Commit graph

794 commits

Author SHA1 Message Date
Richard Levitte
d1ec197e49 Apply the following change from the main trunk:
2000-11-01 01:05  levitte

	* Configure (1.236), Makefile.org (1.110), CHANGES (1.640): Add
	support for shared libraries under Irix.  Submitted by Albert
	Chin-A-Young <china@thewrittenword.com>
2001-11-14 07:52:33 +00:00
Richard Levitte
e3f47ba87f Correct the order of the changes. 2001-11-14 07:23:45 +00:00
Richard Levitte
ab665f4a7e Apply the following change from the main trunk:
2000-11-01 00:14  levitte

	* Configure (1.234), config (1.68), CHANGES (1.638): Add
	configuration option to build on Linux on both big-endian and
	little-endian MIPS.  Submitted by Ralf Baechle
	<ralf@uni-koblenz.de>
2001-11-14 07:18:47 +00:00
Richard Levitte
888b8f32d7 Apply the following change from the main trunk:
2000-10-21 23:24  levitte

	* CHANGES (1.631), Configure (1.231), Makefile.org (1.104):
	Add what's needed to get shared libraries on HP-UX.
2001-11-14 06:59:15 +00:00
Bodo Möller
f089efdfab synchronise with HEAD branch,
remove redundant name OpenUNIX for OpenUNIX-8 configuration
2001-11-12 23:29:23 +00:00
Bodo Möller
a236373435 information on 0.9.6c-engine 2001-11-12 22:13:28 +00:00
Bodo Möller
7d555c8615 order entries as in main branch 2001-11-12 15:25:17 +00:00
Mark J. Cox
b4bf34ce39 Add an entry for gcc on UnixWare
Submitted by: Gary Benson
Reviewed by: Mark Cox
PR:
2001-11-12 13:22:14 +00:00
Mark J. Cox
f99ac98efb Add assembler implementation for IA-64
Submitted by: Andy Polyakov
Reviewed by: Mark Cox
PR:
2001-11-12 12:49:25 +00:00
Bodo Möller
3f64d0bf3b synchronize with HEAD branch 2001-11-12 11:22:45 +00:00
Bodo Möller
fab972b914 order chronologically: move entry for recent s2_clnt.c/s2_srvr.c fixes to the top 2001-11-10 15:09:47 +00:00
Bodo Möller
a10b85d9e6 make code a little more similar to what it looked like before the fixes 2001-11-10 10:43:51 +00:00
Bodo Möller
a807f6460e important SSL 2.0 bugfixes 2001-11-10 01:15:29 +00:00
Bodo Möller
70bed0ca2d typo 2001-10-26 14:03:51 +00:00
Bodo Möller
e20788700c disable caching in BIO_gethostbyname 2001-10-26 13:03:28 +00:00
Bodo Möller
96ec4ce0d2 Assume TLS 1.0 if ClientHello fragment is too short. 2001-10-25 06:06:50 +00:00
Bodo Möller
38b3e9edde Fix SSL handshake functions and SSL_clear() such that SSL_clear()
never resets s->method to s->ctx->method when called from within one
of the SSL handshake functions.
2001-10-24 19:05:26 +00:00
Bodo Möller
9ccadf1c6f In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
2001-10-20 17:52:40 +00:00
Bodo Möller
2dbdcd9734 Fix ssl3_get_message to handle message fragmentation correctly. 2001-10-15 17:42:43 +00:00
Bodo Möller
029dfa64d4 bugfix: handle HelloRequest received during handshake correctly 2001-09-21 11:19:26 +00:00
Bodo Möller
f8845509b6 Disable session related stuff in SSL_ST_OK case of ssl3_accept if we
just sent a HelloRequest.
2001-09-21 07:01:04 +00:00
Bodo Möller
3f98e1dd11 Bugfix: correct cleanup after sending a HelloRequest 2001-09-21 00:03:00 +00:00
Bodo Möller
e53afa9e9b fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case 2001-09-20 21:36:39 +00:00
Bodo Möller
e41c5bd730 Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
2001-09-20 18:34:36 +00:00
Lutz Jänicke
b90f36d240 Support for OpenUNIX-8 (Boyd Lynn Gerber <gerberb@zenez.com>) 2001-09-07 13:22:41 +00:00
Bodo Möller
a7113d645f improve OAEP check 2001-09-06 10:43:42 +00:00
Ulf Möller
3f345dc653 bn_sqr bug fix as in main 2001-09-05 04:45:45 +00:00
Bodo Möller
f4681b0864 Use uniformly chosen witnesses for Miller-Rabin test
(by using new BN_pseudo_rand_range function)
2001-09-03 13:01:28 +00:00
Lutz Jänicke
a04baf9b5c Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.) 2001-08-25 11:48:35 +00:00
Lutz Jänicke
653cc07b51 Alert description strings for TLSv1 and documentation. 2001-08-19 16:23:57 +00:00
Lutz Jänicke
86cd2530db Bugfixes provided by "Stephen Hinton" <shinton@netopia.com>. 2001-08-16 15:30:37 +00:00
Richard Levitte
ec578380c9 Apply the Tru64 patch from Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu>
His comments are:

1) Changes all references for `True64' to be `Tru64', which is the correct
spelling for the OS name.

2) Makes `alpha-cc' be the same as `alpha164-cc', and adds an `alphaold-cc'
entry that is the same as the previous `alpha-cc'.  The reason is that most
people these days are using the newer compiler, so it should be the default.

3) Adds a bit of commentary to Configure, regarding the name changes of
the OS over the years, so it's not so confusing to people that haven't been
with the OS for a while.

4) Adds an `alpha-cc-rpath' target (which is *not* selected automatically
by Configure under any circumstance) that builds an RPATH into the
shared libraries.  This is explained in the comment in Configure.  It's
very very useful for people that want it, and people that don't want it
just shouldn't choose that target.

5) Adds the `-pthread' flag as the best way to get POSIX thread support
from the newer compiler.

6) Updates the Makefile targets, so that when the `alpha164-cc', `alpha-cc',
or `alpha-cc-rpath' target is what Configure is set to use, it uses a Makefile
target that includes the `-msym' option when building the shared library.
This is a performance enhancement.

7) Updates `config' so that if it detects you're running version 4 or 5
of the OS, it automatically selects `alpha-cc', but uses `alphaold-cc'
for versions 1-3 of the OS.

8) Updates the comment in opensslv.h, fixing both the OS name typo and
adding a reference to IRIX 6.x, since the shared library semantics are
virtually identical there.
2001-08-10 15:25:50 +00:00
Bodo Möller
904de6e4f5 Bugfix: larger message size in ssl3_get_key_exchange() because
ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>
2001-08-07 09:31:03 +00:00
Lutz Jänicke
03a70bad4f Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:48:20 +00:00
Lutz Jänicke
7146221bbe Forgot to mention second fix. 2001-07-30 11:44:14 +00:00
Bodo Möller
1a76a85c93 Undo DH_generate_key() change: s3_srvr.c was using it correctly 2001-07-27 22:34:00 +00:00
Lutz Jänicke
44d4b684f9 Fix problem occuring when used from OpenSSH on Solaris 8. 2001-07-26 09:03:42 +00:00
Bodo Möller
475e21bc7b Don't preserve existing keys in DH_generate_key. 2001-07-25 17:20:16 +00:00
Bodo Möller
5204726bfe md_rand.c thread safety 2001-07-25 17:18:02 +00:00
Bodo Möller
27f3a1bd9c always reject data >= n 2001-07-25 17:03:22 +00:00
Bodo Möller
c6719ffb77 Avoid race condition.
Submitted by: Travis Vitek <vitek@roguewave.com>
2001-07-24 12:33:41 +00:00
Richard Levitte
0410b6c50b Tagging has been done, move on to 0.9.6c-dev. 2001-07-09 15:10:56 +00:00
Richard Levitte
483c4e0682 Add security patch and create release.
Tags will be OpenSSL_0_9_6b and OpenSSL-engine-0_9_6b
2001-07-09 14:36:30 +00:00
Bodo Möller
731e14031c Andy's mips3.s fix (as in main branch). 2001-07-04 20:17:52 +00:00
Lutz Jänicke
93074b2509 When only the key is given to "enc", the IV is undefined
(found by Andy Brown <logic@warthog.com>).
2001-07-03 10:32:30 +00:00
Dr. Stephen Henson
e319a89f84 Handle empty X509_NAME in printing routines. 2001-06-26 12:04:12 +00:00
Bodo Möller
9fa5786340 DSA verification should insist that r and s are in the allowed range. 2001-06-26 09:48:56 +00:00
