Commit graph

915 commits

Author SHA1 Message Date
Richard Levitte
89eeccacde Two changes:
1. if there are several symbols with the same entry number, sort those
   symbols in ASCII order.
2. Do not stop reading the header files when "BEGIN ERROR CODES" is
   found, since mkerr.pl will add a function declaration after that
   comment.  Instead, trigger on "Error codes for the \w+ function",
   which is the actual start of the error code macros.

Additionally, a few more debugging printouts that helped.
2001-09-26 15:06:45 +00:00
Bodo Möller
3b0b5abae3 bugfix: handle HelloRequest received during handshake correctly 2001-09-21 11:18:40 +00:00
Bodo Möller
b49124f6d9 Disable session related stuff in SSL_ST_OK case of ssl3_accept if we
just sent a HelloRequest.
2001-09-21 07:01:25 +00:00
Bodo Möller
2260ad21fb Bugfix: correct cleanup after sending a HelloRequest 2001-09-21 00:04:15 +00:00
Bodo Möller
6b0e9facf4 New function SSL_renegotiate_pending().
New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
2001-09-20 22:54:09 +00:00
Bodo Möller
8e2f6b79ea fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case 2001-09-20 21:37:13 +00:00
Bodo Möller
ee60d9fb28 Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
2001-09-20 18:35:52 +00:00
Dr. Stephen Henson
96bd6f730a Add certificate and request demos.
Fix X509V3 macro so they compile.
2001-09-12 00:19:20 +00:00
Lutz Jänicke
c0f5dd070b Make maximum certifcate chain size accepted from the peer application
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
2001-09-11 13:08:51 +00:00
Bodo Möller
e13ae96d7c While ispell may not like it, "cancelling" may be spelt with two "l"s 2001-09-10 18:59:53 +00:00
Ulf Möller
e3fefbfd56 ispell 2001-09-07 06:39:38 +00:00
Lutz Jänicke
6c36f7a9f2 Support for shared libraries on Unixware-7 and OpenUNIX-8
(Boyd Lynn Gerber <gerberb@zenez.com>).
2001-09-06 12:39:00 +00:00
Bodo Möller
a9ed4da8eb improve OAEP check 2001-09-06 10:42:56 +00:00
Bodo Möller
3cad81f6fe Mention DSO_up => DSO_up_ref renaming 2001-09-05 21:39:39 +00:00
Bodo Möller
4450107afb Renaming DH_up to DH_up_ref does not warrant a CHANGES entry of its own
as the functions were only introduced a couple of days ago.

Some '*)' apparently should be '+)' as the changes do not apply
to the 0.9.6 bugfix branch.
2001-09-05 19:14:53 +00:00
Geoff Thorpe
908efd3b73 ENGINEs can now perform structural cleanup. 2001-09-05 19:07:01 +00:00
Geoff Thorpe
541814c403 Add some missing CHANGES items. 2001-09-05 17:50:24 +00:00
Ulf Möller
d98a4b7366 bug fix: bn_sqr_recursive output is twice its input size. 2001-09-05 04:43:43 +00:00
Bodo Möller
6ee2a1365e CHANGES should list all API changes relevant for applications
(here: X509_STORE_CTX_init())
2001-09-04 11:13:01 +00:00
Geoff Thorpe
5b16639538 Note the "ERR_unload_strings" function. 2001-09-03 18:27:22 +00:00
Bodo Möller
983495c4b2 Use uniformly chosen witnesses for Miller-Rabin test
(by using new BN_pseudo_rand_range function)
2001-09-03 12:58:16 +00:00
Ben Laurie
2618893114 Make MD functions take EVP_MD_CTX * instead of void *, add copy() function. 2001-09-02 20:05:27 +00:00
Geoff Thorpe
36026dfc01 Note the "ex_data" changes. 2001-09-01 20:20:16 +00:00
Geoff Thorpe
0783bf151c Note the "ERR" changes. 2001-08-25 17:59:13 +00:00
Geoff Thorpe
eb6dc02b23 Make a note of the "up" functions. 2001-08-25 17:37:46 +00:00
Lutz Jänicke
e7cf7fcd21 Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.) 2001-08-25 11:49:24 +00:00
Lutz Jänicke
a403188f92 Alert description strings for TLSv1 and documentation. 2001-08-19 16:20:42 +00:00
Ben Laurie
0e36019977 Add EVP test program. 2001-08-18 13:53:01 +00:00
Ben Laurie
354c3ace73 Add first cut symmetric crypto support. 2001-08-18 10:22:54 +00:00
Dr. Stephen Henson
35bf35411c Add CRL utility functions to allow CRLs to be
built up without accessing structures directly.

