Commit graph

33 commits

Author SHA1 Message Date
Matt Caswell
dcf7a2dc4a Check EVP_Cipher return values for SSL2
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 5fc8bb6ab7)
2014-11-27 21:58:32 +00:00
Ben Laurie
9c00a95060 Add and use a constant-time memcmp.
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a)

Conflicts:
	crypto/crypto.h
	ssl/t1_lib.c
2013-02-05 16:46:15 +00:00
Ben Laurie
b3f3407850 Use new common flags and fix resulting warnings. 2009-02-15 14:08:51 +00:00
Bodo Möller
d8e8fc4803 Put back a variable deleted by the previous revision,
but used in the code.
2009-02-01 01:08:13 +00:00
Richard Levitte
c7ba21493a Hopefully resolve signed vs unsigned issue. 2009-01-28 07:09:23 +00:00
Dr. Stephen Henson
d7ecd42255 Fix warnings properly this time ;-) 2009-01-11 20:34:23 +00:00
Dr. Stephen Henson
211655fcdd Fix sign-compare warnings. 2009-01-11 15:58:51 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should
test for them!
2008-12-29 16:11:58 +00:00
Dr. Stephen Henson
b948e2c59e Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. 2007-06-04 17:04:40 +00:00
Richard Levitte
5fdf06666c Avoid including cryptlib.h, it's not really needed.
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 16:10:30 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Bodo Möller
cf82191d77 Implement msg_callback for SSL 2.0.
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
2001-11-10 01:16:28 +00:00
Bodo Möller
ee60d9fb28 Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
2001-09-20 18:35:52 +00:00
Bodo Möller
e34cfcf7e1 Consistently use 'void *' for SSL read, peek and write functions. 2001-03-09 10:09:20 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Bodo Möller
725c88879c Finish SSL_peek/SSL_pending fixes. 2000-12-26 12:07:23 +00:00
Bodo Möller
a0aae68cf6 Fix SSL_peek and SSL_pending. 2000-12-25 18:40:46 +00:00
Bodo Möller
3880cd35ad Import s2_pkt.c wbuf fixes from OpenSSL_0_9_6-stable branch. 2000-12-18 11:35:32 +00:00
Bodo Möller
5a4fbc69c3 First step towards SSL_peek fix. 2000-12-14 17:36:59 +00:00
Bodo Möller
87739b2c53 Disable SSL_peek until it is fixed. 2000-11-28 06:48:36 +00:00
Bodo Möller
f7a059316f tag SSL_peek bugs 2000-11-17 11:49:29 +00:00
Ulf Möller
aa82db4fb4 Add missing #ifndefs that caused missing symbols when building libssl
as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.

Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
2000-01-16 21:10:00 +00:00
Bodo Möller
11b1adadbd typo 1999-07-02 17:52:21 +00:00
Bodo Möller
1afd8b3942 typo 1999-07-02 14:23:33 +00:00
Bodo Möller
e105643595 New functions SSL[_CTX]_{set,get}_mode; the initial set of mode flags is
SSL_MODE_ENABLE_PARTIAL_WRITE, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
1999-07-02 13:55:32 +00:00
Ulf Möller
a9be3af5ad Remove NOPROTO definitions and error code comments. 1999-04-26 16:43:10 +00:00
Ben Laurie
61f5b6f338 Work with -pedantic! 1999-04-23 15:01:15 +00:00
Bodo Möller
85f48f7e93 Don't return 0 from ssl2_read when a packet with empty payload is received.
Submitted by:
Reviewed by:
PR:
1999-04-22 14:28:38 +00:00
Ulf Möller
6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Ben Laurie
e778802f53 Massive constification. 1999-04-17 21:25:43 +00:00
Ben Laurie
207ccf628d More prototypes. 1999-01-16 17:28:15 +00:00
Ralf S. Engelschall
58964a4922 Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00