Richard Levitte
79b42e7654
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Lutz Jänicke
919f8bcd21
Restructure make targets to allow parallel make.
...
Submitted by: Witold Filipczyk <witekfl@poczta.gazeta.pl>
PR: #513
2003-12-03 16:29:41 +00:00
Richard Levitte
3822740ce3
We're getting a clash with C++ because it has a type called 'list'.
...
Therefore, change all instances of the symbol 'list' to something else.
PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>
2003-11-29 10:25:37 +00:00
Richard Levitte
70ef9c5a3d
RSA_size() and DH_size() return the amount of bytes in a key, and we
...
compared it to the amount of bits required...
PR: 770
Submitted by: c zhang <czhang2005@hotmail.com>
2003-11-28 23:03:14 +00:00
Richard Levitte
4d8743f490
Netware-specific changes,
...
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
2003-11-28 13:10:58 +00:00
Geoff Thorpe
d8ec0dcf45
Avoid some shadowed variable names.
...
Submitted by: Nils Larsch
2003-11-04 00:51:32 +00:00
Geoff Thorpe
2754597013
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
...
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Dr. Stephen Henson
a08ced78c8
Avoid warnings: add missing prototype, don't shadow.
2003-10-10 23:07:24 +00:00
Richard Levitte
377dcdba44
Add functionality to get information on compression methods (not quite complete).
2003-10-06 12:18:39 +00:00
Richard Levitte
8242354952
Make sure int SSL_COMP_add_compression_method() checks if a certain
...
compression identity is already present among the registered
compression methods, and if so, reject the addition request.
Declare SSL_COMP_get_compression_method() so it can be used properly.
Change ssltest.c so it checks what compression methods are available
and enumerates them. As a side-effect, built-in compression methods
will be automagically loaded that way. Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.
Finally, make update.
Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().
2003-10-06 11:00:15 +00:00
Richard Levitte
f82ab534c6
Check for errors from SSL_COMP_add_compression_method().
...
Notified by Andrew Marlow <AMARLOW1@bloomberg.net>
2003-10-02 10:41:48 +00:00
Richard Levitte
f6e8c19ed1
Correct a mixup of return values
2003-10-02 10:38:44 +00:00
Richard Levitte
ba9f80c5d5
Have ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B.
...
PR: 679
2003-09-27 19:32:06 +00:00
Richard Levitte
e59659dc41
Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B.
...
PR: 680
2003-09-27 19:27:06 +00:00
Richard Levitte
253e893c2b
Include the instance in the Kerberos ticket information.
...
In s_server, print the received Kerberos information.
PR: 693
2003-09-27 17:55:13 +00:00
Richard Levitte
0e6c20da46
Free the Kerberos context upon freeing the SSL.
...
Contributed by Andrew Mann <amann@tccgi.com>
2003-09-27 07:35:07 +00:00
Geoff Thorpe
9ea72d3705
These should be write-locks, not read-locks.
2003-09-08 15:47:55 +00:00
Dr. Stephen Henson
14f3d7c5cc
Only accept a client certificate if the server requests
...
one, as required by SSL/TLS specs.
2003-09-03 23:47:34 +00:00
Bodo Möller
563c05e2dc
fix out-of-bounds check in lock_dbg_cb (was too lose to detect all
...
invalid cases)
PR: 674
2003-08-14 10:33:56 +00:00
Bodo Möller
643ecd2ed6
make sure no error is left in the queue that is intentionally ignored
2003-08-11 18:56:22 +00:00
Bodo Möller
968766cad8
updates for draft-ietf-tls-ecc-03.txt
...
Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller
2003-07-22 12:34:21 +00:00
Bodo Möller
ddc38679ce
tolerate extra data at end of client hello for SSL 3.0
...
PR: 659
2003-07-21 15:17:46 +00:00
Lutz Jänicke
f65a75786b
Fix ordering of compare functions: strncmp() must be used first, a
...
the cipher name in the list is not guaranteed to be at least "buflen"
long.
