Bodo Möller
702eb4dc0a
tolerate extra data at end of client hello for SSL 3.0
2003-07-21 15:16:20 +00:00
Richard Levitte
60511b8bb8
Fix the problem with missing definition of THREADS on VMS.
...
Also produce a better configuration header file.
PR: 548
2003-03-27 12:25:12 +00:00
Bodo Möller
ef42d6a4ed
countermeasure against new Klima-Pokorny-Rosa atack
2003-03-19 19:20:30 +00:00
Richard Levitte
39c06a8b73
Security fix: Vaudenay timing attack on CBC.
...
An advisory will be posted to the web. Expect a release within the hour.
2003-02-19 12:04:07 +00:00
Bodo Möller
b73de7334a
comments
2003-02-12 14:17:33 +00:00
Richard Levitte
6c8aa1ec9c
Merge from HEAD...
2002-12-21 23:54:23 +00:00
Richard Levitte
6bad9d0522
A few more memset()s converted to OPENSSL_cleanse().
...
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
2002-11-29 11:31:18 +00:00
Richard Levitte
dd54633339
Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
...
always give the expected result on some platforms.
2002-11-28 18:56:18 +00:00
Richard Levitte
920b700d4a
Cleanse memory using the new OPENSSL_cleanse() function.
...
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:06:36 +00:00
Lutz Jänicke
e824df317a
Fix bug introduced by the attempt to fix client side external session
...
caching (#288 ): now internal caching failed (#351 ):
Make sure, that cipher_id is set before comparing.
Submitted by:
Reviewed by:
PR: 288 (and 351)
2002-11-20 10:48:05 +00:00
Bodo Möller
3d2fd99573
allocate bio_err before memory debugging is enabled to avoid memory leaks
...
(we can't release it before the CRYPTO_mem_leaks() call!)
Submitted by: Nils Larsch
2002-11-19 12:10:08 +00:00
Lutz Jänicke
8e71d1b561
The pointer to the cipher object is not yet set, when session was reloaded
...
from external cache (using d2i_SSL_SESSION). Perform comparison based on
the cipher's id instead.
Submitted by: Steve Haslam <araqnid@innocent.com>
Reviewed by:
PR: 288
2002-11-15 10:52:53 +00:00
Richard Levitte
3aefe06f0f
We need to read one more byte of the REQUEST-CERTIFICATE message.
...
PR: 300
2002-11-15 09:16:56 +00:00
Bodo Möller
33c3f72792
avoid Purify warnings
...
Submitted by: Nils Larsch
2002-11-05 12:24:41 +00:00
Geoff Thorpe
69c8c5611c
The recent session caching modifications (including docs, and CHANGES) were
...
applied to the "engine" 0.9.6 branch rather than the non-engine one. This
merges all the changes back across so they are in-sync w.r.t. these
changes.
2002-10-29 18:36:51 +00:00
Bodo Möller
96eef150d6
increase permissible message length so that we can handle
...
CertificateVerify for 4096 bit RSA signatures
2002-10-28 15:40:47 +00:00
Richard Levitte
9952cfcf62
Use double dashes so makedepend doesn't misunderstand the flags we
...
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:16:31 +00:00
Bodo Möller
b49d33defd
fix more race conditions
...
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
2002-09-26 15:55:46 +00:00
Lutz Jänicke
db7749b8ac
Add missing brackets.
...
Submitted by: "Chris Brook" <cbrook@v-one.com>
Submitted by:
Reviewed by:
PR:
2002-09-25 20:20:55 +00:00
Bodo Möller
af4396e589
really fix race conditions
...
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
PR: 291
2002-09-25 15:36:21 +00:00
Bodo Möller
924b6006d7
really fix race condition
...
PR: 262
2002-09-23 14:30:59 +00:00
Bodo Möller
caf97dbad0
there is no minimum length for session IDs
...
PR: 274
[previous commit did not include all the changes]
2002-09-20 08:27:44 +00:00
Bodo Möller
5fef7d56ce
there is no minimum length for session IDs
...
PR: 274
2002-09-19 11:43:13 +00:00
Bodo Möller
30c37c52c5
fix race condition
...
