wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
6116 commits 20 branches 302 tags 153 MiB
Commit graph

645 commits

Author SHA1 Message Date
Bodo Möller
b8b09625dc Rephrase statement on the security of two-key 3DES. 
[Chosen plaintext attack: R. Merkle, M. Hellman: "On the Security of
  Multiple Encryption", CACM 24 (1981) pp. 465-467, p. 776.

  Known plaintext angriff: P.C. van Oorschot, M. Wiener: "A
  known-plaintext attack on two-key triple encryption", EUROCRYPT '90.]
 2002-03-05 15:30:41 +00:00
Bodo Möller
2c17323e15 Rephrase statement on the security of two-key 3DES. 
[Chosen plaintext attack: R. Merkle, M. Hellman: "On the Security of
  Multiple Encryption", CACM 24 (1981) pp. 465-467, p. 776.

  Known plaintext angriff: P.C. van Oorschot, M. Wiener: "A
  known-plaintext attack on two-key triple encryption", EUROCRYPT '90.]
 2002-03-05 15:29:30 +00:00
Bodo Möller
023ec151df Add 'void *' argument to app_verify_callback. 
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
 2002-02-28 10:52:56 +00:00
Lutz Jänicke
e463138be9 SSL_clear != SSL_free/SSL_new 2002-02-27 08:11:18 +00:00
Lutz Jänicke
ce4b274aa1 SSL_clear != SSL_free/SSL_new 2002-02-27 08:08:57 +00:00
Lutz Jänicke
0df2a19b10 Even though it is not really practical people should know about it. 2002-02-15 09:36:08 +00:00
cvs2svn
1c8f840653 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2002-02-15 07:41:45 +00:00
Lutz Jänicke
f0d6ee6be8 Even though it is not really practical people should know about it. 2002-02-15 07:41:42 +00:00
Bodo Möller
a14e2d9dfe New functions 
ERR_peek_last_error
    ERR_peek_last_error_line
    ERR_peek_last_error_line_data
(supersedes ERR_peek_top_error).

Rename OPENSSL_NO_OLD_DES_SUPPORT into OPENSSL_DISABLE_OLD_DES_SUPPORT
because OPENSSL_NO_... indicates disabled algorithms (according to
mkdef.pl).
 2002-01-24 16:16:43 +00:00
Lutz Jänicke
bc52146aee Typos (jsyn <jsyn@openbsd.org>). 2002-01-21 18:02:27 +00:00
Lutz Jänicke
6ce46d69f5 Typos (jsyn <jsyn@openbsd.org>). 2002-01-21 18:01:46 +00:00
Bodo Möller
31cafe53c9 add a sentence previously deleted by accident 2002-01-04 15:22:40 +00:00
Bodo Möller
31961f7308 use some descriptions from Lutz' redundant manual page 
instead of the previous ones
 2002-01-04 15:21:26 +00:00
Bodo Möller
dc4ddcd2bb add documentation for SSLeay_version(SSLEAY_DIR) and 
'openssl version -d'

use some descriptions from Lutz' redundant manual page
instead of the previous ones
 2002-01-04 15:17:09 +00:00
Lutz Jänicke
2e1b411f23 Tsss, SSLeay_version() was already documented, it just was not linked in. 2002-01-04 15:08:34 +00:00
Lutz Jänicke
5256b021f3 Tsss, SSLeay_version() was already documented, it just was not linked in. 2002-01-04 15:05:51 +00:00
Lutz Jänicke
439c7ba540 Add information as provided by Richard Levitte on openssl-users :-) 2002-01-04 14:57:31 +00:00
cvs2svn
edbbf22a0e This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2002-01-04 14:55:39 +00:00
Lutz Jänicke
4ab1e7ceaf Add information as provided by Richard Levitte on openssl-users :-) 2002-01-04 14:55:38 +00:00
Dr. Stephen Henson
06623ff028 Update PEM docs 2002-01-04 13:35:37 +00:00
Ben Laurie
ff3fa48fc7 Improve back compatibility. 2001-12-09 21:53:31 +00:00
Richard Levitte
fe094cdfe3 I was recently informed that some people wrongly use ssleay.txt as 
main documentation, so let's warn them a little more, so the word
"OBSOLETE" really gets understood.
 2001-12-04 07:50:52 +00:00
Richard Levitte
8f0edcb3d2 I was recently informed that some people wrongly use ssleay.txt as 
main documentation, so let's warn them a little more, so the word
"OBSOLETE" really gets understood.
 2001-12-04 07:38:17 +00:00
Dr. Stephen Henson
55e42c93a8 EVP_BytesToKey documentation. 2001-12-03 03:07:37 +00:00
Dr. Stephen Henson
21a85f1977 Add -pubkey option to req command. 2001-12-01 23:03:30 +00:00
Bodo Möller
1b0613e313 discuss -name and default_ca more correctly (I hope) 2001-11-26 12:14:22 +00:00
Bodo Möller
8a0a9392ab discuss -name and default_ca more correctly (I hope) 2001-11-26 12:13:50 +00:00
Lutz Jänicke
c156d5c9bd Clarify reference count handling/removal of session 
(shinagawa@star.zko.dec.com).
 2001-11-19 11:12:30 +00:00
Lutz Jänicke
a7ce69dbd7 Clarify reference count handling/removal of session 
(shinagawa@star.zko.dec.com).
 2001-11-19 11:11:23 +00:00
Bodo Möller
44cc9715ec remove incorrect 'callback' prototype 2001-11-10 02:14:43 +00:00
Bodo Möller
65123f8064 remove incorrect 'callback' prototype 2001-11-10 02:12:56 +00:00
Bodo Möller
1d8634b110 msg_callback documentation 2001-11-10 02:12:09 +00:00
Bodo Möller
45582d1e2b clarify 2001-11-08 14:54:21 +00:00
Bodo Möller
b8556ab14b clarify 2001-11-08 14:52:40 +00:00
Dr. Stephen Henson
1fc6d41bf6 New options to allow req to accept UTF8 strings as input. 2001-10-26 12:40:38 +00:00
Ulf Möller
a41477f92e remove compatibility notes that no longer apply 2001-10-25 17:45:25 +00:00
Richard Levitte
5f68c5feef Correct some links... 2001-10-25 16:56:06 +00:00
Richard Levitte
ee84a5a7fb Change the DES documentation to reflect the current status. Note that 
some password reading functions are really part of the UI
compatibility library...
 2001-10-25 16:55:17 +00:00
Bodo Möller
2a9aca32dc mention des_old.h 2001-10-25 08:44:10 +00:00
Bodo Möller
89da653fa6 Add '-noemailDN' option to 'openssl ca'. This prevents inclusion of 
the e-mail address in the DN (i.e., it will go into a certificate
extension only).  The new configuration file option 'email_in_dn = no'
has the same effect.

