wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
6881 commits 20 branches 302 tags 153 MiB
Commit graph

1247 commits

Author SHA1 Message Date
Richard Levitte
a5db6fa576 Define a STORE type. For documentation, read the entry in CHANGES, 
crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h.
 2003-05-01 03:53:12 +00:00
Richard Levitte
535fba4907 Define the OPENSSL_ITEM structure. 2003-05-01 03:45:18 +00:00
Richard Levitte
1ae0a83bdd Add BUF_strndup() and BUF_memdup(). Not currently used, but I've code 
that uses them that I'll commit in a few days.
 2003-04-29 22:08:57 +00:00
Richard Levitte
9d6c32d6d1 Correct documentation. sk_find_ex() doesn't return a pointer, it 
returns an index.
 2003-04-29 20:31:58 +00:00
Richard Levitte
ea5240a5ed Add an extended variant of OBJ_bsearch() that can be given a few 
flags.
 2003-04-29 20:25:21 +00:00
Bodo Möller
7a04fdd87f include 'Changes between 0.9.6i and 0.9.6j' 2003-04-11 15:03:12 +00:00
Richard Levitte
16b1b03543 Implement self-signing in 'openssl ca'. This makes it easier to have 
the CA certificate part of the CA database, and combined with
'unique_subject=no', it should make operations like CA certificate
roll-over easier.
 2003-04-03 22:33:59 +00:00
Richard Levitte
e6526fbf4d Add functionality to help making self-signed certificate. 2003-04-03 22:27:24 +00:00
Richard Levitte
f85b68cd49 Make it possible to have multiple active certificates with the same 
subject.
 2003-04-03 16:33:03 +00:00
Bodo Möller
5679bcce07 make RSA blinding thread-safe 2003-04-02 09:50:22 +00:00
Dr. Stephen Henson
1a15c89988 Multi valued AVA support. 2003-03-30 01:51:16 +00:00
Dr. Stephen Henson
520b76ffd9 Support for name constraints. 2003-03-24 17:04:44 +00:00
Dr. Stephen Henson
f80153e20b Support for policy constraints. 2003-03-21 16:26:20 +00:00
Bodo Möller
c554155b58 make sure RSA blinding works when the PRNG is not properly seeded; 
enable it automatically for the built-in engine
 2003-03-20 17:31:30 +00:00
Dr. Stephen Henson
a1d12daed2 Support for policyMappings 2003-03-20 17:26:44 +00:00
Bodo Möller
02da5bcd83 countermeasure against new Klima-Pokorny-Rosa atack 2003-03-19 19:19:53 +00:00
Geoff Thorpe
bba2cb3ada Fix a bone-head bug. This warrants a CHANGES entry because it could affect 
applications if they were passing a bogus 'flags' parameter yet having
things work as they wanted anyway.
 2003-03-13 20:28:42 +00:00
Geoff Thorpe
879650b866 The default implementation of DSA_METHOD has an interdependence on the 
dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and
dsa_sign_setup(). When another DSA_METHOD implementation does not define
these lower-level handlers, it becomes impossible to do a fallback to
software on errors using a simple DSA_OpenSSL()->fn(key).

This change allows the default DSA_METHOD to function in such circumstances
by only using dsa_mod_exp() and bn_mod_exp() handlers if they exist,
otherwise using BIGNUM implementations directly (which is what those
handlers did before this change). There should be no noticable difference
for the software case, or indeed any custom case that didn't already
segfault, except perhaps that there is now one less level of indirection in
all cases.

PR: 507
 2003-03-11 01:49:21 +00:00
Bodo Möller
176f31ddec - new ECDH_compute_key interface (KDF is no longer a fixed built-in) 
- bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary
 2003-02-28 15:37:10 +00:00
Dr. Stephen Henson
f0dc08e656 Support for dirName from config files in GeneralName extensions. 2003-02-27 01:54:11 +00:00
Dr. Stephen Henson
e9ec63961b Fix indefinite length encoding so EOC correctly updates 
the buffer pointer.

