Commit graph

1023 commits

Author SHA1 Message Date
Lutz Jänicke
bca9dc2a51 OpenSSL Security Advisory [30 July 2002]
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
Submitted by:
Reviewed by:
PR:
2002-07-30 11:21:19 +00:00
Richard Levitte
b721e1e239 Document the recent DJGPP-related changes 2002-07-23 13:46:05 +00:00
Bodo Möller
16758de0a2 add an explanation and fix a typo 2002-07-22 08:38:14 +00:00
Lutz Jänicke
f19b6474fe New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT.
Submitted by:
Reviewed by:
PR: 127
2002-07-19 19:53:02 +00:00
Richard Levitte
4810644f65 For those wanting to build for several platforms with the same source
directory, making a separate directory tree with lots of symbolic links
seems to be the solution.  Unfortunately, Configure doesn't take appropriate
steps to support this solution (as in removing a file that's going to be
rewritten).  This change corrects that situation.  Now I just have to
find all other places where there's lack of support for this.
2002-07-16 09:18:25 +00:00
Lutz Jänicke
4064a85205 Ciphers with NULL encryption were not properly handled because they were
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
2002-07-10 06:40:18 +00:00
Bodo Möller
5af9fcaf35 AES cipher suites are now official (RFC3268) 2002-07-04 08:50:33 +00:00
Bodo Möller
e003386793 update an entry on EVP changes 2002-06-26 14:22:39 +00:00
Geoff Thorpe
a2ffad81c8 Make sure any ENGINE control commands make local copies of string
pointers passed to them whenever necessary. Otherwise it is possible the
caller may have overwritten (or deallocated) the original string data
when a later ENGINE operation tries to use the stored values.

Submitted by: Götz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by: Geoff Thorpe
PR: 98
2002-06-21 02:48:57 +00:00
Bodo Möller
2f8275c52d New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
2002-06-14 12:20:27 +00:00
Lutz Jänicke
f10581829d Make change uniqueIdentifier -> x500UniqueIdentifier clearly visible.
Submitted by:
Reviewed by:
PR: 82
2002-06-12 20:42:04 +00:00
Ben Laurie
461f00dd53 Handle read failures better. 2002-06-11 11:41:26 +00:00
Richard Levitte
1b97c938e9 Document the AES changes. 2002-05-31 13:16:37 +00:00
Bodo Möller
855f0b4f2f fix EVP_dsa_sha macro
Submitted by: Nils Larsch
2002-05-16 12:53:34 +00:00
Dr. Stephen Henson
38dbcb2248 Oops, forgot CHANGES entry and description:
Allow reuse of cipher contexts by removing
automatic cleanup in EVP_*Final().
2002-05-15 18:23:07 +00:00
Dr. Stephen Henson
1c511bdb7c Fallback to normal multiply if n2 == 8 and dna or dnb is not zero
in bn_mul_recursive.

This is (hopefully) what was triggering bignum errors on 64 bit
platforms and causing the BN_mod_mul test to fail.
2002-05-10 22:22:55 +00:00
Bodo Möller
aa9fed8cc2 refer to latest draft for AES ciphersuites 2002-05-07 07:56:09 +00:00
Bodo Möller
29f6a99432 disable AES ciphersuites unless explicitly requested 2002-05-05 23:47:09 +00:00
Lutz Jänicke
fb0f53b2e0 Fix escaping when using the -subj option of "openssl req", document
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
Submitted by:
Reviewed by:
PR: #2
2002-04-30 12:10:10 +00:00
Bodo Möller
dfc5336975 Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
encoded as NULL) with id-dsa-with-sha1.