Submitted by: Massimiliano Pala madwolf@openca.org
 2001-10-25 08:25:19 +00:00
Richard Levitte
ce15d5a9dc Remove DES_random_seed() but retain des_random_seed() for now. Change 
the docs to reflect this change and correct libeay.num.
 2001-10-25 06:46:22 +00:00
Richard Levitte
c2e4f17c1a Due to an increasing number of clashes between modern OpenSSL and 
libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_.  Compatibility routines are provided and declared by including
openssl/des_old.h.  Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.

The compatibility functions will be removed in some future release, at
the latest in version 1.0.
 2001-10-24 21:21:12 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback(). 
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
 2001-10-20 17:56:36 +00:00
Bodo Möller
51008ffce1 document SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 2001-10-17 11:56:26 +00:00
Dr. Stephen Henson
3811eed8d5 Update docs. 2001-10-17 01:50:32 +00:00
Dr. Stephen Henson
e72d734d5f Update docs. 2001-10-16 02:22:59 +00:00
Lutz Jänicke
aa8a33c230 Update information as a partial response to the post 
From: "Chris D. Peterson" <cpeterson@aventail.com>
  Subject: Implementation Issues with OpenSSL
  To: openssl-users@openssl.org
  Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
 2001-10-12 12:29:57 +00:00
Lutz Jänicke
56fa8e69cf Update information as a partial response to the post 
From: "Chris D. Peterson" <cpeterson@aventail.com>
  Subject: Implementation Issues with OpenSSL
  To: openssl-users@openssl.org
  Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
 2001-10-12 12:29:16 +00:00
Lutz Jänicke
293c4d747c Small documentation fixes (Howard Lum <howard@pumpkin.canada.sun.com>) 2001-10-08 08:38:12 +00:00
Lutz Jänicke
e1c279b63d Small documentation fixes (Howard Lum <howard@pumpkin.canada.sun.com>) 2001-10-08 08:37:24 +00:00
Lutz Jänicke
491d390ec9 Synchronize typo corrections with 0.9.7-dev 2001-09-13 15:19:39 +00:00
Lutz Jänicke
d300bcca7f Typo. 2001-09-13 15:18:51 +00:00
Lutz Jänicke
87301baec9 One more manual page. 2001-09-13 15:07:21 +00:00
cvs2svn
0cf4df488b This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-09-13 15:05:43 +00:00
Lutz Jänicke
d59c3e5046 One more manual page. 2001-09-13 15:05:42 +00:00
Lutz Jänicke
6d8566f2eb Rework section about return values another time (based on hints from 
Bodo Moeller).
 2001-09-13 13:21:38 +00:00
Lutz Jänicke
c0f5dd070b Make maximum certifcate chain size accepted from the peer application 
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
 2001-09-11 13:08:51 +00:00
Ulf Möller
3b80e3aa9e ispell 2001-09-07 06:13:40 +00:00
Bodo Möller
f4681b0864 Use uniformly chosen witnesses for Miller-Rabin test 
(by using new BN_pseudo_rand_range function)
 2001-09-03 13:01:28 +00:00
Bodo Möller
983495c4b2 Use uniformly chosen witnesses for Miller-Rabin test 
(by using new BN_pseudo_rand_range function)
 2001-09-03 12:58:16 +00:00
Lutz Jänicke
2cb95a153e More docs. 2001-08-24 14:31:36 +00:00
cvs2svn
20d57547e6 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-08-24 14:29:49 +00:00
Lutz Jänicke
f1b2807478 More docs. 2001-08-24 14:29:48 +00:00
Lutz Jänicke
ea5b10a177 More manual pages, no constification. 2001-08-23 18:50:16 +00:00
Lutz Jänicke
bfd7bb3eb6 Typo. 2001-08-23 17:41:20 +00:00
cvs2svn
dca598b911 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-08-23 17:22:44 +00:00
Lutz Jänicke
11c8f0b79d More manual pages. Constify. 2001-08-23 17:22:43 +00:00
