wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1574 commits 20 branches 302 tags 153 MiB
Commit graph

68 commits

Author SHA1 Message Date
Ulf Möller
9d1a01be8f Source code cleanups: Use void * rather than char * in lhash, 
eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
 2000-01-30 22:20:28 +00:00
Bodo Möller
52732b38da Some comments added, and slight code clean-ups. 2000-01-26 22:36:55 +00:00
Dr. Stephen Henson
dd9d233e2a Tidy up CRYPTO_EX_DATA structures. 2000-01-23 23:41:49 +00:00
Dr. Stephen Henson
018e57c74d Apply Lutz Behnke's 56 bit cipher patch with a few 
minor changes.

Docs haven't been added at this stage. They are probably
best included in the 'ciphers' program docs.
 2000-01-22 03:17:06 +00:00
Ulf Möller
731d9c5fb5 Some more ifdefs for no-xxx options. 2000-01-21 00:03:51 +00:00
Ulf Möller
aa82db4fb4 Add missing #ifndefs that caused missing symbols when building libssl 
as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.

Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
 2000-01-16 21:10:00 +00:00
Ulf Möller
eb952088f0 Precautions against using the PRNG uninitialized: RAND_bytes() now 
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
 2000-01-13 20:59:17 +00:00
Bodo Möller
c51ae173a6 Clean up some of the SSL server code. 2000-01-11 01:07:26 +00:00
Bodo Möller
ca03109c3a New functions SSL_get_finished, SSL_get_peer_finished. 
Add short state string for MS SGC.
 2000-01-06 01:19:17 +00:00
Dr. Stephen Henson
bb7cd4e3eb Remainder of SSL purpose and trust code: trust and purpose setting in 
SSL_CTX and SSL, functions to set them and defaults if no values set.
 1999-11-29 22:35:00 +00:00
Dr. Stephen Henson
13938aceca Add part of chain verify SSL support code: not complete or doing anything 
yet.

Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.

Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
 1999-11-29 01:09:25 +00:00
Bodo Möller
b1fe6ca175 Store verify_result with sessions to avoid potential security hole. 1999-11-16 23:15:41 +00:00
Bodo Möller
4dd60b3b96 typo in a comment 1999-09-14 15:06:25 +00:00
Bodo Möller
de1915e48c Fix horrible (and hard to track down) bug in ssl23_get_client_hello: 
In case of a restart, v[0] and v[1] were incorrectly initialised.
This was interpreted by ssl3_get_client_key_exchange as an RSA decryption
failure (don't ask me why) and caused it to create a _random_ master key
instead (even weirder), which obviously led to incorrect input to
ssl3_generate_master_secret and thus caused "block cipher pad is
wrong" error messages from ssl3_enc for the client's Finished message.
Arrgh.
 1999-08-18 17:14:42 +00:00
Bodo Möller
204cf1abb0 Comments. 1999-08-08 14:21:04 +00:00
Bodo Möller
5e63691972 add comments 1999-08-08 14:07:30 +00:00
Ulf Möller
8c197cc55e VMS updates. 
Submitted by: Richard Levitte <levitte@stacken.kth.se>
 1999-07-28 23:25:59 +00:00
Bodo Möller
74678cc2f8 Additional user data argument to pem_password_cb function type 
and to lots of PEM_... functions.
Submitted by: Damien Miller <dmiller@ilogic.com.au>
 1999-07-21 20:57:16 +00:00
Bodo Möller
e105643595 New functions SSL[_CTX]_{set,get}_mode; the initial set of mode flags is 
SSL_MODE_ENABLE_PARTIAL_WRITE, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
 1999-07-02 13:55:32 +00:00
Bodo Möller
a14d1a03ec Fix comments. 
Submitted by: Anonymous
 1999-06-28 12:14:06 +00:00
Bodo Möller
31b4896209 Comment adjusted to reality. 1999-06-14 15:48:04 +00:00
Ulf Möller
df63a389a5 "extern" is a C++ reserved word. 
Pointed out by: Janez Jere <jj@void.si>
 1999-06-09 16:33:18 +00:00
Ben Laurie
838d25a1ec More safe stack. 1999-05-30 14:13:19 +00:00
Bodo Möller
673eadec2c Additional, more descriptive error message for rejection of a session ID 
because of missing session ID context (so that application programmers
are directly pointed to what they should do differently).
 1999-05-17 11:15:49 +00:00
Bodo Möller
3ae76679c7 Introduce and use function typedef pem_password_cb so that we don't call 
those functions without having a parameter list declaration.
(There are various similar cases left ...)
 1999-05-14 11:52:49 +00:00
Bodo Möller
b56bce4fc7 New structure type SESS_CERT used instead of CERT inside SSL_SESSION. 
While modifying the sources, I found some inconsistencies on the use of
s->cert vs. s->session->sess_cert; I don't know if those could
really have caused problems, but possibly this is a proper bug-fix
and not just a clean-up.
 1999-05-13 15:09:38 +00:00
Ulf Möller
7d7d2cbcb0 VMS support. 
Submitted by: Richard Levitte <richard@levitte.org>
 1999-05-13 11:37:32 +00:00
Bodo Möller
fa2b248f23 Clarify comment. 
Submitted by:
Reviewed by:
PR:
 1999-05-11 14:26:14 +00:00
Bodo Möller
ff71222024 And I thought I could spell ... but in caps really everything looks the same. 
Submitted by:
Reviewed by:
PR:
 1999-05-11 07:54:38 +00:00
Bodo Möller
b31b04d951 Make SSL library a little more fool-proof by not requiring any longer 
that SSL_set_{accept,connect}_state be called before
SSL_{accept,connect} may be used.
Submitted by:
Reviewed by:
PR:
 1999-05-11 07:43:16 +00:00
Bodo Möller
9d5cceac6f No actual change, but the cert_st member of struct ssl_session_st is now 
called sess_cert instead of just cert.  This is in preparation of further
changes: Probably often when s->session->sess_cert is used, we should
use s->cert instead; s->session->sess_cert should be a new structure
containing only the stuff that is for just one connection (e.g.
the peer's certificate, which the SSL client implementations currently
store in s->session->[sess_]cert, which is a very confusing thing to do).
Submitted by:
Reviewed by:
PR:
 1999-05-09 21:22:45 +00:00
Bodo Möller
ca8e5b9b8a Create a duplicate of the SSL_CTX's CERT in SSL_new instead of copying 
pointers.  The cert_st handling is changed by this in various ways.
Submitted by:
Reviewed by:
PR:
 1999-05-09 20:12:44 +00:00
Bodo Möller
8d1157c71c One comment was in the wrong line ... some others are new. 
Submitted by:
Reviewed by:
PR:
 1999-05-09 16:41:00 +00:00
Bodo Möller
8450bddfaf Some tiny changes to the source code to make future diffs smaller 
when restructuring the cert_st handling (removed unnused parts,
and the like).
Submitted by:
Reviewed by:
PR:
 1999-05-09 15:45:38 +00:00
Bodo Möller
303c002898 Use "const char *" instead of "char *" for filenames passed to functions. 
Submitted by:
Reviewed by:
PR:
 1999-05-09 10:12:10 +00:00
Ben Laurie
661b361b4b Some more stack stuff. 1999-05-03 19:55:00 +00:00
Bodo Möller
b3ca645f47 New function SSL_CTX_use_certificate_chain_file. 
Submitted by:
Reviewed by:
PR:
 1999-05-01 17:43:52 +00:00
Bodo Möller
7f89714e64 Support verify_depth from the SSL API without need for user-defined 
callbacks.

Submitted by:
Reviewed by:
PR:
 1999-05-01 03:20:40 +00:00
Bodo Möller
4eb77b2679 New function SSL_CTX_set_session_id_context. 
Submitted by:
Reviewed by:
PR:
 1999-04-30 17:15:56 +00:00
Ulf Möller
79df9d6272 New Configure option no-<cipher> (rsa, idea, rc5, ...). 1999-04-27 03:19:12 +00:00
Ulf Möller
a9be3af5ad Remove NOPROTO definitions and error code comments. 1999-04-26 16:43:10 +00:00
Dr. Stephen Henson
c74b3a6037 Various header consistency fixes. 1999-04-25 16:38:52 +00:00
Dr. Stephen Henson
6d31193858 Complete rewrite of the error code generation script. It now runs as a single 
script, translates function codes better and doesn't need the K&R function
prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are
still needed by the DEF generator...). I also ran the script with the -rewrite
option to update all the header and source files.
 1999-04-24 00:15:18 +00:00
Bodo Möller
ec577822f9 Change #include filenames from <foo.h> to <openssl.h>. 
Submitted by:
Reviewed by:
PR:
 1999-04-23 22:13:45 +00:00
Ben Laurie
61f5b6f338 Work with -pedantic! 1999-04-23 15:01:15 +00:00
Ben Laurie
e778802f53 Massive constification. 1999-04-17 21:25:43 +00:00
Ben Laurie
8f7de4f04c Typo. 1999-04-14 11:13:47 +00:00
Ben Laurie
f73e07cf42 Add type-safe STACKs and SETs. 1999-04-12 17:23:57 +00:00
Bodo Möller
6d02d8e444 New option "-showcerts" for s_client 
Slight cleanup in ssl/
 1999-03-31 12:06:30 +00:00
Ben Laurie
b4cadc6e13 Fix security hole. 1999-03-22 12:22:14 +00:00