wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9859 commits 20 branches 302 tags 153 MiB
Commit graph

1592 commits

Author SHA1 Message Date
Dr. Stephen Henson
cca1cd9a34 Submitted by: Tomas Hoger <thoger@redhat.com> 
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
 2010-03-03 15:41:18 +00:00
Dr. Stephen Henson
0f776277bc oops, use correct date 2010-02-26 12:13:36 +00:00
Dr. Stephen Henson
db28aa86e0 add -trusted_first option and verify flag 2010-02-25 12:21:48 +00:00
Dr. Stephen Henson
fbd2164044 Experimental support for partial chain verification: if an intermediate 
certificate is explicitly trusted (using -addtrust option to x509 utility
for example) the verification is sucessful even if the chain is not complete.
 2010-02-25 00:17:22 +00:00
Bodo Möller
a839755329 Fix X509_STORE locking 2010-02-19 18:27:07 +00:00
Dr. Stephen Henson
c2c49969e2 Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:38:31 +00:00
Dr. Stephen Henson
47e0a1c335 PR: 2100 
Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.
 2010-02-17 14:32:41 +00:00
Dr. Stephen Henson
f959598866 update references to new RI RFC 2010-02-12 21:59:31 +00:00
Dr. Stephen Henson
c8ef656df2 Make CMAC API similar to HMAC API. Add methods for CMAC. 2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
8c968e0355 Initial experimental CMAC implementation. 2010-02-07 18:01:07 +00:00
Dr. Stephen Henson
c2bf720842 Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy 
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
 2010-02-07 13:39:39 +00:00
Dr. Stephen Henson
da454e4c67 typo 2010-01-29 00:09:33 +00:00
Dr. Stephen Henson
08c239701b Experimental renegotiation support in s_server test -www server. 2010-01-28 19:48:36 +00:00
Dr. Stephen Henson
4ba1aa393b typo 2010-01-27 14:05:39 +00:00
Dr. Stephen Henson
d5e7f2f2c3 PR: 1949 
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
 2010-01-26 19:47:37 +00:00
Dr. Stephen Henson
58c0da84dd Typo 2010-01-26 12:30:00 +00:00
Dr. Stephen Henson
ba64ae6cd1 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:12 +00:00
Dr. Stephen Henson
bd5f21a4ae Fix version handling so it can cope with a major version >3. 
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
 2010-01-13 19:08:02 +00:00
Dr. Stephen Henson
1b31b5ad56 Modify compression code so it avoids using ex_data free functions. This 
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
 2010-01-13 18:57:40 +00:00
Dr. Stephen Henson
0e0c6821fa PR: 2136 
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
 2010-01-12 17:29:34 +00:00
Dr. Stephen Henson
76998a71bc Updates to conform with draft-ietf-tls-renegotiation-03.txt: 
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
 2010-01-06 17:37:09 +00:00
Dr. Stephen Henson
e6f418bcb7 Compression handling on session resume was badly broken: it always 
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
 2009-12-31 14:13:30 +00:00
Dr. Stephen Henson
5e63121758 Include CHANGES entry for external cache 2009-12-31 13:58:57 +00:00
Bodo Möller
7427379e9b Constify crypto/cast. 2009-12-22 10:58:33 +00:00
Dr. Stephen Henson
ef51b4b9b4 New option to enable/disable connection to unpatched servers 2009-12-16 20:25:59 +00:00
Dr. Stephen Henson
7661ccadf0 Add ctrls to clear options and mode. 
Change RI ctrl so it doesn't clash.
 2009-12-09 13:25:16 +00:00
Dr. Stephen Henson
82e610e2cf Send no_renegotiation alert as required by spec. 2009-12-08 19:06:26 +00:00
Dr. Stephen Henson
5430200b8b Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:08 +00:00
Dr. Stephen Henson
13f6d57b1e Add support for magic cipher suite value (MCSV). Make secure renegotiation 
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
 2009-12-08 13:14:03 +00:00
Dr. Stephen Henson
637f374ad4 Initial experimental TLSv1.1 support 2009-12-07 13:31:02 +00:00
Dr. Stephen Henson
9d9530255b Update CHANGES. 2009-12-02 15:28:27 +00:00
Dr. Stephen Henson
d2a53c2238 Experimental CMS password based recipient Info support. 2009-11-26 18:57:39 +00:00
Bodo Möller
480af99ef4 Make CHANGES in CVS head consistent with the CHANGES files in the 
branches.

