Commit graph

881 commits

Author SHA1 Message Date
Richard Levitte
85d686e723 Make it possible to disable OCSP, the speed application, and the use of sockets.
PR: 358
2003-02-14 01:02:58 +00:00
Dr. Stephen Henson
cf56663fb7 Option to disable SSL auto chain build 2003-02-12 17:06:02 +00:00
Bodo Möller
ea513641d0 comments 2003-02-12 14:17:41 +00:00
Bodo Möller
0e9035ac98 SSL_add_dir_cert_subjects_to_stack now exists for WIN32 2003-02-05 16:40:29 +00:00
Richard Levitte
5d780babe3 A few small bugs with BIO popping.
PR: 364
2003-01-30 21:49:12 +00:00
Richard Levitte
0b13e9f055 Add the possibility to build without the ENGINE framework.
PR: 287
2003-01-30 17:39:26 +00:00
Richard Levitte
2e60ea7634 Fix a memory leak in SSL.
PR: 477
2003-01-30 11:00:34 +00:00
Richard Levitte
28b958f732 Fix possible NULL dereferencial.
Notified by Verdon Walker <VWalker@novell.com>
2003-01-16 06:00:55 +00:00
Lutz Jänicke
8ec16ce711 Really fix SSLv2 session ID handling
PR: 377
2003-01-15 09:51:22 +00:00
Lutz Jänicke
21cde7a41c Fix wrong handling of session ID in SSLv2 client code.
PR: 377
2002-12-29 20:59:35 +00:00
Richard Levitte
5e42f9ab46 make update 2002-12-29 01:38:15 +00:00
Lutz Jänicke
ea8e0cc7c2 Some more adjustments
Submitted by: Jeffrey Altman <jaltman@columbia.edu>, "Kenneth R. Robinette" <support@securenetterm.com>
2002-12-24 21:55:57 +00:00
Richard Levitte
8d6ad9e39d Stop a possible memory leak.
(I wonder why s2_connect() handles the initial buffer allocation slightly
differently...)
PR: 416
2002-12-21 23:49:21 +00:00
Lutz Jänicke
1004c99c29 Fix Kerberos5/SSL interaction
Submitted by: "Kenneth R. Robinette" <support@securenetterm.com>
Reviewed by:
PR:
2002-12-20 12:48:00 +00:00
Richard Levitte
9cd16b1dea We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies,
and then didn't support it very well.  And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...
2002-12-19 22:10:12 +00:00
Richard Levitte
09867a47a4 If _XOPEN_SOURCE_EXTENDED or _XOPEN_SOURCE are defined, _POSIX_C_SOURCE gets
defined in DECC$TYPES.H.  If _POSIX_C_SOURCE is defined, certain types do
not get defined (u_char, u_int, ...).  DECC.H gets included by assert.h
and others.  Now, in6.h uses the types u_char, u_int and so on, and gets
included as part of other header inclusions, and will of course fail because
of the missing types.

On the other hand, _XOPEN_SOURCE_EXTENDED is needed to get gethostname()
properly declared...

Solution: define _XOPEN_SOURCE_EXTENDED much later, so DECC$TYPES.H has
a chance to be included *first*, so the otherwise missing types get defined
properly.

Personal: *mumble* *mumble*
2002-12-19 19:39:30 +00:00
Richard Levitte
f70ddce761 Protect loading routines with a lock.
PR: 373
2002-12-16 06:06:03 +00:00
Geoff Thorpe
e9224c7177 This is a first-cut at improving the callback mechanisms used in
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.

This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing.  The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones.  The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.

There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
2002-12-08 05:24:31 +00:00
Geoff Thorpe
e90e719739 Fix a warning, and do some constification as a lucky side-effect :-) 2002-12-08 05:19:43 +00:00
Richard Levitte
7ba666fa0e Since it's defined in draft-ietf-tls-compression-04.txt, let's make
ZLIB a known compression method, with the identity 1.
2002-12-08 02:41:11 +00:00
Richard Levitte
4fbe40c54f gethostname() is more a BSD feature than an XOPEN one.
PR: 379
2002-12-04 22:48:01 +00:00
Richard Levitte
e7a285694e define USE_SOCKETS so sys/param.h gets included (and thusly, MAXHOSTNAMELEN
gets defined).
PR: 371
2002-12-02 22:49:02 +00:00
Richard Levitte
43d601641f A few more memset()s converted to OPENSSL_cleanse().
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
2002-11-29 11:30:45 +00:00
Richard Levitte
55f78baf32 Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
always give the expected result on some platforms.
2002-11-28 18:54:30 +00:00
Richard Levitte
4579924b7e Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
2002-11-28 08:04:36 +00:00
Richard Levitte
31be2daa06 Small bugfixes to the KSSL implementation.
PR: 349
2002-11-26 10:09:36 +00:00
Richard Levitte
d020e701bb Typo. OPENSSL_NO_ECDH, not NO_OPENSSL_ECDH 2002-11-22 08:40:34 +00:00
Lutz Jänicke
6a8afe2201 Fix bug introduced by the attempt to fix client side external session
caching (#288): now internal caching failed (#351):
Make sure, that cipher_id is set before comparing.
Submitted by:
Reviewed by:
PR: 288 (and 351)
2002-11-20 10:48:58 +00:00
Bodo Möller
1e3a9b650f allocate bio_err before memory debugging is enabled to avoid memory leaks
(we can't release it before the CRYPTO_mem_leaks() call!)

Submitted by: Nils Larsch
2002-11-19 11:56:05 +00:00
Richard Levitte
0bf23d9b20 WinCE patches 2002-11-15 22:37:18 +00:00
Lutz Jänicke
c566205319 The pointer to the cipher object is not yet set, when session was reloaded
from external cache (using d2i_SSL_SESSION). Perform comparison based on
the cipher's id instead.
Submitted by: Steve Haslam <araqnid@innocent.com>
Reviewed by:
PR: 288
2002-11-15 10:53:33 +00:00
Richard Levitte
0a5942093e We need to read one more byte of the REQUEST-CERTIFICATE message.
PR: 300
2002-11-15 09:15:55 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Bodo Möller
896e4fef30 avoid Purify warnings
Submitted by: Nils Larsch
2002-11-05 13:54:41 +00:00
Bodo Möller
5e3247d8bc fix typo 2002-11-05 10:54:40 +00:00
Richard Levitte
b6d0defb98 Remove all referenses to RSAref, since that's been gone for more than
a year.
2002-10-31 16:46:52 +00:00
Bodo Möller
259cdf2af9 Sun has agreed to removing the covenant language from most files.
Submitted by: Sheueling Chang <Sheueling.Chang@Sun.COM>
2002-10-29 10:59:32 +00:00
Geoff Thorpe
e0db2eed8d Correct and enhance the behaviour of "internal" session caching as it
relates to SSL_CTX flags and the use of "external" session caching. The
existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is
supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE".
The bitwise OR of the two flags is also defined as
"SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most
applications wanting to implement session caching *entirely* by its own
provided callbacks. As the documented behaviour contradicted actual
behaviour up until recently, and since that point behaviour has itself been
inconsistent anyway, this change should not introduce any compatibility
problems. I've adjusted the relevant documentation to elaborate about how
this works.

Kudos to "Nadav Har'El" <nyh@math.technion.ac.il> for diagnosing these
anomalies and testing this patch for correctness.

