2115 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.	2009-12-01 17:41:42 +00:00
Dr. Stephen Henson	3e8e12a6b6	Servers can't end up talking SSLv2 with legacy renegotiation disabled	2009-11-18 15:09:35 +00:00
Dr. Stephen Henson	5ddbb8f41a	Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation	2009-11-18 14:45:32 +00:00
Dr. Stephen Henson	3c44e92bcb	Include a more meaningful error message when rejecting legacy renegotiation	2009-11-18 14:19:52 +00:00
Dr. Stephen Henson	73582b8117	add missing parts of reneg port, fix apps patch	2009-11-11 14:51:29 +00:00
Dr. Stephen Henson	56327ebe6a	make update	2009-11-10 13:23:04 +00:00
Dr. Stephen Henson	ec4346f6f9	oops, add missing prototypes	2009-11-09 18:58:50 +00:00
Dr. Stephen Henson	bc9058d041	First cut of renegotiation extension. (port to 1.0.0-stable)	2009-11-09 18:45:42 +00:00
Dr. Stephen Henson	e3738c49b8	If it is a new session don't send the old TLS ticket: send a zero length ticket to request a new session.	2009-11-08 14:36:32 +00:00
Dr. Stephen Henson	23b97c6bb5	PR: 2089 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS Fragment size bug fix.	2009-11-02 13:37:17 +00:00
Dr. Stephen Henson	036b3f331b	Generate stateless session ID just after the ticket is received instead of when a session is loaded. This will mean that applications that just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION() will still work.	2009-10-30 14:06:18 +00:00
Dr. Stephen Henson	3d0b604c14	Fix statless session resumption so it can coexist with SNI	2009-10-30 13:22:44 +00:00
Dr. Stephen Henson	257b2bfb6c	Don't attempt session resumption if no ticket is present and session ID length is zero.	2009-10-28 19:52:35 +00:00
Dr. Stephen Henson	a9bb9d0eb4	PR: 2072 Submitted by: Tomas Mraz <tmraz@redhat.com> Approved by: steve@openssl.org Avoid potential doublefree and reuse of freed handshake_buffer.	2009-10-16 15:24:19 +00:00
Dr. Stephen Henson	cc6688d796	PR: 2073 Submitted by: Tomas Mraz <tmraz@redhat.com> Approved by: steve@openssl.org Don't access freed SSL_CTX in SSL_free().	2009-10-16 13:41:52 +00:00
Dr. Stephen Henson	ad187f8905	Fix unitialized warnings	2009-10-04 16:52:35 +00:00
Dr. Stephen Henson	3d1dab4404	PR: 2055 Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct BIO_ctrl error handling in s2_srvr.c	2009-10-01 00:07:10 +00:00
Dr. Stephen Henson	29c2fd46d2	PR: 2054 Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct BIO_ctrl error handling	2009-10-01 00:03:50 +00:00
Dr. Stephen Henson	af3d4e1b02	PR: 2039 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS listen bug fix,	2009-09-15 22:48:30 +00:00
Dr. Stephen Henson	80afb40ae3	Submitted by: Julia Lawall <julia@diku.dk> The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(), CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix so the return code is checked correctly.	2009-09-13 11:27:27 +00:00
Dr. Stephen Henson	a131de9bb2	PR: 2025 Submitted by: Tomas Mraz <tmraz@redhat.com> Approved by: steve@openssl.org Constify SSL_CIPHER_description	2009-09-12 23:18:09 +00:00
Dr. Stephen Henson	0ddd002f60	PR: 1411 Submitted by: steve@openssl.org Allow use of trusted certificates in SSL_CTX_use_chain_file()	2009-09-12 23:09:26 +00:00
