Bodo Möller
1fab73ac85
Bugfix: clear error queue after ignoring ssl_verify_cert_chain result.
2000-05-27 22:25:01 +00:00
Dr. Stephen Henson
be06a9348d
Second phase of EVP cipher overhaul.
...
Change functions like EVP_EncryptUpdate() so they now return a
value. These normally have software only implementations
which cannot fail so this was acceptable. However ciphers
can be implemented in hardware and these could return errors.
2000-05-27 12:38:43 +00:00
Dr. Stephen Henson
7f0606016c
Beginnings of EVP cipher overhaul. This should eventually
...
enhance and tidy up the EVP interface.
This patch adds initial support for variable length ciphers
and changes S/MIME code to use this.
Some other library functions need modifying to support use
of modified cipher parameters.
Also need to change all the cipher functions that should
return error codes, but currenly don't.
And of course it needs extensive testing...
2000-05-26 23:51:35 +00:00
Bodo Möller
2c05c494c0
Implement SSL_OP_TLS_ROLLBACK_BUG for servers.
...
Call dh_tmp_cb with correct 'is_export' flag.
Avoid tabs in CHANGES.
2000-05-25 09:50:40 +00:00
Dr. Stephen Henson
b4b41f48d1
Add DSA library string. Workaround for IIS .key file invalid
...
ASN1 encoding.
2000-05-24 13:09:59 +00:00
Richard Levitte
6d7cce481e
Add a note about the new document.
2000-05-18 21:25:48 +00:00
Dr. Stephen Henson
439df5087f
Fix c_rehash script, add -fingerprint option to crl.
2000-05-18 00:33:00 +00:00
Ulf Möller
0e1c06128a
Get rid of more non-ANSI declarations.
2000-05-15 22:54:43 +00:00
Dr. Stephen Henson
0cb957a684
Fix for SSL server purpose checking
2000-05-04 23:03:49 +00:00
Dr. Stephen Henson
a331a305e9
Make PKCS#12 code handle missing passwords.
...
Add a couple of FAQs.
2000-05-04 00:08:35 +00:00
Bodo Möller
316e6a66f2
Note apps/x509.c bugfixes.
2000-05-02 20:29:03 +00:00
Bodo Möller
dcba2534fa
Avoid leaking memory in thread_hash (and enable memory leak detection
...
for it).
2000-04-29 23:58:05 +00:00
Ulf Möller
3973628ea6
Submitted by:
...
Reviewed by:
PR:
2000-04-27 15:06:26 +00:00
Geoff Thorpe
deb4d50e51
Previously, the default RSA_METHOD was NULL until the first RSA structure was
...
initialised, at which point an appropriate default was chosen. This meant a
call to RSA_get_default_method might have returned FALSE.
This change fixes that; now any called to RSA_new(), RSA_new_method(NULL), or
RSA_get_default_method() will ensure that a default is chosen if it wasn't
already.
2000-04-20 06:44:18 +00:00
Geoff Thorpe
b9e6391582
This change facilitates name translation for shared libraries. The
...
technique used is far from perfect and alternatives are welcome.
Basically if the translation flag is set, the string is not too
long, and there appears to be no path information in the string,
then it is converted to whatever the standard should be for the
DSO_METHOD in question, eg;
blah --> libblah.so on *nix, and
blah --> blah.dll on win32.
This change also introduces the DSO_ctrl() function that is used
by the name translation stuff.
2000-04-19 21:45:17 +00:00
Bodo Möller
e5c84d5152
New function ERR_error_string_n.
2000-04-14 23:36:15 +00:00
Richard Levitte
a9831305d8
I forgot to update the change log
2000-04-10 15:48:16 +00:00
Bodo Möller
1d90f28029
In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites
2000-04-06 22:33:14 +00:00
Geoff Thorpe
6ef4d9d512
Better make a note of what's going on ... :-)
2000-04-04 22:49:27 +00:00
Richard Levitte
c90341a155
Tagging has now been done, update to the next version (it's not quite
...
as important to keep a low profile here :-))
2000-04-01 11:24:27 +00:00
Richard Levitte
5e61580bbd
Version and name changes, and a last minute changelog
2000-04-01 11:15:15 +00:00
Bodo Möller
cf194c1f68
Entry for ssleay_rand_status locking fix.
2000-03-30 08:12:35 +00:00
Bodo Möller
3bc90f2373
Fix typo in -clrext option, but add a compatibility hack because
...
0.9.5a should not break anything that works in 0.9.5.