PR: 311
2002-10-29 00:33:04 +00:00
Bodo Möller
00a357ab20 increase permissible message length so that we can handle
CertificateVerify for 4096 bit RSA signatures
2002-10-28 15:45:51 +00:00
Richard Levitte
28c8a911bd Typos.
PR: 189
2002-10-15 20:30:56 +00:00
Richard Levitte
437d1ed49f Typos.
PR: 189
2002-10-15 20:29:09 +00:00
Richard Levitte
677532629d makedepend complains when a header file is included more than once in
the same source file.
2002-10-14 10:02:36 +00:00
Richard Levitte
ef0baf60aa Typo 2002-10-10 08:32:39 +00:00
Richard Levitte
7ba3a4c3d2 RFC 2712 redefines the codes for use of Kerberos 5 in SSL/TLS.
PR: 189
2002-10-10 07:59:03 +00:00
Richard Levitte
001ab3abad Use double dashes so makedepend doesn't misunderstand the flags we
give it.
For 0.9.7 and up, that means util/domd needs to remove those double
dashes from the argument list when gcc is used to find the
dependencies.
2002-10-09 13:25:12 +00:00
Bodo Möller
929f116733 fix more race conditions
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
2002-09-26 15:52:34 +00:00
Lutz Jänicke
ba5ba5490d Add missing brackets.
Submitted by: "Chris Brook" <cbrook@v-one.com>
2002-09-25 20:19:04 +00:00
Bodo Möller
b8565a9af9 really fix race conditions
Submitted by: "Patrick McCormick" <patrick@tellme.com>

PR: 262
PR: 291
2002-09-25 15:38:57 +00:00
Bodo Möller
e78f137899 really fix race condition
PR: 262
2002-09-23 14:25:07 +00:00
Bodo Möller
a4f53a1c73 there is no minimum length for session IDs
PR: 274
2002-09-19 11:44:07 +00:00
Bodo Möller
a90ae02454 fix race condition
PR: 262
2002-09-19 11:26:45 +00:00
Lutz Jänicke
82a20fb0f0 Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb().
Submitted by:
Reviewed by:
PR: 212
2002-08-16 17:04:04 +00:00
Bodo Möller
52c29b7b99 use correct function code in error message 2002-08-15 16:17:20 +00:00
Richard Levitte
265e892fed Sometimes, the value of the variable containing the compiler call can
become rather large.  This becomes a problem when the default 1024
character large buffer that WRITE uses isn't enough.  WRITE/SYMBOL
uses a 2048 byte large buffer instead.
2002-08-15 08:28:38 +00:00
Richard Levitte
90f5a2b6fe Instead of returning errors when certain flags are unusable, just ignore them.
That will make the test go through even if DH (or in some cases ECDH) aren't
built into OpenSSL.
PR: 216, part 2
2002-08-14 12:16:27 +00:00
Bodo Möller
aa1e56b0b9 remove comment
Submitted by: Douglas Stebila
2002-08-12 08:54:40 +00:00
Bodo Möller
7ef524ea1c remove debug messages
Submitted by: Douglas Stebila
2002-08-12 08:52:23 +00:00
Bodo Möller
0c7141a343 fix comment
Submitted by: Douglas Stebila
2002-08-12 08:51:30 +00:00
Bodo Möller
5488bb6197 get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)
Submitted by: Nils Larsch
2002-08-12 08:47:41 +00:00
Bodo Möller
74cc4903ef make update 2002-08-09 12:16:15 +00:00
Bodo Möller
41fdcfa71e fix warnings 2002-08-09 11:58:28 +00:00
Bodo Möller
ea26226046 ECC ciphersuite support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
2002-08-09 08:56:08 +00:00
Bodo Möller
db4f691f9f oops -- must use EVP_MD_size, not EVP_MD_block_size 2002-08-03 18:49:39 +00:00
Bodo Möller
5574e0ed41 get rid of OpenSSLDie 2002-08-02 11:48:15 +00:00
Richard Levitte
e70a39830c Make sure to use $(MAKE) everywhere instead of make.
Part of PR 181
2002-07-31 13:49:06 +00:00
Lutz Jänicke
dd7ab82e75 Typo.
Submitted by: Jeffrey Altman <jaltman@columbia.edu>
Reviewed by:
PR: 169
2002-07-30 13:36:31 +00:00
Lutz Jänicke
c046fffa16 OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
2002-07-30 13:04:04 +00:00
Lutz Jänicke
3aecef7697 "make update" 2002-07-30 12:44:33 +00:00
Lutz Jänicke
c6ccf055ba New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT.
Submitted by:
Reviewed by:
PR: 127
2002-07-19 19:55:34 +00:00
Bodo Möller
5dbd3efce7 Replace 'ecdsaparam' commandline utility by 'ecparam'
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.

Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.

Fix ec_asn1.c (take into account the desired conversion form).

'make update'.

Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Lutz Jänicke
7b63c0fa8c Reorder inclusion of header files:
des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
2002-07-10 07:01:54 +00:00
Lutz Jänicke
063a8905bf Ciphers with NULL encryption were not properly handled because they were
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
2002-07-10 06:41:55 +00:00
Bodo Möller
d1d0be3cd2 emtpy fragments are not necessary for SSL_eNULL
(but noone uses it anyway)

fix t1_enc.c: use OPENSSL_NO_RC4, not NO_RC4
2002-07-09 08:49:09 +00:00
Bodo Möller
ea4f109c99 AES cipher suites are now official (RFC3268) 2002-07-04 08:51:09 +00:00
Richard Levitte
17085b022c Pass CFLAG to dependency makers, so non-standard system include paths are
handled properly.
Part of PR 75
2002-06-27 16:39:25 +00:00
Bodo Möller
c21506ba02 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
2002-06-14 12:21:11 +00:00
Richard Levitte
b2c04539a1 Merge from 0.9.7-stable. 2002-06-06 07:22:33 +00:00
Richard Levitte
a9a025d08c Recover from errors 2002-05-23 23:31:22 +00:00
Richard Levitte
b935754cb0 Allow the use of the TCP/IP stack keyword TCPIP and NONE 2002-05-22 11:37:20 +00:00
Bodo Möller
98a9092af1 Fix ciphersuite list to enforce low priority for RC4. 2002-05-07 08:36:26 +00:00
Bodo Möller
87108f5af9 ensure that, for each strength, RC4 ciphers have least preference
in the default ciphersuite list
2002-05-07 07:59:35 +00:00
Bodo Möller
f257d984b7 refer to latest draft for AES ciphersuites 2002-05-07 07:55:36 +00:00
Bodo Möller
b889d6a8e8 fix warning 2002-05-06 10:44:59 +00:00
Bodo Möller
a4f576a378 disable AES ciphersuites unless explicitly requested 2002-05-05 23:44:27 +00:00
Bodo Möller
3def5a010e fix casts 2002-05-05 23:00:28 +00:00
Bodo Möller
b52f3818f4 undo nonsense patch (r *is* signed or we have signedness mismatches elsewhere) 2002-04-29 11:03:06 +00:00
Richard Levitte
cc12975514 Fix unsigned vs. signed clash 2002-04-29 10:29:38 +00:00
Richard Levitte
9738f395c6 Synchronise with 0.9.7-stable. 2002-04-29 10:28:29 +00:00
Richard Levitte
d4294c8984 Synchronise with 0.9.7-stable. 2002-04-29 10:19:19 +00:00
Richard Levitte
8b07f23c30 Signedness mismatch.
Notified by Bernd Matthes <bernd.matthes@gemplus.com>
2002-04-20 10:23:19 +00:00
Richard Levitte
6176df94ed Make sure the opened directory is closed on exit.
Notified by Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>
2002-04-18 16:20:13 +00:00
Bodo Möller
2fb3f002d0 fix length field we create when converting SSL 2.0 format into SSL 3.0/TLS 1.0 format
(the bug was introduced with message callback support)
2002-04-14 13:05:15 +00:00
Bodo Möller
82b0bf0b87 Implement known-IV countermeasure.
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-04-13 22:47:20 +00:00
Lutz Jänicke
11c26ecf81 Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>). 2002-03-19 16:42:09 +00:00
Dr. Stephen Henson
611ba3f4a1 Initialize ciph_ctx in kssl.c 2002-03-19 01:28:00 +00:00
Bodo Möller
304d90425f fix ssl3_pending 2002-03-15 10:52:32 +00:00
Lutz Jänicke
bfaa8a89e1 Add missing strength entries. 2002-03-14 18:53:15 +00:00
Dr. Stephen Henson
de941e289e Initialize cipher context in KRB5
("D. Russell" <russelld@aol.net>)

Allow HMAC functions to use an alternative ENGINE.
2002-03-14 18:22:23 +00:00
Bodo Möller
234c73767d use BIO_nwrite() more properly to demonstrate the general idea of
BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not
in general)
2002-03-14 09:48:54 +00:00
Dr. Stephen Henson
497810cae7 Undo previous patch: avoid warnings by #undef'ing
duplicate definitions.

