wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7447 commits 20 branches 302 tags 153 MiB
Commit graph

749 commits

Author SHA1 Message Date
Dr. Stephen Henson
54f51116b2 Update from HEAD. 2005-09-30 23:38:20 +00:00
Dr. Stephen Henson
daa657fb78 Fix from HEAD. 2005-09-21 00:57:28 +00:00
Nils Larsch
7f622f6c04 fix warnings when building openssl with (gcc 3.3.1): 
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
-Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
-Wstrict-prototypes -Wreturn-type -Wpointer-arith  -W -Wunused
-Wno-unused-parameter -Wuninitialized
 2005-08-28 23:20:52 +00:00
Ben Laurie
801136bcc2 Fix warnings. 2005-08-27 12:05:23 +00:00
Nils Larsch
3c0e39c539 Keep cipher lists sorted in the source instead of sorting them at 
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.
 2005-08-25 07:43:04 +00:00
Nils Larsch
cd9911fdf8 initialize cipher/digest methods table in SSL_library_init() and hence remove the need for a lock 2005-08-21 23:06:51 +00:00
Nils Larsch
cf1546a60e a ssl object needs it's own instance of a ecdh key; remove obsolete comment 2005-08-08 19:39:29 +00:00
Nils Larsch
e7eec05af0 fix typo 2005-08-08 19:26:35 +00:00
Dr. Stephen Henson
222f224664 Initialize SSL_METHOD structures at compile time. This removes the need 
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
 2005-08-05 23:52:08 +00:00
Andy Polyakov
2d54cc69c9 WCE update, mostly typos [from HEAD]. 2005-08-03 20:04:05 +00:00
Nils Larsch
3de6d65ea3 improved error checking and some fixes 
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
 2005-07-26 20:55:17 +00:00
Nils Larsch
4913b88f70 make 
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
	make all test
work again (+ make update)

PR: 1159
 2005-07-16 11:13:10 +00:00
Ben Laurie
910d193029 Did you know it was wrong to use a char as an array index? 2005-06-28 13:27:53 +00:00
Andy Polyakov
beae6324e5 Eliminate dependency on UNICODE macro. 2005-06-27 21:21:12 +00:00
Richard Levitte
a50a2126cf DCC doesn't like argument names in returned function pointers. 
PR: 1122
 2005-06-23 21:35:20 +00:00
Richard Levitte
c58a1f76f8 Do not undefine _XOPEN_SOURCE. This is currently experimental, and 
will be firmed up as soon as it's been verified not to break anything.
 2005-06-16 22:19:14 +00:00
Nils Larsch
cac0d4ee6f - let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an 
error if the cipher list is empty
- fix last commit in ssl_create_cipher_list
- clean up ssl_create_cipher_list
 2005-06-10 19:51:16 +00:00
Nils Larsch
898d3ecce0 use "=" instead of "|=", fix typo 2005-06-08 22:20:24 +00:00
Nils Larsch
4e2a0e58f2 ssl_create_cipher_list should return an error if no cipher could be 
collected (see SSL_CTX_set_cipher_list manpage). Fix handling of
"cipher1+cipher2" expressions in ssl_cipher_process_rulestr

PR: 836 + 1005
 2005-06-08 21:13:52 +00:00
Richard Levitte
0fb4d54068 Further change pq_compat.h to generate the flag macros PQ_64BIT_IS_INTEGER 
and PQ_64BIT_IS_BIGNUM with the values 0 (for false) and 1 (for true),
depending on which is true.  Use those flags everywhere else to provide
the correct implementation for handling certain operations in q PQ_64BIT.
 2005-06-06 00:32:30 +00:00
Richard Levitte
d28b7799dd handshake_write_seq is an unsigned short, so treat it like one 2005-06-02 17:26:17 +00:00
Nils Larsch
7ea61df414 clear error queue on success and return NULL if cert could be read 
PR: 1088
 2005-06-01 08:31:22 +00:00
Richard Levitte
335ed97263 Synchronise more with the Unix build 2005-05-31 20:28:55 +00:00
Richard Levitte
3d37d5e24a Forgottent make update. These files will be retagged. 2005-05-30 23:20:32 +00:00
Richard Levitte
e2ac4732cd pqueue and dtls uses 64-bit values. Unfortunately, OpenSSL doesn't 
have a uniform representation for those over all architectures, so a
little bit of hackery is needed.

