Commit graph

725 commits

Author SHA1 Message Date
Richard Levitte
2e60ea7634 Fix a memory leak in SSL.
PR: 477
2003-01-30 11:00:34 +00:00
Richard Levitte
28b958f732 Fix possible NULL dereferencial.
Notified by Verdon Walker <VWalker@novell.com>
2003-01-16 06:00:55 +00:00
Lutz Jänicke
8ec16ce711 Really fix SSLv2 session ID handling
PR: 377
2003-01-15 09:51:22 +00:00
Lutz Jänicke
21cde7a41c Fix wrong handling of session ID in SSLv2 client code.
PR: 377
2002-12-29 20:59:35 +00:00
Richard Levitte
5e42f9ab46 make update 2002-12-29 01:38:15 +00:00
Lutz Jänicke
ea8e0cc7c2 Some more adjustments
Submitted by: Jeffrey Altman <jaltman@columbia.edu>, "Kenneth R. Robinette" <support@securenetterm.com>
2002-12-24 21:55:57 +00:00
Richard Levitte
8d6ad9e39d Stop a possible memory leak.
(I wonder why s2_connect() handles the initial buffer allocation slightly
differently...)
PR: 416
2002-12-21 23:49:21 +00:00
Lutz Jänicke
1004c99c29 Fix Kerberos5/SSL interaction
Submitted by: "Kenneth R. Robinette" <support@securenetterm.com>
Reviewed by:
PR:
2002-12-20 12:48:00 +00:00
Richard Levitte
9cd16b1dea We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies,
and then didn't support it very well.  And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...
2002-12-19 22:10:12 +00:00
Richard Levitte
09867a47a4 If _XOPEN_SOURCE_EXTENDED or _XOPEN_SOURCE are defined, _POSIX_C_SOURCE gets
defined in DECC$TYPES.H.  If _POSIX_C_SOURCE is defined, certain types do
not get defined (u_char, u_int, ...).  DECC.H gets included by assert.h
and others.  Now, in6.h uses the types u_char, u_int and so on, and gets
included as part of other header inclusions, and will of course fail because
of the missing types.

On the other hand, _XOPEN_SOURCE_EXTENDED is needed to get gethostname()
properly declared...

Solution: define _XOPEN_SOURCE_EXTENDED much later, so DECC$TYPES.H has
a chance to be included *first*, so the otherwise missing types get defined
properly.

Personal: *mumble* *mumble*
2002-12-19 19:39:30 +00:00
Richard Levitte
f70ddce761 Protect loading routines with a lock.
PR: 373
2002-12-16 06:06:03 +00:00
Geoff Thorpe
e9224c7177 This is a first-cut at improving the callback mechanisms used in
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.

This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing.  The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones.  The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.

There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
2002-12-08 05:24:31 +00:00
Geoff Thorpe
e90e719739 Fix a warning, and do some constification as a lucky side-effect :-) 2002-12-08 05:19:43 +00:00
Richard Levitte
7ba666fa0e Since it's defined in draft-ietf-tls-compression-04.txt, let's make
ZLIB a known compression method, with the identity 1.
2002-12-08 02:41:11 +00:00
Richard Levitte
4fbe40c54f gethostname() is more a BSD feature than an XOPEN one.
PR: 379
2002-12-04 22:48:01 +00:00
Richard Levitte
e7a285694e define USE_SOCKETS so sys/param.h gets included (and thusly, MAXHOSTNAMELEN
gets defined).
PR: 371
2002-12-02 22:49:02 +00:00
Richard Levitte
43d601641f A few more memset()s converted to OPENSSL_cleanse().
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
2002-11-29 11:30:45 +00:00
Richard Levitte
55f78baf32 Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
always give the expected result on some platforms.
2002-11-28 18:54:30 +00:00
Richard Levitte
4579924b7e Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Richard Levitte
31be2daa06 Small bugfixes to the KSSL implementation.
PR: 349
2002-11-26 10:09:36 +00:00
Richard Levitte
d020e701bb Typo. OPENSSL_NO_ECDH, not NO_OPENSSL_ECDH 2002-11-22 08:40:34 +00:00
Lutz Jänicke
6a8afe2201 Fix bug introduced by the attempt to fix client side external session
caching (#288): now internal caching failed (#351):
Make sure, that cipher_id is set before comparing.
Submitted by:
Reviewed by:
PR: 288 (and 351)
2002-11-20 10:48:58 +00:00
Bodo Möller
1e3a9b650f allocate bio_err before memory debugging is enabled to avoid memory leaks
(we can't release it before the CRYPTO_mem_leaks() call!)