Dr. Stephen Henson	53f062d050	PR: 2033 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS listen support.	2009-09-09 17:05:42 +00:00
Dr. Stephen Henson	9769137a43	Typo presumably...	2009-09-06 17:55:40 +00:00
Dr. Stephen Henson	c0688f1aef	Make update, deleting bogus DTLS error code	2009-09-06 15:55:54 +00:00
Dr. Stephen Henson	2e9802b7a7	PR: 2028 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Fix DTLS cookie management bugs.	2009-09-04 17:42:06 +00:00
Dr. Stephen Henson	54ed003ace	PR: 2009 Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov@opera.com> Approved by: steve@openssl.org Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although the ticket mentions buffer overruns this isn't a security issue because the SSL_SESSION structure is generated internally and it should never be possible to supply its contents from an untrusted application (this would among other things destroy session cache security).	2009-09-02 13:20:22 +00:00
Dr. Stephen Henson	f18e10253d	PR: 2022 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Fix DTLS record header length bug.	2009-09-02 12:53:32 +00:00
Dr. Stephen Henson	17f8d8db61	PR: 2006 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Do not use multiple DTLS records for a single user message	2009-08-26 11:51:23 +00:00
Richard Levitte	3798c36686	Include proper header files for time functions. Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>	2009-08-25 07:10:09 +00:00
Dr. Stephen Henson	5a96822f2c	Update default dependency flags. Make error name discrepancies a fatal error. Fix error codes. make update	2009-08-12 17:08:44 +00:00
Dr. Stephen Henson	a4bade7aac	PR: 1997 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS timeout handling fix.	2009-08-12 13:21:26 +00:00
Dr. Stephen Henson	f45e8c7bdd	PR: 2000 Submitted by: Vadim Zeitlin <vz-openssl@zeitlins.org> Approved by: steve@openssl.org Make no-comp compile without warnings.	2009-08-05 15:29:14 +00:00
Dr. Stephen Henson	d7406b1528	PR: 1993 Fix from 0.9.8-stable.	2009-07-24 11:52:32 +00:00
Dr. Stephen Henson	5135d6b985	Fix error codes and indentation.	2009-07-15 11:32:58 +00:00
Dr. Stephen Henson	c8f759ec74	Stop warning of signed/unsigned compare.	2009-07-14 15:28:44 +00:00
Dr. Stephen Henson	cddd00166c	PR: 1984 Submitted by: Michael TÃÂ¼xen <Michael.Tuexen@lurchi.franken.de> Approved by: steve@openssl.org Don't concatenate reads in DTLS.	2009-07-13 11:44:04 +00:00
Dr. Stephen Henson	c155d83f5b	Delete MD2 from algorithm tables and default compilation.	2009-07-08 08:50:53 +00:00
Dr. Stephen Henson	5a03e3ac3f	Fix from HEAD.	2009-07-04 12:05:14 +00:00
Dr. Stephen Henson	08b2097967	Update from HEAD.	2009-07-04 11:44:01 +00:00
Dr. Stephen Henson	2b3cd246e5	PR: 1962 Submitted by: Daniel Mentz <daniel.m@sent.com> Reviewed by: steve@openssl.org Fix "for dtls1_get_record() returns a bad record in one edge case" bug.	2009-07-01 11:29:01 +00:00
Dr. Stephen Henson	76ec9151d1	Update from 0.9.8-stable.	2009-06-30 22:26:28 +00:00
Dr. Stephen Henson	6c24dd9005	Typo.	2009-06-30 20:55:55 +00:00
Dr. Stephen Henson	29b0c4a01c	Add "missing" functions for setting all verify parameters for SSL_CTX and SSL structures.	2009-06-30 11:57:24 +00:00
Dr. Stephen Henson	b824f0f458	Redundant check: s->param is always non-NULL, it is set in SSL_new().	2009-06-30 11:41:35 +00:00
