root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
10,249 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

105 Commits

Author SHA1 Message Date
Richard Levitte 5b0b0e98ce Security fix: Vaudenay timing attack on CBC. 
An advisory will be posted to the web.  Expect a release within the hour.
 2003-02-19 12:03:59 +00:00
Lutz Jänicke 7b63c0fa8c Reorder inclusion of header files: 
des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
 2002-07-10 07:01:54 +00:00
Bodo Möller b889d6a8e8 fix warning 2002-05-06 10:44:59 +00:00
Bodo Möller 3def5a010e fix casts 2002-05-05 23:00:28 +00:00
Richard Levitte 9738f395c6 Synchronise with 0.9.7-stable. 2002-04-29 10:28:29 +00:00
Richard Levitte 8b07f23c30 Signedness mismatch. 
Notified by Bernd Matthes <bernd.matthes@gemplus.com>
 2002-04-20 10:23:19 +00:00
Bodo Möller 82b0bf0b87 Implement known-IV countermeasure. 
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
 2002-04-13 22:47:20 +00:00
Ben Laurie 45d87a1ffe Prototype info function. 2002-01-12 15:56:13 +00:00
Ulf Möller dcbbf83dba ssl3_read_bytes bug fix 
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
 2001-12-28 17:14:35 +00:00
Bodo Möller a661b65357 New functions SSL[_CTX]_set_msg_callback(). 
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
 2001-10-20 17:56:36 +00:00
Bodo Möller bf21446a2a Add per-SSL 'msg_callback' with 'msg_callback_arg'. 
Both have per-SSL_CTX defaults.
These new values can be set by calling SSL[_CTX]_[callback_]ctrl
with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG.

So far, the callback is never actually called.


Also rearrange some SSL_CTX struct members (some exist just in
SSL_CTXs, others are defaults for SSLs and are either copied
during SSL_new, or used if the value in the SSL is not set;
these three classes of members were not in a logical order),
and add some missing assignments to SSL_dup.
 2001-10-16 13:09:24 +00:00
Bodo Möller ee60d9fb28 Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't 
reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
 2001-09-20 18:35:52 +00:00
Bodo Möller 5277d7cb7c Fix ERR_R_... problems. 2001-03-07 01:19:07 +00:00
Richard Levitte bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't 
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
 2001-02-20 08:13:47 +00:00
Bodo Möller a0aae68cf6 Fix SSL_peek and SSL_pending. 2000-12-25 18:40:46 +00:00
Bodo Möller 5a4fbc69c3 First step towards SSL_peek fix. 2000-12-14 17:36:59 +00:00
Bodo Möller 54f10e6adc New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default 
behaviour that SSL_read may result in SSL_ERROR_WANT_READ.
 2000-09-12 20:28:30 +00:00
Bodo Möller c129544f0f Avoid sprintf 2000-05-21 14:21:24 +00:00
Dr. Stephen Henson 8ab59e7a49 Fix shadow warning. 2000-02-26 02:16:36 +00:00
Bodo Möller 87a025cbb4 Use unsigned loop index to make compilers happy 2000-02-25 16:36:07 +00:00
Bodo Möller b08b07b8ae The previous revision should have generated _more_ warnings, not less ... 
The return value of handshake_func is signed, not unsigned.
 2000-02-25 15:32:36 +00:00
Geoff Thorpe 4621a00063 More VC++ pickiness. (destest.c doesn't have a "return" and the usual 
signed/unsigned stuff in s3_pkt.c)

Submitted by:
Reviewed by:
PR:
 2000-02-25 15:09:04 +00:00
Bodo Möller e01eed0fae Fix off-by-one error :-) 2000-02-25 14:40:11 +00:00
Bodo Möller e5599db448 Fix warnings by using unsigned int where appropriate. 2000-02-25 14:27:31 +00:00
Ulf Möller a3b17baf4e signed/unsigned mismatch (VC++) 
Submitted by: Peter 'Luna' Runestig" <peter+openssl-users@runestig.com>
 2000-02-25 14:03:21 +00:00
Dr. Stephen Henson 72b60351f1 Change EVP_MD_CTX_type so it is more logical and add EVP_MD_CTX_md for 
the old functionality.

Various warning fixes.

