Bodo Möller
076944d920
Fix algorithm handling for ECC ciphersuites: Adapt to recent changes,
...
and allow more general RSA OIDs for ECC certs with RSA CA sig.
2006-06-15 18:28:00 +00:00
Bodo Möller
09e20e0bd8
Fix another new bug in the cipherstring logic.
2006-06-15 17:17:06 +00:00
Bodo Möller
a717831da4
Fix another bug introduced yesterday when deleting Fortezza stuff:
...
make sure 'mask' is initialized in ssl_cipher_get_disabled().
Also simplify code by removing some unused arguments in static functions.
2006-06-15 16:54:20 +00:00
Bodo Möller
4dfc8f1f0b
Oops ... deleted too much in the previous commit when I deleted
...
the Fortezza stuff
2006-06-15 16:07:10 +00:00
Bodo Möller
5b57fe0a1e
Disable invalid ciphersuites
2006-06-14 17:51:46 +00:00
Bodo Möller
89bbe14c50
Ciphersuite string bugfixes, and ECC-related (re-)definitions.
2006-06-14 17:40:31 +00:00
Bodo Möller
6635b48cd1
Make sure that AES ciphersuites get priority over Camellia
...
ciphersuites in the default cipher string.
2006-06-14 13:58:48 +00:00
Bodo Möller
675f605d44
Thread-safety fixes
2006-06-14 08:55:23 +00:00
Bodo Möller
f3dea9a595
Camellia cipher, contributed by NTT
...
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Richard Levitte
4d4e08ec1c
Use a new signed int ii instead of j (which is unsigned) to handle the
...
return value from sk_SSL_CIPHER_find().
2006-05-28 19:44:27 +00:00
Dr. Stephen Henson
6657b9c73a
Fix warnings.
2006-05-26 13:27:58 +00:00
Richard Levitte
7e76e56387
Someone made a mistake, and some function and reason codes got
...
duplicate numbers. Renumbering.
2006-05-12 15:27:52 +00:00
Dr. Stephen Henson
5cda6c4582
Fix from stable branch.
2006-05-07 12:30:37 +00:00
Dr. Stephen Henson
c20276e4ae
Fix (most) WIN32 warnings and errors.
2006-04-17 12:08:22 +00:00
Dr. Stephen Henson
ba1ba5f0fb
If cipher list contains a match for an explicit ciphersuite only match that
...
one suite.
2006-04-15 00:22:05 +00:00
Dr. Stephen Henson
8795d38906
Update dependencies.
2006-04-08 13:04:31 +00:00
Bodo Möller
a01d9ac558
Remove ECC extension information from external representation
...
of the session -- we don't really need it once the handshake
has completed.
2006-04-05 17:11:19 +00:00
Dr. Stephen Henson
e2bce37720
Stop warning.
2006-04-04 18:11:49 +00:00
Bodo Möller
a4974de937
clarification
2006-04-03 14:11:23 +00:00
Bodo Möller
22f41c9b99
check length properly
...
Submitted by: Peter Sylvester
2006-04-03 13:57:56 +00:00
Bodo Möller
a123c552cd
simplify: use s2n macro
2006-04-03 13:07:18 +00:00
Bodo Möller
b2172f4f8e
Avoid hard-coded table length where we can use sizeof.
...
Submitted by: Peter Sylvester
Reviewed by: Bodo Moeller
2006-04-03 11:56:30 +00:00
Bodo Möller
dc1d1b6934
fix memory leak
...
Submitted by: Peter Sylvester
2006-04-03 11:49:18 +00:00
Bodo Möller
a70183bc80
fix for hostname extension
...
Submitted by: Kaspar Brand, Peter Sylvester
2006-03-30 02:53:30 +00:00
Bodo Möller
332737217a
Implement Supported Elliptic Curves Extension.
...
Submitted by: Douglas Stebila
2006-03-30 02:44:56 +00:00
Bodo Möller
f393b7449d
Implement cipher-suite selection logic given Supported Point Formats Extension.
...
Submitted by: Douglas Stebila
2006-03-30 02:35:09 +00:00
Bodo Möller
9e5dba197c
Simplify ASN.1 for point format list
...
Submitted by: Douglas Stebila
2006-03-26 10:53:52 +00:00
Nils Larsch
c6a27f0178
fix for OPENSSL_NO_EC
...