Submitted by: Nils Larsch
2002-11-19 11:56:05 +00:00
Richard Levitte
0bf23d9b20 WinCE patches 2002-11-15 22:37:18 +00:00
Lutz Jänicke
c566205319 The pointer to the cipher object is not yet set, when session was reloaded
from external cache (using d2i_SSL_SESSION). Perform comparison based on
the cipher's id instead.
Submitted by: Steve Haslam <araqnid@innocent.com>
Reviewed by:
PR: 288
2002-11-15 10:53:33 +00:00
Richard Levitte
0a5942093e We need to read one more byte of the REQUEST-CERTIFICATE message.
PR: 300
2002-11-15 09:15:55 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Bodo Möller
896e4fef30 avoid Purify warnings
Submitted by: Nils Larsch
2002-11-05 13:54:41 +00:00
Bodo Möller
5e3247d8bc fix typo 2002-11-05 10:54:40 +00:00
Richard Levitte
b6d0defb98 Remove all referenses to RSAref, since that's been gone for more than
a year.
2002-10-31 16:46:52 +00:00
Bodo Möller
259cdf2af9 Sun has agreed to removing the covenant language from most files.
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
2002-10-29 10:59:32 +00:00
Geoff Thorpe
e0db2eed8d Correct and enhance the behaviour of "internal" session caching as it
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.

Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.

PR: 311
2002-10-29 00:33:04 +00:00
Bodo Möller
00a357ab20 increase permissible message length so that we can handle
CertificateVerify for 4096 bit RSA signatures
2002-10-28 15:45:51 +00:00
Richard Levitte
28c8a911bd Typos.
PR: 189
2002-10-15 20:30:56 +00:00
Richard Levitte
437d1ed49f Typos.
PR: 189
2002-10-15 20:29:09 +00:00
Richard Levitte
677532629d makedepend complains when a header file is included more than once in
the same source file.
2002-10-14 10:02:36 +00:00
Richard Levitte
ef0baf60aa Typo 2002-10-10 08:32:39 +00:00
Richard Levitte
7ba3a4c3d2 RFC 2712 redefines the codes for use of Kerberos 5 in SSL/TLS.
PR: 189
2002-10-10 07:59:03 +00:00
Richard Levitte
001ab3abad Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Bodo Möller
929f116733 fix more race conditions
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
2002-09-26 15:52:34 +00:00
Lutz Jänicke
ba5ba5490d Add missing brackets.
Submitted by: "Chris Brook" <cbrook@v-one.com>
2002-09-25 20:19:04 +00:00
Bodo Möller
b8565a9af9 really fix race conditions
Submitted by: "Patrick McCormick" <patrick@tellme.com>

