wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
6168 commits 20 branches 302 tags 153 MiB
Commit graph

1199 commits

Author SHA1 Message Date
Richard Levitte
08101d72ce Merge in changes from 0.9.7-stable. 2002-12-30 23:56:09 +00:00
Lutz Jänicke
21cde7a41c Fix wrong handling of session ID in SSLv2 client code. 
PR: 377
 2002-12-29 20:59:35 +00:00
Richard Levitte
9cd16b1dea We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies, 
and then didn't support it very well.  And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...
 2002-12-19 22:10:12 +00:00
Richard Levitte
a1457874c6 OK, there's at least one application author who has provided dynamic locking 
callbacks
 2002-12-13 07:30:53 +00:00
Richard Levitte
14676ffcd6 Document the modifications in 0.9.7 that will make the hw_ncipher.c 
engine work properly even in bad situations.
 2002-12-12 17:40:15 +00:00
Richard Levitte
fdaea9ed2e Since it's defined in draft-ietf-tls-compression-04.txt, let's make 
ZLIB a known compression method, with the identity 1.
 2002-12-08 09:31:41 +00:00
Geoff Thorpe
e9224c7177 This is a first-cut at improving the callback mechanisms used in 
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.

This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing.  The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones.  The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.

There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
 2002-12-08 05:24:31 +00:00
Richard Levitte
43ecece595 Merge in relevant changes from the OpenSSL 0.9.6h release. 2002-12-05 21:50:13 +00:00
Dr. Stephen Henson
2053c43de2 In asn1_d2i_read_bio, don't assume BIO_read will 
return the requested number of bytes when reading
content.
 2002-12-03 23:50:59 +00:00
Richard Levitte
df29cc8f77 Add OPENSSL_cleanse() to help cleanse memory and avoid certain compiler 
and linker optimizations.
PR: 343
 2002-11-27 12:24:05 +00:00
Richard Levitte
17582ccf21 Heimdal isn't really supported right now. Say so, and offer a possibility 
to force the use of Heimdal, and warn if that's used.
PR: 346
 2002-11-26 10:11:58 +00:00
Lutz Jänicke
6a8afe2201 Fix bug introduced by the attempt to fix client side external session 
caching (#288): now internal caching failed (#351):
Make sure, that cipher_id is set before comparing.
Submitted by:
Reviewed by:
PR: 288 (and 351)
 2002-11-20 10:48:58 +00:00
Richard Levitte
20199ca809 Document the addition of certificate pairs. 2002-11-18 23:56:15 +00:00
Richard Levitte
0bf23d9b20 WinCE patches 2002-11-15 22:37:18 +00:00
Richard Levitte
6f17f16fd5 Changes to make shared library building and use work better with Cygwin 2002-11-15 16:48:38 +00:00
Richard Levitte
84034f7aec Document the change to remove the 'done' flag variable in the 
OpenSSL_add_all_*() routines
 2002-11-15 13:58:11 +00:00
Richard Levitte
0a5942093e We need to read one more byte of the REQUEST-CERTIFICATE message. 
PR: 300
 2002-11-15 09:15:55 +00:00
Bodo Möller
2b2ab52354 harmonize with 0.9.7 tree 2002-11-14 12:17:47 +00:00
Richard Levitte
83411793b6 Handle last lines that aren't properly terminated. 
PR: 308
 2002-11-14 06:51:18 +00:00
Ben Laurie
54a656ef08 Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
Richard Levitte
c81a15099a X509_NAME_cmp() now compares PrintableString and emailAddress with a value of type 
ia5String correctly.
PR: 244
 2002-11-09 21:52:20 +00:00
Bodo Möller
b53e44e572 implement and use new macros BN_get_sign(), BN_set_sign() 
Submitted by: Nils Larsch
 2002-11-04 13:17:22 +00:00
Geoff Thorpe
9c3db400dc The recent CHANGES note between 0.9.6g and 0.9.6h needs copying into the 
other branches.
 2002-10-29 18:01:08 +00:00
Bodo Möller
19b8d06a79 clean up new code for NIST primes 
create new lock CRYPTO_LOCK_BN to avoid race condition
 2002-10-28 14:02:19 +00:00
Bodo Möller
5c6bf03117 fast reduction for NIST curves 
Submitted by: Nils Larsch
 2002-10-28 13:23:24 +00:00
Richard Levitte
874fee478c Clarify where the engines are by default. 2002-10-12 16:07:31 +00:00
Richard Levitte
6f7c2cb31e Step 14 of move of engines: Final step, document the change. 2002-10-11 22:06:44 +00:00
Bodo Möller
3e06fb754e synchronize with 0.9.7-stable version of this file 2002-10-11 17:56:34 +00:00
Richard Levitte
30afcc072a Move the shared library construction stuff to Makefile.shared, a 
helper makefile that generalises our way of building shared libraries
and is designed to take care of almost anything (I hope).
 2002-10-11 00:37:11 +00:00
Richard Levitte
7ba3a4c3d2 RFC 2712 redefines the codes for use of Kerberos 5 in SSL/TLS. 
PR: 189
 2002-10-10 07:59:03 +00:00
Dr. Stephen Henson
fc6a6a1030 Add version info to Win32 DLLs. 
We might want to edit the strings a bit...

