Commit graph

486 commits

Author SHA1 Message Date
Bodo Möller
0bdbc5a86e fix ssl3_pending 2002-03-15 10:52:03 +00:00
Lutz Jänicke
abecef77cf Add missing strength classification.
Submitted by:
Reviewed by:
PR:
2002-03-14 18:47:51 +00:00
Dr. Stephen Henson
b74dfe6e8e Initialize cipher context in KRB5
("D. Russell" <russelld@aol.net>)

Allow HMAC functions to use an alternative ENGINE.
2002-03-14 18:16:49 +00:00
Bodo Möller
13962f0b15 use BIO_nwrite() more properly 2002-03-14 09:48:32 +00:00
Dr. Stephen Henson
f2cbb15468 Undo previous patch: avoid warnings by #undef'ing
duplicate definitions.

Suggested by "Kenneth R. Robinette" <support@securenetterm.com>
2002-03-13 13:58:33 +00:00
Dr. Stephen Henson
e38e8b29f8 Fix Kerberos warnings with VC++. 2002-03-12 19:38:16 +00:00
Dr. Stephen Henson
c03ceadfbd Fix ASN1 additions for KRB5 2002-03-12 13:33:20 +00:00
Dr. Stephen Henson
e50baf58ab Fix various warnings when compiling with KRB5 code. 2002-03-12 03:00:59 +00:00
Ben Laurie
91aeab0de3 ADH-DES-CBC-SHA should be LOW. 2002-03-06 16:59:12 +00:00
Bodo Möller
2be9b88135 use ERR_peek_last_error() instead of ERR_peek_error() 2002-02-28 14:10:13 +00:00
Richard Levitte
421d474332 Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated 2002-02-28 12:44:05 +00:00
Bodo Möller
48781ef7f7 Add 'void *' argument to app_verify_callback.
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:55:52 +00:00
Lutz Jänicke
21f422ca5e Fix the fix (Yoram Zahavi)...
Submitted by:
Reviewed by:
PR:
2002-02-27 11:24:39 +00:00
Lutz Jänicke
3b79d2789d Make sure that bad sessions are removed in SSL_clear() (found by
Yoram Zahavi).
Submitted by:
Reviewed by:
PR:
2002-02-26 21:44:07 +00:00
Dr. Stephen Henson
cfe1c195c4 non-Monolith fixes.
Submitted by Andrew W. Gray <agray@iconsinc.com>
2002-02-22 21:27:47 +00:00
Lutz Jänicke
acfe628b6e Make removal from session cache more robust. 2002-02-10 12:46:41 +00:00
Lutz Jänicke
4de920c91d Do not store unneeded data. 2002-02-08 15:15:04 +00:00
Bodo Möller
8c74b5e56c Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
2002-01-14 23:40:26 +00:00
Bodo Möller
c59ba5b528 Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if
the SSL_R_LENGTH_MISMATCH error is detected.
2002-01-14 12:37:59 +00:00
Ben Laurie
45d87a1ffe Prototype info function. 2002-01-12 15:56:13 +00:00
Ben Laurie
a3feb21bbe Add client_cert_cb prototype. 2002-01-12 13:15:40 +00:00
Ulf Möller
dcbbf83dba ssl3_read_bytes bug fix
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
2001-12-28 17:14:35 +00:00
Bodo Möller
4d7072f4b5 remove redundant ERR_load_... declarations 2001-12-17 19:22:23 +00:00
Ben Laurie
ff3fa48fc7 Improve back compatibility. 2001-12-09 21:53:31 +00:00
Bodo Möller
47ff5c6279 For future portability reasons MIT is moving all macros to function
calls.  This patch allows compilation either way.