PR: 262
PR: 291
2002-09-25 15:38:57 +00:00
Bodo Möller
e78f137899 really fix race condition
PR: 262
2002-09-23 14:25:07 +00:00
Bodo Möller
a4f53a1c73 there is no minimum length for session IDs
PR: 274
2002-09-19 11:44:07 +00:00
Bodo Möller
a90ae02454 fix race condition
PR: 262
2002-09-19 11:26:45 +00:00
Lutz Jänicke
82a20fb0f0 Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb().
Submitted by:
Reviewed by:
PR: 212
2002-08-16 17:04:04 +00:00
Bodo Möller
52c29b7b99 use correct function code in error message 2002-08-15 16:17:20 +00:00
Richard Levitte
265e892fed Sometimes, the value of the variable containing the compiler call can
become rather large.  This becomes a problem when the default 1024
character large buffer that WRITE uses isn't enough.  WRITE/SYMBOL
uses a 2048 byte large buffer instead.
2002-08-15 08:28:38 +00:00
Richard Levitte
90f5a2b6fe Instead of returning errors when certain flags are unusable, just ignore them.
That will make the test go through even if DH (or in some cases ECDH) aren't
built into OpenSSL.
PR: 216, part 2
2002-08-14 12:16:27 +00:00
Bodo Möller
aa1e56b0b9 remove comment
Submitted by: Douglas Stebila
2002-08-12 08:54:40 +00:00
Bodo Möller
7ef524ea1c remove debug messages
Submitted by: Douglas Stebila
2002-08-12 08:52:23 +00:00
Bodo Möller
0c7141a343 fix comment
Submitted by: Douglas Stebila
2002-08-12 08:51:30 +00:00
Bodo Möller
5488bb6197 get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)
Submitted by: Nils Larsch
2002-08-12 08:47:41 +00:00
Bodo Möller
74cc4903ef make update 2002-08-09 12:16:15 +00:00
Bodo Möller
41fdcfa71e fix warnings 2002-08-09 11:58:28 +00:00
Bodo Möller
ea26226046 ECC ciphersuite support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
2002-08-09 08:56:08 +00:00
Bodo Möller
db4f691f9f oops -- must use EVP_MD_size, not EVP_MD_block_size 2002-08-03 18:49:39 +00:00
Bodo Möller
5574e0ed41 get rid of OpenSSLDie 2002-08-02 11:48:15 +00:00
Richard Levitte
e70a39830c Make sure to use $(MAKE) everywhere instead of make.
Part of PR 181
2002-07-31 13:49:06 +00:00
Lutz Jänicke
dd7ab82e75 Typo.
Submitted by: Jeffrey Altman <jaltman@columbia.edu>
Reviewed by:
PR: 169
2002-07-30 13:36:31 +00:00
Lutz Jänicke
c046fffa16 OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
2002-07-30 13:04:04 +00:00
Lutz Jänicke
3aecef7697 "make update" 2002-07-30 12:44:33 +00:00
Lutz Jänicke
c6ccf055ba New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT.
Submitted by:
Reviewed by:
PR: 127
2002-07-19 19:55:34 +00:00
Bodo Möller
5dbd3efce7 Replace 'ecdsaparam' commandline utility by 'ecparam'
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.

Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.

Fix ec_asn1.c (take into account the desired conversion form).

'make update'.

Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Lutz Jänicke
7b63c0fa8c Reorder inclusion of header files:
des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
2002-07-10 07:01:54 +00:00
Lutz Jänicke
063a8905bf Ciphers with NULL encryption were not properly handled because they were
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
2002-07-10 06:41:55 +00:00
Bodo Möller
d1d0be3cd2 emtpy fragments are not necessary for SSL_eNULL
(but noone uses it anyway)