2000-03-27 18:10:08 +00:00
Dr. Stephen Henson
b475baffb2
Fix for HMAC.
2000-03-27 00:53:27 +00:00
Dr. Stephen Henson
e77066ea0a
Fix a memory leak in PKCS12_parse.
...
Don't copy private key to X509 etc public key structures.
Fix for warning.
2000-03-22 13:50:23 +00:00
Ulf Möller
7af4816f0e
des_quad_cksum() byte order bug fix.
...
See http://www.pdc.kth.se/kth-krb/
Their solution for CRAY is somewhat awkward.
I'll assume that a "short" is 32 bits on CRAY to avoid the
#ifdef _CRAY
typedef struct {
unsigned int a:32;
unsigned int b:32;
} XXX;
#else
typedef DES_LONG XXX;
#endif
2000-03-19 02:06:37 +00:00
Dr. Stephen Henson
80870566cf
Make V_ASN1_APP_CHOOSE work again.
2000-03-14 03:29:57 +00:00
Bodo Möller
df1ff3f1b3
Correction.
2000-03-13 21:01:05 +00:00
Bodo Möller
7694ddcbc0
Clarifications for 'no-XXX'.
2000-03-13 20:48:23 +00:00
Bodo Möller
46c4647e3c
"openssl no-..." commands for avoiding the need to grep
...
"openssl list-standard-commands".
2000-03-13 20:31:46 +00:00
Bodo Möller
65b002f399
Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
2000-03-13 19:24:39 +00:00
Bodo Möller
e11f0de67f
Copy DH key (if available) in addition to the bare parameters
...
in SSL_new.
If SSL_OP_SINGLE_DH_USE is set, don't waste time in SSL_[CTX_]set_tmp_dh
on computing a DH key that will be ignored anyway.
ssltest -dhe1024dsa (w/ 160-bit sub-prime) had an unfair performance
advantage over -dhe1024 (safe prime): SSL_OP_SINGLE_DH_USE was
effectively always enabled because SSL_new ignored the DH key set in
the SSL_CTX. Now -dhe1024 takes the server only about twice as long
as -dhe1024dsa instead of three times as long (for 1024 bit RSA
with 1024 bit DH).
2000-03-13 17:07:04 +00:00
Bodo Möller
2d5e449a18
Mention -ign_eof.
2000-03-10 13:49:02 +00:00
Bodo Möller
daf4e53e86
spelling
2000-03-07 15:10:08 +00:00
Dr. Stephen Henson
068fdce877
New compatability trust and purpose settings.
2000-03-07 14:04:29 +00:00
Dr. Stephen Henson
48fe0eec67
Fix the PKCS#8 DSA code so it works again. All the
...
broken formats worked but the valid didn't :-(
2000-03-07 01:03:33 +00:00
Ulf Möller
4c4d87f95f
bug fix release planned
2000-03-06 14:24:25 +00:00
Bodo Möller
59fc2b0fc2
Preserve reason strings in automatically build tables.
2000-03-05 00:19:36 +00:00
Bodo Möller
0a150c5c9f
Generate correct error reasons strings for SYSerr.
2000-03-04 01:36:53 +00:00
Bodo Möller
41918458c0
New '-dsaparam' option for 'openssl dhparam', and related fixes.
2000-03-03 22:18:19 +00:00
Dr. Stephen Henson
d9c88a3902
Move the 'file scope' argument in set_label to
...
the third argument: the second was being used
already.
2000-03-03 00:06:40 +00:00
Bodo Möller
84d14408bf
Use RAND_pseudo_bytes, not RAND_bytes, for IVs/salts.
2000-03-02 22:44:55 +00:00
Bodo Möller
5eb8ca4d92
Use RAND_METHOD for implementing RAND_status.
2000-03-02 14:34:58 +00:00
Ulf Möller
7a2dfc2a20
Note bug fix for the DSA infinite loop
2000-03-01 19:07:58 +00:00
Bodo Möller
55f7d65db0
Document the 'rand' application.
2000-03-01 07:57:25 +00:00
Ralf S. Engelschall
010712ff23
Added configuration support for Linux/IA64
...
Submitted by: Rolf Haberrecker <rolf@suse.de>
2000-02-29 15:29:02 +00:00
Ulf Möller
2da0c11926
Support assembler for Mingw32.
2000-02-28 19:16:41 +00:00
Ulf Möller
a4709b3d88
Shared library support for Solaris and HPUX
...
by Lutz Behnke and by Lutz Jaenicke.
Hopefully we'll have a unified way of handling shared libraries when
we move to autoconf...
