Commit graph

1133 commits

Author SHA1 Message Date
Richard Levitte
fba1cfa06d The release is tagged, time to work on 0.9.7c. 2003-04-10 20:40:19 +00:00
Richard Levitte
5964e95c0a Time to release 0.9.7b.
The tag will be OpenSSL_0_9_7b.
2003-04-10 20:22:15 +00:00
Bodo Möller
46b695d850 make RSA blinding thread-safe 2003-04-02 09:50:55 +00:00
Bodo Möller
409a5de586 countermeasure against new Klima-Pokorny-Rosa atack 2003-03-19 19:19:58 +00:00
Bodo Möller
84b1e84af1 make sure RSA blinding works when the PRNG is not properly seeded;
enable it automatically only for the built-in engine
2003-03-19 18:58:55 +00:00
Ben Laurie
96c15b8aad Turn on RSA blinding by default. 2003-03-18 12:12:10 +00:00
Geoff Thorpe
86a925b27e Fix a bone-head bug. This warrants a CHANGES entry because it could affect
applications if they were passing a bogus 'flags' parameter yet having
things work as they wanted anyway.
2003-03-13 20:23:19 +00:00
Ulf Möller
5600a9cba1 Add instructions for building the MinGW target in Cygwin, and
rearrange some of the other text for better readability.
2003-02-22 23:00:25 +00:00
Richard Levitte
dab0aaa612 Let's move on to development of 0.9.7b. 2003-02-19 12:55:39 +00:00
Richard Levitte
352df99302 Security fix: Vaudenay timing attack on CBC.
An advisory will be posted to the web.  Expect a release within the hour.
2003-02-19 12:04:16 +00:00
Richard Levitte
cc811b1d7e Make the no-err option work properly 2003-02-18 12:15:13 +00:00
Richard Levitte
142398d3a7 Add support for IA64.
PR: 454
2003-02-14 13:30:43 +00:00
Richard Levitte
e4b95737f0 Adjust DES_cbc_cksum() so the returned value is the same as MIT's
mit_des_cbc_cksum().  The difference was first observed, then verified by
looking at the MIT source.
2003-02-12 17:20:50 +00:00
Dr. Stephen Henson
c13eba970c Option to disable auto SSL chain building. 2003-02-12 17:05:17 +00:00
Richard Levitte
6d85cd36e2 Add the possibility to build without the ENGINE framework.
PR: 287
2003-01-30 17:37:49 +00:00
Bodo Möller
30e3c99d9f consistency 2003-01-24 22:27:00 +00:00
Dr. Stephen Henson
624feae8af Check return value of gmtime() and add error codes
where it fails in ASN1_TIME_set().

Clear error queue in req.c if *_min or *_max is absent.
2003-01-24 00:42:50 +00:00
Lutz Jänicke
0748cdc7f1 Fix initialization sequence to prevent freeing of unitialized objects.
Submitted by: Nils Larsch <nla@trustcenter.de>

