wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7986 commits 20 branches 302 tags 153 MiB
Commit graph

846 commits

Author SHA1 Message Date
Dr. Stephen Henson
d733ef7a69 Update from 1.0.0-stable. 2009-06-30 11:42:50 +00:00
Dr. Stephen Henson
f67f815624 Update from 1.0.0-stable. 2009-06-30 11:22:25 +00:00
Dr. Stephen Henson
ab8fe43fa2 PR: 1942 
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Replace ad-hoc chain builder with X509_verify_cert().
 2009-06-28 16:23:05 +00:00
Dr. Stephen Henson
3f4802a14e PR: 1949 
Submitted by: David.Smith@cern.ch
Approved by: steve@openssl.org

When checking whether to flush the output BIO use BIO_CTRL_WPENDING instead
of BIO_CTRL_INFO. In most cases this will have no effect since the following
BIOs wont buffer. In the case of a following buffering BIO this will check
for any pending data in the whole chain and not just the single BIO.

See:
https://issues.apache.org/bugzilla/show_bug.cgi?id=46952
for a detailed analysis of this issue.
 2009-06-26 15:02:01 +00:00
Dr. Stephen Henson
6daac534d7 Ooops, apply PR #1946 to 0.9.8 too. 2009-06-22 10:32:27 +00:00
Dr. Stephen Henson
1ddf691244 Update from 1.0.0-stable. 2009-06-05 15:05:10 +00:00
Dr. Stephen Henson
d1e107702b Update from HEAD. 2009-06-02 11:23:51 +00:00
Dr. Stephen Henson
996b80f990 Oops, forgot #endif... 2009-05-29 12:09:07 +00:00
Dr. Stephen Henson
1998f60546 Update from 1.0.0-stable. 2009-05-29 12:00:22 +00:00
Dr. Stephen Henson
f86d65110d 0.9.8 version of PR#1931 fix. 2009-05-18 16:22:43 +00:00
Dr. Stephen Henson
4730ea8a38 Fix from 1.0.0-stable branch. 2009-05-18 16:12:56 +00:00
Dr. Stephen Henson
b7d0d35a13 Modified PR#1929 update from 1.0.0-stable. 2009-05-17 16:42:14 +00:00
Dr. Stephen Henson
e12ceb2c92 Reverted fix to PR#1931.. breaks compilation in 0.9.8. 2009-05-17 16:28:13 +00:00
Dr. Stephen Henson
76428da729 Fix from 1.0.0-stable. 2009-05-16 16:23:35 +00:00
Dr. Stephen Henson
6bf4ca0840 Update from 1.0.0-stable. 2009-05-16 16:18:45 +00:00
Dr. Stephen Henson
efa59b8d59 Updates from 1.0.0-stable. 2009-05-16 15:51:59 +00:00
Richard Levitte
48f48d96ce Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda). 
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
 2009-05-15 16:37:29 +00:00
Dr. Stephen Henson
26b82246b1 Update from 1.0.0-stable. 2009-05-13 11:52:29 +00:00
Dr. Stephen Henson
5d577d7eb0 Update from 1.0.0-stable. 2009-04-28 22:02:16 +00:00
Dr. Stephen Henson
a224fe14e9 PR: 1751 
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.
 2009-04-19 18:08:12 +00:00
Dr. Stephen Henson
caeb429055 Update from 1.0.0-stable. 2009-04-16 16:43:18 +00:00
Dr. Stephen Henson
b00c36e366 PR: 1829 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timer bug fix from 1.0.0-stable with fixes.
 2009-04-14 15:20:48 +00:00
Dr. Stephen Henson
1f9a128519 PR: 1647 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Renogotiation bug fix.
 2009-04-14 14:28:33 +00:00
Dr. Stephen Henson
0d399f97dd Submitted by: Darryl Miles <darryl-mailinglists@netbauds.net> 
Approved by: steve@openssl.org

