Mark J. Cox
951dfbb13a
Introduce limits to prevent malicious keys being able to
...
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 11:29:03 +00:00
Dr. Stephen Henson
81780a3b62
Update from HEAD.
2006-09-23 17:30:25 +00:00
Bodo Möller
879b30aaa3
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
...
ciphersuite as well
2006-09-11 09:48:46 +00:00
Ben Laurie
616f581650
Fix warning.
2006-07-02 14:43:21 +00:00
Bodo Möller
e6e3f38bfa
Fix for previous change: explicitly named ciphersuites are OK to add
2006-06-22 13:07:45 +00:00
Bodo Möller
aa17ab7e57
Put ECCdraft ciphersuites back into default build (but disabled
...
unless specifically requested)
2006-06-22 12:35:54 +00:00
Bodo Möller
35908bd040
Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)
2006-06-20 08:50:33 +00:00
Bodo Möller
0e73294e26
Disable invalid ciphersuites
2006-06-14 17:52:01 +00:00
Bodo Möller
b610f46bae
Make sure that AES ciphersuites get priority over Camellia ciphersuites
...
in the default cipher string.
2006-06-14 13:52:49 +00:00
Bodo Möller
6d2cd23f40
Thread-safety fixes
2006-06-14 08:51:41 +00:00
Bodo Möller
e18eef3d7a
Camellia cipher, contributed by NTT
...
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:42:21 +00:00
Dr. Stephen Henson
b723a7b11b
Don't check for padding bug if compression is negotiated.
...
PR: 1204
2006-05-07 12:27:48 +00:00
Dr. Stephen Henson
cbb0b734c7
If cipher list contains a match for an explicit ciphersuite only match that
...
one suite.
2006-04-15 00:22:34 +00:00
Nils Larsch
41d4d6721c
fix no-dh configure option; patch supplied by Peter Meerwald
2006-02-24 17:58:35 +00:00
Nils Larsch
22d1087e16
backport recent changes from the cvs head
2006-02-08 19:16:33 +00:00
Dr. Stephen Henson
9f85fcefdc
Update filenames in makefiles
2006-02-04 01:49:36 +00:00
Nils Larsch
45803988ce
make "./configure no-ssl2" work again
...
PR: 1217
2006-01-15 16:57:01 +00:00
Nils Larsch
82a2cb6f51
fix cipher list order
2006-01-15 07:14:38 +00:00
Bodo Möller
c55d882fab
Avoid contradictive error code assignments.
...
"make error".
2006-01-08 21:52:46 +00:00
Bodo Möller
2e885232c2
Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)
2006-01-08 19:41:25 +00:00
Bodo Möller
a14afd0804
Rewrite timeout computation in a way that is less prone to overflow.
...
(Problem reported by Peter Sylvester.)
2005-12-30 23:51:57 +00:00
Bodo Möller
bc9320452c
update TLS-ECC code
...
Submitted by: Douglas Stebila
2005-12-13 07:41:47 +00:00
Dr. Stephen Henson
974d52fdb8
Fix from HEAD.
2005-12-05 17:32:22 +00:00
Mark J. Cox
64932f9e4a
Add fixes for CAN-2005-2969
...
Bump release ready for OpenSSL_0_9_8a tag
2005-10-11 10:16:21 +00:00
Dr. Stephen Henson
416b6fd115
Make OPENSSL_NO_COMP work on Win32.
2005-10-02 12:26:06 +00:00
Dr. Stephen Henson
f685cf920b
As HEAD.
2005-10-01 00:41:24 +00:00
Dr. Stephen Henson
54f51116b2
Update from HEAD.
2005-09-30 23:38:20 +00:00
Dr. Stephen Henson
daa657fb78
Fix from HEAD.
2005-09-21 00:57:28 +00:00
Nils Larsch
7f622f6c04
fix warnings when building openssl with (gcc 3.3.1):
...
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
-Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
-Wstrict-prototypes -Wreturn-type -Wpointer-arith -W -Wunused
-Wno-unused-parameter -Wuninitialized
2005-08-28 23:20:52 +00:00
Ben Laurie
801136bcc2
Fix warnings.
2005-08-27 12:05:23 +00:00
Nils Larsch
3c0e39c539
Keep cipher lists sorted in the source instead of sorting them at
...
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.
2005-08-25 07:43:04 +00:00
Nils Larsch
cd9911fdf8
initialize cipher/digest methods table in SSL_library_init() and hence remove the need for a lock
2005-08-21 23:06:51 +00:00
Nils Larsch
cf1546a60e
a ssl object needs it's own instance of a ecdh key; remove obsolete comment
2005-08-08 19:39:29 +00:00
Nils Larsch
e7eec05af0
fix typo
2005-08-08 19:26:35 +00:00
Dr. Stephen Henson
222f224664
Initialize SSL_METHOD structures at compile time. This removes the need
...
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-08-05 23:52:08 +00:00
Andy Polyakov
2d54cc69c9
WCE update, mostly typos [from HEAD].
2005-08-03 20:04:05 +00:00
Nils Larsch
3de6d65ea3
improved error checking and some fixes
...
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
2005-07-26 20:55:17 +00:00
Nils Larsch
4913b88f70
make
...
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make all test
work again (+ make update)
PR: 1159
2005-07-16 11:13:10 +00:00
Ben Laurie
910d193029
Did you know it was wrong to use a char as an array index?
2005-06-28 13:27:53 +00:00
Andy Polyakov
beae6324e5
Eliminate dependency on UNICODE macro.
2005-06-27 21:21:12 +00:00
Richard Levitte
a50a2126cf
DCC doesn't like argument names in returned function pointers.
...
PR: 1122
2005-06-23 21:35:20 +00:00
Richard Levitte
c58a1f76f8
Do not undefine _XOPEN_SOURCE. This is currently experimental, and
...
will be firmed up as soon as it's been verified not to break anything.
2005-06-16 22:19:14 +00:00
Nils Larsch
cac0d4ee6f
- let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an
...
error if the cipher list is empty
- fix last commit in ssl_create_cipher_list
- clean up ssl_create_cipher_list
2005-06-10 19:51:16 +00:00
Nils Larsch
898d3ecce0
use "=" instead of "|=", fix typo
2005-06-08 22:20:24 +00:00
Nils Larsch
4e2a0e58f2
ssl_create_cipher_list should return an error if no cipher could be
...
collected (see SSL_CTX_set_cipher_list manpage). Fix handling of
"cipher1+cipher2" expressions in ssl_cipher_process_rulestr
PR: 836 + 1005
2005-06-08 21:13:52 +00:00
Richard Levitte
0fb4d54068
Further change pq_compat.h to generate the flag macros PQ_64BIT_IS_INTEGER
...
and PQ_64BIT_IS_BIGNUM with the values 0 (for false) and 1 (for true),
depending on which is true. Use those flags everywhere else to provide
the correct implementation for handling certain operations in q PQ_64BIT.
2005-06-06 00:32:30 +00:00
Richard Levitte
d28b7799dd
handshake_write_seq is an unsigned short, so treat it like one
2005-06-02 17:26:17 +00:00
Nils Larsch
7ea61df414
clear error queue on success and return NULL if cert could be read
...
PR: 1088
2005-06-01 08:31:22 +00:00
Richard Levitte
335ed97263
Synchronise more with the Unix build
2005-05-31 20:28:55 +00:00
Richard Levitte
3d37d5e24a
Forgottent make update. These files will be retagged.
2005-05-30 23:20:32 +00:00