Commit graph

9248 commits

Author SHA1 Message Date
Dr. Stephen Henson
4cba294d79 Client side compression algorithm sanity checks: ensure old compression
algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).
2010-01-01 14:39:51 +00:00
Dr. Stephen Henson
e642fd7a1c Compression handling on session resume was badly broken: it always
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
2010-01-01 00:44:36 +00:00
Andy Polyakov
5448e6739c b_sock.c: correct indirect calls on WinSock platforms [from HEAD].
PR: 2130
Submitted by: Eugeny Gostyukhin
2009-12-30 12:56:16 +00:00
Andy Polyakov
f0389d8d37 Adapt mingw config for newer mingw environment [from HEAD].
PR: 2113
2009-12-30 11:57:39 +00:00
Andy Polyakov
a5313cf360 sha512.c update for esoteric PPC platfrom(s) [from HEAD].
PR: 1998
2009-12-30 11:53:33 +00:00
Andy Polyakov
b26c45b033 Deploy multilib config-line parameter [from HEAD]. 2009-12-29 10:46:46 +00:00
Dr. Stephen Henson
986093affa Typo 2009-12-27 23:03:25 +00:00
Dr. Stephen Henson
f88e0acb0e Update RI to match latest spec.
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
2009-12-27 22:59:09 +00:00
Dr. Stephen Henson
aed461b431 Traditional Yuletide commit ;-)
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:12:24 +00:00
Bodo Möller
8bbd0e826c Use properly local variables for thread-safety.
Submitted by: Martin Rex
2009-12-22 11:52:15 +00:00
Bodo Möller
40c45f86d4 Constify crypto/cast. 2009-12-22 11:45:59 +00:00
Bodo Möller
a0b7277724 Constify crypto/cast. 2009-12-22 10:58:01 +00:00
Dr. Stephen Henson
54bc369ad7 Alert to use is now defined in spec: update code 2009-12-17 15:42:43 +00:00
Dr. Stephen Henson
2d3855fc6e PR: 2127
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check for lookup failures in EVP_PBE_CipherInit().
2009-12-17 15:28:45 +00:00
Dr. Stephen Henson
1cd47f5f6e Ooops revert stuff which shouldn't have been part of previous commit. 2009-12-16 20:33:11 +00:00
Dr. Stephen Henson
675564835c New option to enable/disable connection to unpatched servers 2009-12-16 20:28:30 +00:00
Dr. Stephen Henson
2456cd58c4 Allow initial connection (but no renegoriation) to servers which don't support
RI.

Reorganise RI checking code and handle some missing cases.
2009-12-14 13:55:39 +00:00
Ben Laurie
43a107026d Missing error code. 2009-12-12 15:57:53 +00:00
Ben Laurie
ef0498a00b Use gcc 4.4. 2009-12-12 15:57:19 +00:00
Dr. Stephen Henson
f1784f2fd2 Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL 2009-12-11 00:20:58 +00:00
Dr. Stephen Henson
730f5752ff clarify docs 2009-12-09 18:17:09 +00:00
Dr. Stephen Henson
a88c73b43a Document option clearning functions.
Initial secure renegotiation documentation.
2009-12-09 18:00:52 +00:00
Dr. Stephen Henson
a6d204e241 Add patch to crypto/evp which didn't apply from PR#2124 2009-12-09 15:02:14 +00:00
Dr. Stephen Henson
941baf6641 Revert lhash patch for PR#2124 2009-12-09 15:00:20 +00:00
Dr. Stephen Henson
b41a614686 Check s3 is not NULL 2009-12-09 14:53:51 +00:00
Dr. Stephen Henson
aac751832a PR: 2124
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
2009-12-09 13:38:20 +00:00
Dr. Stephen Henson
52a08e90d1 Add ctrls to clear options and mode.
Change RI ctrl so it doesn't clash.
2009-12-09 13:25:38 +00:00
Dr. Stephen Henson
6b5f0458fe Send no_renegotiation alert as required by spec. 2009-12-08 19:06:09 +00:00
Dr. Stephen Henson
b52a2738d4 Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
10f99d7b77 Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:15:12 +00:00
Dr. Stephen Henson
593222afe1 PR: 2121
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.
2009-12-08 11:38:18 +00:00
Dr. Stephen Henson
7b1856e5a1 PR: 2111
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
2009-12-02 15:28:05 +00:00
Dr. Stephen Henson
3d5d81bf39 Replace the broken SPKAC certification with the correct version. 2009-12-02 14:41:24 +00:00
Dr. Stephen Henson
50f06b46f4 Check it actually compiles this time ;-) 2009-12-02 14:25:55 +00:00
Dr. Stephen Henson
be6076c0ad PR: 2120
Submitted by: steve@openssl.org

Initialize fields correctly if pem_str or info are NULL in  EVP_PKEY_asn1_new().
2009-12-02 13:57:03 +00:00
Dr. Stephen Henson
6125e07d79 check DSA_sign() return value properly 2009-12-01 18:41:50 +00:00
Dr. Stephen Henson
d5b8c46499 PR: 2115
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:41:42 +00:00
Dr. Stephen Henson
7805e23588 PR: 1432
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org

Truncate hash if it is too large: as required by FIPS 186-3.
2009-12-01 17:32:33 +00:00
Dr. Stephen Henson
9117b9d17a PR: 2118
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org

Check return value of ECDSA_sign() properly.
2009-11-30 13:53:42 +00:00
Dr. Stephen Henson
e274c8fb72 typo 2009-11-29 13:45:18 +00:00
Andy Polyakov
e8dbd66e2b cms-test.pl: use EXE_EXT (from HEAD).
PR: 2107
2009-11-26 21:12:12 +00:00
Andy Polyakov
8b9b23603f bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER (from HEAD). 2009-11-26 20:56:05 +00:00
Bodo Möller
aefb9dc5e5 Make CHANGES in the OpenSSL_1_0_0-stable branch consistent with the
one in the OpenSSL_0_9_8-stable branch.
2009-11-26 18:37:11 +00:00
Andy Polyakov
a8c1b19a31 x86_64-xlate.pl: fix typo introduced in last commit.
PR: 2109
2009-11-23 19:51:24 +00:00
Andy Polyakov
29c8d2a54a x86_64-xlate.pl: new gas requires sign extension.
x86masm.pl: fix linker warning.
PR: 2094,2095
2009-11-22 12:52:18 +00:00
Andy Polyakov
87827be0c2 VC-32.pl: bufferoverlowu.lib only when needed and remove duplicate code
(update from HEAD).
PR: 2086
2009-11-22 12:26:15 +00:00
Andy Polyakov
e4572e5210 bio_sock.c and bss_dgram.c: update from HEAD.
PR: 2069
2009-11-22 12:24:43 +00:00
Dr. Stephen Henson
3e8e12a6b6 Servers can't end up talking SSLv2 with legacy renegotiation disabled 2009-11-18 15:09:35 +00:00
Dr. Stephen Henson
5ddbb8f41a Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation 2009-11-18 14:45:32 +00:00
Dr. Stephen Henson
3c44e92bcb Include a more meaningful error message when rejecting legacy renegotiation 2009-11-18 14:19:52 +00:00