Commit graph

570 commits

Author SHA1 Message Date
Bodo Möller
7f0dae3276 OPENSSL_EXTERN, OPENSSL_GLOBAL 1999-05-15 14:23:29 +00:00
Bodo Möller
127640b449 Update dependencies. 1999-05-15 13:38:48 +00:00
Ben Laurie
531b2cf7e9 Get rid of the cast. 1999-05-15 11:54:21 +00:00
Bodo Möller
d3407350d8 Comment. 1999-05-15 10:40:02 +00:00
Bodo Möller
e2e3d5ce0c A comment. 1999-05-15 00:00:28 +00:00
Bodo Möller
2a82c7cf25 Various bugfixes: Uses locking for some more of the stuff that is not
thread-safe (where thread-safe counterparts are not available on all
platforms), and don't memcpy to NULL-pointers
Submitted by: Anonymous
Reviewed by: Bodo Moeller

Also, clean up htons vs. ntohs confusions.
1999-05-14 12:40:39 +00:00
Bodo Möller
3ae76679c7 Introduce and use function typedef pem_password_cb so that we don't call
those functions without having a parameter list declaration.
(There are various similar cases left ...)
1999-05-14 11:52:49 +00:00
Ben Laurie
2adca9cdc6 Update dependencies. 1999-05-13 17:33:27 +00:00
Bodo Möller
224551f732 Some tiny clean-ups related to the cert_st / sess_cert_st change. 1999-05-13 15:27:45 +00:00
Bodo Möller
b56bce4fc7 New structure type SESS_CERT used instead of CERT inside SSL_SESSION.
While modifying the sources, I found some inconsistencies on the use of
s->cert vs. s->session->sess_cert; I don't know if those could
really have caused problems, but possibly this is a proper bug-fix
and not just a clean-up.
1999-05-13 15:09:38 +00:00
Ulf Möller
7d7d2cbcb0 VMS support.
Submitted by: Richard Levitte <richard@levitte.org>
1999-05-13 11:37:32 +00:00
Bodo Möller
8d111f4a47 Spacing in comment corrected. 1999-05-13 10:36:29 +00:00
Bodo Möller
8a41eb70cc First tiny changes in preparation of changing of "sess_cert" handling.
Also I've subsituted real tabs for 8-spaces sequences in some lines so that
things don't look that weird with a tab-width of 4.
1999-05-13 10:32:04 +00:00
Bodo Möller
fa2b248f23 Clarify comment.
Submitted by:
Reviewed by:
PR:
1999-05-11 14:26:14 +00:00
Bodo Möller
ff71222024 And I thought I could spell ... but in caps really everything looks the same.
Submitted by:
Reviewed by:
PR:
1999-05-11 07:54:38 +00:00
Bodo Möller
b31b04d951 Make SSL library a little more fool-proof by not requiring any longer
that SSL_set_{accept,connect}_state be called before
SSL_{accept,connect} may be used.
Submitted by:
Reviewed by:
PR:
1999-05-11 07:43:16 +00:00
Bodo Möller
1c3e0a1976 Changed a comment.
Submitted by:
Reviewed by:
PR:
1999-05-10 15:10:11 +00:00
Bodo Möller
9d5cceac6f No actual change, but the cert_st member of struct ssl_session_st is now
called sess_cert instead of just cert.  This is in preparation of further
changes: Probably often when s->session->sess_cert is used, we should
use s->cert instead; s->session->sess_cert should be a new structure
containing only the stuff that is for just one connection (e.g.
the peer's certificate, which the SSL client implementations currently
store in s->session->[sess_]cert, which is a very confusing thing to do).
Submitted by:
Reviewed by:
PR:
1999-05-09 21:22:45 +00:00
Bodo Möller
ca8e5b9b8a Create a duplicate of the SSL_CTX's CERT in SSL_new instead of copying
pointers.  The cert_st handling is changed by this in various ways.
Submitted by:
Reviewed by:
PR:
1999-05-09 20:12:44 +00:00
Bodo Möller
8d1157c71c One comment was in the wrong line ... some others are new.
Submitted by:
Reviewed by:
PR:
1999-05-09 16:41:00 +00:00
Bodo Möller
8450bddfaf Some tiny changes to the source code to make future diffs smaller
when restructuring the cert_st handling (removed unnused parts,
and the like).
Submitted by:
Reviewed by:
PR:
1999-05-09 15:45:38 +00:00
Bodo Möller
303c002898 Use "const char *" instead of "char *" for filenames passed to functions.
Submitted by:
Reviewed by:
PR:
1999-05-09 10:12:10 +00:00
Dr. Stephen Henson
a5ab0532ca Various Win32 fixes. Win95 doesn't support MoveFileEx() (which was used for a
Win32 version of rename() ). There isn't a precise rename() equivalent under
Win95: the standard rename() complains if the destination already exists so
replaced with a combination of unlink() and MoveFile().
1999-05-08 22:46:51 +00:00
Ulf Möller
c2eb65ba7c Remove unreachable return statements. 1999-05-05 22:06:44 +00:00
Ben Laurie
661b361b4b Some more stack stuff. 1999-05-03 19:55:00 +00:00
Bodo Möller
8051996a5b Annotate a bug.
Submitted by:
Reviewed by:
PR:
1999-05-02 04:03:22 +00:00
Bodo Möller
b3ca645f47 New function SSL_CTX_use_certificate_chain_file.
Submitted by:
Reviewed by:
PR:
1999-05-01 17:43:52 +00:00
Bodo Möller
7f89714e64 Support verify_depth from the SSL API without need for user-defined
callbacks.

