Commit graph

869 commits

Author SHA1 Message Date
Bodo Möller
24cff6ced5 always reject data >= n 2001-07-25 17:02:58 +00:00
Bodo Möller
badb910f3c Avoid race condition.
Submitted by: Travis Vitek <vitek@roguewave.com>
2001-07-24 12:31:14 +00:00
Ben Laurie
c518ade1fd Clean up EVP macros, rename DES EDE3 modes correctly, temporary support for
OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery
is available).
2001-07-21 10:24:07 +00:00
Dr. Stephen Henson
ee306a1332 Initial OCSP server support, using index.txt format.
This can process internal requests or behave like a
mini responder.

Todo: documentation, update usage info.
2001-07-12 20:41:51 +00:00
Richard Levitte
e452de9d87 Add the possibility to specify the use of zlib compression and
decompression.  It can be set up to link at link time or to load the
zlib library at run-time.
2001-07-12 09:11:14 +00:00
Richard Levitte
0665dd6852 Document the recent Kerberos SSL changes. 2001-07-12 04:23:57 +00:00
Geoff Thorpe
af436bc158 openssl speed is quite useful for testing hardware support (among other
things), especially as the RSA keys are fixed. However, DSA only fixes the
DSA parameters and then generates the public and private components on the
fly each time - this commit hard-codes some sampled key values so that this
is no longer the case.
2001-07-11 18:59:25 +00:00
Bodo Möller
e9ad0d2c31 Fix PRNG. 2001-07-10 10:49:34 +00:00
Ben Laurie
c148d70978 A better compromise between encrypt and decrypt (but why isn't it as fast
for encrypt?).
2001-07-09 21:00:36 +00:00
Ben Laurie
f31b12503e Use & instead of % - worth about 4% for 8 byte blocks. 2001-07-08 17:27:32 +00:00
Bodo Möller
d63c6bd397 Align with 0.9.6-stable CHANGES file, and make some corrections. 2001-07-04 20:56:47 +00:00
Bodo Möller
93dbd83570 Entry for Andy's mips3.s fix. 2001-07-04 20:17:27 +00:00
Lutz Jänicke
43f9391bcc When only the key is given to "enc", the IV is undefined
(found by Andy Brown <logic@warthog.com>).
2001-07-03 10:31:11 +00:00
Richard Levitte
c80410c50c Insuline shot 2001-07-01 23:15:43 +00:00
Dr. Stephen Henson
b7a26e6daf Modify apps to use NCONF code instead of old CONF code.
Add new extension functions which work with NCONF.

Tidy up extension config routines and remove redundant code.

Fix NCONF_get_number().

