wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8312 commits 20 branches 302 tags 153 MiB
Commit graph

8312 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andy Polyakov
66956eaba3 x86_64-xlate.pl: refine sign extension logic when handling lea [from HEAD]. 
PR: 2094,2095
 2010-01-19 21:45:16 +00:00
Dr. Stephen Henson
444ff35029 revert patch 2010-01-19 19:10:53 +00:00
Dr. Stephen Henson
ff2549be1d PR: 2144 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Better fix for PR#2144
 2010-01-19 19:10:03 +00:00
Andy Polyakov
2557c6a812 Valgrind fix to aes-x86_64.pl in 0.9.8. For reference, newer aes-x86_64.pl 
don't suffer from the problem after Win64 SEH support was added.
PR: 2075
Submitted by: Peter Klotz
 2010-01-17 19:43:49 +00:00
Dr. Stephen Henson
aae48de0f7 PR: 2144 
Submitted by: steve@openssl.org

Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.
 2010-01-16 19:45:46 +00:00
Dr. Stephen Henson
766708f24b PR: 2133 
Submitted by: steve@openssl.org

Add missing DTLS state strings.
 2010-01-16 19:18:31 +00:00
Dr. Stephen Henson
fbeb4a9d15 Add strings for DTLS protocol versions 2010-01-16 19:02:43 +00:00
Dr. Stephen Henson
24fc4f656c PR: 1618 
Submitted by: steve@openssl.org

Fix bug in 0.9.8-stable time handling in ca.c . NB: this only handles cases
where times are not being checked or printed properly. Issues relating to
time_t becoming negative or wrapping around are *NOT* addressed. OpenSSL
1.0.0 and later does fix these issues by using its own time routines.
 2010-01-14 17:44:46 +00:00
Dr. Stephen Henson
c3c3b28818 Fix version handling so it can cope with a major version >3. 
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
 2010-01-13 19:08:45 +00:00
Dr. Stephen Henson
06e2670a57 Modify compression code so it avoids using ex_data free functions. This 
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
 2010-01-13 18:45:03 +00:00
Dr. Stephen Henson
3798a4d059 Simplify RI+SCSV logic: 
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
 2010-01-07 19:09:32 +00:00
Andy Polyakov
5b8246d6eb x86_64-xlate.pl: new gas requires sign extention in lea instruction 
[from HEAD].
PR: 2094,2095
 2010-01-07 11:22:25 +00:00
Andy Polyakov
2e24bc421d util/pl/VC-32.pl: bufferoverflowu.lib only when actually needed [from HEAD]. 
PR: 2086
 2010-01-07 11:04:49 +00:00
Dr. Stephen Henson
f244ed3ed2 correct error codes 2010-01-06 18:02:07 +00:00
Dr. Stephen Henson
50a095ed16 Updates to conform with draft-ietf-tls-renegotiation-03.txt: 
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
 2010-01-06 17:59:41 +00:00
Dr. Stephen Henson
37aff2199e Typo 2010-01-05 17:50:12 +00:00
Dr. Stephen Henson
309aa5fbf3 PR: 2132 
Submitted by: steve