PR: 1293
2006-03-15 19:17:56 +00:00
Nils Larsch
67b6f1ca88
fix problems found by coverity: remove useless code
2006-03-15 17:45:43 +00:00
Richard Levitte
a4ff392503
tlsext_ecpointformatlist_length is unsigned, so check if it's less
...
than zero will only result in pissing of some compilers...
2006-03-15 09:57:16 +00:00
Nils Larsch
90bdfd97a6
signed vs. unsigned
2006-03-13 22:07:05 +00:00
Richard Levitte
b9865f110e
Oh, now I noticed Bodo's change that made tlsext_ecpointformatlist
...
unsigned...
2006-03-13 12:37:19 +00:00
Richard Levitte
07ef612968
Resolve signed vs. unsigned issues
2006-03-13 12:32:51 +00:00
Bodo Möller
019fdc7850
fix sign problems
2006-03-13 09:55:06 +00:00
Nils Larsch
7c382796be
remove unused variables
2006-03-13 07:21:39 +00:00
Bodo Möller
b6acb8d0de
udpate Supported Point Formats Extension code
...
Submitted by: Douglas Stebila
2006-03-13 01:24:38 +00:00
Nils Larsch
6adbcb9755
fix comment
...
Submitted by: Peter Sylvester
2006-03-12 23:00:32 +00:00
Nils Larsch
e968089485
use BIO_snprintf() instead of snprintf + use BIO_FP_TEXT for text output
...
Submitted by: Gisle Vanem
2006-03-12 22:16:57 +00:00
Bodo Möller
36ca4ba63d
Implement the Supported Point Formats Extension for ECC ciphersuites
...
Submitted by: Douglas Stebila
2006-03-11 23:46:37 +00:00
Nils Larsch
ddac197404
add initial support for RFC 4279 PSK SSL ciphersuites
...
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
2006-03-10 23:06:27 +00:00
Nils Larsch
f71165b556
fix no-dh configure option; patch supplied by Peter Meerwald
2006-02-24 17:58:43 +00:00
Bodo Möller
e67ed82877
move new member of SSL_SESSION to the end
...
(minimize changes to binary format)
Submitted by: Peter Sylvester
2006-02-07 14:26:43 +00:00
Dr. Stephen Henson
15ac971681
Update filenames in makefiles.
2006-02-04 01:45:59 +00:00
Nils Larsch
8c5a2bd6bb
add additional checks + cleanup
...
Submitted by: David Hartman <david_hartman@symantec.com>
2006-01-29 23:12:22 +00:00
Nils Larsch
00fe865dbe
recent changes from 0.9.8: fix cipher list order in s3_lib.c,
...
make "no-ssl2" work again
PR: 1217
2006-01-15 17:35:28 +00:00
Richard Levitte
6b9e941ee3
signed vs. unsigned clash.
2006-01-14 11:49:24 +00:00
Bodo Möller
58ece83395
Further TLS extension improvements
...
Submitted by: Peter Sylvester
2006-01-13 09:21:10 +00:00
Bodo Möller
6ad47e83b4
improvements for alert handling
2006-01-11 07:18:35 +00:00
Bodo Möller
241520e66d
More TLS extension related changes.
...
Submitted by: Peter Sylvester
2006-01-11 06:10:40 +00:00
Bodo Möller
a13c20f603
Further TLS extension updates
...
Submitted by: Peter Sylvester
2006-01-09 19:49:05 +00:00
Bodo Möller
51eb1b81f6
Avoid contradictive error code assignments.
...
"make errors".
2006-01-08 21:54:24 +00:00
Bodo Möller
739a543ea8
Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)
2006-01-08 19:42:30 +00:00
Bodo Möller
01c76c6606
There's no such things as DTLS1_AD_MISSING_HANDSHAKE_MESSAGE.
...
For now, anyway.
2006-01-07 20:44:29 +00:00
Bodo Möller
d32f888db1
prepare for additional RFC3546 alerts
2006-01-07 20:33:16 +00:00
Bodo Möller
f7914dbf9a
make sure that the unrecognized_name alert actually gets sent
...
