generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,212 Commits 16 Branches 258 Tags
Commit Graph

1429 Commits

Author SHA1 Message Date
Dr. Stephen Henson
2649ce1ebc Change versions for 0.9.8n-dev 2010-02-26 14:34:24 +00:00
Dr. Stephen Henson
7070cdba4e Prepare for 0.9.8m release 2010-02-25 17:18:23 +00:00
Bodo Möller
3e4da3f7cb Always check bn_wexpend() return values for failure (CVE-2009-3245). 
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
 2010-02-23 10:36:41 +00:00
Bodo Möller
739e0e934a Fix X509_STORE locking 2010-02-19 18:25:39 +00:00
Dr. Stephen Henson
442ac8d259 Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:37:47 +00:00
Dr. Stephen Henson
657b02d0cf PR: 2100 
Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.
 2010-02-17 14:32:01 +00:00
Dr. Stephen Henson
68be98d1a6 update references to new RI RFC 2010-02-12 22:02:07 +00:00
Dr. Stephen Henson
ded27f709c typo 2010-01-27 14:04:51 +00:00
Dr. Stephen Henson
cc62974182 PR: 1949 
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
 2010-01-26 19:40:36 +00:00
Dr. Stephen Henson
81f28ca567 Typo 2010-01-26 12:29:32 +00:00
Dr. Stephen Henson
8b8a2928af prepare for release 2010-01-20 17:26:02 +00:00
Dr. Stephen Henson
c3c3b28818 Fix version handling so it can cope with a major version >3. 
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
 2010-01-13 19:08:45 +00:00
Dr. Stephen Henson
06e2670a57 Modify compression code so it avoids using ex_data free functions. This 
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
 2010-01-13 18:45:03 +00:00
Dr. Stephen Henson
50a095ed16 Updates to conform with draft-ietf-tls-renegotiation-03.txt: 
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
 2010-01-06 17:59:41 +00:00
Bodo Möller
d0e79d7e2c Constify crypto/cast. 2009-12-22 10:59:03 +00:00
Dr. Stephen Henson
ccc3df8c33 New option to enable/disable connection to unpatched servers 2009-12-16 20:34:20 +00:00
Dr. Stephen Henson
cb4823fdd6 Add ctrls to clear options and mode. 
Change RI ctrl so it doesn't clash.
 2009-12-09 13:15:01 +00:00
Dr. Stephen Henson
17bb051628 Send no_renegotiation alert as required by spec. 2009-12-08 19:05:49 +00:00
Dr. Stephen Henson
59f44e810b Add ctrl and macro so we can determine if peer support secure renegotiation. 
Fix SSL_CIPHER initialiser for mcsv
 2009-12-08 13:47:28 +00:00
Dr. Stephen Henson
7a014dceb6 Add support for magic cipher suite value (MCSV). Make secure renegotiation 
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
 2009-12-08 13:15:38 +00:00
Dr. Stephen Henson
1ff44a99a4 PR: 2111 
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
 2009-12-02 15:27:19 +00:00
Bodo Möller
553d2e3280 (whitespace) 2009-11-26 18:35:33 +00:00
Bodo Möller
82fb4ee89d The version numbering may change, again; so be careful about what we 
announce in CHANGES.
 2009-11-26 17:30:07 +00:00
Bodo Möller
389fef6c9c Remove attribution -- this wasn't my patch, I only edited and applied it. 2009-11-26 17:28:27 +00:00
Bodo Möller
b6622f9623 Remove obsolete information about a change for 0.9.7n. 
(No further releases from the 0.9.7 branch are planned.  Note that the
"deleted" change is also in 0.9.8f.)
 2009-11-26 17:25:38 +00:00
Ben Laurie
c2b78c31d6 First cut of renegotiation extension. 2009-11-08 14:51:54 +00:00
Ben Laurie
949fbf073a Disable renegotiation. 2009-11-05 11:28:37 +00:00
Dr. Stephen Henson
2a8834cf89 Fix stateless session resumption so it can coexist with SNI 2009-10-30 13:28:07 +00:00
Dr. Stephen Henson
afff063a14 Add CHANGES entry. 2009-09-13 11:23:37 +00:00
Dr. Stephen Henson
d0969d24cf Add new option --strict-warnings to Configure script. This is used to add 
in devteam warnings into other configurations.
 2009-09-09 16:30:49 +00:00
Dr. Stephen Henson
985b5ee735 PR: 2003 
Make it possible to install OpenSSL in directories with name other
than "lib" for example "lib64". Based on patch from Jeremy Utley.
 2009-08-10 14:37:51 +00:00
Dr. Stephen Henson
136b5dc7c7 Add missing CHANGES entry for OID 0x80 fix. 2009-08-09 15:40:03 +00:00
Dr. Stephen Henson
856f3005de Document MD2 deprecation. 2009-07-13 11:53:53 +00:00
Dr. Stephen Henson
e7e7f5de4b PR: 1960 
Approved by: steve@openssl.org

