Commit graph

45 commits

Author SHA1 Message Date
Geoff Thorpe
6f7ba4be1f Correct and enhance the behaviour of "internal" session caching as it
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.

Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.

PR: 311
2002-10-29 00:31:14 +00:00
Bodo Möller
265a9e2c5d get rid of OpenSSLDie 2002-08-02 11:47:24 +00:00
Lutz Jänicke
bca9dc2a51 OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
Submitted by:
Reviewed by:
PR:
2002-07-30 11:21:19 +00:00
Lutz Jänicke
acfe628b6e Make removal from session cache more robust. 2002-02-10 12:46:41 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Geoff Thorpe
b7727ee616 The indexes returned by ***_get_ex_new_index() functions are used when
setting stack (actually, array) values in ex_data. So only increment the
global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.
This change doesn't make "ex_data" right (see the comment at the head of
ex_data.c to know why), but at least makes the source code marginally less
frustrating.
2001-08-12 16:52:00 +00:00
Richard Levitte
c2a3358b60 Whoops, my fault, a backslash got converted to a slash... 2001-07-31 08:44:28 +00:00
Richard Levitte
882e891284 More Kerberos SSL changes from Jeffrey Altman <jaltman@columbia.edu>
His comments are:

First, it corrects a problem introduced in the last patch where the
kssl_map_enc() would intentionally return NULL for valid ENCTYPE
values.  This was done to prevent verification of the kerberos 5
authenticator from being performed when Derived Key ciphers were
in use.  Unfortunately, the authenticator verification routine was
not the only place that function was used.  And it caused core dumps.

Second, it attempt to add to SSL_SESSION the Kerberos 5 Client
Principal Name.
2001-07-31 07:21:06 +00:00
Geoff Thorpe
f85c9904c6 Fix an oversight - when checking a potential session ID for conflicts with
an SSL_CTX's session cache, it is necessary to compare the ssl_version at
the same time (a conflict is defined, courtesy of SSL_SESSION_cmp(), as a
matching id/id_length pair and a matching ssl_version). However, the
SSL_SESSION that will result from the current negotiation does not
necessarily have the same ssl version as the "SSL_METHOD" in use by the
SSL_CTX - part of the work in a handshake is to agree on an ssl version!

This is fixed by having the check function accept an SSL pointer rather
than the SSL_CTX it belongs to.

[Thanks to Lutz for illuminating the full extent of my stupidity]
2001-02-23 00:02:56 +00:00
Geoff Thorpe
dc644fe229 This change allows a callback to be used to override the generation of
SSL/TLS session IDs in a server. According to RFC2246, the session ID is an
arbitrary value chosen by the server. It can be useful to have some control
over this "arbitrary value" so as to choose it in ways that can aid in
things like external session caching and balancing (eg. clustering). The
default session ID generation is to fill the ID with random data.

The callback used by default is built in to ssl_sess.c, but registering a
callback in an SSL_CTX or in a particular SSL overrides this. BTW: SSL
callbacks will override SSL_CTX callbacks, and a new SSL structure inherits
any callback set in its 'parent' SSL_CTX. The header comments describe how
this mechanism ticks, and source code comments describe (hopefully) why it
ticks the way it does.

Man pages are on the way ...

[NB: Lutz was also hacking away and helping me to figure out how best to do
this.]
2001-02-21 18:06:26 +00:00
Geoff Thorpe
3c91484052 Move all the existing function pointer casts associated with LHASH's two
"doall" functions to using type-safe wrappers. As and where required, this
can be replaced by redeclaring the underlying callbacks to use the
underlying "void"-based prototypes (eg. if performance suffers from an
extra level of function invocation).
2001-01-09 00:24:38 +00:00
Geoff Thorpe
385d81380c First step in tidying up the LHASH code. The callback prototypes (and
casts) used in the lhash code are about as horrible and evil as they can
be. For starters, the callback prototypes contain empty parameter lists.
Yuck.

This first change defines clearer prototypes - including "typedef"'d
function pointer types to use as "hash" and "compare" callbacks, as well as
the callbacks passed to the lh_doall and lh_doall_arg iteration functions.
Now at least more explicit (and clear) casting is required in all of the
dependant code - and that should be included in this commit.

