wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
5195 commits 20 branches 302 tags 153 MiB
Commit graph

377 commits

Author SHA1 Message Date
Lutz Jänicke
d2cbe66ee1 Ciphers with NULL encryption were not properly handled because they were 
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
 2002-07-10 06:41:29 +00:00
Bodo Möller
0ac51fcf0b emtpy fragments are not necessary for SSL_eNULL 
(but noone uses it anyway)
 2002-07-09 08:48:03 +00:00
Bodo Möller
32a76f2c75 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC 
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
 2002-06-14 12:19:34 +00:00
Richard Levitte
578c1cdefa make update 2002-06-13 21:57:57 +00:00
Richard Levitte
6c53759a50 Recover from errors 2002-05-23 23:33:22 +00:00
Bodo Möller
35fbadb322 fix warning 2002-05-06 10:42:56 +00:00
Bodo Möller
ea9e248cde fix casts 2002-05-05 23:01:42 +00:00
Dr. Stephen Henson
64f1ae3868 Win32 VC++ warning fixes. 2002-05-02 01:52:18 +00:00
Richard Levitte
9cf94f9ed3 Fix unsigned vs. signed clash 2002-04-29 10:30:05 +00:00
Richard Levitte
ea599390c6 Make sure the opened directory is closed on exit. 
Notified by Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>
 2002-04-18 16:20:32 +00:00
Bodo Möller
a6ec2d58ba improve binary compatibility 2002-04-14 08:25:41 +00:00
Bodo Möller
82c77c1b32 Implement known-IV countermeasure. 
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
 2002-04-13 22:49:28 +00:00
Lutz Jänicke
6bcba344b5 Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>). 2002-03-19 16:47:09 +00:00
Bodo Möller
7aacd4c458 fix ssl3_pending 2002-03-15 10:53:34 +00:00
Lutz Jänicke
e18ed57afd Add missing strength entries. 2002-03-14 18:56:59 +00:00
Bodo Möller
ff9722c7f1 use BIO_nwrite() more properly to demonstrate the general idea of 
BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not
in general)
 2002-03-14 09:49:10 +00:00
Lutz Jänicke
ec20856622 Fix the fix (Yoram Zahavi)... 2002-02-27 11:26:20 +00:00
Lutz Jänicke
ce1e801013 Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi). 2002-02-26 21:50:28 +00:00
Richard Levitte
03a6dcdf31 make update 2002-02-26 14:18:23 +00:00
Lutz Jänicke
76dca45720 Backport from 0.9.7: 
Make removal from internal session cache more robust and do not store
into internal session cache when it won't be looked up anyway.
 2002-02-10 12:52:57 +00:00
Bodo Möller
19fa8cfe5a Bugfix: In ssl3_accept, don't use a local variable 'got_new_session' 
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
 2002-01-14 23:42:47 +00:00
Bodo Möller
5f18fe493e Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if 
the SSL_R_LENGTH_MISMATCH error is detected.
 2002-01-14 12:42:38 +00:00
Ulf Möller
c99b94be3e ssl3_read_bytes bug fix 
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
 2001-12-28 17:13:10 +00:00
Richard Levitte
5dfaf1c437 make update 2001-12-20 22:25:41 +00:00
Bodo Möller
3ece3605ac remove redundant ERR_load_... declarations 2001-12-17 19:24:39 +00:00
Richard Levitte
479275ef18 make update 
perl util/mkdef.pl crypto update rewrite
 2001-11-15 12:36:30 +00:00
Bodo Möller
c37e7bf580 fix warning 2001-11-14 21:19:47 +00:00
Bodo Möller
a10b85d9e6 make code a little more similar to what it looked like before the fixes 2001-11-10 10:43:51 +00:00
Bodo Möller
a807f6460e important SSL 2.0 bugfixes 2001-11-10 01:15:29 +00:00
Richard Levitte
d6945e10b5 Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names 2001-10-29 13:06:29 +00:00
Bodo Möller
0b9925be4f Consistency with s2_... and s23_... variants (no real functional 
change)
 2001-10-25 08:18:56 +00:00
Bodo Möller
3e9ae0c462 Oops 2001-10-25 08:18:36 +00:00
Bodo Möller
96ec4ce0d2 Assume TLS 1.0 if ClientHello fragment is too short. 2001-10-25 06:06:50 +00:00
Bodo Möller
38b3e9edde Fix SSL handshake functions and SSL_clear() such that SSL_clear() 
never resets s->method to s->ctx->method when called from within one
of the SSL handshake functions.
 2001-10-24 19:05:26 +00:00
Bodo Möller
9ccadf1c6f In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if 
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
 2001-10-20 17:52:40 +00:00
Bodo Möller
2dbdcd9734 Fix ssl3_get_message to handle message fragmentation correctly. 2001-10-15 17:42:43 +00:00
Bodo Möller
1147fa5a5f the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK 
case of ssl3_accept
 2001-10-15 17:40:22 +00:00
Bodo Möller
ae9010abd5 comment 2001-09-24 07:57:20 +00:00
Bodo Möller
029dfa64d4 bugfix: handle HelloRequest received during handshake correctly 2001-09-21 11:19:26 +00:00
Bodo Möller
f8845509b6 Disable session related stuff in SSL_ST_OK case of ssl3_accept if we 
just sent a HelloRequest.
 2001-09-21 07:01:04 +00:00
Bodo Möller
3f98e1dd11 Bugfix: correct cleanup after sending a HelloRequest 2001-09-21 00:03:00 +00:00
Bodo Möller
e53afa9e9b fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case 2001-09-20 21:36:39 +00:00
Bodo Möller
e41c5bd730 Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't 
reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
 2001-09-20 18:34:36 +00:00
Bodo Möller
10981a5c84 add comment 2001-09-14 13:48:37 +00:00
Bodo Möller
9cf8888149 Increase permissible ClientKeyExchange message length as in main 
branch (revision 1.50, 2000-11-17)
 2001-09-14 13:32:03 +00:00
Lutz Jänicke
a04baf9b5c Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.) 2001-08-25 11:48:35 +00:00
Lutz Jänicke
51db1db082 Checked in from the wrong !@#$%^&*() copy... 2001-08-21 07:27:47 +00:00
Lutz Jänicke
653cc07b51 Alert description strings for TLSv1 and documentation. 2001-08-19 16:23:57 +00:00
Bodo Möller
904de6e4f5 Bugfix: larger message size in ssl3_get_key_exchange() because 
ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>
 2001-08-07 09:31:03 +00:00
Lutz Jänicke
65ce21da9a Fix typos (shinagawa@star.zko.dec.com). 2001-08-07 07:53:53 +00:00