Richard Levitte
d1ec197e49
Apply the following change from the main trunk:
...
2000-11-01 01:05 levitte
* Configure (1.236), Makefile.org (1.110), CHANGES (1.640): Add
support for shared libraries under Irix. Submitted by Albert
Chin-A-Young <china@thewrittenword.com>
2001-11-14 07:52:33 +00:00
Richard Levitte
e3f47ba87f
Correct the order of the changes.
2001-11-14 07:23:45 +00:00
Richard Levitte
ab665f4a7e
Apply the following change from the main trunk:
...
2000-11-01 00:14 levitte
* Configure (1.234), config (1.68), CHANGES (1.638): Add
configuration option to build on Linux on both big-endian and
little-endian MIPS. Submitted by Ralf Baechle
<ralf@uni-koblenz.de>
2001-11-14 07:18:47 +00:00
Richard Levitte
888b8f32d7
Apply the following change from the main trunk:
...
2000-10-21 23:24 levitte
* CHANGES (1.631), Configure (1.231), Makefile.org (1.104):
Add what's needed to get shared libraries on HP-UX.
2001-11-14 06:59:15 +00:00
Bodo Möller
f089efdfab
synchronise with HEAD branch,
...
remove redundant name OpenUNIX for OpenUNIX-8 configuration
2001-11-12 23:29:23 +00:00
Bodo Möller
a236373435
information on 0.9.6c-engine
2001-11-12 22:13:28 +00:00
Bodo Möller
7d555c8615
order entries as in main branch
2001-11-12 15:25:17 +00:00
Mark J. Cox
b4bf34ce39
Add an entry for gcc on UnixWare
...
Submitted by: Gary Benson
Reviewed by: Mark Cox
PR:
2001-11-12 13:22:14 +00:00
Mark J. Cox
f99ac98efb
Add assembler implementation for IA-64
...
Submitted by: Andy Polyakov
Reviewed by: Mark Cox
PR:
2001-11-12 12:49:25 +00:00
Bodo Möller
3f64d0bf3b
synchronize with HEAD branch
2001-11-12 11:22:45 +00:00
Bodo Möller
fab972b914
order chronologically: move entry for recent s2_clnt.c/s2_srvr.c fixes to the top
2001-11-10 15:09:47 +00:00
Bodo Möller
a10b85d9e6
make code a little more similar to what it looked like before the fixes
2001-11-10 10:43:51 +00:00
Bodo Möller
a807f6460e
important SSL 2.0 bugfixes
2001-11-10 01:15:29 +00:00
Bodo Möller
70bed0ca2d
typo
2001-10-26 14:03:51 +00:00
Bodo Möller
e20788700c
disable caching in BIO_gethostbyname
2001-10-26 13:03:28 +00:00
Bodo Möller
96ec4ce0d2
Assume TLS 1.0 if ClientHello fragment is too short.
2001-10-25 06:06:50 +00:00
Bodo Möller
38b3e9edde
Fix SSL handshake functions and SSL_clear() such that SSL_clear()
...
never resets s->method to s->ctx->method when called from within one
of the SSL handshake functions.
2001-10-24 19:05:26 +00:00
Bodo Möller
9ccadf1c6f
In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
...
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
2001-10-20 17:52:40 +00:00
Bodo Möller
2dbdcd9734
Fix ssl3_get_message to handle message fragmentation correctly.
2001-10-15 17:42:43 +00:00
Bodo Möller
029dfa64d4
bugfix: handle HelloRequest received during handshake correctly
2001-09-21 11:19:26 +00:00
Bodo Möller
f8845509b6
Disable session related stuff in SSL_ST_OK case of ssl3_accept if we
...
just sent a HelloRequest.
2001-09-21 07:01:04 +00:00
Bodo Möller
3f98e1dd11
Bugfix: correct cleanup after sending a HelloRequest
2001-09-21 00:03:00 +00:00
Bodo Möller
e53afa9e9b
fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case
2001-09-20 21:36:39 +00:00
Bodo Möller
e41c5bd730
Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
...
reveal whether illegal block cipher padding was found or a MAC
verification error occured.