Submitted by: Peter Sylvester
2006-01-07 20:29:50 +00:00
Bodo Möller
3ff94a009b
complete and correct RFC3546 error codes
2006-01-07 20:28:11 +00:00
Bodo Möller
1aeb3da83f
Fixes for TLS server_name extension
...
Submitted by: Peter Sylvester
2006-01-06 09:08:59 +00:00
Richard Levitte
8de5b7f548
Fix signed/unsigned char clashes.
2006-01-04 12:02:43 +00:00
Bodo Möller
f1fd4544a3
Various changes in the new TLS extension code, including the following:
...
- fix indentation
- rename some functions and macros
- fix up confusion between SSL_ERROR_... and SSL_AD_... values
2006-01-03 03:27:19 +00:00
Bodo Möller
ed3883d21b
Support TLS extensions (specifically, HostName)
...
Submitted by: Peter Sylvester
2006-01-02 23:14:37 +00:00
Bodo Möller
7476f3ac3b
Rewrite timeout computation in a way that is less prone to overflow.
...
(Problem reported by Peter Sylvester.)
2005-12-30 23:51:36 +00:00
Andy Polyakov
be7b4458f2
Keep disclaiming 16-bit platform support. For now remove WIN16 references
...
from .h files...
2005-12-18 19:11:37 +00:00
Bodo Möller
d56349a2aa
update TLS-ECC code
...
Submitted by: Douglas Stebila
2005-12-13 07:33:35 +00:00
Dr. Stephen Henson
7bbcb2f690
Avoid warnings on VC++ 2005.
2005-12-05 17:21:22 +00:00
Bodo Möller
d804f86b88
disable some invalid ciphersuites
2005-11-15 23:32:11 +00:00
Bodo Möller
72dce7685e
Add fixes for CAN-2005-2969.
...
(This were in 0.9.7-stable and 0.9.8-stable, but not in HEAD so far.)
2005-10-26 19:40:45 +00:00
Dr. Stephen Henson
c1de1a190d
Avoid warning on Win32.
2005-10-08 17:31:18 +00:00
Dr. Stephen Henson
566dda07ba
New option SSL_OP_NO_COMP to disable compression. New ctrls to set
...
maximum send fragment size. Allocate I/O buffers accordingly.
2005-10-08 00:18:53 +00:00
Dr. Stephen Henson
231b98a5e1
Make OPENSSL_NO_COMP work under Win32.
2005-10-02 12:28:40 +00:00
Dr. Stephen Henson
d08b6b44ba
Fix compilation without OPENSSL_NO_COMP :-)
2005-10-01 00:40:34 +00:00
Dr. Stephen Henson
09b6c2ef15
Make OPENSSL_NO_COMP compile again.
2005-09-30 23:35:33 +00:00
Dr. Stephen Henson
61094cf3dc
128 bit AES ciphersuites should be classified as HIGH.
2005-09-21 00:55:42 +00:00
Nils Larsch
8215e7a938
fix warnings when building openssl with the following compiler options:
...
-Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar
-Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts
-Wstrict-prototypes -Wreturn-type -Wpointer-arith -W -Wunused
-Wno-unused-parameter -Wuninitialized
2005-08-28 22:49:57 +00:00
Ben Laurie
337e368239
Fix warnings.
2005-08-27 12:10:34 +00:00
Nils Larsch
6e119bb02e
Keep cipher lists sorted in the source instead of sorting them at
...
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.
2005-08-25 07:29:54 +00:00
Nils Larsch
7f3c9036ea
initialize cipher/digest methods table in SSL_library_init() and hence remove the need for a lock
2005-08-21 23:06:23 +00:00
Nils Larsch
4ebb342fcd
Let the TLSv1_method() etc. functions return a const SSL_METHOD
...
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-14 21:48:33 +00:00
Nils Larsch
eba63ef58b
a ssl object needs it's own instance of a ecdh key; remove obsolete comment
2005-08-08 20:02:18 +00:00
Nils Larsch
01a9792f05
remove unused internal foo_base_method functions
2005-08-08 19:04:37 +00:00
Dr. Stephen Henson
f3b656b246
Initialize SSL_METHOD structures at compile time. This removes the need
...
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-08-05 23:56:11 +00:00
Andy Polyakov
19bd66fe74
WCE update, mostly typos.
