wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4392 commits 20 branches 302 tags 153 MiB
Commit graph

350 commits

Author SHA1 Message Date
Bodo Möller
a10b85d9e6 make code a little more similar to what it looked like before the fixes 2001-11-10 10:43:51 +00:00
Bodo Möller
a807f6460e important SSL 2.0 bugfixes 2001-11-10 01:15:29 +00:00
Richard Levitte
d6945e10b5 Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names 2001-10-29 13:06:29 +00:00
Bodo Möller
0b9925be4f Consistency with s2_... and s23_... variants (no real functional 
change)
 2001-10-25 08:18:56 +00:00
Bodo Möller
3e9ae0c462 Oops 2001-10-25 08:18:36 +00:00
Bodo Möller
96ec4ce0d2 Assume TLS 1.0 if ClientHello fragment is too short. 2001-10-25 06:06:50 +00:00
Bodo Möller
38b3e9edde Fix SSL handshake functions and SSL_clear() such that SSL_clear() 
never resets s->method to s->ctx->method when called from within one
of the SSL handshake functions.
 2001-10-24 19:05:26 +00:00
Bodo Möller
9ccadf1c6f In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if 
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
 2001-10-20 17:52:40 +00:00
Bodo Möller
2dbdcd9734 Fix ssl3_get_message to handle message fragmentation correctly. 2001-10-15 17:42:43 +00:00
Bodo Möller
1147fa5a5f the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK 
case of ssl3_accept
 2001-10-15 17:40:22 +00:00
Bodo Möller
ae9010abd5 comment 2001-09-24 07:57:20 +00:00
Bodo Möller
029dfa64d4 bugfix: handle HelloRequest received during handshake correctly 2001-09-21 11:19:26 +00:00
Bodo Möller
f8845509b6 Disable session related stuff in SSL_ST_OK case of ssl3_accept if we 
just sent a HelloRequest.
 2001-09-21 07:01:04 +00:00
Bodo Möller
3f98e1dd11 Bugfix: correct cleanup after sending a HelloRequest 2001-09-21 00:03:00 +00:00
Bodo Möller
e53afa9e9b fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case 2001-09-20 21:36:39 +00:00
Bodo Möller
e41c5bd730 Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't 
reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
 2001-09-20 18:34:36 +00:00
Bodo Möller
10981a5c84 add comment 2001-09-14 13:48:37 +00:00
Bodo Möller
9cf8888149 Increase permissible ClientKeyExchange message length as in main 
branch (revision 1.50, 2000-11-17)
 2001-09-14 13:32:03 +00:00
Lutz Jänicke
a04baf9b5c Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.) 2001-08-25 11:48:35 +00:00
Lutz Jänicke
51db1db082 Checked in from the wrong !@#$%^&*() copy... 2001-08-21 07:27:47 +00:00
Lutz Jänicke
653cc07b51 Alert description strings for TLSv1 and documentation. 2001-08-19 16:23:57 +00:00
Bodo Möller
904de6e4f5 Bugfix: larger message size in ssl3_get_key_exchange() because 
ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>
 2001-08-07 09:31:03 +00:00
Lutz Jänicke
65ce21da9a Fix typos (shinagawa@star.zko.dec.com). 2001-08-07 07:53:53 +00:00
Lutz Jänicke
dd186f600d Only set the verify callback if there's one to set! 2001-07-31 10:20:53 +00:00
Lutz Jänicke
03a70bad4f Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:48:20 +00:00
Richard Levitte
7ca6deef3f SSL_get_rfc were documented but not implemented. 2001-07-16 10:50:49 +00:00
Richard Levitte
026dad0f3b SSL_get_[rw]fd were documented but not implemented. 2001-07-15 20:12:45 +00:00
Bodo Möller
dab4c2824f pay attention to blocksize before attempting decryption 2001-06-15 18:06:06 +00:00
Richard Levitte
e90323844f Use memmove() instead of memcpy() on areas that may overlap. 
Spotted by Nalin Dahyabhai <nalin@redhat.com>