Dr. Stephen Henson	43ea53a04a	Inherit parameters properly in SSL contexts: any parameters set should replace those in the current list.	2009-06-30 11:21:00 +00:00
Dr. Stephen Henson	dbb834ffeb	Update from 0.9.8-stable.	2009-06-28 16:24:11 +00:00
Dr. Stephen Henson	887c250852	Update from 0.9.8-stable.	2009-06-26 15:04:22 +00:00
Dr. Stephen Henson	0cb76e79df	PR: 1748 Fix nasty SSL BIO pop bug. Since this changes the behaviour of SSL BIOs and will break applications that worked around the bug only included in 1.0.0 and later.	2009-06-25 11:26:45 +00:00
Dr. Stephen Henson	72d668c332	Update from HEAD.	2009-06-24 13:30:07 +00:00
Dr. Stephen Henson	3492c47b18	Update from HEAD.	2009-06-17 11:38:26 +00:00
Dr. Stephen Henson	85d9b02d16	Update from HEAD.	2009-06-16 16:55:01 +00:00
Dr. Stephen Henson	bfd502f027	Updates from HEAD.	2009-06-16 16:39:20 +00:00
Ben Laurie	6cfab29b71	Make depend.	2009-06-14 02:37:22 +00:00
Dr. Stephen Henson	55708796af	Update from HEAD.	2009-06-13 20:47:09 +00:00
Dr. Stephen Henson	7074f1df07	Stop gcc bracket warning.	2009-06-05 14:57:10 +00:00
Dr. Stephen Henson	4e63da0669	PR: 1950 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve@openssl.org DTLS fragment retransmission bug.	2009-06-05 14:46:49 +00:00
Dr. Stephen Henson	4e66723517	Update from HEAD.	2009-06-02 11:23:30 +00:00
Dr. Stephen Henson	e1f09dfd84	PR: 1921 Submitted by: Michael Tuexen <tuexen@fh-muenster.de> Reviewed by: steve@openssl.org Add ECDHE and PSK support to DTLS.	2009-05-31 17:11:24 +00:00
Dr. Stephen Henson	6e87cc8da6	Need definition of struct timeval for dtls1.h which broke WIN32 builds, so include winsock.h. (might be a cleaner way to do this...)	2009-05-28 20:53:16 +00:00
Dr. Stephen Henson	cc1cb996f1	Submitted by: Artem Chuprina <ran@cryptocom.ru> Reviewed by: steve@openssl.org Fix to match latest GOST in TLS draft.	2009-05-28 18:10:47 +00:00
Dr. Stephen Henson	0454f2c490	PR: 1929 Submitted by: Michael Tuexen <tuexen@fh-muenster.de> Approved by: steve@openssl.org Updated DTLS MTU bug fix.	2009-05-17 16:04:21 +00:00
Dr. Stephen Henson	abda7c1147	PR: 1931 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Fix fragment handling memory leak.	2009-05-16 16:22:11 +00:00
Dr. Stephen Henson	88b48dc680	PR: 1930 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Limit size of DTLS record buffer queue.	2009-05-16 16:17:46 +00:00
Dr. Stephen Henson	661d35dfb2	Disable ECDHE in DTLS in a cleaner way.	2009-05-16 11:16:15 +00:00
Dr. Stephen Henson	f99c9daa39	Make the stuff compile again, fix missing prototype warnings.	2009-05-16 11:14:55 +00:00
Dr. Stephen Henson	d6584eba8c	PR: 1922 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS Timer bug fix.	2009-05-15 22:58:13 +00:00
Richard Levitte	006c7c6bb1	Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda). Thank you\! (note: not tested for now, a few nightly builds should give indications though)	2009-05-15 16:37:08 +00:00
Dr. Stephen Henson	b3620451b2	PR: 1921 Submitted by: steve@openssl.org Our DTLS implementation doesn't currently handle ECDHE so don't include unsupported ciphers in client hello.	2009-05-13 16:25:35 +00:00
Dr. Stephen Henson	d2f17d9615	Print out DTLS versions too.	2009-05-13 16:24:12 +00:00
