aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/s3_lib.c
Commit message (Collapse)AuthorAgeFilesLines
* Include kssl_lcl.h where needed.Richard Levitte2001-07-111-0/+1
|
* Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu>Richard Levitte2001-07-111-0/+7
| | | | | | | | | | | His comments are: . adds use of replay cache to protect against replay attacks . adds functions kssl_tgt_is_available() and kssl_keytab_is_available() which are used within s3_lib.c and ssl_lib.c to determine at runtime whether or not KRB5 ciphers can be supported during the current session.
* Change all calls to low level digest routines in the library andDr. Stephen Henson2001-06-191-2/+0
| | | | | | | | | | applications to use EVP. Add missing calls to HMAC_cleanup() and don't assume HMAC_CTX can be copied using memcpy(). Note: this is almost identical to the patch submitted to openssl-dev by Verdon Walker <VWalker@novell.com> except some redundant EVP_add_digest_()/EVP_cleanup() calls were removed and some changes made to avoid compiler warnings.
* Consistently use 'void *' for SSL read, peek and write functions.Bodo Möller2001-03-091-1/+1
|
* Use new-style system-id macros everywhere possible. I hope I haven'tRichard Levitte2001-02-201-26/+26
| | | | | | | missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.
* New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to overrideLutz Jänicke2001-02-091-10/+36
| | | | the clients choice; in SSLv2 the client uses the server's preferences.
* Fix AES code.Dr. Stephen Henson2001-02-071-6/+154
| | | | | | | | | | Update Rijndael source to v3.0 Add AES OIDs. Change most references of Rijndael to AES. Add new draft AES ciphersuites.
* Rijdael CBC mode and partial undebugged SSL support.Ben Laurie2001-02-061-0/+13
|
* Fix SSL_peek and SSL_pending.Bodo Möller2000-12-251-2/+1
|
* typoBodo Möller2000-12-141-1/+1
|
* First step towards SSL_peek fix.Bodo Möller2000-12-141-27/+63
|
* First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. ↵Richard Levitte2000-11-301-3/+96
| | | | Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu>
* Comments on SSL_peek deficienciesBodo Möller2000-11-281-2/+2
|
* Disable SSL_peek until it is fixed.Bodo Möller2000-11-281-1/+5
|
* tag SSL_peek bugsBodo Möller2000-11-171-0/+1
|
* Fixes for Win32 build.Dr. Stephen Henson2000-06-211-1/+1
| | | | | | | | | | | | | | | | | This is mostly a work around for the old VC++ problem that it treats func() as func(void). Various prototypes had been added to 'compare' function pointers that triggered this. This could be fixed by removing the prototype, adding function pointer casts to every call or changing the passed function to use the expected arguments. I mostly did the latter. The mkdef.pl script was modified to remove the typesafe functions which no longer exist. Oh and some functions called OPENSSL_freeLibrary() were changed back to FreeLibrary(), wonder how that happened :-)
* There have been a number of complaints from a number of sources that namesRichard Levitte2000-06-011-6/+6
| | | | | | | | | like Malloc, Realloc and especially Free conflict with already existing names on some operating systems or other packages. That is reason enough to change the names of the OpenSSL memory allocation macros to something that has a better chance of being unique, like prepending them with OPENSSL_. This change includes all the name changes needed throughout all C files.
* Use correct function names in SSLerr macros.Bodo Möller2000-03-141-1/+1
|
* Copy DH key (if available) in addition to the bare parametersBodo Möller2000-03-131-24/+35
| | | | | | | | | | | | | in SSL_new. If SSL_OP_SINGLE_DH_USE is set, don't waste time in SSL_[CTX_]set_tmp_dh on computing a DH key that will be ignored anyway. ssltest -dhe1024dsa (w/ 160-bit sub-prime) had an unfair performance advantage over -dhe1024 (safe prime): SSL_OP_SINGLE_DH_USE was effectively always enabled because SSL_new ignored the DH key set in the SSL_CTX. Now -dhe1024 takes the server only about twice as long as -dhe1024dsa instead of three times as long (for 1024 bit RSA with 1024 bit DH).
* Fix some bugs and document othersBodo Möller2000-02-211-0/+4
|
* Move the registration of callback functions to special functionsRichard Levitte2000-02-201-27/+82
| | | | | | | | | | designed for that. This removes the potential error to mix data and function pointers. Please note that I'm a little unsure how incorrect calls to the old ctrl functions should be handled, in som cases. I currently return 0 and that's it, but it may be more correct to generate a genuine error in those cases.
* Tolerate fragmentation and interleaving in the SSL 3/TLS record layer.Bodo Möller2000-02-201-29/+11
|
* Apply Lutz Behnke's 56 bit cipher patch with a fewDr. Stephen Henson2000-01-221-44/+192
| | | | | | | minor changes. Docs haven't been added at this stage. They are probably best included in the 'ciphers' program docs.
