openssl

Author	SHA1	Message	Date
Matt Caswell	02f0c26cea	Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) This commit is for the 0.9.8 changes Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:53:07 +00:00
Matt Caswell	40720ce3ca	Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:52:55 +00:00
Matt Caswell	13270477f4	Move more comments that confuse indent Conflicts: crypto/dsa/dsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl_locl.h Conflicts: crypto/bn/rsaz_exp.c crypto/evp/e_aes_cbc_hmac_sha1.c crypto/evp/e_aes_cbc_hmac_sha256.c ssl/ssl_locl.h Conflicts: crypto/ec/ec2_oct.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ecp_nistputil.c crypto/ec/ecp_oct.c crypto/modes/gcm128.c ssl/ssl_locl.h Conflicts: apps/apps.c crypto/crypto.h crypto/rand/md_rand.c ssl/d1_pkt.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_enc.c Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:52:21 +00:00
Matt Caswell	3e8042c38f	Additional comment changes for reformat of 0.9.8 Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:49:06 +00:00
Matt Caswell	564ccc55d6	Further comment amendments to preserve formatting prior to source reformat (cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5) Conflicts: crypto/x509v3/pcy_tree.c Conflicts: apps/apps.c ssl/ssltest.c Conflicts: apps/apps.c crypto/ec/ec2_oct.c crypto/ec/ecp_nistp224.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c ssl/s3_cbc.c ssl/ssl_sess.c ssl/t1_lib.c Conflicts: crypto/bio/b_sock.c crypto/pem/pem.h crypto/x509/x509_vfy.c crypto/x509v3/pcy_tree.c ssl/s3_both.c Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:48:59 +00:00
Tim Hudson	b558c8d597	mark all block comments that need format preserving so that indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Conflicts: crypto/rc4/rc4_enc.c crypto/x509v3/v3_scts.c crypto/x509v3/v3nametest.c ssl/d1_both.c ssl/s3_srvr.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_lib.c Conflicts: crypto/asn1/a_sign.c crypto/bn/bn_div.c crypto/dsa/dsa_asn1.c crypto/ec/ecp_nistp224.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ecp_nistputil.c crypto/modes/gcm128.c crypto/opensslv.h ssl/d1_both.c ssl/heartbeat_test.c ssl/s3_clnt.c ssl/s3_srvr.c ssl/ssl_sess.c ssl/t1_lib.c test/testutil.h Conflicts: apps/openssl.c apps/ts.c apps/vms_decc_init.c crypto/aes/aes_core.c crypto/aes/aes_x86core.c crypto/dsa/dsa_ameth.c crypto/ec/ec2_mult.c crypto/evp/evp.h crypto/objects/objects.h crypto/rsa/rsa_pss.c crypto/stack/safestack.h crypto/ts/ts.h crypto/ts/ts_rsp_verify.c crypto/whrlpool/wp_dgst.c crypto/x509v3/v3_ncons.c e_os2.h engines/ccgost/gost89.c engines/ccgost/gost_ctl.c engines/ccgost/gost_keywrap.c engines/ccgost/gost_keywrap.h engines/ccgost/gost_sign.c ssl/kssl.c ssl/s3_srvr.c Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:48:44 +00:00
Dr. Stephen Henson	ede1351997	Submitted by: Tomas Hoger <thoger@redhat.com> Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted).	2010-03-03 15:34:11 +00:00
Dr. Stephen Henson	caeb429055	Update from 1.0.0-stable.	2009-04-16 16:43:18 +00:00
Dr. Stephen Henson	72f6453c48	PR: 1835 Submitted by: Damien Miller <djm@mindrot.org> Approved by: steve@openssl.org Fix various typos.	2009-02-14 21:50:14 +00:00
Dr. Stephen Henson	3edad44d6e	Avoid "initializer not constant" errors when compiling in pedantic mode.	2008-04-02 11:15:05 +00:00
Nils Larsch	6555dfa486	use user-supplied malloc functions for persistent kssl objects PR: 1467 Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>	2007-02-10 10:40:24 +00:00
Andy Polyakov	beae6324e5	Eliminate dependency on UNICODE macro.	2005-06-27 21:21:12 +00:00
Richard Levitte	c58a1f76f8	Do not undefine _XOPEN_SOURCE. This is currently experimental, and will be firmed up as soon as it's been verified not to break anything.	2005-06-16 22:19:14 +00:00