PR: 459
2003-01-15 14:56:47 +00:00
Lutz Jänicke
b2c71c489d Really fix SSLv2 session ID handling
PR: 377
2003-01-15 09:48:29 +00:00
Andy Polyakov
e5658b9331 Note IA-32 assembler support enhancements in CHANGES. 2003-01-13 16:39:41 +00:00
Richard Levitte
959ba907df Add better support for FreeBSD on non-x86 machines.
Add specific support for FreeBSD on sparc64.
PR: 427
2003-01-12 04:43:52 +00:00
Richard Levitte
fa47b4d8b8 When preparing a separate build tree, don't make softlinks to softlinks.
Add instructions in INSTALL, for easy access.
PR: 437
2003-01-10 10:56:21 +00:00
Richard Levitte
4a2e36b19e It's rather silly to believe we'd release 0.9.7a in 2002 :-). 2002-12-31 00:59:36 +00:00
Richard Levitte
1c2018f37f Tagging is done, move on to development of 0.9.7a. 2002-12-31 00:02:34 +00:00
Richard Levitte
04572965ea Time for release of OpenSSL 0.9.7.
The tag will be OpenSSL_0_9_7.
2002-12-30 23:54:11 +00:00
Lutz Jänicke
ef9d3a10c3 Fix wrong handling of session ID in SSLv2 client code.
PR: 377
2002-12-29 20:58:55 +00:00
Richard Levitte
e286dfe6ed We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies,
and then didn't support it very well.  And that when there already is a
useful variable for exactly this kind of thing; EX_LIBS...
2002-12-19 22:10:20 +00:00
Richard Levitte
04c71cd725 OK, there's at least one application author who has provided dynamic locking
callbacks
2002-12-13 07:30:59 +00:00
Richard Levitte
5c72869563 Add a static lock called HWCRHK, for the case of having an application
that wants to use the hw_ncipher engine without having given any
callbacks for the dynamic type of locks.
2002-12-12 17:41:36 +00:00
Richard Levitte
a272f7eb08 Merge in relevant changes from the OpenSSL 0.9.6h release. 2002-12-05 21:51:57 +00:00
Dr. Stephen Henson
38b085902f In asn1_d2i_read_bio, don't assume BIO_read will
return the requested number of bytes when reading
content.
2002-12-03 23:49:12 +00:00
Richard Levitte
0a3af9a403 Add OPENSSL_cleanse() to help cleanse memory and avoid certain compiler
and linker optimizations.
PR: 343
2002-11-27 12:25:52 +00:00
Richard Levitte
a5fd84de41 Heimdal isn't really supported right now. Say so, and offer a possibility
to force the use of Heimdal, and warn if that's used.
PR: 346
2002-11-26 10:11:25 +00:00
Lutz Jänicke
a153c46d7f Fix bug introduced by the attempt to fix client side external session
caching (#288): now internal caching failed (#351):
Make sure, that cipher_id is set before comparing.
Submitted by:
Reviewed by:
PR: 288 (and 351)
2002-11-20 10:46:35 +00:00
Richard Levitte
29ca164513 WinCE patches 2002-11-15 22:44:08 +00:00
Richard Levitte
082cd4e564 Changes to make shared library building and use work better with Cygwin 2002-11-15 16:49:34 +00:00
Richard Levitte
2115a89212 Document the change to remove the 'done' flag variable in the
OpenSSL_add_all_*() routines
2002-11-15 14:01:15 +00:00
Richard Levitte
0439a5a8a7 We need to read one more byte of the REQUEST-CERTIFICATE message.
PR: 300
2002-11-15 09:17:45 +00:00
Bodo Möller
402b4a784d use same entry as in more recent CHANGES revision in CVS head 2002-11-14 12:11:44 +00:00
Bodo Möller
651e7ddf7e fix order again 2002-11-14 12:08:16 +00:00
Richard Levitte
5b1aea7afe Handle last lines that aren't properly terminated.
PR: 308
2002-11-14 06:50:32 +00:00
Bodo Möller
46ce790727 fix order of changes -- if B depends on A, A should be listed
after B (reversed 'chronological' order)
2002-11-12 13:35:27 +00:00
Ben Laurie
9831d941ca Many security improvements (CHATS) and a warning fix. 2002-11-12 13:23:40 +00:00
Richard Levitte
8bcc049399 X509_NAME_cmp() now compares PrintableString and emailAddress with a value of type
ia5String correctly.
PR: 244
2002-11-09 21:55:12 +00:00
Geoff Thorpe
96a2c35d91 The recent CHANGES note between 0.9.6g and 0.9.6h needs copying into the
other branches.
2002-10-29 17:59:18 +00:00
Bodo Möller
84236041c1 synchronize with 0.9.6-stable version of this file 2002-10-11 17:53:21 +00:00
Bodo Möller
8d44d96ec3 remove redundant empty line 2002-10-11 17:29:07 +00:00
Richard Levitte
12a2ff9625 RFC 2712 redefines the codes for use of Kerberos 5 in SSL/TLS.
PR: 189
2002-10-10 07:59:45 +00:00
Bodo Möller
64cb996206 fix more race conditions
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
2002-09-26 15:54:15 +00:00
Bodo Möller
fbf4c7b4f1 really fix race conditions
Submitted by: "Patrick McCormick" <patrick@tellme.com>

