Bodo Möller
16dc1cfb5c
Add more WAP/WTLS elliptic curve OIDs.
...
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
2002-08-02 12:28:34 +00:00
Bodo Möller
5574e0ed41
get rid of OpenSSLDie
2002-08-02 11:48:15 +00:00
Lutz Jänicke
c046fffa16
OpenSSL Security Advisory [30 July 2002]
...
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
2002-07-30 13:04:04 +00:00
Richard Levitte
f013c7f2a6
Document the recent DJGPP-related changes
2002-07-23 13:45:38 +00:00
Bodo Möller
648765ba2f
add an explanation and fix a typo
2002-07-22 08:39:44 +00:00
Lutz Jänicke
c6ccf055ba
New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT.
...
Submitted by:
Reviewed by:
PR: 127
2002-07-19 19:55:34 +00:00
Richard Levitte
041843e47e
For those wanting to build for several platforms with the same source
...
directory, making a separate directory tree with lots of symbolic links
seems to be the solution. Unfortunately, Configure doesn't take appropriate
steps to support this solution (as in removing a file that's going to be
rewritten). This change corrects that situation. Now I just have to
find all other places where there's lack of support for this.
2002-07-16 09:19:37 +00:00
Bodo Möller
5dbd3efce7
Replace 'ecdsaparam' commandline utility by 'ecparam'
...
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.
Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.
Fix ec_asn1.c (take into account the desired conversion form).
'make update'.
Submitted by: Nils Larsch
2002-07-14 16:54:31 +00:00
Lutz Jänicke
063a8905bf
Ciphers with NULL encryption were not properly handled because they were
...
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
2002-07-10 06:41:55 +00:00
Bodo Möller
ea4f109c99
AES cipher suites are now official (RFC3268)
2002-07-04 08:51:09 +00:00
Bodo Möller
76f8a1f51d
update an entry on EVP changes
2002-06-26 14:21:16 +00:00
Geoff Thorpe
a6c6874a1a
Make sure any ENGINE control commands make local copies of string
...
pointers passed to them whenever necessary. Otherwise it is possible the
caller may have overwritten (or deallocated) the original string data
when a later ENGINE operation tries to use the stored values.
Submitted by: Götz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by: Geoff Thorpe
PR: 98
2002-06-21 02:38:08 +00:00
Bodo Möller
5f3d6f70f6
Implement handling of EC parameter seeds (new functions
...
EC_GROUP_set_seed(), EC_GROUP_get0_seed(), EC_GROUP_get_seed_len()).
New functions ECPKParameters_print(), ECPKParameters_print_fp().
Submitted by: Nils Larsch
2002-06-18 08:38:59 +00:00
Bodo Möller
c21506ba02
New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
...
vulnerability workaround (included in SSL_OP_ALL).
PR: #90
2002-06-14 12:21:11 +00:00
Lutz Jänicke
e1f7ea25d2
Make change uniqueIdentifier -> x500UniqueIdentifier clearly visible.
...
Submitted by:
Reviewed by:
PR: 82
2002-06-12 20:46:38 +00:00
Bodo Möller
b8e0e12399
typo
2002-06-12 14:19:01 +00:00
Bodo Möller
254ef80db1
simplify asn1_flag
...
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2002-06-12 14:01:17 +00:00
Ben Laurie
d15711efc6
Handle read errors.
2002-06-11 12:41:37 +00:00
Bodo Möller
458c29175e
move ECC ASN1 that is not specific to ECDSA into crypto/ec/,
...
and make some appropriate changes to the EC library.
Submitted by: Nils Larsch
2002-06-10 12:18:21 +00:00
Richard Levitte
fbb56e5b1d
Document the AES changes.
2002-05-31 13:16:10 +00:00
Bodo Möller
6cbe638294
New functions EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex(), EC_POINT_hex2point()
...
Submitted by: Nils Larsch
2002-05-30 13:16:03 +00:00
Bodo Möller
46ffee4792
fix EVP_dsa_sha macro
...
Submitted by: Nils Larsch
2002-05-16 12:51:18 +00:00
Dr. Stephen Henson
544a2aea4b
Zero cipher_data in EVP_CIPHER_CTX_cleanup
...
Add cleanup calls to evp_test.c
Allow reuse of cipher contexts by removing
automatic cleanup in EVP_*Final().
