Commit Graph

9307 Commits

Author SHA1 Message Date
Dr. Stephen Henson
e6f418bcb7 Compression handling on session resume was badly broken: it always
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
2009-12-31 14:13:30 +00:00
Dr. Stephen Henson
5e63121758 Include CHANGES entry for external cache 2009-12-31 13:58:57 +00:00
Andy Polyakov
2f4c1dc86c b_sock.c: correct indirect calls on WinSock platforms.
PR: 2130
Submitted by: Eugeny Gostyukhin
2009-12-30 12:55:23 +00:00
Andy Polyakov
f87e307875 Adapt mingw config for newer mingw environment. Note modified conditional
compilation in e_capi.c.
PR: 2113
2009-12-30 11:46:54 +00:00
Andy Polyakov
70b76d392f ppccap.c: fix compiler warning and perform sanity check outside signal masking.
ppc64-mont.pl: clarify comment and fix spelling.
2009-12-29 11:18:16 +00:00
Andy Polyakov
6a9d28f9e4 Deploy multilib config-line parameter. It was added in February to allow
for kind of installation suggested in ticket #2003 from August. What it
effectively does now, is arrange pre-configured default $libdir value.
Note that it also fixes ENGINESDIR, i.e. harmonizes it with install path.
2009-12-29 10:33:37 +00:00
Andy Polyakov
3fc2efd241 PA-RISC assembler: missing symbol and typos. 2009-12-28 16:13:35 +00:00
Dr. Stephen Henson
76774c5ea1 return v1.1 methods for client/server 2009-12-28 00:31:16 +00:00
Dr. Stephen Henson
35b0ea4efe Add simple external session cache to s_server. This serialises sessions
just like a "real" server making it easier to trace any problems.
2009-12-27 23:24:45 +00:00
Dr. Stephen Henson
73527122c9 Typo 2009-12-27 23:02:50 +00:00
Dr. Stephen Henson
d68015764e Update RI to match latest spec.
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
2009-12-27 22:58:55 +00:00
Andy Polyakov
b57599b70c Update sha512-parisc.pl and add make rules. 2009-12-27 21:05:19 +00:00
Andy Polyakov
cb3b9b1323 Throw in more PA-RISC assembler. 2009-12-27 20:49:40 +00:00
Andy Polyakov
beef714599 Switch to new uplink assembler. 2009-12-27 20:38:32 +00:00
Andy Polyakov
d741cf2267 ppccap.c: tidy up.
ppc64-mont.pl: missing predicate in commentary.
2009-12-27 11:25:24 +00:00
Andy Polyakov
b4b48a107c ppc64-mont.pl: adapt for 32-bit and engage for all builds. 2009-12-26 21:30:13 +00:00
Dr. Stephen Henson
7e765bf29a Traditional Yuletide commit ;-)
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:13:11 +00:00
Bodo Möller
8580f8015f Use properly local variables for thread-safety.
Submitted by: Martin Rex
2009-12-22 11:52:17 +00:00
Bodo Möller
f21516075f Constify crypto/cast. 2009-12-22 11:46:00 +00:00
Bodo Möller
7427379e9b Constify crypto/cast. 2009-12-22 10:58:33 +00:00
Dr. Stephen Henson
fbed9f8158 Alert to use is now defined in spec: update code 2009-12-17 15:42:52 +00:00
Dr. Stephen Henson
e50858c559 PR: 2127
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check for lookup failures in EVP_PBE_CipherInit().
2009-12-17 15:27:57 +00:00
Dr. Stephen Henson
ef51b4b9b4 New option to enable/disable connection to unpatched servers 2009-12-16 20:25:59 +00:00
Dr. Stephen Henson
c27c9cb4f7 Allow initial connection (but no renegoriation) to servers which don't support
RI.

Reorganise RI checking code and handle some missing cases.
2009-12-14 13:56:04 +00:00
Dr. Stephen Henson
22c2155595 Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL and move SSL_OP_NO_TLSv1_1 2009-12-11 00:23:12 +00:00
Dr. Stephen Henson
b5c002d5a8 clarify docs 2009-12-09 18:16:50 +00:00
Dr. Stephen Henson
4db82571ba Document option clearning functions.
Initial secure renegotiation documentation.
2009-12-09 17:59:29 +00:00
Dr. Stephen Henson
89408580ed remove DEBUG_UNUSED from config for now 2009-12-09 15:56:24 +00:00
Dr. Stephen Henson
a8640f0a7d Check s3 is not NULL 2009-12-09 15:03:44 +00:00
Dr. Stephen Henson
338a61b94e Add patch to crypto/evp which didn't apply from PR#2124 2009-12-09 15:01:39 +00:00
Dr. Stephen Henson
e4bcadb302 Revert lhash patch for PR#2124 2009-12-09 14:59:47 +00:00
Dr. Stephen Henson
fdb2c6e4e5 PR: 2124
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
2009-12-09 13:38:05 +00:00
Dr. Stephen Henson
7661ccadf0 Add ctrls to clear options and mode.
Change RI ctrl so it doesn't clash.
2009-12-09 13:25:16 +00:00
Dr. Stephen Henson
82e610e2cf Send no_renegotiation alert as required by spec. 2009-12-08 19:06:26 +00:00
Dr. Stephen Henson
5430200b8b Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:08 +00:00
Dr. Stephen Henson
13f6d57b1e Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:14:03 +00:00
Dr. Stephen Henson
8025e25113 PR: 2121
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.
2009-12-08 11:37:40 +00:00
Dr. Stephen Henson
637f374ad4 Initial experimental TLSv1.1 support 2009-12-07 13:31:02 +00:00
Dr. Stephen Henson
7e4cae1d2f PR: 2111
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
2009-12-02 15:28:42 +00:00
Dr. Stephen Henson
9d9530255b Update CHANGES. 2009-12-02 15:28:27 +00:00
Dr. Stephen Henson
3533ab1fee Replace the broken SPKAC certification with the correct version. 2009-12-02 14:41:51 +00:00
Dr. Stephen Henson
ec7d16ffdd Check it actually compiles this time ;-) 2009-12-02 14:25:40 +00:00
Dr. Stephen Henson
5656f33cea PR: 2120
Submitted by: steve@openssl.org

Initialize fields correctly if pem_str or info are NULL in  EVP_PKEY_asn1_new().
2009-12-02 13:56:45 +00:00
Dr. Stephen Henson
7f354fa42d Ooops... 2009-12-01 18:40:50 +00:00
Dr. Stephen Henson
6732e14278 check DSA_sign() return value properly 2009-12-01 18:39:33 +00:00
Dr. Stephen Henson
499684404c PR: 2115
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:42:15 +00:00
Dr. Stephen Henson
606c46fb6f PR: 1432
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org

Truncate hash if it is too large: as required by FIPS 186-3.
2009-12-01 17:32:44 +00:00
Dr. Stephen Henson
fed8dbf46d PR: 2118
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org

Check return value of ECDSA_sign() properly.
2009-11-30 13:56:04 +00:00
Dr. Stephen Henson
c2f0203da0 typo 2009-11-29 13:45:42 +00:00
Andy Polyakov
b6bf9e2ea7 bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER.
PR: 2110
2009-11-26 20:52:08 +00:00