Suggested by "Kenneth R. Robinette" <support@securenetterm.com>
2002-03-13 13:59:38 +00:00
Dr. Stephen Henson
cbc9d9713d Fix Kerberos warnings with VC++. 2002-03-12 19:37:18 +00:00
Dr. Stephen Henson
98fa4fe8c5 Fix ASN1 additions for KRB5 2002-03-12 13:32:35 +00:00
Dr. Stephen Henson
0b4c91c0fc Fix various warnings when compiling with KRB5 code. 2002-03-12 02:59:37 +00:00
Bodo Möller
9437fef8cc use ERR_peek_last_error() instead of ERR_peek_error() 2002-02-28 14:07:37 +00:00
Richard Levitte
26414ee013 Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated 2002-02-28 12:42:19 +00:00
Bodo Möller
023ec151df Add 'void *' argument to app_verify_callback.
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:52:56 +00:00
Lutz Jänicke
d62bfb39cd Fix the fix (Yoram Zahavi)... 2002-02-27 11:23:05 +00:00
Lutz Jänicke
334f1842fc Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi). 2002-02-26 21:40:09 +00:00
Dr. Stephen Henson
3a3ca3f515 Fix for AIX.
Submitted by Dawn Whiteside <dwhitesi@tiercel.uwaterloo.ca>
2002-02-22 21:26:25 +00:00
Bodo Möller
4d94ae00d5 ECDSA support
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Lutz Jänicke
acfe628b6e Make removal from session cache more robust. 2002-02-10 12:46:41 +00:00
Lutz Jänicke
4de920c91d Do not store unneeded data. 2002-02-08 15:15:04 +00:00
Bodo Möller
8c74b5e56c Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
2002-01-14 23:40:26 +00:00
Bodo Möller
c59ba5b528 Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if
the SSL_R_LENGTH_MISMATCH error is detected.
2002-01-14 12:37:59 +00:00
Ben Laurie
45d87a1ffe Prototype info function. 2002-01-12 15:56:13 +00:00
Ben Laurie
a3feb21bbe Add client_cert_cb prototype. 2002-01-12 13:15:40 +00:00
Ulf Möller
dcbbf83dba ssl3_read_bytes bug fix
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
2001-12-28 17:14:35 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Ben Laurie
ff3fa48fc7 Improve back compatibility. 2001-12-09 21:53:31 +00:00
Bodo Möller
47ff5c6279 For future portability reasons MIT is moving all macros to function
calls.  This patch allows compilation either way.

Submitted by: Jeffrey Altman <jaltman@columbia.edu>
2001-11-23 21:50:50 +00:00
Bodo Möller
c23d16ac19 cast to unsigned int, not to int to avoid the warning -- all these
values really are unsigned
2001-11-14 21:18:35 +00:00
Richard Levitte
3102792161 unsigned int vs. int. 2001-11-14 10:55:29 +00:00
Bodo Möller
2b90b1f344 make code a little more similar to what it looked like before the fixes,
call ssl2_part_read again to parse error message
2001-11-10 10:44:15 +00:00
Bodo Möller
cf82191d77 Implement msg_callback for SSL 2.0.
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
2001-11-10 01:16:28 +00:00
Richard Levitte
a7b42009c4 Change the shared library support so the shared libraries get built
sooner and the programs get built against the shared libraries.

This requires a bit more work.  Things like -rpath and the possibility
to still link the programs statically should be included.  Some
cleanup is also needed.  This will be worked on.
2001-10-30 08:00:59 +00:00
Richard Levitte
7b5ffd6834 Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names 2001-10-29 13:05:28 +00:00
Bodo Möller
4d635a7001 Consistency with s2_... and s23_... variants (no real functional
change)
2001-10-25 08:17:53 +00:00
Bodo Möller
ba1c602281 Assume TLS 1.0 when ClientHello fragment is too short. 2001-10-25 06:09:51 +00:00
Bodo Möller
979689aa5c Fix SSL handshake functions and SSL_clear() such that SSL_clear()
never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.
2001-10-24 19:03:22 +00:00
Richard Levitte
a3faebd104 Deprecate the macro MAC_OS_pre_X. 2001-10-24 15:32:53 +00:00
Bodo Möller
287973746e Fix memory leak. 2001-10-22 13:59:36 +00:00
Bodo Möller
cf3a5cebd7 Call msg_callback with correct length parameter if ssl3_write_bytes had to
be called multiple times
2001-10-20 18:56:01 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback().
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Bodo Möller
31fe950d2b gcc complained about "write" being shadowed even though the "write"
variable name occured just in a function *prototype* -- so rename it
2001-10-17 20:44:25 +00:00
Richard Levitte
db6a87d8cc Wrong place... 2001-10-17 17:54:17 +00:00
Richard Levitte
7beb408771 The EVP_*Init_ex() functions take one extra argument. Let's default
it to NULL.
2001-10-17 16:03:42 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Bodo Möller
bf21446a2a Add per-SSL 'msg_callback' with 'msg_callback_arg'.
Both have per-SSL_CTX defaults.
These new values can be set by calling SSL[_CTX]_[callback_]ctrl
with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG.

So far, the callback is never actually called.


Also rearrange some SSL_CTX struct members (some exist just in
SSL_CTXs, others are defaults for SSLs and are either copied
during SSL_new, or used if the value in the SSL is not set;
these three classes of members were not in a logical order),
and add some missing assignments to SSL_dup.
2001-10-16 13:09:24 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Bodo Möller
9ba3ec9176 The message header for fake SSL 3.0/TLS 1.0 client hellos created from
SSL 2.0 client hellos added with the previous commit was totally wrong --
it must start with the message type, not the protocol version.
(Not that this particular header is actually used anywhere ...)
2001-10-16 00:56:04 +00:00
Bodo Möller
8f71fb8d98 For consistency, set s->init_num in the 'reuse_message' case
(if s23_srvr.c faked the message, s->init_num is 0).
2001-10-15 20:16:36 +00:00
Bodo Möller
48948d53b6 Change ssl3_get_message and the functions using it so that complete
'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.

(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)
2001-10-15 19:49:25 +00:00
Bodo Möller
2ce15df528 Fix ssl3_get_message handle message fragmentation correctly. 2001-10-15 17:41:41 +00:00
Bodo Möller
681bfae499 the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK
case of ssl3_accept
2001-10-15 17:40:42 +00:00
Richard Levitte
116daf4c2f To avoid commit wars over dependencies, let's make it so things that
depend on the environment, like the presence of the OpenBSD crypto
device or of Kerberos, do not change the dependencies within OpenSSL.
2001-10-10 07:55:02 +00:00
Richard Levitte
285046ec51 SSL_add_dir_cert_subjects_to_stack for Win32 finally implemented.
Submitted by Massimo Santin <msantin@santineassociati.com>.
2001-10-04 12:27:39 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Bodo Möller
965b6dad44 comment 2001-09-24 07:56:45 +00:00
Bodo Möller
a32d795aae avoid everything resembling a magic trigraph 2001-09-24 07:54:11 +00:00
Bodo Möller
3b0b5abae3 bugfix: handle HelloRequest received during handshake correctly 2001-09-21 11:18:40 +00:00
Bodo Möller
b49124f6d9 Disable session related stuff in SSL_ST_OK case of ssl3_accept if we
just sent a HelloRequest.
2001-09-21 07:01:25 +00:00
Bodo Möller
2260ad21fb Bugfix: correct cleanup after sending a HelloRequest 2001-09-21 00:04:15 +00:00
Bodo Möller
6b0e9facf4 New function SSL_renegotiate_pending().
New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
2001-09-20 22:54:09 +00:00
Bodo Möller
8e2f6b79ea fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case 2001-09-20 21:37:13 +00:00
Bodo Möller
ee60d9fb28 Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
2001-09-20 18:35:52 +00:00
Bodo Möller
b78e502104 add comment 2001-09-14 13:47:25 +00:00
Lutz Jänicke
c0f5dd070b Make maximum certifcate chain size accepted from the peer application
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
2001-09-11 13:08:51 +00:00
Bodo Möller
384eff877c Fix apps/openssl.c and ssl/ssltest.c so that they use
CRYPTO_set_mem_debug_options() instead of CRYPTO_dbg_set_options(),
which is the default implementation of the former and should usually
not be directly used by applications (at least if we assume that the
options accepted by the default implementation will also be meaningful
to any other implementations).