Dr. Stephen Henson
1b822decb8 Don't set *pointer if add_lock_callback used. 2001-06-19 00:09:20 +00:00
Bodo Möller
dab4c2824f pay attention to blocksize before attempting decryption 2001-06-15 18:06:06 +00:00
Bodo Möller
630c1aedd2 OAEP fix 2001-06-06 21:44:48 +00:00
Bodo Möller
83583e9479 Fix Bleichenbacher PKCS #1 1.5 countermeasure.
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway,
otherwise this would be a security relevant patch.)
2001-06-01 09:43:23 +00:00
Dr. Stephen Henson
39bed15e53 Add missing variable length cipher flag for Blowfish.
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
2001-05-24 23:00:46 +00:00
Dr. Stephen Henson
4b04466f14 Fix for missing DSA parameters. 2001-05-24 22:33:16 +00:00
Bodo Möller
77c6edc1d1 fix an old entry 2001-05-08 12:46:33 +00:00
Bodo Möller
99bd4baa54 .rnd issues 2001-05-03 09:28:19 +00:00
Bodo Möller
ecacb136c5 typo 2001-04-18 15:12:26 +00:00
Bodo Möller
db17ecdae3 fix md_rand.c locking bugs 2001-04-18 15:08:19 +00:00
Bodo Möller
d349c5f8fd some updates from 0.9.7-dev 2001-04-12 12:09:07 +00:00
Richard Levitte
fa528639e3 Tagging has been done, move on to development of 0.9.6b.
(Hopefully, it will never be needed)
2001-04-05 17:59:14 +00:00
Richard Levitte
4f647957c5 Release OpenSSL 0.9.6a.
The tag will be OpenSSL_0_9_6a
2001-04-05 16:43:07 +00:00
Dr. Stephen Henson
592f5c5797 Fix couple of memory leaks in PKCS7_dataDecode(). 2001-04-04 22:30:26 +00:00
Bodo Möller
b9a96c0134 don't use shell functions 2001-04-04 16:27:44 +00:00
Richard Levitte
75c3c831db Incorporate some changes that make OpenSSL compilable in CygWin. 2001-04-04 15:51:36 +00:00
Ulf Möller
323fd27435 Note that alpha.s is no longer used. 2001-03-31 01:19:42 +00:00
Dr. Stephen Henson
ce3fc3956d Fix asn1_GetSequence() for indefinite length sequences. 2001-03-30 13:42:32 +00:00
Bodo Möller
83c4e75be9 Use enhanced bctest (as in main trunk), and add a workaround that
should solve the problems with FreeBSD's /bin/sh.
2001-03-30 09:23:14 +00:00
Richard Levitte
44924fb2b4 Since there has been reports of clashes between OpenSSL's
des_encrypt() and des_encrypt() defined on some systems (Solaris and
Unixware and maybe others), we rename des_encrypt() to des_encrypt1().
This should have very little impact on external software unless
someone has written a mode of DES, since that's all des_encrypt() is
meant for.
2001-03-29 07:45:01 +00:00
Ulf Möller
1777e3fd5e check the CRT result. 2001-03-28 04:49:39 +00:00
Ulf Möller
509ca689b0 Note the MIPS assembler bug fix. 2001-03-28 02:39:22 +00:00
Richard Levitte
ae17135ab5 Bring in the rest of the corrections for shared libraries from the
main trunk.
2001-03-24 12:26:03 +00:00
Bodo Möller
ea09a504ef Add another "[This change does not apply to 0.9.7.]" line so
that we can combine the CHANGES files later on.
2001-03-22 14:56:55 +00:00
Dr. Stephen Henson
8d82218269 Fix bug in PKCS#7 decode routines when indefinite length
encoding is used inside definite length encoding.
2001-03-22 13:49:15 +00:00
Bodo Möller
a8e738f9ad Harmonize CHANGES and STATUS files between the 0.9.6a branch and
