wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
5989 commits 20 branches 302 tags 153 MiB
Commit graph

1056 commits

Author SHA1 Message Date
Bodo Möller
29f6a99432 disable AES ciphersuites unless explicitly requested 2002-05-05 23:47:09 +00:00
Lutz Jänicke
fb0f53b2e0 Fix escaping when using the -subj option of "openssl req", document 
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
Submitted by:
Reviewed by:
PR: #2
 2002-04-30 12:10:10 +00:00
Bodo Möller
dfc5336975 Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not 
encoded as NULL) with id-dsa-with-sha1.

Submitted by: Nils Larsch
 2002-04-26 08:29:18 +00:00
Bodo Möller
d4a67e3186 check return values 
Submitted by: Nils Larsch
 2002-04-17 09:31:02 +00:00
Lutz Jänicke
18e10315e5 Document OID changes. 
Submitted by:
Reviewed by:
PR:
 2002-04-15 14:17:20 +00:00
Lutz Jänicke
a6198b9ed1 Some more OID enhancements. 
Submitted by:
Reviewed by:
PR:
 2002-04-15 10:38:37 +00:00
Lutz Jänicke
a7be294ed7 Fix CRLF problem in BASE64 decode. 
Submitted by:
Reviewed by:
PR:
 2002-04-15 09:53:47 +00:00
Bodo Möller
a9ab63c01c Implement known-IV countermeasure. 
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
 2002-04-13 22:51:26 +00:00
Bodo Möller
2d96549cd0 looks like a typo 2002-04-12 13:51:42 +00:00
Bodo Möller
b48892d403 synchronize with main branch 2002-04-12 13:46:46 +00:00
Lutz Jänicke
9be529f12d In preparation of 0.9.7: re-order changelog, so that the changes 
are listed as of ... -> 0.9.6c -> 0.9.6d -> 0.9.7
Submitted by:
Reviewed by:
PR:
 2002-04-10 19:50:23 +00:00
Bodo Möller
2826fcc851 add usage examples 2002-04-09 11:53:51 +00:00
Lutz Jänicke
ce34d0ac09 Fix buggy object definitions (Svenning Sorensen <sss@sss.dnsalias.net>). 
Submitted by:
Reviewed by:
PR:
 2002-04-04 17:49:39 +00:00
Lutz Jänicke
75b9c0044c Make short names of objects RFC2256-compliant. 
Submitted by:
Reviewed by:
PR:
 2002-03-26 17:15:32 +00:00
Richard Levitte
600b77a93f Add the possibility to enable olde des support, not just disable it, for future support. Redocument 2002-03-26 14:26:08 +00:00
Bodo Möller
afcf54a5c9 fix DH_generate_parameters for general 'generator' 2002-03-20 16:02:46 +00:00
Lutz Jänicke
3671e38af4 Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>). 
Submitted by:
Reviewed by:
PR:
 2002-03-19 16:44:26 +00:00
Bodo Möller
0bdbc5a86e fix ssl3_pending 2002-03-15 10:52:03 +00:00
Lutz Jänicke
abecef77cf Add missing strength classification. 
Submitted by:
Reviewed by:
PR:
 2002-03-14 18:47:51 +00:00
Dr. Stephen Henson
c913cf446f ENGINE module additions. 
Add "init" command to control ENGINE
initialization.

Call ENGINE_finish on initialized ENGINEs on exit.

Reorder shutdown in apps.c: modules should be shut
down first.

Add test private key loader to openssl ENGINE: this
just loads a private key in PEM format.

Fix print format for dh length parameter.
 2002-03-06 14:09:46 +00:00
Richard Levitte
cea698f19c Document the added modes for AES 2002-02-28 11:30:42 +00:00
Bodo Möller
48781ef7f7 Add 'void *' argument to app_verify_callback. 
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
 2002-02-28 10:55:52 +00:00
Geoff Thorpe
6d1a837df7 This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice 
Gittens.
 2002-02-27 22:45:48 +00:00
Lutz Jänicke
3b79d2789d Make sure that bad sessions are removed in SSL_clear() (found by 
Yoram Zahavi).
Submitted by:
Reviewed by:
PR:
 2002-02-26 21:44:07 +00:00
Dr. Stephen Henson
344b3b5ce1 OPENSSL_LOAD_CONF define as in main trunk 2002-02-23 02:09:29 +00:00
Dr. Stephen Henson
0cd8572b2d Config code updates. 
CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
 2002-02-22 13:58:15 +00:00
Dr. Stephen Henson
9c75b2d931 Use default openssl.cnf if config filename set to NULL and 
openssl_conf if appname NULL.
 2002-02-19 23:25:18 +00:00
Dr. Stephen Henson
86a0d0234d Add argument to OPENSSL_config() and add flag to 
tolerate missing config file.
 2002-02-14 23:39:36 +00:00
Richard Levitte
be37dc73f6 At Corinna Vinschen's request, change CygWin32 to Cygwin 2002-02-14 12:29:32 +00:00
Richard Levitte
1fe198b6f9 Update the configuration of CygWin32 to use the new capabilities of 
CygWin 1.3.x, which includes thread and shared library support.