2005-08-03 19:56:36 +00:00
Nils Larsch
c755c5fd8b
improved error checking and some fixes
...
PR: 1170
Submitted by: Yair Elharrar
Reviewed and edited by: Nils Larsch
2005-07-26 21:10:34 +00:00
Richard Levitte
b2a9d36a7f
bytes_to_long_long isn't used anywhere any more, so let's remove it
...
entirely.
2005-07-26 05:10:50 +00:00
Richard Levitte
04f15edb91
I'm reversing this change, as it seems the error is somewhere else.
2005-07-26 04:53:21 +00:00
Geoff Thorpe
f920c5b590
Fix signed/unsigned warnings.
2005-07-26 04:25:05 +00:00
Geoff Thorpe
05fc7018f8
Fix PEDANTIC compilation, using the same trick as elsewhere.
2005-07-26 04:05:03 +00:00
Geoff Thorpe
a384002724
Fix 64-bit compilation when PQ_64BIT_IS_INTEGER isn't defined.
2005-07-26 04:01:50 +00:00
Geoff Thorpe
20a90e3a76
Fix some signed/unsigned warnings.
2005-07-22 03:36:30 +00:00
Nils Larsch
3eeaab4bed
make
...
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
make depend all test
work again
PR: 1159
2005-07-16 12:37:36 +00:00
Ben Laurie
a51a97262d
Brought forward from 0.9.8 - 64 bit warning fixes and fussy compiler fixes.
2005-06-29 11:02:15 +00:00
Andy Polyakov
83e68987b3
Eliminate dependency on UNICODE macro.
2005-06-27 21:27:23 +00:00
Richard Levitte
543b4ecc13
DCC doesn't like argument names in returned function pointers.
...
PR: 1122
2005-06-23 21:35:25 +00:00
Andy Polyakov
44eff497e8
Fix typo in ssl/d1_pkt.c.
2005-06-20 19:36:34 +00:00
Andy Polyakov
50ec3951dc
Handle wrap-arounds and revive missing assignment.
2005-06-20 12:40:37 +00:00
Richard Levitte
fbd63d0784
Do not undefine _XOPEN_SOURCE. This is currently experimental, and
...
will be firmed up as soon as it's been verified not to break anything.
2005-06-16 22:20:55 +00:00
Nils Larsch
f0747cd950
- let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an
...
error if the cipher list is empty
- fix last commit in ssl_create_cipher_list
- clean up ssl_create_cipher_list
2005-06-10 19:55:26 +00:00
Nils Larsch
052ec89927
use "=" instead of "|=", fix typo
2005-06-08 22:22:33 +00:00
Nils Larsch
cbed917fee
ssl_create_cipher_list should return an error if no cipher could be
...
collected (see SSL_CTX_set_cipher_list manpage). Fix handling of
"cipher1+cipher2" expressions in ssl_cipher_process_rulestr.
PR: 836 + 1005
2005-06-08 21:19:14 +00:00
Andy Polyakov
dffdb56b7f
"Liberate" dtls from BN dependency. Fix bug in replay/update.
2005-06-07 22:21:14 +00:00
Richard Levitte
d1acb9b44f
Further change pq_compat.h to generate the flag macros PQ_64BIT_IS_INTEGER
...
and PQ_64BIT_IS_BIGNUM with the values 0 (for false) and 1 (for true),
depending on which is true. Use those flags everywhere else to provide
the correct implementation for handling certain operations in q PQ_64BIT.
2005-06-06 00:32:11 +00:00
Richard Levitte
02c5ddf91e
From 0.9.8-stable:
...
handshake_write_seq is an unsigned short, so treat it like one
2005-06-04 04:18:26 +00:00
Nils Larsch
1d42741a19
clear error queue on success and return NULL if no cert could be read
...
PR: 1088
2005-06-01 08:38:44 +00:00
Richard Levitte
75c00536ba
Synchronise more with the Unix build.
2005-05-31 20:28:41 +00:00
Richard Levitte
188b05792f
pqueue and dtls uses 64-bit values. Unfortunately, OpenSSL doesn't
...
have a uniform representation for those over all architectures, so a
little bit of hackery is needed.
Contributed by nagendra modadugu <nagendra@cs.stanford.edu>
2005-05-30 22:34:37 +00:00
Richard Levitte
80b168a5a9
We have some source with \r\n as line ends. DEC C informs about that,
...
and I really can't be bothered...