Contributed by nagendra modadugu <nagendra@cs.stanford.edu>
 2005-05-30 22:34:28 +00:00
Richard Levitte
e96025755d We have some source with \r\n as line ends. DEC C informs about that, 
and I really can't be bothered...
 2005-05-29 12:13:20 +00:00
Richard Levitte
dd890f0776 make update 2005-05-24 03:39:37 +00:00
Dr. Stephen Henson
69762c75fa Fix WIN32+KRB5 issues. 2005-05-23 00:32:55 +00:00
Richard Levitte
b9927cfa2d When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in 
http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html.

Notified by David Wolfe <dwolfe5272@yahoo.com>
 2005-05-21 17:39:53 +00:00
Andy Polyakov
ce92b6eb9c Further BUILDENV refinement, further fool-proofing of Makefiles and 
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342.
 2005-05-16 16:55:47 +00:00
Nils Larsch
9dd8405341 ecc api cleanup; summary: 
- hide the EC_KEY structure definition in ec_lcl.c + add
  some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
  attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
  additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
 2005-05-16 10:11:04 +00:00
Andy Polyakov
81a86fcf17 Fool-proofing Makefiles 2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
f795123c4a Fix from stable branch. 2005-05-12 22:39:42 +00:00
Bodo Möller
3f19bbf4e3 fix msg_callback() arguments for SSL 2.0 compatible client hello 
(previous revision got this wrong)
 2005-05-12 06:24:25 +00:00
Bodo Möller
c6c2e3135d Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled 
with the SSL_OP_NO_SSLv2 option.
 2005-05-11 18:25:49 +00:00
Nils Larsch
35e8510e60 use 'p' as conversion specifier for printf to avoid truncation of 
pointers on 64 bit platforms. Patch supplied by Daniel Gryniewicz
via Mike Frysinger <vapier@gentoo.org>.

PR: 1064
 2005-05-10 11:55:28 +00:00
Nils Larsch
8b15c74018 give EC_GROUP_new_by_nid a more meanigful name: 
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
 2005-05-10 11:37:47 +00:00
Bodo Möller
fbeaa3c47d Update util/ck_errf.pl script, and have it run automatically 
during "make errors" and thus during "make update".

Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
 2005-05-09 00:27:37 +00:00
Nils Larsch
7dc17a6cf0 give EC_GROUP_*_nid functions a more meaningful name 
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
	EC_GROUP_set_nid -> EC_GROUP_set_curve_name
 2005-05-08 22:09:12 +00:00
Nils Larsch
9e5790ce21 backport fix from the stable branch 2005-05-03 10:00:16 +00:00
Nils Larsch
7c7667b86b check return value of RAND_pseudo_bytes; backport from the stable branch 2005-04-29 20:10:06 +00:00
Dr. Stephen Henson
6c61726b2a Lots of Win32 fixes for DTLS. 
1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.
 2005-04-27 16:27:14 +00:00
Bodo Möller
aa4ce7315f Fix various incorrect error function codes. 
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
 2005-04-26 18:53:22 +00:00
Bodo Möller
480506bd49 remove some functions from exported headers 2005-04-26 18:18:35 +00:00
Bodo Möller
0d5ea7613e make update 2005-04-26 18:09:21 +00:00
Bodo Möller
beb056b303 fix SSLerr stuff for DTLS1 code; 
move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h";
fix silly indentation (a TAB is *not* always 4 spaces)
 2005-04-26 18:08:00 +00:00
Dr. Stephen Henson
4e321ffaff Fixes for signed/unsigned warnings and shadows. 2005-04-26 17:43:53 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00
Nils Larsch
965a1cb92e change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible 2005-04-23 10:11:16 +00:00
Dr. Stephen Henson
384dba6edb Make kerberos ciphersuite code compile again. 
Avoid more shadow warnings.
 2005-04-20 21:48:48 +00:00
Andy Polyakov
3ed449e94a More cover-ups, removing OPENSSL_GLOBAL/EXTERNS. We can remove more... 2005-04-13 21:46:30 +00:00
Dr. Stephen Henson
29dc350813 Rebuild error codes. 2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
Dr. Stephen Henson
0858b71b41 Make kerberos ciphersuite code work with newer header files 2005-04-09 23:55:55 +00:00
Richard Levitte
d9bfe4f97c Added restrictions on the use of proxy certificates, as they may pose 
a security threat on unexpecting applications.  Document and test.
 2005-04-09 16:07:12 +00:00
Nils Larsch
dc0ed30cfe add support for DER encoded private keys to SSL_CTX_use_PrivateKey_file() 
and SSL_use_PrivateKey_file()