Submitted by: Nils Larsch
2002-04-26 08:29:18 +00:00
Bodo Möller
d4a67e3186 check return values
Submitted by: Nils Larsch
2002-04-17 09:31:02 +00:00
Lutz Jänicke
18e10315e5 Document OID changes.
Submitted by:
Reviewed by:
PR:
2002-04-15 14:17:20 +00:00
Lutz Jänicke
a6198b9ed1 Some more OID enhancements.
Submitted by:
Reviewed by:
PR:
2002-04-15 10:38:37 +00:00
Lutz Jänicke
a7be294ed7 Fix CRLF problem in BASE64 decode.
Submitted by:
Reviewed by:
PR:
2002-04-15 09:53:47 +00:00
Bodo Möller
a9ab63c01c Implement known-IV countermeasure.
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-04-13 22:51:26 +00:00
Bodo Möller
2d96549cd0 looks like a typo 2002-04-12 13:51:42 +00:00
Bodo Möller
b48892d403 synchronize with main branch 2002-04-12 13:46:46 +00:00
Lutz Jänicke
9be529f12d In preparation of 0.9.7: re-order changelog, so that the changes
are listed as of ... -> 0.9.6c -> 0.9.6d -> 0.9.7
Submitted by:
Reviewed by:
PR:
2002-04-10 19:50:23 +00:00
Bodo Möller
2826fcc851 add usage examples 2002-04-09 11:53:51 +00:00
Lutz Jänicke
ce34d0ac09 Fix buggy object definitions (Svenning Sorensen <sss@sss.dnsalias.net>).
Submitted by:
Reviewed by:
PR:
2002-04-04 17:49:39 +00:00
Lutz Jänicke
75b9c0044c Make short names of objects RFC2256-compliant.
Submitted by:
Reviewed by:
PR:
2002-03-26 17:15:32 +00:00
Richard Levitte
600b77a93f Add the possibility to enable olde des support, not just disable it, for future support. Redocument 2002-03-26 14:26:08 +00:00
Bodo Möller
afcf54a5c9 fix DH_generate_parameters for general 'generator' 2002-03-20 16:02:46 +00:00
Lutz Jänicke
3671e38af4 Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>).
Submitted by:
Reviewed by:
PR:
2002-03-19 16:44:26 +00:00
Bodo Möller
0bdbc5a86e fix ssl3_pending 2002-03-15 10:52:03 +00:00
Lutz Jänicke
abecef77cf Add missing strength classification.
Submitted by:
Reviewed by:
PR:
2002-03-14 18:47:51 +00:00
Dr. Stephen Henson
c913cf446f ENGINE module additions.
Add "init" command to control ENGINE
initialization.

Call ENGINE_finish on initialized ENGINEs on exit.

Reorder shutdown in apps.c: modules should be shut
down first.

Add test private key loader to openssl ENGINE: this
just loads a private key in PEM format.

Fix print format for dh length parameter.
2002-03-06 14:09:46 +00:00
Richard Levitte
cea698f19c Document the added modes for AES 2002-02-28 11:30:42 +00:00
Bodo Möller
48781ef7f7 Add 'void *' argument to app_verify_callback.
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:55:52 +00:00
Geoff Thorpe
6d1a837df7 This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice
Gittens.
2002-02-27 22:45:48 +00:00
Lutz Jänicke
3b79d2789d Make sure that bad sessions are removed in SSL_clear() (found by
Yoram Zahavi).
Submitted by:
Reviewed by:
PR:
2002-02-26 21:44:07 +00:00
Dr. Stephen Henson
344b3b5ce1 OPENSSL_LOAD_CONF define as in main trunk 2002-02-23 02:09:29 +00:00
Dr. Stephen Henson
0cd8572b2d Config code updates.
CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
2002-02-22 13:58:15 +00:00
Dr. Stephen Henson
9c75b2d931 Use default openssl.cnf if config filename set to NULL and
openssl_conf if appname NULL.
2002-02-19 23:25:18 +00:00
Dr. Stephen Henson
86a0d0234d Add argument to OPENSSL_config() and add flag to
tolerate missing config file.
2002-02-14 23:39:36 +00:00
Richard Levitte
be37dc73f6 At Corinna Vinschen's request, change CygWin32 to Cygwin 2002-02-14 12:29:32 +00:00
Richard Levitte
1fe198b6f9 Update the configuration of CygWin32 to use the new capabilities of
CygWin 1.3.x, which includes thread and shared library support.

Submitted by Corinna Vinschen <vinschen@redhat.com> and modified a
little bit.
2002-02-13 14:44:33 +00:00
Lutz Jänicke
acfe628b6e Make removal from session cache more robust. 2002-02-10 12:46:41 +00:00
Lutz Jänicke
4de920c91d Do not store unneeded data. 2002-02-08 15:15:04 +00:00
Richard Levitte
3cd039dd8f Add notes on the added support for aep and sureware crypto cards in
0.9.7.
2002-02-07 22:15:53 +00:00