This means that http://www.openssl.org/news/changelog.html will
finally describe 0.9.8l.
 2009-11-26 18:43:17 +00:00
Dr. Stephen Henson
3d63b3966f Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat 
and is a pre-requisite to adding password based CMS support.
 2009-11-25 22:01:06 +00:00
Dr. Stephen Henson
e0e7997212 First cut of renegotiation extension. (port to HEAD) 2009-11-09 19:03:34 +00:00
Dr. Stephen Henson
befbd0619b update CHANGES 2009-11-09 17:33:32 +00:00
Dr. Stephen Henson
245d2ee3d0 Add option to allow in-band CRL loading in verify utility. Add function 
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
 2009-10-31 13:33:57 +00:00
Dr. Stephen Henson
bb4060c5b5 Move CHANGES entry to 0.9.8l section 2009-10-30 13:29:30 +00:00
Dr. Stephen Henson
661dc1431f Fix statless session resumption so it can coexist with SNI 2009-10-30 13:22:24 +00:00
Dr. Stephen Henson
18e503f30f PR: 2064, 728 
Submitted by: steve@openssl.org

Add support for custom headers in OCSP requests.
 2009-09-30 21:40:55 +00:00
Dr. Stephen Henson
b6dcdbfc94 Audit libcrypto for unchecked return values: fix all cases enountered 2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
acf20c7dbd Add attribute to check if return value of certain functions is incorrectly 
ignored.
 2009-09-23 16:27:10 +00:00
Dr. Stephen Henson
a25f33d28a Submitted by: Julia Lawall <julia@diku.dk> 
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
 2009-09-13 11:29:29 +00:00
Dr. Stephen Henson
0c28f277d1 Add new option --strict-warnings to Configure script. This is used to add 
in devteam warnings into other configurations.
 2009-09-09 16:31:32 +00:00
Dr. Stephen Henson
1771668096 Tidy up and fix verify callbacks to avoid structure dereference, use of 
obsolete functions and enhance to handle new conditions such as policy printing.
 2009-09-02 12:47:28 +00:00
Dr. Stephen Henson
6727565a84 PR: 2003 
Make it possible to install OpenSSL in directories with name other
than "lib" for example "lib64". Based on patch from Jeremy Utley.
 2009-08-10 14:48:40 +00:00
Dr. Stephen Henson
d9d0f1b52c Reject leading 0x80 in OID subidentifiers. 2009-08-06 16:32:54 +00:00
Dr. Stephen Henson
0e4bc56347 Document MD2 deprecation. 2009-07-13 11:58:05 +00:00
Dr. Stephen Henson
9de014a7f8 Update from 0.9.8-stable 2009-06-30 22:27:33 +00:00
Dr. Stephen Henson
d2f6d28298 Update from 0.9.8-stable. 2009-06-28 16:24:37 +00:00
Dr. Stephen Henson
f3be6c7b7d Update from 1.0.0-stable. 2009-06-26 11:29:26 +00:00
Dr. Stephen Henson
e30dd20c0e Update from 1.0.0-stable 2009-06-25 11:29:30 +00:00
Dr. Stephen Henson
c05353c50a Rename asc2uni and uni2asc functions to avoid clashes. 2009-06-17 12:04:56 +00:00
Dr. Stephen Henson
31db43df08 Update from 0.9.8-stable. 2009-06-15 15:01:00 +00:00
Dr. Stephen Henson
d741ccadb5 Oops, update CHANGES entry. 2009-05-31 17:13:55 +00:00
Dr. Stephen Henson
d0b72cf45b Add CHANGES entries from 0.9.8-stable. 2009-05-18 17:37:33 +00:00
Dr. Stephen Henson
5f8f94a661 Update from 1.0.0-stable. 2009-04-28 22:10:54 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
22c98d4aad Update from 1.0.0-stable 2009-04-08 16:16:35 +00:00
Dr. Stephen Henson
cc7399e79c Changes from 1.0.0-stable. 2009-04-07 16:33:26 +00:00
Dr. Stephen Henson
14023fe352 Merge from 1.0.0-stable branch. 2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
aaf35f11d7 Allow use of algorithm and cipher names for dgsts and enc utilities instead 
of having to manually include each one.
 2009-03-30 11:31:50 +00:00
Dr. Stephen Henson
77ea8c3002 Fix typo in CHANGES. 2009-03-25 22:21:12 +00:00
Dr. Stephen Henson
ddcfc25a6d Update from stable branch. 2009-03-25 19:02:22 +00:00
Dr. Stephen Henson
4d7b7c62c3 Update CHANGES. 2009-03-25 12:57:50 +00:00
Dr. Stephen Henson
73ba116e96 Update from stable branch. 2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
80b2ff978d Update from stable branch. 2009-03-25 12:53:50 +00:00
Dr. Stephen Henson
7ce8c95d58 Update from stable branch. 2009-03-25 12:53:26 +00:00
Dr. Stephen Henson
b6af2c7e3e Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru> 
Reviewed by: steve@openssl.org