Also fix apps/openssl.c and ssl/ssltest such that environment variable
setting 'OPENSSL_DEBUG_MEMORY=off' actively disables the compiled-in
library defaults (i.e. such that CRYPTO_MDEBUG is ignored in this
case).
2001-09-10 09:50:30 +00:00
Bodo Möller
6ac4e8bd6e Rename recently introduced functions for improved code clarity:
[DR]SA_up  =>  [DR]SA_up_ref
2001-09-03 13:40:07 +00:00
Geoff Thorpe
79aa04ef27 Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.

NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
2001-09-01 20:02:13 +00:00
Geoff Thorpe
4db73c1bb8 (A version of) gcc had been giving somewhat odd "trigraph" warnings about
this construct, and Ulf provided the following insight as to why;

> ANSI C compliant compilers must substitute "??)" for "]" because your
> terminal might not have a "]" key if you bought it in the early 1970s.

So we escape the final '?' to avoid this pathological case.
2001-08-28 19:32:16 +00:00
Ben Laurie
1f3b65801b Fix SSL memory leak. 2001-08-28 13:45:41 +00:00
Geoff Thorpe
78435364ec Changes crypto/evp/ and ssl/ code from directly incrementing reference
counts in DH, DSA, and RSA structures. Instead they use the new "***_up()"
functions that handle this.
2001-08-25 17:28:23 +00:00
Lutz Jänicke
e7cf7fcd21 Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.) 2001-08-25 11:49:24 +00:00
Lutz Jänicke
11c8f0b79d More manual pages. Constify. 2001-08-23 17:22:43 +00:00
Lutz Jänicke
df7cb13525 Checked in from the wrong !@#$%&*() copy... 2001-08-21 07:27:02 +00:00
Lutz Jänicke
a403188f92 Alert description strings for TLSv1 and documentation. 2001-08-19 16:20:42 +00:00
Geoff Thorpe
b7727ee616 The indexes returned by ***_get_ex_new_index() functions are used when
setting stack (actually, array) values in ex_data. So only increment the
global counters if the underlying CRYPTO_get_ex_new_index() call succeeds.
This change doesn't make "ex_data" right (see the comment at the head of
ex_data.c to know why), but at least makes the source code marginally less
frustrating.
2001-08-12 16:52:00 +00:00
Bodo Möller
37a7cd1a11 Bugfix: larger message size in ssl3_get_key_exchange() because
ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>
2001-08-07 09:30:18 +00:00
Lutz Jänicke
3a2d9c4dd0 Fix typos (shinagawa@star.zko.dec.com) 2001-08-07 07:52:53 +00:00
Ben Laurie
d66ace9da5 Start to reduce some of the header bloat. 2001-08-05 18:02:16 +00:00
Lutz Jänicke
06da6e4977 Don't disable rollback attack detection as a recommended bug workaround. 2001-08-03 08:45:13 +00:00
Lutz Jänicke
d92f0bb6e9 Remove SSL_OP_NON_EXPORT_FIRST:
It did not work, it was deactivated by #if 0/#endif anyway _and_ we now have
the working SSL_OP_CIPHER_SERVER_PREFERENCE.
2001-08-01 10:06:32 +00:00
Lutz Jänicke
e32c852e1e Indent. 2001-07-31 10:19:20 +00:00
Richard Levitte
3728974460 Make as sure as possible that gethostname() will be properly declared. 2001-07-31 08:50:20 +00:00
Richard Levitte
fdc2bbcacb Correct most of the unsigned vs. signed warnings (or int vs. size_t),
and rename some local variables to avoid name shadowing.
2001-07-31 08:45:40 +00:00
Richard Levitte
c2a3358b60 Whoops, my fault, a backslash got converted to a slash... 2001-07-31 08:44:28 +00:00
Richard Levitte
882e891284 More Kerberos SSL changes from Jeffrey Altman <jaltman@columbia.edu>
His comments are:

First, it corrects a problem introduced in the last patch where the
kssl_map_enc() would intentionally return NULL for valid ENCTYPE
values.  This was done to prevent verification of the kerberos 5
authenticator from being performed when Derived Key ciphers were
in use.  Unfortunately, the authenticator verification routine was
not the only place that function was used.  And it caused core dumps.

Second, it attempt to add to SSL_SESSION the Kerberos 5 Client
Principal Name.
2001-07-31 07:21:06 +00:00
Richard Levitte
99ecb90a99 make update 2001-07-31 06:40:10 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Ben Laurie
be2e2c3297 Only set the verify callback if there's one to set! 2001-07-30 17:17:26 +00:00
Lutz Jänicke
1f0c9ad7e1 Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:45:34 +00:00
Bodo Möller
7bc03ded12 add a comment 2001-07-25 10:04:14 +00:00
Richard Levitte
acdf4afb91 More Kerberos SSL patches from Vern Staats <staatsvr@asc.hpc.mil>.
His comments are:

This patch fixes the problem of modern Kerberos using "derived keys"
to encrypt the authenticator by disabling the authenticator check
for all derived keys enctypes.

I think I've got all the bugfixes that Jeffrey and I discussed rolled
into this.  There were some problems with Jeffrey's code to convert
the authenticator's Kerberos timestring into struct tm (e.g. Z, -1900;
it helps to have an actual decryptable authenticator to play with).
So I've shamelessly pushed in my code, while stealing some bits from
Jeffrey.
2001-07-21 09:43:43 +00:00
Richard Levitte
fa293e4e4b SSL_get_rfc were documented but not implemented. 2001-07-16 10:50:29 +00:00
Richard Levitte
24cbf3efc6 SSL_get_[rw]fd were documented but not implemented. 2001-07-15 20:11:57 +00:00
Richard Levitte
45442167b0 Prevent KSSL server from requesting a client certificate.
Submitted by Jeffrey Altman <jaltman@columbia.edu>
2001-07-12 16:17:33 +00:00
Richard Levitte
131645ecce paddr may be NULL. Do not crash if it is. 2001-07-12 15:54:10 +00:00
Richard Levitte
82d5d46c14 Some of the Kerberos code had dissapeared. Reapply. 2001-07-12 08:51:47 +00:00
Richard Levitte
b01ab14338 make update
Note that since some private kssl functions were exported, the
simplest way to rebuild the number table was to toss everything that
was new since OpenSSL 0.9.6b.  This is safe, since those functions
have not yet been exported in an OpenSSL release.  Beware, people who
trust intermediary snapshots!
2001-07-11 21:15:03 +00:00
Richard Levitte
2a96235bf7 Include kssl_lcl.h where needed. 2001-07-11 21:11:40 +00:00
Richard Levitte
1cf9bf00f4 Private functions do not belong in an exported header file, so move
them to one that won't get exported.
2001-07-11 21:09:30 +00:00
Richard Levitte
a5224c3420 Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu>
His comments are:

 . adds use of replay cache to protect against replay attacks

 . adds functions kssl_tgt_is_available() and
   kssl_keytab_is_available() which are used within s3_lib.c
   and ssl_lib.c to determine at runtime whether or not
   KRB5 ciphers can be supported during the current session.
2001-07-11 19:03:58 +00:00
Richard Levitte
ab603c6987 Code to avoid the use of non-standard strptime(). By
Jeffrey Altman <jaltman@columbia.edu>

(Really, the time that's being parsed is a GeneralizedTime, so if
ASN1_GENERALIZEDTIME_get() ever gets implemented, it should be used
instead)
2001-07-11 16:13:36 +00:00
Richard Levitte
8de83bf876 Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu>
His comments are:

 . Fixed all of the Windows dynamic loading functions, prototypes, etc.