2002-05-15 18:49:25 +00:00
Dr. Stephen Henson
dc014d43af
Fallback to normal multiply if n2 == 8 and dna or dnb is not zero
...
in bn_mul_recursive.
This is (hopefully) what was triggering bignum errors on 64 bit
platforms and causing the BN_mod_mul test to fail.
2002-05-10 22:18:13 +00:00
Bodo Möller
b6db386ffd
Change internals of the EC library so that the functions
...
EC_GROUP_{set_generator,get_generator,get_order,get_cofactor} are
implemented directly in crypto/ec/ec_lib.c and not dispatched to
methods.
Also fix EC_GROUP_copy to copy the NID.
2002-05-08 11:54:24 +00:00
Bodo Möller
f257d984b7
refer to latest draft for AES ciphersuites
2002-05-07 07:55:36 +00:00
Bodo Möller
47234cd3d2
update
2002-05-05 23:47:46 +00:00
Lutz Jänicke
c0455cbb18
Fix escaping when using the -subj option of "openssl req", document
...
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
2002-04-30 12:08:18 +00:00
Bodo Möller
8df61b5011
Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
...
encoded as NULL) with id-dsa-with-sha1.
Submitted by: Nils Larsch
2002-04-26 08:28:34 +00:00
Bodo Möller
1064acafc4
check return values
...
Submitted by: Nils Larsch
2002-04-17 09:31:34 +00:00
Lutz Jänicke
e9cbcb1d98
Document OID changes.
2002-04-15 14:18:30 +00:00
Lutz Jänicke
30911232c1
Some more OID enhancements.
2002-04-15 10:41:38 +00:00
Lutz Jänicke
2940a1298e
Fix CRLF problem in BASE64 decode.
2002-04-15 09:55:40 +00:00
Bodo Möller
82b0bf0b87
Implement known-IV countermeasure.
...
Fix length checks in ssl3_get_client_hello().
Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-04-13 22:47:20 +00:00
Bodo Möller
08b977b5a5
looks like a typo
2002-04-12 13:52:40 +00:00
Bodo Möller
85fb12d554
clean up and synchronize with 0.9.6-stable
2002-04-12 13:45:29 +00:00
Lutz Jänicke
381a146dc6
Synchronize with 0.9.7-stable branch
2002-04-10 19:52:40 +00:00
Bodo Möller
4f4b192402
add usage examples
2002-04-09 11:54:24 +00:00
Lutz Jänicke
4825092bbe
Fix buggy object definitions (Svenning Sorensen <sss@sss.dnsalias.net>).
2002-04-04 17:48:37 +00:00
Lutz Jänicke
ffbe98b763
Make short names of objects RFC2256-compliant.
2002-03-26 17:18:48 +00:00
Richard Levitte
0d81c69b8e
Add the possibility to enable olde des support, not just disable it, for future support. Redocument
2002-03-26 14:28:04 +00:00
Bodo Möller
82652aaf17
fix DH_generate_parameters for general 'generator'
2002-03-20 16:04:04 +00:00
Lutz Jänicke
11c26ecf81
Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>).
2002-03-19 16:42:09 +00:00
Bodo Möller
af28dd6c75
Fix bugs and typos.
...
Add some WTLS curves.
New function EC_GROUP_check() (this will probably
be implemented differently soon).
Submitted by: Nils Larsch
Reviewed by: Bodo Moeller
2002-03-18 13:10:45 +00:00
Bodo Möller
304d90425f
fix ssl3_pending
2002-03-15 10:52:32 +00:00
Lutz Jänicke
bfaa8a89e1
Add missing strength entries.
2002-03-14 18:53:15 +00:00
Bodo Möller
9bc448546e
Add more curves.
...
Submitted by: Nils Larsch
Remove unnecessary 'const'.
2002-03-07 12:14:03 +00:00
Dr. Stephen Henson
0dc092334b
ENGINE module additions.
...
Add "init" command to control ENGINE
initialization.
Call ENGINE_finish on initialized ENGINEs on exit.
Reorder shutdown in apps.c: modules should be shut
down first.
Add test private key loader to openssl ENGINE: this
just loads a private key in PEM format.
Fix print format for dh length parameter.
2002-03-06 14:15:13 +00:00
Bodo Möller
36c194638e
add SECG OIDs
...