Rename PKCS7_PARTSIGN to PKCS7_STREAM.

Guess what that's for :-)
 2003-02-25 19:03:31 +00:00
Ulf Möller
63ff3e83fc Add instructions for building the MinGW target in Cygwin, and 
rearrange some of the other text for better readability.
 2003-02-22 23:03:42 +00:00
Richard Levitte
132eaa59da Allow building applications against static libraries with Makefile.shared. 2003-02-22 14:41:34 +00:00
Dr. Stephen Henson
5562cfaca4 Base64 bio fixes. The base64 bio was seriously broken 
when reading from a non blocking BIO.

It would incorrectly interpret retries as EOF, incorrectly
buffer initial data and have no buffering at all after initial
data (data would be sent one byte at a time to EVP_DecodeUpdate).
 2003-02-22 02:12:52 +00:00
Richard Levitte
5b0b0e98ce Security fix: Vaudenay timing attack on CBC. 
An advisory will be posted to the web.  Expect a release within the hour.
 2003-02-19 12:03:59 +00:00
Richard Levitte
758f942b88 Make the no-err option work properly 2003-02-18 12:14:57 +00:00
Dr. Stephen Henson
27068df7e0 Single pass processing to cleartext S/MIME signing. 2003-02-15 00:50:55 +00:00
Richard Levitte
b7bbac72c4 Add support for IA64. 
PR: 454
 2003-02-14 13:30:35 +00:00
Richard Levitte
2d3de726c5 Add full support for -rpath/-R, both in shared libraries and 
applications, at least on the platforms where it's known how
to do it.

Note: this has only been tested on GNU-based platforms (Linux), and
needs to be tested on all others.  Additionally, it's not yet
supported on the following platforms, for lack of information:

Darwin (MacOS X)
Cygwin
OSF1/Alpha
SVR3
ReliantUNIX

Please help out with testing and the platforms we don't yet know well
enough.
 2003-02-13 23:52:54 +00:00
Richard Levitte
9ec1d35f29 Adjust DES_cbc_cksum() so the returned value is the same as MIT's 
mit_des_cbc_cksum().  The difference was first observed, then verified by
looking at the MIT source.
 2003-02-12 17:20:39 +00:00
Dr. Stephen Henson
cf56663fb7 Option to disable SSL auto chain build 2003-02-12 17:06:02 +00:00
Bodo Möller
8537943e8b first section is now "Changes between 0.9.7a and 0.9.8", not "... 0.9.7 and 0.9.8" 2003-02-11 16:42:30 +00:00
Bodo Möller
24893ca999 typo 2003-02-06 19:32:06 +00:00
Bodo Möller
37c660ff9b implement fast point multiplication with precomputation 
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
 2003-02-06 19:25:12 +00:00
Dr. Stephen Henson
4e5d3a7f98 IPv6 display and input support for extensions usingh GeneralName. 2003-02-05 00:34:31 +00:00
Richard Levitte
0b13e9f055 Add the possibility to build without the ENGINE framework. 
PR: 287
 2003-01-30 17:39:26 +00:00
Geoff Thorpe
96f7065f63 Summarise the last couple of commits. 2003-01-30 15:52:40 +00:00
Bodo Möller
c1862f9136 consistency 2003-01-24 22:28:32 +00:00
Dr. Stephen Henson
d3b5cb5343 Check return value of gmtime() and add error codes 
where it fails in ASN1_TIME_set().

Edit asn1.h so the new error code is the same in 0.9.7
and 0.9.8, rebuild new error codes.

