Commit graph

7682 commits

Author SHA1 Message Date
Ben Laurie
bb99ce5f80 make update, and more DTLS stuff. 2007-10-11 14:36:59 +00:00
Andy Polyakov
49f42ec0f6 Respect cookie length set by app_gen_cookie_cb [from HEAD].
Submitted by: Alex Lam
2007-10-09 19:31:53 +00:00
Andy Polyakov
91d509f0d9 Make DTLS1 record layer MAC calculation RFC compliant. From HEAD with a
twist: server interoperates with non-compliant pre-0.9.8f client.
2007-10-09 19:22:01 +00:00
Andy Polyakov
d5e858c55f Prohibit RC4 in DTLS [from HEAD]. 2007-10-05 21:05:27 +00:00
Dr. Stephen Henson
fb8fcce2ac Fix from fips branch. 2007-10-05 16:47:04 +00:00
Andy Polyakov
d4736ae701 Set client_version earlier in DTLS (this is 0.9.8 specific). 2007-10-03 10:18:06 +00:00
Andy Polyakov
3e1158522a Oops! This was erroneously left out commit #16633. 2007-10-01 06:28:48 +00:00
Andy Polyakov
57191f86d9 Explicit IV update [from HEAD]. 2007-09-30 22:03:07 +00:00
Andy Polyakov
0a89c575de Make ChangeCipherSpec compliant with DTLS RFC4347. From HEAD with a twist:
server interoperates with non-compliant pre-0.9.8f.
2007-09-30 21:20:59 +00:00
Andy Polyakov
4c860910df DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. From HEAD with a
twist: server allows for non-compliant Finished calculations in order to
enable interop with pre-0.9.8f.
2007-09-30 19:36:32 +00:00
Andy Polyakov
0fc3d51b7d DTLS RFC4347 requires client to use rame random field in reply to
HelloVerifyRequest [from HEAD].
2007-09-30 19:15:46 +00:00
Andy Polyakov
c4b0d7879e Switch for RFC-compliant version encoding in DTLS. From HEAD with a twist:
server accepts even non-compliant encoding in order to enable interop with
pre-0.9.8f clients.
2007-09-30 18:55:59 +00:00
Dr. Stephen Henson
aab1ec3f36 Update from HEAD. 2007-09-28 16:29:24 +00:00
Lutz Jänicke
fbfa11fb29 Typos
PR: 1578
Submitted by: Charles Longeau <chl@tuxfamily.org>
2007-09-24 11:22:31 +00:00
Lutz Jänicke
284498fcef Finish sentence with a "." 2007-09-24 10:58:15 +00:00
Dr. Stephen Henson
07d9808496 Fix from HEAD. 2007-09-23 15:55:54 +00:00
Bodo Möller
4ab0088bfe More changes from HEAD:
- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME
  now that ssl23_client_hello takes care of that