 . Corrected all of the unsigned/signed comparison warnings

 . Replaced the references to krb5_cksumarray[] for two reasons.
   First, it was an internal variable that should not have been
   referenced outside the library; nor could it have been with
   a shared library with restricted exports.  Second, the
   variable is no longer used in current Kerberos implementations.
   I replaced the code with equivalent functionality using functions
   that are exported from the library.
2001-07-11 15:31:45 +00:00
Richard Levitte
567671e291 make update 2001-07-10 21:00:37 +00:00
Richard Levitte
7e99812432 If I define _XOPEN_SOURCE before including *any* system header file,
things will work much more smoothly.
2001-07-09 21:51:03 +00:00
Richard Levitte
2a1ef75435 Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in
SSL according to RFC 2712.  His comment is:

This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication.  I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week.  The full kit includes patches
for mod-ssl, apache, and a few text clients.  The sourceforge URL
is http://sourceforge.net/projects/kssl/ .

Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct.  I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field.  I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.
2001-07-09 21:46:58 +00:00
Bodo Möller
b8e2f83ae6 Call ENGINE_cleanup() to avoid memory leak. 2001-07-04 20:55:36 +00:00
Dr. Stephen Henson
323f289c48 Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Bodo Möller
285b42756a pay attention to blocksize before attempting decryption 2001-06-15 18:05:09 +00:00
Richard Levitte
44e48abc44 Use memmove() instead of memcpy() on areas that may overlap.
Spotted by Nalin Dahyabhai <nalin@redhat.com>
2001-06-07 04:42:34 +00:00
Bodo Möller
31bc51c8cf Fix Bleichenbacher PKCS #1 1.5 countermeasure.
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway,
otherwise this would be a security relevant patch.)
2001-06-01 09:41:25 +00:00
Dr. Stephen Henson
926a56bfe3 Purpose and trust setting functions for X509_STORE.
Tidy existing code.
2001-05-10 00:13:59 +00:00
Dr. Stephen Henson
b545dc6775 Initial CRL based revocation checking. 2001-05-07 22:52:50 +00:00
Bodo Möller
027e257b1d Avoid assert() in the library. 2001-04-08 13:47:51 +00:00
Richard Levitte
42748c084e Resize a local buffer to accomodate the size requirements of AES.
Protect against future mistakes with an assert().
2001-04-08 05:41:42 +00:00
Bodo Möller
1876cc32ae This change should be suitable as a workaround for the Solaris x86
compiler bug reported in <01032110293775.22278@weba3.iname.net>
(the '++seq[i]' condition is evaluated as 256 rather than 0
when the previous value is 255).
2001-04-03 13:50:30 +00:00
Bodo Möller
10654d3a74 Forcibly enable memory leak checking during "make test" 2001-03-11 14:49:46 +00:00
Bodo Möller
4e20b1a656 Instead of telling both 'make' and the user that ranlib
errors can be tolerated, hide the error from 'make'.
This gives shorter output both if ranlib fails and if
it works.
2001-03-09 14:01:42 +00:00
Bodo Möller
e34cfcf7e1 Consistently use 'void *' for SSL read, peek and write functions. 2001-03-09 10:09:20 +00:00
Bodo Möller
5451e0d924 add ssl23_peek 2001-03-08 21:54:02 +00:00
Bodo Möller
5277d7cb7c Fix ERR_R_... problems. 2001-03-07 01:19:07 +00:00
Bodo Möller
65e8167079 Move ec.h to ec2.h because it is not compatible with what we will use.
Add EC vaporware: change relevant Makefiles and add some empty source
files.

"make update".
2001-03-05 20:13:37 +00:00
Richard Levitte
794103d285 For SSLv2, return the SSLv2 method, not the SSLv23 method. This way,
it's possible to reuse an SSLv2 session.
2001-03-02 12:17:57 +00:00
Richard Levitte
d88a26c489 make update
Note that all *_it variables are suddenly non-existant according to
libeay.num.  This is a bug that will be corrected.  Please be patient.
2001-02-26 10:54:08 +00:00
Geoff Thorpe
f85c9904c6 Fix an oversight - when checking a potential session ID for conflicts with
an SSL_CTX's session cache, it is necessary to compare the ssl_version at
the same time (a conflict is defined, courtesy of SSL_SESSION_cmp(), as a
matching id/id_length pair and a matching ssl_version). However, the
SSL_SESSION that will result from the current negotiation does not
necessarily have the same ssl version as the "SSL_METHOD" in use by the
SSL_CTX - part of the work in a handshake is to agree on an ssl version!

This is fixed by having the check function accept an SSL pointer rather
than the SSL_CTX it belongs to.

[Thanks to Lutz for illuminating the full extent of my stupidity]
2001-02-23 00:02:56 +00:00
Richard Levitte
41d2a336ee e_os.h does not belong with the exported headers. Do not put it there
and make all files the depend on it include it without prefixing it
with openssl/.

This means that all Makefiles will have $(TOP) as one of the include
directories.
2001-02-22 14:45:02 +00:00
Richard Levitte
65a87c7d01 Include e_os2.h instead of opensslconf.h.
SSL_add_dir_cert_subjects_to_stack is not implemented on WIN32 and
VMS, so declare it the same way.
2001-02-22 13:19:50 +00:00
Geoff Thorpe
ec0f19597e If a callback is generating a new session ID for SSLv2, then upon exiting,
the ID will be padded out to 16 bytes if the callback attempted to generate
a shorter one. The problem is that the uniqueness checking function used in
callbacks may mistakenly think a 9-byte ID is unique when in fact its
padded 16-byte version is not. This makes the checking function detect
SSLv2 cases, and ensures the padded form is checked rather than the shorter
one passed by the callback.
2001-02-21 21:38:32 +00:00
Geoff Thorpe
dc644fe229 This change allows a callback to be used to override the generation of
SSL/TLS session IDs in a server. According to RFC2246, the session ID is an
arbitrary value chosen by the server. It can be useful to have some control
over this "arbitrary value" so as to choose it in ways that can aid in
things like external session caching and balancing (eg. clustering). The
default session ID generation is to fill the ID with random data.

The callback used by default is built in to ssl_sess.c, but registering a
callback in an SSL_CTX or in a particular SSL overrides this. BTW: SSL
callbacks will override SSL_CTX callbacks, and a new SSL structure inherits
any callback set in its 'parent' SSL_CTX. The header comments describe how
this mechanism ticks, and source code comments describe (hopefully) why it
ticks the way it does.

Man pages are on the way ...

[NB: Lutz was also hacking away and helping me to figure out how best to do
this.]
2001-02-21 18:06:26 +00:00
Geoff Thorpe
47ddf355b4 'make update' 2001-02-21 17:43:52 +00:00
Richard Levitte
6525ced540 Let VMS catch up. 2001-02-20 13:10:14 +00:00
Richard Levitte
32d0ad41a4 DEC C on VMS is pedantic by definition. 2001-02-20 13:06:55 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Ulf Möller
7bd51947e5 Temporary fix for build break.
It's still inconsistent - probably better to undo the whole OPENSSL_NO_* thing.
2001-02-19 23:42:09 +00:00
Richard Levitte
cf1b7d9664 Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.

I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
2001-02-19 16:06:34 +00:00
Lutz Jänicke
836f996010 New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override
the clients choice; in SSLv2 the client uses the server's preferences.
2001-02-09 19:56:31 +00:00
Dr. Stephen Henson
deb2c1a1c5 Fix AES code.
Update Rijndael source to v3.0

Add AES OIDs.

Change most references of Rijndael to AES.