Maybe add to 0.9.7 too?
 2002-10-04 21:22:47 +00:00
Dr. Stephen Henson
9a48b07ee4 Various enhancements to PKCS#12 code, new 
medium level API, improved PKCS12_create
and additional functionality in pkcs12
utility.
 2002-10-03 23:53:52 +00:00
Dr. Stephen Henson
230fd6b7b6 Preliminary streaming ASN1 encode support. 2002-10-03 12:38:52 +00:00
Bodo Möller
929f116733 fix more race conditions 
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
 2002-09-26 15:52:34 +00:00
Bodo Möller
b8565a9af9 really fix race conditions 
Submitted by: "Patrick McCormick" <patrick@tellme.com>

PR: 262
PR: 291
 2002-09-25 15:38:57 +00:00
Bodo Möller
e78f137899 really fix race condition 
PR: 262
 2002-09-23 14:25:07 +00:00
Bodo Möller
a4f53a1c73 there is no minimum length for session IDs 
PR: 274
 2002-09-19 11:44:07 +00:00
Bodo Möller
a90ae02454 fix race condition 
PR: 262
 2002-09-19 11:26:45 +00:00
Bodo Möller
9226e2187c Let 'openssl req' fail if an argument to '-newkey' is not 
recognized instead of using RSA as a default.
 2002-09-10 07:34:45 +00:00
Bodo Möller
ba11121731 -nameopt fix has been moved to 0.9.7 2002-09-02 14:22:51 +00:00
Bodo Möller
ed5e37c309 mention EC_get_builtin_curves() 2002-09-02 07:12:08 +00:00
Dr. Stephen Henson
fc85ac20c7 Make -nameopt work in req and add support for -reqopt 2002-08-22 23:43:48 +00:00
Lutz Jänicke
82a20fb0f0 Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb(). 
Submitted by:
Reviewed by:
PR: 212
 2002-08-16 17:04:04 +00:00
Dr. Stephen Henson
3f6db7f518 Fix block_size field for CFB and OFB modes: it should be 1. 2002-08-16 01:53:24 +00:00
Bodo Möller
7eb18f1237 Simplify handling of named curves: get rid of EC_GROUP_new_by_name(), 
EC_GROUP_new_by_nid() should be enough.  This avoids a lot of
redundancy.

Submitted by: Nils Larsch
 2002-08-15 09:21:31 +00:00
Bodo Möller
749d055eba move a TODO from CHANGES to STATUS 2002-08-14 11:07:29 +00:00
Bodo Möller
49a0f77867 add 'TODO' items 2002-08-14 10:49:29 +00:00
Dr. Stephen Henson
2af52de7b5 Fix typo in OBJ_txt2obj which incorrectly passed the content 
length, instead of the encoding length to d2i_ASN1_OBJECT.