2000-02-28 19:14:46 +00:00
Bodo Möller
865874f2dd
Switch to 0.9.6, and finally remove the annoying message
...
about renamed header files.
2000-02-28 18:03:16 +00:00
Dr. Stephen Henson
82b931860a
Ouch! PKCS7_encrypt() was heading MIME text headers twice
...
because it added them manually and as part of SMIME_crlf_copy().
Removed the manual add.
2000-02-28 14:11:19 +00:00
Richard Levitte
74cdf6f73a
Time for a release
2000-02-28 11:59:02 +00:00
Dr. Stephen Henson
587bb0e02e
Don't call BN_rand with zero bits in bntest.c
2000-02-27 17:34:30 +00:00
Andy Polyakov
a5770be6ae
Statement that it fails only on 32-bit architectures isn't true.
2000-02-27 02:34:37 +00:00
Ulf Möller
688938fbb4
Bug fix!
2000-02-27 02:05:39 +00:00
Dr. Stephen Henson
94de04192d
Fix so Win32 assembly language works with MASM.
...
Add info about where to get MASM.
2000-02-27 01:15:25 +00:00
Dr. Stephen Henson
0202197dbf
Make ASN1 types real typedefs.
...
Rebuild error files.
2000-02-26 19:25:31 +00:00
Bodo Möller
6d0d5431d4
More get0 et al. changes. Also provide fgrep targets in CHANGES
...
where the new functions are mentioned.
2000-02-26 08:36:46 +00:00
Ulf Möller
234b5e9611
Make clear which naming convention is meant.
2000-02-26 02:24:16 +00:00
Dr. Stephen Henson
c7cb16a8ff
Rename functions for new convention.
2000-02-26 01:55:33 +00:00
Dr. Stephen Henson
fbb41ae0ad
Allow code which calls RSA temp key callback to cope
...
with a failure.
Fix typos in some error codes.
2000-02-25 00:23:48 +00:00
Ulf Möller
505b5a0ee0
BIO_printf() change
2000-02-24 22:57:42 +00:00
Ulf Möller
4ec2d4d2b3
Support EGD.
2000-02-24 02:51:47 +00:00
Ulf Möller
cdf20e0839
add missing names.
2000-02-23 21:57:22 +00:00
Dr. Stephen Henson
3142c86d65
Allow ADH to be used but not present in the default cipher
...
list.
Allow CERTIFICATE to be used in PEM headers for PKCS#7 structures:
some CAs do this.
2000-02-23 01:11:01 +00:00
Dr. Stephen Henson
72b60351f1
Change EVP_MD_CTX_type so it is more logical and add EVP_MD_CTX_md for
...
the old functionality.
Various warning fixes.
Initial EVP symmetric cipher docs.
2000-02-22 02:59:26 +00:00
Bodo Möller
745c70e565
Move MAC computations for Finished from ssl3_read_bytes into
...
ssl3_get_message, which is more logical (and avoids a bug,
in addition to the one that I introduced yesterday :-)
and makes Microsoft "fast SGC" less special.
MS SGC should still work now without an extra state of its own
(it goes directly to SSL3_ST_SR_CLNT_HELLO_C, which is the usual state
for reading the body of a Client Hello message), however this should
be tested to make sure, and I don't have a MS SGC client.
2000-02-21 10:16:30 +00:00
Bodo Möller
b35e9050f2
Tolerate fragmentation and interleaving in the SSL 3/TLS record layer.
2000-02-20 23:04:06 +00:00
Dr. Stephen Henson
d754b3850f
Change the 'other' structure in certificate aux info.
2000-02-20 18:27:23 +00:00
Bodo Möller
853f757ece
Allow for higher granularity of entropy estimates by using 'double'
...
instead of 'unsigned' counters.
Seed PRNG in MacOS/GetHTTPS.src/GetHTTPS.cpp.
Partially submitted by Yoram Meroz <yoram@mail.idrive.com>.
2000-02-19 15:22:53 +00:00
Dr. Stephen Henson
8a208cba97
New functions and option to use NEW in certificate requests.
2000-02-18 00:54:21 +00:00
Dr. Stephen Henson
a3fe382e2d
Pass phrase reorganisation.
2000-02-16 23:16:01 +00:00
Ben Laurie
bd03b99b9b
Add support for Compaq Atalla crypto accelerator.
2000-02-16 22:15:39 +00:00
Dr. Stephen Henson
de469ef21e
Fix for Netscape "hang" bug.