- fix buffer overrun checks in ssl_add_serverhello_tlsext()
2007-09-21 14:05:08 +00:00
Dr. Stephen Henson
3bd1690bfb Fixes from HEAD. 2007-09-21 13:40:51 +00:00
Lutz Jänicke
29f4b05954 The use of the PURIFY macro in ssleay_rand_bytes() is sufficient to
resolve the Valgrind issue with random numbers. Undo the changes to
RAND_bytes() and RAND_pseudo_bytes() that are redundant in this
respect.
Update documentation and FAQ accordingly, as the PURIFY macro is
available at least since 0.9.7.
2007-09-21 10:10:47 +00:00
Ben Laurie
48ca0c99b2 Use PURIFY instead of PEDANTIC. 2007-09-20 12:33:24 +00:00
Dr. Stephen Henson
015052cf7b Clarify wording a little. 2007-09-20 11:32:09 +00:00
Lutz Jänicke
9ce3ee47ba Add FAQ entry on how to get rid of Valgrind warnings.
PR: 521
2007-09-20 07:39:15 +00:00
Lutz Jänicke
2e3fd54337 Add passage to manual page actually reflecting the usage of the
contents of "buf" when calling RAND_*bytes().
2007-09-20 07:24:45 +00:00
Dr. Stephen Henson
625782f7ee Wrap "keep valgrind happy" change in #ifdef PEDANTIC so any entropy in the
buffer can be normally used.
2007-09-19 13:29:05 +00:00
Ben Laurie
1c90899eef Slight bug in dependencies caused occasional unnecessary diffs. Fixed. 2007-09-19 13:10:34 +00:00
Ben Laurie
4f2b7d48b1 make depend 2007-09-19 12:17:11 +00:00
Ben Laurie
458c3900e1 Lingering "security" fix. 2007-09-19 12:16:21 +00:00
Andy Polyakov
ba75b4e750 Wire DES weak_keys to read-only segment [from HEAD]. 2007-09-18 20:59:33 +00:00
Andy Polyakov
ab011d51be Minimize stack utilization in probable_prime [from HEAD]. 2007-09-18 20:55:10 +00:00
Andy Polyakov
898d9b1a87 Remove excessive whitespaces from bio.h. 2007-09-18 20:49:25 +00:00
Bodo Möller
4f9a9d2b79 Make sure that BN_from_montgomery keeps the BIGNUMS in proper format 2007-09-18 16:31:18 +00:00
Dr. Stephen Henson
346f2f93e1 PR: 1560 2007-09-17 17:54:02 +00:00
Dr. Stephen Henson
25b0e072dd PR: 1582 2007-09-17 17:30:01 +00:00
Andy Polyakov
dc13c882fb enc.pod update [from HEAD].
PR: 1529
2007-09-17 16:43:11 +00:00
Andy Polyakov
12a52467c8 Typo in pq_compat.h [note that this file is not present in HEAD].
PR: 1537
2007-09-17 16:21:21 +00:00
Andy Polyakov
22e6c73dcc Mention SHA2 in apps/dgst and openssl.pod.
PR: 1575
2007-09-17 15:57:31 +00:00
Andy Polyakov
53b9696f3f It's inappropraite to override application signal, nor is it appropriate
to shut down Winsock unless we know it won't be used [and we never do]
[from HEAD].
PR: 1439
2007-09-16 18:35:45 +00:00
Andy Polyakov
7e4fe4662b Minor fix in link_[oa].hpux [from HEAD]. 2007-09-16 14:11:51 +00:00
Andy Polyakov
18fd413f37 BSD run-time linkers apparently demand RPATH on .so objects [from HEAD].
PR: 1381
2007-09-16 12:24:17 +00:00
Andy Polyakov
80ed5f84de Make bn2dec work on "SIXTY_FOUR_BIT" platforms [from HEAD].
PR: 1456
2007-09-15 17:05:57 +00:00
Andy Polyakov
b48111df7c More Intel cc fix-ups [from HEAD]. 2007-09-14 19:32:54 +00:00
Andy Polyakov
73e3edd70d It's unfortunate, but we have to disengage DES assembler in linux64-sparcv9
build, because it expects DES_INT and the latter didn't make it to first
0.9.8.
2007-09-14 15:39:49 +00:00
Andy Polyakov
d4cfbdf2c0 Integrate remaining parts of #14247 [from HEAD]. 2007-09-07 12:27:50 +00:00
Dr. Stephen Henson
294f03a812 Reimplement safestack to avoid function pointer casts. 2007-09-06 21:07:43 +00:00
Dr. Stephen Henson
272f9f3d27 Update NEWS file. 2007-09-06 12:59:34 +00:00
Dr. Stephen Henson
927a28ba3b gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.
Fix various "computed value not used" warnings too.
2007-09-06 12:43:54 +00:00
Dr. Stephen Henson
a938c4284e Update from HEAD. 2007-08-31 00:28:51 +00:00
Andy Polyakov
7a44a0cee7 aes_ige update [from HEAD]. 2007-08-30 08:11:25 +00:00
Andy Polyakov
82430309ac darwin platform updates [from HEAD]. 2007-08-30 08:10:39 +00:00
Dr. Stephen Henson
c2079de880 Update from HEAD. 2007-08-28 01:12:44 +00:00