This wasn't visible before becuse ASN1_get_object() used
to read past the length of the supplied buffer.
 2002-08-14 00:48:02 +00:00
Bodo Möller
8e28c67155 add 0.9.6g information 2002-08-12 08:45:00 +00:00
Bodo Möller
ea26226046 ECC ciphersuite support 
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
(Authors: Vipul Gupta and Sumit Gupta, Sun Microsystems Laboratories)
 2002-08-09 08:56:08 +00:00
Bodo Möller
e172d60ddb Add ECDH support. 
Additional changes:
 - use EC_GROUP_get_degree() in apps/req.c
 - add ECDSA and ECDH to apps/speed.c
 - adds support for EC curves over binary fields to ECDSA
 - new function EC_KEY_up_ref() in crypto/ec/ec_key.c
 - reorganize crypto/ecdsa/ecdsatest.c
 - add engine support for ECDH
 - fix a few bugs in ECDSA engine support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
 2002-08-09 08:43:04 +00:00
Richard Levitte
fbe792f0ac 0.9.6f is released 2002-08-08 22:55:28 +00:00
Dr. Stephen Henson
f908226898 Fix the ASN1 sanity check: correct header length 
calculation and check overflow against LONG_MAX.
 2002-08-02 18:48:55 +00:00
Bodo Möller
909abce800 disable Sun divison algorithm by default 2002-08-02 18:26:02 +00:00
Bodo Möller
95ecacf8a2 Let BN_rand_range() abort with an error after 100 iterations 
without success.
 2002-08-02 15:02:03 +00:00
Bodo Möller
6fb60a84dd Change BN_mod_sqrt() so that it verifies that the input value is 
really the square of the return value.
 2002-08-02 14:57:53 +00:00
Bodo Möller
35b73a1f20 Rename implementations of method functions so that they match 
the new method names where _GF... suffixes have been removed.

Revert changes to ..._{get/set}_Jprojective_coordinates_...:
The current implementation for ECC over binary fields does not use
projective coordinates, and if it did, it would not use Jacobian
projective coordinates; so it's OK to use the ..._GFp prefix for all
this.

Add author attributions to some files so that it doesn't look
as if Sun wrote all of this :-)
 2002-08-02 14:28:37 +00:00
Bodo Möller
9e4f9b36fc typos 2002-08-02 13:52:19 +00:00
Bodo Möller
7793f30e09 add support for elliptic curves over binary fields 
Submitted by: Duglas Stebila <douglas.stebila@sun.com>,
              Sheueling Chang <sheueling.chang@sun.com>

(CHANGES entries by Bodo Moeller)
 2002-08-02 13:42:24 +00:00
Bodo Möller
1dc920c8de Binary field arithmetic contributed by Sun Microsystems. 
The 'OPENSSL_NO_SUN_DIV' default is still subject to change,
so I didn't bother to finish the CHANGES entry yet.

Submitted by: Douglas Stebila <douglas.stebila@sun.com>, Sheueling Chang <sheueling.chang@sun.com>
(CHANGES entry by Bodo Moeller)
 2002-08-02 13:03:55 +00:00
Bodo Möller
16dc1cfb5c Add more WAP/WTLS elliptic curve OIDs. 
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
 2002-08-02 12:28:34 +00:00
Bodo Möller
5574e0ed41 get rid of OpenSSLDie 2002-08-02 11:48:15 +00:00
Lutz Jänicke
c046fffa16 OpenSSL Security Advisory [30 July 2002] 
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
 2002-07-30 13:04:04 +00:00
Richard Levitte
f013c7f2a6 Document the recent DJGPP-related changes 2002-07-23 13:45:38 +00:00
Bodo Möller
648765ba2f add an explanation and fix a typo 2002-07-22 08:39:44 +00:00
Lutz Jänicke
c6ccf055ba New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT. 
Submitted by:
Reviewed by:
PR: 127
 2002-07-19 19:55:34 +00:00
Richard Levitte
041843e47e For those wanting to build for several platforms with the same source 
directory, making a separate directory tree with lots of symbolic links
seems to be the solution.  Unfortunately, Configure doesn't take appropriate
steps to support this solution (as in removing a file that's going to be
rewritten).  This change corrects that situation.  Now I just have to
find all other places where there's lack of support for this.
 2002-07-16 09:19:37 +00:00
Bodo Möller
5dbd3efce7 Replace 'ecdsaparam' commandline utility by 'ecparam' 
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.

Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.

Fix ec_asn1.c (take into account the desired conversion form).

'make update'.

Submitted by: Nils Larsch
 2002-07-14 16:54:31 +00:00
Lutz Jänicke
063a8905bf Ciphers with NULL encryption were not properly handled because they were 
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
 2002-07-10 06:41:55 +00:00
Bodo Möller
ea4f109c99 AES cipher suites are now official (RFC3268) 2002-07-04 08:51:09 +00:00
Bodo Möller
76f8a1f51d update an entry on EVP changes 2002-06-26 14:21:16 +00:00
Geoff Thorpe
a6c6874a1a Make sure any ENGINE control commands make local copies of string 
pointers passed to them whenever necessary. Otherwise it is possible the
caller may have overwritten (or deallocated) the original string data
when a later ENGINE operation tries to use the stored values.