Dr. Stephen Henson	561cbe5678	PR: 1923 Submitted by: Daniel Mentz <daniel.m@sent.com>, Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Don't access freed data structure.	2009-05-13 11:51:30 +00:00
Dr. Stephen Henson	4e50f02638	If an SSLv2 method is explicitly asked for use the SSLv2 cipher string: assume an application really wants SSLv2 if they do that. Otherwise stick with the default which excludes all SSLv2 cipher suites.	2009-04-29 14:12:54 +00:00
Dr. Stephen Henson	174ea15647	Typo.	2009-04-28 22:35:42 +00:00
Dr. Stephen Henson	18f8258a87	PR: 1629 Submitted by: Kaspar Brand <ossl-rt@velox.ch> Approved by: steve@openssl.org Don't use extensions if using SSLv3: this chokes some broken servers.	2009-04-28 22:01:53 +00:00
Dr. Stephen Henson	82ae57136b	Some no-ec fixes (not complete yet).	2009-04-23 15:24:27 +00:00
Dr. Stephen Henson	b61a84c8e6	Fix WIN32 warnings.	2009-04-22 15:40:54 +00:00
Dr. Stephen Henson	a543ea44bc	Fix WIN32 warning.	2009-04-22 12:17:02 +00:00
Dr. Stephen Henson	b0dd3d1b94	Another kerberos fix.	2009-04-21 22:30:54 +00:00
Dr. Stephen Henson	21fb688d26	Some fixes for kerberos builds.	2009-04-21 22:20:12 +00:00
Dr. Stephen Henson	dfc8e96daa	Fix warning.	2009-04-21 15:11:59 +00:00
Dr. Stephen Henson	b452f43322	PR: 1751 Submitted by: David Woodhouse <dwmw2@infradead.org> Approved by: steve@openssl.org Compatibility patches for Cisco VPN client DTLS.	2009-04-19 18:03:13 +00:00
Dr. Stephen Henson	9990cb75c1	PR: 1894 Submitted by: Ger Hobbelt <ger@hobbelt.com> Approved by: steve@openssl.org Fix various typos and stuff.	2009-04-16 17:22:51 +00:00
Dr. Stephen Henson	a5cc69c7ae	PR: 1900 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Remove unnecessary included header file.	2009-04-16 16:42:02 +00:00
Dr. Stephen Henson	c900a78c99	PR: 1828 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Updated DTLS Rentransmission bug patch.	2009-04-15 14:49:36 +00:00
Dr. Stephen Henson	46ffb2dc97	PR #1828 reverted: state save/restore incompatible with 1.0.0-stable.	2009-04-14 15:29:34 +00:00
Dr. Stephen Henson	aab790a656	PR: 1829 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS Timer Bug fix.	2009-04-14 14:33:12 +00:00
Dr. Stephen Henson	1319aad994	PR: 1647 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Update patch for PR#1647.	2009-04-14 14:22:26 +00:00
Dr. Stephen Henson	3c0ce01cea	PR: 1827 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Updated patch for PR #1827	2009-04-14 14:20:57 +00:00
Dr. Stephen Henson	9fcbefebdb	PR: 1828 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Update from 0.9.8-stable.	2009-04-14 14:19:46 +00:00
Dr. Stephen Henson	017d2a887f	PR: 1838 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Updated patch from 0.9.8-stable.	2009-04-14 14:18:16 +00:00
Dr. Stephen Henson	9ae5743515	Disable SSLv2 cipher suites by default and avoid SSLv2 compatible client hello if no SSLv2 cipher suites are included. This effectively disables the broken SSLv2 use by default.	2009-04-07 17:01:07 +00:00
Dr. Stephen Henson	c184b140df	Update from 0.9.8-stable.	2009-04-07 16:30:32 +00:00
Dr. Stephen Henson	9d80aa7e3f	Update from 0.9.8-stable	2009-04-07 12:10:59 +00:00
