wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7919 commits 20 branches 302 tags 153 MiB
Commit graph

822 commits

Author SHA1 Message Date
Dr. Stephen Henson
3fdc2c906d PR: 1795 
Submitted by: Peter Edwards <peter.edwards@vordel.com>
Approved by: steve@openssl.org

Avoid race condition by sorting cipher list straight away.
 2009-04-07 12:10:12 +00:00
Dr. Stephen Henson
6252f3bc7c PR: 1827 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix application data in handshake bug.
 2009-04-02 22:34:59 +00:00
Dr. Stephen Henson
4e319926d7 PR: 1828 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS retransmission bug.
 2009-04-02 22:32:16 +00:00
Dr. Stephen Henson
e4f456918f PR: 1826 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Client random bug fix.
 2009-04-02 22:28:35 +00:00
Dr. Stephen Henson
c342341ea1 Ooops, revert patch... due to non-portable gettimeofday call. 2009-04-02 22:19:07 +00:00
Dr. Stephen Henson
9d396bee8e PR: 1829 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timer bug fix.
 2009-04-02 22:16:02 +00:00
Dr. Stephen Henson
a9427c2536 PR: 1838 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS fragment bug.
 2009-04-02 22:12:13 +00:00
Dr. Stephen Henson
1fde5b65c6 Fix from HEAD. 2009-03-12 17:31:18 +00:00
Ben Laurie
241d088156 Fix memory leak. 2009-02-23 16:02:47 +00:00
Dr. Stephen Henson
72f6453c48 PR: 1835 
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
 2009-02-14 21:50:14 +00:00
Dr. Stephen Henson
a00c3c4019 Properly check EVP_VerifyFinal() and similar return values 
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
 2009-01-07 10:48:23 +00:00
Lutz Jänicke
f4677b7960 Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP 
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
 2009-01-05 14:43:07 +00:00
Dr. Stephen Henson
4b253d904d Avoid signed/unsigned compare warnings. 2008-12-29 00:17:36 +00:00
Dr. Stephen Henson
2c17b493b1 Make -DKSSL_DEBUG work again. 2008-11-10 18:55:07 +00:00
Lutz Jänicke
4db3e88459 Firstly, the bitmap we use for replay protection was ending up with zero 
length, so a _single_ pair of packets getting switched around would
cause one of them to be 'dropped'.

Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>
 2008-10-13 06:43:06 +00:00
Lutz Jänicke
ab073bad4f When the underlying BIO_write() fails to send a datagram, we leave the 
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().

The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>
 2008-10-10 10:41:32 +00:00
Bodo Möller
d875413a0b Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't 
enable disabled ciphersuites.
 2008-09-22 21:22:51 +00:00
Dr. Stephen Henson
e852835da6 Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
52702f6f92 Updates to build system from FIPS branch. Make fipscanisterbuild work and 
build FIPS test programs.
 2008-09-17 15:56:42 +00:00
Bodo Möller
446881468c update comment 2008-09-14 19:50:53 +00:00
Bodo Möller
c198c26226 oops 2008-09-14 18:16:09 +00:00
Andy Polyakov
54d6ddba69 dtls1_write_bytes consumers expect amount of bytes written per call, not 
overall [from HEAD].
PR: 1604
 2008-09-14 17:57:03 +00:00
Dr. Stephen Henson
1af12ff1d1 Fix error code discrepancy. 
Make update.
 2008-09-14 16:43:37 +00:00
Bodo Möller
200d00c854 Fix SSL state transitions. 
Submitted by: Nagendra Modadugu
 2008-09-14 14:02:01 +00:00
Bodo Möller
36a4a67b2b Some precautions to avoid potential security-relevant problems. 2008-09-14 13:42:40 +00:00
Andy Polyakov
3413424f01 DTLS didn't handle alerts correctly [from HEAD]. 
PR: 1632
 2008-09-13 18:25:36 +00:00
Dr. Stephen Henson
8f59c61d1d If tickets disabled behave as if no ticket received to support 
stateful resume.
 2008-09-03 22:13:04 +00:00
Bodo Möller
f9f6f0e9f0 sanity check 
PR: 1679
 2008-08-13 19:44:44 +00:00
Dr. Stephen Henson
14748adb09 Make ssl code consistent with FIPS branch. The new code has no effect 
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
 2008-06-16 16:56:43 +00:00
Dr. Stephen Henson
0278e15fa3 If auto load ENGINE lookup fails retry adding builtin ENGINEs. 2008-06-05 15:13:03 +00:00
Dr. Stephen Henson
56ef1cbc40 include engine.h if needed. 2008-06-05 11:23:35 +00:00
Dr. Stephen Henson
591371566e Update from HEAD. 2008-06-04 22:39:29 +00:00
Dr. Stephen Henson
4aefb1dd98 Backport more ENGINE SSL client auth code to 0.9.8. 2008-06-04 18:35:27 +00:00
Dr. Stephen Henson
aa03989791 Backport ssl client auth ENGINE support to 0.9.8. 2008-06-04 18:01:40 +00:00
Bodo Möller
cec9bce126 fix whitespace 2008-05-28 22:22:50 +00:00
Mark J. Cox
2c0fa03dc6 Fix flaw if 'Server Key exchange message' is omitted from a TLS 
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com
 2008-05-28 07:29:27 +00:00
Mark J. Cox
d3b3a6d389 Fix double-free in TLS server name extensions which could lead to a remote 
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com
 2008-05-28 07:26:33 +00:00
Lutz Jänicke
b0118409a9 Reword comment to be much shorter to stop other people from complaining 
about "overcommenting"
 2008-05-26 06:21:10 +00:00
Lutz Jänicke
5f23288692 Clear error queue when starting SSL_CTX_use_certificate_chain_file 
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
 2008-05-23 10:37:22 +00:00
Dr. Stephen Henson
db533c96e3 TLS ticket key setting callback: this allows and application to set 
its own TLS ticket keys.
 2008-04-30 16:11:33 +00:00
Dr. Stephen Henson
8831eb7624 Do not permit stateless session resumption is session IDs mismatch. 2008-04-29 17:22:01 +00:00
Dr. Stephen Henson
3c8f315021 Support ticket renewal in state machine (not used at present). 2008-04-29 16:41:53 +00:00
Dr. Stephen Henson
0f2e636602 Status strings for ticket states. 2008-04-29 16:38:26 +00:00
Dr. Stephen Henson
d3eef3e5af Fix from HEAD. 2008-04-25 16:27:25 +00:00
Dr. Stephen Henson
3edad44d6e Avoid "initializer not constant" errors when compiling in pedantic mode. 2008-04-02 11:15:05 +00:00
Ben Laurie
9c04747623 Make depend. 2007-11-15 13:32:53 +00:00
Dr. Stephen Henson
236860735e Allow new session ticket when resuming. 2007-11-03 13:07:39 +00:00
Dr. Stephen Henson
5f95651316 Ensure the ticket expected flag is reset when a stateless resumption is 
successful.
 2007-10-18 11:39:11 +00:00
Andy Polyakov
ccac657556 New unused field crippled ssl_ctx_st in 0.9.8"f". 2007-10-17 21:22:58 +00:00
Andy Polyakov
a9c23ea079 Don't let DTLS ChangeCipherSpec increment handshake sequence number. From 
HEAD with a twist: server interoperates with non-compliant client.
PR: 1587
 2007-10-17 21:17:49 +00:00