openssl

Author	SHA1	Message	Date
Richard Levitte	7e2bf83100	Fixes for the following claims: 1) Certificate Message with no certs OpenSSL implementation sends the Certificate message during SSL handshake, however as per the specification, these have been omitted. -- RFC 2712 -- CertificateRequest, and the ServerKeyExchange shown in Figure 1 will be omitted since authentication and the establishment of a master secret will be done using the client's Kerberos credentials for the TLS server. The client's certificate will be omitted for the same reason. -- RFC 2712 -- 3) Pre-master secret Protocol version The pre-master secret generated by OpenSSL does not have the correct client version. RFC 2712 says, if the Kerberos option is selected, the pre-master secret structure is the same as that used in the RSA case. TLS specification defines pre-master secret as: struct { ProtocolVersion client_version; opaque random[46]; } PreMasterSecret; where client_version is the latest protocol version supported by the client The pre-master secret generated by OpenSSL does not have the correct client version. The implementation does not update the first 2 bytes of random secret for Kerberos Cipher suites. At the server-end, the client version from the pre-master secret is not validated. PR: 1336	2006-09-28 12:23:15 +00:00
Mark J. Cox	951dfbb13a	Introduce limits to prevent malicious keys being able to cause a denial of service. (CVE-2006-2940) [Steve Henson, Bodo Moeller] Fix ASN.1 parsing of certain invalid structures that can result in a denial of service. (CVE-2006-2937) [Steve Henson] Fix buffer overflow in SSL_get_shared_ciphers() function. (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] Fix SSL client code which could crash if connecting to a malicious SSLv2 server. (CVE-2006-4343) [Tavis Ormandy and Will Drewry, Google Security Team]	2006-09-28 11:29:03 +00:00
Dr. Stephen Henson	81780a3b62	Update from HEAD.	2006-09-23 17:30:25 +00:00
Bodo Möller	879b30aaa3	ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 ciphersuite as well	2006-09-11 09:48:46 +00:00
Ben Laurie	616f581650	Fix warning.	2006-07-02 14:43:21 +00:00
Bodo Möller	e6e3f38bfa	Fix for previous change: explicitly named ciphersuites are OK to add	2006-06-22 13:07:45 +00:00
Bodo Möller	aa17ab7e57	Put ECCdraft ciphersuites back into default build (but disabled unless specifically requested)	2006-06-22 12:35:54 +00:00
Bodo Möller	35908bd040	Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)	2006-06-20 08:50:33 +00:00
Bodo Möller	0e73294e26	Disable invalid ciphersuites	2006-06-14 17:52:01 +00:00
Bodo Möller	b610f46bae	Make sure that AES ciphersuites get priority over Camellia ciphersuites in the default cipher string.	2006-06-14 13:52:49 +00:00
Bodo Möller	6d2cd23f40	Thread-safety fixes	2006-06-14 08:51:41 +00:00
Bodo Möller	e18eef3d7a	Camellia cipher, contributed by NTT Submitted by: Masashi Fujita Reviewed by: Bodo Moeller	2006-06-09 15:42:21 +00:00
Dr. Stephen Henson	b723a7b11b	Don't check for padding bug if compression is negotiated. PR: 1204	2006-05-07 12:27:48 +00:00
Dr. Stephen Henson	cbb0b734c7	If cipher list contains a match for an explicit ciphersuite only match that one suite.	2006-04-15 00:22:34 +00:00
Nils Larsch	41d4d6721c	fix no-dh configure option; patch supplied by Peter Meerwald	2006-02-24 17:58:35 +00:00
Nils Larsch	22d1087e16	backport recent changes from the cvs head	2006-02-08 19:16:33 +00:00
Dr. Stephen Henson	9f85fcefdc	Update filenames in makefiles	2006-02-04 01:49:36 +00:00
Nils Larsch	45803988ce	make "./configure no-ssl2" work again PR: 1217	2006-01-15 16:57:01 +00:00
Nils Larsch	82a2cb6f51	fix cipher list order	2006-01-15 07:14:38 +00:00
Bodo Möller	c55d882fab	Avoid contradictive error code assignments. "make error".	2006-01-08 21:52:46 +00:00
Bodo Möller	2e885232c2	Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)	2006-01-08 19:41:25 +00:00
Bodo Möller	a14afd0804	Rewrite timeout computation in a way that is less prone to overflow. (Problem reported by Peter Sylvester.)	2005-12-30 23:51:57 +00:00