 2001-06-07 04:45:55 +00:00
Bodo Möller
83583e9479 Fix Bleichenbacher PKCS #1 1.5 countermeasure. 
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway,
otherwise this would be a security relevant patch.)
 2001-06-01 09:43:23 +00:00
Bodo Möller
9a22ce66c9 This change should be suitable as a workaround for the Solaris x86 
compiler bug reported in <01032110293775.22278@weba3.iname.net>
(the '++seq[i]' condition is evaluated as 256 rather than 0
when the previous value is 255).
 2001-04-03 13:46:36 +00:00
Bodo Möller
1e01dbfbb2 backport the comment (here it's NO_DH, not OPENSSL_NO_DH ...) 2001-03-22 15:00:45 +00:00
Bodo Möller
6ebcd441d6 Avoid compiler warning for NO_DH as in the main trunk. 2001-03-22 14:59:18 +00:00
Richard Levitte
5098bc92f8 A correction from the main trunk that was forgotten. 2001-03-13 14:39:51 +00:00
Bodo Möller
c6a15854ee Consistently use 'void *' for SSL read, peek and write functions. 2001-03-09 10:08:06 +00:00
Bodo Möller
f46a878e3f add ssl23_peek 2001-03-08 21:53:29 +00:00
Richard Levitte
3e0d891828 SSLv2 session reuse bugfix from main development branch. 2001-03-05 14:52:30 +00:00
Dr. Stephen Henson
de0b3ab7fb Zero the premaster secret after deriving the master secret in DH 
ciphersuites.
 2001-01-25 13:20:39 +00:00
Bodo Möller
6610d4f3b9 For improved compatibility with 'strange' certificates, add some 
digest aliases (as found in OpenSSL_add_all_digests).
 2001-01-23 13:55:01 +00:00
Bodo Möller
799751bcff Get rid of unused error code. 2000-12-27 23:41:50 +00:00
Bodo Möller
beaea31a96 Finish SSL_peek/SSL_pending fixes. 2000-12-26 12:06:48 +00:00
Bodo Möller
a9c3dc60b9 Fix SSL_peek and SSL_pending. 2000-12-25 18:41:37 +00:00
Bodo Möller
7947f98b9b Fix another buffer overrun bug (which is not really a bug because 
s->s2->escape is never set when sending data because the escape
bit is just reserved for future use in SSL 2.0)
 2000-12-18 11:32:09 +00:00
Bodo Möller
fc4868cb47 Increase wbuf by one byte to fix the bug reported by 
Eric Day <eday@concentric.net> to openssl-dev@openssl.org,
Message-ID: <20001218013437.A5526@concentric.net>
 2000-12-18 11:23:23 +00:00
Bodo Möller
555a8493cd typo 2000-12-14 17:45:36 +00:00
Bodo Möller
2452e013aa The first step towards a SSL_peek fix. 
The main thing to verify about these changes is that nothing at all
has changed, as far as behaviour is concerned (except that some
SSLerr() invocations now have a different function code): SSL_read
(ssl2_read, ssl3_read) behaves exactly as before, and SSL_peek refuses
to do any work exactly as before.  But now the functions actually
doing the work have a 'peek' flag, so it should be easy to change them
to behave accordingly.
 2000-12-14 17:34:42 +00:00
Lutz Jänicke
673d7ac121 Store verify_result with sessions to avoid potential security hole. 
For the server side this was already done one year ago :-(
 2000-11-29 18:12:32 +00:00
Bodo Möller
666d437538 Disable SSL_peek. 2000-11-28 11:14:39 +00:00
Richard Levitte
c125ea2767 Fix from main trunk, 2000-09-26 13:30 bodo: 
Don't modify s->read_ahead in SSL_clear, which is called from
accept/connect functions; those should not change the read_ahead
setting of the SSL structure.

Fix from main trunk, 2000-09-26 13:38  bodo:

Set s->read_ahead in SSL_new because SSL_clear no longer modifies it.
 2000-10-11 09:15:53 +00:00
Richard Levitte
df4fd356df Fix from main trunk, 2000-09-26 13:25 bodo: 
Fix SSL_CTX_set_read_ahead macro.

Submitted by: Anders Gertz <gertz@epact.se>
 2000-10-11 09:14:17 +00:00