fix t1_enc.c: use OPENSSL_NO_RC4, not NO_RC4
2002-07-09 08:49:09 +00:00
Bodo Möller
ea4f109c99 AES cipher suites are now official (RFC3268) 2002-07-04 08:51:09 +00:00
Richard Levitte
17085b022c Pass CFLAG to dependency makers, so non-standard system include paths are
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Bodo Möller
c21506ba02 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
2002-06-14 12:21:11 +00:00
Richard Levitte
b2c04539a1 Merge from 0.9.7-stable. 2002-06-06 07:22:33 +00:00
Richard Levitte
a9a025d08c Recover from errors 2002-05-23 23:31:22 +00:00
Richard Levitte
b935754cb0 Allow the use of the TCP/IP stack keyword TCPIP and NONE 2002-05-22 11:37:20 +00:00
Bodo Möller
98a9092af1 Fix ciphersuite list to enforce low priority for RC4. 2002-05-07 08:36:26 +00:00
Bodo Möller
87108f5af9 ensure that, for each strength, RC4 ciphers have least preference
in the default ciphersuite list
2002-05-07 07:59:35 +00:00
Bodo Möller
f257d984b7 refer to latest draft for AES ciphersuites 2002-05-07 07:55:36 +00:00
Bodo Möller
b889d6a8e8 fix warning 2002-05-06 10:44:59 +00:00
Bodo Möller
a4f576a378 disable AES ciphersuites unless explicitly requested 2002-05-05 23:44:27 +00:00
Bodo Möller
3def5a010e fix casts 2002-05-05 23:00:28 +00:00
Bodo Möller
b52f3818f4 undo nonsense patch (r *is* signed or we have signedness mismatches elsewhere) 2002-04-29 11:03:06 +00:00
Richard Levitte
cc12975514 Fix unsigned vs. signed clash 2002-04-29 10:29:38 +00:00
Richard Levitte
9738f395c6 Synchronise with 0.9.7-stable. 2002-04-29 10:28:29 +00:00
Richard Levitte
d4294c8984 Synchronise with 0.9.7-stable. 2002-04-29 10:19:19 +00:00
Richard Levitte
8b07f23c30 Signedness mismatch.
Notified by Bernd Matthes <bernd.matthes@gemplus.com>
2002-04-20 10:23:19 +00:00
Richard Levitte
6176df94ed Make sure the opened directory is closed on exit.
Notified by Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>
2002-04-18 16:20:13 +00:00
Bodo Möller
2fb3f002d0 fix length field we create when converting SSL 2.0 format into SSL 3.0/TLS 1.0 format
(the bug was introduced with message callback support)
2002-04-14 13:05:15 +00:00
Bodo Möller
82b0bf0b87 Implement known-IV countermeasure.
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-04-13 22:47:20 +00:00
Lutz Jänicke
11c26ecf81 Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>). 2002-03-19 16:42:09 +00:00
Dr. Stephen Henson
611ba3f4a1 Initialize ciph_ctx in kssl.c 2002-03-19 01:28:00 +00:00
Bodo Möller
304d90425f fix ssl3_pending 2002-03-15 10:52:32 +00:00
Lutz Jänicke
bfaa8a89e1 Add missing strength entries. 2002-03-14 18:53:15 +00:00
Dr. Stephen Henson
de941e289e Initialize cipher context in KRB5
("D. Russell" <russelld@aol.net>)

Allow HMAC functions to use an alternative ENGINE.
2002-03-14 18:22:23 +00:00
Bodo Möller
234c73767d use BIO_nwrite() more properly to demonstrate the general idea of
BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not
in general)
2002-03-14 09:48:54 +00:00
Dr. Stephen Henson
497810cae7 Undo previous patch: avoid warnings by #undef'ing
duplicate definitions.

Suggested by "Kenneth R. Robinette" <support@securenetterm.com>
2002-03-13 13:59:38 +00:00
Dr. Stephen Henson
cbc9d9713d Fix Kerberos warnings with VC++. 2002-03-12 19:37:18 +00:00
Dr. Stephen Henson
98fa4fe8c5 Fix ASN1 additions for KRB5 2002-03-12 13:32:35 +00:00
Dr. Stephen Henson
0b4c91c0fc Fix various warnings when compiling with KRB5 code. 2002-03-12 02:59:37 +00:00
Bodo Möller
9437fef8cc use ERR_peek_last_error() instead of ERR_peek_error() 2002-02-28 14:07:37 +00:00
Richard Levitte
26414ee013 Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated 2002-02-28 12:42:19 +00:00
Bodo Möller
023ec151df Add 'void *' argument to app_verify_callback.
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:52:56 +00:00
Lutz Jänicke
d62bfb39cd Fix the fix (Yoram Zahavi)... 2002-02-27 11:23:05 +00:00
Lutz Jänicke
334f1842fc Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi). 2002-02-26 21:40:09 +00:00
Dr. Stephen Henson
3a3ca3f515 Fix for AIX.
Submitted by Dawn Whiteside <dwhitesi@tiercel.uwaterloo.ca>
2002-02-22 21:26:25 +00:00
Bodo Möller
4d94ae00d5 ECDSA support
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Lutz Jänicke
acfe628b6e Make removal from session cache more robust. 2002-02-10 12:46:41 +00:00
Lutz Jänicke
4de920c91d Do not store unneeded data. 2002-02-08 15:15:04 +00:00
Bodo Möller
8c74b5e56c Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
2002-01-14 23:40:26 +00:00
Bodo Möller
c59ba5b528 Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if
the SSL_R_LENGTH_MISMATCH error is detected.
2002-01-14 12:37:59 +00:00
Ben Laurie
45d87a1ffe Prototype info function. 2002-01-12 15:56:13 +00:00
Ben Laurie
a3feb21bbe Add client_cert_cb prototype. 2002-01-12 13:15:40 +00:00
Ulf Möller
dcbbf83dba ssl3_read_bytes bug fix
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
2001-12-28 17:14:35 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Ben Laurie
ff3fa48fc7 Improve back compatibility. 2001-12-09 21:53:31 +00:00
Bodo Möller
47ff5c6279 For future portability reasons MIT is moving all macros to function
calls.  This patch allows compilation either way.