The next step will be to hunt down and obliterate some of the function
pointer casting being used when it's not necessary - a particularly evil
variant exists in the implementation of lh_doall.
2000-12-01 20:31:52 +00:00
Lutz Jänicke
0dd2254d76 Store verify_result with sessions to avoid potential security hole.
For the server side this was already done one year ago :-(
2000-11-29 16:04:38 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Ulf Möller
9d1a01be8f Source code cleanups: Use void * rather than char * in lhash,
eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
2000-01-30 22:20:28 +00:00
Bodo Möller
52732b38da Some comments added, and slight code clean-ups. 2000-01-26 22:36:55 +00:00
Dr. Stephen Henson
dd9d233e2a Tidy up CRYPTO_EX_DATA structures. 2000-01-23 23:41:49 +00:00
Ulf Möller
e7f97e2d22 Check RAND_bytes() return value or use RAND_pseudo_bytes(). 2000-01-21 01:15:56 +00:00
Bodo Möller
45fd4dbb84 Fix SSL_CTX_add_session: When two SSL_SESSIONs have the same ID,
they can sometimes be different memory structures.
1999-12-29 14:29:32 +00:00
Bodo Möller
1088e27ca8 Restore traditional SSL_get_session behaviour so that s_client and s_server
don't leak tons of memory.
1999-11-17 21:36:13 +00:00
Bodo Möller
b1fe6ca175 Store verify_result with sessions to avoid potential security hole. 1999-11-16 23:15:41 +00:00
Mark J. Cox
b7cfcfb7f8 This corrects the reference count handling in SSL_get_session.
Previously, the returned SSL_SESSION didn't have its reference count
incremented so the SSL_SESSION could be freed at any time causing
seg-faults if the pointer was subsequently used. Code that uses
SSL_get_session must now make a corresponding SSL_SESSION_free() call when
it is done to avoid memory leaks (or blocked up session caches).

Submitted By: Geoff Thorpe <geoff@eu.c2.net>
1999-11-15 16:31:31 +00:00
Bodo Möller
b1c4fe3625 Don't mix real tabs with tabs expanded as 8 spaces -- that's
a pain to read when using 4-space tabs.
1999-06-07 20:26:51 +00:00
Bodo Möller
bdc98ffba9 Don't use NULL-pointer :-/ 1999-05-23 16:19:08 +00:00
Bodo Möller
1dfad80565 Comment about bug. 1999-05-23 13:15:35 +00:00
Bodo Möller
8876bc0548 Let ssl_get_prev_session reliably work in multi-threaded settings. 1999-05-23 13:07:03 +00:00
Bodo Möller
9a193d8825 Avoid memory hole when we don't like the session proposed by the client 1999-05-23 10:43:46 +00:00
Bodo Möller
673eadec2c Additional, more descriptive error message for rejection of a session ID
because of missing session ID context (so that application programmers
are directly pointed to what they should do differently).
1999-05-17 11:15:49 +00:00
Bodo Möller
b56bce4fc7 New structure type SESS_CERT used instead of CERT inside SSL_SESSION.
While modifying the sources, I found some inconsistencies on the use of
s->cert vs. s->session->sess_cert; I don't know if those could
really have caused problems, but possibly this is a proper bug-fix
and not just a clean-up.
1999-05-13 15:09:38 +00:00
Bodo Möller
9d5cceac6f No actual change, but the cert_st member of struct ssl_session_st is now
called sess_cert instead of just cert.  This is in preparation of further
changes: Probably often when s->session->sess_cert is used, we should
use s->cert instead; s->session->sess_cert should be a new structure
containing only the stuff that is for just one connection (e.g.
the peer's certificate, which the SSL client implementations currently
store in s->session->[sess_]cert, which is a very confusing thing to do).
Submitted by:
Reviewed by:
PR:
1999-05-09 21:22:45 +00:00
Bodo Möller
0fda2e3788 Add "static" to function definition
Submitted by: Anonymous
Reviewed by:
PR:

Submitted by:
Reviewed by:
PR:
1999-05-01 00:18:54 +00:00
Dr. Stephen Henson
801294f873 Fix a couple of cases where an attempt is made to lock an already locked
mutex.
1999-04-29 22:25:52 +00:00
Ulf Möller
a9be3af5ad Remove NOPROTO definitions and error code comments. 1999-04-26 16:43:10 +00:00
Bodo Möller
ec577822f9 Change #include filenames from <foo.h> to <openssl.h>.
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Ulf Möller
6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Ben Laurie
c5db363e1b Fix some warnings. Contributed by Anonymous. 1999-04-16 18:13:27 +00:00
Ben Laurie
f73e07cf42 Add type-safe STACKs and SETs. 1999-04-12 17:23:57 +00:00
Bodo Möller
6d02d8e444 New option "-showcerts" for s_client
Slight cleanup in ssl/
1999-03-31 12:06:30 +00:00
Ben Laurie
b4cadc6e13 Fix security hole. 1999-03-22 12:22:14 +00:00
Ben Laurie
06ab81f9f7 Add support for new TLS export ciphersuites. 1999-02-21 20:03:24 +00:00
Mark J. Cox
413c4f45ed Updates to the new SSL compression code
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Fix so that the version number in the master secret, when passed
     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
     (because the server will not accept higher), that the version number
     is 0x03,0x01, not 0x03,0x00
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Submitted by:
Reviewed by:
PR:
1999-02-16 09:22:21 +00:00
Ben Laurie
e03ddfae7e Accept NULL in *_free. 1999-01-07 19:15:59 +00:00
Ralf S. Engelschall
dfeab0689f Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
Ralf S. Engelschall
58964a4922 Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00