In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
2001-09-20 18:34:36 +00:00
Lutz Jänicke
b90f36d240
Support for OpenUNIX-8 (Boyd Lynn Gerber <gerberb@zenez.com>)
2001-09-07 13:22:41 +00:00
Bodo Möller
a7113d645f
improve OAEP check
2001-09-06 10:43:42 +00:00
Ulf Möller
3f345dc653
bn_sqr bug fix as in main
2001-09-05 04:45:45 +00:00
Bodo Möller
f4681b0864
Use uniformly chosen witnesses for Miller-Rabin test
...
(by using new BN_pseudo_rand_range function)
2001-09-03 13:01:28 +00:00
Lutz Jänicke
a04baf9b5c
Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.)
2001-08-25 11:48:35 +00:00
Lutz Jänicke
653cc07b51
Alert description strings for TLSv1 and documentation.
2001-08-19 16:23:57 +00:00
Lutz Jänicke
86cd2530db
Bugfixes provided by "Stephen Hinton" <shinton@netopia.com>.
2001-08-16 15:30:37 +00:00
Richard Levitte
ec578380c9
Apply the Tru64 patch from Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu>
...
His comments are:
1) Changes all references for `True64' to be `Tru64', which is the correct
spelling for the OS name.
2) Makes `alpha-cc' be the same as `alpha164-cc', and adds an `alphaold-cc'
entry that is the same as the previous `alpha-cc'. The reason is that most
people these days are using the newer compiler, so it should be the default.
3) Adds a bit of commentary to Configure, regarding the name changes of
the OS over the years, so it's not so confusing to people that haven't been
with the OS for a while.
4) Adds an `alpha-cc-rpath' target (which is *not* selected automatically
by Configure under any circumstance) that builds an RPATH into the
shared libraries. This is explained in the comment in Configure. It's
very very useful for people that want it, and people that don't want it
just shouldn't choose that target.
5) Adds the `-pthread' flag as the best way to get POSIX thread support
from the newer compiler.
6) Updates the Makefile targets, so that when the `alpha164-cc', `alpha-cc',
or `alpha-cc-rpath' target is what Configure is set to use, it uses a Makefile
target that includes the `-msym' option when building the shared library.
This is a performance enhancement.
7) Updates `config' so that if it detects you're running version 4 or 5
of the OS, it automatically selects `alpha-cc', but uses `alphaold-cc'
for versions 1-3 of the OS.
8) Updates the comment in opensslv.h, fixing both the OS name typo and
adding a reference to IRIX 6.x, since the shared library semantics are
virtually identical there.
2001-08-10 15:25:50 +00:00
Bodo Möller
904de6e4f5
Bugfix: larger message size in ssl3_get_key_exchange() because
...
ServerKeyExchange message may be skipped.
Submitted by: Petr Lampa <lampa@fee.vutbr.cz>
2001-08-07 09:31:03 +00:00
Lutz Jänicke
03a70bad4f
Fix inconsistent behaviour with respect to verify_callback handling.
2001-07-30 11:48:20 +00:00
Lutz Jänicke
7146221bbe
Forgot to mention second fix.
2001-07-30 11:44:14 +00:00
Bodo Möller
1a76a85c93
Undo DH_generate_key() change: s3_srvr.c was using it correctly
2001-07-27 22:34:00 +00:00
Lutz Jänicke
44d4b684f9
Fix problem occuring when used from OpenSSH on Solaris 8.
2001-07-26 09:03:42 +00:00
Bodo Möller
475e21bc7b
Don't preserve existing keys in DH_generate_key.
2001-07-25 17:20:16 +00:00
Bodo Möller
5204726bfe
md_rand.c thread safety
2001-07-25 17:18:02 +00:00
Bodo Möller
27f3a1bd9c
always reject data >= n
2001-07-25 17:03:22 +00:00
Bodo Möller
c6719ffb77
Avoid race condition.
...
Submitted by: Travis Vitek <vitek@roguewave.com>
2001-07-24 12:33:41 +00:00
Richard Levitte
0410b6c50b
Tagging has been done, move on to 0.9.6c-dev.
2001-07-09 15:10:56 +00:00
Richard Levitte
483c4e0682
Add security patch and create release.
...
Tags will be OpenSSL_0_9_6b and OpenSSL-engine-0_9_6b
2001-07-09 14:36:30 +00:00
Bodo Möller
731e14031c
Andy's mips3.s fix (as in main branch).
