Matt Caswell
40720ce3ca
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org >
2015-01-22 09:52:55 +00:00
Matt Caswell
13270477f4
Move more comments that confuse indent
...
Conflicts:
crypto/dsa/dsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl_locl.h
Conflicts:
crypto/bn/rsaz_exp.c
crypto/evp/e_aes_cbc_hmac_sha1.c
crypto/evp/e_aes_cbc_hmac_sha256.c
ssl/ssl_locl.h
Conflicts:
crypto/ec/ec2_oct.c
crypto/ec/ecp_nistp256.c
crypto/ec/ecp_nistp521.c
crypto/ec/ecp_nistputil.c
crypto/ec/ecp_oct.c
crypto/modes/gcm128.c
ssl/ssl_locl.h
Conflicts:
apps/apps.c
crypto/crypto.h
crypto/rand/md_rand.c
ssl/d1_pkt.c
ssl/ssl.h
ssl/ssl_locl.h
ssl/ssltest.c
ssl/t1_enc.c
Reviewed-by: Tim Hudson <tjh@openssl.org >
2015-01-22 09:52:21 +00:00
Matt Caswell
c7c7a432df
indent has problems with comments that are on the right hand side of a line.
...
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.
Conflicts:
crypto/bn/bn.h
crypto/ec/ec_lcl.h
crypto/rsa/rsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl.h
ssl/ssl3.h
Conflicts:
crypto/ec/ec_lcl.h
ssl/tls1.h
Conflicts:
crypto/ec/ecp_nistp224.c
crypto/evp/evp.h
ssl/d1_both.c
ssl/ssl.h
ssl/ssl_lib.c
Conflicts:
crypto/bio/bss_file.c
crypto/ec/ec_lcl.h
crypto/evp/evp.h
crypto/store/str_mem.c
crypto/whrlpool/wp_block.c
crypto/x509/x509_vfy.h
ssl/ssl.h
ssl/ssl3.h
ssl/ssltest.c
ssl/t1_lib.c
ssl/tls1.h
Reviewed-by: Tim Hudson <tjh@openssl.org >
2015-01-22 09:50:57 +00:00
Matt Caswell
3e8042c38f
Additional comment changes for reformat of 0.9.8
...
Reviewed-by: Tim Hudson <tjh@openssl.org >
2015-01-22 09:49:06 +00:00
Tim Hudson
b558c8d597
mark all block comments that need format preserving so that
...
indent will not alter them when reformatting comments
(cherry picked from commit 1d97c84351tjh@openssl.org >
2015-01-22 09:48:44 +00:00
Andy Polyakov
fb092ef4fc
ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.
...
Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
(cherry picked from commit 413cbfe68d
2013-02-07 15:03:00 +00:00
Dr. Stephen Henson
924b117422
Timing fix mitigation for FIPS mode.
...
We have to use EVP in FIPS mode so we can only partially mitigate
timing differences.
Make an extra call to HMAC_Update to hash additonal blocks
to cover any timing differences caused by removal of padding.
2013-02-05 16:50:34 +00:00
Dr. Stephen Henson
99f5093347
The cbc functions shouldn't be inside #ifdef OPENSSL_NO_TLSEXT
2013-02-05 16:50:34 +00:00
Ben Laurie
2928cb4c82
Fixups.
2013-02-05 16:50:33 +00:00
Ben Laurie
35a65e814b
Make CBC decoding constant time.
...
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.
This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.
In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc
2013-02-05 16:50:32 +00:00
Dr. Stephen Henson
71a2440ee5
backport OCSP fix enhancement
2012-10-05 13:02:31 +00:00
Ben Laurie
48bcdad0d5
Backport OCSP fix.
2012-10-05 12:50:24 +00:00
Dr. Stephen Henson
5016107550
PR: 2756
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de >
Fix DTLS timeout handling.
2012-03-09 15:51:56 +00:00
Dr. Stephen Henson
fc4015329f
PR: 2602
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de >
Reviewed by: steve
Fix DTLS bug which prevents manual MTU setting
2011-09-23 13:35:32 +00:00
Dr. Stephen Henson
7a014dceb6
Add support for magic cipher suite value (MCSV). Make secure renegotiation
...
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.
NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.
Change mismatch alerts to handshake_failure as required by spec.
Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:15:38 +00:00
Dr. Stephen Henson
82e448b92b
PR: 2115
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de >
Approved by: steve@openssl.org
Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:40:46 +00:00
Ben Laurie
c2b78c31d6
First cut of renegotiation extension.
2009-11-08 14:51:54 +00:00
Dr. Stephen Henson
fbc4a24633
PR: 1997
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de >
Approved by: steve@openssl.org
DTLS timeout handling fix.