2005-05-29 12:13:51 +00:00
Richard Levitte
fe8bf9560d
When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in
...
http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html .
Notified by David Wolfe <dwolfe5272@yahoo.com>
2005-05-21 17:39:43 +00:00
Andy Polyakov
ce92b6eb9c
Further BUILDENV refinement, further fool-proofing of Makefiles and
...
[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 .
2005-05-16 16:55:47 +00:00
Nils Larsch
9dd8405341
ecc api cleanup; summary:
...
- hide the EC_KEY structure definition in ec_lcl.c + add
some functions to use/access the EC_KEY fields
- change the way how method specific data (ecdsa/ecdh) is
attached to a EC_KEY
- add ECDSA_sign_ex and ECDSA_do_sign_ex functions with
additional parameters for pre-computed values
- rebuild libeay.num from 0.9.7
2005-05-16 10:11:04 +00:00
Andy Polyakov
81a86fcf17
Fool-proofing Makefiles
2005-05-15 22:23:26 +00:00
Dr. Stephen Henson
f795123c4a
Fix from stable branch.
2005-05-12 22:39:42 +00:00
Bodo Möller
3f19bbf4e3
fix msg_callback() arguments for SSL 2.0 compatible client hello
...
(previous revision got this wrong)
2005-05-12 06:24:25 +00:00
Bodo Möller
c6c2e3135d
Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled
...
with the SSL_OP_NO_SSLv2 option.
2005-05-11 18:25:49 +00:00
Nils Larsch
35e8510e60
use 'p' as conversion specifier for printf to avoid truncation of
...
pointers on 64 bit platforms. Patch supplied by Daniel Gryniewicz
via Mike Frysinger <vapier@gentoo.org>.
PR: 1064
2005-05-10 11:55:28 +00:00
Nils Larsch
8b15c74018
give EC_GROUP_new_by_nid a more meanigful name:
...
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Bodo Möller
fbeaa3c47d
Update util/ck_errf.pl script, and have it run automatically
...
during "make errors" and thus during "make update".
Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
2005-05-09 00:27:37 +00:00
Nils Larsch
7dc17a6cf0
give EC_GROUP_*_nid functions a more meaningful name
...
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
EC_GROUP_set_nid -> EC_GROUP_set_curve_name
2005-05-08 22:09:12 +00:00
Nils Larsch
9e5790ce21
backport fix from the stable branch
2005-05-03 10:00:16 +00:00
Nils Larsch
7c7667b86b
check return value of RAND_pseudo_bytes; backport from the stable branch
2005-04-29 20:10:06 +00:00
Dr. Stephen Henson
6c61726b2a
Lots of Win32 fixes for DTLS.
...
1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.
2005-04-27 16:27:14 +00:00
Bodo Möller
aa4ce7315f
Fix various incorrect error function codes.
...
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Bodo Möller
480506bd49
remove some functions from exported headers
2005-04-26 18:18:35 +00:00
Bodo Möller
0d5ea7613e
make update
2005-04-26 18:09:21 +00:00
Bodo Möller
beb056b303
fix SSLerr stuff for DTLS1 code;
...
move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h";
fix silly indentation (a TAB is *not* always 4 spaces)
2005-04-26 18:08:00 +00:00
Dr. Stephen Henson
4e321ffaff
Fixes for signed/unsigned warnings and shadows.
2005-04-26 17:43:53 +00:00
Ben Laurie
36d16f8ee0
Add DTLS support.
2005-04-26 16:02:40 +00:00
Nils Larsch
965a1cb92e
change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible
2005-04-23 10:11:16 +00:00
Dr. Stephen Henson
384dba6edb
Make kerberos ciphersuite code compile again.
...
Avoid more shadow warnings.
2005-04-20 21:48:48 +00:00
Andy Polyakov
3ed449e94a
More cover-ups, removing OPENSSL_GLOBAL/EXTERNS. We can remove more...
2005-04-13 21:46:30 +00:00
Dr. Stephen Henson
29dc350813
Rebuild error codes.
