wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
5733 commits 20 branches 302 tags 153 MiB
Commit graph

591 commits

Author SHA1 Message Date
Richard Levitte
437d1ed49f Typos. 
PR: 189
 2002-10-15 20:29:09 +00:00
Richard Levitte
677532629d makedepend complains when a header file is included more than once in 
the same source file.
 2002-10-14 10:02:36 +00:00
Richard Levitte
ef0baf60aa Typo 2002-10-10 08:32:39 +00:00
Richard Levitte
7ba3a4c3d2 RFC 2712 redefines the codes for use of Kerberos 5 in SSL/TLS. 
PR: 189
 2002-10-10 07:59:03 +00:00
Richard Levitte
001ab3abad Use double dashes so makedepend doesn't misunderstand the flags we 
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
 2002-10-09 13:25:12 +00:00
Bodo Möller
929f116733 fix more race conditions 
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
 2002-09-26 15:52:34 +00:00
Lutz Jänicke
ba5ba5490d Add missing brackets. 
Submitted by: "Chris Brook" <cbrook@v-one.com>
 2002-09-25 20:19:04 +00:00
Bodo Möller
b8565a9af9 really fix race conditions 
Submitted by: "Patrick McCormick" <patrick@tellme.com>

PR: 262
PR: 291
 2002-09-25 15:38:57 +00:00
Bodo Möller
e78f137899 really fix race condition 
PR: 262
 2002-09-23 14:25:07 +00:00
Bodo Möller
a4f53a1c73 there is no minimum length for session IDs 
PR: 274
 2002-09-19 11:44:07 +00:00
Bodo Möller
a90ae02454 fix race condition 
PR: 262
 2002-09-19 11:26:45 +00:00
Lutz Jänicke
82a20fb0f0 Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb(). 
Submitted by:
Reviewed by:
PR: 212
 2002-08-16 17:04:04 +00:00
Bodo Möller
52c29b7b99 use correct function code in error message 2002-08-15 16:17:20 +00:00
Richard Levitte
265e892fed Sometimes, the value of the variable containing the compiler call can 
become rather large.  This becomes a problem when the default 1024
character large buffer that WRITE uses isn't enough.  WRITE/SYMBOL
uses a 2048 byte large buffer instead.
 2002-08-15 08:28:38 +00:00
Richard Levitte
90f5a2b6fe Instead of returning errors when certain flags are unusable, just ignore them. 
That will make the test go through even if DH (or in some cases ECDH) aren't
built into OpenSSL.
PR: 216, part 2
 2002-08-14 12:16:27 +00:00
Bodo Möller
aa1e56b0b9 remove comment 
Submitted by: Douglas Stebila
 2002-08-12 08:54:40 +00:00
Bodo Möller
7ef524ea1c remove debug messages 
Submitted by: Douglas Stebila
 2002-08-12 08:52:23 +00:00
Bodo Möller
0c7141a343 fix comment 
Submitted by: Douglas Stebila
 2002-08-12 08:51:30 +00:00
Bodo Möller
5488bb6197 get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead) 
Submitted by: Nils Larsch
 2002-08-12 08:47:41 +00:00
Bodo Möller
74cc4903ef make update 2002-08-09 12:16:15 +00:00
Bodo Möller
41fdcfa71e fix warnings 2002-08-09 11:58:28 +00:00
Bodo Möller
ea26226046 ECC ciphersuite support 
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
 2002-08-09 08:56:08 +00:00
Bodo Möller
db4f691f9f oops -- must use EVP_MD_size, not EVP_MD_block_size 2002-08-03 18:49:39 +00:00
Bodo Möller
5574e0ed41 get rid of OpenSSLDie 2002-08-02 11:48:15 +00:00
Richard Levitte
e70a39830c Make sure to use $(MAKE) everywhere instead of make. 
Part of PR 181
 2002-07-31 13:49:06 +00:00
Lutz Jänicke
dd7ab82e75 Typo. 
Submitted by: Jeffrey Altman <jaltman@columbia.edu>
Reviewed by:
PR: 169
 2002-07-30 13:36:31 +00:00
Lutz Jänicke
c046fffa16 OpenSSL Security Advisory [30 July 2002] 
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
 2002-07-30 13:04:04 +00:00
Lutz Jänicke
3aecef7697 "make update" 2002-07-30 12:44:33 +00:00
Lutz Jänicke
c6ccf055ba New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT. 
Submitted by:
Reviewed by:
PR: 127
 2002-07-19 19:55:34 +00:00
Bodo Möller
5dbd3efce7 Replace 'ecdsaparam' commandline utility by 'ecparam' 
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.

Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.

Fix ec_asn1.c (take into account the desired conversion form).

'make update'.

Submitted by: Nils Larsch
 2002-07-14 16:54:31 +00:00
Lutz Jänicke
7b63c0fa8c Reorder inclusion of header files: 
des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
 2002-07-10 07:01:54 +00:00
Lutz Jänicke
063a8905bf Ciphers with NULL encryption were not properly handled because they were 
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
 2002-07-10 06:41:55 +00:00
Bodo Möller
d1d0be3cd2 emtpy fragments are not necessary for SSL_eNULL 
(but noone uses it anyway)

fix t1_enc.c: use OPENSSL_NO_RC4, not NO_RC4
 2002-07-09 08:49:09 +00:00
Bodo Möller
ea4f109c99 AES cipher suites are now official (RFC3268) 2002-07-04 08:51:09 +00:00
Richard Levitte
17085b022c Pass CFLAG to dependency makers, so non-standard system include paths are 
handled properly.
Part of PR 75
 2002-06-27 16:39:25 +00:00
Bodo Möller
c21506ba02 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC 
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
 2002-06-14 12:21:11 +00:00
Richard Levitte
b2c04539a1 Merge from 0.9.7-stable. 2002-06-06 07:22:33 +00:00
Richard Levitte
a9a025d08c Recover from errors 2002-05-23 23:31:22 +00:00
Richard Levitte
b935754cb0 Allow the use of the TCP/IP stack keyword TCPIP and NONE 2002-05-22 11:37:20 +00:00
Bodo Möller
98a9092af1 Fix ciphersuite list to enforce low priority for RC4. 2002-05-07 08:36:26 +00:00
Bodo Möller
87108f5af9 ensure that, for each strength, RC4 ciphers have least preference 
in the default ciphersuite list
 2002-05-07 07:59:35 +00:00
Bodo Möller
f257d984b7 refer to latest draft for AES ciphersuites 2002-05-07 07:55:36 +00:00
Bodo Möller
b889d6a8e8 fix warning 2002-05-06 10:44:59 +00:00
Bodo Möller
a4f576a378 disable AES ciphersuites unless explicitly requested 2002-05-05 23:44:27 +00:00
Bodo Möller
3def5a010e fix casts 2002-05-05 23:00:28 +00:00
Bodo Möller
b52f3818f4 undo nonsense patch (r *is* signed or we have signedness mismatches elsewhere) 2002-04-29 11:03:06 +00:00
Richard Levitte
cc12975514 Fix unsigned vs. signed clash 2002-04-29 10:29:38 +00:00
Richard Levitte
9738f395c6 Synchronise with 0.9.7-stable. 2002-04-29 10:28:29 +00:00
Richard Levitte
d4294c8984 Synchronise with 0.9.7-stable. 2002-04-29 10:19:19 +00:00
Richard Levitte
8b07f23c30 Signedness mismatch. 
Notified by Bernd Matthes <bernd.matthes@gemplus.com>
 2002-04-20 10:23:19 +00:00
Richard Levitte
6176df94ed Make sure the opened directory is closed on exit. 
Notified by Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>
 2002-04-18 16:20:13 +00:00
Bodo Möller
2fb3f002d0 fix length field we create when converting SSL 2.0 format into SSL 3.0/TLS 1.0 format 
(the bug was introduced with message callback support)
 2002-04-14 13:05:15 +00:00
Bodo Möller
82b0bf0b87 Implement known-IV countermeasure. 
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
 2002-04-13 22:47:20 +00:00
Lutz Jänicke
11c26ecf81 Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>). 2002-03-19 16:42:09 +00:00
Dr. Stephen Henson
611ba3f4a1 Initialize ciph_ctx in kssl.c 2002-03-19 01:28:00 +00:00
Bodo Möller
304d90425f fix ssl3_pending 2002-03-15 10:52:32 +00:00
Lutz Jänicke
bfaa8a89e1 Add missing strength entries. 2002-03-14 18:53:15 +00:00
Dr. Stephen Henson
de941e289e Initialize cipher context in KRB5 
("D. Russell" <russelld@aol.net>)

