Commit graph

8192 commits

Author SHA1 Message Date
Dr. Stephen Henson
c0c1ce125a update year 2010-02-09 14:13:30 +00:00
Dr. Stephen Henson
105861186f Only use bufferoverflowu.lib when needed 2010-02-04 01:10:24 +00:00
Dr. Stephen Henson
4a9d335bb4 tolerate broken CMS/PKCS7 implementations using signature OID instead of digest 2010-02-02 14:19:54 +00:00
Dr. Stephen Henson
162f1e08f8 make no-rsa no-dsa compile again 2010-02-02 14:03:07 +00:00
Dr. Stephen Henson
0484ff5ec1 PR: 2160
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Make session tickets work with DTLS.
2010-02-01 16:48:40 +00:00
Dr. Stephen Henson
4acc2fed6c PR: 2159
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Typo in PR#1949 bug, oops!
2010-02-01 12:44:21 +00:00
Dr. Stephen Henson
0369804ffa In engine_table_select() don't clear out entire error queue: just clear
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
2010-01-28 17:53:11 +00:00
Dr. Stephen Henson
33d7b5ec07 reword RI description 2010-01-27 18:53:59 +00:00
Dr. Stephen Henson
4b38f35e72 update documentation to reflect new renegotiation options 2010-01-27 17:50:47 +00:00
Dr. Stephen Henson
82c2773423 Some shells print out the directory name if CDPATH is set breaking the
pod2man test. Use ./util instead to avoid this.
2010-01-27 16:06:36 +00:00
Dr. Stephen Henson
ded27f709c typo 2010-01-27 14:04:51 +00:00
Dr. Stephen Henson
30dc3e112b stop warnings in fips_test_suite application 2010-01-27 14:03:26 +00:00
Dr. Stephen Henson
371b262f96 stop missing prototype warnings 2010-01-27 13:32:31 +00:00
Dr. Stephen Henson
b3fb2492d5 eliminate some warnings in fips build 2010-01-27 13:21:34 +00:00
Dr. Stephen Henson
93b810637b Bypass algorithm blocking with TLS MD5+SHA1 signature in FIPS mode by
calling underlying method directly.
2010-01-27 00:51:24 +00:00
Dr. Stephen Henson
cc62974182 PR: 1949
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
2010-01-26 19:40:36 +00:00
Dr. Stephen Henson
9413788571 PR: 2138
Submitted by: Kevin Regan <k.regan@f5.com>

Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.
2010-01-26 18:08:42 +00:00
Dr. Stephen Henson
e8387db0c4 Fix VC++ warning (change had already been made to other branches). 2010-01-26 13:24:08 +00:00
Dr. Stephen Henson
81f28ca567 Typo 2010-01-26 12:29:32 +00:00
Dr. Stephen Henson
1b32943215 Update OID table too. 2010-01-25 16:08:52 +00:00
Dr. Stephen Henson
a231d99d4c PR: 2149
Submitted by: Douglas Stebila <douglas@stebila.ca>

Fix wap OIDs.
2010-01-25 16:08:01 +00:00
Dr. Stephen Henson
714044cc03 oops revert test code from previous commit 2010-01-24 13:52:38 +00:00
Dr. Stephen Henson
5598b99fb3 The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING
ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.
2010-01-24 13:50:57 +00:00
Dr. Stephen Henson
6899d9bbf6 If legacy renegotiation is not permitted then send a fatal alert if a patched
server attempts to renegotiate with an unpatched client.
2010-01-22 18:49:43 +00:00
Dr. Stephen Henson
cf876a9893 change versions back to 0.9.8m-dev 2010-01-20 18:22:04 +00:00
Dr. Stephen Henson
8b8a2928af prepare for release 2010-01-20 17:26:02 +00:00
Dr. Stephen Henson
031774468c update TABLE 2010-01-20 17:16:52 +00:00
Dr. Stephen Henson
dd28d12add make update 2010-01-20 16:35:30 +00:00
Dr. Stephen Henson
6c61ee8fe3 Support -L options in VC++ link. 2010-01-20 14:04:29 +00:00
Andy Polyakov
b86ebb55ff rand_win.c: handel GetTickCount wrap-around [from HEAD]. 2010-01-19 21:45:45 +00:00
Andy Polyakov
66956eaba3 x86_64-xlate.pl: refine sign extension logic when handling lea [from HEAD].
PR: 2094,2095
2010-01-19 21:45:16 +00:00
Dr. Stephen Henson
444ff35029 revert patch 2010-01-19 19:10:53 +00:00
Dr. Stephen Henson
ff2549be1d PR: 2144
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Better fix for PR#2144
2010-01-19 19:10:03 +00:00
Andy Polyakov
2557c6a812 Valgrind fix to aes-x86_64.pl in 0.9.8. For reference, newer aes-x86_64.pl
don't suffer from the problem after Win64 SEH support was added.
PR: 2075
Submitted by: Peter Klotz
2010-01-17 19:43:49 +00:00
Dr. Stephen Henson
aae48de0f7 PR: 2144
Submitted by: steve@openssl.org

Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.
2010-01-16 19:45:46 +00:00
Dr. Stephen Henson
766708f24b PR: 2133
Submitted by: steve@openssl.org

Add missing DTLS state strings.
2010-01-16 19:18:31 +00:00
Dr. Stephen Henson
fbeb4a9d15 Add strings for DTLS protocol versions 2010-01-16 19:02:43 +00:00
Dr. Stephen Henson
24fc4f656c PR: 1618
Submitted by: steve@openssl.org

Fix bug in 0.9.8-stable time handling in ca.c . NB: this only handles cases
where times are not being checked or printed properly. Issues relating to
time_t becoming negative or wrapping around are *NOT* addressed. OpenSSL
1.0.0 and later does fix these issues by using its own time routines.
2010-01-14 17:44:46 +00:00
Dr. Stephen Henson
c3c3b28818 Fix version handling so it can cope with a major version >3.
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
2010-01-13 19:08:45 +00:00
Dr. Stephen Henson
06e2670a57 Modify compression code so it avoids using ex_data free functions. This
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
2010-01-13 18:45:03 +00:00
Dr. Stephen Henson
3798a4d059 Simplify RI+SCSV logic:
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
2010-01-07 19:09:32 +00:00
Andy Polyakov
5b8246d6eb x86_64-xlate.pl: new gas requires sign extention in lea instruction
[from HEAD].
PR: 2094,2095
2010-01-07 11:22:25 +00:00
Andy Polyakov
2e24bc421d util/pl/VC-32.pl: bufferoverflowu.lib only when actually needed [from HEAD].
PR: 2086
2010-01-07 11:04:49 +00:00
Dr. Stephen Henson
f244ed3ed2 correct error codes 2010-01-06 18:02:07 +00:00
Dr. Stephen Henson
50a095ed16 Updates to conform with draft-ietf-tls-renegotiation-03.txt:
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
2010-01-06 17:59:41 +00:00
Dr. Stephen Henson
37aff2199e Typo 2010-01-05 17:50:12 +00:00
Dr. Stephen Henson
309aa5fbf3 PR: 2132
Submitted by: steve

Fix bundled pod2man.pl to handle alternative comment formats.
2010-01-05 17:33:20 +00:00
Dr. Stephen Henson
5f40948714 Update RI to match latest spec.
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
2009-12-27 23:03:40 +00:00
Dr. Stephen Henson
c22050be29 Traditional Yuletide commit ;-)
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:11:18 +00:00
Bodo Möller
54ca55fd81 Constify crypto/cast. 2009-12-22 11:45:57 +00:00