Submitted by: Götz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by: Geoff Thorpe
PR: 98
 2002-06-21 02:38:08 +00:00
Bodo Möller
5f3d6f70f6 Implement handling of EC parameter seeds (new functions 
EC_GROUP_set_seed(), EC_GROUP_get0_seed(), EC_GROUP_get_seed_len()).

New functions ECPKParameters_print(), ECPKParameters_print_fp().

Submitted by: Nils Larsch
 2002-06-18 08:38:59 +00:00
Bodo Möller
c21506ba02 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC 
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
 2002-06-14 12:21:11 +00:00
Lutz Jänicke
e1f7ea25d2 Make change uniqueIdentifier -> x500UniqueIdentifier clearly visible. 
Submitted by:
Reviewed by:
PR: 82
 2002-06-12 20:46:38 +00:00
Bodo Möller
b8e0e12399 typo 2002-06-12 14:19:01 +00:00
Bodo Möller
254ef80db1 simplify asn1_flag 
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
 2002-06-12 14:01:17 +00:00
Ben Laurie
d15711efc6 Handle read errors. 2002-06-11 12:41:37 +00:00
Bodo Möller
458c29175e move ECC ASN1 that is not specific to ECDSA into crypto/ec/, 
and make some appropriate changes to the EC library.

Submitted by: Nils Larsch
 2002-06-10 12:18:21 +00:00
Richard Levitte
fbb56e5b1d Document the AES changes. 2002-05-31 13:16:10 +00:00
Bodo Möller
6cbe638294 New functions EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex(), EC_POINT_hex2point() 
Submitted by: Nils Larsch
 2002-05-30 13:16:03 +00:00
Bodo Möller
46ffee4792 fix EVP_dsa_sha macro 
Submitted by: Nils Larsch
 2002-05-16 12:51:18 +00:00
Dr. Stephen Henson
544a2aea4b Zero cipher_data in EVP_CIPHER_CTX_cleanup 
Add cleanup calls to evp_test.c

Allow reuse of cipher contexts by removing
automatic cleanup in EVP_*Final().
 2002-05-15 18:49:25 +00:00
Dr. Stephen Henson
dc014d43af Fallback to normal multiply if n2 == 8 and dna or dnb is not zero 
in bn_mul_recursive.

This is (hopefully) what was triggering bignum errors on 64 bit
platforms and causing the BN_mod_mul test to fail.
 2002-05-10 22:18:13 +00:00
Bodo Möller
b6db386ffd Change internals of the EC library so that the functions 
EC_GROUP_{set_generator,get_generator,get_order,get_cofactor} are
implemented directly in crypto/ec/ec_lib.c and not dispatched to
methods.

Also fix EC_GROUP_copy to copy the NID.
 2002-05-08 11:54:24 +00:00
Bodo Möller
f257d984b7 refer to latest draft for AES ciphersuites 2002-05-07 07:55:36 +00:00
Bodo Möller
47234cd3d2 update 2002-05-05 23:47:46 +00:00
Lutz Jänicke
c0455cbb18 Fix escaping when using the -subj option of "openssl req", document 
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
 2002-04-30 12:08:18 +00:00
Bodo Möller
8df61b5011 Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not 
encoded as NULL) with id-dsa-with-sha1.

Submitted by: Nils Larsch
 2002-04-26 08:28:34 +00:00
Bodo Möller
1064acafc4 check return values 
Submitted by: Nils Larsch
 2002-04-17 09:31:34 +00:00
Lutz Jänicke
e9cbcb1d98 Document OID changes. 2002-04-15 14:18:30 +00:00
Lutz Jänicke
30911232c1 Some more OID enhancements. 2002-04-15 10:41:38 +00:00
Lutz Jänicke
2940a1298e Fix CRLF problem in BASE64 decode. 2002-04-15 09:55:40 +00:00
Bodo Möller
82b0bf0b87 Implement known-IV countermeasure. 
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
 2002-04-13 22:47:20 +00:00
Bodo Möller
08b977b5a5 looks like a typo 2002-04-12 13:52:40 +00:00
Bodo Möller
85fb12d554 clean up and synchronize with 0.9.6-stable 2002-04-12 13:45:29 +00:00
Lutz Jänicke
381a146dc6 Synchronize with 0.9.7-stable branch 2002-04-10 19:52:40 +00:00
Bodo Möller
4f4b192402 add usage examples 2002-04-09 11:54:24 +00:00
Lutz Jänicke
4825092bbe Fix buggy object definitions (Svenning Sorensen <sss@sss.dnsalias.net>). 2002-04-04 17:48:37 +00:00
Lutz Jänicke
ffbe98b763 Make short names of objects RFC2256-compliant. 2002-03-26 17:18:48 +00:00
Richard Levitte
0d81c69b8e Add the possibility to enable olde des support, not just disable it, for future support. Redocument 2002-03-26 14:28:04 +00:00
Bodo Möller
82652aaf17 fix DH_generate_parameters for general 'generator' 2002-03-20 16:04:04 +00:00
Lutz Jänicke
11c26ecf81 Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>). 2002-03-19 16:42:09 +00:00
Bodo Möller
af28dd6c75 Fix bugs and typos. 
Add some WTLS curves.
New function EC_GROUP_check() (this will probably
be implemented differently soon).

Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
 2002-03-18 13:10:45 +00:00
Bodo Möller
304d90425f fix ssl3_pending 2002-03-15 10:52:32 +00:00
Lutz Jänicke
bfaa8a89e1 Add missing strength entries. 2002-03-14 18:53:15 +00:00
Bodo Möller
9bc448546e Add more curves. 
Submitted by: Nils Larsch

Remove unnecessary 'const'.
 2002-03-07 12:14:03 +00:00
Dr. Stephen Henson
0dc092334b ENGINE module additions. 
Add "init" command to control ENGINE
initialization.

Call ENGINE_finish on initialized ENGINEs on exit.

Reorder shutdown in apps.c: modules should be shut
down first.

Add test private key loader to openssl ENGINE: this
just loads a private key in PEM format.

Fix print format for dh length parameter.
 2002-03-06 14:15:13 +00:00
Bodo Möller
36c194638e add SECG OIDs 
Submitted by: Nils Larsch
 2002-03-06 13:47:32 +00:00
Bodo Möller
45fb737950 reference counting for EC_GROUP structures is not needed (at the 
moment at least), so remove it
 2002-03-06 09:46:17 +00:00
Bodo Möller
2d9b1b3ffa more X9.62 OIDs 
Submitted by: Nils Larsch <nla@trustcenter.de>
 2002-03-05 12:39:19 +00:00
Richard Levitte
0d22b5dace Document the added modes for AES 2002-02-28 11:29:55 +00:00
Bodo Möller
023ec151df Add 'void *' argument to app_verify_callback. 
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
 2002-02-28 10:52:56 +00:00
Geoff Thorpe
92d1bc09cb This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice 
Gittens.
 2002-02-27 22:55:28 +00:00
Lutz Jänicke
334f1842fc Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi). 2002-02-26 21:40:09 +00:00
Dr. Stephen Henson
e84be9b495 New OPENSSL_LOAD_CONF define to load openssl.cnf 
when OpenSSL_add_all_algorithms() is called.
 2002-02-23 01:00:44 +00:00
Dr. Stephen Henson
3647bee263 Config code updates. 
CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
 2002-02-22 14:01:21 +00:00
Dr. Stephen Henson
92f91ff48b Config file updates from stable branch 2002-02-21 00:54:54 +00:00
Bodo Möller
f8e21776f9 typo 2002-02-20 12:38:00 +00:00
Richard Levitte
49e045482a At Corinna Vinschen's request, change CygWin32 to Cygwin 2002-02-14 12:28:24 +00:00
Bodo Möller
4d94ae00d5 ECDSA support 
Submitted by: Nils Larsch <nla@trustcenter.de>
 2002-02-13 18:21:51 +00:00
Richard Levitte
0caec9e8f8 Modify the main trunk version to 0.9.8-dev. 
0.9.7 now lives in the branch OpenSSL_0_9_7-stable.
 2002-02-13 17:46:38 +00:00
Richard Levitte
1fe198b6f9 Update the configuration of CygWin32 to use the new capabilities of 
CygWin 1.3.x, which includes thread and shared library support.

