Commit graph

135 commits

Author SHA1 Message Date
Richard Levitte
5fdf06666c Avoid including cryptlib.h, it's not really needed.
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 16:10:30 +00:00
Richard Levitte
4d8743f490 Netware-specific changes,
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
2003-11-28 13:10:58 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Dr. Stephen Henson
a08ced78c8 Avoid warnings: add missing prototype, don't shadow. 2003-10-10 23:07:24 +00:00
Richard Levitte
8242354952 Make sure int SSL_COMP_add_compression_method() checks if a certain
compression identity is already present among the registered
compression methods, and if so, reject the addition request.

Declare SSL_COMP_get_compression_method() so it can be used properly.

Change ssltest.c so it checks what compression methods are available
and enumerates them.  As a side-effect, built-in compression methods
will be automagically loaded that way.  Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.

Finally, make update.

Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().
2003-10-06 11:00:15 +00:00
Richard Levitte
f82ab534c6 Check for errors from SSL_COMP_add_compression_method().
Notified by Andrew Marlow <AMARLOW1@bloomberg.net>
2003-10-02 10:41:48 +00:00
Bodo Möller
563c05e2dc fix out-of-bounds check in lock_dbg_cb (was too lose to detect all
invalid cases)

PR: 674
2003-08-14 10:33:56 +00:00
Richard Levitte
3ae70939ba Correct a lot of printing calls. Remove extra arguments... 2003-04-03 23:39:48 +00:00
Ulf Möller
66ecdf3bfb more mingw related cleanups. 2003-02-22 18:00:14 +00:00
Richard Levitte
0b13e9f055 Add the possibility to build without the ENGINE framework.
PR: 287
2003-01-30 17:39:26 +00:00
Richard Levitte
09867a47a4 If _XOPEN_SOURCE_EXTENDED or _XOPEN_SOURCE are defined, _POSIX_C_SOURCE gets
defined in DECC$TYPES.H.  If _POSIX_C_SOURCE is defined, certain types do
not get defined (u_char, u_int, ...).  DECC.H gets included by assert.h
and others.  Now, in6.h uses the types u_char, u_int and so on, and gets
included as part of other header inclusions, and will of course fail because
of the missing types.

On the other hand, _XOPEN_SOURCE_EXTENDED is needed to get gethostname()
properly declared...

Solution: define _XOPEN_SOURCE_EXTENDED much later, so DECC$TYPES.H has
a chance to be included *first*, so the otherwise missing types get defined
properly.

Personal: *mumble* *mumble*
2002-12-19 19:39:30 +00:00
Geoff Thorpe
e9224c7177 This is a first-cut at improving the callback mechanisms used in
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.

This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing.  The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones.  The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.

There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
2002-12-08 05:24:31 +00:00
Richard Levitte
4fbe40c54f gethostname() is more a BSD feature than an XOPEN one.
PR: 379
2002-12-04 22:48:01 +00:00
Richard Levitte
e7a285694e define USE_SOCKETS so sys/param.h gets included (and thusly, MAXHOSTNAMELEN
gets defined).
PR: 371
2002-12-02 22:49:02 +00:00
Richard Levitte
55f78baf32 Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
always give the expected result on some platforms.
2002-11-28 18:54:30 +00:00
Richard Levitte
31be2daa06 Small bugfixes to the KSSL implementation.
PR: 349
2002-11-26 10:09:36 +00:00
Bodo Möller
1e3a9b650f allocate bio_err before memory debugging is enabled to avoid memory leaks
(we can't release it before the CRYPTO_mem_leaks() call!)