Encode compression id in {i2d,d2i}_SSL_SESSION().
 2009-06-30 22:20:46 +00:00
Dr. Stephen Henson
ab8fe43fa2 PR: 1942 
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Replace ad-hoc chain builder with X509_verify_cert().
 2009-06-28 16:23:05 +00:00
Dr. Stephen Henson
9aecc3e5ff Update from 1.0.0-stable. 2009-06-26 11:34:22 +00:00
Dr. Stephen Henson
51ebaa9f82 Correct CHANGES entry. 2009-06-17 11:58:17 +00:00
Dr. Stephen Henson
efaa569c3b PR: 1943 
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org

Rename uni2asc and asc2uni on Netware to avoid a name clash.
 2009-06-17 11:55:51 +00:00
Dr. Stephen Henson
1e53b797f6 Don't check self-signed signature in X509_verify_cert(), the check just 
wastes processing time and doesn't add any security.
 2009-06-15 14:52:38 +00:00
Mark J. Cox
0b8eca58b9 Update changelog to show fix for PR1679 as per Tomas Hoger's testing: 
http://thread.gmane.org/gmane.comp.security.oss.general/1769/focus=1814
 2009-06-02 09:20:52 +00:00
Mark J. Cox
a176be48a2 Add the corresponding CVE names to the CHANGES entry for 0.9.8 branch 2009-05-26 08:21:56 +00:00
Dr. Stephen Henson
f47bce27e3 Add CHANGES entries for security relate issues PR#1923, PR#1930 and PR#1931. 2009-05-18 17:34:16 +00:00
Dr. Stephen Henson
0d399f97dd Submitted by: Darryl Miles <darryl-mailinglists@netbauds.net> 
Approved by: steve@openssl.org

Handle non-blocking I/O properly in SSL_shutdown() call.
 2009-04-07 16:28:30 +00:00
Dr. Stephen Henson
7a746ecf3e Typo. 2009-03-25 22:22:42 +00:00
Dr. Stephen Henson
aca8bf43ce Submitted by: Ilya O. <vrghost@gmail.com> 
Approved by: steve@openssl.org

Add 2.5.4.* OIDs.
 2009-03-25 19:01:03 +00:00
Dr. Stephen Henson
7de0df694f Prepare for next version. 2009-03-25 13:02:49 +00:00
Dr. Stephen Henson
e10051ef3f Prepare for 0.9.8k release. 2009-03-25 10:46:56 +00:00
Dr. Stephen Henson
c60dca1f95 PR: 1868 
Submitted by: Paolo Ganci <Paolo.Ganci@AdNovum.CH>
Approved by: steve@openssl.org

Don't set fields to NULL when freeing them up in ASN1 code. On some platforms
with sizeof(long) < sizeof(char *) this can cause a crash.
 2009-03-25 10:42:34 +00:00
Dr. Stephen Henson
188abf7e2a Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com> 
Approved by: steve@openssl.org

Check return code properly in CMS_SignerInfo_verify_content().
 2009-03-25 10:40:32 +00:00
Dr. Stephen Henson
f021b7cca6 Reject BMPStrings and UniversalStrings of invalid length. This prevents 
a crash in ASN1_STRING_print_ex() which assumes they are valid.
 2009-03-25 10:35:57 +00:00