Clear error queue in req.c if *_min or *_max is absent.
 2003-01-24 01:12:01 +00:00
Lutz Jänicke
a74333f905 Fix initialization sequence to prevent freeing of unitialized objects. 
Submitted by: Nils Larsch <nla@trustcenter.de>

PR: 459
 2003-01-15 14:54:59 +00:00
Lutz Jänicke
8ec16ce711 Really fix SSLv2 session ID handling 
PR: 377
 2003-01-15 09:51:22 +00:00
Geoff Thorpe
0e4aa0d2d2 As with RSA, which was modified recently, this change makes it possible to 
override key-generation implementations by placing handlers in the methods
for DSA and DH. Also, parameter generation for DSA and DH is possible by
another new handler for each method.
 2003-01-15 02:01:55 +00:00
Richard Levitte
04aff67de4 Merge from 0.9.7-stable. 2003-01-13 17:16:25 +00:00
Bodo Möller
9d5390a049 document BN_GENCB API by adding an example 2003-01-13 13:44:20 +00:00
Richard Levitte
afd41c9fc7 Add better support for FreeBSD on non-x86 machines. 
Add specific support for FreeBSD on sparc64.
PR: 427
 2003-01-12 04:43:44 +00:00
Richard Levitte
4a9476dd8d When preparing a separate build tree, don't make softlinks to softlinks. 
Add instructions in INSTALL, for easy access.
PR: 437
 2003-01-10 10:56:14 +00:00
Richard Levitte
7a1c6aa2a3 It's rather silly to believe we'd release 0.9.7a in 2002 :-). 
It's even more silly to pretend we know which year 0.9.8 will be
released.
 2002-12-31 01:00:06 +00:00
Richard Levitte
948dcdb81b Merge in changes from 0.9.7-stable. 2002-12-31 00:02:10 +00:00
Richard Levitte
08101d72ce Merge in changes from 0.9.7-stable. 2002-12-30 23:56:09 +00:00
Lutz Jänicke
21cde7a41c Fix wrong handling of session ID in SSLv2 client code. 
PR: 377
 2002-12-29 20:59:35 +00:00
Richard Levitte
9cd16b1dea We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies, 
and then didn't support it very well.  And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...
 2002-12-19 22:10:12 +00:00
Richard Levitte
a1457874c6 OK, there's at least one application author who has provided dynamic locking 
callbacks
 2002-12-13 07:30:53 +00:00
Richard Levitte
14676ffcd6 Document the modifications in 0.9.7 that will make the hw_ncipher.c 
engine work properly even in bad situations.
 2002-12-12 17:40:15 +00:00
Richard Levitte
fdaea9ed2e Since it's defined in draft-ietf-tls-compression-04.txt, let's make 
ZLIB a known compression method, with the identity 1.
 2002-12-08 09:31:41 +00:00
Geoff Thorpe
e9224c7177 This is a first-cut at improving the callback mechanisms used in 
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.

This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing.  The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones.  The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.

