generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,605 Commits 16 Branches 258 Tags
Commit Graph

75 Commits

Author SHA1 Message Date
Kurt Cancemi
def1490717 Fix off-by-one errors in ssl_cipher_get_evp() 
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

    PR#3375
 2014-06-12 21:25:07 +01:00
Bodo Möller
740da44f20 Resolve a stack set-up race condition (if the list of compression 
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
 2011-12-02 12:50:44 +00:00
Ben Laurie
d886975835 Fix gcc 4.6 warnings. Check TLS server hello extension length. 2010-06-12 13:18:58 +00:00
Dr. Stephen Henson
07cb0a82d1 PR: 2025 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Constify SSL_CIPHER_description
 2009-09-12 23:18:43 +00:00
Dr. Stephen Henson
3fdc2c906d PR: 1795 
Submitted by: Peter Edwards <peter.edwards@vordel.com>
Approved by: steve@openssl.org

Avoid race condition by sorting cipher list straight away.
 2009-04-07 12:10:12 +00:00
Dr. Stephen Henson
1fde5b65c6 Fix from HEAD. 2009-03-12 17:31:18 +00:00
Lutz Jänicke
f4677b7960 Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP 
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
 2009-01-05 14:43:07 +00:00
Dr. Stephen Henson
14748adb09 Make ssl code consistent with FIPS branch. The new code has no effect 
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
 2008-06-16 16:56:43 +00:00
Dr. Stephen Henson
927a28ba3b gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL. 
Fix various "computed value not used" warnings too.
 2007-09-06 12:43:54 +00:00
Bodo Möller
c3cc4662af Add SEED encryption algorithm. 
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
 2007-04-23 23:50:26 +00:00
Ben Laurie
3370b694b9 Make local function static. 2007-03-08 15:52:04 +00:00
Bodo Möller
5f4cc234fb Some fixes for ciphersuite string processing: 
- add a workaround provided by Victor Duchovni so that 128- and
  256-bit variants of otherwise identical ciphersuites are treated
  correctly;

- also, correctly skip invalid parts of ciphersuite description strings.

Submitted by: Victor Duchovni, Bodo Moeller
 2007-02-17 06:52:42 +00:00
Bodo Möller
879b30aaa3 ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 
ciphersuite as well
 2006-09-11 09:48:46 +00:00
Ben Laurie
616f581650 Fix warning. 2006-07-02 14:43:21 +00:00
Bodo Möller
e6e3f38bfa Fix for previous change: explicitly named ciphersuites are OK to add 2006-06-22 13:07:45 +00:00
Bodo Möller
aa17ab7e57 Put ECCdraft ciphersuites back into default build (but disabled 
unless specifically requested)
 2006-06-22 12:35:54 +00:00
Bodo Möller
6d2cd23f40 Thread-safety fixes 2006-06-14 08:51:41 +00:00
Bodo Möller
e18eef3d7a Camellia cipher, contributed by NTT 
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
 2006-06-09 15:42:21 +00:00
Dr. Stephen Henson
cbb0b734c7 If cipher list contains a match for an explicit ciphersuite only match that 
one suite.
 2006-04-15 00:22:34 +00:00
Dr. Stephen Henson
54f51116b2 Update from HEAD. 2005-09-30 23:38:20 +00:00
Nils Larsch
cd9911fdf8 initialize cipher/digest methods table in SSL_library_init() and hence remove the need for a lock 2005-08-21 23:06:51 +00:00
Nils Larsch
cac0d4ee6f - let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an 
error if the cipher list is empty
- fix last commit in ssl_create_cipher_list
- clean up ssl_create_cipher_list
 2005-06-10 19:51:16 +00:00
Nils Larsch
898d3ecce0 use "=" instead of "|=", fix typo 2005-06-08 22:20:24 +00:00
Nils Larsch
4e2a0e58f2 ssl_create_cipher_list should return an error if no cipher could be 
collected (see SSL_CTX_set_cipher_list manpage). Fix handling of
"cipher1+cipher2" expressions in ssl_cipher_process_rulestr

PR: 836 + 1005
 2005-06-08 21:13:52 +00:00
Ben Laurie
0821bcd4de Constification. 2005-03-30 10:26:02 +00:00
Nils Larsch
f4bfd357e5 some const fixes 2005-03-20 22:56:07 +00:00
Dr. Stephen Henson
c284f20f00 Fix race condition when SSL ciphers are initialized. 2004-10-25 11:14:16 +00:00
Richard Levitte
5fdf06666c Avoid including cryptlib.h, it's not really needed. 
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
 2003-12-27 16:10:30 +00:00
Richard Levitte
3822740ce3 We're getting a clash with C++ because it has a type called 'list'. 
Therefore, change all instances of the symbol 'list' to something else.

PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>
 2003-11-29 10:25:37 +00:00
Geoff Thorpe
d8ec0dcf45 Avoid some shadowed variable names. 
Submitted by: Nils Larsch
 2003-11-04 00:51:32 +00:00
Richard Levitte
377dcdba44 Add functionality to get information on compression methods (not quite complete). 2003-10-06 12:18:39 +00:00
Richard Levitte
8242354952 Make sure int SSL_COMP_add_compression_method() checks if a certain 
compression identity is already present among the registered
compression methods, and if so, reject the addition request.

Declare SSL_COMP_get_compression_method() so it can be used properly.

Change ssltest.c so it checks what compression methods are available
and enumerates them.  As a side-effect, built-in compression methods
will be automagically loaded that way.  Additionally, change the
identities for ZLIB and RLE to be conformant to
draft-ietf-tls-compression-05.txt.

Finally, make update.

Next on my list: have the built-in compression methods added
"automatically" instead of requiring that the author call
SSL_COMP_add_compression_method() or
SSL_COMP_get_compression_methods().
 2003-10-06 11:00:15 +00:00
Richard Levitte
f6e8c19ed1 Correct a mixup of return values 2003-10-02 10:38:44 +00:00
Lutz Jänicke
f65a75786b Fix ordering of compare functions: strncmp() must be used first, a 
the cipher name in the list is not guaranteed to be at least "buflen"
long.
PR: 567
Submitted by: "Matt Harren" <matth@cs.berkeley.edu>
 2003-04-08 06:31:36 +00:00
Richard Levitte
f70ddce761 Protect loading routines with a lock. 
PR: 373
 2002-12-16 06:06:03 +00:00
Richard Levitte
7ba666fa0e Since it's defined in draft-ietf-tls-compression-04.txt, let's make 
ZLIB a known compression method, with the identity 1.
 2002-12-08 02:41:11 +00:00
Bodo Möller
ea26226046 ECC ciphersuite support 
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
 2002-08-09 08:56:08 +00:00
Lutz Jänicke
c6ccf055ba New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT. 
Submitted by:
Reviewed by:
PR: 127
 2002-07-19 19:55:34 +00:00
Bodo Möller
ea4f109c99 AES cipher suites are now official (RFC3268) 2002-07-04 08:51:09 +00:00
Bodo Möller
a4f576a378 disable AES ciphersuites unless explicitly requested 2002-05-05 23:44:27 +00:00
Bodo Möller
a32d795aae avoid everything resembling a magic trigraph 2001-09-24 07:54:11 +00:00
Geoff Thorpe
4db73c1bb8 (A version of) gcc had been giving somewhat odd "trigraph" warnings about 
this construct, and Ulf provided the following insight as to why;

> ANSI C compliant compilers must substitute "??)" for "]" because your
> terminal might not have a "]" key if you bought it in the early 1970s.

So we escape the final '?' to avoid this pathological case.
 2001-08-28 19:32:16 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't 
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
 2001-02-20 08:13:47 +00:00
Dr. Stephen Henson
deb2c1a1c5 Fix AES code. 
Update Rijndael source to v3.0

Add AES OIDs.

Change most references of Rijndael to AES.

Add new draft AES ciphersuites.
 2001-02-07 18:15:18 +00:00
Ben Laurie
259810e05b Rijdael CBC mode and partial undebugged SSL support. 2001-02-06 14:09:13 +00:00
Richard Levitte
9f49524331 It's completely unnecessary to add a compression algorithm that is 
really undefined.
Spotted by Jeffrey Altman <jaltman@columbia.edu>
 2000-12-04 17:17:03 +00:00
Richard Levitte
f9b3bff6f7 First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu> 2000-11-30 22:53:34 +00:00
Richard Levitte
058123afb6 Turn off memory checking when loading new compression algorithms. 2000-11-30 12:19:54 +00:00
Richard Levitte
62324627aa Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care 
of complaints from the compiler about data pointers and function
pointers not being compatible with each other.
 2000-09-17 18:21:27 +00:00
Richard Levitte
26a3a48d65 There have been a number of complaints from a number of sources that names 
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.
 2000-06-01 22:19:21 +00:00