Dr. Stephen Henson	c9a1778134	Fix error codes.	2009-04-05 11:54:34 +00:00
Dr. Stephen Henson	2dd5ca1fbc	Make no-ssl2 work including on Win32 builds.	2009-04-04 17:57:34 +00:00
Dr. Stephen Henson	c6196da587	Update from 0.9.8-stable.	2009-04-02 22:28:52 +00:00
Dr. Stephen Henson	78625cac82	Submitted by: Victor Duchovni <Victor.Duchovni@morganstanley.com> Reviewed by: steve@openssl.org Check return value of sk_SSL_COMP_find() properly.	2009-03-12 17:30:29 +00:00
Ben Laurie	7587347bc4	Fix memory leak.	2009-02-23 16:40:59 +00:00
Ben Laurie	b3f3407850	Use new common flags and fix resulting warnings.	2009-02-15 14:08:51 +00:00
Dr. Stephen Henson	477fd4596f	PR: 1835 Submitted by: Damien Miller <djm@mindrot.org> Approved by: steve@openssl.org Fix various typos.	2009-02-14 21:49:38 +00:00
Bodo Möller	d8e8fc4803	Put back a variable deleted by the previous revision, but used in the code.	2009-02-01 01:08:13 +00:00
Richard Levitte	c7ba21493a	Hopefully resolve signed vs unsigned issue.	2009-01-28 07:09:23 +00:00
Dr. Stephen Henson	d7ecd42255	Fix warnings properly this time ;-)	2009-01-11 20:34:23 +00:00
Dr. Stephen Henson	211655fcdd	Fix sign-compare warnings.	2009-01-11 15:58:51 +00:00
Dr. Stephen Henson	bab534057b	Updatde from stable branch.	2009-01-07 23:44:27 +00:00
Lutz Jänicke	fceac0bc74	Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP Some #include statements were not properly protected. This will go unnoted on most systems as openssl/comp.h tends to be installed as a system header file by default but may become visible when cross compiling.	2009-01-05 14:43:05 +00:00
Ben Laurie	4a94003a51	srvr_ecdh cannot be NULL at this point (Coverity ID 232).	2009-01-02 12:49:07 +00:00
Ben Laurie	d41c785d69	Document dead code.	2008-12-30 13:02:02 +00:00
Ben Laurie	2bd45dc94c	Apparently s->ctx could be NULL. (Coverity ID 147).	2008-12-29 16:15:27 +00:00
Ben Laurie	121f9e743c	Apparently s->ctx could be NULL at this point (see earlier test). (Coverity ID 148).	2008-12-29 16:13:49 +00:00
Ben Laurie	0eab41fb78	If we're going to return errors (no matter how stupid), then we should test for them!	2008-12-29 16:11:58 +00:00
Ben Laurie	8aa02e97a7	Make sure a bad parameter to RSA_verify_PKCS1_PSS() doesn't lead to a crash. (Coverity ID 135).	2008-12-29 13:35:08 +00:00
Ben Laurie	85e878f224	Die earlier if hash is NULL. (Coverity IDs 137 & 138).	2008-12-29 11:54:56 +00:00
Ben Laurie	fe1c7fecf1	Reverse incorrect earlier fix.	2008-12-29 11:47:08 +00:00
Ben Laurie	0e941da6fa	Die earlier if we have no hash function.	2008-12-29 11:46:44 +00:00
Ben Laurie	9b9cb004f7	Deal with the unlikely event that EVP_MD_CTX_size() returns an error. (Coverity ID 140).	2008-12-27 02:09:24 +00:00
Ben Laurie	6ba71a7173	Handle the unlikely event that BIO_get_mem_data() returns -ve.	2008-12-27 02:00:38 +00:00
Dr. Stephen Henson	70531c147c	Make no-engine work again.	2008-12-20 17:04:40 +00:00
Ben Laurie	a9dbe71ee0	Back out pointless change.	2008-12-13 17:45:49 +00:00
Ben Laurie	ecd3370ba0	* empty log message *	2008-12-13 17:45:27 +00:00
Dr. Stephen Henson	349e78e2e8	Stop warning about different const qualifiers.	2008-11-24 17:39:42 +00:00
Ben Laurie	f3b7bdadbc	Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks.	2008-11-16 12:47:12 +00:00