There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
 2002-12-08 05:24:31 +00:00
Richard Levitte
43ecece595 Merge in relevant changes from the OpenSSL 0.9.6h release. 2002-12-05 21:50:13 +00:00
Dr. Stephen Henson
2053c43de2 In asn1_d2i_read_bio, don't assume BIO_read will 
return the requested number of bytes when reading
content.
 2002-12-03 23:50:59 +00:00
Richard Levitte
df29cc8f77 Add OPENSSL_cleanse() to help cleanse memory and avoid certain compiler 
and linker optimizations.
PR: 343
 2002-11-27 12:24:05 +00:00
Richard Levitte
17582ccf21 Heimdal isn't really supported right now. Say so, and offer a possibility 
to force the use of Heimdal, and warn if that's used.
PR: 346
 2002-11-26 10:11:58 +00:00
Lutz Jänicke
6a8afe2201 Fix bug introduced by the attempt to fix client side external session 
caching (#288): now internal caching failed (#351):
Make sure, that cipher_id is set before comparing.
Submitted by:
Reviewed by:
PR: 288 (and 351)
 2002-11-20 10:48:58 +00:00
Richard Levitte
20199ca809 Document the addition of certificate pairs. 2002-11-18 23:56:15 +00:00
Richard Levitte
0bf23d9b20 WinCE patches 2002-11-15 22:37:18 +00:00
Richard Levitte
6f17f16fd5 Changes to make shared library building and use work better with Cygwin 2002-11-15 16:48:38 +00:00
Richard Levitte
84034f7aec Document the change to remove the 'done' flag variable in the 
OpenSSL_add_all_*() routines
 2002-11-15 13:58:11 +00:00
Richard Levitte
0a5942093e We need to read one more byte of the REQUEST-CERTIFICATE message. 
PR: 300
 2002-11-15 09:15:55 +00:00
Bodo Möller
2b2ab52354 harmonize with 0.9.7 tree 2002-11-14 12:17:47 +00:00
Richard Levitte
83411793b6 Handle last lines that aren't properly terminated. 
PR: 308
 2002-11-14 06:51:18 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Richard Levitte
c81a15099a X509_NAME_cmp() now compares PrintableString and emailAddress with a value of type 
ia5String correctly.
PR: 244
 2002-11-09 21:52:20 +00:00
Bodo Möller
b53e44e572 implement and use new macros BN_get_sign(), BN_set_sign() 
Submitted by: Nils Larsch
 2002-11-04 13:17:22 +00:00
Geoff Thorpe
9c3db400dc The recent CHANGES note between 0.9.6g and 0.9.6h needs copying into the 
other branches.
 2002-10-29 18:01:08 +00:00
Bodo Möller
19b8d06a79 clean up new code for NIST primes 
create new lock CRYPTO_LOCK_BN to avoid race condition
 2002-10-28 14:02:19 +00:00
Bodo Möller
5c6bf03117 fast reduction for NIST curves 
Submitted by: Nils Larsch
 2002-10-28 13:23:24 +00:00
Richard Levitte
874fee478c Clarify where the engines are by default. 2002-10-12 16:07:31 +00:00
Richard Levitte
6f7c2cb31e Step 14 of move of engines: Final step, document the change. 2002-10-11 22:06:44 +00:00
Bodo Möller
3e06fb754e synchronize with 0.9.7-stable version of this file 2002-10-11 17:56:34 +00:00
Richard Levitte
30afcc072a Move the shared library construction stuff to Makefile.shared, a 
helper makefile that generalises our way of building shared libraries
and is designed to take care of almost anything (I hope).
 2002-10-11 00:37:11 +00:00
Richard Levitte
7ba3a4c3d2 RFC 2712 redefines the codes for use of Kerberos 5 in SSL/TLS. 
PR: 189
 2002-10-10 07:59:03 +00:00
Dr. Stephen Henson
fc6a6a1030 Add version info to Win32 DLLs. 
We might want to edit the strings a bit...

Maybe add to 0.9.7 too?
 2002-10-04 21:22:47 +00:00
Dr. Stephen Henson
9a48b07ee4 Various enhancements to PKCS#12 code, new 
medium level API, improved PKCS12_create
and additional functionality in pkcs12
utility.
 2002-10-03 23:53:52 +00:00
Dr. Stephen Henson
230fd6b7b6 Preliminary streaming ASN1 encode support. 2002-10-03 12:38:52 +00:00
Bodo Möller
929f116733 fix more race conditions 
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
 2002-09-26 15:52:34 +00:00
Bodo Möller
b8565a9af9 really fix race conditions 
Submitted by: "Patrick McCormick" <patrick@tellme.com>