Submitted by: Jeffrey Altman <jaltman@columbia.edu>
2001-11-23 21:50:50 +00:00
Bodo Möller
c23d16ac19 cast to unsigned int, not to int to avoid the warning -- all these
values really are unsigned
2001-11-14 21:18:35 +00:00
Richard Levitte
3102792161 unsigned int vs. int. 2001-11-14 10:55:29 +00:00
Bodo Möller
2b90b1f344 make code a little more similar to what it looked like before the fixes,
call ssl2_part_read again to parse error message
2001-11-10 10:44:15 +00:00
Bodo Möller
cf82191d77 Implement msg_callback for SSL 2.0.
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
2001-11-10 01:16:28 +00:00
Richard Levitte
a7b42009c4 Change the shared library support so the shared libraries get built
sooner and the programs get built against the shared libraries.

This requires a bit more work.  Things like -rpath and the possibility
to still link the programs statically should be included.  Some
cleanup is also needed.  This will be worked on.
2001-10-30 08:00:59 +00:00
Richard Levitte
7b5ffd6834 Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names 2001-10-29 13:05:28 +00:00
Bodo Möller
4d635a7001 Consistency with s2_... and s23_... variants (no real functional
change)
2001-10-25 08:17:53 +00:00
Bodo Möller
ba1c602281 Assume TLS 1.0 when ClientHello fragment is too short. 2001-10-25 06:09:51 +00:00
Bodo Möller
979689aa5c Fix SSL handshake functions and SSL_clear() such that SSL_clear()
never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.
2001-10-24 19:03:22 +00:00
Richard Levitte
a3faebd104 Deprecate the macro MAC_OS_pre_X. 2001-10-24 15:32:53 +00:00
Bodo Möller
287973746e Fix memory leak. 2001-10-22 13:59:36 +00:00
Bodo Möller
cf3a5cebd7 Call msg_callback with correct length parameter if ssl3_write_bytes had to
be called multiple times
2001-10-20 18:56:01 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback().
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Bodo Möller
31fe950d2b gcc complained about "write" being shadowed even though the "write"
variable name occured just in a function *prototype* -- so rename it
2001-10-17 20:44:25 +00:00
Richard Levitte
db6a87d8cc Wrong place... 2001-10-17 17:54:17 +00:00
Richard Levitte
7beb408771 The EVP_*Init_ex() functions take one extra argument. Let's default
it to NULL.
2001-10-17 16:03:42 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Bodo Möller
bf21446a2a Add per-SSL 'msg_callback' with 'msg_callback_arg'.
Both have per-SSL_CTX defaults.
These new values can be set by calling SSL[_CTX]_[callback_]ctrl
with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG.

So far, the callback is never actually called.


Also rearrange some SSL_CTX struct members (some exist just in
SSL_CTXs, others are defaults for SSLs and are either copied
during SSL_new, or used if the value in the SSL is not set;
these three classes of members were not in a logical order),
and add some missing assignments to SSL_dup.
2001-10-16 13:09:24 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Bodo Möller
9ba3ec9176 The message header for fake SSL 3.0/TLS 1.0 client hellos created from
SSL 2.0 client hellos added with the previous commit was totally wrong --
it must start with the message type, not the protocol version.
(Not that this particular header is actually used anywhere ...)
2001-10-16 00:56:04 +00:00
Bodo Möller
8f71fb8d98 For consistency, set s->init_num in the 'reuse_message' case
(if s23_srvr.c faked the message, s->init_num is 0).
2001-10-15 20:16:36 +00:00
Bodo Möller
48948d53b6 Change ssl3_get_message and the functions using it so that complete
'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.

