wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4327 commits 20 branches 302 tags 153 MiB
Commit graph

339 commits

Author SHA1 Message Date
Bodo Möller
029dfa64d4 bugfix: handle HelloRequest received during handshake correctly 2001-09-21 11:19:26 +00:00
Bodo Möller
f8845509b6 Disable session related stuff in SSL_ST_OK case of ssl3_accept if we 
just sent a HelloRequest.
 2001-09-21 07:01:04 +00:00
Bodo Möller
3f98e1dd11 Bugfix: correct cleanup after sending a HelloRequest 2001-09-21 00:03:00 +00:00
Bodo Möller
e53afa9e9b fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case 2001-09-20 21:36:39 +00:00
Bodo Möller
e41c5bd730 Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't 
reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
 2001-09-20 18:34:36 +00:00
Bodo Möller
10981a5c84 add comment 2001-09-14 13:48:37 +00:00
Bodo Möller
9cf8888149 Increase permissible ClientKeyExchange message length as in main 
branch (revision 1.50, 2000-11-17)
 2001-09-14 13:32:03 +00:00
Lutz Jänicke
a04baf9b5c Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.) 2001-08-25 11:48:35 +00:00
Lutz Jänicke
51db1db082 Checked in from the wrong !@#$%^&*() copy... 2001-08-21 07:27:47 +00:00
Lutz Jänicke
653cc07b51 Alert description strings for TLSv1 and documentation. 2001-08-19 16:23:57 +00:00
Bodo Möller
904de6e4f5 Bugfix: larger message size in ssl3_get_key_exchange() because 
ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>
 2001-08-07 09:31:03 +00:00
Lutz Jänicke
65ce21da9a Fix typos (shinagawa@star.zko.dec.com). 2001-08-07 07:53:53 +00:00
Lutz Jänicke
dd186f600d Only set the verify callback if there's one to set! 2001-07-31 10:20:53 +00:00
Lutz Jänicke
03a70bad4f Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:48:20 +00:00
Richard Levitte
7ca6deef3f SSL_get_rfc were documented but not implemented. 2001-07-16 10:50:49 +00:00
Richard Levitte
026dad0f3b SSL_get_[rw]fd were documented but not implemented. 2001-07-15 20:12:45 +00:00
Bodo Möller
dab4c2824f pay attention to blocksize before attempting decryption 2001-06-15 18:06:06 +00:00
Richard Levitte
e90323844f Use memmove() instead of memcpy() on areas that may overlap. 
Spotted by Nalin Dahyabhai <nalin@redhat.com>
 2001-06-07 04:45:55 +00:00
Bodo Möller
83583e9479 Fix Bleichenbacher PKCS #1 1.5 countermeasure. 
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway,
otherwise this would be a security relevant patch.)
 2001-06-01 09:43:23 +00:00
Bodo Möller
9a22ce66c9 This change should be suitable as a workaround for the Solaris x86 
compiler bug reported in <01032110293775.22278@weba3.iname.net>
(the '++seq[i]' condition is evaluated as 256 rather than 0
when the previous value is 255).
 2001-04-03 13:46:36 +00:00
Bodo Möller
1e01dbfbb2 backport the comment (here it's NO_DH, not OPENSSL_NO_DH ...) 2001-03-22 15:00:45 +00:00
Bodo Möller
6ebcd441d6 Avoid compiler warning for NO_DH as in the main trunk. 2001-03-22 14:59:18 +00:00
Richard Levitte
5098bc92f8 A correction from the main trunk that was forgotten. 2001-03-13 14:39:51 +00:00
Bodo Möller
c6a15854ee Consistently use 'void *' for SSL read, peek and write functions. 2001-03-09 10:08:06 +00:00
Bodo Möller
f46a878e3f add ssl23_peek 2001-03-08 21:53:29 +00:00
Richard Levitte
3e0d891828 SSLv2 session reuse bugfix from main development branch. 2001-03-05 14:52:30 +00:00
Dr. Stephen Henson
de0b3ab7fb Zero the premaster secret after deriving the master secret in DH 
ciphersuites.
 2001-01-25 13:20:39 +00:00
Bodo Möller
6610d4f3b9 For improved compatibility with 'strange' certificates, add some 
digest aliases (as found in OpenSSL_add_all_digests).
 2001-01-23 13:55:01 +00:00
Bodo Möller
799751bcff Get rid of unused error code. 2000-12-27 23:41:50 +00:00
Bodo Möller
beaea31a96 Finish SSL_peek/SSL_pending fixes. 2000-12-26 12:06:48 +00:00
Bodo Möller
a9c3dc60b9 Fix SSL_peek and SSL_pending. 2000-12-25 18:41:37 +00:00
Bodo Möller
7947f98b9b Fix another buffer overrun bug (which is not really a bug because 
s->s2->escape is never set when sending data because the escape
bit is just reserved for future use in SSL 2.0)
 2000-12-18 11:32:09 +00:00
Bodo Möller
fc4868cb47 Increase wbuf by one byte to fix the bug reported by 
Eric Day <eday@concentric.net> to openssl-dev@openssl.org,
Message-ID: <20001218013437.A5526@concentric.net>
 2000-12-18 11:23:23 +00:00
Bodo Möller
555a8493cd typo 2000-12-14 17:45:36 +00:00
Bodo Möller
2452e013aa The first step towards a SSL_peek fix. 
The main thing to verify about these changes is that nothing at all
has changed, as far as behaviour is concerned (except that some
SSLerr() invocations now have a different function code): SSL_read
(ssl2_read, ssl3_read) behaves exactly as before, and SSL_peek refuses
to do any work exactly as before.  But now the functions actually
doing the work have a 'peek' flag, so it should be easy to change them
to behave accordingly.
 2000-12-14 17:34:42 +00:00
Lutz Jänicke
673d7ac121 Store verify_result with sessions to avoid potential security hole. 
For the server side this was already done one year ago :-(
 2000-11-29 18:12:32 +00:00
Bodo Möller
666d437538 Disable SSL_peek. 2000-11-28 11:14:39 +00:00
Richard Levitte
c125ea2767 Fix from main trunk, 2000-09-26 13:30 bodo: 
Don't modify s->read_ahead in SSL_clear, which is called from
accept/connect functions; those should not change the read_ahead
setting of the SSL structure.