PR: 262
PR: 291
 2002-09-25 15:38:57 +00:00
Bodo Möller
e78f137899 really fix race condition 
PR: 262
 2002-09-23 14:25:07 +00:00
Bodo Möller
a4f53a1c73 there is no minimum length for session IDs 
PR: 274
 2002-09-19 11:44:07 +00:00
Bodo Möller
a90ae02454 fix race condition 
PR: 262
 2002-09-19 11:26:45 +00:00
Bodo Möller
9226e2187c Let 'openssl req' fail if an argument to '-newkey' is not 
recognized instead of using RSA as a default.
 2002-09-10 07:34:45 +00:00
Bodo Möller
ba11121731 -nameopt fix has been moved to 0.9.7 2002-09-02 14:22:51 +00:00
Bodo Möller
ed5e37c309 mention EC_get_builtin_curves() 2002-09-02 07:12:08 +00:00
Dr. Stephen Henson
fc85ac20c7 Make -nameopt work in req and add support for -reqopt 2002-08-22 23:43:48 +00:00
Lutz Jänicke
82a20fb0f0 Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb(). 
Submitted by:
Reviewed by:
PR: 212
 2002-08-16 17:04:04 +00:00
Dr. Stephen Henson
3f6db7f518 Fix block_size field for CFB and OFB modes: it should be 1. 2002-08-16 01:53:24 +00:00
Bodo Möller
7eb18f1237 Simplify handling of named curves: get rid of EC_GROUP_new_by_name(), 
EC_GROUP_new_by_nid() should be enough.  This avoids a lot of
redundancy.

Submitted by: Nils Larsch
 2002-08-15 09:21:31 +00:00
Bodo Möller
749d055eba move a TODO from CHANGES to STATUS 2002-08-14 11:07:29 +00:00
Bodo Möller
49a0f77867 add 'TODO' items 2002-08-14 10:49:29 +00:00
Dr. Stephen Henson
2af52de7b5 Fix typo in OBJ_txt2obj which incorrectly passed the content 
length, instead of the encoding length to d2i_ASN1_OBJECT.

This wasn't visible before becuse ASN1_get_object() used
to read past the length of the supplied buffer.
 2002-08-14 00:48:02 +00:00
Bodo Möller
8e28c67155 add 0.9.6g information 2002-08-12 08:45:00 +00:00
Bodo Möller
ea26226046 ECC ciphersuite support 
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
 2002-08-09 08:56:08 +00:00
Bodo Möller
e172d60ddb Add ECDH support. 
Additional changes:
 - use EC_GROUP_get_degree() in apps/req.c
 - add ECDSA and ECDH to apps/speed.c
 - adds support for EC curves over binary fields to ECDSA
 - new function EC_KEY_up_ref() in crypto/ec/ec_key.c
 - reorganize crypto/ecdsa/ecdsatest.c
 - add engine support for ECDH
 - fix a few bugs in ECDSA engine support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
 2002-08-09 08:43:04 +00:00
Richard Levitte
fbe792f0ac 0.9.6f is released 2002-08-08 22:55:28 +00:00
Dr. Stephen Henson
f908226898 Fix the ASN1 sanity check: correct header length 
calculation and check overflow against LONG_MAX.
 2002-08-02 18:48:55 +00:00
Bodo Möller
909abce800 disable Sun divison algorithm by default 2002-08-02 18:26:02 +00:00
Bodo Möller
95ecacf8a2 Let BN_rand_range() abort with an error after 100 iterations 
without success.
 2002-08-02 15:02:03 +00:00
Bodo Möller
6fb60a84dd Change BN_mod_sqrt() so that it verifies that the input value is 
really the square of the return value.
 2002-08-02 14:57:53 +00:00
Bodo Möller
35b73a1f20 Rename implementations of method functions so that they match 
the new method names where _GF... suffixes have been removed.

Revert changes to ..._{get/set}_Jprojective_coordinates_...:
The current implementation for ECC over binary fields does not use
projective coordinates, and if it did, it would not use Jacobian
projective coordinates; so it's OK to use the ..._GFp prefix for all
this.