(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)
2001-10-15 19:49:25 +00:00
Bodo Möller
2ce15df528 Fix ssl3_get_message handle message fragmentation correctly. 2001-10-15 17:41:41 +00:00
Bodo Möller
681bfae499 the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK
case of ssl3_accept
2001-10-15 17:40:42 +00:00
Richard Levitte
116daf4c2f To avoid commit wars over dependencies, let's make it so things that
depend on the environment, like the presence of the OpenBSD crypto
device or of Kerberos, do not change the dependencies within OpenSSL.
2001-10-10 07:55:02 +00:00
Richard Levitte
285046ec51 SSL_add_dir_cert_subjects_to_stack for Win32 finally implemented.
Submitted by Massimo Santin <msantin@santineassociati.com>.
2001-10-04 12:27:39 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Bodo Möller
965b6dad44 comment 2001-09-24 07:56:45 +00:00
Bodo Möller
a32d795aae avoid everything resembling a magic trigraph 2001-09-24 07:54:11 +00:00
Bodo Möller
3b0b5abae3 bugfix: handle HelloRequest received during handshake correctly 2001-09-21 11:18:40 +00:00
Bodo Möller
b49124f6d9 Disable session related stuff in SSL_ST_OK case of ssl3_accept if we
just sent a HelloRequest.
2001-09-21 07:01:25 +00:00
Bodo Möller
2260ad21fb Bugfix: correct cleanup after sending a HelloRequest 2001-09-21 00:04:15 +00:00
Bodo Möller
6b0e9facf4 New function SSL_renegotiate_pending().
New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
2001-09-20 22:54:09 +00:00
Bodo Möller
8e2f6b79ea fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case 2001-09-20 21:37:13 +00:00
Bodo Möller
ee60d9fb28 Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
2001-09-20 18:35:52 +00:00
Bodo Möller
b78e502104 add comment 2001-09-14 13:47:25 +00:00
Lutz Jänicke
c0f5dd070b Make maximum certifcate chain size accepted from the peer application
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
2001-09-11 13:08:51 +00:00
Bodo Möller
384eff877c Fix apps/openssl.c and ssl/ssltest.c so that they use
CRYPTO_set_mem_debug_options() instead of CRYPTO_dbg_set_options(),
which is the default implementation of the former and should usually
not be directly used by applications (at least if we assume that the
options accepted by the default implementation will also be meaningful
to any other implementations).

Also fix apps/openssl.c and ssl/ssltest such that environment variable
setting 'OPENSSL_DEBUG_MEMORY=off' actively disables the compiled-in
library defaults (i.e. such that CRYPTO_MDEBUG is ignored in this
case).
2001-09-10 09:50:30 +00:00
Bodo Möller
6ac4e8bd6e Rename recently introduced functions for improved code clarity:
[DR]SA_up  =>  [DR]SA_up_ref
2001-09-03 13:40:07 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Geoff Thorpe
4db73c1bb8 (A version of) gcc had been giving somewhat odd "trigraph" warnings about
this construct, and Ulf provided the following insight as to why;

> ANSI C compliant compilers must substitute "??)" for "]" because your
> terminal might not have a "]" key if you bought it in the early 1970s.

