Commit graph

837 commits

Author SHA1 Message Date
Dr. Stephen Henson
f86d65110d 0.9.8 version of PR#1931 fix. 2009-05-18 16:22:43 +00:00
Dr. Stephen Henson
4730ea8a38 Fix from 1.0.0-stable branch. 2009-05-18 16:12:56 +00:00
Dr. Stephen Henson
b7d0d35a13 Modified PR#1929 update from 1.0.0-stable. 2009-05-17 16:42:14 +00:00
Dr. Stephen Henson
e12ceb2c92 Reverted fix to PR#1931.. breaks compilation in 0.9.8. 2009-05-17 16:28:13 +00:00
Dr. Stephen Henson
76428da729 Fix from 1.0.0-stable. 2009-05-16 16:23:35 +00:00
Dr. Stephen Henson
6bf4ca0840 Update from 1.0.0-stable. 2009-05-16 16:18:45 +00:00
Dr. Stephen Henson
efa59b8d59 Updates from 1.0.0-stable. 2009-05-16 15:51:59 +00:00
Richard Levitte
48f48d96ce Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
2009-05-15 16:37:29 +00:00
Dr. Stephen Henson
26b82246b1 Update from 1.0.0-stable. 2009-05-13 11:52:29 +00:00
Dr. Stephen Henson
5d577d7eb0 Update from 1.0.0-stable. 2009-04-28 22:02:16 +00:00
Dr. Stephen Henson
a224fe14e9 PR: 1751
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.
2009-04-19 18:08:12 +00:00
Dr. Stephen Henson
caeb429055 Update from 1.0.0-stable. 2009-04-16 16:43:18 +00:00
Dr. Stephen Henson
b00c36e366 PR: 1829
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timer bug fix from 1.0.0-stable with fixes.
2009-04-14 15:20:48 +00:00
Dr. Stephen Henson
1f9a128519 PR: 1647
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Renogotiation bug fix.
2009-04-14 14:28:33 +00:00
Dr. Stephen Henson
0d399f97dd Submitted by: Darryl Miles <darryl-mailinglists@netbauds.net>
Approved by: steve@openssl.org

Handle non-blocking I/O properly in SSL_shutdown() call.
2009-04-07 16:28:30 +00:00
Dr. Stephen Henson
3fdc2c906d PR: 1795
Submitted by: Peter Edwards <peter.edwards@vordel.com>
Approved by: steve@openssl.org

Avoid race condition by sorting cipher list straight away.
2009-04-07 12:10:12 +00:00
Dr. Stephen Henson
6252f3bc7c PR: 1827
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix application data in handshake bug.
2009-04-02 22:34:59 +00:00
Dr. Stephen Henson
4e319926d7 PR: 1828
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS retransmission bug.
2009-04-02 22:32:16 +00:00
Dr. Stephen Henson
e4f456918f PR: 1826
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Client random bug fix.
2009-04-02 22:28:35 +00:00
Dr. Stephen Henson
c342341ea1 Ooops, revert patch... due to non-portable gettimeofday call. 2009-04-02 22:19:07 +00:00
Dr. Stephen Henson
9d396bee8e PR: 1829
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timer bug fix.
2009-04-02 22:16:02 +00:00
Dr. Stephen Henson
a9427c2536 PR: 1838
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS fragment bug.
2009-04-02 22:12:13 +00:00
Dr. Stephen Henson
1fde5b65c6 Fix from HEAD. 2009-03-12 17:31:18 +00:00
Ben Laurie
241d088156 Fix memory leak. 2009-02-23 16:02:47 +00:00
Dr. Stephen Henson
72f6453c48 PR: 1835
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
2009-02-14 21:50:14 +00:00
Dr. Stephen Henson
a00c3c4019 Properly check EVP_VerifyFinal() and similar return values
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
2009-01-07 10:48:23 +00:00
Lutz Jänicke
f4677b7960 Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
2009-01-05 14:43:07 +00:00
Dr. Stephen Henson
4b253d904d Avoid signed/unsigned compare warnings. 2008-12-29 00:17:36 +00:00
Dr. Stephen Henson
2c17b493b1 Make -DKSSL_DEBUG work again. 2008-11-10 18:55:07 +00:00
Lutz Jänicke
4db3e88459 Firstly, the bitmap we use for replay protection was ending up with zero
length, so a _single_ pair of packets getting switched around would
cause one of them to be 'dropped'.

Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-10-13 06:43:06 +00:00
Lutz Jänicke
ab073bad4f When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().

The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-10-10 10:41:32 +00:00
Bodo Möller
d875413a0b Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.
2008-09-22 21:22:51 +00:00
Dr. Stephen Henson
e852835da6 Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
52702f6f92 Updates to build system from FIPS branch. Make fipscanisterbuild work and
build FIPS test programs.
2008-09-17 15:56:42 +00:00
Bodo Möller
446881468c update comment 2008-09-14 19:50:53 +00:00
Bodo Möller
c198c26226 oops 2008-09-14 18:16:09 +00:00
Andy Polyakov
54d6ddba69 dtls1_write_bytes consumers expect amount of bytes written per call, not
overall [from HEAD].
PR: 1604
2008-09-14 17:57:03 +00:00
Dr. Stephen Henson
1af12ff1d1 Fix error code discrepancy.
Make update.
2008-09-14 16:43:37 +00:00
Bodo Möller
200d00c854 Fix SSL state transitions.
Submitted by: Nagendra Modadugu
2008-09-14 14:02:01 +00:00
Bodo Möller
36a4a67b2b Some precautions to avoid potential security-relevant problems. 2008-09-14 13:42:40 +00:00
Andy Polyakov
3413424f01 DTLS didn't handle alerts correctly [from HEAD].
PR: 1632
2008-09-13 18:25:36 +00:00
Dr. Stephen Henson
8f59c61d1d If tickets disabled behave as if no ticket received to support
stateful resume.
2008-09-03 22:13:04 +00:00
Bodo Möller
f9f6f0e9f0 sanity check
PR: 1679
2008-08-13 19:44:44 +00:00
Dr. Stephen Henson
14748adb09 Make ssl code consistent with FIPS branch. The new code has no effect
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
2008-06-16 16:56:43 +00:00
Dr. Stephen Henson
0278e15fa3 If auto load ENGINE lookup fails retry adding builtin ENGINEs. 2008-06-05 15:13:03 +00:00
Dr. Stephen Henson
56ef1cbc40 include engine.h if needed. 2008-06-05 11:23:35 +00:00
Dr. Stephen Henson
591371566e Update from HEAD. 2008-06-04 22:39:29 +00:00
Dr. Stephen Henson
4aefb1dd98 Backport more ENGINE SSL client auth code to 0.9.8. 2008-06-04 18:35:27 +00:00
Dr. Stephen Henson
aa03989791 Backport ssl client auth ENGINE support to 0.9.8. 2008-06-04 18:01:40 +00:00
Bodo Möller
cec9bce126 fix whitespace 2008-05-28 22:22:50 +00:00