the trunk to keep diffs small.
2001-03-22 10:59:18 +00:00
Dr. Stephen Henson
0bf5d40787 Fix PKCS#12 key generation bug. 2001-03-18 02:10:25 +00:00
Richard Levitte
9f56705f96 The change on handling shared libraries was never applied in
0.9.6a-dev...
2001-03-15 21:44:17 +00:00
Bodo Möller
ba61b14f1d More err_data memory leaks 2001-03-15 11:33:00 +00:00
Ulf Möller
42b848bcf1 that was useless - still fails with GCC 2001-03-13 07:12:02 +00:00
Ulf Möller
a1c769a5f6 Alpha workaround. This is a lot slower! 2001-03-13 06:31:36 +00:00
Bodo Möller
2c89d56a1d fix memory leak in err.c 2001-03-12 18:39:47 +00:00
Bodo Möller
ba41d8a556 ssl23_peek 2001-03-08 21:56:34 +00:00
Ulf Möller
5fb0aa6487 Note the rand_win.c change 2001-03-08 16:58:07 +00:00
Richard Levitte
3e0d891828 SSLv2 session reuse bugfix from main development branch. 2001-03-05 14:52:30 +00:00
Dr. Stephen Henson
95d334f2db Fix bug in copy_email() which would not
find emailAddress at start of subject name.
2001-03-01 13:33:53 +00:00
Ulf Möller
98486a9310 improved bignum test as in 0.9.7.
We need this to find out if the bignum failures on Irix and Alpha are
caused by new 0.9.7 code or just aren't triggered in the 0.9.6 test suite.
2001-02-27 23:00:42 +00:00
Geoff Thorpe
4910cbf6db Backfit a bugfix from 0.9.7-dev to 0.9.6-stable. init() and finish()
handlers were previously getting called before (and after, respectively)
the "ex_data" structures - this meant init() had very little that it
could initialise, and finish() had very little it could cleanup.
2001-02-24 17:32:34 +00:00
Dr. Stephen Henson
75090e0365 Stop PKCS7_verify() core dumping with unknown public
key algorithms and leaking if the signature verify
fails.
2001-02-24 01:46:46 +00:00
Bodo Möller
6d82a20624 Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
2001-02-20 08:22:25 +00:00
Ulf Möller
15ed15d3e4 OPENSSL_issetugid() as in the main branch. 2001-02-19 23:57:18 +00:00
Bodo Möller
b6fefec364 Memory leak checking bugfixes for multi-threading. 2001-02-19 10:30:13 +00:00
Lutz Jänicke
6a0fb6083c Move entry to match chronologic ordering. 2001-02-15 14:19:43 +00:00
Lutz Jänicke
0dbfc1da4a Add '-rand' option to s_server and s_client. 2001-02-15 10:35:29 +00:00
Ulf Möller
f945040633 IRIX bugfix 2001-02-14 00:23:27 +00:00
Dr. Stephen Henson
e15abbc69f Make X509_NAME produce correct encoding when empty. 2001-02-12 03:16:13 +00:00
Dr. Stephen Henson
c6b523d3dd Workaround for libsafe "error". 2001-02-12 03:04:59 +00:00
Ulf Möller
38b3a46ffa DSA fix from main branch. 2001-02-07 22:35:11 +00:00
Ulf Möller
60b3b2c9d0 EBCDIC bug fix from main branch. 2001-02-07 22:13:10 +00:00
Bodo Möller
c7410f2693 Avoid coredumps for CONF_get_...(NULL, ...) 2001-02-06 10:14:57 +00:00
Richard Levitte
28b1bceb2f 0.9.6a will not be release in Y2K. :-) 2001-02-05 13:32:33 +00:00
Dr. Stephen Henson
2e1d669cba Tolerate some "variations" used in some
certificates.

One is a valid CA which has no basicConstraints
but does have certSign keyUsage.

Other is S/MIME signer with nonRepudiation but
no digitalSignature.
2001-02-01 02:03:58 +00:00
Richard Levitte
3b1f393ae7 Transport from development branch. 2001-01-30 13:54:44 +00:00