Submitted by Corinna Vinschen <vinschen@redhat.com> and modified a
little bit.
 2002-02-13 14:44:33 +00:00
Lutz Jänicke
acfe628b6e Make removal from session cache more robust. 2002-02-10 12:46:41 +00:00
Lutz Jänicke
4de920c91d Do not store unneeded data. 2002-02-08 15:15:04 +00:00
Richard Levitte
3cd039dd8f Add notes on the added support for aep and sureware crypto cards in 
0.9.7.
 2002-02-07 22:15:53 +00:00
Richard Levitte
b9a3ef4c6e ASN1_BIT_STRING_set_bit() didn't clear previously set bits 2002-02-03 21:31:41 +00:00
Richard Levitte
1199e2d8cf Apply patch from Toomas Kiisk <vix@cyber.ee> and complete it. 2002-01-29 12:36:01 +00:00
Richard Levitte
a3fffd648b Add old patch from Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> to 
make it possible to produce shared libraries on ReliantUNIX.
 2002-01-26 03:17:27 +00:00
Richard Levitte
2d57b73a50 I got a request to make the "old des" symbols more closely tied to 
OpenSSL.  Adding '_ossl' in the name seems to be a good way to do
this.
 2002-01-26 01:14:09 +00:00
Richard Levitte
f14845d999 Apply Neale Ferguson's patch to add a configuration target for linux-s390x 2002-01-25 22:06:59 +00:00
Richard Levitte
80bb905d3d Apply the following changes by Toomas Kiisk <vix@cyber.ee>: 
* make openssl rsa work with -engine chil
* misc changes, including debug-linux-ppro Configure target
  and FORMAT_NETSCAPE-aware load_{,pub}key()

This completes the application of his changes.
 2002-01-25 19:43:52 +00:00
Richard Levitte
8242a6a9fc Document the change in rsautl. 2002-01-25 17:00:56 +00:00
Bodo Möller
a14e2d9dfe New functions 
ERR_peek_last_error
    ERR_peek_last_error_line
    ERR_peek_last_error_line_data
(supersedes ERR_peek_top_error).

Rename OPENSSL_NO_OLD_DES_SUPPORT into OPENSSL_DISABLE_OLD_DES_SUPPORT
because OPENSSL_NO_... indicates disabled algorithms (according to
mkdef.pl).
 2002-01-24 16:16:43 +00:00
Bodo Möller
a8b94d6409 Reword CHANGES entry for _old_des_..., as it was a little complicated 
syntactically.
 2002-01-24 14:05:55 +00:00
Richard Levitte
1285221370 To avoid all kinds of link-level clashes, rename all old des_* 
functions to _old_des_*.
 2002-01-24 12:26:50 +00:00
Lutz Jänicke
9b2f486c9e Document the current behaviour of the DES interface. 2002-01-23 10:12:45 +00:00
Dr. Stephen Henson
df5eaa8a52 default_algorithms option in ENGINE config. 2002-01-22 01:40:18 +00:00
Dr. Stephen Henson
c9501c223f Initial ENGINE config module, docs to follow. 
Fix buffer overrun errors in OPENSSL_conf().
 2002-01-21 03:02:36 +00:00
Bodo Möller
8c74b5e56c Bugfix: In ssl3_accept, don't use a local variable 'got_new_session' 
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
 2002-01-14 23:40:26 +00:00
Bodo Möller
c59ba5b528 Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if 
the SSL_R_LENGTH_MISMATCH error is detected.
 2002-01-14 12:37:59 +00:00
Dr. Stephen Henson
bc37d996fc Experimental configuration code. 
Incomplete, largely untested and subject to change/deletion.
 2002-01-05 01:37:16 +00:00
Bodo Möller
d59fb0dd2f Changes that break something should be included in CHANGES 
to make it easier to fix things.
 2002-01-04 13:27:52 +00:00
Bodo Möller
e5d6528a12 fix EVP_CIPHER_mode macro 
Submitted by: "Dan S. Camper" <dan@bti.net>
 2002-01-04 13:04:45 +00:00
Richard Levitte
6f9079fd50 Because Rijndael is more known as AES, use crypto/aes instead of 
crypto/rijndael.  Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).

