openssl

Author	SHA1	Message	Date
Rich Salz	75ebbd9aa4	Use p==NULL not !p (in if statements, mainly) Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-05-11 10:06:38 -04:00
Rich Salz	16f8d4ebf0	memset, memcpy, sizeof consistency fixes Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr) for memset and memcpy. Remove needless casts for those functions. For memset, replace alternative forms of zero with 0. Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-05-05 22:18:59 -04:00
mancha security	34fd7e68a9	ssl/kssl.c: include missing header to complete SSL structure's defn. Signed-off-by: mancha security <mancha1@zoho.com> Signed-off-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>	2015-05-05 09:06:22 +01:00
Rich Salz	9e9858d1cf	dead code cleanup: #if 0 in ssl I left many "#if 0" lines, usually because I thought we would probably want to revisit them later, or because they provided some useful internal documentation tips. Reviewed-by: Andy Polyakov <appro@openssl.org>	2015-02-06 10:52:12 -05:00
Matt Caswell	50e735f9e5	Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:20:10 +00:00
Matt Caswell	0f113f3ee4	Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:20:09 +00:00
Matt Caswell	68d39f3ce6	Move more comments that confuse indent Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:20:09 +00:00
Matt Caswell	23a22b4cf7	More comments Conflicts: crypto/dsa/dsa_vrf.c crypto/ec/ec2_smpl.c crypto/ec/ecp_smpl.c Conflicts: demos/bio/saccept.c ssl/d1_clnt.c Conflicts: bugs/dggccbug.c demos/tunala/cb.c Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:20:06 +00:00
Matt Caswell	3a83462dfe	Further comment amendments to preserve formatting prior to source reformat Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-06 15:45:25 +00:00
Tim Hudson	1d97c84351	mark all block comments that need format preserving so that indent will not alter them when reformatting comments Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>	2014-12-30 22:10:26 +00:00
Richard Levitte	3ddb2914b5	Clear warnings/errors within KSSL_DEBUG code sections Reviewed-by: Tim Hudson <tjh@openssl.org>	2014-12-17 10:15:09 +01:00
Martin Olsson	96208cb182	RT2848: Remove extra NULL check Don't need to check auth for NULL since we did when we assigned to it. Reviewed-by: Emilia Kasper <emilia@openssl.org>	2014-08-19 12:43:58 -04:00
Rich Salz	df8ef5f31a	RT 1229; typo in comment "dont't"->"don't"	2014-07-01 13:02:57 -04:00
Ben Laurie	71fa451343	Version skew reduction: trivia (I hope).	2012-06-03 22:00:21 +00:00
Dr. Stephen Henson	4f7a2ab8b1	make kerberos work with OPENSSL_NO_SSL_INTERN	2011-05-11 22:50:18 +00:00
Dr. Stephen Henson	cca1cd9a34	Submitted by: Tomas Hoger <thoger@redhat.com> Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted).	2010-03-03 15:41:18 +00:00
Dr. Stephen Henson	ef236ec3b2	Merge from 1.0.0-stable branch.	2009-04-23 16:32:42 +00:00
Dr. Stephen Henson	8711efb498	Updates from 1.0.0-stable branch.	2009-04-20 11:33:12 +00:00
Dr. Stephen Henson	477fd4596f	PR: 1835 Submitted by: Damien Miller <djm@mindrot.org> Approved by: steve@openssl.org Fix various typos.	2009-02-14 21:49:38 +00:00
Nils Larsch	15780a1ea0	use user-supplied malloc functions for persistent kssl objects PR: 1467 Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>	2007-02-10 10:42:48 +00:00
Geoff Thorpe	05fc7018f8	Fix PEDANTIC compilation, using the same trick as elsewhere.	2005-07-26 04:05:03 +00:00
Andy Polyakov	83e68987b3	Eliminate dependency on UNICODE macro.	2005-06-27 21:27:23 +00:00
Richard Levitte	fbd63d0784	Do not undefine _XOPEN_SOURCE. This is currently experimental, and will be firmed up as soon as it's been verified not to break anything.	2005-06-16 22:20:55 +00:00
Richard Levitte	fe8bf9560d	When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html. Notified by David Wolfe <dwolfe5272@yahoo.com>	2005-05-21 17:39:43 +00:00
Dr. Stephen Henson	384dba6edb	Make kerberos ciphersuite code compile again. Avoid more shadow warnings.	2005-04-20 21:48:48 +00:00
Dr. Stephen Henson	0858b71b41	Make kerberos ciphersuite code work with newer header files	2005-04-09 23:55:55 +00:00
Dr. Stephen Henson	4e8172d6da	Avoid warnings.	2004-03-16 13:51:11 +00:00
Richard Levitte	253e893c2b	Include the instance in the Kerberos ticket information. In s_server, print the received Kerberos information. PR: 693	2003-09-27 17:55:13 +00:00
Richard Levitte	c4d00669a0	Let's limit the extent of the definition of _XOPEN_SOURCE.	2003-03-25 21:17:28 +00:00
Lutz Jänicke	ea8e0cc7c2	Some more adjustments Submitted by: Jeffrey Altman <jaltman@columbia.edu>, "Kenneth R. Robinette" <support@securenetterm.com>	2002-12-24 21:55:57 +00:00
Lutz Jänicke	1004c99c29	Fix Kerberos5/SSL interaction Submitted by: "Kenneth R. Robinette" <support@securenetterm.com> Reviewed by: PR:	2002-12-20 12:48:00 +00:00