Submitted by:
Reviewed by:
PR:
1999-05-01 03:20:40 +00:00
Bodo Möller
0fda2e3788 Add "static" to function definition
Submitted by: Anonymous
Reviewed by:
PR:

Submitted by:
Reviewed by:
PR:
1999-05-01 00:18:54 +00:00
Bodo Möller
4eb77b2679 New function SSL_CTX_set_session_id_context.
Submitted by:
Reviewed by:
PR:
1999-04-30 17:15:56 +00:00
Dr. Stephen Henson
801294f873 Fix a couple of cases where an attempt is made to lock an already locked
mutex.
1999-04-29 22:25:52 +00:00
Bodo Möller
e5f3045fbf Support INSTALL_PREFIX for packagers.
Submitted by:
Reviewed by:
PR:
1999-04-29 21:52:08 +00:00
Ulf Möller
d575d2924c Ignore Makefile.save
Submitted by: Anonymous
1999-04-29 16:04:54 +00:00
Bodo Möller
1314c344ac Obey $(PERL) when running util/mklink.pl.
Submitted by:
Reviewed by:
PR:
1999-04-29 12:46:59 +00:00
Bodo Möller
6e6acfd4b9 Use util/mklink.pl instead of util/mklink.sh.
Submitted by:
Reviewed by:
PR:
1999-04-28 22:33:54 +00:00
Ulf Möller
61f217eec2 Undo. 1999-04-27 11:46:13 +00:00
Ulf Möller
d02f751ce1 Message digest stuff. 1999-04-27 04:18:53 +00:00
Ulf Möller
79df9d6272 New Configure option no-<cipher> (rsa, idea, rc5, ...). 1999-04-27 03:19:12 +00:00
Ulf Möller
281c52c054 Add missing DEPFLAG. 1999-04-27 01:41:57 +00:00
Ulf Möller
a9be3af5ad Remove NOPROTO definitions and error code comments. 1999-04-26 16:43:10 +00:00
Dr. Stephen Henson
c74b3a6037 Various header consistency fixes. 1999-04-25 16:38:52 +00:00
Bodo Möller
0b86eb3ea6 Fix header files so that any one can be included first.
Submitted by:
Reviewed by:
PR:
1999-04-24 18:50:40 +00:00
Dr. Stephen Henson
7393480047 Change the command line options of mkerr.pl so -static is now default and
a -write option is needed to actually change anything. Second attempt at
getting rid of ERR, ERRC definitions: it might even work this time :-)
1999-04-24 17:28:43 +00:00
Bodo Möller
c76b0f751f Restore ERRC definitions that are needed to compile the library.
Submitted by:
Reviewed by:
PR:

