Dr. Stephen Henson
78625cac82
Submitted by: Victor Duchovni <Victor.Duchovni@morganstanley.com>
...
Reviewed by: steve@openssl.org
Check return value of sk_SSL_COMP_find() properly.
2009-03-12 17:30:29 +00:00
Ben Laurie
7587347bc4
Fix memory leak.
2009-02-23 16:40:59 +00:00
Ben Laurie
b3f3407850
Use new common flags and fix resulting warnings.
2009-02-15 14:08:51 +00:00
Dr. Stephen Henson
477fd4596f
PR: 1835
...
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org
Fix various typos.
2009-02-14 21:49:38 +00:00
Bodo Möller
d8e8fc4803
Put back a variable deleted by the previous revision,
...
but used in the code.
2009-02-01 01:08:13 +00:00
Richard Levitte
c7ba21493a
Hopefully resolve signed vs unsigned issue.
2009-01-28 07:09:23 +00:00
Dr. Stephen Henson
d7ecd42255
Fix warnings properly this time ;-)
2009-01-11 20:34:23 +00:00
Dr. Stephen Henson
211655fcdd
Fix sign-compare warnings.
2009-01-11 15:58:51 +00:00
Dr. Stephen Henson
bab534057b
Updatde from stable branch.
2009-01-07 23:44:27 +00:00
Lutz Jänicke
fceac0bc74
Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP
...
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
2009-01-05 14:43:05 +00:00
Ben Laurie
4a94003a51
srvr_ecdh cannot be NULL at this point (Coverity ID 232).
2009-01-02 12:49:07 +00:00
Ben Laurie
d41c785d69
Document dead code.
2008-12-30 13:02:02 +00:00
Ben Laurie
2bd45dc94c
Apparently s->ctx could be NULL. (Coverity ID 147).
2008-12-29 16:15:27 +00:00
Ben Laurie
121f9e743c
Apparently s->ctx could be NULL at this point (see earlier
...
test). (Coverity ID 148).
2008-12-29 16:13:49 +00:00
Ben Laurie
0eab41fb78
If we're going to return errors (no matter how stupid), then we should
...
test for them!
2008-12-29 16:11:58 +00:00
Ben Laurie
8aa02e97a7
Make sure a bad parameter to RSA_verify_PKCS1_PSS() doesn't lead to a crash.
...
(Coverity ID 135).
2008-12-29 13:35:08 +00:00
Ben Laurie
85e878f224
Die earlier if hash is NULL. (Coverity IDs 137 & 138).
2008-12-29 11:54:56 +00:00
Ben Laurie
fe1c7fecf1
Reverse incorrect earlier fix.
2008-12-29 11:47:08 +00:00
Ben Laurie
0e941da6fa
Die earlier if we have no hash function.
2008-12-29 11:46:44 +00:00
Ben Laurie
9b9cb004f7
Deal with the unlikely event that EVP_MD_CTX_size() returns an error.
...
(Coverity ID 140).
2008-12-27 02:09:24 +00:00
Ben Laurie
6ba71a7173
Handle the unlikely event that BIO_get_mem_data() returns -ve.
2008-12-27 02:00:38 +00:00
Dr. Stephen Henson
70531c147c
Make no-engine work again.
2008-12-20 17:04:40 +00:00
Ben Laurie
a9dbe71ee0
Back out pointless change.
2008-12-13 17:45:49 +00:00
Ben Laurie
ecd3370ba0
*** empty log message ***
2008-12-13 17:45:27 +00:00
Dr. Stephen Henson
349e78e2e8
Stop warning about different const qualifiers.
2008-11-24 17:39:42 +00:00
Ben Laurie
f3b7bdadbc
Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks.
2008-11-16 12:47:12 +00:00
Dr. Stephen Henson
12bf56c017
PR: 1574
...
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org
Ticket override support for EAP-FAST.
2008-11-15 17:18:12 +00:00
Ben Laurie
774b2fe700
Aftermath of a clashing size_t fix (now only format changes).
2008-11-13 09:48:47 +00:00
Geoff Thorpe
6343829a39
Revert the size_t modifications from HEAD that had led to more
...
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
7b808412c9
Make -DKSSL_DEBUG work again.
2008-11-10 19:08:37 +00:00
Dr. Stephen Henson
c76fd290be
Fix warnings about mismatched prototypes, undefined size_t and value computed
...
not used.
2008-11-02 12:50:48 +00:00
Ben Laurie
5e4430e70d
More size_tification.
2008-11-01 16:40:37 +00:00
Ben Laurie
bfaead2b12
Fix warning.
2008-10-29 05:10:09 +00:00
Dr. Stephen Henson
ab7e09f59b
Win32 fixes... add new directory to build system. Fix warnings.
2008-10-27 12:31:13 +00:00
Dr. Stephen Henson
e19106f5fb
Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
...
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.
This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Dr. Stephen Henson
606f6c477a
Fix a shed load or warnings:
...
Duplicate const.
Use of ; outside function.
2008-10-20 15:12:00 +00:00
Lutz Jänicke
b8dfde2a36
Remove the DTLS1_BAD_VER thing from 0.9.9-dev. It is present in 0.9.8
...
but has been omitted from HEAD (0.9.9), see commit
http://cvs.openssl.org/chngview?cn=16627
by appro.
2008-10-13 06:45:59 +00:00
Lutz Jänicke
570006f3a2
Half of the commit for 0.9.8 as the bitmap handling has changed.
...
(Firstly... ommitted)
Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-10-13 06:43:03 +00:00
Ben Laurie
babb379849
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
Ben Laurie
6665ef303e
Add missing DTLS1_BAD_VER (hope I got the value right).
2008-10-12 14:04:34 +00:00
Lutz Jänicke
7e7af0bc51
When the underlying BIO_write() fails to send a datagram, we leave the
...
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().
The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-10-10 10:41:35 +00:00
Bodo Möller
837f2fc7a4
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
...
enable disabled ciphersuites.
2008-09-22 21:22:47 +00:00
Bodo Möller
96562f2fb3
update comment
2008-09-14 19:50:55 +00:00
Bodo Möller
fcbdde0dfe
oops
2008-09-14 18:16:07 +00:00
Andy Polyakov
51ec776b7d
dtls1_write_bytes consumers expect amount of bytes written per call, not
...
overall.
PR: 1604
2008-09-14 17:56:15 +00:00
Bodo Möller
e65bcbcef0
Fix SSL state transitions.
...
Submitted by: Nagendra Modadugu
2008-09-14 14:02:07 +00:00
Bodo Möller
f8d6be3f81
Some precautions to avoid potential security-relevant problems.
2008-09-14 13:42:34 +00:00
Andy Polyakov
d493899579
DTLS didn't handle alerts correctly.
...
PR: 1632
2008-09-13 18:24:38 +00:00
Dr. Stephen Henson
3ad74edce8
Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new
...
strength "FIPS" to represent all FIPS approved ciphersuites without NULL
encryption.
2008-09-10 16:02:09 +00:00
Dr. Stephen Henson
e8da6a1d0f
Fix from stable branch.
2008-09-03 22:17:11 +00:00