Commit graph

4333 commits

Author SHA1 Message Date
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback().
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Dr. Stephen Henson
98e6654938 Typo. 2001-10-20 16:22:28 +00:00
Dr. Stephen Henson
cecd263878 Add missing EVP_CIPHER_CTX_{init,cleanup} 2001-10-20 16:18:03 +00:00
Bodo Möller
31fe950d2b gcc complained about "write" being shadowed even though the "write"
variable name occured just in a function *prototype* -- so rename it
2001-10-17 20:44:25 +00:00
Richard Levitte
db6a87d8cc Wrong place... 2001-10-17 17:54:17 +00:00
Richard Levitte
7beb408771 The EVP_*Init_ex() functions take one extra argument. Let's default
it to NULL.
2001-10-17 16:03:42 +00:00
Bodo Möller
51008ffce1 document SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 2001-10-17 11:56:26 +00:00
Dr. Stephen Henson
3811eed8d5 Update docs. 2001-10-17 01:50:32 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Lutz Jänicke
41ebed27fa Flush buffers to prevent mixed output (Adam Back <adam@cypherspace.org>). 2001-10-16 14:24:46 +00:00
Bodo Möller
bf21446a2a Add per-SSL 'msg_callback' with 'msg_callback_arg'.
Both have per-SSL_CTX defaults.
These new values can be set by calling SSL[_CTX]_[callback_]ctrl
with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG.

So far, the callback is never actually called.


Also rearrange some SSL_CTX struct members (some exist just in
SSL_CTXs, others are defaults for SSLs and are either copied
during SSL_new, or used if the value in the SSL is not set;
these three classes of members were not in a logical order),
and add some missing assignments to SSL_dup.
2001-10-16 13:09:24 +00:00
Dr. Stephen Henson
e72d734d5f Update docs. 2001-10-16 02:22:59 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Bodo Möller
9ba3ec9176 The message header for fake SSL 3.0/TLS 1.0 client hellos created from
SSL 2.0 client hellos added with the previous commit was totally wrong --
it must start with the message type, not the protocol version.
(Not that this particular header is actually used anywhere ...)
2001-10-16 00:56:04 +00:00
Bodo Möller
8f71fb8d98 For consistency, set s->init_num in the 'reuse_message' case
(if s23_srvr.c faked the message, s->init_num is 0).
2001-10-15 20:16:36 +00:00
Bodo Möller
48948d53b6 Change ssl3_get_message and the functions using it so that complete
'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.

(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)
2001-10-15 19:49:25 +00:00
Bodo Möller
dbec19622e make sure .rnd exists 2001-10-15 17:58:00 +00:00
Bodo Möller
2ce15df528 Fix ssl3_get_message handle message fragmentation correctly. 2001-10-15 17:41:41 +00:00
Bodo Möller
681bfae499 the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK
case of ssl3_accept
2001-10-15 17:40:42 +00:00
Ulf Möller
5dd955dcd2 openbsd-x86 macros
Submitted by: Toomas Kiisk <vix@cyber.ee>
2001-10-14 00:57:30 +00:00
Lutz Jänicke
56fa8e69cf Update information as a partial response to the post
From: "Chris D. Peterson" <cpeterson@aventail.com>
  Subject: Implementation Issues with OpenSSL
  To: openssl-users@openssl.org
  Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
2001-10-12 12:29:16 +00:00
Richard Levitte
67d0738aba In certain cases, no encoding has been set up for the b64 filter. In
such cases, a flush should *not* attempt to finalise the encoding, as
the EVP_ENCODE_CTX structure will only be filled with garbage.  For
the same reason, do the same check when a wpending is performed.
2001-10-11 19:38:40 +00:00
Richard Levitte
b8a61e7362 'make update' 2001-10-10 21:52:06 +00:00
Richard Levitte
dd5e774664 Add support for md4WithRSAEncryption. 2001-10-10 21:37:45 +00:00
Richard Levitte
6b86bad5ef For systems where gcc is used and where we don't know if GNU ld is
used or not, let's ask collect2 which ld it uses and choose to use the
target do-gnu_shared if GNU ld is used.