Submitted by Corinna Vinschen <vinschen@redhat.com> and modified a
little bit.
 2002-02-13 14:44:33 +00:00
Lutz Jänicke
acfe628b6e Make removal from session cache more robust. 2002-02-10 12:46:41 +00:00
Lutz Jänicke
4de920c91d Do not store unneeded data. 2002-02-08 15:15:04 +00:00
Richard Levitte
3cd039dd8f Add notes on the added support for aep and sureware crypto cards in 
0.9.7.
 2002-02-07 22:15:53 +00:00
Richard Levitte
b9a3ef4c6e ASN1_BIT_STRING_set_bit() didn't clear previously set bits 2002-02-03 21:31:41 +00:00
Richard Levitte
1199e2d8cf Apply patch from Toomas Kiisk <vix@cyber.ee> and complete it. 2002-01-29 12:36:01 +00:00
Richard Levitte
a3fffd648b Add old patch from Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> to 
make it possible to produce shared libraries on ReliantUNIX.
 2002-01-26 03:17:27 +00:00
Richard Levitte
2d57b73a50 I got a request to make the "old des" symbols more closely tied to 
OpenSSL.  Adding '_ossl' in the name seems to be a good way to do
this.
 2002-01-26 01:14:09 +00:00
Richard Levitte
f14845d999 Apply Neale Ferguson's patch to add a configuration target for linux-s390x 2002-01-25 22:06:59 +00:00
Richard Levitte
80bb905d3d Apply the following changes by Toomas Kiisk <vix@cyber.ee>: 
* make openssl rsa work with -engine chil
* misc changes, including debug-linux-ppro Configure target
  and FORMAT_NETSCAPE-aware load_{,pub}key()

This completes the application of his changes.
 2002-01-25 19:43:52 +00:00
Richard Levitte
8242a6a9fc Document the change in rsautl. 2002-01-25 17:00:56 +00:00
Bodo Möller
a14e2d9dfe New functions 
ERR_peek_last_error
    ERR_peek_last_error_line
    ERR_peek_last_error_line_data
(supersedes ERR_peek_top_error).

Rename OPENSSL_NO_OLD_DES_SUPPORT into OPENSSL_DISABLE_OLD_DES_SUPPORT
because OPENSSL_NO_... indicates disabled algorithms (according to
mkdef.pl).
 2002-01-24 16:16:43 +00:00
Bodo Möller
a8b94d6409 Reword CHANGES entry for _old_des_..., as it was a little complicated 
syntactically.
 2002-01-24 14:05:55 +00:00
Richard Levitte
1285221370 To avoid all kinds of link-level clashes, rename all old des_* 
functions to _old_des_*.
 2002-01-24 12:26:50 +00:00
Lutz Jänicke
9b2f486c9e Document the current behaviour of the DES interface. 2002-01-23 10:12:45 +00:00
Dr. Stephen Henson
df5eaa8a52 default_algorithms option in ENGINE config. 2002-01-22 01:40:18 +00:00
Dr. Stephen Henson
c9501c223f Initial ENGINE config module, docs to follow. 
Fix buffer overrun errors in OPENSSL_conf().
 2002-01-21 03:02:36 +00:00
Bodo Möller
8c74b5e56c Bugfix: In ssl3_accept, don't use a local variable 'got_new_session' 
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
 2002-01-14 23:40:26 +00:00
Bodo Möller
c59ba5b528 Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if 
the SSL_R_LENGTH_MISMATCH error is detected.
 2002-01-14 12:37:59 +00:00
Dr. Stephen Henson
bc37d996fc Experimental configuration code. 
Incomplete, largely untested and subject to change/deletion.
 2002-01-05 01:37:16 +00:00
Bodo Möller
d59fb0dd2f Changes that break something should be included in CHANGES 
to make it easier to fix things.
 2002-01-04 13:27:52 +00:00
Bodo Möller
e5d6528a12 fix EVP_CIPHER_mode macro 
Submitted by: "Dan S. Camper" <dan@bti.net>
 2002-01-04 13:04:45 +00:00
Richard Levitte
6f9079fd50 Because Rijndael is more known as AES, use crypto/aes instead of 
crypto/rijndael.  Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).

This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.
 2002-01-02 16:55:35 +00:00
Ulf Möller
dcbbf83dba ssl3_read_bytes bug fix 
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
 2001-12-28 17:14:35 +00:00
Bodo Möller
3c89d78dba update FAQ and CHANGES file (0.9.6c has been released) 2001-12-21 12:29:52 +00:00
Ben Laurie
7c517a04b1 Security fix. 2001-12-20 12:18:08 +00:00
Bodo Möller
b5348a095d consistency with 0.9.6 stable "CHANGES" 2001-12-17 19:11:03 +00:00
Bodo Möller
66df02fd98 fix BN_rand_range 2001-12-14 10:09:29 +00:00