Submitted by: Jeffrey Altman <jaltman@columbia.edu>
2001-11-23 21:50:50 +00:00
Bodo Möller
c23d16ac19 cast to unsigned int, not to int to avoid the warning -- all these
values really are unsigned
2001-11-14 21:18:35 +00:00
Richard Levitte
3102792161 unsigned int vs. int. 2001-11-14 10:55:29 +00:00
Bodo Möller
2b90b1f344 make code a little more similar to what it looked like before the fixes,
call ssl2_part_read again to parse error message
2001-11-10 10:44:15 +00:00
Bodo Möller
cf82191d77 Implement msg_callback for SSL 2.0.
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
2001-11-10 01:16:28 +00:00
Richard Levitte
a7b42009c4 Change the shared library support so the shared libraries get built
sooner and the programs get built against the shared libraries.

This requires a bit more work.  Things like -rpath and the possibility
to still link the programs statically should be included.  Some
cleanup is also needed.  This will be worked on.
2001-10-30 08:00:59 +00:00
Richard Levitte
7b5ffd6834 Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names 2001-10-29 13:05:28 +00:00
Bodo Möller
4d635a7001 Consistency with s2_... and s23_... variants (no real functional
change)
2001-10-25 08:17:53 +00:00
Bodo Möller
ba1c602281 Assume TLS 1.0 when ClientHello fragment is too short. 2001-10-25 06:09:51 +00:00
Bodo Möller
979689aa5c Fix SSL handshake functions and SSL_clear() such that SSL_clear()
never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.
2001-10-24 19:03:22 +00:00
Richard Levitte
a3faebd104 Deprecate the macro MAC_OS_pre_X. 2001-10-24 15:32:53 +00:00
Bodo Möller
287973746e Fix memory leak. 2001-10-22 13:59:36 +00:00
Bodo Möller
cf3a5cebd7 Call msg_callback with correct length parameter if ssl3_write_bytes had to
be called multiple times
2001-10-20 18:56:01 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback().
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Bodo Möller
31fe950d2b gcc complained about "write" being shadowed even though the "write"
variable name occured just in a function *prototype* -- so rename it
2001-10-17 20:44:25 +00:00
Richard Levitte
db6a87d8cc Wrong place... 2001-10-17 17:54:17 +00:00
Richard Levitte
7beb408771 The EVP_*Init_ex() functions take one extra argument. Let's default
it to NULL.
2001-10-17 16:03:42 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Bodo Möller
bf21446a2a Add per-SSL 'msg_callback' with 'msg_callback_arg'.
Both have per-SSL_CTX defaults.
These new values can be set by calling SSL[_CTX]_[callback_]ctrl
with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG.

So far, the callback is never actually called.


Also rearrange some SSL_CTX struct members (some exist just in
SSL_CTXs, others are defaults for SSLs and are either copied
during SSL_new, or used if the value in the SSL is not set;
these three classes of members were not in a logical order),
and add some missing assignments to SSL_dup.
2001-10-16 13:09:24 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Bodo Möller
9ba3ec9176 The message header for fake SSL 3.0/TLS 1.0 client hellos created from
SSL 2.0 client hellos added with the previous commit was totally wrong --
it must start with the message type, not the protocol version.
(Not that this particular header is actually used anywhere ...)
2001-10-16 00:56:04 +00:00
Bodo Möller
8f71fb8d98 For consistency, set s->init_num in the 'reuse_message' case
(if s23_srvr.c faked the message, s->init_num is 0).
2001-10-15 20:16:36 +00:00
Bodo Möller
48948d53b6 Change ssl3_get_message and the functions using it so that complete
'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.

(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)
2001-10-15 19:49:25 +00:00
Bodo Möller
2ce15df528 Fix ssl3_get_message handle message fragmentation correctly. 2001-10-15 17:41:41 +00:00
Bodo Möller
681bfae499 the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK
case of ssl3_accept
2001-10-15 17:40:42 +00:00
Richard Levitte
116daf4c2f To avoid commit wars over dependencies, let's make it so things that
depend on the environment, like the presence of the OpenBSD crypto
device or of Kerberos, do not change the dependencies within OpenSSL.
2001-10-10 07:55:02 +00:00