Update ccgost engine to support parameter files.
 2009-03-17 15:38:34 +00:00
Dr. Stephen Henson
237d7b6cae Fix from stable branch. 2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
854a225a27 Update from stable branch. 2009-03-14 18:33:49 +00:00
Dr. Stephen Henson
33ab2e31f3 PR: 1854 
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org

Support GeneralizedTime in ca utility.
 2009-03-09 13:59:07 +00:00
Dr. Stephen Henson
77202a85a0 Update from stable branch. 2009-03-07 17:00:23 +00:00
Bodo Möller
7ca1cfbac3 -hex option for openssl rand 
PR: 1831
Submitted by: Damien Miller
 2009-02-02 00:01:28 +00:00
Dr. Stephen Henson
57f39cc826 Print out UTF8 and NumericString types in ASN1 parsing utility. 2009-01-28 12:54:52 +00:00
Dr. Stephen Henson
6489573224 Update from stable branch. 2009-01-28 12:36:14 +00:00
Ben Laurie
7f62532030 Allow CC to be overridden. 2009-01-18 12:06:37 +00:00
Dr. Stephen Henson
c2c99e2860 Update certificate hash line format to handle canonical format 
and avoid MD5 dependency.
 2009-01-15 13:22:39 +00:00
Dr. Stephen Henson
8125d9f99c Make PKCS#8 the standard write format for private keys, replacing the 
ancient SSLeay format.
 2009-01-15 12:52:38 +00:00
Dr. Stephen Henson
363bd0b48e Add a set of standard gcc warning options which are designed to be the 
minimum requirement for committed code. Added to debug-steve* config targets
for now.
 2009-01-11 15:56:32 +00:00
Ben Laurie
60aee6ce15 Add missing entry. 2009-01-09 12:48:02 +00:00
Dr. Stephen Henson
bab534057b Updatde from stable branch. 2009-01-07 23:44:27 +00:00
Bodo Möller
7a76219774 Implement Configure option pattern "experimental-foo" 
(specifically, "experimental-jpake").
 2008-12-02 01:21:39 +00:00
Dr. Stephen Henson
79bd20fd17 Update from stable-branch. 2008-11-24 17:27:08 +00:00
Geoff Thorpe
31636a3ed1 Allow the CHIL engine to load even if dynamic locks aren't registered. 
Submitted by: Sander Temme
 2008-11-19 14:21:27 +00:00
Dr. Stephen Henson
12bf56c017 PR: 1574 
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.
 2008-11-15 17:18:12 +00:00
Dr. Stephen Henson
ed551cddf7 Update from stable branch. 2008-11-12 17:28:18 +00:00
Dr. Stephen Henson
87d52468aa Update HMAC functions to return an error where relevant. 2008-11-02 16:00:39 +00:00
Ben Laurie
6caa4edd3e Add JPAKE. 2008-10-26 18:40:52 +00:00
Ben Laurie
28b6d5020e Set comparison function in v3_add_canonize(). 2008-10-14 19:27:07 +00:00
Ben Laurie
d5bbead449 Add XMPP STARTTLS support. 2008-10-14 19:11:26 +00:00
Ben Laurie
1ea6472e60 Type-safe OBJ_bsearch_ex. 2008-10-14 08:10:52 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90 Experimental new date handling routines. These fix issues with X509_time_adj() 
and should avoid any OS date limitations such as the year 2038 bug.
 2008-10-07 22:55:27 +00:00
Bodo Möller
837f2fc7a4 Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't 
enable disabled ciphersuites.
 2008-09-22 21:22:47 +00:00
Bodo Möller
1a489c9af1 From branch OpenSSL_0_9_8-stable: Allow soft-loading engines. 
Also, fix CHANGES (consistency with stable branch).
 2008-09-15 20:41:24 +00:00
Dr. Stephen Henson
8c864e5466 Add missing CHANGES entry. 2008-09-15 20:30:58 +00:00
Bodo Möller
e65bcbcef0 Fix SSL state transitions. 
Submitted by: Nagendra Modadugu
 2008-09-14 14:02:07 +00:00
Bodo Möller
e710de12ce Note about CVS branch inconsistency. 2008-09-14 13:53:18 +00:00
Bodo Möller
db99c52509 Really get rid of unsafe double-checked locking. 
Also, "CHANGES" clean-ups.
 2008-09-14 13:51:44 +00:00