Commit graph

59 commits

Author SHA1 Message Date
Dr. Stephen Henson
4479ce9c1c Update from HEAD. 2007-01-21 16:07:25 +00:00
Bodo Möller
0e73294e26 Disable invalid ciphersuites 2006-06-14 17:52:01 +00:00
Ben Laurie
801136bcc2 Fix warnings. 2005-08-27 12:05:23 +00:00
Nils Larsch
3c0e39c539 Keep cipher lists sorted in the source instead of sorting them at
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.
2005-08-25 07:43:04 +00:00
Dr. Stephen Henson
222f224664 Initialize SSL_METHOD structures at compile time. This removes the need
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-08-05 23:52:08 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Ben Laurie
0821bcd4de Constification. 2005-03-30 10:26:02 +00:00
Geoff Thorpe
60a938c6bc (oops) Apologies all, that last header-cleanup commit was from the wrong
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Richard Levitte
5fdf06666c Avoid including cryptlib.h, it's not really needed.
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 16:10:30 +00:00
Geoff Thorpe
2754597013 A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Richard Levitte
4579924b7e Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Bodo Möller
b8565a9af9 really fix race conditions
Submitted by: "Patrick McCormick" <patrick@tellme.com>

PR: 262
PR: 291
2002-09-25 15:38:57 +00:00
Bodo Möller
db4f691f9f oops -- must use EVP_MD_size, not EVP_MD_block_size 2002-08-03 18:49:39 +00:00
Bodo Möller
5574e0ed41 get rid of OpenSSLDie 2002-08-02 11:48:15 +00:00
Lutz Jänicke
c046fffa16 OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
2002-07-30 13:04:04 +00:00
Lutz Jänicke
063a8905bf Ciphers with NULL encryption were not properly handled because they were
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
2002-07-10 06:41:55 +00:00
Bodo Möller
cf82191d77 Implement msg_callback for SSL 2.0.
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
2001-11-10 01:16:28 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback().
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Dr. Stephen Henson
323f289c48 Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Bodo Möller
725c88879c Finish SSL_peek/SSL_pending fixes. 2000-12-26 12:07:23 +00:00
Bodo Möller
a0aae68cf6 Fix SSL_peek and SSL_pending. 2000-12-25 18:40:46 +00:00
Bodo Möller
3880cd35ad Import s2_pkt.c wbuf fixes from OpenSSL_0_9_6-stable branch. 2000-12-18 11:35:32 +00:00
Bodo Möller
24b44446e2 Comments on SSL_peek deficiencies 2000-11-28 06:58:22 +00:00
Dr. Stephen Henson
130832150c Fixes for Win32 build.
This is mostly a work around for the old VC++ problem
that it treats func() as func(void).

Various prototypes had been added to 'compare' function
pointers that triggered this. This could be fixed by removing
the prototype, adding function pointer casts to every call or
changing the passed function to use the expected arguments.
I mostly did the latter.

The mkdef.pl script was modified to remove the typesafe
functions which no longer exist.

Oh and some functions called OPENSSL_freeLibrary() were
changed back to FreeLibrary(), wonder how that happened :-)
2000-06-21 02:25:30 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Richard Levitte
d3442bc780 Move the registration of callback functions to special functions
designed for that.  This removes the potential error to mix data and
function pointers.

Please note that I'm a little unsure how incorrect calls to the old
ctrl functions should be handled, in som cases.  I currently return 0
and that's it, but it may be more correct to generate a genuine error
in those cases.
2000-02-20 23:43:02 +00:00
Bodo Möller
b35e9050f2 Tolerate fragmentation and interleaving in the SSL 3/TLS record layer. 2000-02-20 23:04:06 +00:00
Ben Laurie
c417db4675 Get rid of evil cast. 2000-02-17 09:39:22 +00:00
Dr. Stephen Henson
018e57c74d Apply Lutz Behnke's 56 bit cipher patch with a few
minor changes.

Docs haven't been added at this stage. They are probably
best included in the 'ciphers' program docs.
2000-01-22 03:17:06 +00:00
Ulf Möller
aa82db4fb4 Add missing #ifndefs that caused missing symbols when building libssl
as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.

Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
2000-01-16 21:10:00 +00:00
Ben Laurie
752d706aaf Make NO_RSA compile with pedantic. 2000-01-08 21:06:24 +00:00
Ulf Möller
ca570cfdbc Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress).
Submitted by: Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>
1999-06-04 21:54:13 +00:00
Bodo Möller
7f0dae3276 OPENSSL_EXTERN, OPENSSL_GLOBAL 1999-05-15 14:23:29 +00:00
Ulf Möller
7d7d2cbcb0 VMS support.
Submitted by: Richard Levitte <richard@levitte.org>
1999-05-13 11:37:32 +00:00
Ulf Möller
d02f751ce1 Message digest stuff. 1999-04-27 04:18:53 +00:00
Ulf Möller
79df9d6272 New Configure option no-<cipher> (rsa, idea, rc5, ...). 1999-04-27 03:19:12 +00:00
Ulf Möller
a9be3af5ad Remove NOPROTO definitions and error code comments. 1999-04-26 16:43:10 +00:00
Bodo Möller
ec577822f9 Change #include filenames from <foo.h> to <openssl.h>.
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Ben Laurie
61f5b6f338 Work with -pedantic! 1999-04-23 15:01:15 +00:00
Bodo Möller
5cc146f344 Fixed some race conditions.
Submitted by:
Reviewed by:
PR:
1999-04-22 13:37:46 +00:00
Ulf Möller
6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Ben Laurie
e778802f53 Massive constification. 1999-04-17 21:25:43 +00:00
Ben Laurie
b4cadc6e13 Fix security hole. 1999-03-22 12:22:14 +00:00
Ben Laurie
a040ea8251 Undo a couple of kludges. 1999-02-21 20:07:41 +00:00
Ben Laurie
06ab81f9f7 Add support for new TLS export ciphersuites. 1999-02-21 20:03:24 +00:00