This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.
 2002-01-02 16:55:35 +00:00
Ulf Möller
dcbbf83dba ssl3_read_bytes bug fix 
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
 2001-12-28 17:14:35 +00:00
Bodo Möller
3c89d78dba update FAQ and CHANGES file (0.9.6c has been released) 2001-12-21 12:29:52 +00:00
Ben Laurie
7c517a04b1 Security fix. 2001-12-20 12:18:08 +00:00
Bodo Möller
b5348a095d consistency with 0.9.6 stable "CHANGES" 2001-12-17 19:11:03 +00:00
Bodo Möller
66df02fd98 fix BN_rand_range 2001-12-14 10:09:29 +00:00
Dr. Stephen Henson
f3e24baddf Don't overwrite signing time. 2001-12-07 00:36:32 +00:00
Bodo Möller
35e25255e0 crypto/objects stuff 2001-12-03 14:03:23 +00:00
Dr. Stephen Henson
21a85f1977 Add -pubkey option to req command. 2001-12-01 23:03:30 +00:00
Bodo Möller
898f856c44 info on 0.9.6 engine branch 2001-11-23 21:12:44 +00:00
Bodo Möller
883b0c2274 fix submitted by Andy Schneider <andy.schneider@bjss.co.uk> 
(in main branch, hn_ncipher.c is already correct)
 2001-11-23 20:58:40 +00:00
Bodo Möller
1d4581c2dd OS/390 support 
Submitted by: Richard Shapiro <rshapiro@abinitio.com>
 2001-11-22 11:09:42 +00:00
Bodo Möller
76c4336c43 wNAFs use does not bring that much performance on Sparcs (where 
elliptic curves are are relatively faster than on PCs anyway)
 2001-11-16 12:02:01 +00:00
Bodo Möller
3ba1f11147 Improve EC efficiency. 2001-11-15 22:32:11 +00:00
Bodo Möller
1b28ed575b consistency between main branch and stable branch 2001-11-14 21:17:39 +00:00
Bodo Möller
b26ca3408c synchronise with 0.9.6 stable branch 2001-11-12 23:22:29 +00:00
Bodo Möller
83978bd37a information on 0.9.6c-engine 2001-11-12 22:10:15 +00:00
Bodo Möller
c5571db0c2 Add unixware-7-gcc as in 0.9.6 branch (except that we need a 'sys_id' 
field here, which is left empty).

Various configurations are *only* in the 0.9.6 branch at the moment:
  OpenUNIX
  OpenUNIX-8-gcc-shared
  OpenUNIX-8-shared
Either Configure or CHANGES must be changed to rectify the situation.
 2001-11-12 15:31:39 +00:00
Bodo Möller
7aa983c6db Order chronologically: move entry for recent s2_clnt.c/s2_srvr.c fixes 
(nearly) to the top.

Move msg_callback entry to the top as the implementation for SSL 2.0
is based on the s2_clnt.c/s2_srvr.c changes.
 2001-11-10 15:14:00 +00:00
Bodo Möller
2b90b1f344 make code a little more similar to what it looked like before the fixes, 
call ssl2_part_read again to parse error message
 2001-11-10 10:44:15 +00:00
Bodo Möller
cf82191d77 Implement msg_callback for SSL 2.0. 
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
 2001-11-10 01:16:28 +00:00
Richard Levitte
a7b42009c4 Change the shared library support so the shared libraries get built 
sooner and the programs get built against the shared libraries.