Richard Levitte	4579924b7e	Cleanse memory using the new OPENSSL_cleanse() function. I've covered all the memset()s I felt safe modifying, but may have missed some.	2002-11-28 08:04:36 +00:00
Ben Laurie	54a656ef08	Security fixes brought forward from 0.9.7.	2002-11-13 15:43:43 +00:00
Dr. Stephen Henson	611ba3f4a1	Initialize ciph_ctx in kssl.c	2002-03-19 01:28:00 +00:00
Dr. Stephen Henson	497810cae7	Undo previous patch: avoid warnings by #undef'ing duplicate definitions. Suggested by "Kenneth R. Robinette" <support@securenetterm.com>	2002-03-13 13:59:38 +00:00
Dr. Stephen Henson	cbc9d9713d	Fix Kerberos warnings with VC++.	2002-03-12 19:37:18 +00:00
Dr. Stephen Henson	0b4c91c0fc	Fix various warnings when compiling with KRB5 code.	2002-03-12 02:59:37 +00:00
Richard Levitte	26414ee013	Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated	2002-02-28 12:42:19 +00:00
Bodo Möller	47ff5c6279	For future portability reasons MIT is moving all macros to function calls. This patch allows compilation either way. Submitted by: Jeffrey Altman <jaltman@columbia.edu>	2001-11-23 21:50:50 +00:00
Dr. Stephen Henson	581f1c8494	Modify EVP cipher behaviour in a similar way to digests to retain compatibility.	2001-10-17 00:37:12 +00:00
Richard Levitte	116daf4c2f	To avoid commit wars over dependencies, let's make it so things that depend on the environment, like the presence of the OpenBSD crypto device or of Kerberos, do not change the dependencies within OpenSSL.	2001-10-10 07:55:02 +00:00
Richard Levitte	fdc2bbcacb	Correct most of the unsigned vs. signed warnings (or int vs. size_t), and rename some local variables to avoid name shadowing.	2001-07-31 08:45:40 +00:00
Richard Levitte	882e891284	More Kerberos SSL changes from Jeffrey Altman <jaltman@columbia.edu> His comments are: First, it corrects a problem introduced in the last patch where the kssl_map_enc() would intentionally return NULL for valid ENCTYPE values. This was done to prevent verification of the kerberos 5 authenticator from being performed when Derived Key ciphers were in use. Unfortunately, the authenticator verification routine was not the only place that function was used. And it caused core dumps. Second, it attempt to add to SSL_SESSION the Kerberos 5 Client Principal Name.	2001-07-31 07:21:06 +00:00
Richard Levitte	acdf4afb91	More Kerberos SSL patches from Vern Staats <staatsvr@asc.hpc.mil>. His comments are: This patch fixes the problem of modern Kerberos using "derived keys" to encrypt the authenticator by disabling the authenticator check for all derived keys enctypes. I think I've got all the bugfixes that Jeffrey and I discussed rolled into this. There were some problems with Jeffrey's code to convert the authenticator's Kerberos timestring into struct tm (e.g. Z, -1900; it helps to have an actual decryptable authenticator to play with). So I've shamelessly pushed in my code, while stealing some bits from Jeffrey.	2001-07-21 09:43:43 +00:00
Richard Levitte	45442167b0	Prevent KSSL server from requesting a client certificate. Submitted by Jeffrey Altman <jaltman@columbia.edu>	2001-07-12 16:17:33 +00:00
Richard Levitte	131645ecce	paddr may be NULL. Do not crash if it is.	2001-07-12 15:54:10 +00:00
Richard Levitte	a5224c3420	Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu> His comments are: . adds use of replay cache to protect against replay attacks . adds functions kssl_tgt_is_available() and kssl_keytab_is_available() which are used within s3_lib.c and ssl_lib.c to determine at runtime whether or not KRB5 ciphers can be supported during the current session.	2001-07-11 19:03:58 +00:00
Richard Levitte	ab603c6987	Code to avoid the use of non-standard strptime(). By Jeffrey Altman <jaltman@columbia.edu> (Really, the time that's being parsed is a GeneralizedTime, so if ASN1_GENERALIZEDTIME_get() ever gets implemented, it should be used instead)	2001-07-11 16:13:36 +00:00
Richard Levitte	8de83bf876	Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu> His comments are: . Fixed all of the Windows dynamic loading functions, prototypes, etc. . Corrected all of the unsigned/signed comparison warnings . Replaced the references to krb5_cksumarray[] for two reasons. First, it was an internal variable that should not have been referenced outside the library; nor could it have been with a shared library with restricted exports. Second, the variable is no longer used in current Kerberos implementations. I replaced the code with equivalent functionality using functions that are exported from the library.	2001-07-11 15:31:45 +00:00
Richard Levitte	7e99812432	If I define _XOPEN_SOURCE before including any system header file, things will work much more smoothly.	2001-07-09 21:51:03 +00:00

1 2

58 commits