Add new draft AES ciphersuites.
2001-02-07 18:15:18 +00:00
Ben Laurie
259810e05b Rijdael CBC mode and partial undebugged SSL support. 2001-02-06 14:09:13 +00:00
Ben Laurie
4978361212 Make depend. 2001-02-04 21:06:55 +00:00
Dr. Stephen Henson
a342cc5a70 Zero the premaster secret after deriving the master secret in DH
ciphersuites.
2001-01-25 13:15:01 +00:00
Bodo Möller
325ae88efb For improved compatibility with 'strange' certificates, add some
digest aliases (as found in OpenSSL_add_all_digests).
2001-01-23 13:55:26 +00:00
Ulf Möller
36f74d60b3 Definition of NO_KRB5 in ssl.h for external applications. 2001-01-22 18:46:32 +00:00
Geoff Thorpe
3c91484052 Move all the existing function pointer casts associated with LHASH's two
"doall" functions to using type-safe wrappers. As and where required, this
can be replaced by redeclaring the underlying callbacks to use the
underlying "void"-based prototypes (eg. if performance suffers from an
extra level of function invocation).
2001-01-09 00:24:38 +00:00
Richard Levitte
26da3e65ac If OPENSSL_BUILD_SHLIBCRYPTO (for files that end up as libcrypto
objects) or OPENSSL_BUILD_SHLIBSSL (for files that end up as libssl
objects) is defined, redefine OPENSSL_EXTERN to be OPENSSL_EXPORT.
This is actually only important on Win32, and can safely be ignored in
all other cases, at least for now.
2000-12-31 00:23:17 +00:00
Richard Levitte
6f346c7115 Uhmm, the keyword TRUE does not exist of course... 2000-12-31 00:00:02 +00:00
Richard Levitte
200b24e391 Check for deselection of KRB5. In fact, skip it completely on VMS for now... 2000-12-29 01:54:14 +00:00
Richard Levitte
701adceb12 "make update" plus a rewrite of both .num files. 2000-12-29 00:19:12 +00:00
Richard Levitte
66a0def81b Update VMS build procedures to match the current status. 2000-12-28 22:26:11 +00:00
Bodo Möller
037a9f9c1a Get rid of unused error code. 2000-12-27 23:42:20 +00:00
Bodo Möller
725c88879c Finish SSL_peek/SSL_pending fixes. 2000-12-26 12:07:23 +00:00
Bodo Möller
a0aae68cf6 Fix SSL_peek and SSL_pending. 2000-12-25 18:40:46 +00:00
Bodo Möller
3880cd35ad Import s2_pkt.c wbuf fixes from OpenSSL_0_9_6-stable branch. 2000-12-18 11:35:32 +00:00
Bodo Möller
3ac82faae5 Locking issues. 2000-12-15 16:40:35 +00:00
Bodo Möller
bdcfe1d165 typo 2000-12-14 17:47:29 +00:00
Bodo Möller
5a4fbc69c3 First step towards SSL_peek fix. 2000-12-14 17:36:59 +00:00
Richard Levitte
34d69d3b23 SSL_new() may potentially add a certfificate. Therefore, wen
duplicating the certificate that is in the original SSL, remove the
one that SSL_new() provided, if any.
Spotted by: Mike Zeoli <zeoli@roguewave.com>
2000-12-12 08:08:53 +00:00
Geoff Thorpe
d0fa136ce2 Next step in tidying up the LHASH code.
DECLARE/IMPLEMENT macros now exist to create type (and prototype) safe
wrapper functions that avoid the use of function pointer casting yet retain
type-safety for type-specific callbacks. However, most of the usage within
OpenSSL itself doesn't really require the extra function because the hash
and compare callbacks are internal functions declared only for use by the
hash table. So this change catches all those cases and reimplements the
functions using the base-level LHASH prototypes and does per-variable
casting inside those functions to convert to the appropriate item type.

The exception so far is in ssl_lib.c where the hash and compare callbacks
are not static - they're exposed in ssl.h so their prototypes should not be
changed. In this last case, the IMPLEMENT_LHASH_*** macros have been left
intact.
2000-12-08 20:02:01 +00:00
Richard Levitte
9f49524331 It's completely unnecessary to add a compression algorithm that is
really undefined.
Spotted by Jeffrey Altman <jaltman@columbia.edu>
2000-12-04 17:17:03 +00:00
Geoff Thorpe
97b1719583 Make the remaining LHASH macro changes. This should leave no remaining
cases of function pointer casting in lh_new() calls - and leave only the
lh_doall and lh_doall_arg cases to be finished.
2000-12-04 03:02:44 +00:00
Ben Laurie
b0dc680f71 Fix warnings. 2000-12-03 10:04:22 +00:00
Ulf Möller
0826c85f4c remove unused static function 2000-12-02 07:20:47 +00:00
Geoff Thorpe
385d81380c First step in tidying up the LHASH code. The callback prototypes (and
casts) used in the lhash code are about as horrible and evil as they can
be. For starters, the callback prototypes contain empty parameter lists.
Yuck.

This first change defines clearer prototypes - including "typedef"'d
function pointer types to use as "hash" and "compare" callbacks, as well as
the callbacks passed to the lh_doall and lh_doall_arg iteration functions.
Now at least more explicit (and clear) casting is required in all of the
dependant code - and that should be included in this commit.

The next step will be to hunt down and obliterate some of the function
pointer casting being used when it's not necessary - a particularly evil
variant exists in the implementation of lh_doall.
2000-12-01 20:31:52 +00:00
Richard Levitte
3e7a6396ed Typo corrected. 2000-12-01 14:33:19 +00:00
Bodo Möller
b5a25a430a "make depend" 2000-12-01 08:48:42 +00:00
Bodo Möller
8df788c97f COMP_zlib should always be declared, even if it is not functional.
Don't dump core in ssltest.
2000-11-30 23:41:58 +00:00
Richard Levitte
f9b3bff6f7 First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu> 2000-11-30 22:53:34 +00:00
Richard Levitte
4751717cd8 The compression method may be undefined for some reason that has
generated errors.  Therefore, print whatever error there may be...
2000-11-30 12:53:15 +00:00
Richard Levitte
bd68b6b1f6 Simplify and provide the possibility to clean a compression method. 2000-11-30 12:22:35 +00:00
Richard Levitte
cd9b7d7c35 comp_methods in a SSL_CTX points at an internal database. Do *not*
free that, since it's shared by all SSL_CTX's, present and future.
2000-11-30 12:21:33 +00:00
Richard Levitte
058123afb6 Turn off memory checking when loading new compression algorithms. 2000-11-30 12:19:54 +00:00
Richard Levitte
23f80f46a4 Make it possible to test SSL compression 2000-11-30 11:57:31 +00:00
Bodo Möller
38b40c624c mark a bug 2000-11-29 19:29:47 +00:00
Lutz Jänicke
0dd2254d76 Store verify_result with sessions to avoid potential security hole.
For the server side this was already done one year ago :-(
2000-11-29 16:04:38 +00:00
Bodo Möller
24b44446e2 Comments on SSL_peek deficiencies 2000-11-28 06:58:22 +00:00
Bodo Möller
87739b2c53 Disable SSL_peek until it is fixed. 2000-11-28 06:48:36 +00:00
Bodo Möller
78a0c1f18d modular arithmetics
"make update"
2000-11-26 16:42:38 +00:00
Bodo Möller
7396958515 Increase permissible ClientKeyExchange message length. 2000-11-17 14:42:49 +00:00
Bodo Möller
3c758be86e include 'err' label only when it is actually used 2000-11-17 13:08:57 +00:00
Bodo Möller
f7a059316f tag SSL_peek bugs 2000-11-17 11:49:29 +00:00
Richard Levitte
43fcc1b096 I've checked again and again. There really is no need to expand a to
4 times it's size when bn_sqr_recursive() won't look farther than the
original length.  Thereby, constification is no longer a problem.
2000-11-16 21:35:41 +00:00
Ulf Möller
6a8ba34f9d in some new file names the first 8 characters were not unique 2000-11-12 22:32:18 +00:00
Richard Levitte
ccb9643f02 Remove references to RSAref. The glue library is but a memory to fade
away now...
2000-11-08 17:51:37 +00:00
Richard Levitte
5e4ca4220e The consequence of constification is that to pass the address to a
pointer to a const double pointe parameter, the pointer must point to
const data as well.
2000-11-06 23:16:04 +00:00
Richard Levitte
f3f316f13f If the functions get_dh*() are declared static, they should be defined the same way 2000-10-22 12:45:33 +00:00
Richard Levitte
3ab5651112 The experimental Rijndael code moved to the main trunk.
make update done.
2000-10-14 20:09:54 +00:00
Dr. Stephen Henson
924046ce75 Make non blocking I/O work for accept BIOs. 2000-10-12 01:50:33 +00:00
Bodo Möller
086a32d754 Set s->read_ahead in SSL_new because SSL_clear no longer modifies it. 2000-09-26 11:38:05 +00:00
Bodo Möller
544ebbceb4 Don't modify s->read_ahead in SSL_clear, which is called from
accept/connect functions; those should not change the
read_ahead setting of the SSL structure.
2000-09-26 11:30:59 +00:00
Bodo Möller
6d0dcbedb1 Fix SSL_CTX_set_read_ahead macro.
Submitted by: Anders Gertz <gertz@epact.se>
2000-09-26 11:25:44 +00:00
Richard Levitte
4e20a4e688 'ranlib' doesn't always run on some systems. That's actually
acceptable, since all that happens if it fails is a library with
an index, which makes linking slower, but still working correctly.
2000-09-25 08:53:15 +00:00
Bodo Möller
f1192b7f2e Avoid protocol rollback. 2000-09-22 21:39:33 +00:00
Richard Levitte
c5f8bbbc0b Portability patch for HP MPE/iX. Submitted by Mark Bixby <mark_bixby@hp.com> 2000-09-21 05:42:01 +00:00
Richard Levitte
62324627aa Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care
of complaints from the compiler about data pointers and function
pointers not being compatible with each other.
2000-09-17 18:21:27 +00:00
Bodo Möller
54f10e6adc New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default
behaviour that SSL_read may result in SSL_ERROR_WANT_READ.
2000-09-12 20:28:30 +00:00
Richard Levitte
62ab514e98 'make update' 2000-09-07 08:46:51 +00:00
Dr. Stephen Henson
34216c0422 Keep a not of original encoding in certificate requests.
Add new option to PKCS7_sign to exclude S/MIME capabilities.
2000-09-05 13:27:57 +00:00
Bodo Möller
bbb8de0966 Avoid abort() throughout the library, except when preprocessor
symbols for debugging are defined.
2000-09-04 15:34:43 +00:00
Richard Levitte
3009458e2f MD4 implemented. Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test 2000-08-14 14:05:53 +00:00
Bodo Möller
aa826d88e1 Document rollback issues. 2000-07-29 19:27:20 +00:00
Bodo Möller
37569e64e8 Fix SSL 2.0 rollback checking: The previous implementation of the
test was never triggered due to an off-by-one error.