Handle non-blocking I/O properly in SSL_shutdown() call.
 2009-04-07 16:28:30 +00:00
Dr. Stephen Henson
3fdc2c906d PR: 1795 
Submitted by: Peter Edwards <peter.edwards@vordel.com>
Approved by: steve@openssl.org

Avoid race condition by sorting cipher list straight away.
 2009-04-07 12:10:12 +00:00
Dr. Stephen Henson
6252f3bc7c PR: 1827 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix application data in handshake bug.
 2009-04-02 22:34:59 +00:00
Dr. Stephen Henson
4e319926d7 PR: 1828 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS retransmission bug.
 2009-04-02 22:32:16 +00:00
Dr. Stephen Henson
e4f456918f PR: 1826 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Client random bug fix.
 2009-04-02 22:28:35 +00:00
Dr. Stephen Henson
c342341ea1 Ooops, revert patch... due to non-portable gettimeofday call. 2009-04-02 22:19:07 +00:00
Dr. Stephen Henson
9d396bee8e PR: 1829 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timer bug fix.
 2009-04-02 22:16:02 +00:00
Dr. Stephen Henson
a9427c2536 PR: 1838 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS fragment bug.
 2009-04-02 22:12:13 +00:00
Dr. Stephen Henson
1fde5b65c6 Fix from HEAD. 2009-03-12 17:31:18 +00:00
Ben Laurie
241d088156 Fix memory leak. 2009-02-23 16:02:47 +00:00
Dr. Stephen Henson
72f6453c48 PR: 1835 
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
 2009-02-14 21:50:14 +00:00
Dr. Stephen Henson
a00c3c4019 Properly check EVP_VerifyFinal() and similar return values 
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
 2009-01-07 10:48:23 +00:00
Lutz Jänicke
f4677b7960 Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP 
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
 2009-01-05 14:43:07 +00:00
Dr. Stephen Henson
4b253d904d Avoid signed/unsigned compare warnings. 2008-12-29 00:17:36 +00:00
Dr. Stephen Henson
2c17b493b1 Make -DKSSL_DEBUG work again. 2008-11-10 18:55:07 +00:00
Lutz Jänicke
4db3e88459 Firstly, the bitmap we use for replay protection was ending up with zero 
length, so a _single_ pair of packets getting switched around would
cause one of them to be 'dropped'.

Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>
 2008-10-13 06:43:06 +00:00
Lutz Jänicke
ab073bad4f When the underlying BIO_write() fails to send a datagram, we leave the 
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().

The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>
 2008-10-10 10:41:32 +00:00
Bodo Möller
d875413a0b Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't 
enable disabled ciphersuites.
 2008-09-22 21:22:51 +00:00
Dr. Stephen Henson
e852835da6 Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
52702f6f92 Updates to build system from FIPS branch. Make fipscanisterbuild work and 
build FIPS test programs.
 2008-09-17 15:56:42 +00:00
Bodo Möller
446881468c update comment 2008-09-14 19:50:53 +00:00
Bodo Möller
c198c26226 oops 2008-09-14 18:16:09 +00:00
Andy Polyakov
54d6ddba69 dtls1_write_bytes consumers expect amount of bytes written per call, not 
overall [from HEAD].
PR: 1604
 2008-09-14 17:57:03 +00:00
Dr. Stephen Henson
1af12ff1d1 Fix error code discrepancy. 
Make update.
 2008-09-14 16:43:37 +00:00
Bodo Möller
200d00c854 Fix SSL state transitions. 
Submitted by: Nagendra Modadugu
 2008-09-14 14:02:01 +00:00
Bodo Möller
36a4a67b2b Some precautions to avoid potential security-relevant problems. 2008-09-14 13:42:40 +00:00
Andy Polyakov
3413424f01 DTLS didn't handle alerts correctly [from HEAD]. 
PR: 1632
 2008-09-13 18:25:36 +00:00