Submitted by: Nils Larsch
2002-03-06 13:47:32 +00:00
Bodo Möller
45fb737950
reference counting for EC_GROUP structures is not needed (at the
...
moment at least), so remove it
2002-03-06 09:46:17 +00:00
Bodo Möller
2d9b1b3ffa
more X9.62 OIDs
...
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-03-05 12:39:19 +00:00
Richard Levitte
0d22b5dace
Document the added modes for AES
2002-02-28 11:29:55 +00:00
Bodo Möller
023ec151df
Add 'void *' argument to app_verify_callback.
...
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:52:56 +00:00
Geoff Thorpe
92d1bc09cb
This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice
...
Gittens.
2002-02-27 22:55:28 +00:00
Lutz Jänicke
334f1842fc
Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi).
2002-02-26 21:40:09 +00:00
Dr. Stephen Henson
e84be9b495
New OPENSSL_LOAD_CONF define to load openssl.cnf
...
when OpenSSL_add_all_algorithms() is called.
2002-02-23 01:00:44 +00:00
Dr. Stephen Henson
3647bee263
Config code updates.
...
CONF_modules_unload() now calls CONF_modules_finish()
automatically.
Default use of section openssl_conf moved to
CONF_modules_load()
Load config file in several openssl utilities.
Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.
In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
2002-02-22 14:01:21 +00:00
Dr. Stephen Henson
92f91ff48b
Config file updates from stable branch
2002-02-21 00:54:54 +00:00
Bodo Möller
f8e21776f9
typo
2002-02-20 12:38:00 +00:00
Richard Levitte
49e045482a
At Corinna Vinschen's request, change CygWin32 to Cygwin
2002-02-14 12:28:24 +00:00
Bodo Möller
4d94ae00d5
ECDSA support
...
Submitted by: Nils Larsch <nla@trustcenter.de>
2002-02-13 18:21:51 +00:00
Richard Levitte
0caec9e8f8
Modify the main trunk version to 0.9.8-dev.
...
0.9.7 now lives in the branch OpenSSL_0_9_7-stable.
2002-02-13 17:46:38 +00:00
Richard Levitte
1fe198b6f9
Update the configuration of CygWin32 to use the new capabilities of
...
CygWin 1.3.x, which includes thread and shared library support.
Submitted by Corinna Vinschen <vinschen@redhat.com> and modified a
little bit.
2002-02-13 14:44:33 +00:00
Lutz Jänicke
acfe628b6e
Make removal from session cache more robust.
2002-02-10 12:46:41 +00:00
Lutz Jänicke
4de920c91d
Do not store unneeded data.
2002-02-08 15:15:04 +00:00
Richard Levitte
3cd039dd8f
Add notes on the added support for aep and sureware crypto cards in
...
0.9.7.
2002-02-07 22:15:53 +00:00
Richard Levitte
b9a3ef4c6e
ASN1_BIT_STRING_set_bit() didn't clear previously set bits
2002-02-03 21:31:41 +00:00
Richard Levitte
1199e2d8cf
Apply patch from Toomas Kiisk <vix@cyber.ee> and complete it.
2002-01-29 12:36:01 +00:00
Richard Levitte
a3fffd648b
Add old patch from Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> to
...
make it possible to produce shared libraries on ReliantUNIX.
2002-01-26 03:17:27 +00:00
Richard Levitte
2d57b73a50
I got a request to make the "old des" symbols more closely tied to
...
OpenSSL. Adding '_ossl' in the name seems to be a good way to do
this.
2002-01-26 01:14:09 +00:00
Richard Levitte
f14845d999
Apply Neale Ferguson's patch to add a configuration target for linux-s390x
2002-01-25 22:06:59 +00:00
Richard Levitte
80bb905d3d
Apply the following changes by Toomas Kiisk <vix@cyber.ee>:
...
* make openssl rsa work with -engine chil
* misc changes, including debug-linux-ppro Configure target
and FORMAT_NETSCAPE-aware load_{,pub}key()
This completes the application of his changes.
2002-01-25 19:43:52 +00:00
Richard Levitte
8242a6a9fc
Document the change in rsautl.
2002-01-25 17:00:56 +00:00
Bodo Möller
a14e2d9dfe
New functions
...
ERR_peek_last_error
ERR_peek_last_error_line
ERR_peek_last_error_line_data
(supersedes ERR_peek_top_error).
