wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7376 commits 20 branches 302 tags 153 MiB
Commit graph

600 commits

Author SHA1 Message Date
Richard Levitte
a2617f727d Don't use $(EXHEADER) directly in for loops, as most shells will break 
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>
 2004-11-02 23:53:31 +00:00
Dr. Stephen Henson
ac4fb4a138 Fix race condition. 2004-10-25 11:15:49 +00:00
Richard Levitte
1033449613 make update 2004-08-10 09:09:08 +00:00
Richard Levitte
7f9c37457a To protect FIPS-related global variables, add locking mechanisms 
around them.

NOTE: because two new locks are added, this adds potential binary
incompatibility with earlier versions in the 0.9.7 series.  However,
those locks will only ever be touched when FIPS_mode_set() is called
and after, thanks to a variable that's only changed from 0 to 1 once
(when FIPS_mode_set() is called).  So basically, as long as FIPS mode
hasn't been engaged explicitely by the calling application, the new
locks are treated as if they didn't exist at all, thus not becoming a
problem.  Applications that are built or rebuilt to use FIPS
functionality will need to be recompiled in any case, thus not being a
problem either.
 2004-07-30 14:38:02 +00:00
Dr. Stephen Henson
0b948f3677 New cipher "strength" FIPS which specifies that a 
cipher suite is FIPS compatible.

New cipherstring "FIPS" is all FIPS compatible ciphersuites except eNULL.

Only allow FIPS ciphersuites in FIPS mode.
 2004-07-27 18:28:49 +00:00
Andy Polyakov
1ecb88b95a Add casts where casts due. It's "safe" to cast, because "wrong" casts 
will either be optimized away or never performed. The trouble is that
compiler first parses code, then optimizes, not both at once...
 2004-07-24 13:40:47 +00:00
Andy Polyakov
64c6865427 Proper WinCE support for listing files. "Backported" from HEAD. 2004-07-22 16:39:48 +00:00
Dr. Stephen Henson
bdb4a7e092 Fixes so alerts are sent properly in s3_pkt.c 
PR: 851
 2004-05-15 17:46:50 +00:00
Ben Laurie
0163602573 Check error returns. 2004-05-15 16:39:23 +00:00
Ben Laurie
3642f632d3 Pull FIPS back into stable. 2004-05-11 12:46:24 +00:00
Mark J. Cox
82d63d3028 Fix null-pointer assignment in do_change_cipher_spec() revealed 
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
(CAN-2004-0112)
Ready for 0.9.7d build

Submitted by: Steven Henson
Reviewed by: Joe Orton
Approved by: Mark Cox
 2004-03-17 12:01:19 +00:00
Dr. Stephen Henson
8e6a84e730 Avoid warnings. 2004-03-16 13:50:18 +00:00
Richard Levitte
381a693c39 make update 2004-01-29 10:23:54 +00:00
Lutz Jänicke
3fbbd1e1d7 unintptr_t and <inttypes.h> are not strictly portable with respect to 
ANSI C 89.
Undo change to maintain compatibility.
 2004-01-04 17:54:02 +00:00
Richard Levitte
d2c786db37 Avoid including cryptlib.h, it's not really needed. 
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 16:09:59 +00:00
Richard Levitte
cc056d6395 Use sh explicitely to run point.sh 
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 15:00:24 +00:00
Richard Levitte
ec2a595627 Change 'exp' to something else, as 'exp' is predefined by GNU C. This 
was already done in HEAD, but not in this branch (I wonder why...).
 2003-12-27 14:24:20 +00:00
Lutz Jänicke
325829a9bc Restructure make targets to allow parallel make. 
Submitted by: Witold Filipczyk <witekfl@poczta.gazeta.pl>

PR: #513
 2003-12-03 16:29:16 +00:00
Richard Levitte
b64614adfe We're getting a clash with C++ because it has a type called 'list'. 
Therefore, change all instances of the symbol 'list' to something else.

PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>
 2003-11-29 10:25:42 +00:00
Richard Levitte
6a6a08cbea RSA_size() and DH_size() return the amount of bytes in a key, and we 
compared it to the amount of bits required...
PR: 770
Submitted by: c zhang <czhang2005@hotmail.com>
 2003-11-28 23:03:19 +00:00
Richard Levitte
c9d3957986 Check for errors from SSL_COMP_add_compression_method(). 
Notified by Andrew Marlow <AMARLOW1@bloomberg.net>
 2003-10-02 10:41:50 +00:00
Richard Levitte
05e962ddf8 Correct a mixup of return values 2003-10-02 10:38:46 +00:00
Richard Levitte
88fd7424f6 Have ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B. 
PR: 679
 2003-09-27 19:32:09 +00:00
Richard Levitte
30a452ab32 Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B. 
PR: 680
 2003-09-27 19:27:09 +00:00
Richard Levitte
ec4e600da6 Include the instance in the Kerberos ticket information. 
In s_server, print the received Kerberos information.
PR: 693
 2003-09-27 17:55:18 +00:00
Richard Levitte
c9b552534e Free the Kerberos context upon freeing the SSL. 
Contributed by Andrew Mann <amann@tccgi.com>
 2003-09-27 07:33:28 +00:00
Geoff Thorpe
62afa8bd58 These should be write-locks, not read-locks. 2003-09-08 16:00:46 +00:00
Dr. Stephen Henson
33ed371ec9 Only accept a client certificate if the server requests 
one, as required by SSL/TLS specs.
 2003-09-03 23:42:17 +00:00
Bodo Möller
9cc513a000 fix out-of-bounds check in lock_dbg_cb (was too lose to detect all 
invalid cases)

PR: 674
 2003-08-14 10:33:26 +00:00
Bodo Möller
0e9edc98d4 make sure no error is left in the queue that is intentionally ignored 2003-08-11 18:56:19 +00:00
Bodo Möller
5cc2658cff tolerate extra data at end of client hello for SSL 3.0 
PR: 659
 2003-07-21 15:17:49 +00:00
Lutz Jänicke
a157379adc Fix ordering of compare functions: strncmp() must be used first, as it 
the cipher name in the list is not guaranteed to be at least "buflen"
long.
PR: 567
Submitted by: "Matt Harren" <matth@cs.berkeley.edu>
 2003-04-08 06:28:34 +00:00
Richard Levitte
961b565690 Let's limit the extent of the definition of _XOPEN_SOURCE. 2003-03-25 21:17:31 +00:00
Bodo Möller
409a5de586 countermeasure against new Klima-Pokorny-Rosa atack 2003-03-19 19:19:58 +00:00
Ulf Möller
37d9503a67 mingw related cleanups, as in head 2003-02-22 18:02:46 +00:00
Richard Levitte
352df99302 Security fix: Vaudenay timing attack on CBC. 
An advisory will be posted to the web.  Expect a release within the hour.
 2003-02-19 12:04:16 +00:00
Richard Levitte
b9447ec1bc Make it possible to disable OCSP, the speed application, and the use of sockets. 
PR: 358
 2003-02-14 01:03:06 +00:00
Dr. Stephen Henson
c13eba970c Option to disable auto SSL chain building. 2003-02-12 17:05:17 +00:00
Bodo Möller
4309b740ce comments 2003-02-12 14:17:38 +00:00
Bodo Möller
636631cdd5 SSL_add_dir_cert_subjects_to_stack now exists for WIN32 2003-02-05 16:37:17 +00:00
Richard Levitte
8e1e238219 A few small bugs with BIO popping. 
PR: 364
 2003-01-30 21:49:16 +00:00
Richard Levitte
6d85cd36e2 Add the possibility to build without the ENGINE framework. 
PR: 287
 2003-01-30 17:37:49 +00:00
Richard Levitte
8f94b2010f Fix a memory leak in SSL. 
PR: 477
 2003-01-30 11:00:37 +00:00
Richard Levitte
bc35d57932 Fix possible NULL dereferencial. 
Notified by Verdon Walker <VWalker@novell.com>
 2003-01-16 06:00:59 +00:00
Lutz Jänicke
b2c71c489d Really fix SSLv2 session ID handling 
PR: 377
 2003-01-15 09:48:29 +00:00
Lutz Jänicke
ef9d3a10c3 Fix wrong handling of session ID in SSLv2 client code. 
PR: 377
 2002-12-29 20:58:55 +00:00
Lutz Jänicke
c71414b3a9 Some more adjustments 
Submitted by: Jeffrey Altman <jaltman@columbia.edu>, "Kenneth R. Robinette" <support@securenetterm.com>
 2002-12-24 21:53:34 +00:00
Richard Levitte
88a908e50d Stop a possible memory leak. 
(I wonder why s2_connect() handles the initial buffer allocation slightly
differently...)
PR: 416
 2002-12-21 23:49:25 +00:00
Lutz Jänicke
214b8b998a Fix Kerberos5/SSL interaction 
Submitted by: "Kenneth R. Robinette" <support@securenetterm.com>
Reviewed by:
PR:
 2002-12-20 12:47:16 +00:00
Richard Levitte
e286dfe6ed We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies, 
and then didn't support it very well.  And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...
 2002-12-19 22:10:20 +00:00