Update ca.c to use new functions.

Fix ca.c so it now build CRLs correctly again.
2001-08-17 00:33:43 +00:00
Lutz Jänicke
54fbc77dc8 Bugfixes provided by "Stephen Hinton" <shinton@netopia.com>. 2001-08-16 15:28:00 +00:00
Richard Levitte
6bc847e49e Apply the Tru64 patch from Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu>
His comments are:

1) Changes all references for `True64' to be `Tru64', which is the correct
spelling for the OS name.

2) Makes `alpha-cc' be the same as `alpha164-cc', and adds an `alphaold-cc'
entry that is the same as the previous `alpha-cc'.  The reason is that most
people these days are using the newer compiler, so it should be the default.

3) Adds a bit of commentary to Configure, regarding the name changes of
the OS over the years, so it's not so confusing to people that haven't been
with the OS for a while.

4) Adds an `alpha-cc-rpath' target (which is *not* selected automatically
by Configure under any circumstance) that builds an RPATH into the
shared libraries.  This is explained in the comment in Configure.  It's
very very useful for people that want it, and people that don't want it
just shouldn't choose that target.

5) Adds the `-pthread' flag as the best way to get POSIX thread support
from the newer compiler.

6) Updates the Makefile targets, so that when the `alpha164-cc', `alpha-cc',
or `alpha-cc-rpath' target is what Configure is set to use, it uses a Makefile
target that includes the `-msym' option when building the shared library.
This is a performance enhancement.

7) Updates `config' so that if it detects you're running version 4 or 5
of the OS, it automatically selects `alpha-cc', but uses `alphaold-cc'
for versions 1-3 of the OS.

8) Updates the comment in opensslv.h, fixing both the OS name typo and
adding a reference to IRIX 6.x, since the shared library semantics are
virtually identical there.
2001-08-10 15:26:21 +00:00
Bodo Möller
37a7cd1a11 Bugfix: larger message size in ssl3_get_key_exchange() because
ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>
2001-08-07 09:30:18 +00:00
Bodo Möller
6383bbe525 remove a comma 2001-08-03 09:28:02 +00:00
Lutz Jänicke
06da6e4977 Don't disable rollback attack detection as a recommended bug workaround. 2001-08-03 08:45:13 +00:00
Lutz Jänicke
b72faddc47 Mention removed option. 2001-08-01 10:07:55 +00:00
Ben Laurie
8408f4fbc7 Document DES changes better. 2001-07-31 13:33:58 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Andy Polyakov
6d03b73e35 Enhanced support for IA-64 Linux and HP-UX (as well as better support for
HP-UX in common in ./config). Note that for the moment of this writing
none of 64-bit platforms pass bntest. I'm committing this anyway as it's
too frustrating to patch snapshots over and over while 0.9.6 is known to
work.
2001-07-30 16:42:15 +00:00
Lutz Jänicke
1f0c9ad7e1 Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:45:34 +00:00
Lutz Jänicke
06efc222f9 Forgot to mention second fix. 2001-07-30 11:33:53 +00:00
Bodo Möller
924875e53b Undo DH_generate_key() change: s3_srvr.c was using it correctly 2001-07-27 22:34:25 +00:00
Dr. Stephen Henson
19da130053 First of several reorganisations to
reduce linker bloat. For example the
single line:

PEM_read_X509()

results in a binary of around 400K in Linux!

This first step separates some of the PEM functions and
avoids linking in some PKCS#7 and PKCS#12 code.
2001-07-26 22:34:45 +00:00
Lutz Jänicke
a75b191502 Fix problem occuring when used from OpenSSH on Solaris 8. 2001-07-26 09:02:44 +00:00
Bodo Möller
6aecef815c Don't preserve existing keys in DH_generate_key. 2001-07-25 17:20:34 +00:00
Bodo Möller
daba492c3a md_rand.c thread safety 2001-07-25 17:17:24 +00:00
Bodo Möller
24cff6ced5 always reject data >= n 2001-07-25 17:02:58 +00:00
Bodo Möller
badb910f3c Avoid race condition.
Submitted by: Travis Vitek <vitek@roguewave.com>
2001-07-24 12:31:14 +00:00
Ben Laurie
c518ade1fd Clean up EVP macros, rename DES EDE3 modes correctly, temporary support for
OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery
is available).
2001-07-21 10:24:07 +00:00
Dr. Stephen Henson
ee306a1332 Initial OCSP server support, using index.txt format.
This can process internal requests or behave like a
mini responder.

Todo: documentation, update usage info.
2001-07-12 20:41:51 +00:00