Rename OPENSSL_NO_OLD_DES_SUPPORT into OPENSSL_DISABLE_OLD_DES_SUPPORT
because OPENSSL_NO_... indicates disabled algorithms (according to
mkdef.pl).
2002-01-24 16:16:43 +00:00
Bodo Möller
a8b94d6409
Reword CHANGES entry for _old_des_..., as it was a little complicated
...
syntactically.
2002-01-24 14:05:55 +00:00
Richard Levitte
1285221370
To avoid all kinds of link-level clashes, rename all old des_*
...
functions to _old_des_*.
2002-01-24 12:26:50 +00:00
Lutz Jänicke
9b2f486c9e
Document the current behaviour of the DES interface.
2002-01-23 10:12:45 +00:00
Dr. Stephen Henson
df5eaa8a52
default_algorithms option in ENGINE config.
2002-01-22 01:40:18 +00:00
Dr. Stephen Henson
c9501c223f
Initial ENGINE config module, docs to follow.
...
Fix buffer overrun errors in OPENSSL_conf().
2002-01-21 03:02:36 +00:00
Bodo Möller
8c74b5e56c
Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'
...
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
2002-01-14 23:40:26 +00:00
Bodo Möller
c59ba5b528
Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if
...
the SSL_R_LENGTH_MISMATCH error is detected.
2002-01-14 12:37:59 +00:00
Dr. Stephen Henson
bc37d996fc
Experimental configuration code.
...
Incomplete, largely untested and subject to change/deletion.
2002-01-05 01:37:16 +00:00
Bodo Möller
d59fb0dd2f
Changes that break something should be included in CHANGES
...
to make it easier to fix things.
2002-01-04 13:27:52 +00:00
Bodo Möller
e5d6528a12
fix EVP_CIPHER_mode macro
...
Submitted by: "Dan S. Camper" <dan@bti.net>
2002-01-04 13:04:45 +00:00
Richard Levitte
6f9079fd50
Because Rijndael is more known as AES, use crypto/aes instead of
...
crypto/rijndael. Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).
This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.
2002-01-02 16:55:35 +00:00
Ulf Möller
dcbbf83dba
ssl3_read_bytes bug fix
...
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
2001-12-28 17:14:35 +00:00
Bodo Möller
3c89d78dba
update FAQ and CHANGES file (0.9.6c has been released)
2001-12-21 12:29:52 +00:00
Ben Laurie
7c517a04b1
Security fix.
2001-12-20 12:18:08 +00:00
Bodo Möller
b5348a095d
consistency with 0.9.6 stable "CHANGES"
2001-12-17 19:11:03 +00:00
Bodo Möller
66df02fd98
fix BN_rand_range
2001-12-14 10:09:29 +00:00
Dr. Stephen Henson
f3e24baddf
Don't overwrite signing time.
2001-12-07 00:36:32 +00:00
Bodo Möller
35e25255e0
crypto/objects stuff
2001-12-03 14:03:23 +00:00
Dr. Stephen Henson
21a85f1977
Add -pubkey option to req command.
2001-12-01 23:03:30 +00:00
Bodo Möller
898f856c44
info on 0.9.6 engine branch
2001-11-23 21:12:44 +00:00
Bodo Möller
883b0c2274
fix submitted by Andy Schneider <andy.schneider@bjss.co.uk>
...
(in main branch, hn_ncipher.c is already correct)
2001-11-23 20:58:40 +00:00
Bodo Möller
1d4581c2dd
OS/390 support
...
Submitted by: Richard Shapiro <rshapiro@abinitio.com>
2001-11-22 11:09:42 +00:00
Bodo Möller
76c4336c43
wNAFs use does not bring that much performance on Sparcs (where
...
elliptic curves are are relatively faster than on PCs anyway)
2001-11-16 12:02:01 +00:00
Bodo Möller
3ba1f11147
Improve EC efficiency.
2001-11-15 22:32:11 +00:00
Bodo Möller
1b28ed575b
consistency between main branch and stable branch
2001-11-14 21:17:39 +00:00
Bodo Möller
b26ca3408c
synchronise with 0.9.6 stable branch
2001-11-12 23:22:29 +00:00
Bodo Möller
83978bd37a
information on 0.9.6c-engine
2001-11-12 22:10:15 +00:00
Bodo Möller
c5571db0c2
Add unixware-7-gcc as in 0.9.6 branch (except that we need a 'sys_id'
...
field here, which is left empty).
