Dr. Stephen Henson
73527122c9
Typo
2009-12-27 23:02:50 +00:00
Dr. Stephen Henson
d68015764e
Update RI to match latest spec.
...
MCSV is now called SCSV.
Don't send SCSV if renegotiating.
Also note if RI is empty in debug messages.
2009-12-27 22:58:55 +00:00
Andy Polyakov
b57599b70c
Update sha512-parisc.pl and add make rules.
2009-12-27 21:05:19 +00:00
Andy Polyakov
cb3b9b1323
Throw in more PA-RISC assembler.
2009-12-27 20:49:40 +00:00
Andy Polyakov
beef714599
Switch to new uplink assembler.
2009-12-27 20:38:32 +00:00
Andy Polyakov
d741cf2267
ppccap.c: tidy up.
...
ppc64-mont.pl: missing predicate in commentary.
2009-12-27 11:25:24 +00:00
Andy Polyakov
b4b48a107c
ppc64-mont.pl: adapt for 32-bit and engage for all builds.
2009-12-26 21:30:13 +00:00
Dr. Stephen Henson
7e765bf29a
Traditional Yuletide commit ;-)
...
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:13:11 +00:00
Bodo Möller
8580f8015f
Use properly local variables for thread-safety.
...
Submitted by: Martin Rex
2009-12-22 11:52:17 +00:00
Bodo Möller
f21516075f
Constify crypto/cast.
2009-12-22 11:46:00 +00:00
Bodo Möller
7427379e9b
Constify crypto/cast.
2009-12-22 10:58:33 +00:00
Dr. Stephen Henson
fbed9f8158
Alert to use is now defined in spec: update code
2009-12-17 15:42:52 +00:00
Dr. Stephen Henson
e50858c559
PR: 2127
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check for lookup failures in EVP_PBE_CipherInit().
2009-12-17 15:27:57 +00:00
Dr. Stephen Henson
ef51b4b9b4
New option to enable/disable connection to unpatched servers
2009-12-16 20:25:59 +00:00
Dr. Stephen Henson
c27c9cb4f7
Allow initial connection (but no renegoriation) to servers which don't support
...
RI.
Reorganise RI checking code and handle some missing cases.
2009-12-14 13:56:04 +00:00
Dr. Stephen Henson
22c2155595
Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL and move SSL_OP_NO_TLSv1_1
2009-12-11 00:23:12 +00:00
Dr. Stephen Henson
b5c002d5a8
clarify docs
2009-12-09 18:16:50 +00:00
Dr. Stephen Henson
4db82571ba
Document option clearning functions.
...
Initial secure renegotiation documentation.
2009-12-09 17:59:29 +00:00
Dr. Stephen Henson
89408580ed
remove DEBUG_UNUSED from config for now
2009-12-09 15:56:24 +00:00
Dr. Stephen Henson
a8640f0a7d
Check s3 is not NULL
2009-12-09 15:03:44 +00:00
Dr. Stephen Henson
338a61b94e
Add patch to crypto/evp which didn't apply from PR#2124
2009-12-09 15:01:39 +00:00
Dr. Stephen Henson
e4bcadb302
Revert lhash patch for PR#2124
2009-12-09 14:59:47 +00:00
Dr. Stephen Henson
fdb2c6e4e5
PR: 2124
...
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>
Check for memory allocation failures.
2009-12-09 13:38:05 +00:00
Dr. Stephen Henson
7661ccadf0
Add ctrls to clear options and mode.
...
Change RI ctrl so it doesn't clash.
2009-12-09 13:25:16 +00:00
Dr. Stephen Henson
82e610e2cf
Send no_renegotiation alert as required by spec.
2009-12-08 19:06:26 +00:00
Dr. Stephen Henson
5430200b8b
Add ctrl and macro so we can determine if peer support secure renegotiation.
2009-12-08 13:42:08 +00:00
Dr. Stephen Henson
13f6d57b1e
Add support for magic cipher suite value (MCSV). Make secure renegotiation
...
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.
NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.
Change mismatch alerts to handshake_failure as required by spec.
Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:14:03 +00:00
Dr. Stephen Henson
8025e25113
PR: 2121
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Add extension support to DTLS code mainly using existing implementation for
TLS.
2009-12-08 11:37:40 +00:00
Dr. Stephen Henson
637f374ad4
Initial experimental TLSv1.1 support
2009-12-07 13:31:02 +00:00
Dr. Stephen Henson
7e4cae1d2f
PR: 2111
...
Submitted by: Martin Olsson <molsson@opera.com>
Check for bn_wexpand errors in bn_mul.c
2009-12-02 15:28:42 +00:00
Dr. Stephen Henson
9d9530255b
Update CHANGES.
2009-12-02 15:28:27 +00:00
Dr. Stephen Henson
3533ab1fee
Replace the broken SPKAC certification with the correct version.
2009-12-02 14:41:51 +00:00
Dr. Stephen Henson
ec7d16ffdd
Check it actually compiles this time ;-)
2009-12-02 14:25:40 +00:00
Dr. Stephen Henson
5656f33cea
PR: 2120
...
Submitted by: steve@openssl.org
Initialize fields correctly if pem_str or info are NULL in EVP_PKEY_asn1_new().
2009-12-02 13:56:45 +00:00
Dr. Stephen Henson
7f354fa42d
Ooops...
2009-12-01 18:40:50 +00:00
Dr. Stephen Henson
6732e14278
check DSA_sign() return value properly
2009-12-01 18:39:33 +00:00
Dr. Stephen Henson
499684404c
PR: 2115
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:42:15 +00:00
Dr. Stephen Henson
606c46fb6f
PR: 1432
...
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org
Truncate hash if it is too large: as required by FIPS 186-3.
2009-12-01 17:32:44 +00:00
Dr. Stephen Henson
fed8dbf46d
PR: 2118
...
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org
Check return value of ECDSA_sign() properly.
2009-11-30 13:56:04 +00:00
Dr. Stephen Henson
c2f0203da0
typo
2009-11-29 13:45:42 +00:00
Andy Polyakov
b6bf9e2ea7
bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER.
...
PR: 2110
2009-11-26 20:52:08 +00:00
Dr. Stephen Henson
d2a53c2238
Experimental CMS password based recipient Info support.
2009-11-26 18:57:39 +00:00
Bodo Möller
480af99ef4
Make CHANGES in CVS head consistent with the CHANGES files in the
...
branches.
This means that http://www.openssl.org/news/changelog.html will
finally describe 0.9.8l.
2009-11-26 18:43:17 +00:00
Dr. Stephen Henson
f2334630a7
Add OID for PWRI KEK algorithm.
2009-11-25 22:07:49 +00:00
Dr. Stephen Henson
007f7ec1bd
Add PBKFD2 prototype.
2009-11-25 22:07:22 +00:00
Dr. Stephen Henson
3d63b3966f
Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat
...
and is a pre-requisite to adding password based CMS support.
2009-11-25 22:01:06 +00:00
Andy Polyakov
451038b40c
cms-test.pl: use EXE_EXT.
...
PR: 2107
2009-11-23 20:28:17 +00:00
Andy Polyakov
7766bc1a19
util/pl/VC-32.pl: bufferoverflowu.lib only when actually needed and
...
eliminate duplicate code.
PR: 2086
2009-11-19 22:29:03 +00:00
Dr. Stephen Henson
6cef3a7f9c
Servers can't end up talking SSLv2 with legacy renegotiation disabled
2009-11-18 15:09:44 +00:00
Dr. Stephen Henson
4d09323a63
Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation
2009-11-18 14:45:48 +00:00