Mark J. Cox
3ff55e9680
Fix buffer overflow in SSL_get_shared_ciphers() function.
...
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 13:18:43 +00:00
Dr. Stephen Henson
7bbcb2f690
Avoid warnings on VC++ 2005.
2005-12-05 17:21:22 +00:00
Nils Larsch
4ebb342fcd
Let the TLSv1_method() etc. functions return a const SSL_METHOD
...
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-14 21:48:33 +00:00
Dr. Stephen Henson
f3b656b246
Initialize SSL_METHOD structures at compile time. This removes the need
...
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-08-05 23:56:11 +00:00
Bodo Möller
c6c2e3135d
Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled
...
with the SSL_OP_NO_SSLv2 option.
2005-05-11 18:25:49 +00:00
Nils Larsch
7c7667b86b
check return value of RAND_pseudo_bytes; backport from the stable branch
2005-04-29 20:10:06 +00:00
Richard Levitte
875a644a90
Constify d2i, s2i, c2i and r2i functions and other associated
...
functions and macros.
This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const. Those will be removed when this change has been
properly reviewed.
2004-03-15 23:15:26 +00:00
Richard Levitte
5fdf06666c
Avoid including cryptlib.h, it's not really needed.
...
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2003-12-27 16:10:30 +00:00
Geoff Thorpe
2754597013
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings.
...
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
2003-10-29 20:24:15 +00:00
Lutz Jänicke
8ec16ce711
Really fix SSLv2 session ID handling
...
PR: 377
2003-01-15 09:51:22 +00:00
Lutz Jänicke
21cde7a41c
Fix wrong handling of session ID in SSLv2 client code.
...
PR: 377
2002-12-29 20:59:35 +00:00
Richard Levitte
8d6ad9e39d
Stop a possible memory leak.
...
(I wonder why s2_connect() handles the initial buffer allocation slightly
differently...)
PR: 416
2002-12-21 23:49:21 +00:00
Richard Levitte
0a5942093e
We need to read one more byte of the REQUEST-CERTIFICATE message.
...
PR: 300
2002-11-15 09:15:55 +00:00
Ben Laurie
54a656ef08
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
Bodo Möller
b8565a9af9
really fix race conditions
...
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
PR: 291
2002-09-25 15:38:57 +00:00
Bodo Möller
e78f137899
really fix race condition
...
PR: 262
2002-09-23 14:25:07 +00:00
Bodo Möller
5574e0ed41
get rid of OpenSSLDie
2002-08-02 11:48:15 +00:00
Lutz Jänicke
c046fffa16
OpenSSL Security Advisory [30 July 2002]
...
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
2002-07-30 13:04:04 +00:00
Ben Laurie
45d87a1ffe
Prototype info function.
2002-01-12 15:56:13 +00:00
Bodo Möller
2b90b1f344
make code a little more similar to what it looked like before the fixes,
...
call ssl2_part_read again to parse error message
2001-11-10 10:44:15 +00:00
Bodo Möller
cf82191d77
Implement msg_callback for SSL 2.0.
...
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
2001-11-10 01:16:28 +00:00
Bodo Möller
979689aa5c
Fix SSL handshake functions and SSL_clear() such that SSL_clear()
...
never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.
2001-10-24 19:03:22 +00:00
Dr. Stephen Henson
20d2186c87
Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
...
with existing code.
Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Ben Laurie
dbad169019
Really add the EVP and all of the DES changes.
2001-07-30 23:57:25 +00:00
Bodo Möller
5277d7cb7c
Fix ERR_R_... problems.
2001-03-07 01:19:07 +00:00
Richard Levitte
bc36ee6227
Use new-style system-id macros everywhere possible. I hope I haven't
...
missed any.
This compiles and runs on Linux, and external applications have no
problems with it. The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Lutz Jänicke
836f996010
New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override
...
the clients choice; in SSLv2 the client uses the server's preferences.
2001-02-09 19:56:31 +00:00
Lutz Jänicke
0dd2254d76
Store verify_result with sessions to avoid potential security hole.
...