Various configurations are *only* in the 0.9.6 branch at the moment:
OpenUNIX
OpenUNIX-8-gcc-shared
OpenUNIX-8-shared
Either Configure or CHANGES must be changed to rectify the situation.
2001-11-12 15:31:39 +00:00
Bodo Möller
7aa983c6db
Order chronologically: move entry for recent s2_clnt.c/s2_srvr.c fixes
...
(nearly) to the top.
Move msg_callback entry to the top as the implementation for SSL 2.0
is based on the s2_clnt.c/s2_srvr.c changes.
2001-11-10 15:14:00 +00:00
Bodo Möller
2b90b1f344
make code a little more similar to what it looked like before the fixes,
...
call ssl2_part_read again to parse error message
2001-11-10 10:44:15 +00:00
Bodo Möller
cf82191d77
Implement msg_callback for SSL 2.0.
...
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
2001-11-10 01:16:28 +00:00
Richard Levitte
a7b42009c4
Change the shared library support so the shared libraries get built
...
sooner and the programs get built against the shared libraries.
This requires a bit more work. Things like -rpath and the possibility
to still link the programs statically should be included. Some
cleanup is also needed. This will be worked on.
2001-10-30 08:00:59 +00:00
Dr. Stephen Henson
7d5b04db4e
Add support for Subject Info Acess extension.
2001-10-27 00:16:53 +00:00
Bodo Möller
48b0cf8b10
Note BUF_MEM_grow() consistency fix.
2001-10-26 14:06:33 +00:00
Bodo Möller
c602e7f4e8
disable caching in BIO_gethostbyname
2001-10-26 13:04:23 +00:00
Dr. Stephen Henson
1fc6d41bf6
New options to allow req to accept UTF8 strings as input.
2001-10-26 12:40:38 +00:00
Ben Laurie
0e21156333
Add paralellism to speed - note that this currently causes a weird memory leak.
2001-10-25 14:27:17 +00:00
Bodo Möller
89da653fa6
Add '-noemailDN' option to 'openssl ca'. This prevents inclusion of
...
the e-mail address in the DN (i.e., it will go into a certificate
extension only). The new configuration file option 'email_in_dn = no'
has the same effect.
Submitted by: Massimiliano Pala madwolf@openca.org
2001-10-25 08:25:19 +00:00
Bodo Möller
ba1c602281
Assume TLS 1.0 when ClientHello fragment is too short.
2001-10-25 06:09:51 +00:00
Richard Levitte
c2e4f17c1a
Due to an increasing number of clashes between modern OpenSSL and
...
libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_. Compatibility routines are provided and declared by including
openssl/des_old.h. Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.
The compatibility functions will be removed in some future release, at
the latest in version 1.0.
2001-10-24 21:21:12 +00:00
Bodo Möller
979689aa5c
Fix SSL handshake functions and SSL_clear() such that SSL_clear()
...
never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.
2001-10-24 19:03:22 +00:00
Dr. Stephen Henson
50d194af4d
Sanitize CHANGES entry.
2001-10-23 00:54:58 +00:00
Dr. Stephen Henson
f1558bb424
Reject certificates with unhandled critical extensions.
2001-10-21 02:09:15 +00:00
Bodo Möller
a661b65357
New functions SSL[_CTX]_set_msg_callback().
...
New macros SSL[_CTX]_set_msg_callback_arg().
Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).
New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.
In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).
Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Dr. Stephen Henson
581f1c8494
Modify EVP cipher behaviour in a similar way
...
to digests to retain compatibility.
2001-10-17 00:37:12 +00:00
Dr. Stephen Henson
20d2186c87
Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
...
with existing code.
Modify library to use digest *_ex() functions.
2001-10-16 01:24:29 +00:00
Bodo Möller
48948d53b6
Change ssl3_get_message and the functions using it so that complete
...
'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.
(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)
2001-10-15 19:49:25 +00:00
Richard Levitte
285046ec51
SSL_add_dir_cert_subjects_to_stack for Win32 finally implemented.
...
Submitted by Massimo Santin <msantin@santineassociati.com>.
2001-10-04 12:27:39 +00:00
Geoff Thorpe
07cee70258
Make an (overdue) note about the recent ENGINE restructuring. Apart from
...
a few items however, most of the details are deferred to the
crypto/engine/README file.