Submitted by:
Reviewed by:
PR:
1999-04-24 15:57:02 +00:00
Dr. Stephen Henson
6e781e8e07 Delete the unnecessary ERR and ERRC lines in makefiles, add some functionality
to error code script: it can now find untranslatable function codes (usually
because the function is static and not defined in a header: occasionally because
of a typo...) and unreferenced function and reason codes. To see this try:
perl util/mkerr.pl -recurse -debug
Also fixed some typos in crypto/pkcs12 that this found :-)
Also tidy up some error calls that had to be all on one line: the old error
script couldn't find codes unless the call was all on one line.
1999-04-24 13:28:57 +00:00
Dr. Stephen Henson
6d31193858 Complete rewrite of the error code generation script. It now runs as a single
script, translates function codes better and doesn't need the K&R function
prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are
still needed by the DEF generator...). I also ran the script with the -rewrite
option to update all the header and source files.
1999-04-24 00:15:18 +00:00
Bodo Möller
bf57da0717 "make depend"
Submitted by:
Reviewed by:
PR:
1999-04-23 22:50:50 +00:00
Bodo Möller
ec577822f9 Change #include filenames from <foo.h> to <openssl.h>.
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Ben Laurie
61f5b6f338 Work with -pedantic! 1999-04-23 15:01:15 +00:00
Bodo Möller
85f48f7e93 Don't return 0 from ssl2_read when a packet with empty payload is received.
Submitted by:
Reviewed by:
PR:
1999-04-22 14:28:38 +00:00
Bodo Möller
5cc146f344 Fixed some race conditions.
Submitted by:
Reviewed by:
PR:
1999-04-22 13:37:46 +00:00
Ben Laurie
4997138a06 Fix DES export ciphersuites. 1999-04-21 13:24:58 +00:00
Ben Laurie
e4aac1cb68 const correctness. 1999-04-19 23:43:11 +00:00
Ulf Möller
6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Ben Laurie
e778802f53 Massive constification. 1999-04-17 21:25:43 +00:00
Ben Laurie
c5db363e1b Fix some warnings. Contributed by Anonymous. 1999-04-16 18:13:27 +00:00
Ben Laurie
abed0b8a1f Add new experimental ciphersuites. Bring naming into line with RFC. 1999-04-15 18:52:13 +00:00
Ben Laurie
28db340142 Just use an ANSI declaration, instead. 1999-04-15 10:10:21 +00:00
Bodo Möller
9e7bd9b5fe Make Windows compilers happy.
Submitted by:Tom Titchener
Reviewed by:
PR:
1999-04-14 21:43:02 +00:00
Ben Laurie
8f7de4f04c Typo. 1999-04-14 11:13:47 +00:00
Ben Laurie
f73e07cf42 Add type-safe STACKs and SETs. 1999-04-12 17:23:57 +00:00
Bodo Möller
adbfb08354 Tiny comment to improve code comprehensibility.
Submitted by:
Reviewed by:
PR:
1999-04-09 07:12:17 +00:00
Ulf Möller
99aab1619f New Makefile variables $(RANLIB) and $(PERL). 1999-04-01 12:34:33 +00:00
Bodo Möller
6d02d8e444 New option "-showcerts" for s_client
Slight cleanup in ssl/
1999-03-31 12:06:30 +00:00
Dr. Stephen Henson
bc37a6b81c Remove deleted PKCS#12 functions from pkcs12.h, get rid of object creation
kludge, remove CRs from ssl_ciph.c and update Win32 functions for PKCS#12
code. It might compile under Win32 now ...
1999-03-29 22:18:54 +00:00
Ralf S. Engelschall
72e442a3a6 function names recently changed - consistency. 1999-03-22 15:50:34 +00:00
Ben Laurie
b4cadc6e13 Fix security hole. 1999-03-22 12:22:14 +00:00
Dr. Stephen Henson
199d59e5a1 Remove some references which called malloc and free instead of Malloc and Free. 1999-03-14 01:16:45 +00:00
Dr. Stephen Henson
bc420ac592 Delete NULL ciphers from 'ALL' in the cipher list aliases. This means that
NULL ciphers specifically have to be enabled with e.g. "DEFAULT:eNULL". This
prevents cipher lists from inadvertantly having NULL ciphers at the top
of their list (e.g. the default ones) because they didn't have to be taken
into account before.
1999-03-12 01:43:28 +00:00
Ben Laurie
bc3482442a Disable new TLS1 ciphersuites. 1999-03-06 15:21:02 +00:00
Ben Laurie
a49034aba9 Fix names of cert stack functions. 1999-03-06 14:49:11 +00:00
Ben Laurie
6242bb9c63 Put the dependencies back. 1999-03-06 14:32:48 +00:00
Ralf S. Engelschall
63493c7b06 Move the SSL_CTX_xxx defines at the top of ssl.h to the location of other
SSL_CTX_xxx defines. What was the reason to move them to the top, even before
the copyright and #ifdef HEADER_SSL_H? Hmmm...  when there was and still is a
good reason feel free to reverse this patch, but please document why it is
needed this way.
1999-03-06 14:24:54 +00:00
Ben Laurie
f415fa3243 Fix export ciphersuites, again. 1999-03-06 14:09:36 +00:00
Ralf S. Engelschall
bb8f3c5879 General source tree makefile cleanups: Made `making xxx in yyy...' display
consistent in the source tree and replaced `/bin/rm' by `rm'.  Additonally
cleaned up the `make links' target: Remove unnecessary semicolons, subsequent
redundant removes, inline point.sh into mklink.sh to speed processing and no
longer clutter the display with confusing stuff. Instead only the actually
done links are displayed.
1999-03-06 12:32:06 +00:00
Ben Laurie
988788f697 Permit null ciphers. 1999-03-06 12:09:36 +00:00
Ralf S. Engelschall
a06c602e6f Remove confusing variables in function signatures in files
ssl/ssl_lib.c and ssl/ssl.h. At least the double ctx-variable
confused some compilers.

