Commit graph

757 commits

Author SHA1 Message Date
Andy Polyakov
c4b0d7879e Switch for RFC-compliant version encoding in DTLS. From HEAD with a twist:
server accepts even non-compliant encoding in order to enable interop with
pre-0.9.8f clients.
2007-09-30 18:55:59 +00:00
Dr. Stephen Henson
aab1ec3f36 Update from HEAD. 2007-09-28 16:29:24 +00:00
Dr. Stephen Henson
07d9808496 Fix from HEAD. 2007-09-23 15:55:54 +00:00
Bodo Möller
4ab0088bfe More changes from HEAD:
- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME
  now that ssl23_client_hello takes care of that

- fix buffer overrun checks in ssl_add_serverhello_tlsext()
2007-09-21 14:05:08 +00:00
Dr. Stephen Henson
3bd1690bfb Fixes from HEAD. 2007-09-21 13:40:51 +00:00
Ben Laurie
4f2b7d48b1 make depend 2007-09-19 12:17:11 +00:00
Ben Laurie
458c3900e1 Lingering "security" fix. 2007-09-19 12:16:21 +00:00
Dr. Stephen Henson
25b0e072dd PR: 1582 2007-09-17 17:30:01 +00:00
Dr. Stephen Henson
927a28ba3b gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.
Fix various "computed value not used" warnings too.
2007-09-06 12:43:54 +00:00
Dr. Stephen Henson
a938c4284e Update from HEAD. 2007-08-31 00:28:51 +00:00
Dr. Stephen Henson
c2079de880 Update from HEAD. 2007-08-28 01:12:44 +00:00
Dr. Stephen Henson
afdbadc704 Update from HEAD. 2007-08-20 12:44:22 +00:00
Dr. Stephen Henson
865a90eb4f Backport of TLS extension code to OpenSSL 0.9.8.
Include server name and RFC4507bis support.

This is not compiled in by default and must be explicitly enabled with
the Configure option enable-tlsext
2007-08-12 18:59:03 +00:00
Dr. Stephen Henson
761f3b403b Fix more unused value warnings. 2007-07-04 13:09:27 +00:00
Bodo Möller
2c12e7f6f5 Ensure that AES remains the preferred cipher at any given key length.
(This does not really require a special case for Camellia.)
2007-04-25 07:58:32 +00:00
Bodo Möller
c3cc4662af Add SEED encryption algorithm.
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:50:26 +00:00
Bodo Möller
6fd3f3260d stricter session ID context matching 2007-03-21 14:33:01 +00:00
Bodo Möller
d9e262443c oops -- this should have been in 0.9.8e 2007-03-21 14:18:27 +00:00
Dr. Stephen Henson
295de18c8a Fix kerberos ciphersuite bugs introduced with PR:1336. 2007-03-09 14:06:34 +00:00
Ben Laurie
3370b694b9 Make local function static. 2007-03-08 15:52:04 +00:00
Bodo Möller
b2710ee19a remove inconsistency between builds with and without Camellia enabled 2007-02-19 17:55:07 +00:00
Bodo Möller
bbfcc4724d fix incorrect strength bit values for certain Kerberos ciphersuites
Submitted by: Victor Duchovni
2007-02-19 14:47:21 +00:00
Bodo Möller
5f4cc234fb Some fixes for ciphersuite string processing:
- add a workaround provided by Victor Duchovni so that 128- and
  256-bit variants of otherwise identical ciphersuites are treated
  correctly;

- also, correctly skip invalid parts of ciphersuite description strings.

Submitted by: Victor Duchovni, Bodo Moeller
2007-02-17 06:52:42 +00:00
Nils Larsch
d31a13953c ensure that the EVP_CIPHER_CTX object is initialized
PR: 1490
2007-02-16 20:40:07 +00:00
Nils Larsch
6555dfa486 use user-supplied malloc functions for persistent kssl objects
PR: 1467
Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>
2007-02-10 10:40:24 +00:00
Nils Larsch
f418265865 ensure that a ec key is used
PR: 1476
2007-02-07 20:36:40 +00:00
Dr. Stephen Henson
4479ce9c1c Update from HEAD. 2007-01-21 16:07:25 +00:00
Dr. Stephen Henson
34a8c7ec87 Win32 fixes.
Use OPENSSL_NO_RFC3779 instead of OPENSSL_RFC3779: this makes the Win32 scripts
work and is consistent with other options.

Fix Win32 scripts and Configure to process OPENSSL_NO_RFC3779 properly.

Update ordinals.

Change some prototypes for LSB because VC++ 6 doesn't like the */ sequence and thinks it is an invalid end of comment.
2006-11-30 13:04:43 +00:00
Nils Larsch
d4a6240005 replace macros with functions
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-11-29 20:47:15 +00:00
Bodo Möller
5c6f76da0a fix support for receiving fragmented handshake messages 2006-11-29 14:45:14 +00:00
Dr. Stephen Henson
115fc340cb Rebuild error file C source files. 2006-11-21 20:14:46 +00:00
Richard Levitte
7e2bf83100 Fixes for the following claims:
1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336
2006-09-28 12:23:15 +00:00
Mark J. Cox
951dfbb13a Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 11:29:03 +00:00
Dr. Stephen Henson
81780a3b62 Update from HEAD. 2006-09-23 17:30:25 +00:00
Bodo Möller
879b30aaa3 ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
ciphersuite as well
2006-09-11 09:48:46 +00:00
Ben Laurie
616f581650 Fix warning. 2006-07-02 14:43:21 +00:00
Bodo Möller
e6e3f38bfa Fix for previous change: explicitly named ciphersuites are OK to add 2006-06-22 13:07:45 +00:00
Bodo Möller
aa17ab7e57 Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)
2006-06-22 12:35:54 +00:00
Bodo Möller
35908bd040 Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch) 2006-06-20 08:50:33 +00:00
Bodo Möller
0e73294e26 Disable invalid ciphersuites 2006-06-14 17:52:01 +00:00
Bodo Möller
b610f46bae Make sure that AES ciphersuites get priority over Camellia ciphersuites
in the default cipher string.
2006-06-14 13:52:49 +00:00
Bodo Möller
6d2cd23f40 Thread-safety fixes 2006-06-14 08:51:41 +00:00
Bodo Möller
e18eef3d7a Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:42:21 +00:00
Dr. Stephen Henson
b723a7b11b Don't check for padding bug if compression is negotiated.
PR: 1204
2006-05-07 12:27:48 +00:00
Dr. Stephen Henson
cbb0b734c7 If cipher list contains a match for an explicit ciphersuite only match that
one suite.
2006-04-15 00:22:34 +00:00
Nils Larsch
41d4d6721c fix no-dh configure option; patch supplied by Peter Meerwald 2006-02-24 17:58:35 +00:00
Nils Larsch
22d1087e16 backport recent changes from the cvs head 2006-02-08 19:16:33 +00:00
Dr. Stephen Henson
9f85fcefdc Update filenames in makefiles 2006-02-04 01:49:36 +00:00
Nils Larsch
45803988ce make "./configure no-ssl2" work again
PR: 1217
2006-01-15 16:57:01 +00:00
Nils Larsch
82a2cb6f51 fix cipher list order 2006-01-15 07:14:38 +00:00