* Compaq C 6.2 for VMS will complain when we want to convertRichard Levitte2000-01-181-4/+36
| | | | | | | | | | non-function pointers to function pointers and vice versa. The current solution is to have unions that describe the conversion we want to do, and gives us the ability to extract the type of data we want. The current solution is a quick fix, and can probably be made in a more general or elegant way.
* Cosmetic changes.Ulf Möller1999-09-291-1/+1
|
* OPENSSL_EXTERN, OPENSSL_GLOBALBodo Möller1999-05-151-1/+1
|
* VMS support.Ulf Möller1999-05-131-1/+2
| | | | Submitted by: Richard Levitte <richard@levitte.org>
* Create a duplicate of the SSL_CTX's CERT in SSL_new instead of copyingBodo Möller1999-05-091-8/+5
| | | | | | | pointers. The cert_st handling is changed by this in various ways. Submitted by: Reviewed by: PR:
* Message digest stuff.Ulf Möller1999-04-271-0/+2
|
* Remove NOPROTO definitions and error code comments.Ulf Möller1999-04-261-21/+0
|
* Change #include filenames from <foo.h> to <openssl.h>.Bodo Möller1999-04-231-1/+1
| | | | | | Submitted by: Reviewed by: PR:
* Work with -pedantic!Ben Laurie1999-04-231-2/+2
|
* Fixed some race conditions.Bodo Möller1999-04-221-1/+5
| | | | | | Submitted by: Reviewed by: PR:
* Change functions to ANSI C.Ulf Möller1999-04-191-56/+22
|
* Massive constification.Ben Laurie1999-04-171-3/+3
|
* Add new experimental ciphersuites. Bring naming into line with RFC.Ben Laurie1999-04-151-6/+42
|
* Add type-safe STACKs and SETs.Ben Laurie1999-04-121-10/+11
|
* Fix security hole.Ben Laurie1999-03-221-1/+1
|
* Disable new TLS1 ciphersuites.Ben Laurie1999-03-061-0/+2
|
* Fix export ciphersuites, again.Ben Laurie1999-03-061-3/+14
|
* Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DHRalf S. Engelschall1999-02-251-0/+83
| | | | | | | | | | | | | | | | | | | | | | private keys and/or callback functions which directly correspond to their SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed for applications which have to configure certificates on a per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g. s_server). For the RSA certificate situation is makes no difference, but for the DSA certificate situation this fixes the "no shared cipher" problem where the OpenSSL cipher selection procedure failed because the temporary keys were not overtaken from the context and the API provided no way to reconfigure them. The new functions now let applications reconfigure the stuff and they are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh, SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new non-public-API function ssl_cert_instantiate() is used as a helper function and also to reduce code redundancy inside ssl_rsa.c. Submitted by: Ralf S. Engelschall Reviewed by: Ben Laurie
* Fix the cipher decision scheme for export ciphers: the export bits are *not*Ralf S. Engelschall1999-02-251-2/+2
| | | | | | | | within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK. So, the original variable has to be used instead of the already masked variable. Submitted by: Richard Levitte <levitte@stacken.kth.se> Reviewed by: Ralf S. Engelschall
* Various changes to make this stuff compile under Win32 and VC++ with andDr. Stephen Henson1999-02-221-0/+8
| | | | | | | | without -debug option to mk1mf.pl. Change _export to is_export (_export is a reserved word under VC++). Add yucky function prototype function pointer casts. Sanitise the included files in crypto/x509v3. Also changed ssleay.exe target to openssl.exe
* More stuff for new TLS ciphersuites.Ben Laurie1999-02-211-4/+5
|
* Undo a couple of kludges.Ben Laurie1999-02-211-21/+21
|
* Add support for new TLS export ciphersuites.Ben Laurie1999-02-211-31/+60
|
* Updates to the new SSL compression codeMark J. Cox1999-02-161-14/+11
| | | | | | | | | | | | | | [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] Fix so that the version number in the master secret, when passed via RSA, checks that if TLS was proposed, but we roll back to SSLv3 (because the server will not accept higher), that the version number is 0x03,0x01, not 0x03,0x00 [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] Submitted by: Reviewed by: PR:
* More prototypes.Ben Laurie1999-01-161-3/+3
|
* Accept NULL in *_free.Ben Laurie1999-01-071-0/+3
|
* Fix version stuff:Ralf S. Engelschall1998-12-311-1/+1
| | | | | | | | | | | 1. The already released version was 0.9.1c and not 0.9.1b 2. The next release should be 0.9.2 and not 0.9.1d, because first the changes are already too large, second we should avoid any more 0.9.1x confusions and third, the Apache version semantics of VERSION.REVISION.PATCHLEVEL for the version string is reasonable (and here .2 is already just a patchlevel and not major change). tVS: ----------------------------------------------------------------------
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-27 00:57:23 +0000