In s23_clnt.c, don't use special rollback-attack detection padding
(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
client; similarly, in s23_srvr.c, don't do the rollback check if
SSL 2.0 is the only protocol enabled in the server.
2000-07-29 18:50:41 +00:00
Richard Levitte
c2bbf9cf6c I got sick and tired of having to keep track of NIDs when such a thing
could be done automagically, much like the numbering in libeay.num and
ssleay.num.  The solution works as follows:

  - New object identifiers are inserted in objects.txt, following the
    syntax given in objects.README.
  - objects.pl is used to process obj_mac.num and create a new
    obj_mac.h.
  - obj_dat.pl is used to create a new obj_dat.h, using the data in
    obj_mac.h.

This is currently kind of a hack, and the perl code in objects.pl
isn't very elegant, but it works as I intended.  The simplest way to
check that it worked correctly is to look in obj_dat.h and check the
array nid_objs and make sure the objects haven't moved around (this is
important!).  Additions are OK, as well as consistent name changes.
2000-07-05 02:45:36 +00:00
Richard Levitte
8f0d68fa27 Beautification 2000-07-05 02:23:55 +00:00
Bodo Möller
3f2599d97d Fix code structure (if ... else if ... where both parts
may be disabled by preprocessor symbols)
2000-07-02 19:40:44 +00:00
Dr. Stephen Henson
130832150c Fixes for Win32 build.
This is mostly a work around for the old VC++ problem
that it treats func() as func(void).

Various prototypes had been added to 'compare' function
pointers that triggered this. This could be fixed by removing
the prototype, adding function pointer casts to every call or
changing the passed function to use the expected arguments.
I mostly did the latter.

The mkdef.pl script was modified to remove the typesafe
functions which no longer exist.

Oh and some functions called OPENSSL_freeLibrary() were
changed back to FreeLibrary(), wonder how that happened :-)
2000-06-21 02:25:30 +00:00
Dr. Stephen Henson
3aceb94b9e Safe stack reorganisation in terms of function casts.
After some messing around this seems to work but needs
a few more tests. Working out the syntax for sk_set_cmp_func()
(cast it to a function that itself returns a function pointer)
was painful :-(

Needs some testing to see what other compilers think of this
syntax.

Also needs similar stuff for ASN1_SET_OF etc etc.
2000-06-16 23:29:26 +00:00
Geoff Thorpe
1c4f90a05d Enable DSO support on alpha (OSF1), cc and gcc.
Also, "make update" has added some missing functions to libeay.num,
updated the TABLE for the alpha changes, and updated thousands of
dependancies that have changed from recent commits.
2000-06-13 12:59:38 +00:00
Richard Levitte
ef33b97050 Using checks of the existence of HEADER_{foo}_H in other header files
was a really bad idea.  For example, the following:

	#include <x509.h>
	#include <bio.h>
	#include <asn1.h>

would make sure that things like ASN1_UTCTIME_print() wasn't defined
unless you moved the inclusion of bio.h to above the inclusion of
x509.h.  The reason is that x509.h includes asn1.h, and the
declaration of ASN1_UTCTIME_print() depended on the definition of
HEADER_BIO_H.  That's what I call an obscure bug.

Instead, this change makes sure that whatever header files are needed
for the correct process of one header file are included automagically,
and that the definitions of, for example, BIO-related things are
dependent on the absence of the NO_{foo} macros.  This is also
consistent with the way parts of OpenSSL can be excluded at will.
2000-06-09 10:41:35 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
2000-06-01 22:19:21 +00:00
Geoff Thorpe
7edd20916a "make update" + stripping the type-specific stack functions out of
libeay.num and ssleay.num.
2000-06-01 06:07:19 +00:00
Geoff Thorpe
ccd86b68ef The previous commit to crypto/stack/*.[ch] pulled the type-safety strings
yet tighter, and also put some heat on the rest of the library by
insisting (correctly) that compare callbacks used in stacks are prototyped
with "const" parameters. This has led to a depth-first explosion of
compiler warnings in the code where 1 constification has led to 3 or 4
more. Fortunately these have all been resolved to completion and the code
seems cleaner as a result - in particular many of the _cmp() functions
should have been prototyped with "const"s, and now are. There was one
little problem however;

X509_cmp() should by rights compare "const X509 *" pointers, and it is now
declared as such. However, it's internal workings can involve
recalculating hash values and extensions if they have not already been
setup. Someone with a more intricate understanding of the flow control of
X509 might be able to tighten this up, but for now - this seemed the
obvious place to stop the "depth-first" constification of the code by
using an evil cast (they have migrated all the way here from safestack.h).

Fortunately, this is the only place in the code where this was required
to complete these type-safety changes, and it's reasonably clear and
commented, and seemed the least unacceptable of the options. Trying to
take the constification further ends up exploding out considerably, and
indeed leads directly into generalised ASN functions which are not likely
to cooperate well with this.
2000-06-01 02:36:58 +00:00
Bodo Möller
1fab73ac85 Bugfix: clear error queue after ignoring ssl_verify_cert_chain result. 2000-05-27 22:25:01 +00:00
Bodo Möller
93d8bfcdc4 typo 2000-05-25 11:24:42 +00:00
Bodo Möller
2c05c494c0 Implement SSL_OP_TLS_ROLLBACK_BUG for servers.
Call dh_tmp_cb with correct 'is_export' flag.