Add author attributions to some files so that it doesn't look
as if Sun wrote all of this :-)
 2002-08-02 14:28:37 +00:00
Bodo Möller
9e4f9b36fc typos 2002-08-02 13:52:19 +00:00
Bodo Möller
7793f30e09 add support for elliptic curves over binary fields 
Submitted by: Duglas Stebila <douglas.stebila@sun.com>,
              Sheueling Chang <sheueling.chang@sun.com>

(CHANGES entries by Bodo Moeller)
 2002-08-02 13:42:24 +00:00
Bodo Möller
1dc920c8de Binary field arithmetic contributed by Sun Microsystems. 
The 'OPENSSL_NO_SUN_DIV' default is still subject to change,
so I didn't bother to finish the CHANGES entry yet.

Submitted by: Douglas Stebila <douglas.stebila@sun.com>, Sheueling Chang <sheueling.chang@sun.com>
(CHANGES entry by Bodo Moeller)
 2002-08-02 13:03:55 +00:00
Bodo Möller
16dc1cfb5c Add more WAP/WTLS elliptic curve OIDs. 
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
 2002-08-02 12:28:34 +00:00
Bodo Möller
5574e0ed41 get rid of OpenSSLDie 2002-08-02 11:48:15 +00:00
Lutz Jänicke
c046fffa16 OpenSSL Security Advisory [30 July 2002] 
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
 2002-07-30 13:04:04 +00:00
Richard Levitte
f013c7f2a6 Document the recent DJGPP-related changes 2002-07-23 13:45:38 +00:00
Bodo Möller
648765ba2f add an explanation and fix a typo 2002-07-22 08:39:44 +00:00
Lutz Jänicke
c6ccf055ba New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT. 
Submitted by:
Reviewed by:
PR: 127
 2002-07-19 19:55:34 +00:00
Richard Levitte
041843e47e For those wanting to build for several platforms with the same source 
directory, making a separate directory tree with lots of symbolic links
seems to be the solution.  Unfortunately, Configure doesn't take appropriate
steps to support this solution (as in removing a file that's going to be
rewritten).  This change corrects that situation.  Now I just have to
find all other places where there's lack of support for this.
 2002-07-16 09:19:37 +00:00
Bodo Möller
5dbd3efce7 Replace 'ecdsaparam' commandline utility by 'ecparam' 
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.

Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.

Fix ec_asn1.c (take into account the desired conversion form).

'make update'.

Submitted by: Nils Larsch
 2002-07-14 16:54:31 +00:00
Lutz Jänicke
063a8905bf Ciphers with NULL encryption were not properly handled because they were 
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
 2002-07-10 06:41:55 +00:00
Bodo Möller
ea4f109c99 AES cipher suites are now official (RFC3268) 2002-07-04 08:51:09 +00:00
Bodo Möller
76f8a1f51d update an entry on EVP changes 2002-06-26 14:21:16 +00:00
Geoff Thorpe
a6c6874a1a Make sure any ENGINE control commands make local copies of string 
pointers passed to them whenever necessary. Otherwise it is possible the
caller may have overwritten (or deallocated) the original string data
when a later ENGINE operation tries to use the stored values.

Submitted by: Götz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by: Geoff Thorpe
PR: 98
 2002-06-21 02:38:08 +00:00
Bodo Möller
5f3d6f70f6 Implement handling of EC parameter seeds (new functions 
EC_GROUP_set_seed(), EC_GROUP_get0_seed(), EC_GROUP_get_seed_len()).

New functions ECPKParameters_print(), ECPKParameters_print_fp().

Submitted by: Nils Larsch
 2002-06-18 08:38:59 +00:00
Bodo Möller
c21506ba02 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC 
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
 2002-06-14 12:21:11 +00:00
Lutz Jänicke
e1f7ea25d2 Make change uniqueIdentifier -> x500UniqueIdentifier clearly visible. 
Submitted by:
Reviewed by:
PR: 82
 2002-06-12 20:46:38 +00:00
Bodo Möller
b8e0e12399 typo 2002-06-12 14:19:01 +00:00
Bodo Möller
254ef80db1 simplify asn1_flag 
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
 2002-06-12 14:01:17 +00:00
Ben Laurie
d15711efc6 Handle read errors. 2002-06-11 12:41:37 +00:00
Bodo Möller
458c29175e move ECC ASN1 that is not specific to ECDSA into crypto/ec/, 
and make some appropriate changes to the EC library.

