Commit Graph

9198 Commits

Author SHA1 Message Date
Dr. Stephen Henson
73527122c9 Typo 2009-12-27 23:02:50 +00:00
Dr. Stephen Henson
d68015764e Update RI to match latest spec.
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
2009-12-27 22:58:55 +00:00
Andy Polyakov
b57599b70c Update sha512-parisc.pl and add make rules. 2009-12-27 21:05:19 +00:00
Andy Polyakov
cb3b9b1323 Throw in more PA-RISC assembler. 2009-12-27 20:49:40 +00:00
Andy Polyakov
beef714599 Switch to new uplink assembler. 2009-12-27 20:38:32 +00:00
Andy Polyakov
d741cf2267 ppccap.c: tidy up.
ppc64-mont.pl: missing predicate in commentary.
2009-12-27 11:25:24 +00:00
Andy Polyakov
b4b48a107c ppc64-mont.pl: adapt for 32-bit and engage for all builds. 2009-12-26 21:30:13 +00:00
Dr. Stephen Henson
7e765bf29a Traditional Yuletide commit ;-)
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:13:11 +00:00
Bodo Möller
8580f8015f Use properly local variables for thread-safety.
Submitted by: Martin Rex
2009-12-22 11:52:17 +00:00
Bodo Möller
f21516075f Constify crypto/cast. 2009-12-22 11:46:00 +00:00
Bodo Möller
7427379e9b Constify crypto/cast. 2009-12-22 10:58:33 +00:00
Dr. Stephen Henson
fbed9f8158 Alert to use is now defined in spec: update code 2009-12-17 15:42:52 +00:00
Dr. Stephen Henson
e50858c559 PR: 2127
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check for lookup failures in EVP_PBE_CipherInit().
2009-12-17 15:27:57 +00:00
Dr. Stephen Henson
ef51b4b9b4 New option to enable/disable connection to unpatched servers 2009-12-16 20:25:59 +00:00
Dr. Stephen Henson
c27c9cb4f7 Allow initial connection (but no renegoriation) to servers which don't support
RI.

Reorganise RI checking code and handle some missing cases.
2009-12-14 13:56:04 +00:00
Dr. Stephen Henson
22c2155595 Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL and move SSL_OP_NO_TLSv1_1 2009-12-11 00:23:12 +00:00
Dr. Stephen Henson
b5c002d5a8 clarify docs 2009-12-09 18:16:50 +00:00
Dr. Stephen Henson
4db82571ba Document option clearning functions.
Initial secure renegotiation documentation.
2009-12-09 17:59:29 +00:00
Dr. Stephen Henson
89408580ed remove DEBUG_UNUSED from config for now 2009-12-09 15:56:24 +00:00
Dr. Stephen Henson
a8640f0a7d Check s3 is not NULL 2009-12-09 15:03:44 +00:00
Dr. Stephen Henson
338a61b94e Add patch to crypto/evp which didn't apply from PR#2124 2009-12-09 15:01:39 +00:00
Dr. Stephen Henson
e4bcadb302 Revert lhash patch for PR#2124 2009-12-09 14:59:47 +00:00
Dr. Stephen Henson
fdb2c6e4e5 PR: 2124
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
2009-12-09 13:38:05 +00:00
Dr. Stephen Henson
7661ccadf0 Add ctrls to clear options and mode.
Change RI ctrl so it doesn't clash.
2009-12-09 13:25:16 +00:00
Dr. Stephen Henson
82e610e2cf Send no_renegotiation alert as required by spec. 2009-12-08 19:06:26 +00:00
Dr. Stephen Henson
5430200b8b Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:08 +00:00
Dr. Stephen Henson
13f6d57b1e Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:14:03 +00:00
Dr. Stephen Henson
8025e25113 PR: 2121
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.
2009-12-08 11:37:40 +00:00
Dr. Stephen Henson
637f374ad4 Initial experimental TLSv1.1 support 2009-12-07 13:31:02 +00:00
Dr. Stephen Henson
7e4cae1d2f PR: 2111
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
2009-12-02 15:28:42 +00:00
Dr. Stephen Henson
9d9530255b Update CHANGES. 2009-12-02 15:28:27 +00:00
Dr. Stephen Henson
3533ab1fee Replace the broken SPKAC certification with the correct version. 2009-12-02 14:41:51 +00:00
Dr. Stephen Henson
ec7d16ffdd Check it actually compiles this time ;-) 2009-12-02 14:25:40 +00:00
Dr. Stephen Henson
5656f33cea PR: 2120
Submitted by: steve@openssl.org

Initialize fields correctly if pem_str or info are NULL in  EVP_PKEY_asn1_new().
2009-12-02 13:56:45 +00:00
Dr. Stephen Henson
7f354fa42d Ooops... 2009-12-01 18:40:50 +00:00
Dr. Stephen Henson
6732e14278 check DSA_sign() return value properly 2009-12-01 18:39:33 +00:00
Dr. Stephen Henson
499684404c PR: 2115
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:42:15 +00:00
Dr. Stephen Henson
606c46fb6f PR: 1432
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org

Truncate hash if it is too large: as required by FIPS 186-3.
2009-12-01 17:32:44 +00:00
Dr. Stephen Henson
fed8dbf46d PR: 2118
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org

Check return value of ECDSA_sign() properly.
2009-11-30 13:56:04 +00:00
Dr. Stephen Henson
c2f0203da0 typo 2009-11-29 13:45:42 +00:00
Andy Polyakov
b6bf9e2ea7 bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER.
PR: 2110
2009-11-26 20:52:08 +00:00
Dr. Stephen Henson
d2a53c2238 Experimental CMS password based recipient Info support. 2009-11-26 18:57:39 +00:00
Bodo Möller
480af99ef4 Make CHANGES in CVS head consistent with the CHANGES files in the
branches.

This means that http://www.openssl.org/news/changelog.html will
finally describe 0.9.8l.
2009-11-26 18:43:17 +00:00
Dr. Stephen Henson
f2334630a7 Add OID for PWRI KEK algorithm. 2009-11-25 22:07:49 +00:00
Dr. Stephen Henson
007f7ec1bd Add PBKFD2 prototype. 2009-11-25 22:07:22 +00:00
Dr. Stephen Henson
3d63b3966f Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat
and is a pre-requisite to adding password based CMS support.
2009-11-25 22:01:06 +00:00
Andy Polyakov
451038b40c cms-test.pl: use EXE_EXT.
PR: 2107
2009-11-23 20:28:17 +00:00
Andy Polyakov
7766bc1a19 util/pl/VC-32.pl: bufferoverflowu.lib only when actually needed and
eliminate duplicate code.
PR: 2086
2009-11-19 22:29:03 +00:00
Dr. Stephen Henson
6cef3a7f9c Servers can't end up talking SSLv2 with legacy renegotiation disabled 2009-11-18 15:09:44 +00:00
Dr. Stephen Henson
4d09323a63 Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation 2009-11-18 14:45:48 +00:00