2001-07-04 20:17:52 +00:00
Lutz Jänicke
93074b2509
When only the key is given to "enc", the IV is undefined
...
(found by Andy Brown <logic@warthog.com>).
2001-07-03 10:32:30 +00:00
Dr. Stephen Henson
e319a89f84
Handle empty X509_NAME in printing routines.
2001-06-26 12:04:12 +00:00
Bodo Möller
9fa5786340
DSA verification should insist that r and s are in the allowed range.
2001-06-26 09:48:56 +00:00
Dr. Stephen Henson
1b822decb8
Don't set *pointer if add_lock_callback used.
2001-06-19 00:09:20 +00:00
Bodo Möller
dab4c2824f
pay attention to blocksize before attempting decryption
2001-06-15 18:06:06 +00:00
Bodo Möller
630c1aedd2
OAEP fix
2001-06-06 21:44:48 +00:00
Bodo Möller
83583e9479
Fix Bleichenbacher PKCS #1 1.5 countermeasure.
...
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway,
otherwise this would be a security relevant patch.)
2001-06-01 09:43:23 +00:00
Dr. Stephen Henson
39bed15e53
Add missing variable length cipher flag for Blowfish.
...
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
2001-05-24 23:00:46 +00:00
Dr. Stephen Henson
4b04466f14
Fix for missing DSA parameters.
2001-05-24 22:33:16 +00:00
Bodo Möller
77c6edc1d1
fix an old entry
2001-05-08 12:46:33 +00:00
Bodo Möller
99bd4baa54
.rnd issues
2001-05-03 09:28:19 +00:00
Bodo Möller
ecacb136c5
typo
2001-04-18 15:12:26 +00:00
Bodo Möller
db17ecdae3
fix md_rand.c locking bugs
2001-04-18 15:08:19 +00:00
Bodo Möller
d349c5f8fd
some updates from 0.9.7-dev
2001-04-12 12:09:07 +00:00
Richard Levitte
fa528639e3
Tagging has been done, move on to development of 0.9.6b.
...
(Hopefully, it will never be needed)
2001-04-05 17:59:14 +00:00
Richard Levitte
4f647957c5
Release OpenSSL 0.9.6a.
...
The tag will be OpenSSL_0_9_6a
2001-04-05 16:43:07 +00:00
Dr. Stephen Henson
592f5c5797
Fix couple of memory leaks in PKCS7_dataDecode().
2001-04-04 22:30:26 +00:00
Bodo Möller
b9a96c0134
don't use shell functions
2001-04-04 16:27:44 +00:00
Richard Levitte
75c3c831db
Incorporate some changes that make OpenSSL compilable in CygWin.
2001-04-04 15:51:36 +00:00
Ulf Möller
323fd27435
Note that alpha.s is no longer used.
2001-03-31 01:19:42 +00:00
Dr. Stephen Henson
ce3fc3956d
Fix asn1_GetSequence() for indefinite length sequences.
2001-03-30 13:42:32 +00:00
Bodo Möller
83c4e75be9
Use enhanced bctest (as in main trunk), and add a workaround that
...
should solve the problems with FreeBSD's /bin/sh.
2001-03-30 09:23:14 +00:00
Richard Levitte
44924fb2b4
Since there has been reports of clashes between OpenSSL's
...
des_encrypt() and des_encrypt() defined on some systems (Solaris and
Unixware and maybe others), we rename des_encrypt() to des_encrypt1().
This should have very little impact on external software unless
someone has written a mode of DES, since that's all des_encrypt() is
meant for.
2001-03-29 07:45:01 +00:00
Ulf Möller
1777e3fd5e
check the CRT result.
2001-03-28 04:49:39 +00:00
Ulf Möller
509ca689b0
Note the MIPS assembler bug fix.
2001-03-28 02:39:22 +00:00
Richard Levitte
ae17135ab5
Bring in the rest of the corrections for shared libraries from the
...
main trunk.
2001-03-24 12:26:03 +00:00
Bodo Möller
ea09a504ef
Add another "[This change does not apply to 0.9.7.]" line so
...
that we can combine the CHANGES files later on.
2001-03-22 14:56:55 +00:00
Dr. Stephen Henson
8d82218269
Fix bug in PKCS#7 decode routines when indefinite length
...
encoding is used inside definite length encoding.