PR: 567
Submitted by: "Matt Harren" <matth@cs.berkeley.edu>
2003-04-08 06:31:36 +00:00
Richard Levitte
3ae70939ba
Correct a lot of printing calls. Remove extra arguments...
2003-04-03 23:39:48 +00:00
Richard Levitte
c4d00669a0
Let's limit the extent of the definition of _XOPEN_SOURCE.
2003-03-25 21:17:28 +00:00
Bodo Möller
33b34a9d8f
remove patch ID (which is supposed to appear in patched variants of
...
old OpenSSL releases, but not in new releases)
2003-03-21 13:11:14 +00:00
Bodo Möller
02da5bcd83
countermeasure against new Klima-Pokorny-Rosa atack
2003-03-19 19:19:53 +00:00
Bodo Möller
176f31ddec
- new ECDH_compute_key interface (KDF is no longer a fixed built-in)
...
- bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary
2003-02-28 15:37:10 +00:00
Bodo Möller
57376542a0
use tabs for indentation, not spaces
2003-02-28 15:07:10 +00:00
Ulf Möller
66ecdf3bfb
more mingw related cleanups.
2003-02-22 18:00:14 +00:00
Richard Levitte
5b0b0e98ce
Security fix: Vaudenay timing attack on CBC.
...
An advisory will be posted to the web. Expect a release within the hour.
2003-02-19 12:03:59 +00:00
Geoff Thorpe
4879ec7bf3
Session cache implementations shouldn't have to access SSL_SESSION
...
elements directly, so this missing functionality is required.
PR: 276
2003-02-15 20:38:57 +00:00
Richard Levitte
85d686e723
Make it possible to disable OCSP, the speed application, and the use of sockets.
...
PR: 358
2003-02-14 01:02:58 +00:00
Dr. Stephen Henson
cf56663fb7
Option to disable SSL auto chain build
2003-02-12 17:06:02 +00:00
Bodo Möller
ea513641d0
comments
2003-02-12 14:17:41 +00:00
Bodo Möller
0e9035ac98
SSL_add_dir_cert_subjects_to_stack now exists for WIN32
2003-02-05 16:40:29 +00:00
Richard Levitte
5d780babe3
A few small bugs with BIO popping.
...
PR: 364
2003-01-30 21:49:12 +00:00
Richard Levitte
0b13e9f055
Add the possibility to build without the ENGINE framework.
...
PR: 287
2003-01-30 17:39:26 +00:00
Richard Levitte
2e60ea7634
Fix a memory leak in SSL.
...
PR: 477
2003-01-30 11:00:34 +00:00
Richard Levitte
28b958f732
Fix possible NULL dereferencial.
...
Notified by Verdon Walker <VWalker@novell.com>
2003-01-16 06:00:55 +00:00
Lutz Jänicke
8ec16ce711
Really fix SSLv2 session ID handling
...
PR: 377
2003-01-15 09:51:22 +00:00
Lutz Jänicke
21cde7a41c
Fix wrong handling of session ID in SSLv2 client code.
...
PR: 377
2002-12-29 20:59:35 +00:00
Richard Levitte
5e42f9ab46
make update
2002-12-29 01:38:15 +00:00
Lutz Jänicke
ea8e0cc7c2
Some more adjustments
...
Submitted by: Jeffrey Altman <jaltman@columbia.edu>, "Kenneth R. Robinette" <support@securenetterm.com>
2002-12-24 21:55:57 +00:00
Richard Levitte
8d6ad9e39d
Stop a possible memory leak.
...
(I wonder why s2_connect() handles the initial buffer allocation slightly
differently...)
PR: 416
2002-12-21 23:49:21 +00:00
Lutz Jänicke
1004c99c29
Fix Kerberos5/SSL interaction
...
Submitted by: "Kenneth R. Robinette" <support@securenetterm.com>
Reviewed by:
PR:
2002-12-20 12:48:00 +00:00
Richard Levitte
9cd16b1dea
We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies,
...
and then didn't support it very well. And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...