So we escape the final '?' to avoid this pathological case.
2001-08-28 19:32:16 +00:00
Ben Laurie
1f3b65801b Fix SSL memory leak. 2001-08-28 13:45:41 +00:00
Geoff Thorpe
78435364ec Changes crypto/evp/ and ssl/ code from directly incrementing reference
counts in DH, DSA, and RSA structures. Instead they use the new "***_up()"
functions that handle this.
2001-08-25 17:28:23 +00:00
Lutz Jänicke
e7cf7fcd21 Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.) 2001-08-25 11:49:24 +00:00
Lutz Jänicke
11c8f0b79d More manual pages. Constify. 2001-08-23 17:22:43 +00:00
Lutz Jänicke
df7cb13525 Checked in from the wrong !@#$%&*() copy... 2001-08-21 07:27:02 +00:00
Lutz Jänicke
a403188f92 Alert description strings for TLSv1 and documentation. 2001-08-19 16:20:42 +00:00
Geoff Thorpe
b7727ee616 The indexes returned by ***_get_ex_new_index() functions are used when
setting stack (actually, array) values in ex_data. So only increment the
global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.
This change doesn't make "ex_data" right (see the comment at the head of
ex_data.c to know why), but at least makes the source code marginally less
frustrating.
2001-08-12 16:52:00 +00:00
Bodo Möller
37a7cd1a11 Bugfix: larger message size in ssl3_get_key_exchange() because
ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>
2001-08-07 09:30:18 +00:00
Lutz Jänicke
3a2d9c4dd0 Fix typos (shinagawa@star.zko.dec.com) 2001-08-07 07:52:53 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Lutz Jänicke
06da6e4977 Don't disable rollback attack detection as a recommended bug workaround. 2001-08-03 08:45:13 +00:00
Lutz Jänicke
d92f0bb6e9 Remove SSL_OP_NON_EXPORT_FIRST:
It did not work, it was deactivated by #if 0/#endif anyway _and_ we now have
the working SSL_OP_CIPHER_SERVER_PREFERENCE.
2001-08-01 10:06:32 +00:00
Lutz Jänicke
e32c852e1e Indent. 2001-07-31 10:19:20 +00:00
Richard Levitte
3728974460 Make as sure as possible that gethostname() will be properly declared. 2001-07-31 08:50:20 +00:00
Richard Levitte
fdc2bbcacb Correct most of the unsigned vs. signed warnings (or int vs. size_t),
and rename some local variables to avoid name shadowing.
2001-07-31 08:45:40 +00:00
Richard Levitte
c2a3358b60 Whoops, my fault, a backslash got converted to a slash... 2001-07-31 08:44:28 +00:00
Richard Levitte
882e891284 More Kerberos SSL changes from Jeffrey Altman <jaltman@columbia.edu>
His comments are:

First, it corrects a problem introduced in the last patch where the
kssl_map_enc() would intentionally return NULL for valid ENCTYPE
values.  This was done to prevent verification of the kerberos 5
authenticator from being performed when Derived Key ciphers were
in use.  Unfortunately, the authenticator verification routine was
not the only place that function was used.  And it caused core dumps.

Second, it attempt to add to SSL_SESSION the Kerberos 5 Client
Principal Name.
2001-07-31 07:21:06 +00:00
Richard Levitte
99ecb90a99 make update 2001-07-31 06:40:10 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Ben Laurie
be2e2c3297 Only set the verify callback if there's one to set! 2001-07-30 17:17:26 +00:00
Lutz Jänicke
1f0c9ad7e1 Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:45:34 +00:00
Bodo Möller
7bc03ded12 add a comment 2001-07-25 10:04:14 +00:00
Richard Levitte
acdf4afb91 More Kerberos SSL patches from Vern Staats <staatsvr@asc.hpc.mil>.
His comments are:

This patch fixes the problem of modern Kerberos using "derived keys"
to encrypt the authenticator by disabling the authenticator check
for all derived keys enctypes.