Todo: more testing of apps to see they still work...
2001-06-28 11:41:50 +00:00
Dr. Stephen Henson
1e325f6149 Handle empty X509_NAME in printing routines. 2001-06-26 12:04:35 +00:00
Bodo Möller
c458a33196 DSA verification should insist that r and s are in the allowed range. 2001-06-26 09:48:17 +00:00
Richard Levitte
fd3e027faa Oops, applies to 0.9.7 only. 2001-06-23 16:28:21 +00:00
Richard Levitte
235dd0a22a Document recent changes. 2001-06-23 16:27:37 +00:00
Dr. Stephen Henson
323f289c48 Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Richard Levitte
839590f576 - Add the possibility to control engines through control names but
with arbitrary arguments instead of just a string.
- Change the key loaders to take a UI_METHOD instead of a callback
  function pointer.  NOTE: this breaks binary compatibility with
  earlier versions of OpenSSL [engine].
- Addapt the nCipher code for these new conditions and add a card
  insertion callback.
2001-06-19 16:12:18 +00:00
Richard Levitte
9ad0f6812f Enhance the user interface with better support for dialog box
prompting, application-defined prompts, the possibility to use
defaults (for example default passwords from somewhere else) and
interrupts/cancelations.
2001-06-19 15:52:00 +00:00
Dr. Stephen Henson
3cc1f498a1 Don't set pointer if add_lock_callback used. 2001-06-19 00:04:57 +00:00
Bodo Möller
285b42756a pay attention to blocksize before attempting decryption 2001-06-15 18:05:09 +00:00
Bodo Möller
8a774dc9a6 Add directory name to the entry on /crypto/ui/. 2001-06-11 09:55:20 +00:00
Dr. Stephen Henson
f2a253e0dd Add support for MS CSP Name PKCS#12 attribute. 2001-06-11 00:43:20 +00:00
Bodo Möller
ecf186065c OAEP fix 2001-06-06 21:44:28 +00:00
Bodo Möller
31bc51c8cf Fix Bleichenbacher PKCS #1 1.5 countermeasure.
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway,
otherwise this would be a security relevant patch.)
2001-06-01 09:41:25 +00:00
Geoff Thorpe
d918f85146 Fix a memory leak in 'sk_dup' in the case a realloc() fails. Also, tidy up
a bit of weird code in sk_new.
2001-05-31 19:01:08 +00:00
Lutz Jänicke
7e97837274 Don't forget responsible person so that its clear who is to blame. 2001-05-29 13:52:21 +00:00
Richard Levitte
79bb8d0077 Document the latest change in ENGINEs. 2001-05-26 16:58:34 +00:00
Dr. Stephen Henson
76c919c1a3 Add missing variable length cipher flag for Blowfish.
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
2001-05-24 22:58:35 +00:00
Lutz Jänicke
e8734731d3 Increase ENTROPY_NEEDED to support Rijndael's larger key size. 2001-05-15 16:02:35 +00:00
Richard Levitte
496da8b918 Document the addition. 2001-05-13 10:37:02 +00:00
Dr. Stephen Henson
4831e626aa Change Win32 to use EXPORT_VAR_AS_FN.
Fix OPENSSL_IMPLEMENT_GLOBAL.

Allow Win32 to use EXPORT_VAR_AS_FN in mkdef.pl

make update.
2001-05-12 23:57:41 +00:00
Lutz Jänicke
3351b8d007 Update changelog to reflect additional changes made to the egd-locations. 2001-05-10 09:45:31 +00:00
Bodo Möller
4b49bf6a93 restore change undone in 1.831 (apparently by accident) 2001-05-10 09:33:18 +00:00
Dr. Stephen Henson
926a56bfe3 Purpose and trust setting functions for X509_STORE.
Tidy existing code.
2001-05-10 00:13:59 +00:00
Dr. Stephen Henson
bdee69f718 Allow various X509_STORE_CTX properties to be
inherited from X509_STORE.

Add CRL checking options to other applications.
2001-05-09 00:30:39 +00:00
Bodo Möller
ff43e2e155 fix an old entry 2001-05-08 12:45:55 +00:00
Dr. Stephen Henson
b545dc6775 Initial CRL based revocation checking. 2001-05-07 22:52:50 +00:00
Richard Levitte
a63d5eaab2 Add a general user interface API. This is designed to replace things
like des_read_password and friends (backward compatibility functions
using this new API are provided).  The purpose is to remove prompting
functions from the DES code section as well as provide for prompting
through dialog boxes in a window system and the like.
2001-05-06 23:19:37 +00:00
Bodo Möller
24cc290b85 .rnd issues 2001-05-03 09:27:43 +00:00
Richard Levitte
d02408ad8a Remove part conflict indicator... 2001-05-02 07:15:03 +00:00
Geoff Thorpe
e5a77633cf Make notes about ENGINE changes. 2001-04-26 20:42:12 +00:00
Dr. Stephen Henson
c962479bdf Fix ASN1 bug when decoding OTHER type.
Various S/MIME DSA related fixes.
2001-04-21 12:06:01 +00:00
Geoff Thorpe
2a8a10eda6 Add notes about the new ENGINE functionality. 2001-04-19 23:06:00 +00:00
Geoff Thorpe
4d6115a5cc Make a note of the recent ENGINE developments. 2001-04-18 21:12:02 +00:00
Bodo Möller
3a25b96caf typo 2001-04-18 15:11:42 +00:00
Bodo Möller
6e6d04e29a fix md_rand.c locking bugs 2001-04-18 15:07:35 +00:00