2002-12-19 22:10:12 +00:00
Richard Levitte
09867a47a4
If _XOPEN_SOURCE_EXTENDED or _XOPEN_SOURCE are defined, _POSIX_C_SOURCE gets
...
defined in DECC$TYPES.H. If _POSIX_C_SOURCE is defined, certain types do
not get defined (u_char, u_int, ...). DECC.H gets included by assert.h
and others. Now, in6.h uses the types u_char, u_int and so on, and gets
included as part of other header inclusions, and will of course fail because
of the missing types.
On the other hand, _XOPEN_SOURCE_EXTENDED is needed to get gethostname()
properly declared...
Solution: define _XOPEN_SOURCE_EXTENDED much later, so DECC$TYPES.H has
a chance to be included *first*, so the otherwise missing types get defined
properly.
Personal: *mumble* *mumble*
2002-12-19 19:39:30 +00:00
Richard Levitte
f70ddce761
Protect loading routines with a lock.
...
PR: 373
2002-12-16 06:06:03 +00:00
Geoff Thorpe
e9224c7177
This is a first-cut at improving the callback mechanisms used in
...
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.
This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing. The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones. The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.
There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
2002-12-08 05:24:31 +00:00
Geoff Thorpe
e90e719739
Fix a warning, and do some constification as a lucky side-effect :-)
2002-12-08 05:19:43 +00:00
Richard Levitte
7ba666fa0e
Since it's defined in draft-ietf-tls-compression-04.txt, let's make
...
ZLIB a known compression method, with the identity 1.
2002-12-08 02:41:11 +00:00
Richard Levitte
4fbe40c54f
gethostname() is more a BSD feature than an XOPEN one.
...
PR: 379
2002-12-04 22:48:01 +00:00
Richard Levitte
e7a285694e
define USE_SOCKETS so sys/param.h gets included (and thusly, MAXHOSTNAMELEN
...
gets defined).
PR: 371
2002-12-02 22:49:02 +00:00
Richard Levitte
43d601641f
A few more memset()s converted to OPENSSL_cleanse().
...
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
2002-11-29 11:30:45 +00:00
Richard Levitte
55f78baf32
Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
...
always give the expected result on some platforms.
2002-11-28 18:54:30 +00:00
Richard Levitte
4579924b7e
Cleanse memory using the new OPENSSL_cleanse() function.
...
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Richard Levitte
31be2daa06
Small bugfixes to the KSSL implementation.
...
PR: 349
2002-11-26 10:09:36 +00:00
Richard Levitte
d020e701bb
Typo. OPENSSL_NO_ECDH, not NO_OPENSSL_ECDH
2002-11-22 08:40:34 +00:00
Lutz Jänicke
6a8afe2201
Fix bug introduced by the attempt to fix client side external session
...
caching (#288 ): now internal caching failed (#351 ):
Make sure, that cipher_id is set before comparing.
Submitted by:
Reviewed by:
PR: 288 (and 351)
2002-11-20 10:48:58 +00:00
Bodo Möller
1e3a9b650f
allocate bio_err before memory debugging is enabled to avoid memory leaks
...
(we can't release it before the CRYPTO_mem_leaks() call!)
Submitted by: Nils Larsch
2002-11-19 11:56:05 +00:00
Richard Levitte
0bf23d9b20
WinCE patches
2002-11-15 22:37:18 +00:00
Lutz Jänicke
c566205319
The pointer to the cipher object is not yet set, when session was reloaded
...
from external cache (using d2i_SSL_SESSION). Perform comparison based on
the cipher's id instead.
Submitted by: Steve Haslam <araqnid@innocent.com>
Reviewed by:
PR: 288
2002-11-15 10:53:33 +00:00
Richard Levitte
0a5942093e
We need to read one more byte of the REQUEST-CERTIFICATE message.
...
PR: 300
2002-11-15 09:15:55 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Bodo Möller
896e4fef30
avoid Purify warnings
...
Submitted by: Nils Larsch
2002-11-05 13:54:41 +00:00
Bodo Möller
5e3247d8bc
fix typo
2002-11-05 10:54:40 +00:00
Richard Levitte
b6d0defb98
Remove all referenses to RSAref, since that's been gone for more than
...
a year.