Submitted by: Nils Larsch
2002-11-19 11:56:05 +00:00
Richard Levitte
0bf23d9b20 WinCE patches 2002-11-15 22:37:18 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Bodo Möller
896e4fef30 avoid Purify warnings
Submitted by: Nils Larsch
2002-11-05 13:54:41 +00:00
Bodo Möller
5e3247d8bc fix typo 2002-11-05 10:54:40 +00:00
Lutz Jänicke
ba5ba5490d Add missing brackets.
Submitted by: "Chris Brook" <cbrook@v-one.com>
2002-09-25 20:19:04 +00:00
Richard Levitte
90f5a2b6fe Instead of returning errors when certain flags are unusable, just ignore them.
That will make the test go through even if DH (or in some cases ECDH) aren't
built into OpenSSL.
PR: 216, part 2
2002-08-14 12:16:27 +00:00
Bodo Möller
ea26226046 ECC ciphersuite support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
2002-08-09 08:56:08 +00:00
Bodo Möller
b52f3818f4 undo nonsense patch (r *is* signed or we have signedness mismatches elsewhere) 2002-04-29 11:03:06 +00:00
Richard Levitte
cc12975514 Fix unsigned vs. signed clash 2002-04-29 10:29:38 +00:00
Richard Levitte
8b07f23c30 Signedness mismatch.
Notified by Bernd Matthes <bernd.matthes@gemplus.com>
2002-04-20 10:23:19 +00:00
Bodo Möller
234c73767d use BIO_nwrite() more properly to demonstrate the general idea of
BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not
in general)
2002-03-14 09:48:54 +00:00
Bodo Möller
023ec151df Add 'void *' argument to app_verify_callback.
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:52:56 +00:00
Dr. Stephen Henson
3a3ca3f515 Fix for AIX.
Submitted by Dawn Whiteside <dwhitesi@tiercel.uwaterloo.ca>
2002-02-22 21:26:25 +00:00
Bodo Möller
384eff877c Fix apps/openssl.c and ssl/ssltest.c so that they use
CRYPTO_set_mem_debug_options() instead of CRYPTO_dbg_set_options(),
which is the default implementation of the former and should usually
not be directly used by applications (at least if we assume that the
options accepted by the default implementation will also be meaningful
to any other implementations).

Also fix apps/openssl.c and ssl/ssltest such that environment variable
setting 'OPENSSL_DEBUG_MEMORY=off' actively disables the compiled-in
library defaults (i.e. such that CRYPTO_MDEBUG is ignored in this
case).
2001-09-10 09:50:30 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Richard Levitte
3728974460 Make as sure as possible that gethostname() will be properly declared. 2001-07-31 08:50:20 +00:00
Bodo Möller
b8e2f83ae6 Call ENGINE_cleanup() to avoid memory leak. 2001-07-04 20:55:36 +00:00
Bodo Möller
10654d3a74 Forcibly enable memory leak checking during "make test" 2001-03-11 14:49:46 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Bodo Möller
3ac82faae5 Locking issues. 2000-12-15 16:40:35 +00:00
Bodo Möller
8df788c97f COMP_zlib should always be declared, even if it is not functional.
Don't dump core in ssltest.
2000-11-30 23:41:58 +00:00
Richard Levitte
f9b3bff6f7 First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu> 2000-11-30 22:53:34 +00:00
Richard Levitte
4751717cd8 The compression method may be undefined for some reason that has
generated errors.  Therefore, print whatever error there may be...
2000-11-30 12:53:15 +00:00
Richard Levitte
bd68b6b1f6 Simplify and provide the possibility to clean a compression method. 2000-11-30 12:22:35 +00:00
Richard Levitte
23f80f46a4 Make it possible to test SSL compression 2000-11-30 11:57:31 +00:00
Richard Levitte
f3f316f13f If the functions get_dh*() are declared static, they should be defined the same way 2000-10-22 12:45:33 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Bodo Möller
46b3bd5454 Avoid memory leak. 2000-04-06 22:25:49 +00:00
Bodo Möller
617d71bc12 NeXT workaround. 2000-03-26 12:27:30 +00:00
Bodo Möller
7d2509b6df Update usage info 2000-03-13 19:30:59 +00:00
Bodo Möller
65b002f399 Update test suite so that 'make test' succeeds in 'no-rsa' configuration. 2000-03-13 19:24:39 +00:00
Bodo Möller
563f1503a8 Connection timings (using ISO C function clock()). 2000-03-13 15:06:54 +00:00
Bodo Möller
e458958280 Always use fixed DH parameters created with 'dhparam -C',
don't dynamically create them.  This allows using ssltest
for approximate performance comparisons:
   $ time ./ssltest -num 50 -tls1 -cert ../apps/server2.pem \
     [-no_dhe|-dhe1024dsa|-dhe1024]
(server2.pem contains a 1024 bit RSA key, the default has only
512 bits.) Note that these timings contain both the server's and
the client's computations, they are not a good indicator for
server workload in different configurations.
2000-03-10 13:23:20 +00:00
Bodo Möller
53002dc691 Report progress as in dsatest.c when creating a DHE key. 2000-02-04 11:21:18 +00:00
Bodo Möller
f50c049707 Use correct, not American spelling. 2000-02-04 00:56:09 +00:00
Ulf Möller
657e60fa00 ispell (and minor modifications) 2000-02-03 23:23:24 +00:00
Ulf Möller
aa82db4fb4 Add missing #ifndefs that caused missing symbols when building libssl
as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.

Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
2000-01-16 21:10:00 +00:00
Ulf Möller
b9d82f4735 RAND_seed 2000-01-16 12:21:22 +00:00
Bodo Möller
b1fe6ca175 Store verify_result with sessions to avoid potential security hole. 1999-11-16 23:15:41 +00:00
Bodo Möller
798757762a Improve support for running everything as a monolithic application.
Submitted by: Lennart Bång, Bodo Möller
1999-10-25 19:36:01 +00:00
Bodo Möller
cb0369d885 Repair another bug in s23_get_client_hello:
tls1 did not survive to restarts, so get rid of it.
1999-09-10 16:41:01 +00:00
Bodo Möller
6f7af1524e Use non-copying BIO interface in ssltest.c. 1999-09-10 14:03:21 +00:00
Bodo Möller
396f631458 some more patches for avoiding problems with non-automatic variables 1999-09-08 21:58:13 +00:00
Bodo Möller
c1082a90bb Non-copying interface to BIO pairs.
It's still totally untested ...
1999-09-07 21:37:09 +00:00
Bodo Möller
77fa04a9bc -no_dhe option for ssltest.c 1999-09-03 16:31:36 +00:00
Bodo Möller
29159a42d2 BIO_write and BIO_read could, in theory, return -2. 1999-08-09 16:33:34 +00:00
Bodo Möller
385be6eb20 Provide fixed seed for parameter generation to speed up -dhe1024. 1999-08-09 12:59:10 +00:00
Bodo Möller
48c843c367 New function DSA_dup_DH, and fixes for bugs that were found
while implementing and using it.
1999-08-05 11:50:18 +00:00
Bodo Möller
7eea36bb48 cosmetic changes 1999-07-12 18:50:34 +00:00
Bodo Möller
777ab7e611 Fix memory checking. 1999-07-09 16:27:30 +00:00
Bodo Möller
9c729e0a6d Memory leak checks. 1999-06-25 14:04:10 +00:00
Bodo Möller
d7fcc7f6c6 Bugfix. 1999-06-12 11:07:52 +00:00
Bodo Möller
95d29597b7 BIO pairs. 1999-06-12 01:03:40 +00:00
Bodo Möller
d58d092bc9 Avoid warnings. 1999-06-10 16:29:32 +00:00
Ulf Möller
df63a389a5 "extern" is a C++ reserved word.
Pointed out by: Janez Jere <jj@void.si>
1999-06-09 16:33:18 +00:00
Bodo Möller
7e70181723 It was a very bad idea to use #include "../e_os.h" -- when this occurs
in cryptlib.h (which is often included as "../cryptlib.h"), then the
question remains relative to which directory this is to be interpreted.
gcc went one further directory up, as intended; but makedepend thinks
differently, and so probably do some C compilers.  So the ../ must go away;
thus e_os.h goes back into include/openssl (but I now use
#include "openssl/e_os.h" instead of <openssl/e_os.h> to make the point) --
and we have another huge bunch of dependency changes.  Argh.
1999-05-21 11:16:48 +00:00
Bodo Möller
17e3dd1c62 Don't install e_os.h in include/openssl, use it only as a local
include file.
1999-05-20 21:59:20 +00:00
Ulf Möller
7d7d2cbcb0 VMS support.
Submitted by: Richard Levitte <richard@levitte.org>
1999-05-13 11:37:32 +00:00
Ulf Möller
79df9d6272 New Configure option no-<cipher> (rsa, idea, rc5, ...). 1999-04-27 03:19:12 +00:00
Ulf Möller
a9be3af5ad Remove NOPROTO definitions and error code comments. 1999-04-26 16:43:10 +00:00
Bodo Möller
ec577822f9 Change #include filenames from <foo.h> to <openssl.h>.
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Ulf Möller
6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Ben Laurie
60e31c3a4b More stuff for new TLS ciphersuites. 1999-02-21 21:58:59 +00:00
Mark J. Cox
413c4f45ed Updates to the new SSL compression code
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Fix so that the version number in the master secret, when passed
     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
     (because the server will not accept higher), that the version number
     is 0x03,0x01, not 0x03,0x00
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Submitted by:
Reviewed by:
PR:
1999-02-16 09:22:21 +00:00
Ralf S. Engelschall
dfeab0689f Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
Ralf S. Engelschall
58964a4922 Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00