Allow HMAC functions to use an alternative ENGINE.
 2002-03-14 18:22:23 +00:00
Bodo Möller
234c73767d use BIO_nwrite() more properly to demonstrate the general idea of 
BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not
in general)
 2002-03-14 09:48:54 +00:00
Dr. Stephen Henson
497810cae7 Undo previous patch: avoid warnings by #undef'ing 
duplicate definitions.

Suggested by "Kenneth R. Robinette" <support@securenetterm.com>
 2002-03-13 13:59:38 +00:00
Dr. Stephen Henson
cbc9d9713d Fix Kerberos warnings with VC++. 2002-03-12 19:37:18 +00:00
Dr. Stephen Henson
98fa4fe8c5 Fix ASN1 additions for KRB5 2002-03-12 13:32:35 +00:00
Dr. Stephen Henson
0b4c91c0fc Fix various warnings when compiling with KRB5 code. 2002-03-12 02:59:37 +00:00
Bodo Möller
9437fef8cc use ERR_peek_last_error() instead of ERR_peek_error() 2002-02-28 14:07:37 +00:00
Richard Levitte
26414ee013 Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated 2002-02-28 12:42:19 +00:00
Bodo Möller
023ec151df Add 'void *' argument to app_verify_callback. 
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
 2002-02-28 10:52:56 +00:00
Lutz Jänicke
d62bfb39cd Fix the fix (Yoram Zahavi)... 2002-02-27 11:23:05 +00:00
Lutz Jänicke
334f1842fc Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi). 2002-02-26 21:40:09 +00:00
Dr. Stephen Henson
3a3ca3f515 Fix for AIX. 
Submitted by Dawn Whiteside <dwhitesi@tiercel.uwaterloo.ca>
 2002-02-22 21:26:25 +00:00
Bodo Möller
4d94ae00d5 ECDSA support 
Submitted by: Nils Larsch <nla@trustcenter.de>
 2002-02-13 18:21:51 +00:00
Lutz Jänicke
acfe628b6e Make removal from session cache more robust. 2002-02-10 12:46:41 +00:00
Lutz Jänicke
4de920c91d Do not store unneeded data. 2002-02-08 15:15:04 +00:00
Bodo Möller
8c74b5e56c Bugfix: In ssl3_accept, don't use a local variable 'got_new_session' 
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
 2002-01-14 23:40:26 +00:00
Bodo Möller
c59ba5b528 Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if 
the SSL_R_LENGTH_MISMATCH error is detected.
 2002-01-14 12:37:59 +00:00
Ben Laurie
45d87a1ffe Prototype info function. 2002-01-12 15:56:13 +00:00
Ben Laurie
a3feb21bbe Add client_cert_cb prototype. 2002-01-12 13:15:40 +00:00
Ulf Möller
dcbbf83dba ssl3_read_bytes bug fix 
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
 2001-12-28 17:14:35 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Ben Laurie
ff3fa48fc7 Improve back compatibility. 2001-12-09 21:53:31 +00:00
Bodo Möller
47ff5c6279 For future portability reasons MIT is moving all macros to function 
calls.  This patch allows compilation either way.