Richard Levitte	b9927cfa2d	When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html. Notified by David Wolfe <dwolfe5272@yahoo.com>	2005-05-21 17:39:53 +00:00
Dr. Stephen Henson	384dba6edb	Make kerberos ciphersuite code compile again. Avoid more shadow warnings.	2005-04-20 21:48:48 +00:00
Dr. Stephen Henson	0858b71b41	Make kerberos ciphersuite code work with newer header files	2005-04-09 23:55:55 +00:00
Dr. Stephen Henson	4e8172d6da	Avoid warnings.	2004-03-16 13:51:11 +00:00
Richard Levitte	253e893c2b	Include the instance in the Kerberos ticket information. In s_server, print the received Kerberos information. PR: 693	2003-09-27 17:55:13 +00:00
Richard Levitte	c4d00669a0	Let's limit the extent of the definition of _XOPEN_SOURCE.	2003-03-25 21:17:28 +00:00
Lutz Jänicke	ea8e0cc7c2	Some more adjustments Submitted by: Jeffrey Altman <jaltman@columbia.edu>, "Kenneth R. Robinette" <support@securenetterm.com>	2002-12-24 21:55:57 +00:00
Lutz Jänicke	1004c99c29	Fix Kerberos5/SSL interaction Submitted by: "Kenneth R. Robinette" <support@securenetterm.com> Reviewed by: PR:	2002-12-20 12:48:00 +00:00
Richard Levitte	4579924b7e	Cleanse memory using the new OPENSSL_cleanse() function. I've covered all the memset()s I felt safe modifying, but may have missed some.	2002-11-28 08:04:36 +00:00
Ben Laurie	54a656ef08	Security fixes brought forward from 0.9.7.	2002-11-13 15:43:43 +00:00
Dr. Stephen Henson	611ba3f4a1	Initialize ciph_ctx in kssl.c	2002-03-19 01:28:00 +00:00
Dr. Stephen Henson	497810cae7	Undo previous patch: avoid warnings by #undef'ing duplicate definitions. Suggested by "Kenneth R. Robinette" <support@securenetterm.com>	2002-03-13 13:59:38 +00:00
Dr. Stephen Henson	cbc9d9713d	Fix Kerberos warnings with VC++.	2002-03-12 19:37:18 +00:00
Dr. Stephen Henson	0b4c91c0fc	Fix various warnings when compiling with KRB5 code.	2002-03-12 02:59:37 +00:00
Richard Levitte	26414ee013	Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated	2002-02-28 12:42:19 +00:00
Bodo Möller	47ff5c6279	For future portability reasons MIT is moving all macros to function calls. This patch allows compilation either way. Submitted by: Jeffrey Altman <jaltman@columbia.edu>	2001-11-23 21:50:50 +00:00
Dr. Stephen Henson	581f1c8494	Modify EVP cipher behaviour in a similar way to digests to retain compatibility.	2001-10-17 00:37:12 +00:00
Richard Levitte	116daf4c2f	To avoid commit wars over dependencies, let's make it so things that depend on the environment, like the presence of the OpenBSD crypto device or of Kerberos, do not change the dependencies within OpenSSL.	2001-10-10 07:55:02 +00:00
Richard Levitte	fdc2bbcacb	Correct most of the unsigned vs. signed warnings (or int vs. size_t), and rename some local variables to avoid name shadowing.	2001-07-31 08:45:40 +00:00
Richard Levitte	882e891284	More Kerberos SSL changes from Jeffrey Altman <jaltman@columbia.edu> His comments are: First, it corrects a problem introduced in the last patch where the kssl_map_enc() would intentionally return NULL for valid ENCTYPE values. This was done to prevent verification of the kerberos 5 authenticator from being performed when Derived Key ciphers were in use. Unfortunately, the authenticator verification routine was not the only place that function was used. And it caused core dumps. Second, it attempt to add to SSL_SESSION the Kerberos 5 Client Principal Name.	2001-07-31 07:21:06 +00:00
Richard Levitte	acdf4afb91	More Kerberos SSL patches from Vern Staats <staatsvr@asc.hpc.mil>. His comments are: This patch fixes the problem of modern Kerberos using "derived keys" to encrypt the authenticator by disabling the authenticator check for all derived keys enctypes. I think I've got all the bugfixes that Jeffrey and I discussed rolled into this. There were some problems with Jeffrey's code to convert the authenticator's Kerberos timestring into struct tm (e.g. Z, -1900; it helps to have an actual decryptable authenticator to play with). So I've shamelessly pushed in my code, while stealing some bits from Jeffrey.	2001-07-21 09:43:43 +00:00