Bodo Möller	bc9320452c	update TLS-ECC code Submitted by: Douglas Stebila	2005-12-13 07:41:47 +00:00
Dr. Stephen Henson	974d52fdb8	Fix from HEAD.	2005-12-05 17:32:22 +00:00
Mark J. Cox	64932f9e4a	Add fixes for CAN-2005-2969 Bump release ready for OpenSSL_0_9_8a tag	2005-10-11 10:16:21 +00:00
Dr. Stephen Henson	416b6fd115	Make OPENSSL_NO_COMP work on Win32.	2005-10-02 12:26:06 +00:00
Dr. Stephen Henson	f685cf920b	As HEAD.	2005-10-01 00:41:24 +00:00
Dr. Stephen Henson	54f51116b2	Update from HEAD.	2005-09-30 23:38:20 +00:00
Dr. Stephen Henson	daa657fb78	Fix from HEAD.	2005-09-21 00:57:28 +00:00
Nils Larsch	7f622f6c04	fix warnings when building openssl with (gcc 3.3.1): -Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar -Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts -Wstrict-prototypes -Wreturn-type -Wpointer-arith -W -Wunused -Wno-unused-parameter -Wuninitialized	2005-08-28 23:20:52 +00:00
Ben Laurie	801136bcc2	Fix warnings.	2005-08-27 12:05:23 +00:00
Nils Larsch	3c0e39c539	Keep cipher lists sorted in the source instead of sorting them at runtime, thus removing the need for a lock. Add a test to ssltest to verify that the cipher lists are sorted.	2005-08-25 07:43:04 +00:00
Nils Larsch	cd9911fdf8	initialize cipher/digest methods table in SSL_library_init() and hence remove the need for a lock	2005-08-21 23:06:51 +00:00
Nils Larsch	cf1546a60e	a ssl object needs it's own instance of a ecdh key; remove obsolete comment	2005-08-08 19:39:29 +00:00
Nils Larsch	e7eec05af0	fix typo	2005-08-08 19:26:35 +00:00
Dr. Stephen Henson	222f224664	Initialize SSL_METHOD structures at compile time. This removes the need for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.	2005-08-05 23:52:08 +00:00
Andy Polyakov	2d54cc69c9	WCE update, mostly typos [from HEAD].	2005-08-03 20:04:05 +00:00
Nils Larsch	3de6d65ea3	improved error checking and some fixes PR: 1170 Submitted by: Yair Elharrar Reviewed and edited by: Nils Larsch	2005-07-26 20:55:17 +00:00
Nils Larsch	4913b88f70	make ./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa] make all test work again (+ make update) PR: 1159	2005-07-16 11:13:10 +00:00
Ben Laurie	910d193029	Did you know it was wrong to use a char as an array index?	2005-06-28 13:27:53 +00:00
Andy Polyakov	beae6324e5	Eliminate dependency on UNICODE macro.	2005-06-27 21:21:12 +00:00
Richard Levitte	a50a2126cf	DCC doesn't like argument names in returned function pointers. PR: 1122	2005-06-23 21:35:20 +00:00
Richard Levitte	c58a1f76f8	Do not undefine _XOPEN_SOURCE. This is currently experimental, and will be firmed up as soon as it's been verified not to break anything.	2005-06-16 22:19:14 +00:00
Nils Larsch	cac0d4ee6f	- let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an error if the cipher list is empty - fix last commit in ssl_create_cipher_list - clean up ssl_create_cipher_list	2005-06-10 19:51:16 +00:00
Nils Larsch	898d3ecce0	use "=" instead of "\|=", fix typo	2005-06-08 22:20:24 +00:00
Nils Larsch	4e2a0e58f2	ssl_create_cipher_list should return an error if no cipher could be collected (see SSL_CTX_set_cipher_list manpage). Fix handling of "cipher1+cipher2" expressions in ssl_cipher_process_rulestr PR: 836 + 1005	2005-06-08 21:13:52 +00:00
Richard Levitte	0fb4d54068	Further change pq_compat.h to generate the flag macros PQ_64BIT_IS_INTEGER and PQ_64BIT_IS_BIGNUM with the values 0 (for false) and 1 (for true), depending on which is true. Use those flags everywhere else to provide the correct implementation for handling certain operations in q PQ_64BIT.	2005-06-06 00:32:30 +00:00
Richard Levitte	d28b7799dd	handshake_write_seq is an unsigned short, so treat it like one	2005-06-02 17:26:17 +00:00
Nils Larsch	7ea61df414	clear error queue on success and return NULL if cert could be read PR: 1088	2005-06-01 08:31:22 +00:00
Richard Levitte	335ed97263	Synchronise more with the Unix build	2005-05-31 20:28:55 +00:00

1 2 3 4 5 ...

726 commits