Avoid tabs in CHANGES.
2000-05-25 09:50:40 +00:00
Bodo Möller
c129544f0f Avoid sprintf 2000-05-21 14:21:24 +00:00
Bodo Möller
063c0502ef Avoid sprintf. 2000-05-21 14:17:01 +00:00
Bodo Möller
2ea0910031 Avoid sprintf, and harmonize indentation. 2000-05-21 14:14:30 +00:00
Bodo Möller
33399fdee2 Avoid sprintf. 2000-05-21 14:10:05 +00:00
Ulf Möller
0e1c06128a Get rid of more non-ANSI declarations. 2000-05-15 22:54:43 +00:00
Richard Levitte
82271cee5b In Message-ID: <003201bfb332$14a07520$0801a8c0@janm.transactionsite.com>,
"Jan Mikkelsen" <janm@transactionsite.com> correctly states that the
OpenSSL header files have #include's and extern "C"'s in an incorrect
order.  Thusly fixed.
2000-05-02 12:16:01 +00:00
Richard Levitte
7a807ad8a7 "make update" 2000-04-09 12:52:40 +00:00
Bodo Möller
1d90f28029 In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites 2000-04-06 22:33:14 +00:00
Bodo Möller
46b3bd5454 Avoid memory leak. 2000-04-06 22:25:49 +00:00
Bodo Möller
98e04f9eeb Comments for SSL_get_peer_cert_chain inconsistency. 2000-03-27 18:07:45 +00:00
Bodo Möller
617d71bc12 NeXT workaround. 2000-03-26 12:27:30 +00:00
Bodo Möller
448e2f9ba7 Use correct function names in SSLerr macros. 2000-03-14 14:10:56 +00:00
Bodo Möller
7d2509b6df Update usage info 2000-03-13 19:30:59 +00:00
Bodo Möller
65b002f399 Update test suite so that 'make test' succeeds in 'no-rsa' configuration. 2000-03-13 19:24:39 +00:00
Bodo Möller
e11f0de67f Copy DH key (if available) in addition to the bare parameters
in SSL_new.
If SSL_OP_SINGLE_DH_USE is set, don't waste time in SSL_[CTX_]set_tmp_dh
on computing a DH key that will be ignored anyway.

ssltest -dhe1024dsa (w/ 160-bit sub-prime) had an unfair performance
advantage over -dhe1024 (safe prime): SSL_OP_SINGLE_DH_USE was
effectively always enabled because SSL_new ignored the DH key set in
the SSL_CTX.  Now -dhe1024 takes the server only about twice as long
as -dhe1024dsa instead of three times as long (for 1024 bit RSA
with 1024 bit DH).
2000-03-13 17:07:04 +00:00
Bodo Möller
563f1503a8 Connection timings (using ISO C function clock()). 2000-03-13 15:06:54 +00:00
Bodo Möller
863fe2ecac cleaning up a little 2000-03-12 23:27:14 +00:00
Bodo Möller
e458958280 Always use fixed DH parameters created with 'dhparam -C',
don't dynamically create them.  This allows using ssltest
for approximate performance comparisons:
   $ time ./ssltest -num 50 -tls1 -cert ../apps/server2.pem \
     [-no_dhe|-dhe1024dsa|-dhe1024]
(server2.pem contains a 1024 bit RSA key, the default has only
512 bits.) Note that these timings contain both the server's and
the client's computations, they are not a good indicator for
server workload in different configurations.
2000-03-10 13:23:20 +00:00
Bodo Möller
4013f3bf1e Fix the indentation, and avoid a compiler warning. 2000-03-06 10:21:57 +00:00
Richard Levitte
fe10275da8 Let's not lie to the people. 2000-03-06 07:31:17 +00:00
Bodo Möller
59fc2b0fc2 Preserve reason strings in automatically build tables. 2000-03-05 00:19:36 +00:00
Richard Levitte
cde28e18bf New logical names to skip algorithms are now supported. 2000-02-27 10:41:31 +00:00
Dr. Stephen Henson
8ab59e7a49 Fix shadow warning. 2000-02-26 02:16:36 +00:00
Richard Levitte
1e7396beeb Some time in history, SSL_CTX_sessions() disappeared. It is now
restored, but not as a macro this time...
2000-02-25 22:50:28 +00:00
Bodo Möller
87a025cbb4 Use unsigned loop index to make compilers happy 2000-02-25 16:36:07 +00:00
Bodo Möller
b08b07b8ae The previous revision should have generated _more_ warnings, not less ...
The return value of handshake_func is signed, not unsigned.
2000-02-25 15:32:36 +00:00
Geoff Thorpe
4621a00063 More VC++ pickiness. (destest.c doesn't have a "return" and the usual
signed/unsigned stuff in s3_pkt.c)

Submitted by:
Reviewed by:
PR:
2000-02-25 15:09:04 +00:00
Bodo Möller
3813046dc5 Add OpenSSL licen[cs]e. 2000-02-25 14:47:38 +00:00
Bodo Möller
e01eed0fae Fix off-by-one error :-) 2000-02-25 14:40:11 +00:00
Bodo Möller
e5599db448 Fix warnings by using unsigned int where appropriate. 2000-02-25 14:27:31 +00:00
Ulf Möller
a3b17baf4e signed/unsigned mismatch (VC++)
Submitted by: Peter 'Luna' Runestig" <peter+openssl-users@runestig.com>
2000-02-25 14:03:21 +00:00
Dr. Stephen Henson
fbb41ae0ad Allow code which calls RSA temp key callback to cope
with a failure.

Fix typos in some error codes.
2000-02-25 00:23:48 +00:00
Richard Levitte
29a5374fb6 Remove structures that are no longer used. 2000-02-24 14:00:05 +00:00
Ulf Möller
4d524e10b4 nicer manpages 2000-02-24 11:55:57 +00:00
Ralf S. Engelschall
c6a33c6f61 Add missing prototypes for new functions 2000-02-24 10:48:36 +00:00
Ulf Möller
4c5fac4ac4 Fix NO_RSA (misplaced #endif). 2000-02-24 04:41:03 +00:00
Richard Levitte
e6a58767c5 make update 2000-02-23 23:38:59 +00:00
Dr. Stephen Henson
3142c86d65 Allow ADH to be used but not present in the default cipher
list.

Allow CERTIFICATE to be used in PEM headers for PKCS#7 structures:
some CAs do this.
2000-02-23 01:11:01 +00:00
Dr. Stephen Henson
72b60351f1 Change EVP_MD_CTX_type so it is more logical and add EVP_MD_CTX_md for
the old functionality.

Various warning fixes.

Initial EVP symmetric cipher docs.
2000-02-22 02:59:26 +00:00
Bodo Möller
1b8a8088a5 Workarounds to make broken programs happy (such as s_client and s_server). 2000-02-21 17:46:20 +00:00
Bodo Möller
a2a0158959 Fix some bugs and document others 2000-02-21 17:09:54 +00:00
Bodo Möller
e7ecc7d4dd Move ssl3_do_write from s3_pkt.c to s3_both.c. 2000-02-21 11:14:40 +00:00
Bodo Möller
745c70e565 Move MAC computations for Finished from ssl3_read_bytes into
ssl3_get_message, which is more logical (and avoids a bug,
in addition to the one that I introduced yesterday :-)
and makes Microsoft "fast SGC" less special.
MS SGC should still work now without an extra state of its own
(it goes directly to SSL3_ST_SR_CLNT_HELLO_C, which is the usual state
for reading the body of a Client Hello message), however this should
be tested to make sure, and I don't have a MS SGC client.
2000-02-21 10:16:30 +00:00
Richard Levitte
d3442bc780 Move the registration of callback functions to special functions
designed for that.  This removes the potential error to mix data and
function pointers.

Please note that I'm a little unsure how incorrect calls to the old
ctrl functions should be handled, in som cases.  I currently return 0
and that's it, but it may be more correct to generate a genuine error
in those cases.
2000-02-20 23:43:02 +00:00
Bodo Möller
dab6f09573 Workaround for irrelevant problem. 2000-02-20 23:40:01 +00:00