Commit graph

10227 commits

Author SHA1 Message Date
Bodo Möller
409d2a1b71 Fix for builds without DTLS support.
Submitted by: Brian Carlstrom
2012-01-05 10:22:39 +00:00
Dr. Stephen Henson
e0b9678d7f PR: 2671
Submitted by: steve

Update maximum message size for certifiate verify messages to support
4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.
2012-01-05 00:28:29 +00:00
Dr. Stephen Henson
166dea6ac8 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send fatal alert if heartbeat extension has an illegal value.
2012-01-05 00:23:31 +00:00
Dr. Stephen Henson
52bef4d677 disable heartbeats if tlsext disabled 2012-01-05 00:07:34 +00:00
Dr. Stephen Henson
801e5ef840 update CHANGES 2012-01-04 23:53:52 +00:00
Dr. Stephen Henson
0044739ae5 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 23:52:05 +00:00
Dr. Stephen Henson
4e44bd3650 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 23:13:29 +00:00
Dr. Stephen Henson
0cffb0cd3e fix CHANGES 2012-01-04 23:11:43 +00:00
Dr. Stephen Henson
aaa3850ccd Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 23:07:54 +00:00
Dr. Stephen Henson
a17b5d5a4f Check GOST parameters are not NULL (CVE-2012-0027) 2012-01-04 23:03:20 +00:00
Dr. Stephen Henson
2f97765bc3 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 23:01:19 +00:00
Dr. Stephen Henson
3205ca8deb fix warnings 2012-01-04 14:46:04 +00:00
Dr. Stephen Henson
1cb4d65b87 Submitted by: Adam Langley <agl@chromium.org>
Reviewed by: steve

Fix memory leaks.
2012-01-04 14:25:28 +00:00
Dr. Stephen Henson
7b2dd292bc only send heartbeat extension from server if client sent one 2012-01-03 22:03:07 +00:00
Dr. Stephen Henson
ab585551c0 prepare for 1.0.1-beta1 2012-01-03 13:30:28 +00:00
Dr. Stephen Henson
6cf0d7b999 OpenSSL 1.0.1 is now in beta. 2012-01-02 18:28:28 +00:00
Dr. Stephen Henson
9d972207f0 incomplete provisional OAEP CMS decrypt support 2012-01-02 18:16:40 +00:00
Dr. Stephen Henson
d9834ff24b make update 2012-01-02 16:41:11 +00:00
Dr. Stephen Henson
d9c3ba05e7 update NEWS 2012-01-02 16:31:46 +00:00
Dr. Stephen Henson
03467ce6bd recognise HEARTBEATS in mkdef.pl script 2011-12-31 23:49:45 +00:00
Dr. Stephen Henson
6e750fcb1e update CHANGES 2011-12-31 23:07:28 +00:00
Dr. Stephen Henson
bd6941cfaa PR: 2658
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
578519edd0 make error code checking strict 2011-12-27 15:17:50 +00:00
Dr. Stephen Henson
5c05f69450 make update 2011-12-27 14:38:27 +00:00
Dr. Stephen Henson
f529dca488 fix error code 2011-12-27 14:37:43 +00:00
Dr. Stephen Henson
296aca9dcf fix deprecated statement 2011-12-27 14:36:57 +00:00
Dr. Stephen Henson
b170703128 update default depflags 2011-12-27 14:28:25 +00:00
Dr. Stephen Henson
b300fb7734 PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.

- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
2011-12-27 14:23:22 +00:00
Dr. Stephen Henson
f89af47438 PR: 2326
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve

Fix incorrect comma expressions and goto f_err as alert has been set.
2011-12-26 19:38:09 +00:00
Dr. Stephen Henson
7bb4f8ff12 recognise no-sctp 2011-12-25 14:59:40 +00:00
Dr. Stephen Henson
7dd6407a4c update ordinals 2011-12-25 14:48:44 +00:00
Dr. Stephen Henson
53de315b78 recognise SCTP in mkdef.pl script 2011-12-25 14:47:46 +00:00
Dr. Stephen Henson
e065e6cda2 PR: 2535
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Add SCTP support for DTLS (RFC 6083).
2011-12-25 14:45:40 +00:00
Dr. Stephen Henson
60553cc209 typo 2011-12-23 15:03:16 +00:00
Dr. Stephen Henson
2d4c9ab518 delete unimplemented function from header file, update ordinals 2011-12-23 14:10:35 +00:00
Dr. Stephen Henson
50771f7ce3 update ordinals 2011-12-22 16:10:04 +00:00
Dr. Stephen Henson
242f8d644c remove prototype for deleted SRP function 2011-12-22 16:01:23 +00:00
Dr. Stephen Henson
f5575cd167 New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
New function to retrieve compression method from SSL_SESSION structure.

Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.
2011-12-22 15:01:16 +00:00
Ben Laurie
dd0ddc3e78 Fix DTLS. 2011-12-20 15:05:03 +00:00
Dr. Stephen Henson
62308f3f4a PR: 2563
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve

Improved PRNG seeding for VOS.
2011-12-19 17:02:35 +00:00
Andy Polyakov
cecafcce94 update CHANGES. 2011-12-19 14:49:05 +00:00
Dr. Stephen Henson
ca0efb7594 update CHANGES 2011-12-19 14:40:02 +00:00
Andy Polyakov
1d05ff2779 apps/speed.c: fix typo in last commit. 2011-12-19 14:33:37 +00:00
Andy Polyakov
941811ccb9 apps/speed.c: Cygwin alarm() fails sometimes.
PR: 2655
2011-12-15 22:30:11 +00:00
Andy Polyakov
700384be8e vpaes-x86.pl: revert previous commit and solve the problem through x86masm.pl [from HEAD].
PR: 2657
2011-12-15 22:20:26 +00:00
Dr. Stephen Henson
b8a22c40e0 PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Remove unnecessary code for srp and to add some comments to
s_client.

- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable

- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
2011-12-14 22:18:03 +00:00
Andy Polyakov
3918de9ad1 vpaes-x86.pl: portability fix.
PR: 2657
2011-12-14 21:30:25 +00:00
Ben Laurie
96fe35e7d4 Remove redundant TLS exporter. 2011-12-13 14:35:12 +00:00
Ben Laurie
e87afb1518 SSL export fixes (from Adam Langley). 2011-12-13 14:25:11 +00:00
Andy Polyakov
7b467c6b81 modexp512-x86_64.pl: Solaris portability fix [from HEAD].
PR: 2656
2011-12-12 15:12:09 +00:00