Submitted by: Jeffrey Altman <jaltman@columbia.edu>
 2001-11-23 21:50:50 +00:00
Bodo Möller
c23d16ac19 cast to unsigned int, not to int to avoid the warning -- all these 
values really are unsigned
 2001-11-14 21:18:35 +00:00
Richard Levitte
3102792161 unsigned int vs. int. 2001-11-14 10:55:29 +00:00
Bodo Möller
2b90b1f344 make code a little more similar to what it looked like before the fixes, 
call ssl2_part_read again to parse error message
 2001-11-10 10:44:15 +00:00
Bodo Möller
cf82191d77 Implement msg_callback for SSL 2.0. 
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
 2001-11-10 01:16:28 +00:00
Richard Levitte
a7b42009c4 Change the shared library support so the shared libraries get built 
sooner and the programs get built against the shared libraries.

This requires a bit more work.  Things like -rpath and the possibility
to still link the programs statically should be included.  Some
cleanup is also needed.  This will be worked on.
 2001-10-30 08:00:59 +00:00
Richard Levitte
7b5ffd6834 Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names 2001-10-29 13:05:28 +00:00
Bodo Möller
4d635a7001 Consistency with s2_... and s23_... variants (no real functional 
change)
 2001-10-25 08:17:53 +00:00
Bodo Möller
ba1c602281 Assume TLS 1.0 when ClientHello fragment is too short. 2001-10-25 06:09:51 +00:00
Bodo Möller
979689aa5c Fix SSL handshake functions and SSL_clear() such that SSL_clear() 
never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.
 2001-10-24 19:03:22 +00:00
Richard Levitte
a3faebd104 Deprecate the macro MAC_OS_pre_X. 2001-10-24 15:32:53 +00:00
Bodo Möller
287973746e Fix memory leak. 2001-10-22 13:59:36 +00:00
Bodo Möller
cf3a5cebd7 Call msg_callback with correct length parameter if ssl3_write_bytes had to 
be called multiple times
 2001-10-20 18:56:01 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback(). 
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
 2001-10-20 17:56:36 +00:00
Bodo Möller
31fe950d2b gcc complained about "write" being shadowed even though the "write" 
variable name occured just in a function *prototype* -- so rename it
 2001-10-17 20:44:25 +00:00
Richard Levitte
db6a87d8cc Wrong place... 2001-10-17 17:54:17 +00:00
Richard Levitte
7beb408771 The EVP_*Init_ex() functions take one extra argument. Let's default 
it to NULL.
 2001-10-17 16:03:42 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way 
to digests to retain compatibility.
 2001-10-17 00:37:12 +00:00
Bodo Möller
bf21446a2a Add per-SSL 'msg_callback' with 'msg_callback_arg'. 
Both have per-SSL_CTX defaults.
These new values can be set by calling SSL[_CTX]_[callback_]ctrl
with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG.

So far, the callback is never actually called.


Also rearrange some SSL_CTX struct members (some exist just in
SSL_CTXs, others are defaults for SSLs and are either copied
during SSL_new, or used if the value in the SSL is not set;
these three classes of members were not in a logical order),
and add some missing assignments to SSL_dup.
 2001-10-16 13:09:24 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal() 
with existing code.

Modify library to use digest *_ex() functions.
 2001-10-16 01:24:29 +00:00
Bodo Möller
9ba3ec9176 The message header for fake SSL 3.0/TLS 1.0 client hellos created from 
SSL 2.0 client hellos added with the previous commit was totally wrong --
it must start with the message type, not the protocol version.
(Not that this particular header is actually used anywhere ...)
 2001-10-16 00:56:04 +00:00