Commit graph

4157 commits

Author SHA1 Message Date
Lutz Jänicke
e9eb000c53 Oops, one SSL_OP_NON_EXPORT_FIRST was left. 2001-08-03 13:05:44 +00:00
Ben Laurie
1ba01caaa3 Make /dev/crypto work with new EVP structures. 2001-08-03 11:54:37 +00:00
Richard Levitte
5cd6571fae Make sure memcpy() gets properly declared by including string.h. 2001-08-03 10:54:00 +00:00
Bodo Möller
6383bbe525 remove a comma 2001-08-03 09:28:02 +00:00
Lutz Jänicke
06da6e4977 Don't disable rollback attack detection as a recommended bug workaround. 2001-08-03 08:45:13 +00:00
Lutz Jänicke
b72faddc47 Mention removed option. 2001-08-01 10:07:55 +00:00
Lutz Jänicke
d92f0bb6e9 Remove SSL_OP_NON_EXPORT_FIRST:
It did not work, it was deactivated by #if 0/#endif anyway _and_ we now have
the working SSL_OP_CIPHER_SERVER_PREFERENCE.
2001-08-01 10:06:32 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Richard Levitte
6da980e2b5 Make sure the source file is included among the dependencies. This is
the norm for 'gcc -M' but not for 'makedepend', and is merely
introduced here to avoid commit wars.
2001-07-31 17:02:44 +00:00
Lutz Jänicke
7ea0acc3ef Reworked manual pages with a lot of input from Bodo Moeller. 2001-07-31 15:06:43 +00:00
Lutz Jänicke
37f599bcec Reworked manual pages with a lot of input from Bodo Moeller. 2001-07-31 15:04:50 +00:00
Ben Laurie
8408f4fbc7 Document DES changes better. 2001-07-31 13:33:58 +00:00
Ben Laurie
534164ef90 Remove old unused stuff. 2001-07-31 12:03:26 +00:00
Lutz Jänicke
dd186f600d Only set the verify callback if there's one to set! 2001-07-31 10:20:53 +00:00
Lutz Jänicke
e32c852e1e Indent. 2001-07-31 10:19:20 +00:00
Richard Levitte
dbfc0f8c2b Vade retro C++ comments!
(Latin for "comments", anyone?)
2001-07-31 09:15:52 +00:00
Richard Levitte
3728974460 Make as sure as possible that gethostname() will be properly declared. 2001-07-31 08:50:20 +00:00
Richard Levitte
fdc2bbcacb Correct most of the unsigned vs. signed warnings (or int vs. size_t),
and rename some local variables to avoid name shadowing.
2001-07-31 08:45:40 +00:00
Richard Levitte
c2a3358b60 Whoops, my fault, a backslash got converted to a slash... 2001-07-31 08:44:28 +00:00
Richard Levitte
882e891284 More Kerberos SSL changes from Jeffrey Altman <jaltman@columbia.edu>
His comments are:

First, it corrects a problem introduced in the last patch where the
kssl_map_enc() would intentionally return NULL for valid ENCTYPE
values.  This was done to prevent verification of the kerberos 5
authenticator from being performed when Derived Key ciphers were
in use.  Unfortunately, the authenticator verification routine was
not the only place that function was used.  And it caused core dumps.

Second, it attempt to add to SSL_SESSION the Kerberos 5 Client
Principal Name.
2001-07-31 07:21:06 +00:00
Ben Laurie
05bbf78afd Remove //. 2001-07-31 06:47:23 +00:00
Richard Levitte
99ecb90a99 make update 2001-07-31 06:40:10 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Ben Laurie
3ba5d1cf2e Make EVPs allocate context memory, thus making them extensible. Rationalise
DES's keyschedules.

I know these two should be separate, and I'll back out the DES changes if they
are deemed to be an error.