2002-10-31 16:46:52 +00:00
Bodo Möller
259cdf2af9
Sun has agreed to removing the covenant language from most files.
...
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
2002-10-29 10:59:32 +00:00
Geoff Thorpe
e0db2eed8d
Correct and enhance the behaviour of "internal" session caching as it
...
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.
Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.
PR: 311
2002-10-29 00:33:04 +00:00
Bodo Möller
00a357ab20
increase permissible message length so that we can handle
...
CertificateVerify for 4096 bit RSA signatures
2002-10-28 15:45:51 +00:00
Richard Levitte
28c8a911bd
Typos.
...
PR: 189
2002-10-15 20:30:56 +00:00
Richard Levitte
437d1ed49f
Typos.
...
PR: 189
2002-10-15 20:29:09 +00:00
Richard Levitte
677532629d
makedepend complains when a header file is included more than once in
...
the same source file.
2002-10-14 10:02:36 +00:00
Richard Levitte
ef0baf60aa
Typo
2002-10-10 08:32:39 +00:00
Richard Levitte
7ba3a4c3d2
RFC 2712 redefines the codes for use of Kerberos 5 in SSL/TLS.
...
PR: 189
2002-10-10 07:59:03 +00:00
Richard Levitte
001ab3abad
Use double dashes so makedepend doesn't misunderstand the flags we
...
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Bodo Möller
929f116733
fix more race conditions
...
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
2002-09-26 15:52:34 +00:00
Lutz Jänicke
ba5ba5490d
Add missing brackets.
...
Submitted by: "Chris Brook" <cbrook@v-one.com>
2002-09-25 20:19:04 +00:00
Bodo Möller
b8565a9af9
really fix race conditions
...
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
PR: 291
2002-09-25 15:38:57 +00:00
Bodo Möller
e78f137899
really fix race condition
...
PR: 262
2002-09-23 14:25:07 +00:00
Bodo Möller
a4f53a1c73
there is no minimum length for session IDs
...
PR: 274
2002-09-19 11:44:07 +00:00
Bodo Möller
a90ae02454
fix race condition
...
PR: 262
2002-09-19 11:26:45 +00:00
Lutz Jänicke
82a20fb0f0
Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb().
...
Submitted by:
Reviewed by:
PR: 212
2002-08-16 17:04:04 +00:00
Bodo Möller
52c29b7b99
use correct function code in error message
2002-08-15 16:17:20 +00:00
Richard Levitte
265e892fed
Sometimes, the value of the variable containing the compiler call can
...
become rather large. This becomes a problem when the default 1024
character large buffer that WRITE uses isn't enough. WRITE/SYMBOL
uses a 2048 byte large buffer instead.
2002-08-15 08:28:38 +00:00
Richard Levitte
90f5a2b6fe
Instead of returning errors when certain flags are unusable, just ignore them.
...
That will make the test go through even if DH (or in some cases ECDH) aren't
built into OpenSSL.
PR: 216, part 2
2002-08-14 12:16:27 +00:00
Bodo Möller
aa1e56b0b9
remove comment
...
Submitted by: Douglas Stebila
2002-08-12 08:54:40 +00:00
Bodo Möller
7ef524ea1c
remove debug messages
...
Submitted by: Douglas Stebila
2002-08-12 08:52:23 +00:00
Bodo Möller
0c7141a343
fix comment
...
Submitted by: Douglas Stebila
2002-08-12 08:51:30 +00:00
Bodo Möller
5488bb6197
get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)
...
Submitted by: Nils Larsch
2002-08-12 08:47:41 +00:00
Bodo Möller
74cc4903ef
make update
2002-08-09 12:16:15 +00:00
Bodo Möller
41fdcfa71e
fix warnings
2002-08-09 11:58:28 +00:00
Bodo Möller
ea26226046
ECC ciphersuite support
...