PR: 1035
Submitted by: Walter Goulet
Reviewed by:  Nils Larsch
 2005-04-08 22:52:42 +00:00
Nils Larsch
6049399baf get rid of very buggy and very imcomplete DH cert support 
Reviewed by: Bodo Moeller
 2005-04-07 23:19:17 +00:00
Nils Larsch
48c832b6b7 really clear the error queue here 
PR: 860
 2005-04-01 17:50:09 +00:00
Nils Larsch
f3e427f6f9 use SSL3_VERSION_MAJOR instead of SSL3_VERSION etc. 
PR: 658
 2005-04-01 17:35:32 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329 Blow away Makefile.ssl. 2005-03-30 13:05:57 +00:00
Ben Laurie
0821bcd4de Constification. 2005-03-30 10:26:02 +00:00
Dr. Stephen Henson
59b6836ab2 Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and 
client random values.
 2005-03-22 14:11:06 +00:00
Nils Larsch
f4bfd357e5 some const fixes 2005-03-20 22:56:07 +00:00
Richard Levitte
a963395a7b Apparently, at least with my VMS C environment, defining _XOPEN_SOURCE 
gets _POSIX_C_SOURC and _ANSI_C_SOURCE defined, which stops u_int from
being defined, and that breaks havock into the rest of the standard
headers...  *sigh*
 2005-01-19 17:03:07 +00:00
Richard Levitte
d8863f0bdb Small thing. It seems like we have to defined _XOPEN_SOURCE to get 
isascii() on DEC/Compaq/HP C for VMS.
 2005-01-18 16:46:02 +00:00
Richard Levitte
a7201e9a1b Changes concering RFC 3820 (proxy certificates) integration: 
- Enforce that there should be no policy settings when the language
   is one of id-ppl-independent or id-ppl-inheritAll.
 - Add functionality to ssltest.c so that it can process proxy rights
   and check that they are set correctly.  Rights consist of ASCII
   letters, and the condition is a boolean expression that includes
   letters, parenthesis, &, | and ^.
 - Change the proxy certificate configurations so they get proxy
   rights that are understood by ssltest.c.
 - Add a script that tests proxy certificates with SSL operations.

Other changes:

 - Change the copyright end year in mkerr.pl.
 - make update.
 2005-01-17 17:06:58 +00:00
Richard Levitte
c4d423511a Small typo, `mask' got the same value ORed to it twice instead of 
`mask' and `emask' getting that operation done once each.

Patch supplied by Nils Larsch <nils.larsch@cybertrust.com>
 2005-01-12 16:40:48 +00:00
Richard Levitte
a2ac429da2 Don't use $(EXHEADER) directly in for loops, as most shells will break 
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
 2004-11-02 23:55:01 +00:00
Dr. Stephen Henson
c284f20f00 Fix race condition when SSL ciphers are initialized. 2004-10-25 11:14:16 +00:00
Dr. Stephen Henson
5d7c222db8 New X509_VERIFY_PARAM structure and associated functionality. 
This tidies up verify parameters and adds support for integrated policy
checking.

Add support for policy related command line options. Currently only in smime
application.

WARNING: experimental code subject to change.
 2004-09-06 18:43:01 +00:00
Richard Levitte
d28f7bc74d make update 2004-07-10 13:18:23 +00:00
Richard Levitte
4083a229b4 Use the new directory reading functions. 2004-07-10 13:17:16 +00:00
Richard Levitte
6713a4835f Move some COMP functions to be inside the #ifndef OPENSSL_NO_COMP 
wrapping preprocessor directive.  This also removes a duplicate
declaration.
 2004-05-20 23:47:57 +00:00
Geoff Thorpe
9c52d2cc75 After the latest round of header-hacking, regenerate the dependencies in 
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
 2004-05-17 19:26:06 +00:00
Geoff Thorpe
d095b68d63 Deprecate quite a few recursive includes from the ssl.h API header and 
remove some unnecessary includes from the internal header ssl_locl.h. This
then requires adding includes for bn.h in four C files.
 2004-05-17 18:53:47 +00:00
Dr. Stephen Henson
4843acc868 Fixes so alerts are sent properly in s3_pkt.c 
PR: 851
 2004-05-15 17:55:07 +00:00
Geoff Thorpe
bcfea9fb25 Allow RSA key-generation to specify an arbitrary public exponent. Jelte 
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.

PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe
 2004-04-26 15:31:35 +00:00
Geoff Thorpe
c57bc2dc51 make update 2004-04-19 18:33:41 +00:00
Geoff Thorpe
60a938c6bc (oops) Apologies all, that last header-cleanup commit was from the wrong 
tree. This further reduces header interdependencies, and makes some
associated cleanups.
 2004-04-19 18:09:28 +00:00
Richard Levitte
0020502a07 SSL_COMP_get_compression_method is a typo (a missing 's' at the end of 
the symbol name).
 2004-03-25 21:32:30 +00:00
Dr. Stephen Henson
4e8172d6da Avoid warnings. 2004-03-16 13:51:11 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated 
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
 2004-03-15 23:15:26 +00:00
Richard Levitte
1fb724449d make update 2004-01-28 18:38:33 +00:00
Lutz Jänicke
344e86645d unintptr_t and <inttypes.h> are not strictly portable with respect to 
ANSI C 89.
Undo change to maintain compatibility.
 2004-01-04 17:53:21 +00:00
Richard Levitte
5fdf06666c Avoid including cryptlib.h, it's not really needed. 
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 16:10:30 +00:00
Richard Levitte
79b42e7654 Use sh explicitely to run point.sh 
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 14:59:07 +00:00
Lutz Jänicke
919f8bcd21 Restructure make targets to allow parallel make. 
Submitted by: Witold Filipczyk <witekfl@poczta.gazeta.pl>

PR: #513
 2003-12-03 16:29:41 +00:00
Richard Levitte
3822740ce3 We're getting a clash with C++ because it has a type called 'list'. 
Therefore, change all instances of the symbol 'list' to something else.

PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>
 2003-11-29 10:25:37 +00:00
Richard Levitte
70ef9c5a3d RSA_size() and DH_size() return the amount of bytes in a key, and we 
compared it to the amount of bits required...
PR: 770
Submitted by: c zhang <czhang2005@hotmail.com>
 2003-11-28 23:03:14 +00:00
Richard Levitte
4d8743f490 Netware-specific changes, 
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
 2003-11-28 13:10:58 +00:00
Geoff Thorpe
d8ec0dcf45 Avoid some shadowed variable names. 
Submitted by: Nils Larsch
 2003-11-04 00:51:32 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. 
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
 2003-10-29 20:24:15 +00:00
Dr. Stephen Henson
a08ced78c8 Avoid warnings: add missing prototype, don't shadow. 2003-10-10 23:07:24 +00:00
Richard Levitte
377dcdba44 Add functionality to get information on compression methods (not quite complete). 2003-10-06 12:18:39 +00:00
Richard Levitte
8242354952 Make sure int SSL_COMP_add_compression_method() checks if a certain 
compression identity is already present among the registered
compression methods, and if so, reject the addition request.

Declare SSL_COMP_get_compression_method() so it can be used properly.

Change ssltest.c so it checks what compression methods are available
and enumerates them.  As a side-effect, built-in compression methods
will be automagically loaded that way.  Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.

Finally, make update.

Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().
 2003-10-06 11:00:15 +00:00
Richard Levitte
f82ab534c6 Check for errors from SSL_COMP_add_compression_method(). 
Notified by Andrew Marlow <AMARLOW1@bloomberg.net>
 2003-10-02 10:41:48 +00:00
Richard Levitte
f6e8c19ed1 Correct a mixup of return values 2003-10-02 10:38:44 +00:00
Richard Levitte
ba9f80c5d5 Have ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B. 
PR: 679
 2003-09-27 19:32:06 +00:00
Richard Levitte
e59659dc41 Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B. 
PR: 680
 2003-09-27 19:27:06 +00:00