wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8389 commits 20 branches 302 tags 153 MiB
Commit graph

636 commits

Author SHA1 Message Date
Dr. Stephen Henson
3c1ee6c147 Fix from HEAD. 2006-02-04 01:50:41 +00:00
Dr. Stephen Henson
d37ca24da9 Backport of other fixes to keep VC++ happy. 2006-01-30 13:49:59 +00:00
Andy Polyakov
ed457c6e1c Replace detached signature with in-core fingerprinting. 2006-01-21 14:01:30 +00:00
Bodo Möller
8750e911f1 Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts) 2006-01-08 19:33:31 +00:00
Bodo Möller
d9ba7079b8 Rewrite timeout computation in a way that is less prone to overflow. 
(Problem reported by Peter Sylvester.)
 2005-12-30 23:52:20 +00:00
Mark J. Cox
a40916cbba Add fixes for CAN-2005-2969 
Bump release ready for OpenSSL_0_9_7h tag
 2005-10-11 10:10:05 +00:00
Dr. Stephen Henson
9f03d028e7 Update from HEAD. 2005-09-21 00:58:48 +00:00
Andy Polyakov
08f7417a98 Eliminate dependency on UNICODE macro. 2005-06-27 21:14:15 +00:00
Richard Levitte
f840728f43 Do not undefine _XOPEN_SOURCE. This is currently experimental, and 
will be firmed up as soon as it's been verified not to break anything.
 2005-06-16 22:21:39 +00:00
Nils Larsch
e85e5ca5ec - let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an 
error if the cipher list is empty
- fix last commit in ssl_create_cipher_list
- clean up ssl_create_cipher_list
 2005-06-10 20:00:39 +00:00
Nils Larsch
0eb8e0058c use "=" instead of "|=", fix typo 2005-06-08 22:24:27 +00:00
Nils Larsch
e32b08abc3 ssl_create_cipher_list should return an error if no cipher could be 
collected (see SSL_CTX_set_cipher_list manpage). Fix handling of
"cipher1+cipher2" expressions in ssl_cipher_process_rulestr.

PR: 836 + 1005
 2005-06-08 21:16:32 +00:00
Nils Larsch
0dfe532ea9 clear error queue on success and return NULL if cert could be read 
PR: 1088
 2005-06-01 08:36:38 +00:00
Richard Levitte
c3d03b70af We have some source with \r\n as line ends. DEC C informs about that, 
and I really can't be bothered...
 2005-05-29 12:13:05 +00:00
Richard Levitte
48a3f2818e When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in 
http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html.

Notified by David Wolfe <dwolfe5272@yahoo.com>
 2005-05-21 17:39:48 +00:00
Bodo Möller
c4d9c13a31 fix msg_callback() arguments for SSL 2.0 compatible client hello 
(previous revision got this wrong)
 2005-05-12 06:24:26 +00:00
Bodo Möller
00c1c6cb28 PR:Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled 
with the SSL_OP_NO_SSLv2 option.
 2005-05-11 18:26:08 +00:00
Dr. Stephen Henson
765863f0bf Stop warnings. 2005-05-11 00:35:55 +00:00
Nils Larsch
fcec494072 use 'p' as conversion specifier for printf to avoid truncation of 
pointers on 64 bit platforms. Patch supplied by Daniel Gryniewicz
via Mike Frysinger <vapier@gentoo.org>.

PR: 1064
 2005-05-10 11:57:19 +00:00
Richard Levitte
7590f37fd7 Apparently, isascii() is an X/Open function, so to get it properly 
declared, we need to define _XOPEN_SOURCE before including ctype.h.