2001-03-22 13:49:15 +00:00
Bodo Möller
a8e738f9ad
Harmonize CHANGES and STATUS files between the 0.9.6a branch and
...
the trunk to keep diffs small.
2001-03-22 10:59:18 +00:00
Dr. Stephen Henson
0bf5d40787
Fix PKCS#12 key generation bug.
2001-03-18 02:10:25 +00:00
Richard Levitte
9f56705f96
The change on handling shared libraries was never applied in
...
0.9.6a-dev...
2001-03-15 21:44:17 +00:00
Bodo Möller
ba61b14f1d
More err_data memory leaks
2001-03-15 11:33:00 +00:00
Ulf Möller
42b848bcf1
that was useless - still fails with GCC
2001-03-13 07:12:02 +00:00
Ulf Möller
a1c769a5f6
Alpha workaround. This is a lot slower!
2001-03-13 06:31:36 +00:00
Bodo Möller
2c89d56a1d
fix memory leak in err.c
2001-03-12 18:39:47 +00:00
Bodo Möller
ba41d8a556
ssl23_peek
2001-03-08 21:56:34 +00:00
Ulf Möller
5fb0aa6487
Note the rand_win.c change
2001-03-08 16:58:07 +00:00
Richard Levitte
3e0d891828
SSLv2 session reuse bugfix from main development branch.
2001-03-05 14:52:30 +00:00
Dr. Stephen Henson
95d334f2db
Fix bug in copy_email() which would not
...
find emailAddress at start of subject name.
2001-03-01 13:33:53 +00:00
Ulf Möller
98486a9310
improved bignum test as in 0.9.7.
...
We need this to find out if the bignum failures on Irix and Alpha are
caused by new 0.9.7 code or just aren't triggered in the 0.9.6 test suite.
2001-02-27 23:00:42 +00:00
Geoff Thorpe
4910cbf6db
Backfit a bugfix from 0.9.7-dev to 0.9.6-stable. init() and finish()
...
handlers were previously getting called before (and after, respectively)
the "ex_data" structures - this meant init() had very little that it
could initialise, and finish() had very little it could cleanup.
2001-02-24 17:32:34 +00:00
Dr. Stephen Henson
75090e0365
Stop PKCS7_verify() core dumping with unknown public
...
key algorithms and leaking if the signature verify
fails.
2001-02-24 01:46:46 +00:00
Bodo Möller
6d82a20624
Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
...
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
2001-02-20 08:22:25 +00:00
Ulf Möller
15ed15d3e4
OPENSSL_issetugid() as in the main branch.
2001-02-19 23:57:18 +00:00
Bodo Möller
b6fefec364
Memory leak checking bugfixes for multi-threading.
2001-02-19 10:30:13 +00:00
Lutz Jänicke
6a0fb6083c
Move entry to match chronologic ordering.
2001-02-15 14:19:43 +00:00
Lutz Jänicke
0dbfc1da4a
Add '-rand' option to s_server and s_client.
2001-02-15 10:35:29 +00:00
Ulf Möller
f945040633
IRIX bugfix
2001-02-14 00:23:27 +00:00
Dr. Stephen Henson
e15abbc69f
Make X509_NAME produce correct encoding when empty.
2001-02-12 03:16:13 +00:00
Dr. Stephen Henson
c6b523d3dd
Workaround for libsafe "error".
2001-02-12 03:04:59 +00:00
Ulf Möller
38b3a46ffa
DSA fix from main branch.
2001-02-07 22:35:11 +00:00
Ulf Möller
60b3b2c9d0
EBCDIC bug fix from main branch.
2001-02-07 22:13:10 +00:00
Bodo Möller
c7410f2693
Avoid coredumps for CONF_get_...(NULL, ...)
2001-02-06 10:14:57 +00:00
Richard Levitte
28b1bceb2f
0.9.6a will not be release in Y2K. :-)
2001-02-05 13:32:33 +00:00
Dr. Stephen Henson
2e1d669cba
Tolerate some "variations" used in some
...
certificates.
One is a valid CA which has no basicConstraints
but does have certSign keyUsage.
Other is S/MIME signer with nonRepudiation but
no digitalSignature.
2001-02-01 02:03:58 +00:00
Richard Levitte
3b1f393ae7
Transport from development branch.
2001-01-30 13:54:44 +00:00