2001-10-01 15:56:25 +00:00
Dr. Stephen Henson
d46c1a8126
Support fractional seconds in GeneralizedTime
2001-09-28 00:44:44 +00:00
Richard Levitte
89eeccacde
Two changes:
...
1. if there are several symbols with the same entry number, sort those
symbols in ASCII order.
2. Do not stop reading the header files when "BEGIN ERROR CODES" is
found, since mkerr.pl will add a function declaration after that
comment. Instead, trigger on "Error codes for the \w+ function",
which is the actual start of the error code macros.
Additionally, a few more debugging printouts that helped.
2001-09-26 15:06:45 +00:00
Bodo Möller
3b0b5abae3
bugfix: handle HelloRequest received during handshake correctly
2001-09-21 11:18:40 +00:00
Bodo Möller
b49124f6d9
Disable session related stuff in SSL_ST_OK case of ssl3_accept if we
...
just sent a HelloRequest.
2001-09-21 07:01:25 +00:00
Bodo Möller
2260ad21fb
Bugfix: correct cleanup after sending a HelloRequest
2001-09-21 00:04:15 +00:00
Bodo Möller
6b0e9facf4
New function SSL_renegotiate_pending().
...
New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
2001-09-20 22:54:09 +00:00
Bodo Möller
8e2f6b79ea
fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case
2001-09-20 21:37:13 +00:00
Bodo Möller
ee60d9fb28
Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
...
reveal whether illegal block cipher padding was found or a MAC
verification error occured.
In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
2001-09-20 18:35:52 +00:00
Dr. Stephen Henson
96bd6f730a
Add certificate and request demos.
...
Fix X509V3 macro so they compile.
2001-09-12 00:19:20 +00:00
Lutz Jänicke
c0f5dd070b
Make maximum certifcate chain size accepted from the peer application
...
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
2001-09-11 13:08:51 +00:00
Bodo Möller
e13ae96d7c
While ispell may not like it, "cancelling" may be spelt with two "l"s
2001-09-10 18:59:53 +00:00
Ulf Möller
e3fefbfd56
ispell
2001-09-07 06:39:38 +00:00
Lutz Jänicke
6c36f7a9f2
Support for shared libraries on Unixware-7 and OpenUNIX-8
...
(Boyd Lynn Gerber <gerberb@zenez.com>).
2001-09-06 12:39:00 +00:00
Bodo Möller
a9ed4da8eb
improve OAEP check
2001-09-06 10:42:56 +00:00
Bodo Möller
3cad81f6fe
Mention DSO_up => DSO_up_ref renaming
2001-09-05 21:39:39 +00:00
Bodo Möller
4450107afb
Renaming DH_up to DH_up_ref does not warrant a CHANGES entry of its own
...
as the functions were only introduced a couple of days ago.
Some '*)' apparently should be '+)' as the changes do not apply
to the 0.9.6 bugfix branch.
2001-09-05 19:14:53 +00:00
Geoff Thorpe
908efd3b73
ENGINEs can now perform structural cleanup.
2001-09-05 19:07:01 +00:00
Geoff Thorpe
541814c403
Add some missing CHANGES items.
2001-09-05 17:50:24 +00:00
Ulf Möller
d98a4b7366
bug fix: bn_sqr_recursive output is twice its input size.
2001-09-05 04:43:43 +00:00
Bodo Möller
6ee2a1365e
CHANGES should list all API changes relevant for applications
...
(here: X509_STORE_CTX_init())
2001-09-04 11:13:01 +00:00
Geoff Thorpe
5b16639538
Note the "ERR_unload_strings" function.
2001-09-03 18:27:22 +00:00
Bodo Möller
983495c4b2
Use uniformly chosen witnesses for Miller-Rabin test
...
(by using new BN_pseudo_rand_range function)
2001-09-03 12:58:16 +00:00
Ben Laurie
2618893114
Make MD functions take EVP_MD_CTX * instead of void *, add copy() function.
2001-09-02 20:05:27 +00:00
Geoff Thorpe
36026dfc01
Note the "ex_data" changes.
2001-09-01 20:20:16 +00:00
Geoff Thorpe
0783bf151c
Note the "ERR" changes.
2001-08-25 17:59:13 +00:00
Geoff Thorpe
eb6dc02b23
Make a note of the "up" functions.
2001-08-25 17:37:46 +00:00
Lutz Jänicke
e7cf7fcd21
Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.)
2001-08-25 11:49:24 +00:00