openssl

Author	SHA1	Message	Date
Matt Caswell	3e8042c38f	Additional comment changes for reformat of 0.9.8 Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:49:06 +00:00
Tim Hudson	b558c8d597	mark all block comments that need format preserving so that indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Conflicts: crypto/rc4/rc4_enc.c crypto/x509v3/v3_scts.c crypto/x509v3/v3nametest.c ssl/d1_both.c ssl/s3_srvr.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_lib.c Conflicts: crypto/asn1/a_sign.c crypto/bn/bn_div.c crypto/dsa/dsa_asn1.c crypto/ec/ecp_nistp224.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ecp_nistputil.c crypto/modes/gcm128.c crypto/opensslv.h ssl/d1_both.c ssl/heartbeat_test.c ssl/s3_clnt.c ssl/s3_srvr.c ssl/ssl_sess.c ssl/t1_lib.c test/testutil.h Conflicts: apps/openssl.c apps/ts.c apps/vms_decc_init.c crypto/aes/aes_core.c crypto/aes/aes_x86core.c crypto/dsa/dsa_ameth.c crypto/ec/ec2_mult.c crypto/evp/evp.h crypto/objects/objects.h crypto/rsa/rsa_pss.c crypto/stack/safestack.h crypto/ts/ts.h crypto/ts/ts_rsp_verify.c crypto/whrlpool/wp_dgst.c crypto/x509v3/v3_ncons.c e_os2.h engines/ccgost/gost89.c engines/ccgost/gost_ctl.c engines/ccgost/gost_keywrap.c engines/ccgost/gost_keywrap.h engines/ccgost/gost_sign.c ssl/kssl.c ssl/s3_srvr.c Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:48:44 +00:00
Miod Vallat	b09db677d5	Fix off-by-one errors in ssl_cipher_get_evp() In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays. Bug discovered and fixed by Miod Vallat from the OpenBSD team. PR#3375	2014-06-22 23:26:33 +01:00
Matt Caswell	cdc596567d	Revert " Fix off-by-one errors in ssl_cipher_get_evp()" This reverts commit def1490717c091c6ef669da9fc5ea4c8b2a4d776. Incorrect attribution	2014-06-22 23:24:52 +01:00
Kurt Cancemi	def1490717	Fix off-by-one errors in ssl_cipher_get_evp() In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays. PR#3375	2014-06-12 21:25:07 +01:00
Bodo Möller	740da44f20	Resolve a stack set-up race condition (if the list of compression methods isn't presorted, it will be sorted on first read). Submitted by: Adam Langley	2011-12-02 12:50:44 +00:00
Ben Laurie	d886975835	Fix gcc 4.6 warnings. Check TLS server hello extension length.	2010-06-12 13:18:58 +00:00
Dr. Stephen Henson	07cb0a82d1	PR: 2025 Submitted by: Tomas Mraz <tmraz@redhat.com> Approved by: steve@openssl.org Constify SSL_CIPHER_description	2009-09-12 23:18:43 +00:00
Dr. Stephen Henson	3fdc2c906d	PR: 1795 Submitted by: Peter Edwards <peter.edwards@vordel.com> Approved by: steve@openssl.org Avoid race condition by sorting cipher list straight away.	2009-04-07 12:10:12 +00:00
Dr. Stephen Henson	1fde5b65c6	Fix from HEAD.	2009-03-12 17:31:18 +00:00
Lutz Jänicke	f4677b7960	Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP Some #include statements were not properly protected. This will go unnoted on most systems as openssl/comp.h tends to be installed as a system header file by default but may become visible when cross compiling.	2009-01-05 14:43:07 +00:00
Dr. Stephen Henson	14748adb09	Make ssl code consistent with FIPS branch. The new code has no effect at present because it asserts either noop flags or is inside OPENSSL_FIPS #ifdef's.	2008-06-16 16:56:43 +00:00
Dr. Stephen Henson	927a28ba3b	gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL. Fix various "computed value not used" warnings too.	2007-09-06 12:43:54 +00:00
Bodo Möller	c3cc4662af	Add SEED encryption algorithm. PR: 1503 Submitted by: KISA Reviewed by: Bodo Moeller	2007-04-23 23:50:26 +00:00
Ben Laurie	3370b694b9	Make local function static.	2007-03-08 15:52:04 +00:00
Bodo Möller	5f4cc234fb	Some fixes for ciphersuite string processing: - add a workaround provided by Victor Duchovni so that 128- and 256-bit variants of otherwise identical ciphersuites are treated correctly; - also, correctly skip invalid parts of ciphersuite description strings. Submitted by: Victor Duchovni, Bodo Moeller	2007-02-17 06:52:42 +00:00
Bodo Möller	879b30aaa3	ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 ciphersuite as well	2006-09-11 09:48:46 +00:00
Ben Laurie	616f581650	Fix warning.	2006-07-02 14:43:21 +00:00
Bodo Möller	e6e3f38bfa	Fix for previous change: explicitly named ciphersuites are OK to add	2006-06-22 13:07:45 +00:00
Bodo Möller	aa17ab7e57	Put ECCdraft ciphersuites back into default build (but disabled unless specifically requested)	2006-06-22 12:35:54 +00:00
Bodo Möller	6d2cd23f40	Thread-safety fixes	2006-06-14 08:51:41 +00:00
Bodo Möller	e18eef3d7a	Camellia cipher, contributed by NTT Submitted by: Masashi Fujita Reviewed by: Bodo Moeller	2006-06-09 15:42:21 +00:00
Dr. Stephen Henson	cbb0b734c7	If cipher list contains a match for an explicit ciphersuite only match that one suite.	2006-04-15 00:22:34 +00:00
Dr. Stephen Henson	54f51116b2	Update from HEAD.	2005-09-30 23:38:20 +00:00