Lutz Jänicke
187ebb98ad As discussed recently on openssl-users. 2001-08-23 15:01:36 +00:00
cvs2svn
84712f4f9d This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-08-23 15:00:12 +00:00
Lutz Jänicke
c4068186ac As discussed recently on openssl-users. 2001-08-23 15:00:11 +00:00
Lutz Jänicke
44366c3713 Make clear, that using the compression layer is currently not recommended. 2001-08-23 09:42:56 +00:00
Lutz Jänicke
0a93a68020 Make clear, that using the compression layer is currently not recommended. 2001-08-23 09:42:12 +00:00
Ulf Möller
f2ab7d1392 typo. 2001-08-22 18:35:17 +00:00
Lutz Jänicke
7ac19add8f One more manual page... 2001-08-21 14:55:58 +00:00
cvs2svn
e1c82386d1 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-08-21 14:54:55 +00:00
Lutz Jänicke
141e584998 One more manual page... 2001-08-21 14:54:54 +00:00
Lutz Jänicke
d9164abe69 Documentation on how to handle compression methods. 
Hopefully it is clear enough, that it is currently not recommended.
 2001-08-21 13:04:26 +00:00
cvs2svn
9347774449 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-08-21 13:02:59 +00:00
Lutz Jänicke
336736ef35 Documentation on how to handle compression methods. 
Hopefully it is clear enough, that it is currently not recommended.
 2001-08-21 13:02:58 +00:00
Lutz Jänicke
3d11230259 More interdependencies with respect to shutdown behaviour. 2001-08-20 14:35:17 +00:00
Lutz Jänicke
d93eb21c7c More interdependencies with respect to shutdown behaviour. 2001-08-20 14:34:16 +00:00
Lutz Jänicke
653cc07b51 Alert description strings for TLSv1 and documentation. 2001-08-19 16:23:57 +00:00
cvs2svn
7a5b2bea86 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-08-19 16:20:43 +00:00
Lutz Jänicke
a403188f92 Alert description strings for TLSv1 and documentation. 2001-08-19 16:20:42 +00:00
Lutz Jänicke
3eba9b0ebc More details about session timeout settings. 2001-08-17 16:38:06 +00:00
cvs2svn
544346a6c8 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-08-17 16:36:52 +00:00
Lutz Jänicke
52129c0b0b More details about session timeout settings. 2001-08-17 16:36:51 +00:00
Lutz Jänicke
5f18f1b4c5 One more function documented. 2001-08-17 15:56:30 +00:00
cvs2svn
1b061845d7 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-08-17 15:54:51 +00:00
Lutz Jänicke
a52877a2f1 One more function documented. 2001-08-17 15:54:50 +00:00
Lutz Jänicke
3ad82e4707 SSL_shutdown() has even more properties... 2001-08-17 15:10:47 +00:00
cvs2svn
71cbb0f128 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-08-17 15:09:32 +00:00
Lutz Jänicke
cdd7c3ce92 SSL_shutdown() has even more properties... 2001-08-17 15:09:31 +00:00
Lutz Jänicke
b82030e90a One more step on the way for complete documentation... 2001-08-17 14:34:44 +00:00
cvs2svn
ce59bb8bd0 This commit was manufactured by cvs2svn to create branch 
'OpenSSL_0_9_6-stable'.
 2001-08-17 14:32:39 +00:00
Lutz Jänicke
c1497b4d19 One more step on the way for complete documentation... 2001-08-17 14:32:38 +00:00
Lutz Jänicke
deecc4bede Unidirectional shutdown is allowed according to the RFC. 2001-08-17 09:09:17 +00:00
Lutz Jänicke
b2ed462934 Unidirectional shutdown is allowed according to the RFC. 2001-08-17 09:08:32 +00:00
Lutz Jänicke
3d85776a09 Better description of the behaviour of SSL_shutdown() as it is now, broken 
or not.
 2001-08-16 14:29:50 +00:00
Lutz Jänicke
9e09eebf94 Better description of the behaviour of SSL_shutdown() as it is now, broken 
or not.
 2001-08-16 14:27:55 +00:00