For the server side this was already done one year ago :-(
2000-11-29 16:04:38 +00:00
Bodo Möller
1fab73ac85
Bugfix: clear error queue after ignoring ssl_verify_cert_chain result.
2000-05-27 22:25:01 +00:00
Ulf Möller
657e60fa00
ispell (and minor modifications)
2000-02-03 23:23:24 +00:00
Bodo Möller
2557eaeac8
Avoid a race condition.
2000-01-24 17:57:56 +00:00
Bodo Möller
af6f388180
Don't "goto err" in client_master_key because no such label exists;
...
just return -1 as in other error cases.
2000-01-21 11:20:22 +00:00
Ulf Möller
e7f97e2d22
Check RAND_bytes() return value or use RAND_pseudo_bytes().
2000-01-21 01:15:56 +00:00
Ulf Möller
aa82db4fb4
Add missing #ifndefs that caused missing symbols when building libssl
...
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.
Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
2000-01-16 21:10:00 +00:00
Ulf Möller
eb952088f0
Precautions against using the PRNG uninitialized: RAND_bytes() now
...
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the
same as RAND_seed() but takes an estimate of the entropy as an additional
argument.
2000-01-13 20:59:17 +00:00
Ben Laurie
752d706aaf
Make NO_RSA compile with pedantic.
2000-01-08 21:06:24 +00:00
Andy Polyakov
37b0d5d05d
Rhapsody 5.5 (a.k.a. MacOS X) compiler bug workaround. At the very least
...
passes 'make test' now:-)
2000-01-04 03:33:18 +00:00
Bodo Möller
b1fe6ca175
Store verify_result with sessions to avoid potential security hole.
1999-11-16 23:15:41 +00:00
Bodo Möller
b56bce4fc7
New structure type SESS_CERT used instead of CERT inside SSL_SESSION.
...
While modifying the sources, I found some inconsistencies on the use of
s->cert vs. s->session->sess_cert; I don't know if those could
really have caused problems, but possibly this is a proper bug-fix
and not just a clean-up.
1999-05-13 15:09:38 +00:00
Bodo Möller
9d5cceac6f
No actual change, but the cert_st member of struct ssl_session_st is now
...
called sess_cert instead of just cert. This is in preparation of further
changes: Probably often when s->session->sess_cert is used, we should
use s->cert instead; s->session->sess_cert should be a new structure
containing only the stuff that is for just one connection (e.g.
the peer's certificate, which the SSL client implementations currently
store in s->session->[sess_]cert, which is a very confusing thing to do).
Submitted by:
Reviewed by:
PR:
1999-05-09 21:22:45 +00:00
Dr. Stephen Henson
801294f873
Fix a couple of cases where an attempt is made to lock an already locked
...
mutex.
1999-04-29 22:25:52 +00:00
Ulf Möller
79df9d6272
New Configure option no-<cipher> (rsa, idea, rc5, ...).
1999-04-27 03:19:12 +00:00
Ulf Möller
a9be3af5ad
Remove NOPROTO definitions and error code comments.
1999-04-26 16:43:10 +00:00
Bodo Möller
ec577822f9
Change #include filenames from <foo.h> to <openssl.h>.
...
Submitted by:
Reviewed by:
PR:
1999-04-23 22:13:45 +00:00
Bodo Möller
5cc146f344
Fixed some race conditions.
...
Submitted by:
Reviewed by:
PR:
1999-04-22 13:37:46 +00:00
Ulf Möller
6b691a5c85
Change functions to ANSI C.
1999-04-19 21:31:43 +00:00
Ben Laurie
e778802f53
Massive constification.
1999-04-17 21:25:43 +00:00
Ben Laurie
f73e07cf42
Add type-safe STACKs and SETs.
1999-04-12 17:23:57 +00:00
Bodo Möller
6d02d8e444
New option "-showcerts" for s_client
...
Slight cleanup in ssl/
1999-03-31 12:06:30 +00:00
Ben Laurie
06ab81f9f7
Add support for new TLS export ciphersuites.
1999-02-21 20:03:24 +00:00