Dr. Stephen Henson	12bf56c017	PR: 1574 Submitted by: Jouni Malinen <j@w1.fi> Approved by: steve@openssl.org Ticket override support for EAP-FAST.	2008-11-15 17:18:12 +00:00
Ben Laurie	774b2fe700	Aftermath of a clashing size_t fix (now only format changes).	2008-11-13 09:48:47 +00:00
Geoff Thorpe	6343829a39	Revert the size_t modifications from HEAD that had led to more knock-on work than expected - they've been extracted into a patch series that can be completed elsewhere, or in a different branch, before merging back to HEAD.	2008-11-12 03:58:08 +00:00
Dr. Stephen Henson	7b808412c9	Make -DKSSL_DEBUG work again.	2008-11-10 19:08:37 +00:00
Dr. Stephen Henson	c76fd290be	Fix warnings about mismatched prototypes, undefined size_t and value computed not used.	2008-11-02 12:50:48 +00:00
Ben Laurie	5e4430e70d	More size_tification.	2008-11-01 16:40:37 +00:00
Ben Laurie	bfaead2b12	Fix warning.	2008-10-29 05:10:09 +00:00
Dr. Stephen Henson	ab7e09f59b	Win32 fixes... add new directory to build system. Fix warnings.	2008-10-27 12:31:13 +00:00
Dr. Stephen Henson	e19106f5fb	Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros with the appropriate parameters which calls OBJ_bsearch(). A compiler will typically inline this. This avoids the need for cmp_xxx variables and fixes unchecked const issues with CHECKED_PTR_OF()	2008-10-22 15:43:01 +00:00
Dr. Stephen Henson	606f6c477a	Fix a shed load or warnings: Duplicate const. Use of ; outside function.	2008-10-20 15:12:00 +00:00
Lutz Jänicke	b8dfde2a36	Remove the DTLS1_BAD_VER thing from 0.9.9-dev. It is present in 0.9.8 but has been omitted from HEAD (0.9.9), see commit http://cvs.openssl.org/chngview?cn=16627 by appro.	2008-10-13 06:45:59 +00:00
Lutz Jänicke	570006f3a2	Half of the commit for 0.9.8 as the bitmap handling has changed. (Firstly... ommitted) Secondly, it wasn't even _dropping_ the offending packets, in the non-blocking case. It was just returning garbage instead. PR: #1752 Submitted by: David Woodhouse <dwmw2@infradead.org>	2008-10-13 06:43:03 +00:00
Ben Laurie	babb379849	Type-checked (and modern C compliant) OBJ_bsearch.	2008-10-12 14:32:47 +00:00
Ben Laurie	6665ef303e	Add missing DTLS1_BAD_VER (hope I got the value right).	2008-10-12 14:04:34 +00:00
Lutz Jänicke	7e7af0bc51	When the underlying BIO_write() fails to send a datagram, we leave the offending record queued as 'pending'. The DTLS code doesn't expect this, and we end up hitting an OPENSSL_assert() in do_dtls1_write(). The simple fix is just _not_ to leave it queued. In DTLS, dropping packets is perfectly acceptable -- and even preferable. If we wanted a service with retries and guaranteed delivery, we'd be using TCP. PR: #1703 Submitted by: David Woodhouse <dwmw2@infradead.org>	2008-10-10 10:41:35 +00:00
Bodo Möller	837f2fc7a4	Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't enable disabled ciphersuites.	2008-09-22 21:22:47 +00:00
Bodo Möller	96562f2fb3	update comment	2008-09-14 19:50:55 +00:00
Bodo Möller	fcbdde0dfe	oops	2008-09-14 18:16:07 +00:00
Andy Polyakov	51ec776b7d	dtls1_write_bytes consumers expect amount of bytes written per call, not overall. PR: 1604	2008-09-14 17:56:15 +00:00
Bodo Möller	e65bcbcef0	Fix SSL state transitions. Submitted by: Nagendra Modadugu	2008-09-14 14:02:07 +00:00