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
2002-08-09 08:56:08 +00:00
Bodo Möller
db4f691f9f
oops -- must use EVP_MD_size, not EVP_MD_block_size
2002-08-03 18:49:39 +00:00
Bodo Möller
5574e0ed41
get rid of OpenSSLDie
2002-08-02 11:48:15 +00:00
Richard Levitte
e70a39830c
Make sure to use $(MAKE) everywhere instead of make.
...
Part of PR 181
2002-07-31 13:49:06 +00:00
Lutz Jänicke
dd7ab82e75
Typo.
...
Submitted by: Jeffrey Altman <jaltman@columbia.edu>
Reviewed by:
PR: 169
2002-07-30 13:36:31 +00:00
Lutz Jänicke
c046fffa16
OpenSSL Security Advisory [30 July 2002]
...
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
2002-07-30 13:04:04 +00:00
Lutz Jänicke
3aecef7697
"make update"
2002-07-30 12:44:33 +00:00
Lutz Jänicke
c6ccf055ba
New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT.
...
Submitted by:
Reviewed by:
PR: 127
2002-07-19 19:55:34 +00:00
Bodo Möller
5dbd3efce7
Replace 'ecdsaparam' commandline utility by 'ecparam'
...
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.
Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.
Fix ec_asn1.c (take into account the desired conversion form).
'make update'.
Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Lutz Jänicke
7b63c0fa8c
Reorder inclusion of header files:
...
des_old.h redefines crypt:
#define crypt(b,s)\
DES_crypt((b),(s))
This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
2002-07-10 07:01:54 +00:00
Lutz Jänicke
063a8905bf
Ciphers with NULL encryption were not properly handled because they were
...
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
2002-07-10 06:41:55 +00:00
Bodo Möller
d1d0be3cd2
emtpy fragments are not necessary for SSL_eNULL
...
(but noone uses it anyway)
fix t1_enc.c: use OPENSSL_NO_RC4, not NO_RC4
2002-07-09 08:49:09 +00:00
Bodo Möller
ea4f109c99
AES cipher suites are now official (RFC3268)
2002-07-04 08:51:09 +00:00
Richard Levitte
17085b022c
Pass CFLAG to dependency makers, so non-standard system include paths are
...
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Bodo Möller
c21506ba02
New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
...
vulnerability workaround (included in SSL_OP_ALL).
PR: #90
2002-06-14 12:21:11 +00:00
Richard Levitte
b2c04539a1
Merge from 0.9.7-stable.
2002-06-06 07:22:33 +00:00
Richard Levitte
a9a025d08c
Recover from errors
2002-05-23 23:31:22 +00:00
Richard Levitte
b935754cb0
Allow the use of the TCP/IP stack keyword TCPIP and NONE
2002-05-22 11:37:20 +00:00
Bodo Möller
98a9092af1
Fix ciphersuite list to enforce low priority for RC4.
2002-05-07 08:36:26 +00:00
Bodo Möller
87108f5af9
ensure that, for each strength, RC4 ciphers have least preference
...
in the default ciphersuite list
2002-05-07 07:59:35 +00:00
Bodo Möller
f257d984b7
refer to latest draft for AES ciphersuites
2002-05-07 07:55:36 +00:00
Bodo Möller
b889d6a8e8
fix warning
2002-05-06 10:44:59 +00:00
Bodo Möller
a4f576a378
disable AES ciphersuites unless explicitly requested
2002-05-05 23:44:27 +00:00
Bodo Möller
3def5a010e
fix casts
2002-05-05 23:00:28 +00:00
Bodo Möller
b52f3818f4
undo nonsense patch (r *is* signed or we have signedness mismatches elsewhere)
2002-04-29 11:03:06 +00:00
Richard Levitte
cc12975514
Fix unsigned vs. signed clash
2002-04-29 10:29:38 +00:00
Richard Levitte
9738f395c6
Synchronise with 0.9.7-stable.
2002-04-29 10:28:29 +00:00
Richard Levitte
d4294c8984
Synchronise with 0.9.7-stable.
2002-04-29 10:19:19 +00:00
Richard Levitte
8b07f23c30
Signedness mismatch.
...