Nils Larsch	cd9911fdf8	initialize cipher/digest methods table in SSL_library_init() and hence remove the need for a lock	2005-08-21 23:06:51 +00:00
Nils Larsch	cac0d4ee6f	- let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an error if the cipher list is empty - fix last commit in ssl_create_cipher_list - clean up ssl_create_cipher_list	2005-06-10 19:51:16 +00:00
Nils Larsch	898d3ecce0	use "=" instead of "\|=", fix typo	2005-06-08 22:20:24 +00:00
Nils Larsch	4e2a0e58f2	ssl_create_cipher_list should return an error if no cipher could be collected (see SSL_CTX_set_cipher_list manpage). Fix handling of "cipher1+cipher2" expressions in ssl_cipher_process_rulestr PR: 836 + 1005	2005-06-08 21:13:52 +00:00
Ben Laurie	0821bcd4de	Constification.	2005-03-30 10:26:02 +00:00
Nils Larsch	f4bfd357e5	some const fixes	2005-03-20 22:56:07 +00:00
Dr. Stephen Henson	c284f20f00	Fix race condition when SSL ciphers are initialized.	2004-10-25 11:14:16 +00:00
Richard Levitte	5fdf06666c	Avoid including cryptlib.h, it's not really needed. Check if IDEA is being built or not. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>	2003-12-27 16:10:30 +00:00
Richard Levitte	3822740ce3	We're getting a clash with C++ because it has a type called 'list'. Therefore, change all instances of the symbol 'list' to something else. PR: 758 Submitted by: Frédéric Giudicelli <groups@newpki.org>	2003-11-29 10:25:37 +00:00
Geoff Thorpe	d8ec0dcf45	Avoid some shadowed variable names. Submitted by: Nils Larsch	2003-11-04 00:51:32 +00:00
Richard Levitte	377dcdba44	Add functionality to get information on compression methods (not quite complete).	2003-10-06 12:18:39 +00:00
Richard Levitte	8242354952	Make sure int SSL_COMP_add_compression_method() checks if a certain compression identity is already present among the registered compression methods, and if so, reject the addition request. Declare SSL_COMP_get_compression_method() so it can be used properly. Change ssltest.c so it checks what compression methods are available and enumerates them. As a side-effect, built-in compression methods will be automagically loaded that way. Additionally, change the identities for ZLIB and RLE to be conformant to draft-ietf-tls-compression-05.txt. Finally, make update. Next on my list: have the built-in compression methods added "automatically" instead of requiring that the author call SSL_COMP_add_compression_method() or SSL_COMP_get_compression_methods().	2003-10-06 11:00:15 +00:00
Richard Levitte	f6e8c19ed1	Correct a mixup of return values	2003-10-02 10:38:44 +00:00
Lutz Jänicke	f65a75786b	Fix ordering of compare functions: strncmp() must be used first, a the cipher name in the list is not guaranteed to be at least "buflen" long. PR: 567 Submitted by: "Matt Harren" <matth@cs.berkeley.edu>	2003-04-08 06:31:36 +00:00
Richard Levitte	f70ddce761	Protect loading routines with a lock. PR: 373	2002-12-16 06:06:03 +00:00
Richard Levitte	7ba666fa0e	Since it's defined in draft-ietf-tls-compression-04.txt, let's make ZLIB a known compression method, with the identity 1.	2002-12-08 02:41:11 +00:00
Bodo Möller	ea26226046	ECC ciphersuite support Submitted by: Douglas Stebila <douglas.stebila@sun.com> (Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)	2002-08-09 08:56:08 +00:00
Lutz Jänicke	c6ccf055ba	New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT. Submitted by: Reviewed by: PR: 127	2002-07-19 19:55:34 +00:00
Bodo Möller	ea4f109c99	AES cipher suites are now official (RFC3268)	2002-07-04 08:51:09 +00:00
Bodo Möller	a4f576a378	disable AES ciphersuites unless explicitly requested	2002-05-05 23:44:27 +00:00
Bodo Möller	a32d795aae	avoid everything resembling a magic trigraph	2001-09-24 07:54:11 +00:00
Geoff Thorpe	4db73c1bb8	(A version of) gcc had been giving somewhat odd "trigraph" warnings about this construct, and Ulf provided the following insight as to why; > ANSI C compliant compilers must substitute "??)" for "]" because your > terminal might not have a "]" key if you bought it in the early 1970s. So we escape the final '?' to avoid this pathological case.	2001-08-28 19:32:16 +00:00
Richard Levitte	bc36ee6227	Use new-style system-id macros everywhere possible. I hope I haven't missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.	2001-02-20 08:13:47 +00:00
Dr. Stephen Henson	deb2c1a1c5	Fix AES code. Update Rijndael source to v3.0 Add AES OIDs. Change most references of Rijndael to AES. Add new draft AES ciphersuites.	2001-02-07 18:15:18 +00:00
Ben Laurie	259810e05b	Rijdael CBC mode and partial undebugged SSL support.	2001-02-06 14:09:13 +00:00
Richard Levitte	9f49524331	It's completely unnecessary to add a compression algorithm that is really undefined. Spotted by Jeffrey Altman <jaltman@columbia.edu>	2000-12-04 17:17:03 +00:00

1 2

79 Commits