2005-04-12 16:15:22 +00:00
Richard Levitte
4bb61becbb
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
Dr. Stephen Henson
0858b71b41
Make kerberos ciphersuite code work with newer header files
2005-04-09 23:55:55 +00:00
Richard Levitte
d9bfe4f97c
Added restrictions on the use of proxy certificates, as they may pose
...
a security threat on unexpecting applications. Document and test.
2005-04-09 16:07:12 +00:00
Nils Larsch
dc0ed30cfe
add support for DER encoded private keys to SSL_CTX_use_PrivateKey_file()
...
and SSL_use_PrivateKey_file()
PR: 1035
Submitted by: Walter Goulet
Reviewed by: Nils Larsch
2005-04-08 22:52:42 +00:00
Nils Larsch
6049399baf
get rid of very buggy and very imcomplete DH cert support
...
Reviewed by: Bodo Moeller
2005-04-07 23:19:17 +00:00
Nils Larsch
48c832b6b7
really clear the error queue here
...
PR: 860
2005-04-01 17:50:09 +00:00
Nils Larsch
f3e427f6f9
use SSL3_VERSION_MAJOR instead of SSL3_VERSION etc.
...
PR: 658
2005-04-01 17:35:32 +00:00
Ben Laurie
41a15c4f0f
Give everything prototypes (well, everything that's actually used).
2005-03-31 09:26:39 +00:00
Ben Laurie
42ba5d2329
Blow away Makefile.ssl.
2005-03-30 13:05:57 +00:00
Ben Laurie
0821bcd4de
Constification.
2005-03-30 10:26:02 +00:00
Dr. Stephen Henson
59b6836ab2
Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and
...
client random values.
2005-03-22 14:11:06 +00:00
Nils Larsch
f4bfd357e5
some const fixes
2005-03-20 22:56:07 +00:00
Richard Levitte
a963395a7b
Apparently, at least with my VMS C environment, defining _XOPEN_SOURCE
...
gets _POSIX_C_SOURC and _ANSI_C_SOURCE defined, which stops u_int from
being defined, and that breaks havock into the rest of the standard
headers... *sigh*
2005-01-19 17:03:07 +00:00
Richard Levitte
d8863f0bdb
Small thing. It seems like we have to defined _XOPEN_SOURCE to get
...
isascii() on DEC/Compaq/HP C for VMS.
2005-01-18 16:46:02 +00:00
Richard Levitte
a7201e9a1b
Changes concering RFC 3820 (proxy certificates) integration:
...
- Enforce that there should be no policy settings when the language
is one of id-ppl-independent or id-ppl-inheritAll.
- Add functionality to ssltest.c so that it can process proxy rights
and check that they are set correctly. Rights consist of ASCII
letters, and the condition is a boolean expression that includes
letters, parenthesis, &, | and ^.
- Change the proxy certificate configurations so they get proxy
rights that are understood by ssltest.c.
- Add a script that tests proxy certificates with SSL operations.
Other changes:
- Change the copyright end year in mkerr.pl.
- make update.
2005-01-17 17:06:58 +00:00
Richard Levitte
c4d423511a
Small typo, `mask' got the same value ORed to it twice instead of
...
`mask' and `emask' getting that operation done once each.
Patch supplied by Nils Larsch <nils.larsch@cybertrust.com>
2005-01-12 16:40:48 +00:00
Richard Levitte
a2ac429da2
Don't use $(EXHEADER) directly in for loops, as most shells will break
...
if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
2004-11-02 23:55:01 +00:00
Dr. Stephen Henson
c284f20f00
Fix race condition when SSL ciphers are initialized.
2004-10-25 11:14:16 +00:00
Dr. Stephen Henson
5d7c222db8
New X509_VERIFY_PARAM structure and associated functionality.
...
This tidies up verify parameters and adds support for integrated policy
checking.
Add support for policy related command line options. Currently only in smime
application.
WARNING: experimental code subject to change.
2004-09-06 18:43:01 +00:00
Richard Levitte
d28f7bc74d
make update
2004-07-10 13:18:23 +00:00
Richard Levitte
4083a229b4
Use the new directory reading functions.
2004-07-10 13:17:16 +00:00
Richard Levitte
6713a4835f
Move some COMP functions to be inside the #ifndef OPENSSL_NO_COMP
...
wrapping preprocessor directive. This also removes a duplicate
declaration.
