wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9267 commits 20 branches 302 tags 153 MiB
Commit graph

9267 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ben Laurie
9e198c4bd0 Fix type-checking/casting issue. 2010-01-16 13:32:14 +00:00
Dr. Stephen Henson
7eceffbfef convert to Unix EOL form 2010-01-15 15:26:32 +00:00
Dr. Stephen Henson
8043f01b13 PR: 2125 
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>

Fix gcc-aix compilation issue.
 2010-01-14 17:51:52 +00:00
Dr. Stephen Henson
41c0f68630 Fix version handling so it can cope with a major version >3. 
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
 2010-01-13 19:08:29 +00:00
Dr. Stephen Henson
2c627637c5 Modify compression code so it avoids using ex_data free functions. This 
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
 2010-01-13 18:46:01 +00:00
Dr. Stephen Henson
58f4b3511e update ordinals 2010-01-12 17:33:59 +00:00
Dr. Stephen Henson
93fac08ec3 PR: 2136 
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
 2010-01-12 17:27:11 +00:00
Dr. Stephen Henson
23c3bee970 make update 2010-01-12 01:59:11 +00:00
Dr. Stephen Henson
73ff97ad76 Simplify RI+SCSV logic: 
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
 2010-01-07 19:05:03 +00:00
Andy Polyakov
0d8ffc2007 b_sock.c: bind/connect are picky about socket address length [from HEAD]. 2010-01-07 13:15:39 +00:00
Andy Polyakov
a32f7fb832 sendto is reportedly picky about destination socket address length [from HEAD]. 
PR: 2114
Submitted by: Robin Seggelmann
 2010-01-07 10:44:21 +00:00
Andy Polyakov
496cf69e40 Fix compilation on older Linux [from HEAD]. 2010-01-06 21:25:22 +00:00
Dr. Stephen Henson
eb17330837 Updates to conform with draft-ietf-tls-renegotiation-03.txt: 
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
 2010-01-06 17:37:38 +00:00
Dr. Stephen Henson
2708603bb4 ENGINE_load_capi() now exists on all platforms (but no op on non-WIN32) 2010-01-06 13:20:52 +00:00
Dr. Stephen Henson
e4f1cda7de PR: 2102 
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Remove duplicate definitions.
 2010-01-05 17:58:15 +00:00
Dr. Stephen Henson
4359b88bbe Typo 2010-01-05 17:50:01 +00:00
Dr. Stephen Henson
c079fde3f7 PR: 2132 
Submitted by: steve

Fix bundled pod2man.pl to handle alternative comment formats.
 2010-01-05 17:33:09 +00:00
Dr. Stephen Henson
6e94156199 Remove tabs on blank lines: they produce warnings in pod2man 2010-01-05 17:17:20 +00:00
Dr. Stephen Henson
1f67a3a985 compress_meth should be unsigned 2010-01-05 16:46:39 +00:00
Dr. Stephen Henson
4cba294d79 Client side compression algorithm sanity checks: ensure old compression 
algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).
 2010-01-01 14:39:51 +00:00
Dr. Stephen Henson
e642fd7a1c Compression handling on session resume was badly broken: it always 
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
 2010-01-01 00:44:36 +00:00
Andy Polyakov
5448e6739c b_sock.c: correct indirect calls on WinSock platforms [from HEAD]. 
PR: 2130
Submitted by: Eugeny Gostyukhin
 2009-12-30 12:56:16 +00:00
Andy Polyakov
f0389d8d37 Adapt mingw config for newer mingw environment [from HEAD]. 
PR: 2113
 2009-12-30 11:57:39 +00:00
Andy Polyakov
a5313cf360 sha512.c update for esoteric PPC platfrom(s) [from HEAD]. 
PR: 1998
 2009-12-30 11:53:33 +00:00
Andy Polyakov
b26c45b033 Deploy multilib config-line parameter [from HEAD]. 2009-12-29 10:46:46 +00:00
Dr. Stephen Henson
986093affa Typo 2009-12-27 23:03:25 +00:00
Dr. Stephen Henson
f88e0acb0e Update RI to match latest spec. 
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
 2009-12-27 22:59:09 +00:00
Dr. Stephen Henson
aed461b431 Traditional Yuletide commit ;-) 
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
 2009-12-25 14:12:24 +00:00
Bodo Möller
8bbd0e826c Use properly local variables for thread-safety. 
Submitted by: Martin Rex
 2009-12-22 11:52:15 +00:00
Bodo Möller
40c45f86d4 Constify crypto/cast. 2009-12-22 11:45:59 +00:00
Bodo Möller
a0b7277724 Constify crypto/cast. 2009-12-22 10:58:01 +00:00
Dr. Stephen Henson
54bc369ad7 Alert to use is now defined in spec: update code 2009-12-17 15:42:43 +00:00
Dr. Stephen Henson
2d3855fc6e PR: 2127 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check for lookup failures in EVP_PBE_CipherInit().
 2009-12-17 15:28:45 +00:00
Dr. Stephen Henson
1cd47f5f6e Ooops revert stuff which shouldn't have been part of previous commit. 2009-12-16 20:33:11 +00:00
Dr. Stephen Henson
675564835c New option to enable/disable connection to unpatched servers 2009-12-16 20:28:30 +00:00
Dr. Stephen Henson
2456cd58c4 Allow initial connection (but no renegoriation) to servers which don't support 
RI.

Reorganise RI checking code and handle some missing cases.
 2009-12-14 13:55:39 +00:00
Ben Laurie
43a107026d Missing error code. 2009-12-12 15:57:53 +00:00
Ben Laurie
ef0498a00b Use gcc 4.4. 2009-12-12 15:57:19 +00:00
Dr. Stephen Henson
f1784f2fd2 Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL 2009-12-11 00:20:58 +00:00
Dr. Stephen Henson
730f5752ff clarify docs 2009-12-09 18:17:09 +00:00
Dr. Stephen Henson
a88c73b43a Document option clearning functions. 
Initial secure renegotiation documentation.
 2009-12-09 18:00:52 +00:00
Dr. Stephen Henson
a6d204e241 Add patch to crypto/evp which didn't apply from PR#2124 2009-12-09 15:02:14 +00:00
Dr. Stephen Henson
941baf6641 Revert lhash patch for PR#2124 2009-12-09 15:00:20 +00:00
Dr. Stephen Henson
b41a614686 Check s3 is not NULL 2009-12-09 14:53:51 +00:00
Dr. Stephen Henson
aac751832a PR: 2124 
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
 2009-12-09 13:38:20 +00:00
Dr. Stephen Henson
52a08e90d1 Add ctrls to clear options and mode. 
Change RI ctrl so it doesn't clash.
 2009-12-09 13:25:38 +00:00
Dr. Stephen Henson
6b5f0458fe Send no_renegotiation alert as required by spec. 2009-12-08 19:06:09 +00:00
Dr. Stephen Henson
b52a2738d4 Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
10f99d7b77 Add support for magic cipher suite value (MCSV). Make secure renegotiation 
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
 2009-12-08 13:15:12 +00:00
Dr. Stephen Henson
593222afe1 PR: 2121 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.
 2009-12-08 11:38:18 +00:00