Ported from HEAD.
 2005-04-17 09:15:33 +00:00
Andy Polyakov
0174c56851 More cover-ups, removing OPENSSL_GLOBAL/EXTERNS. 2005-04-13 21:48:12 +00:00
Dr. Stephen Henson
342b7e0458 Rebuild error codes. 2005-04-12 13:47:58 +00:00
Dr. Stephen Henson
4ecd7d2b7e Ooops, shoudln't have deleted this line. 2005-04-12 11:34:21 +00:00
Dr. Stephen Henson
9d728b8d10 Not sure what this is doing here... 2005-04-11 22:22:51 +00:00
Richard Levitte
93aeac64ce Merge RFC3820 source into mainstream 0.9.7-stable. 2005-04-11 15:03:37 +00:00
Richard Levitte
9addd9b6fb Add emacs cache files to .cvsignore. 2005-04-11 14:18:14 +00:00
Dr. Stephen Henson
657129f748 Typo.. 2005-04-09 23:52:53 +00:00
Dr. Stephen Henson
c710c7b3a3 Make kerberos ciphersuites work with newer headers. 2005-04-09 23:32:37 +00:00
Nils Larsch
8298632d14 really clear the error queue here 
PR: 860
 2005-04-01 17:49:33 +00:00
Nils Larsch
62a25c6129 use SSL3_VERSION_MAJOR instead of SSL3_VERSION etc. 
PR: 658
 2005-04-01 17:33:39 +00:00
Dr. Stephen Henson
8c04994bfe Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS mode. 2005-03-27 03:36:14 +00:00
Ben Laurie
801fea5f11 Constification. 2005-03-23 08:21:30 +00:00
Dr. Stephen Henson
61823b6a74 Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and 
client random values.
 2005-03-22 14:10:32 +00:00
Dr. Stephen Henson
ecc3d2734d Only allow TLS is FIPS mode. 
Remove old FIPS_allow_md5() calls.
 2005-01-31 01:33:36 +00:00
Dr. Stephen Henson
d0edffc7da FIPS algorithm blocking. 
Non FIPS algorithms are not normally allowed in FIPS mode.

Any attempt to use them via high level functions will return an error.

The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.

There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.

For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().

For high level functions an override is performed by setting a flag in
the context.
 2005-01-26 20:00:40 +00:00
Richard Levitte
630b9d70fb Use EXIT() instead of exit(). 2005-01-11 18:25:28 +00:00
Richard Levitte
a2617f727d Don't use $(EXHEADER) directly in for loops, as most shells will break 
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
 2004-11-02 23:53:31 +00:00
Dr. Stephen Henson
ac4fb4a138 Fix race condition. 2004-10-25 11:15:49 +00:00
Richard Levitte
1033449613 make update 2004-08-10 09:09:08 +00:00
Richard Levitte
7f9c37457a To protect FIPS-related global variables, add locking mechanisms 
around them.

NOTE: because two new locks are added, this adds potential binary
incompatibility with earlier versions in the 0.9.7 series.  However,
those locks will only ever be touched when FIPS_mode_set() is called
and after, thanks to a variable that's only changed from 0 to 1 once
(when FIPS_mode_set() is called).  So basically, as long as FIPS mode
hasn't been engaged explicitely by the calling application, the new
locks are treated as if they didn't exist at all, thus not becoming a
problem.  Applications that are built or rebuilt to use FIPS
functionality will need to be recompiled in any case, thus not being a
problem either.
 2004-07-30 14:38:02 +00:00
Dr. Stephen Henson
0b948f3677 New cipher "strength" FIPS which specifies that a 
cipher suite is FIPS compatible.

New cipherstring "FIPS" is all FIPS compatible ciphersuites except eNULL.

Only allow FIPS ciphersuites in FIPS mode.
 2004-07-27 18:28:49 +00:00
Andy Polyakov
1ecb88b95a Add casts where casts due. It's "safe" to cast, because "wrong" casts 
will either be optimized away or never performed. The trouble is that
compiler first parses code, then optimizes, not both at once...
 2004-07-24 13:40:47 +00:00
Andy Polyakov
64c6865427 Proper WinCE support for listing files. "Backported" from HEAD. 2004-07-22 16:39:48 +00:00
Dr. Stephen Henson
bdb4a7e092 Fixes so alerts are sent properly in s3_pkt.c 
PR: 851
 2004-05-15 17:46:50 +00:00
Ben Laurie
0163602573 Check error returns. 2004-05-15 16:39:23 +00:00
Ben Laurie
3642f632d3 Pull FIPS back into stable. 2004-05-11 12:46:24 +00:00
Mark J. Cox
82d63d3028 Fix null-pointer assignment in do_change_cipher_spec() revealed 
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
(CAN-2004-0112)
Ready for 0.9.7d build

Submitted by: Steven Henson
Reviewed by: Joe Orton
Approved by: Mark Cox
 2004-03-17 12:01:19 +00:00
Dr. Stephen Henson
8e6a84e730 Avoid warnings. 2004-03-16 13:50:18 +00:00
Richard Levitte
381a693c39 make update 2004-01-29 10:23:54 +00:00
Lutz Jänicke
3fbbd1e1d7 unintptr_t and <inttypes.h> are not strictly portable with respect to 
ANSI C 89.
Undo change to maintain compatibility.
 2004-01-04 17:54:02 +00:00