PR: 262
2002-09-19 11:27:37 +00:00
Lutz Jänicke
06076d9d31
Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb().
...
Submitted by:
Reviewed by:
PR: 212
2002-08-16 17:09:31 +00:00
Bodo Möller
b411e2724f
use correct function code in error message
2002-08-15 16:16:36 +00:00
Richard Levitte
ffcbf991b1
Sometimes, the value of the variable containing the compiler call can
...
become rather large. This becomes a problem when the default 1024
character large buffer that WRITE uses isn't enough. WRITE/SYMBOL
uses a 2048 byte large buffer instead.
2002-08-15 08:29:58 +00:00
Richard Levitte
425d06d178
Instead of returning errors when certain flags are unusable, just ignore them.
...
That will make the test go through even if DH (or in some cases ECDH) aren't
built into OpenSSL.
PR: 216, part 2
2002-08-14 12:18:29 +00:00
Richard Levitte
bf6635038f
Small syntax error corrected. Fortunately, this one only issues a
...
warning, and is thereby ignored by the rest of the command procedure.
The only problem would be if SSL_TASK.C failed to compile, which
hasn't happened in ages...
2002-08-14 11:27:25 +00:00
Bodo Möller
517a0e7fa0
get rid of OpenSSLDie
2002-08-02 10:51:59 +00:00
Lutz Jänicke
bb41724483
OpenSSL Security Advisory [30 July 2002]
...
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
Submitted by:
Reviewed by:
PR:
2002-07-30 10:19:01 +00:00
Lutz Jänicke
d12eb7b024
"make update"
...
Submitted by:
Reviewed by:
PR:
2002-07-30 09:32:45 +00:00
Bodo Möller
b5b19ae0bd
'SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION' does not belong here,
...
it's 0.9.7 only
2002-07-19 12:37:30 +00:00
Lutz Jänicke
d2cbe66ee1
Ciphers with NULL encryption were not properly handled because they were
...
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
2002-07-10 06:41:29 +00:00
Bodo Möller
0ac51fcf0b
emtpy fragments are not necessary for SSL_eNULL
...
(but noone uses it anyway)
2002-07-09 08:48:03 +00:00
Bodo Möller
32a76f2c75
New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
...
vulnerability workaround (included in SSL_OP_ALL).
PR: #90
2002-06-14 12:19:34 +00:00
Richard Levitte
578c1cdefa
make update
2002-06-13 21:57:57 +00:00
Richard Levitte
6c53759a50
Recover from errors
2002-05-23 23:33:22 +00:00
Bodo Möller
35fbadb322
fix warning
2002-05-06 10:42:56 +00:00
Bodo Möller
ea9e248cde
fix casts
2002-05-05 23:01:42 +00:00
Dr. Stephen Henson
64f1ae3868
Win32 VC++ warning fixes.
2002-05-02 01:52:18 +00:00
Richard Levitte
9cf94f9ed3
Fix unsigned vs. signed clash
2002-04-29 10:30:05 +00:00
Richard Levitte
ea599390c6
Make sure the opened directory is closed on exit.
...
Notified by Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>
2002-04-18 16:20:32 +00:00
Bodo Möller
a6ec2d58ba
improve binary compatibility
2002-04-14 08:25:41 +00:00
Bodo Möller
82c77c1b32
Implement known-IV countermeasure.
...
Fix length checks in ssl3_get_client_hello().
Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-04-13 22:49:28 +00:00
Lutz Jänicke
6bcba344b5
Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>).
2002-03-19 16:47:09 +00:00
Bodo Möller
7aacd4c458
fix ssl3_pending
2002-03-15 10:53:34 +00:00
Lutz Jänicke
e18ed57afd
Add missing strength entries.
2002-03-14 18:56:59 +00:00
Bodo Möller
ff9722c7f1
use BIO_nwrite() more properly to demonstrate the general idea of
...
BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not
in general)
2002-03-14 09:49:10 +00:00
Lutz Jänicke
ec20856622
Fix the fix (Yoram Zahavi)...
2002-02-27 11:26:20 +00:00