This requires a bit more work.  Things like -rpath and the possibility
to still link the programs statically should be included.  Some
cleanup is also needed.  This will be worked on.
 2001-10-30 08:00:59 +00:00
Dr. Stephen Henson
7d5b04db4e Add support for Subject Info Acess extension. 2001-10-27 00:16:53 +00:00
Bodo Möller
48b0cf8b10 Note BUF_MEM_grow() consistency fix. 2001-10-26 14:06:33 +00:00
Bodo Möller
c602e7f4e8 disable caching in BIO_gethostbyname 2001-10-26 13:04:23 +00:00
Dr. Stephen Henson
1fc6d41bf6 New options to allow req to accept UTF8 strings as input. 2001-10-26 12:40:38 +00:00
Ben Laurie
0e21156333 Add paralellism to speed - note that this currently causes a weird memory leak. 2001-10-25 14:27:17 +00:00
Bodo Möller
89da653fa6 Add '-noemailDN' option to 'openssl ca'. This prevents inclusion of 
the e-mail address in the DN (i.e., it will go into a certificate
extension only).  The new configuration file option 'email_in_dn = no'
has the same effect.

Submitted by: Massimiliano Pala madwolf@openca.org
 2001-10-25 08:25:19 +00:00
Bodo Möller
ba1c602281 Assume TLS 1.0 when ClientHello fragment is too short. 2001-10-25 06:09:51 +00:00
Richard Levitte
c2e4f17c1a Due to an increasing number of clashes between modern OpenSSL and 
libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_.  Compatibility routines are provided and declared by including
openssl/des_old.h.  Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.

The compatibility functions will be removed in some future release, at
the latest in version 1.0.
 2001-10-24 21:21:12 +00:00
Bodo Möller
979689aa5c Fix SSL handshake functions and SSL_clear() such that SSL_clear() 
never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.
 2001-10-24 19:03:22 +00:00
Dr. Stephen Henson
50d194af4d Sanitize CHANGES entry. 2001-10-23 00:54:58 +00:00
Dr. Stephen Henson
f1558bb424 Reject certificates with unhandled critical extensions. 2001-10-21 02:09:15 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback(). 
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
 2001-10-20 17:56:36 +00:00
Dr. Stephen Henson
581f1c8494 Modify EVP cipher behaviour in a similar way 
to digests to retain compatibility.
 2001-10-17 00:37:12 +00:00
Dr. Stephen Henson
20d2186c87 Retain compatibility of EVP_DigestInit() and EVP_DigestFinal() 
with existing code.

Modify library to use digest *_ex() functions.
 2001-10-16 01:24:29 +00:00
Bodo Möller
48948d53b6 Change ssl3_get_message and the functions using it so that complete 
'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.

(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)
 2001-10-15 19:49:25 +00:00
Richard Levitte
285046ec51 SSL_add_dir_cert_subjects_to_stack for Win32 finally implemented. 
Submitted by Massimo Santin <msantin@santineassociati.com>.
 2001-10-04 12:27:39 +00:00
Geoff Thorpe
07cee70258 Make an (overdue) note about the recent ENGINE restructuring. Apart from 
a few items however, most of the details are deferred to the
crypto/engine/README file.
 2001-10-01 15:56:25 +00:00
Dr. Stephen Henson
d46c1a8126 Support fractional seconds in GeneralizedTime 2001-09-28 00:44:44 +00:00
Richard Levitte
89eeccacde Two changes: 
1. if there are several symbols with the same entry number, sort those
   symbols in ASCII order.
2. Do not stop reading the header files when "BEGIN ERROR CODES" is
   found, since mkerr.pl will add a function declaration after that
   comment.  Instead, trigger on "Error codes for the \w+ function",
   which is the actual start of the error code macros.

Additionally, a few more debugging printouts that helped.
 2001-09-26 15:06:45 +00:00
Bodo Möller
3b0b5abae3 bugfix: handle HelloRequest received during handshake correctly 2001-09-21 11:18:40 +00:00
Bodo Möller
b49124f6d9 Disable session related stuff in SSL_ST_OK case of ssl3_accept if we 
just sent a HelloRequest.
 2001-09-21 07:01:25 +00:00
Bodo Möller
2260ad21fb Bugfix: correct cleanup after sending a HelloRequest 2001-09-21 00:04:15 +00:00
Bodo Möller
6b0e9facf4 New function SSL_renegotiate_pending(). 
New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
 2001-09-20 22:54:09 +00:00
Bodo Möller
8e2f6b79ea fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case 2001-09-20 21:37:13 +00:00
Bodo Möller
ee60d9fb28 Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't 
reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
 2001-09-20 18:35:52 +00:00
Dr. Stephen Henson
96bd6f730a Add certificate and request demos. 
Fix X509V3 macro so they compile.
 2001-09-12 00:19:20 +00:00
Lutz Jänicke
c0f5dd070b Make maximum certifcate chain size accepted from the peer application 
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
 2001-09-11 13:08:51 +00:00