2004-05-20 23:47:57 +00:00
Geoff Thorpe
9c52d2cc75
After the latest round of header-hacking, regenerate the dependencies in
...
the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read.
2004-05-17 19:26:06 +00:00
Geoff Thorpe
d095b68d63
Deprecate quite a few recursive includes from the ssl.h API header and
...
remove some unnecessary includes from the internal header ssl_locl.h. This
then requires adding includes for bn.h in four C files.
2004-05-17 18:53:47 +00:00
Dr. Stephen Henson
4843acc868
Fixes so alerts are sent properly in s3_pkt.c
...
PR: 851
2004-05-15 17:55:07 +00:00
Geoff Thorpe
bcfea9fb25
Allow RSA key-generation to specify an arbitrary public exponent. Jelte
...
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.
PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe
2004-04-26 15:31:35 +00:00
Geoff Thorpe
c57bc2dc51
make update
2004-04-19 18:33:41 +00:00
Geoff Thorpe
60a938c6bc
(oops) Apologies all, that last header-cleanup commit was from the wrong
...
tree. This further reduces header interdependencies, and makes some
associated cleanups.
2004-04-19 18:09:28 +00:00
Richard Levitte
0020502a07
SSL_COMP_get_compression_method is a typo (a missing 's' at the end of
...
the symbol name).
2004-03-25 21:32:30 +00:00
Dr. Stephen Henson
4e8172d6da
Avoid warnings.
2004-03-16 13:51:11 +00:00
Richard Levitte
875a644a90
Constify d2i, s2i, c2i and r2i functions and other associated
...
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Richard Levitte
1fb724449d
make update
2004-01-28 18:38:33 +00:00
Lutz Jänicke
344e86645d
unintptr_t and <inttypes.h> are not strictly portable with respect to
...
ANSI C 89.
Undo change to maintain compatibility.
2004-01-04 17:53:21 +00:00
Richard Levitte
5fdf06666c
Avoid including cryptlib.h, it's not really needed.
...
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 16:10:30 +00:00
Richard Levitte
79b42e7654
Use sh explicitely to run point.sh
...
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 14:59:07 +00:00
Lutz Jänicke
919f8bcd21
Restructure make targets to allow parallel make.
...
Submitted by: Witold Filipczyk <witekfl@poczta.gazeta.pl>
PR: #513
2003-12-03 16:29:41 +00:00
Richard Levitte
3822740ce3
We're getting a clash with C++ because it has a type called 'list'.
...
Therefore, change all instances of the symbol 'list' to something else.
PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>
2003-11-29 10:25:37 +00:00
Richard Levitte
70ef9c5a3d
RSA_size() and DH_size() return the amount of bytes in a key, and we
...
compared it to the amount of bits required...
PR: 770
Submitted by: c zhang <czhang2005@hotmail.com>
2003-11-28 23:03:14 +00:00
Richard Levitte
4d8743f490
Netware-specific changes,
...
PR: 780
Submitted by: Verdon Walker <VWalker@novell.com>
Reviewed by: Richard Levitte
2003-11-28 13:10:58 +00:00
Geoff Thorpe
d8ec0dcf45
Avoid some shadowed variable names.
...
Submitted by: Nils Larsch
2003-11-04 00:51:32 +00:00
Geoff Thorpe
2754597013
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
...
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Dr. Stephen Henson
a08ced78c8
Avoid warnings: add missing prototype, don't shadow.
2003-10-10 23:07:24 +00:00
Richard Levitte
377dcdba44
Add functionality to get information on compression methods (not quite complete).
2003-10-06 12:18:39 +00:00
Richard Levitte
8242354952
Make sure int SSL_COMP_add_compression_method() checks if a certain
...
compression identity is already present among the registered
compression methods, and if so, reject the addition request.
Declare SSL_COMP_get_compression_method() so it can be used properly.
Change ssltest.c so it checks what compression methods are available
and enumerates them. As a side-effect, built-in compression methods
will be automagically loaded that way. Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.
Finally, make update.
Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().
2003-10-06 11:00:15 +00:00
Richard Levitte
f82ab534c6
Check for errors from SSL_COMP_add_compression_method().
...