Submitted by: Lennart Bong <lob@kulthea.stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-03-04 07:54:01 +00:00
Dr. Stephen Henson
06c6849124 Fix the Win32 compile environment and add various changes so it will now compile
under Win32 (9X and NT) again. Note: some signed/unsigned changes recently
checked in were killing the Win32 compile.
1999-03-03 02:01:26 +00:00
Ben Laurie
eb90a483ad Add functions to add certs to stacks, used for CA file/path stuff in servers. 1999-02-28 17:41:55 +00:00
Ben Laurie
49bc262459 More truth in declarations. 1999-02-28 14:39:18 +00:00
Ben Laurie
4f43d0e71f Experiment with doxygen documentation. 1999-02-28 12:41:50 +00:00
Ralf S. Engelschall
c707fb2741 Ops, the logic of the second argument has to be coupled with the != test to
work correctly for the SSL_CTX_xxx situations, too. Now "make test" passes
again fine.
1999-02-26 22:31:54 +00:00
Ralf S. Engelschall
15d21c2df4 Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH
private keys and/or callback functions which directly correspond to their
SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed
for applications which have to configure certificates on a per-connection
basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g.
s_server).

For the RSA certificate situation is makes no difference, but for the DSA
certificate situation this fixes the "no shared cipher" problem where the
OpenSSL cipher selection procedure failed because the temporary keys were not
overtaken from the context and the API provided no way to reconfigure them.

The new functions now let applications reconfigure the stuff and they are in
detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
non-public-API function ssl_cert_instantiate() is used as a helper function
and also to reduce code redundancy inside ssl_rsa.c.

Submitted by: Ralf S. Engelschall
Reviewed by: Ben Laurie
1999-02-25 14:40:29 +00:00
Ralf S. Engelschall
90a52cecaf Fix the cipher decision scheme for export ciphers: the export bits are *not*
within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK.  So, the
original variable has to be used instead of the already masked variable.

Submitted by: Richard Levitte <levitte@stacken.kth.se>
Reviewed by: Ralf S. Engelschall
1999-02-25 11:03:18 +00:00
Dr. Stephen Henson
e527ba09a6 Various changes to make this stuff compile under Win32 and VC++ with and
without -debug option to mk1mf.pl. Change _export to is_export (_export is
a reserved word under VC++). Add yucky function prototype function pointer
casts. Sanitise the included files in crypto/x509v3.

Also changed ssleay.exe target to openssl.exe
1999-02-22 01:26:40 +00:00
Ben Laurie
60e31c3a4b More stuff for new TLS ciphersuites. 1999-02-21 21:58:59 +00:00
Ben Laurie
a040ea8251 Undo a couple of kludges. 1999-02-21 20:07:41 +00:00
Ben Laurie
06ab81f9f7 Add support for new TLS export ciphersuites. 1999-02-21 20:03:24 +00:00
Ben Laurie
4004dbb7f6 Generate errors when public/private key check is done. 1999-02-20 11:50:07 +00:00
Mark J. Cox
413c4f45ed Updates to the new SSL compression code
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Fix so that the version number in the master secret, when passed
     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
     (because the server will not accept higher), that the version number
     is 0x03,0x01, not 0x03,0x00
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Submitted by:
Reviewed by:
PR:
1999-02-16 09:22:21 +00:00
Dr. Stephen Henson
a8236c8c32 Fix various memory leaks in SSL, apps and DSA 1999-02-15 21:05:21 +00:00
Ben Laurie
436d318c80 In the absence of feedback either way, commit the fix that looks right for
wrong keylength with export null ciphers.
1999-02-13 12:39:50 +00:00
Ralf S. Engelschall
4a16967b45 Remove one more totally bogus source file.
This one is exactly the same as ssl_sess.c.
Thanks to Adam Goodman <adam@a-domain.com> for hint.
1999-02-10 12:44:27 +00:00
Ralf S. Engelschall
155d7a0e1d First cut for a very conservative source tree cleanup:
1. merge various obsolete readme texts into doc/ssleay.txt
   where we collect the old documents and readme texts.