2009-08-13 15:14:32 +00:00
Dr. Stephen Henson
efa59b8d59
Updates from 1.0.0-stable.
2009-05-16 15:51:59 +00:00
Dr. Stephen Henson
0d399f97dd
Submitted by: Darryl Miles <darryl-mailinglists@netbauds.net>
...
Approved by: steve@openssl.org
Handle non-blocking I/O properly in SSL_shutdown() call.
2009-04-07 16:28:30 +00:00
Dr. Stephen Henson
4e319926d7
PR: 1828
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de >
Approved by: steve@openssl.org
Fix DTLS retransmission bug.
2009-04-02 22:32:16 +00:00
Lutz Jänicke
f4677b7960
Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP
...
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
2009-01-05 14:43:07 +00:00
Bodo Möller
446881468c
update comment
2008-09-14 19:50:53 +00:00
Dr. Stephen Henson
14748adb09
Make ssl code consistent with FIPS branch. The new code has no effect
...
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
2008-06-16 16:56:43 +00:00
Dr. Stephen Henson
4aefb1dd98
Backport more ENGINE SSL client auth code to 0.9.8.
2008-06-04 18:35:27 +00:00
Dr. Stephen Henson
a523276786
Backport certificate status request TLS extension support to 0.9.8.
2007-10-12 00:00:36 +00:00
Andy Polyakov
d5e858c55f
Prohibit RC4 in DTLS [from HEAD].
2007-10-05 21:05:27 +00:00
Dr. Stephen Henson
afdbadc704
Update from HEAD.
2007-08-20 12:44:22 +00:00
Dr. Stephen Henson
865a90eb4f
Backport of TLS extension code to OpenSSL 0.9.8.
...
Include server name and RFC4507bis support.
This is not compiled in by default and must be explicitly enabled with
the Configure option enable-tlsext
2007-08-12 18:59:03 +00:00
Bodo Möller
c3cc4662af
Add SEED encryption algorithm.
...
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:50:26 +00:00
Bodo Möller
e18eef3d7a
Camellia cipher, contributed by NTT
...
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:42:21 +00:00
Nils Larsch
cd9911fdf8
initialize cipher/digest methods table in SSL_library_init() and hence remove the need for a lock
2005-08-21 23:06:51 +00:00
Dr. Stephen Henson
222f224664
Initialize SSL_METHOD structures at compile time. This removes the need
...
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-08-05 23:52:08 +00:00
Nils Larsch
4913b88f70
make
...
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make all test
work again (+ make update)
PR: 1159
2005-07-16 11:13:10 +00:00
Bodo Möller
c6c2e3135d
Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled
...
with the SSL_OP_NO_SSLv2 option.
2005-05-11 18:25:49 +00:00
Dr. Stephen Henson
6c61726b2a
Lots of Win32 fixes for DTLS.
...
1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.
2005-04-27 16:27:14 +00:00
Bodo Möller
480506bd49
remove some functions from exported headers
2005-04-26 18:18:35 +00:00
Bodo Möller
beb056b303
fix SSLerr stuff for DTLS1 code;
...
move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h";
fix silly indentation (a TAB is *not* always 4 spaces)
2005-04-26 18:08:00 +00:00
Ben Laurie
36d16f8ee0
Add DTLS support.
2005-04-26 16:02:40 +00:00
Andy Polyakov
3ed449e94a
More cover-ups, removing OPENSSL_GLOBAL/EXTERNS. We can remove more...
2005-04-13 21:46:30 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
0821bcd4de
Constification.
2005-03-30 10:26:02 +00:00
Geoff Thorpe
d095b68d63
Deprecate quite a few recursive includes from the ssl.h API header and
...
remove some unnecessary includes from the internal header ssl_locl.h. This
then requires adding includes for bn.h in four C files.
2004-05-17 18:53:47 +00:00
Geoff Thorpe
60a938c6bc
(oops) Apologies all, that last header-cleanup commit was from the wrong
...
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Richard Levitte
0020502a07
SSL_COMP_get_compression_method is a typo (a missing 's' at the end of
...
the symbol name).
2004-03-25 21:32:30 +00:00
Richard Levitte
875a644a90
Constify d2i, s2i, c2i and r2i functions and other associated
...
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Bodo Möller
41fdcfa71e
fix warnings
2002-08-09 11:58:28 +00:00
Bodo Möller
ea26226046
ECC ciphersuite support
...
Submitted by: Douglas Stebila <douglas.stebila@sun.com >
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
2002-08-09 08:56:08 +00:00
Bodo Möller
5574e0ed41
get rid of OpenSSLDie
2002-08-02 11:48:15 +00:00
Lutz Jänicke
063a8905bf
Ciphers with NULL encryption were not properly handled because they were
...
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
2002-07-10 06:41:55 +00:00
