Matt Caswell
c5f8cd7bc6
Add length sanity check in SSLv2 n_do_ssl_write()
...
Fortify flagged up a problem in n_do_ssl_write() in SSLv2. Analysing the
code I do not believe there is a real problem here. However the logic flows
are complicated enough that a sanity check of |len| is probably worthwhile.
Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
Solutions) for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-29 17:23:45 +01:00
Matt Caswell
83975c80bb
Re-align some comments after running the reformat script.
...
This should be a one off operation (subsequent invokation of the
script should not move them)
This commit is for the 1.0.2 changes
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:48 +00:00
Matt Caswell
ae5c8664e5
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:38 +00:00
Matt Caswell
c695ebe2a0
Additional comment changes for reformat of 1.0.2
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:23:58 +00:00
Matt Caswell
ac3dc3ee87
Check EVP_Cipher return values for SSL2
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 81ec01b217
)
2014-11-27 21:46:04 +00:00
Ben Laurie
f5cd3561ba
Add and use a constant-time memcmp.
...
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a
)
2013-02-06 13:56:12 +00:00
Ben Laurie
b3f3407850
Use new common flags and fix resulting warnings.
2009-02-15 14:08:51 +00:00
Bodo Möller
d8e8fc4803
Put back a variable deleted by the previous revision,
...
but used in the code.
2009-02-01 01:08:13 +00:00
Richard Levitte
c7ba21493a
Hopefully resolve signed vs unsigned issue.
2009-01-28 07:09:23 +00:00
Dr. Stephen Henson
d7ecd42255
Fix warnings properly this time ;-)
2009-01-11 20:34:23 +00:00
Dr. Stephen Henson
211655fcdd
Fix sign-compare warnings.
2009-01-11 15:58:51 +00:00
Ben Laurie
0eab41fb78
If we're going to return errors (no matter how stupid), then we should
...
test for them!
2008-12-29 16:11:58 +00:00
Dr. Stephen Henson
b948e2c59e
Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.
2007-06-04 17:04:40 +00:00
Richard Levitte
5fdf06666c
Avoid including cryptlib.h, it's not really needed.
...
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 16:10:30 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Bodo Möller
cf82191d77
Implement msg_callback for SSL 2.0.
...
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
2001-11-10 01:16:28 +00:00
Bodo Möller
ee60d9fb28
Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
...
reveal whether illegal block cipher padding was found or a MAC
verification error occured.
In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
2001-09-20 18:35:52 +00:00
Bodo Möller
e34cfcf7e1
Consistently use 'void *' for SSL read, peek and write functions.
2001-03-09 10:09:20 +00:00
Richard Levitte
bc36ee6227
Use new-style system-id macros everywhere possible. I hope I haven't
...
missed any.
This compiles and runs on Linux, and external applications have no
problems with it. The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Bodo Möller
725c88879c
Finish SSL_peek/SSL_pending fixes.
2000-12-26 12:07:23 +00:00
Bodo Möller
a0aae68cf6
Fix SSL_peek and SSL_pending.
2000-12-25 18:40:46 +00:00
Bodo Möller
3880cd35ad
Import s2_pkt.c wbuf fixes from OpenSSL_0_9_6-stable branch.
2000-12-18 11:35:32 +00:00
Bodo Möller
5a4fbc69c3
First step towards SSL_peek fix.
2000-12-14 17:36:59 +00:00
Bodo Möller
87739b2c53
Disable SSL_peek until it is fixed.
2000-11-28 06:48:36 +00:00
Bodo Möller
f7a059316f
tag SSL_peek bugs
2000-11-17 11:49:29 +00:00
Ulf Möller
aa82db4fb4
Add missing #ifndefs that caused missing symbols when building libssl
...
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.
Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
2000-01-16 21:10:00 +00:00
Bodo Möller
11b1adadbd
typo
1999-07-02 17:52:21 +00:00
Bodo Möller
1afd8b3942
typo
1999-07-02 14:23:33 +00:00
Bodo Möller
e105643595
New functions SSL[_CTX]_{set,get}_mode; the initial set of mode flags is
...
SSL_MODE_ENABLE_PARTIAL_WRITE, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
1999-07-02 13:55:32 +00:00
Ulf Möller
a9be3af5ad
Remove NOPROTO definitions and error code comments.
1999-04-26 16:43:10 +00:00
Ben Laurie
61f5b6f338
Work with -pedantic!
1999-04-23 15:01:15 +00:00
Bodo Möller
85f48f7e93
Don't return 0 from ssl2_read when a packet with empty payload is received.
...
Submitted by:
Reviewed by:
PR:
1999-04-22 14:28:38 +00:00
Ulf Möller
6b691a5c85
Change functions to ANSI C.
1999-04-19 21:31:43 +00:00
Ben Laurie
e778802f53
Massive constification.
1999-04-17 21:25:43 +00:00
Ben Laurie
207ccf628d
More prototypes.
1999-01-16 17:28:15 +00:00
Ralf S. Engelschall
58964a4922
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a
Import of old SSLeay release: SSLeay 0.8.1b
1998-12-21 10:52:47 +00:00