Dr. Stephen Henson
7512141162
OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved
2010-02-17 19:43:56 +00:00
Dr. Stephen Henson
c2c49969e2
Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
...
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
2010-02-17 18:38:31 +00:00
Dr. Stephen Henson
47e0a1c335
PR: 2100
...
Submitted by: James Baker <jbaker@tableausoftware.com> et al.
Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:41 +00:00
Dr. Stephen Henson
439aab3afc
Submitted by: Dmitry Ivanov <vonami@gmail.com>
...
Don't leave dangling pointers in GOST engine if calls fail.
2010-02-16 14:30:29 +00:00
Dr. Stephen Henson
8d934c2585
PR: 2171
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.
Also can now use SSL2 compatible client hello because RFC5746 supports it.
2010-02-16 14:21:11 +00:00
Dr. Stephen Henson
1458b931eb
The "block length" for CFB mode was incorrectly coded as 1 all the time. It
...
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
2010-02-15 19:40:16 +00:00
Dr. Stephen Henson
20eb7238cb
Correct ECB mode EVP_CIPHER definition: IV length is 0
2010-02-15 19:26:02 +00:00
Dr. Stephen Henson
79cfc3ac54
add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable
2010-02-15 19:20:13 +00:00
Dr. Stephen Henson
918a5d04e4
PR: 2164
...
Submitted by: "Noszticzius, Istvan" <inoszticzius@rightnow.com>
Don't clear the output buffer: ciphers should correctly the same input
and output buffers.
2010-02-15 19:00:12 +00:00
Dr. Stephen Henson
f959598866
update references to new RI RFC
2010-02-12 21:59:31 +00:00
Dr. Stephen Henson
5a9e3f05ff
PR: 2170
...
Submitted by: Magnus Lilja <lilja.magnus@gmail.com>
Make -c option in dgst work again.
2010-02-12 17:07:16 +00:00
Dr. Stephen Henson
29e722f031
Fix memory leak in ENGINE autoconfig code. Improve error logging.
2010-02-09 14:17:14 +00:00
Dr. Stephen Henson
05566760da
update year
2010-02-09 14:12:49 +00:00
Dr. Stephen Henson
e3e31ff482
Use supplied ENGINE when initialising CMAC. Restore pctx setting.
2010-02-08 16:31:28 +00:00
Dr. Stephen Henson
bae060c06a
add cvsignore
2010-02-08 15:34:02 +00:00
Dr. Stephen Henson
0ff907caf8
Make update.
2010-02-08 15:33:23 +00:00
Dr. Stephen Henson
c8ef656df2
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
8c968e0355
Initial experimental CMAC implementation.
2010-02-07 18:01:07 +00:00
Dr. Stephen Henson
cc0661374f
make update
2010-02-07 13:54:30 +00:00
Dr. Stephen Henson
089f02c577
oops, use new value for new flag
2010-02-07 13:50:36 +00:00
Dr. Stephen Henson
c2bf720842
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
...
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
2010-02-07 13:39:39 +00:00
Dr. Stephen Henson
c95bf51167
don't assume 0x is at start of string
2010-02-03 18:19:22 +00:00
Dr. Stephen Henson
2712a2f625
tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
2010-02-02 14:30:39 +00:00
Dr. Stephen Henson
17ebc10ffa
PR: 2161
...
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.
Make no-dsa, no-ecdsa and no-rsa compile again.
2010-02-02 13:35:27 +00:00
Dr. Stephen Henson
434745dc19
PR: 2160
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Make session tickets work with DTLS.
2010-02-01 16:51:09 +00:00
Dr. Stephen Henson
b380f9b884
PR: 2159
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Typo in PR#1949 bug, oops!
2010-02-01 12:43:45 +00:00
Richard Levitte
749af8cb61
Typo.
2010-01-29 12:07:46 +00:00
Richard Levitte
1d62de0395
The previous take went wrong, try again.
2010-01-29 12:02:50 +00:00
Richard Levitte
d7b99700c0
Architecture specific header files need special handling.
2010-01-29 11:44:36 +00:00
Richard Levitte
cd6bc02b29
If opensslconf.h and buildinf.h are to be in an architecture specific
...
directory, place it in the same tree as the other architecture
specific things.
2010-01-29 11:43:50 +00:00
Dr. Stephen Henson
da454e4c67
typo
2010-01-29 00:09:33 +00:00
Dr. Stephen Henson
08c239701b
Experimental renegotiation support in s_server test -www server.
2010-01-28 19:48:36 +00:00
Dr. Stephen Henson
92714455af
In engine_table_select() don't clear out entire error queue: just clear
...
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
2010-01-28 17:49:25 +00:00
Dr. Stephen Henson
00b525781b
oops revert test code accidentally committed
2010-01-28 16:48:39 +00:00
Dr. Stephen Henson
891d3c7a60
revert previous change
2010-01-28 14:17:39 +00:00
Dr. Stephen Henson
9fb6fd34f8
reword RI description
2010-01-27 18:53:33 +00:00
Dr. Stephen Henson
c2963f5b87
revert wrongly committed test code
2010-01-27 17:49:33 +00:00
Dr. Stephen Henson
99b36a8c31
update documentation to reflect new renegotiation options
2010-01-27 17:46:24 +00:00
Dr. Stephen Henson
89e56aebef
Some shells print out the directory name if CDPATH is set breaking the
...
pod2man test. Use ./util instead to avoid this.
2010-01-27 16:07:17 +00:00
Dr. Stephen Henson
4ba1aa393b
typo
2010-01-27 14:05:39 +00:00
Dr. Stephen Henson
1e27847d4e
PR: 2157
...
Submitted by: "Green, Paul" <Paul.Green@stratus.com>
Typo.
2010-01-27 12:54:58 +00:00
Richard Levitte
407a410136
Have the VMS build system catch up with the 1.0.0-stable branch.
2010-01-27 09:18:42 +00:00
Richard Levitte
9921f865e4
Apparently, test/testtsa.com was only half done
2010-01-27 01:19:07 +00:00
Richard Levitte
c8c07be883
size_t doesn't compare less than zero...
2010-01-27 01:18:21 +00:00
Dr. Stephen Henson
d5e7f2f2c3
PR: 1949
...
Submitted by: steve@openssl.org
More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
2010-01-26 19:47:37 +00:00
Dr. Stephen Henson
1bfdbd8e75
PR: 2138
...
Submitted by: Kevin Regan <k.regan@f5.com>
Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.
2010-01-26 18:07:26 +00:00
Dr. Stephen Henson
e92f9f45e8
Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and
...
later.
2010-01-26 14:29:06 +00:00
Dr. Stephen Henson
8c02119e39
OPENSSL_isservice is now defined on all platforms not just WIN32
2010-01-26 13:59:32 +00:00
Dr. Stephen Henson
ca9f55f710
export OPENSSL_isservice and make update
2010-01-26 13:52:36 +00:00
Dr. Stephen Henson
58c0da84dd
Typo
2010-01-26 12:30:00 +00:00