PR: 262
PR: 291
2002-09-25 15:38:17 +00:00
Bodo Möller
4e33db9a3f really fix race condition
PR: 262
2002-09-23 14:28:12 +00:00
Bodo Möller
f7eb95852c there is no minimum length for session IDs
PR: 274

fix race condition
PR: 262
2002-09-20 08:37:13 +00:00
Dr. Stephen Henson
a98beb3a2d Apply -nameopt patches to 0.9.7 2002-08-30 18:26:26 +00:00
Lutz Jänicke
68a9ee13e8 Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb().
Submitted by:
Reviewed by:
PR: 212
2002-08-16 17:02:30 +00:00
Dr. Stephen Henson
ea050a6eb3 Fix block_size field for CFB and OFB modes: it should be 1. 2002-08-16 01:38:34 +00:00
Dr. Stephen Henson
f84acec8ea Fix typo in OBJ_txt2obj which incorrectly passed the content
length, instead of the encoding length to d2i_ASN1_OBJECT.

This wasn't visible before becuse ASN1_get_object() used
to read past the length of the supplied buffer.
2002-08-14 00:50:35 +00:00
Bodo Möller
3c1a6f441b add 0.9.6g information 2002-08-12 08:43:32 +00:00
Richard Levitte
00c8546d21 0.9.6f is released 2002-08-08 22:56:05 +00:00
Dr. Stephen Henson
b012127a99 Fix the ASN1 sanity check: correct header length
calculation and check overflow against LONG_MAX.
2002-08-02 18:42:40 +00:00
Bodo Möller
265a9e2c5d get rid of OpenSSLDie 2002-08-02 11:47:24 +00:00
Lutz Jänicke
bca9dc2a51 OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
Submitted by:
Reviewed by:
PR:
2002-07-30 11:21:19 +00:00
Richard Levitte
b721e1e239 Document the recent DJGPP-related changes 2002-07-23 13:46:05 +00:00
Bodo Möller
16758de0a2 add an explanation and fix a typo 2002-07-22 08:38:14 +00:00
Lutz Jänicke
f19b6474fe New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT.
Submitted by:
Reviewed by:
PR: 127
2002-07-19 19:53:02 +00:00
Richard Levitte
4810644f65 For those wanting to build for several platforms with the same source
directory, making a separate directory tree with lots of symbolic links
seems to be the solution.  Unfortunately, Configure doesn't take appropriate
steps to support this solution (as in removing a file that's going to be
rewritten).  This change corrects that situation.  Now I just have to
find all other places where there's lack of support for this.
2002-07-16 09:18:25 +00:00
Lutz Jänicke
4064a85205 Ciphers with NULL encryption were not properly handled because they were
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
2002-07-10 06:40:18 +00:00
Bodo Möller
5af9fcaf35 AES cipher suites are now official (RFC3268) 2002-07-04 08:50:33 +00:00
Bodo Möller
e003386793 update an entry on EVP changes 2002-06-26 14:22:39 +00:00
Geoff Thorpe
a2ffad81c8 Make sure any ENGINE control commands make local copies of string
pointers passed to them whenever necessary. Otherwise it is possible the
caller may have overwritten (or deallocated) the original string data
when a later ENGINE operation tries to use the stored values.

Submitted by: Götz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by: Geoff Thorpe
PR: 98
2002-06-21 02:48:57 +00:00
Bodo Möller
2f8275c52d New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
2002-06-14 12:20:27 +00:00
Lutz Jänicke
f10581829d Make change uniqueIdentifier -> x500UniqueIdentifier clearly visible.
Submitted by:
Reviewed by:
PR: 82
2002-06-12 20:42:04 +00:00
Ben Laurie
461f00dd53 Handle read failures better. 2002-06-11 11:41:26 +00:00
Richard Levitte
1b97c938e9 Document the AES changes. 2002-05-31 13:16:37 +00:00
Bodo Möller
855f0b4f2f fix EVP_dsa_sha macro
Submitted by: Nils Larsch
2002-05-16 12:53:34 +00:00
Dr. Stephen Henson
38dbcb2248 Oops, forgot CHANGES entry and description:
Allow reuse of cipher contexts by removing
automatic cleanup in EVP_*Final().
2002-05-15 18:23:07 +00:00
Dr. Stephen Henson
1c511bdb7c Fallback to normal multiply if n2 == 8 and dna or dnb is not zero
in bn_mul_recursive.