Notified by Andrew Marlow <AMARLOW1@bloomberg.net>
2003-10-02 10:41:48 +00:00
Richard Levitte
f6e8c19ed1
Correct a mixup of return values
2003-10-02 10:38:44 +00:00
Richard Levitte
ba9f80c5d5
Have ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B.
...
PR: 679
2003-09-27 19:32:06 +00:00
Richard Levitte
e59659dc41
Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B.
...
PR: 680
2003-09-27 19:27:06 +00:00
Richard Levitte
253e893c2b
Include the instance in the Kerberos ticket information.
...
In s_server, print the received Kerberos information.
PR: 693
2003-09-27 17:55:13 +00:00
Richard Levitte
0e6c20da46
Free the Kerberos context upon freeing the SSL.
...
Contributed by Andrew Mann <amann@tccgi.com>
2003-09-27 07:35:07 +00:00
Geoff Thorpe
9ea72d3705
These should be write-locks, not read-locks.
2003-09-08 15:47:55 +00:00
Dr. Stephen Henson
14f3d7c5cc
Only accept a client certificate if the server requests
...
one, as required by SSL/TLS specs.
2003-09-03 23:47:34 +00:00
Bodo Möller
563c05e2dc
fix out-of-bounds check in lock_dbg_cb (was too lose to detect all
...
invalid cases)
PR: 674
2003-08-14 10:33:56 +00:00
Bodo Möller
643ecd2ed6
make sure no error is left in the queue that is intentionally ignored
2003-08-11 18:56:22 +00:00
Bodo Möller
968766cad8
updates for draft-ietf-tls-ecc-03.txt
...
Submitted by: Douglas Stebila
Reviewed by: Bodo Moeller
2003-07-22 12:34:21 +00:00
Bodo Möller
ddc38679ce
tolerate extra data at end of client hello for SSL 3.0
...
PR: 659
2003-07-21 15:17:46 +00:00
Lutz Jänicke
f65a75786b
Fix ordering of compare functions: strncmp() must be used first, a
...
the cipher name in the list is not guaranteed to be at least "buflen"
long.
PR: 567
Submitted by: "Matt Harren" <matth@cs.berkeley.edu>
2003-04-08 06:31:36 +00:00
Richard Levitte
3ae70939ba
Correct a lot of printing calls. Remove extra arguments...
2003-04-03 23:39:48 +00:00
Richard Levitte
c4d00669a0
Let's limit the extent of the definition of _XOPEN_SOURCE.
2003-03-25 21:17:28 +00:00
Bodo Möller
33b34a9d8f
remove patch ID (which is supposed to appear in patched variants of
...
old OpenSSL releases, but not in new releases)
2003-03-21 13:11:14 +00:00
Bodo Möller
02da5bcd83
countermeasure against new Klima-Pokorny-Rosa atack
2003-03-19 19:19:53 +00:00
Bodo Möller
176f31ddec
- new ECDH_compute_key interface (KDF is no longer a fixed built-in)
...
- bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary
2003-02-28 15:37:10 +00:00
Bodo Möller
57376542a0
use tabs for indentation, not spaces
2003-02-28 15:07:10 +00:00
Ulf Möller
66ecdf3bfb
more mingw related cleanups.
2003-02-22 18:00:14 +00:00
Richard Levitte
5b0b0e98ce
Security fix: Vaudenay timing attack on CBC.
...
An advisory will be posted to the web. Expect a release within the hour.
2003-02-19 12:03:59 +00:00
Geoff Thorpe
4879ec7bf3
Session cache implementations shouldn't have to access SSL_SESSION
...
elements directly, so this missing functionality is required.
PR: 276
2003-02-15 20:38:57 +00:00
Richard Levitte
85d686e723
Make it possible to disable OCSP, the speed application, and the use of sockets.
...
PR: 358
2003-02-14 01:02:58 +00:00
Dr. Stephen Henson
cf56663fb7
Option to disable SSL auto chain build
2003-02-12 17:06:02 +00:00
Bodo Möller
ea513641d0
comments
2003-02-12 14:17:41 +00:00
Bodo Möller
0e9035ac98
SSL_add_dir_cert_subjects_to_stack now exists for WIN32
2003-02-05 16:40:29 +00:00
Richard Levitte
5d780babe3
A few small bugs with BIO popping.
...
PR: 364
2003-01-30 21:49:12 +00:00