2000-02-15 14:19:44 +00:00
Andy Polyakov
bcba6cc60f
HP-UX tune-up: new unified configs, HP C compiler bug workaround.
2000-02-12 23:33:01 +00:00
Dr. Stephen Henson
d13e4eb0b5
Make pkcs12 and smime applications seed random number
...
generator (otherwise they don't work) and add -rand
option. Update docs.
2000-02-12 03:03:04 +00:00
Bodo Möller
3ebf0be142
Corrections.
2000-02-11 17:18:50 +00:00
Bodo Möller
bb325c7d6a
'passwd' tool.
2000-02-10 21:50:52 +00:00
Dr. Stephen Henson
f07fb9b24b
Add command line password options to the reamining utilities,
...
amend docs.
2000-02-08 01:34:59 +00:00
Ulf Möller
cae55bfc68
Improve bntest slightly, and fix another bug in the BN library.
2000-02-06 15:56:59 +00:00
Andy Polyakov
0fad6cb7e7
Support for MacOS X (Rhapsody) is added. Also get rid of volatile
...
qualifier in asm definitions as it prevents compiler from moving
the instruction(s) during optimization pass.
2000-02-06 11:15:20 +00:00
Ulf Möller
4a6222d71b
BN_div bugfix. The q-- loop should not be entered in the n0==d0 case.
2000-02-06 00:25:39 +00:00
Dr. Stephen Henson
66430207a4
Add support for some broken PKCS#8 formats.
2000-02-05 21:07:56 +00:00
Ulf Möller
9b141126d4
New functions BN_CTX_start(), BN_CTX_get(), BN_CTX_end() to access
...
temporary BIGNUMs. BN_CTX still uses a fixed number of BIGNUMs, but
the BN_CTX implementation could now easily be changed.
2000-02-05 14:17:32 +00:00
Dr. Stephen Henson
af57d84312
Rename SSLeay_add_all_algorithms() et al to
...
OpenSSL_add_all_algorithms(). Move these into
separate files so they work properly.
2000-02-04 14:01:38 +00:00
Dr. Stephen Henson
82fc1d9c28
Add new -notext option to 'ca', -pubkey option to spkac.
...
Remove some "WTF??" casts from applications.
Fixes to keep VC++ happy and avoid warnings.
Docs tidy.
2000-02-03 02:56:48 +00:00
Bodo Möller
e74231ed9e
rndsort{Miller, Rabin} primality test.
2000-02-02 21:20:44 +00:00
Bodo Möller
2c5fe5b12a
Change log entry completed.
2000-02-01 07:50:42 +00:00
Ulf Möller
8efb60144d
EBCDIC support.
...
Submitted by: Martin Kraemer <martin.kraemer@mch.sni.de>
2000-02-01 02:21:16 +00:00
Ulf Möller
98d0b2e375
Note changes.
2000-01-30 23:34:33 +00:00
Bodo Möller
cdd43b5ba5
Documentation for BN_is_prime_fasttest.
2000-01-30 11:05:39 +00:00
Bodo Möller
1baa94907c
Make output of "openssl dsaparam 1024" more interesting :-)
2000-01-30 03:32:28 +00:00
Bodo Möller
7865b871c0
Tiny changes to previous patch (the log message was meant to be
...
"Make DSA_generate_parameters faster").
2000-01-30 02:40:38 +00:00
Bodo Möller
a87030a1ed
Make DSA_generate_parameters, and fix a couple of bug
...
(including another problem in the s3_srvr.c state machine).
2000-01-30 02:23:03 +00:00
Dr. Stephen Henson
e1314b5716
Fix CRL encoding bug.
2000-01-29 00:00:26 +00:00
Bodo Möller
07e6dbde66
more information on 0.9.5
2000-01-28 21:26:30 +00:00
Dr. Stephen Henson
90644dd74d
New -pkcs12 option to CA.pl.
...
Document CA.pl script.
Initialise and free up the extra DH fields
(nothing uses them yet though).
2000-01-28 01:35:31 +00:00
Ulf Möller
38e33cef15
Document DSA and SHA.
...
New function BN_pseudo_rand().
Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when
generating DSA primes (why not use BN_is_prime()?)
2000-01-27 19:31:26 +00:00
Ulf Möller
e93f9a3284
Run ispell.
...
Clean up bn_mont.c.
2000-01-27 01:50:42 +00:00
Bodo Möller
2557eaeac8
Avoid a race condition.
2000-01-24 17:57:56 +00:00
Bodo Möller
a46faa2bfd
Improve clarity.
2000-01-24 16:02:29 +00:00