This is (hopefully) what was triggering bignum errors on 64 bit
platforms and causing the BN_mod_mul test to fail.
2002-05-10 22:22:55 +00:00
Bodo Möller
aa9fed8cc2 refer to latest draft for AES ciphersuites 2002-05-07 07:56:09 +00:00
Bodo Möller
29f6a99432 disable AES ciphersuites unless explicitly requested 2002-05-05 23:47:09 +00:00
Lutz Jänicke
fb0f53b2e0 Fix escaping when using the -subj option of "openssl req", document
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
Submitted by:
Reviewed by:
PR: #2
2002-04-30 12:10:10 +00:00
Bodo Möller
dfc5336975 Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
encoded as NULL) with id-dsa-with-sha1.

Submitted by: Nils Larsch
2002-04-26 08:29:18 +00:00
Bodo Möller
d4a67e3186 check return values
Submitted by: Nils Larsch
2002-04-17 09:31:02 +00:00
Lutz Jänicke
18e10315e5 Document OID changes.
Submitted by:
Reviewed by:
PR:
2002-04-15 14:17:20 +00:00
Lutz Jänicke
a6198b9ed1 Some more OID enhancements.
Submitted by:
Reviewed by:
PR:
2002-04-15 10:38:37 +00:00
Lutz Jänicke
a7be294ed7 Fix CRLF problem in BASE64 decode.
Submitted by:
Reviewed by:
PR:
2002-04-15 09:53:47 +00:00
Bodo Möller
a9ab63c01c Implement known-IV countermeasure.
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-04-13 22:51:26 +00:00
Bodo Möller
2d96549cd0 looks like a typo 2002-04-12 13:51:42 +00:00
Bodo Möller
b48892d403 synchronize with main branch 2002-04-12 13:46:46 +00:00
Lutz Jänicke
9be529f12d In preparation of 0.9.7: re-order changelog, so that the changes
are listed as of ... -> 0.9.6c -> 0.9.6d -> 0.9.7
Submitted by:
Reviewed by:
PR:
2002-04-10 19:50:23 +00:00
Bodo Möller
2826fcc851 add usage examples 2002-04-09 11:53:51 +00:00
Lutz Jänicke
ce34d0ac09 Fix buggy object definitions (Svenning Sorensen <sss@sss.dnsalias.net>).
Submitted by:
Reviewed by:
PR:
2002-04-04 17:49:39 +00:00
Lutz Jänicke
75b9c0044c Make short names of objects RFC2256-compliant.
Submitted by:
Reviewed by:
PR:
2002-03-26 17:15:32 +00:00
Richard Levitte
600b77a93f Add the possibility to enable olde des support, not just disable it, for future support. Redocument 2002-03-26 14:26:08 +00:00
Bodo Möller
afcf54a5c9 fix DH_generate_parameters for general 'generator' 2002-03-20 16:02:46 +00:00
Lutz Jänicke
3671e38af4 Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>).
Submitted by:
Reviewed by:
PR:
2002-03-19 16:44:26 +00:00
Bodo Möller
0bdbc5a86e fix ssl3_pending 2002-03-15 10:52:03 +00:00
Lutz Jänicke
abecef77cf Add missing strength classification.
Submitted by:
Reviewed by:
PR:
2002-03-14 18:47:51 +00:00
Dr. Stephen Henson
c913cf446f ENGINE module additions.
Add "init" command to control ENGINE
initialization.

Call ENGINE_finish on initialized ENGINEs on exit.

Reorder shutdown in apps.c: modules should be shut
down first.

Add test private key loader to openssl ENGINE: this
just loads a private key in PEM format.

Fix print format for dh length parameter.
2002-03-06 14:09:46 +00:00
Richard Levitte
cea698f19c Document the added modes for AES 2002-02-28 11:30:42 +00:00
Bodo Möller
48781ef7f7 Add 'void *' argument to app_verify_callback.
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:55:52 +00:00
Geoff Thorpe
6d1a837df7 This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice
Gittens.
2002-02-27 22:45:48 +00:00