Notified by Bernd Matthes <bernd.matthes@gemplus.com>
2002-04-20 10:23:19 +00:00
Richard Levitte
6176df94ed
Make sure the opened directory is closed on exit.
...
Notified by Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>
2002-04-18 16:20:13 +00:00
Bodo Möller
2fb3f002d0
fix length field we create when converting SSL 2.0 format into SSL 3.0/TLS 1.0 format
...
(the bug was introduced with message callback support)
2002-04-14 13:05:15 +00:00
Bodo Möller
82b0bf0b87
Implement known-IV countermeasure.
...
Fix length checks in ssl3_get_client_hello().
Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-04-13 22:47:20 +00:00
Lutz Jänicke
11c26ecf81
Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>).
2002-03-19 16:42:09 +00:00
Dr. Stephen Henson
611ba3f4a1
Initialize ciph_ctx in kssl.c
2002-03-19 01:28:00 +00:00
Bodo Möller
304d90425f
fix ssl3_pending
2002-03-15 10:52:32 +00:00
Lutz Jänicke
bfaa8a89e1
Add missing strength entries.
2002-03-14 18:53:15 +00:00
Dr. Stephen Henson
de941e289e
Initialize cipher context in KRB5
...
("D. Russell" <russelld@aol.net>)
Allow HMAC functions to use an alternative ENGINE.
2002-03-14 18:22:23 +00:00
Bodo Möller
234c73767d
use BIO_nwrite() more properly to demonstrate the general idea of
...
BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not
in general)
2002-03-14 09:48:54 +00:00
Dr. Stephen Henson
497810cae7
Undo previous patch: avoid warnings by #undef'ing
...
duplicate definitions.
Suggested by "Kenneth R. Robinette" <support@securenetterm.com>
2002-03-13 13:59:38 +00:00
Dr. Stephen Henson
cbc9d9713d
Fix Kerberos warnings with VC++.
2002-03-12 19:37:18 +00:00
Dr. Stephen Henson
98fa4fe8c5
Fix ASN1 additions for KRB5
2002-03-12 13:32:35 +00:00
Dr. Stephen Henson
0b4c91c0fc
Fix various warnings when compiling with KRB5 code.
2002-03-12 02:59:37 +00:00
Bodo Möller
9437fef8cc
use ERR_peek_last_error() instead of ERR_peek_error()
2002-02-28 14:07:37 +00:00
Richard Levitte
26414ee013
Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated
2002-02-28 12:42:19 +00:00
Bodo Möller
023ec151df
Add 'void *' argument to app_verify_callback.
...
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:52:56 +00:00
Lutz Jänicke
d62bfb39cd
Fix the fix (Yoram Zahavi)...
2002-02-27 11:23:05 +00:00
Lutz Jänicke
334f1842fc
Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi).
2002-02-26 21:40:09 +00:00
Dr. Stephen Henson
3a3ca3f515
Fix for AIX.
...
Submitted by Dawn Whiteside <dwhitesi@tiercel.uwaterloo.ca>
2002-02-22 21:26:25 +00:00
Bodo Möller
4d94ae00d5
ECDSA support
...
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Lutz Jänicke
acfe628b6e
Make removal from session cache more robust.
2002-02-10 12:46:41 +00:00
Lutz Jänicke
4de920c91d
Do not store unneeded data.
2002-02-08 15:15:04 +00:00
Bodo Möller
8c74b5e56c
Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'
...
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
2002-01-14 23:40:26 +00:00
Bodo Möller
c59ba5b528
Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if
...
the SSL_R_LENGTH_MISMATCH error is detected.
2002-01-14 12:37:59 +00:00
Ben Laurie
45d87a1ffe
Prototype info function.
2002-01-12 15:56:13 +00:00
Ben Laurie
a3feb21bbe
Add client_cert_cb prototype.
2002-01-12 13:15:40 +00:00
Ulf Möller
dcbbf83dba
ssl3_read_bytes bug fix
...
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
2001-12-28 17:14:35 +00:00
Bodo Möller
4d7072f4b5
remove redundant ERR_load_... declarations
2001-12-17 19:22:23 +00:00