I think I've got all the bugfixes that Jeffrey and I discussed rolled
into this.  There were some problems with Jeffrey's code to convert
the authenticator's Kerberos timestring into struct tm (e.g. Z, -1900;
it helps to have an actual decryptable authenticator to play with).
So I've shamelessly pushed in my code, while stealing some bits from
Jeffrey.
2001-07-21 09:43:43 +00:00
Richard Levitte
fa293e4e4b SSL_get_rfc were documented but not implemented. 2001-07-16 10:50:29 +00:00
Richard Levitte
24cbf3efc6 SSL_get_[rw]fd were documented but not implemented. 2001-07-15 20:11:57 +00:00
Richard Levitte
45442167b0 Prevent KSSL server from requesting a client certificate.
Submitted by Jeffrey Altman <jaltman@columbia.edu>
2001-07-12 16:17:33 +00:00
Richard Levitte
131645ecce paddr may be NULL. Do not crash if it is. 2001-07-12 15:54:10 +00:00
Richard Levitte
82d5d46c14 Some of the Kerberos code had dissapeared. Reapply. 2001-07-12 08:51:47 +00:00
Richard Levitte
b01ab14338 make update
Note that since some private kssl functions were exported, the
simplest way to rebuild the number table was to toss everything that
was new since OpenSSL 0.9.6b.  This is safe, since those functions
have not yet been exported in an OpenSSL release.  Beware, people who
trust intermediary snapshots!
2001-07-11 21:15:03 +00:00
Richard Levitte
2a96235bf7 Include kssl_lcl.h where needed. 2001-07-11 21:11:40 +00:00
Richard Levitte
1cf9bf00f4 Private functions do not belong in an exported header file, so move
them to one that won't get exported.
2001-07-11 21:09:30 +00:00
Richard Levitte
a5224c3420 Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu>
His comments are:

 . adds use of replay cache to protect against replay attacks

 . adds functions kssl_tgt_is_available() and
   kssl_keytab_is_available() which are used within s3_lib.c
   and ssl_lib.c to determine at runtime whether or not
   KRB5 ciphers can be supported during the current session.
2001-07-11 19:03:58 +00:00
Richard Levitte
ab603c6987 Code to avoid the use of non-standard strptime(). By
Jeffrey Altman <jaltman@columbia.edu>

(Really, the time that's being parsed is a GeneralizedTime, so if
ASN1_GENERALIZEDTIME_get() ever gets implemented, it should be used
instead)
2001-07-11 16:13:36 +00:00
Richard Levitte
8de83bf876 Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu>
His comments are:

 . Fixed all of the Windows dynamic loading functions, prototypes, etc.

 . Corrected all of the unsigned/signed comparison warnings

 . Replaced the references to krb5_cksumarray[] for two reasons.
   First, it was an internal variable that should not have been
   referenced outside the library; nor could it have been with
   a shared library with restricted exports.  Second, the
   variable is no longer used in current Kerberos implementations.
   I replaced the code with equivalent functionality using functions
   that are exported from the library.
2001-07-11 15:31:45 +00:00
Richard Levitte
567671e291 make update 2001-07-10 21:00:37 +00:00
Richard Levitte
7e99812432 If I define _XOPEN_SOURCE before including *any* system header file,
things will work much more smoothly.
2001-07-09 21:51:03 +00:00
Richard Levitte
2a1ef75435 Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in
SSL according to RFC 2712.  His comment is:

This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication.  I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week.  The full kit includes patches
for mod-ssl, apache, and a few text clients.  The sourceforge URL
is http://sourceforge.net/projects/kssl/ .

Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct.  I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field.  I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.
2001-07-09 21:46:58 +00:00
Bodo Möller
b8e2f83ae6 Call ENGINE_cleanup() to avoid memory leak. 2001-07-04 20:55:36 +00:00
Dr. Stephen Henson
323f289c48 Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Bodo Möller
285b42756a pay attention to blocksize before attempting decryption 2001-06-15 18:05:09 +00:00
Richard Levitte
44e48abc44 Use memmove() instead of memcpy() on areas that may overlap.
Spotted by Nalin Dahyabhai <nalin@redhat.com>
2001-06-07 04:42:34 +00:00
Bodo Möller
31bc51c8cf Fix Bleichenbacher PKCS #1 1.5 countermeasure.
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway,
otherwise this would be a security relevant patch.)
2001-06-01 09:41:25 +00:00
Dr. Stephen Henson
926a56bfe3 Purpose and trust setting functions for X509_STORE.
Tidy existing code.
2001-05-10 00:13:59 +00:00
Dr. Stephen Henson
b545dc6775 Initial CRL based revocation checking. 2001-05-07 22:52:50 +00:00
Bodo Möller
027e257b1d Avoid assert() in the library. 2001-04-08 13:47:51 +00:00