Bodo Möller	f8d6be3f81	Some precautions to avoid potential security-relevant problems.	2008-09-14 13:42:34 +00:00
Andy Polyakov	d493899579	DTLS didn't handle alerts correctly. PR: 1632	2008-09-13 18:24:38 +00:00
Dr. Stephen Henson	3ad74edce8	Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new strength "FIPS" to represent all FIPS approved ciphersuites without NULL encryption.	2008-09-10 16:02:09 +00:00
Dr. Stephen Henson	e8da6a1d0f	Fix from stable branch.	2008-09-03 22:17:11 +00:00
Dr. Stephen Henson	305514000c	Do not discard cached handshake records during resumed sessions: they are used for mac computation.	2008-09-03 12:36:16 +00:00
Dr. Stephen Henson	0702150f53	Make no-tlsext compile.	2008-09-03 12:29:57 +00:00
Bodo Möller	1cbf663a6c	sanity check PR: 1679	2008-08-13 19:45:06 +00:00
Geoff Thorpe	4c3296960d	Remove the dual-callback scheme for numeric and pointer thread IDs, deprecate the original (numeric-only) scheme, and replace with the CRYPTO_THREADID object. This hides the platform-specifics and should reduce the possibility for programming errors (where failing to explicitly check both thread ID forms could create subtle, platform-specific bugs). Thanks to Bodo, for invaluable review and feedback.	2008-08-06 15:54:15 +00:00
Geoff Thorpe	99649b5990	Fix signed/unsigned warning.	2008-08-05 17:48:02 +00:00
Bodo Möller	474b3b1cc8	Fix error codes for memory-saving patch. Also, get rid of compile-time switch OPENSSL_NO_RELEASE_BUFFERS because it was rather pointless (the new behavior has to be explicitly requested by setting SSL_MODE_RELEASE_BUFFERS anyway).	2008-08-04 22:10:38 +00:00
Dr. Stephen Henson	d4cdbab99b	Avoid warnings with -pedantic, specifically: Conversion between void * and function pointer. Value computed not used. Signed/unsigned argument.	2008-07-04 23:12:52 +00:00
Geoff Thorpe	5f834ab123	Revert my earlier CRYPTO_THREADID commit, I will commit a reworked version some time soon.	2008-07-03 19:59:25 +00:00
Dr. Stephen Henson	7555c9337f	Update from stable branch.	2008-06-05 15:13:45 +00:00
Dr. Stephen Henson	0b44c26d78	Remove test fprintf.	2008-06-04 22:39:05 +00:00
Dr. Stephen Henson	4db9677bac	Compilation option to use a specific ssl client auth engine automatically.	2008-06-04 22:34:38 +00:00
Ben Laurie	5ce278a77b	More type-checking.	2008-06-04 11:01:43 +00:00
Dr. Stephen Henson	59d2d48f64	Add support for client cert engine setting in s_client app. Add appropriate #ifdefs round client cert functions in headers.	2008-06-03 11:26:27 +00:00
Dr. Stephen Henson	45d3767d28	Prevent signed/unsigned warning on VC++	2008-06-03 10:17:45 +00:00
Ben Laurie	8671b89860	Memory saving patch.	2008-06-03 02:48:34 +00:00
Dr. Stephen Henson	bdfe932dca	Release engine reference when calling SSL_CTX_free().	2008-06-01 23:06:48 +00:00
Dr. Stephen Henson	3fc59c8406	Allow ENGINE client cert callback to specify a set of other certs, for the rest of the certificate chain. Currently unused.	2008-06-01 22:45:08 +00:00
Dr. Stephen Henson	c61915c659	Update error codes.	2008-06-01 22:34:40 +00:00
Dr. Stephen Henson	368888bcb6	Add client cert engine to SSL routines.	2008-06-01 22:33:24 +00:00
Dr. Stephen Henson	eafd6e5110	Update error codes, move typedef of SSL, SSL_CTX to ossl_typ.h	2008-06-01 21:18:47 +00:00