2. remove the first part of files where I'm already sure that we no longer need
   them because of three reasons: either they are just temporary files which
   were left by Eric or they are preserved original files where I've verified
   that the diff is also available in the CVS via "cvs diff -rSSLeay_0_8_1b"
   or they were renamed (as it was definitely the case for the crypto/md/
   stuff).

We've still a horrible mess under crypto/bn/asm/.  There for a lot of files
I'm sure whether we need them or not. So, when someone knows it better, feel
free to cleanup there.
1999-02-10 08:26:08 +00:00
Ben Laurie
bf5dcd135f More exactitude with function arguments. 1999-02-09 23:01:08 +00:00
Dr. Stephen Henson
9b3086fe38 Fix various stuff: that VC++ 5.0 chokes on:
1. Add *lots* of missing prototypes for static ssl functions.
2. VC++ doesn't understand the 'LL' suffix for 64 bits constants: change bn.org
3. Add a few missing prototypes in pem.org
Fix mk1mf.pl so it outputs a Makefile that doesn't choke Win95.
Fix mkdef.pl so it doesn't truncate longer names.
1999-01-31 17:30:18 +00:00
Dr. Stephen Henson
679ab7c39e Update STATUS, modify ssl.h so mkdef.pl will pick up prototypes and
add x509v3.h to mkdef.pl list of include files.
1999-01-30 17:35:01 +00:00
Ben Laurie
59ff713462 Break circular dependency between pem and err. 1999-01-30 13:40:34 +00:00
Ben Laurie
6f93539970 This time, get it right. 1999-01-19 23:25:22 +00:00
Ben Laurie
8039257dbc Finally lay dependencies to rest (I hope!). 1999-01-19 21:36:31 +00:00
Dr. Stephen Henson
6c8abdd744 New err_code.pl script to retain old error codes. This should allow the use
of 'make errors' without causing huge re-organisations of files when a new
code is added.
1999-01-18 22:18:38 +00:00
Ben Laurie
f06b01eb62 More prototypes. 1999-01-16 17:56:00 +00:00
Ben Laurie
da10692aa2 More prototypes. 1999-01-16 17:49:12 +00:00
Ben Laurie
f7ba298480 More prototypes. 1999-01-16 17:40:04 +00:00
Ben Laurie
207ccf628d More prototypes. 1999-01-16 17:28:15 +00:00
Ben Laurie
cd3916c40f More prototypes. 1999-01-16 17:12:36 +00:00
Ben Laurie
1933485b60 Fix comment. 1999-01-10 19:41:33 +00:00
Ben Laurie
e03ddfae7e Accept NULL in *_free. 1999-01-07 19:15:59 +00:00
Ben Laurie
6fa89f94c4 Fix DH key generation.
Contributed by: Anonymous <nobody@replay.com>
1999-01-07 00:37:01 +00:00
Ben Laurie
5b00115ab0 Fix export tests. 1999-01-06 23:18:08 +00:00
Ben Laurie
f8c3c05db9 Make the world a safer place (if people object to this kind of change, speak up
soon - I intend to do a lot of it!).
1999-01-06 22:53:34 +00:00
Ralf S. Engelschall
f7ceceb518 Remove more old temporary files from CVS 1998-12-31 21:51:27 +00:00
Ralf S. Engelschall
9cb0969f65 Fix version stuff:
1. The already released version was 0.9.1c and not 0.9.1b

2. The next release should be 0.9.2 and not 0.9.1d, because
   first the changes are already too large, second we should avoid any more
   0.9.1x confusions and third, the Apache version semantics of
   VERSION.REVISION.PATCHLEVEL for the version string is reasonable (and here
   .2 is already just a patchlevel and not major change).
tVS: ----------------------------------------------------------------------
1998-12-31 09:36:40 +00:00
Ralf S. Engelschall
320a14cb5b *** empty log message *** 1998-12-23 12:09:47 +00:00
Ralf S. Engelschall
5f32680329 Switch version string to SSLeay/OpenSSL 1998-12-23 07:53:55 +00:00
Ralf S. Engelschall
13e91dd365 Incorporation of RSEs assembled patches 1998-12-22 15:59:57 +00:00
Ralf S. Engelschall
651d0aff98 Various cleanups and fixed by Marc and Ralf to start the OpenTLS project 1998-12-22 15:04:48 +00:00
Ralf S. Engelschall
dfeab0689f Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
Ralf S. Engelschall
58964a4922 Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
Ralf S. Engelschall
d02b48c63a Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00