Commit graph

8184 commits

Author SHA1 Message Date
Dr. Stephen Henson
76c3ef7446 Fix from stable branch. 2007-10-18 11:42:47 +00:00
Andy Polyakov
659f7f3168 Don't let DTLS ChangeCipherSpec increment handshake sequence number.
PR: 1587
2007-10-17 21:15:48 +00:00
Dr. Stephen Henson
3d3bf9c730 Don't lookup zero length session ID.
PR: 1591
2007-10-17 17:31:57 +00:00
Dr. Stephen Henson
4017e8706c Fix from stable branch. 2007-10-17 11:49:27 +00:00
Andy Polyakov
3ce54f35b3 Make ssl compile [from 098-stable, bug is masked by default]. 2007-10-14 14:09:13 +00:00
Andy Polyakov
ebc06fba67 Bunch of constifications. 2007-10-13 15:51:32 +00:00
Andy Polyakov
e979c039f9 Fix warnings in d1_both.c [from 0.9.8-stable]. 2007-10-13 11:00:52 +00:00
Andy Polyakov
90acf770b5 DTLS fixes from 0.9.8-stable. 2007-10-13 10:57:02 +00:00
Andy Polyakov
0d89e45690 Synchronize CHANGES between 0.9.8 and HEAD. 2007-10-13 10:55:30 +00:00
Ben Laurie
1948c7e6dd 0.9.8f. 2007-10-12 10:56:10 +00:00
Dr. Stephen Henson
a6db6a0070 Update CHANGES. Keep ordinals consistent. 2007-10-12 00:15:09 +00:00
Ben Laurie
fdb2fe6dc2 New release. 2007-10-11 19:31:29 +00:00
Andy Polyakov
a2115c5d17 Respect cookie length set by app_gen_cookie_cb.
Submitted by: Alex Lam
2007-10-09 19:31:18 +00:00
Andy Polyakov
4fe55663df Make DTLS1 record layer MAC calculation RFC compliant.
Submitted by: Alex Lam
2007-10-09 19:19:07 +00:00
Andy Polyakov
ae1552ee99 Addendum to commit #16654. 2007-10-09 16:37:24 +00:00
Andy Polyakov
debf380122 size_t-fy crypto/buffer. 2007-10-09 15:52:07 +00:00
Ralf S. Engelschall
ddb038d349 ignore a few additionally generated files 2007-10-09 09:56:44 +00:00
Andy Polyakov
b7cc9dffac Addendum to commit #16651. 2007-10-07 14:34:59 +00:00
Andy Polyakov
e1b81fed33 Make it possible to link VC static lib with either /MT or /MD application.
PR: 1230
2007-10-07 12:55:36 +00:00
Andy Polyakov
5d58f1bbfe Prohibit RC4 in DTLS. 2007-10-05 21:04:56 +00:00
Dr. Stephen Henson
fcd1cb666c Fix from fips branch. 2007-10-05 16:53:31 +00:00
Dr. Stephen Henson
4f19a9cb9f Off by one fix from stable branch. 2007-10-04 12:07:52 +00:00
Andy Polyakov
0023adb47a Switch to bn-s390x (it's faster on keys longer than 512 bits) and mention
s390x assembler pack in CHANAGES.
2007-10-01 07:38:32 +00:00
Andy Polyakov
81fe8dcfe1 Oops! This was erroneously left out commit #16632. 2007-10-01 06:27:21 +00:00
Andy Polyakov
d527834a1d Basic idea behind explicit IV is to make it unpredictable for attacker.
Until now it was xor between CBC residue and 1st block from last datagram,
or in other words still predictable.
2007-09-30 22:01:36 +00:00
Andy Polyakov
89c333e3e5 Make ChangeCipherSpec compliant with DTLS RFC4347. 2007-09-30 21:19:30 +00:00
Andy Polyakov
0d97d00b6c DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. 2007-09-30 19:34:36 +00:00
Andy Polyakov
e7adda52b3 DTLS RFC4347 requires client to use rame random field in reply to
HelloVerifyRequest.
2007-09-30 19:15:27 +00:00
Andy Polyakov
7432d073af Switch to RFC-compliant version encoding in DTLS. 2007-09-30 18:53:54 +00:00
Dr. Stephen Henson
04e2ab2c02 Move no status notification to ssl_check_serverhello_tlsext() to ensure
no status is notified even if no server extensions are present.
2007-09-28 17:45:11 +00:00
Dr. Stephen Henson
b7fcc08976 Typo. 2007-09-28 17:18:18 +00:00
Andy Polyakov
7722e53f12 Yet another ARM update. It appears to be more appropriate to make
developers responsible for -march choice.
2007-09-27 16:27:03 +00:00
Andy Polyakov
2c3ee16272 Move -march=armv4t to ./config. 2007-09-27 07:43:58 +00:00
Andy Polyakov
19112771d6 Minor ARMv4 update. 2007-09-27 07:20:31 +00:00
Andy Polyakov
4c7c5ff667 ARMv4 assembler pack. 2007-09-27 07:09:46 +00:00
Andy Polyakov
d7e915616d 10% performance tweak in 64-bit mode. 2007-09-27 06:19:25 +00:00
Dr. Stephen Henson
67c8e7f414 Support for certificate status TLS extension. 2007-09-26 21:56:59 +00:00
Andy Polyakov
74eb3e0914 Make sha512-armv4.pl byte-order neutral. 2007-09-26 12:17:33 +00:00
Andy Polyakov
79fe664f19 Clarify commentary in sha512-sparcv9.pl. 2007-09-26 12:16:32 +00:00
Lutz Jänicke
5f0477f47b Typos
PR: 1578
Submitted by: Charles Longeau <chl@tuxfamily.org>
2007-09-24 11:22:58 +00:00
Lutz Jänicke
7bbce69721 Port from 0.9.8-stable 2007-09-24 11:01:18 +00:00
Dr. Stephen Henson
870d6541f2 Use accept flag for new session ticket write. 2007-09-23 15:55:15 +00:00
Bodo Möller
02c27b113c properly handle length-zero opaque PRF input values
(which are pointless, but still might occur)
2007-09-23 11:30:53 +00:00
Bodo Möller
86d4bc3aea fix length parameter in SSL_set_tlsext_opaque_prf_input() calls 2007-09-23 11:08:59 +00:00
Bodo Möller
761772d7e1 Implement the Opaque PRF Input TLS extension
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way.  In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().

Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
2007-09-21 06:54:24 +00:00
Andy Polyakov
54ef01b54b Fix indentation in d1_both.c. 2007-09-19 16:38:15 +00:00
Ben Laurie
9311c4421a Fix dependencies. Make depend. 2007-09-19 14:53:18 +00:00
Ben Laurie
aaa4f448cf The other half of make errors. 2007-09-19 14:51:28 +00:00
Ben Laurie
5f8b524619 make errors. 2007-09-19 14:29:59 +00:00
Bodo Möller
08111768a2 fix warning 2007-09-19 01:43:59 +00:00