This solves the reported problems on Solaris systems where GNU cc is
used but GNU ld isn't, and probably on other systems with similar
setups.
2001-10-10 14:46:41 +00:00
Richard Levitte
712557128b 'make update' 2001-10-10 08:27:52 +00:00
Richard Levitte
3009e9f9ef It seems like gcc does canonicalisation of file names. More
specifically, a starting './' is removed.  makedepend doesn't do this,
resulting in another possible commit war, so let's fix that by doing a
poor mans canonicalisation of file names that gives the same effect as
doing dependencies through gcc.
2001-10-10 08:27:28 +00:00
Richard Levitte
b30245dae0 'make update' 2001-10-10 07:56:20 +00:00
Richard Levitte
116daf4c2f To avoid commit wars over dependencies, let's make it so things that
depend on the environment, like the presence of the OpenBSD crypto
device or of Kerberos, do not change the dependencies within OpenSSL.
2001-10-10 07:55:02 +00:00
Richard Levitte
cb40bdaf57 makedepend sometimes produces duplicates. Remove them. 2001-10-10 07:44:54 +00:00
Richard Levitte
4b12506891 A few more OIDs, contributed by Peter Sylvester <Peter.Sylvester@EdelWeb.fr> 2001-10-09 15:32:23 +00:00
Geoff Thorpe
cf98440178 evp_test.c and evptests.txt both need to be linked in the test/ directory
however for different reasons. This separation should prevent the win32
build from interpreting evptests.txt as source code.
2001-10-09 01:38:31 +00:00
Geoff Thorpe
c500d44735 Change some EVP prototypes to use "cipher" rather than "type" as a variable
name. The implementations already use this anyway.
2001-10-08 17:25:42 +00:00
Geoff Thorpe
18eda73234 EVP_EncryptInit_ex() and EVP_DecryptInit_ex() had been defined in evp.h but
not implemented. (Bug reported by Martin Szotkowski)

This also changes the non-"_ex" versions to defer directly to
EVP_CipherInit_ex() rather than EVP_CipherInit() to avoid an unecessary
level of indirection.
2001-10-08 17:24:10 +00:00
Geoff Thorpe
7526e2c043 As ENGINE_load_openbsd_dev_crypto() is an API function, it makes sense for
it to be defined on all platforms whether or not it is of any practical
use on them. This also resolves linker problems on "special" platforms,
such as win32.
2001-10-08 17:08:17 +00:00
Geoff Thorpe
6d52f260bf Make sure the "ENGINE_TABLE" cleanup callbacks have correct prototypes. 2001-10-08 17:06:52 +00:00
Geoff Thorpe
752f2b6785 Missing pointer in the eng_table_register function. Reported by
Martin Szotkowski.
2001-10-08 14:44:38 +00:00
Lutz Jänicke
e1c279b63d Small documentation fixes (Howard Lum <howard@pumpkin.canada.sun.com>) 2001-10-08 08:37:24 +00:00
Richard Levitte
467889703a Copy evptests.txt to the right place. 2001-10-04 21:15:03 +00:00
Richard Levitte
3a457cca86 Typo... 2001-10-04 19:25:12 +00:00
Richard Levitte
285046ec51 SSL_add_dir_cert_subjects_to_stack for Win32 finally implemented.
Submitted by Massimo Santin <msantin@santineassociati.com>.
2001-10-04 12:27:39 +00:00
Richard Levitte
f8000b9345 'make update' 2001-10-04 07:49:09 +00:00
Richard Levitte
77a8eb352f Since ossl_typ.h is an exported header, we sure need to export it on
VMS as well :-).
2001-10-04 07:46:30 +00:00
Richard Levitte
114697bef3 Because there's chances we clash with the system's types.h, rename our
types.h to ossl_typ.h.
Also, it seems like krb5 was forgotten in some places.
2001-10-04 07:34:45 +00:00
Richard Levitte
2aa9043ad3 Because there's chances we clash with the system's types.h, rename our
types.h to ossl_typ.h.
2001-10-04 07:32:46 +00:00
Dr. Stephen Henson
1a095560f7 Use the maximum block length for the extra size in the encrypt
BIO buffer instead of hard coding it as 8.
2001-10-03 12:47:03 +00:00
Dr. Stephen Henson
f329b8d73b Make EVP_DecryptUpdate work again. 2001-10-02 16:19:49 +00:00
Richard Levitte
3d90a32429 sch isn't an array, how did this pass through gcc? 2001-10-02 11:49:55 +00:00
Richard Levitte
e3a7463c5d A lot of things are undeclared unless x509.h is included. 2001-10-02 11:06:42 +00:00
Richard Levitte
796c6eadcb Hmm, everything "open" isn't necessarely "openssl" :-).
*sigh* habit...
2001-10-02 10:03:15 +00:00