Initial EVP symmetric cipher docs.
 2000-02-22 02:59:26 +00:00
Bodo Möller 1b8a8088a5 Workarounds to make broken programs happy (such as s_client and s_server). 2000-02-21 17:46:20 +00:00
Bodo Möller a2a0158959 Fix some bugs and document others 2000-02-21 17:09:54 +00:00
Bodo Möller e7ecc7d4dd Move ssl3_do_write from s3_pkt.c to s3_both.c. 2000-02-21 11:14:40 +00:00
Bodo Möller 745c70e565 Move MAC computations for Finished from ssl3_read_bytes into 
ssl3_get_message, which is more logical (and avoids a bug,
in addition to the one that I introduced yesterday :-)
and makes Microsoft "fast SGC" less special.
MS SGC should still work now without an extra state of its own
(it goes directly to SSL3_ST_SR_CLNT_HELLO_C, which is the usual state
for reading the body of a Client Hello message), however this should
be tested to make sure, and I don't have a MS SGC client.
 2000-02-21 10:16:30 +00:00
Bodo Möller b35e9050f2 Tolerate fragmentation and interleaving in the SSL 3/TLS record layer. 2000-02-20 23:04:06 +00:00
Ulf Möller 657e60fa00 ispell (and minor modifications) 2000-02-03 23:23:24 +00:00
Bodo Möller 52732b38da Some comments added, and slight code clean-ups. 2000-01-26 22:36:55 +00:00
Richard Levitte b058a08085 It doesn't make sense to try see if these variables are negative, since they're unsigned. 2000-01-17 00:49:52 +00:00
Bodo Möller e1798f856d In ssl3_read_n, set rwstate to SSL_NOTHING when the requested 
number of bytes could be read.
 2000-01-16 14:21:00 +00:00
Bodo Möller cc96f6b7a4 add check for internal error 2000-01-11 08:18:55 +00:00
Bodo Möller 3cc6cdea0f The buffer in ss3_read_n cannot actually occur because it is never 
called with max > n when extend is set.
 2000-01-11 08:09:27 +00:00
Bodo Möller c51ae173a6 Clean up some of the SSL server code. 2000-01-11 01:07:26 +00:00
Bodo Möller 9fb617e252 Use less complicated arrangement for data strutures related to Finished 
messages.
 2000-01-06 00:41:22 +00:00
Bodo Möller f2d9a32cf4 Use separate arrays for certificate verify and for finished hashes. 2000-01-06 00:24:24 +00:00
Bodo Möller c44f754047 Slight code cleanup for handling finished labels. 2000-01-05 23:11:51 +00:00
Bodo Möller 11b1adadbd typo 1999-07-02 17:52:21 +00:00
Bodo Möller 1afd8b3942 typo 1999-07-02 14:23:33 +00:00
Bodo Möller e105643595 New functions SSL[_CTX]_{set,get}_mode; the initial set of mode flags is 
SSL_MODE_ENABLE_PARTIAL_WRITE, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
 1999-07-02 13:55:32 +00:00
Bodo Möller d58d092bc9 Avoid warnings. 1999-06-10 16:29:32 +00:00
Ulf Möller a9be3af5ad Remove NOPROTO definitions and error code comments. 1999-04-26 16:43:10 +00:00
Bodo Möller ec577822f9 Change #include filenames from <foo.h> to <openssl.h>. 
Submitted by:
Reviewed by:
PR:
 1999-04-23 22:13:45 +00:00
Ben Laurie 61f5b6f338 Work with -pedantic! 1999-04-23 15:01:15 +00:00
Ulf Möller 6b691a5c85 Change functions to ANSI C. 1999-04-19 21:31:43 +00:00
Ben Laurie e778802f53 Massive constification. 1999-04-17 21:25:43 +00:00
Mark J. Cox 413c4f45ed Updates to the new SSL compression code 
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Fix so that the version number in the master secret, when passed
     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
     (because the server will not accept higher), that the version number
     is 0x03,0x01, not 0x03,0x00
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Submitted by:
Reviewed by:
PR:
 1999-02-16 09:22:21 +00:00
Ralf S. Engelschall 13e91dd365 Incorporation of RSEs assembled patches 1998-12-22 15:59:57 +00:00
Ralf S. Engelschall dfeab0689f Import of old SSLeay release: SSLeay 0.9.1b (unreleased) 1998-12-21 11:00:56 +00:00
Ralf S. Engelschall 58964a4922 Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
Ralf S. Engelschall d02b48c63a Import of old SSLeay release: SSLeay 0.8.1b 1998-12-21 10:52:47 +00:00