Richard Levitte	45442167b0	Prevent KSSL server from requesting a client certificate. Submitted by Jeffrey Altman <jaltman@columbia.edu>	2001-07-12 16:17:33 +00:00
Richard Levitte	131645ecce	paddr may be NULL. Do not crash if it is.	2001-07-12 15:54:10 +00:00
Richard Levitte	a5224c3420	Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu> His comments are: . adds use of replay cache to protect against replay attacks . adds functions kssl_tgt_is_available() and kssl_keytab_is_available() which are used within s3_lib.c and ssl_lib.c to determine at runtime whether or not KRB5 ciphers can be supported during the current session.	2001-07-11 19:03:58 +00:00
Richard Levitte	ab603c6987	Code to avoid the use of non-standard strptime(). By Jeffrey Altman <jaltman@columbia.edu> (Really, the time that's being parsed is a GeneralizedTime, so if ASN1_GENERALIZEDTIME_get() ever gets implemented, it should be used instead)	2001-07-11 16:13:36 +00:00
Richard Levitte	8de83bf876	Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu> His comments are: . Fixed all of the Windows dynamic loading functions, prototypes, etc. . Corrected all of the unsigned/signed comparison warnings . Replaced the references to krb5_cksumarray[] for two reasons. First, it was an internal variable that should not have been referenced outside the library; nor could it have been with a shared library with restricted exports. Second, the variable is no longer used in current Kerberos implementations. I replaced the code with equivalent functionality using functions that are exported from the library.	2001-07-11 15:31:45 +00:00
Richard Levitte	7e99812432	If I define _XOPEN_SOURCE before including any system header file, things will work much more smoothly.	2001-07-09 21:51:03 +00:00
Richard Levitte	2a1ef75435	Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in SSL according to RFC 2712. His comment is: This is a patch to openssl-SNAP-20010702 to support Kerberized SSL authentication. I'm expecting to have the full kssl-0.5 kit up on sourceforge by the end of the week. The full kit includes patches for mod-ssl, apache, and a few text clients. The sourceforge URL is http://sourceforge.net/projects/kssl/ . Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ message with a real KerberosWrapper struct. I think this is fully RFC 2712 compliant now, including support for the optional authenticator field. I also added openssl-style ASN.1 macros for a few Kerberos structs; see crypto/krb5/ if you're interested.	2001-07-09 21:46:58 +00:00
Richard Levitte	32d0ad41a4	DEC C on VMS is pedantic by definition.	2001-02-20 13:06:55 +00:00
Richard Levitte	bc36ee6227	Use new-style system-id macros everywhere possible. I hope I haven't missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.	2001-02-20 08:13:47 +00:00
Ulf Möller	7bd51947e5	Temporary fix for build break. It's still inconsistent - probably better to undo the whole OPENSSL_NO_* thing.	2001-02-19 23:42:09 +00:00
Ben Laurie	b0dc680f71	Fix warnings.	2000-12-03 10:04:22 +00:00
Richard Levitte	3e7a6396ed	Typo corrected.	2000-12-01 14:33:19 +00:00
Richard Levitte	f9b3bff6f7	First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu>	2000-11-30 22:53:34 +00:00
Richard Levitte	43fcc1b096	I've checked again and again. There really is no need to expand a to 4 times it's size when bn_sqr_recursive() won't look farther than the original length. Thereby, constification is no longer a problem.	2000-11-16 21:35:41 +00:00

48 Commits