Fix from main trunk, 2000-09-26 13:38  bodo:

Set s->read_ahead in SSL_new because SSL_clear no longer modifies it.
 2000-10-11 09:15:53 +00:00
Richard Levitte
df4fd356df Fix from main trunk, 2000-09-26 13:25 bodo: 
Fix SSL_CTX_set_read_ahead macro.

Submitted by: Anders Gertz <gertz@epact.se>
 2000-10-11 09:14:17 +00:00
Richard Levitte
eb3633164e Fix from main trunk, 2000-09-25 10:52 levitte: 
'ranlib' doesn't always run on some systems.  That's actually
acceptable, since all that happens if it fails is a library with an
index, which makes linking slower, but still working correctly.
 2000-10-11 02:04:16 +00:00
Bodo Möller
f1192b7f2e Avoid protocol rollback. 2000-09-22 21:39:33 +00:00
Richard Levitte
c5f8bbbc0b Portability patch for HP MPE/iX. Submitted by Mark Bixby <mark_bixby@hp.com> 2000-09-21 05:42:01 +00:00
Richard Levitte
62324627aa Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care 
of complaints from the compiler about data pointers and function
pointers not being compatible with each other.
 2000-09-17 18:21:27 +00:00
Bodo Möller
54f10e6adc New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default 
behaviour that SSL_read may result in SSL_ERROR_WANT_READ.
 2000-09-12 20:28:30 +00:00
Richard Levitte
62ab514e98 'make update' 2000-09-07 08:46:51 +00:00
Dr. Stephen Henson
34216c0422 Keep a not of original encoding in certificate requests. 
Add new option to PKCS7_sign to exclude S/MIME capabilities.
 2000-09-05 13:27:57 +00:00
Bodo Möller
bbb8de0966 Avoid abort() throughout the library, except when preprocessor 
symbols for debugging are defined.
 2000-09-04 15:34:43 +00:00
Richard Levitte
3009458e2f MD4 implemented. Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test 2000-08-14 14:05:53 +00:00
Bodo Möller
aa826d88e1 Document rollback issues. 2000-07-29 19:27:20 +00:00
Bodo Möller
37569e64e8 Fix SSL 2.0 rollback checking: The previous implementation of the 
test was never triggered due to an off-by-one error.

In s23_clnt.c, don't use special rollback-attack detection padding
(RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
client; similarly, in s23_srvr.c, don't do the rollback check if
SSL 2.0 is the only protocol enabled in the server.
 2000-07-29 18:50:41 +00:00