Submitted by: Nils Larsch
 2002-06-10 12:18:21 +00:00
Richard Levitte
fbb56e5b1d Document the AES changes. 2002-05-31 13:16:10 +00:00
Bodo Möller
6cbe638294 New functions EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex(), EC_POINT_hex2point() 
Submitted by: Nils Larsch
 2002-05-30 13:16:03 +00:00
Bodo Möller
46ffee4792 fix EVP_dsa_sha macro 
Submitted by: Nils Larsch
 2002-05-16 12:51:18 +00:00
Dr. Stephen Henson
544a2aea4b Zero cipher_data in EVP_CIPHER_CTX_cleanup 
Add cleanup calls to evp_test.c

Allow reuse of cipher contexts by removing
automatic cleanup in EVP_*Final().
 2002-05-15 18:49:25 +00:00
Dr. Stephen Henson
dc014d43af Fallback to normal multiply if n2 == 8 and dna or dnb is not zero 
in bn_mul_recursive.

This is (hopefully) what was triggering bignum errors on 64 bit
platforms and causing the BN_mod_mul test to fail.
 2002-05-10 22:18:13 +00:00
Bodo Möller
b6db386ffd Change internals of the EC library so that the functions 
EC_GROUP_{set_generator,get_generator,get_order,get_cofactor} are
implemented directly in crypto/ec/ec_lib.c and not dispatched to
methods.

Also fix EC_GROUP_copy to copy the NID.
 2002-05-08 11:54:24 +00:00
Bodo Möller
f257d984b7 refer to latest draft for AES ciphersuites 2002-05-07 07:55:36 +00:00
Bodo Möller
47234cd3d2 update 2002-05-05 23:47:46 +00:00
Lutz Jänicke
c0455cbb18 Fix escaping when using the -subj option of "openssl req", document 
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
 2002-04-30 12:08:18 +00:00
Bodo Möller
8df61b5011 Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not 
encoded as NULL) with id-dsa-with-sha1.

Submitted by: Nils Larsch
 2002-04-26 08:28:34 +00:00
Bodo Möller
1064acafc4 check return values 
Submitted by: Nils Larsch
 2002-04-17 09:31:34 +00:00
Lutz Jänicke
e9cbcb1d98 Document OID changes. 2002-04-15 14:18:30 +00:00
Lutz Jänicke
30911232c1 Some more OID enhancements. 2002-04-15 10:41:38 +00:00
Lutz Jänicke
2940a1298e Fix CRLF problem in BASE64 decode. 2002-04-15 09:55:40 +00:00
Bodo Möller
82b0bf0b87 Implement known-IV countermeasure. 
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
 2002-04-13 22:47:20 +00:00
Bodo Möller
08b977b5a5 looks like a typo 2002-04-12 13:52:40 +00:00
Bodo Möller
85fb12d554 clean up and synchronize with 0.9.6-stable 2002-04-12 13:45:29 +00:00
Lutz Jänicke
381a146dc6 Synchronize with 0.9.7-stable branch 2002-04-10 19:52:40 +00:00
Bodo Möller
4f4b192402 add usage examples 2002-04-09 11:54:24 +00:00
Lutz Jänicke
4825092bbe Fix buggy object definitions (Svenning Sorensen <sss@sss.dnsalias.net>). 2002-04-04 17:48:37 +00:00
Lutz Jänicke
ffbe98b763 Make short names of objects RFC2256-compliant. 2002-03-26 17:18:48 +00:00
Richard Levitte
0d81c69b8e Add the possibility to enable olde des support, not just disable it, for future support. Redocument 2002-03-26 14:28:04 +00:00
Bodo Möller
82652aaf17 fix DH_generate_parameters for general 'generator' 2002-03-20 16:04:04 +00:00