Bodo Möller	e194fe8f47	From HEAD: Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake which could lead to a cilent crash as found using the Codenomicon TLS test suite (CVE-2008-1672) Reviewed by: openssl-security@openssl.org Obtained from: mark@awe.com	2008-05-28 22:17:34 +00:00
Bodo Möller	40a706286f	From HEAD: Fix double-free in TLS server name extensions which could lead to a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) Reviewed by: openssl-security@openssl.org Obtained from: jorton@redhat.com	2008-05-28 22:15:48 +00:00
Ben Laurie	3c1d6bbc92	LHASH revamp. make depend.	2008-05-26 11:24:29 +00:00
Lutz Jänicke	17a4a4dff8	Reword comment to be much shorter to stop other people from complaining about "overcommenting".	2008-05-26 06:21:13 +00:00
Lutz Jänicke	c2c2e7a438	Clear error queue when starting SSL_CTX_use_certificate_chain_file PR: 1417, 1513 Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>	2008-05-23 10:37:52 +00:00
Dr. Stephen Henson	8a2062fefe	Update from stable branch.	2008-04-30 16:14:02 +00:00
Dr. Stephen Henson	2f63ad5b35	Update from stable branch.	2008-04-29 17:22:35 +00:00
Dr. Stephen Henson	c78bba2343	Oops!	2008-04-29 16:46:46 +00:00
Dr. Stephen Henson	d26c905c67	Update from stable branch.	2008-04-29 16:44:51 +00:00
Dr. Stephen Henson	8fcc9caecc	Update from stable branch.	2008-04-29 16:39:03 +00:00
Dr. Stephen Henson	dc634aff25	Don't send zero length session ID if stateless session resupmtion is successful. Check be seeing if there is a cache hit.	2008-04-25 16:27:04 +00:00
Dr. Stephen Henson	8e3b2dbb31	Disable debugging fprintf.	2008-04-25 11:33:32 +00:00
Geoff Thorpe	f7ccba3edf	There was a need to support thread ID types that couldn't be reliably cast to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed version was added but it required portable code to check both modes to determine equality. This commit maintains the availability of both thread ID types, but deprecates the type-specific accessor APIs that invoke the callbacks - instead a single type-independent API is used. This simplifies software that calls into this interface, and should also make it less error-prone - as forgetting to call and compare both thread ID accessors could have led to hard-to-debug/infrequent bugs (that might only affect certain platforms or thread implementations). As the CHANGES note says, there were corresponding deprecations and replacements in the thread-related functions for BN_BLINDING and ERR too.	2008-03-28 02:49:43 +00:00
Dr. Stephen Henson	fe591284be	Update dependencies.	2008-03-22 18:52:03 +00:00
Geoff Thorpe	1e26a8baed	Fix a variety of warnings generated by some elevated compiler-fascism, OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...	2008-03-16 21:05:46 +00:00
Dr. Stephen Henson	8931b30d84	And so it begins... Initial support for CMS. Add zlib compression BIO. Add AES key wrap implementation. Generalize S/MIME MIME code to support CMS and/or PKCS7.	2008-03-12 21:14:28 +00:00
Andy Polyakov	aff686df91	Fix unsigned/signed warnings in ssl.	2008-01-05 21:35:34 +00:00
Dr. Stephen Henson	9400d9ac83	Initialize sigsize.	2007-12-14 16:53:50 +00:00

... 8 9 10 11 12 ...

1807 commits