Note that there is a memory leak lurking in SSL somewhere in this version.
2001-07-30 17:46:22 +00:00
Ben Laurie
be2e2c3297 Only set the verify callback if there's one to set! 2001-07-30 17:17:26 +00:00
Andy Polyakov
ed0015284b Just a "get to know your system" bit. 2001-07-30 16:46:37 +00:00
Andy Polyakov
6d03b73e35 Enhanced support for IA-64 Linux and HP-UX (as well as better support for
HP-UX in common in ./config). Note that for the moment of this writing
none of 64-bit platforms pass bntest. I'm committing this anyway as it's
too frustrating to patch snapshots over and over while 0.9.6 is known to
work.
2001-07-30 16:42:15 +00:00
Andy Polyakov
622d3d3592 Support for Intel and HP-UXi assemblers. 2001-07-30 15:54:13 +00:00
Ben Laurie
0e06354402 ANSIfication. 2001-07-30 15:33:46 +00:00
Andy Polyakov
62c271610b Typo in stty command lines. 2001-07-30 14:33:58 +00:00
Lutz Jänicke
01fc70323f Don't miss files... 2001-07-30 11:51:06 +00:00
Lutz Jänicke
db089ad60d Don't miss files... 2001-07-30 11:50:37 +00:00
Lutz Jänicke
03a70bad4f Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:48:20 +00:00
Lutz Jänicke
1f0c9ad7e1 Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:45:34 +00:00
Lutz Jänicke
7146221bbe Forgot to mention second fix. 2001-07-30 11:44:14 +00:00
Lutz Jänicke
06efc222f9 Forgot to mention second fix. 2001-07-30 11:33:53 +00:00
Bodo Möller
de3333bae4 length of secret exponent is needed only when we create one 2001-07-27 22:45:35 +00:00
Bodo Möller
80a8d1406b length of secret exponent is needed only when we create one 2001-07-27 22:45:19 +00:00
Bodo Möller
924875e53b Undo DH_generate_key() change: s3_srvr.c was using it correctly 2001-07-27 22:34:25 +00:00
Bodo Möller
1a76a85c93 Undo DH_generate_key() change: s3_srvr.c was using it correctly 2001-07-27 22:34:00 +00:00
Lutz Jänicke
cf1b34ad34 Another uninitialized static that may lead to problems on Solaris under some
circumstances.
2001-07-27 12:36:16 +00:00
Lutz Jänicke
3a64458217 Another uninitialized static that may lead to problems on Solaris under some
circumstances.
2001-07-27 12:35:27 +00:00
Richard Levitte
ea71c22731 Addapt VMS script to the latest changes in the makefiles. 2001-07-27 07:47:51 +00:00
Dr. Stephen Henson
dc706cd35f Make sure *outl is always initialized in EVP_EncryptUpdate(). 2001-07-27 02:24:47 +00:00
Dr. Stephen Henson
1241126adf More linker bloat reorganisation:
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.

Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.

Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.

Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.

So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
2001-07-27 02:22:42 +00:00
Dr. Stephen Henson
19da130053 First of several reorganisations to
reduce linker bloat. For example the
single line:

PEM_read_X509()

results in a binary of around 400K in Linux!

This first step separates some of the PEM functions and
avoids linking in some PKCS#7 and PKCS#12 code.
2001-07-26 22:34:45 +00:00
Lutz Jänicke
44d4b684f9 Fix problem occuring when used from OpenSSH on Solaris 8. 2001-07-26 09:03:42 +00:00
Lutz Jänicke
a75b191502 Fix problem occuring when used from OpenSSH on Solaris 8. 2001-07-26 09:02:44 +00:00
Bodo Möller
e5cb260365 DH key generation should not use a do ... while loop,
or bogus DH parameters can be used for launching DOS attacks
2001-07-25 17:48:51 +00:00
Bodo Möller
746142d672 DH key generation should not use a do ... while loop,
or bogus DH parameters can be used for launching DOS attacks
2001-07-25 17:48:40 +00:00