Fix bundled pod2man.pl to handle alternative comment formats.
 2010-01-05 17:33:20 +00:00
Dr. Stephen Henson
5f40948714 Update RI to match latest spec. 
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
 2009-12-27 23:03:40 +00:00
Dr. Stephen Henson
c22050be29 Traditional Yuletide commit ;-) 
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
 2009-12-25 14:11:18 +00:00
Bodo Möller
54ca55fd81 Constify crypto/cast. 2009-12-22 11:45:57 +00:00
Bodo Möller
d0e79d7e2c Constify crypto/cast. 2009-12-22 10:59:03 +00:00
Dr. Stephen Henson
c1003dfd15 Ooops, engage ENGINE initialisation code correctly in FIPS builds. 2009-12-17 16:38:18 +00:00
Dr. Stephen Henson
98809a1458 Alert to use is now defined in spec: update code 2009-12-17 15:42:25 +00:00
Dr. Stephen Henson
ccc3df8c33 New option to enable/disable connection to unpatched servers 2009-12-16 20:34:20 +00:00
Dr. Stephen Henson
593a6dbe19 add another missed case 2009-12-14 01:32:47 +00:00
Dr. Stephen Henson
efbe446f1a simplify RI error code and catch extra error case ignored before 2009-12-14 01:28:51 +00:00
Dr. Stephen Henson
725745d105 Allow initial connection (but no renegoriation) to servers which don't support 
RI.
 2009-12-14 01:09:01 +00:00
Ben Laurie
c0e94f8292 Missing newline. 2009-12-12 11:10:25 +00:00
Dr. Stephen Henson
ef4bd0167c Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL 2009-12-11 00:22:12 +00:00
Dr. Stephen Henson
7a8a3ef4f6 clarify docs 2009-12-09 18:17:21 +00:00
Dr. Stephen Henson
98c7b0367d Document option clearning functions. 
Initial secure renegotiation documentation.
 2009-12-09 18:01:07 +00:00
Dr. Stephen Henson
9e5dea0ffd PR: 2124 
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
 2009-12-09 13:41:50 +00:00
Dr. Stephen Henson
cb4823fdd6 Add ctrls to clear options and mode. 
Change RI ctrl so it doesn't clash.
 2009-12-09 13:15:01 +00:00
Dr. Stephen Henson
17bb051628 Send no_renegotiation alert as required by spec. 2009-12-08 19:05:49 +00:00
Dr. Stephen Henson
59f44e810b Add ctrl and macro so we can determine if peer support secure renegotiation. 
Fix SSL_CIPHER initialiser for mcsv
 2009-12-08 13:47:28 +00:00
Dr. Stephen Henson
7a014dceb6 Add support for magic cipher suite value (MCSV). Make secure renegotiation 
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
 2009-12-08 13:15:38 +00:00
Dr. Stephen Henson
1ff44a99a4 PR: 2111 
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
 2009-12-02 15:27:19 +00:00
Dr. Stephen Henson
6cf61614e4 Replace the broken SPKAC certification with the correct version. 2009-12-02 14:39:12 +00:00
Dr. Stephen Henson
82e448b92b PR: 2115 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
 2009-12-01 17:40:46 +00:00
Dr. Stephen Henson
b172352b52 PR: 1432 
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org

Truncate hash if it is too large: as required by FIPS 186-3.
 2009-12-01 17:32:16 +00:00
Dr. Stephen Henson
95b14fd803 typo 2009-11-29 13:44:59 +00:00
Bodo Möller
553d2e3280 (whitespace) 2009-11-26 18:35:33 +00:00
Bodo Möller
82fb4ee89d The version numbering may change, again; so be careful about what we 
announce in CHANGES.
 2009-11-26 17:30:07 +00:00
Bodo Möller
389fef6c9c Remove attribution -- this wasn't my patch, I only edited and applied it. 2009-11-26 17:28:27 +00:00
Bodo Möller
b6622f9623 Remove obsolete information about a change for 0.9.7n. 
(No further releases from the 0.9.7 branch are planned.  Note that the
"deleted" change is also in 0.9.8f.)
 2009-11-26 17:25:38 +00:00
Dr. Stephen Henson
7f5448e3a8 Servers can't end up talking SSLv2 with legacy renegotiation disabled 2009-11-18 15:08:49 +00:00
Dr. Stephen Henson
5d965f0783 Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation 2009-11-18 14:43:27 +00:00
Dr. Stephen Henson
b14713c231 Include a more meaningful error message when rejecting legacy renegotiation 2009-11-18 14:24:00 +00:00
Dr. Stephen Henson
637e0ba420 PR: 2094 
Submitted by: Arkadiusz Miskiewicz <arekm@maven.pl>
Approved by: steve@openssl.org

Fix for out range of signed 32bit displacement error on newer binutils.
 2009-11-13 14:14:46 +00:00
Dr. Stephen Henson
9ac37cb018 PR: 2084 
Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org

Parallel build fix.
 2009-11-13 14:09:45 +00:00