Commit graph

737 commits

Author SHA1 Message Date
Mark J. Cox
b4bf34ce39 Add an entry for gcc on UnixWare
Submitted by: Gary Benson
Reviewed by: Mark Cox
PR:
2001-11-12 13:22:14 +00:00
Mark J. Cox
f99ac98efb Add assembler implementation for IA-64
Submitted by: Andy Polyakov
Reviewed by: Mark Cox
PR:
2001-11-12 12:49:25 +00:00
Bodo Möller
3f64d0bf3b synchronize with HEAD branch 2001-11-12 11:22:45 +00:00
Bodo Möller
fab972b914 order chronologically: move entry for recent s2_clnt.c/s2_srvr.c fixes to the top 2001-11-10 15:09:47 +00:00
Bodo Möller
a10b85d9e6 make code a little more similar to what it looked like before the fixes 2001-11-10 10:43:51 +00:00
Bodo Möller
a807f6460e important SSL 2.0 bugfixes 2001-11-10 01:15:29 +00:00
Bodo Möller
70bed0ca2d typo 2001-10-26 14:03:51 +00:00
Bodo Möller
e20788700c disable caching in BIO_gethostbyname 2001-10-26 13:03:28 +00:00
Bodo Möller
96ec4ce0d2 Assume TLS 1.0 if ClientHello fragment is too short. 2001-10-25 06:06:50 +00:00
Bodo Möller
38b3e9edde Fix SSL handshake functions and SSL_clear() such that SSL_clear()
never resets s->method to s->ctx->method when called from within one
of the SSL handshake functions.
2001-10-24 19:05:26 +00:00
Bodo Möller
9ccadf1c6f In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
2001-10-20 17:52:40 +00:00
Bodo Möller
2dbdcd9734 Fix ssl3_get_message to handle message fragmentation correctly. 2001-10-15 17:42:43 +00:00
Bodo Möller
029dfa64d4 bugfix: handle HelloRequest received during handshake correctly 2001-09-21 11:19:26 +00:00
Bodo Möller
f8845509b6 Disable session related stuff in SSL_ST_OK case of ssl3_accept if we
just sent a HelloRequest.
2001-09-21 07:01:04 +00:00
Bodo Möller
3f98e1dd11 Bugfix: correct cleanup after sending a HelloRequest 2001-09-21 00:03:00 +00:00
Bodo Möller
e53afa9e9b fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case 2001-09-20 21:36:39 +00:00
Bodo Möller
e41c5bd730 Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
2001-09-20 18:34:36 +00:00
Lutz Jänicke
b90f36d240 Support for OpenUNIX-8 (Boyd Lynn Gerber <gerberb@zenez.com>) 2001-09-07 13:22:41 +00:00
Bodo Möller
a7113d645f improve OAEP check 2001-09-06 10:43:42 +00:00
Ulf Möller
3f345dc653 bn_sqr bug fix as in main 2001-09-05 04:45:45 +00:00
Bodo Möller
f4681b0864 Use uniformly chosen witnesses for Miller-Rabin test
(by using new BN_pseudo_rand_range function)
2001-09-03 13:01:28 +00:00
Lutz Jänicke
a04baf9b5c Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.) 2001-08-25 11:48:35 +00:00
Lutz Jänicke
653cc07b51 Alert description strings for TLSv1 and documentation. 2001-08-19 16:23:57 +00:00
Lutz Jänicke
86cd2530db Bugfixes provided by "Stephen Hinton" <shinton@netopia.com>. 2001-08-16 15:30:37 +00:00
Richard Levitte
ec578380c9 Apply the Tru64 patch from Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu>
His comments are:

1) Changes all references for `True64' to be `Tru64', which is the correct
spelling for the OS name.

2) Makes `alpha-cc' be the same as `alpha164-cc', and adds an `alphaold-cc'
entry that is the same as the previous `alpha-cc'.  The reason is that most
people these days are using the newer compiler, so it should be the default.

3) Adds a bit of commentary to Configure, regarding the name changes of
the OS over the years, so it's not so confusing to people that haven't been
with the OS for a while.

4) Adds an `alpha-cc-rpath' target (which is *not* selected automatically
by Configure under any circumstance) that builds an RPATH into the
shared libraries.  This is explained in the comment in Configure.  It's
very very useful for people that want it, and people that don't want it
just shouldn't choose that target.

5) Adds the `-pthread' flag as the best way to get POSIX thread support
from the newer compiler.

6) Updates the Makefile targets, so that when the `alpha164-cc', `alpha-cc',
or `alpha-cc-rpath' target is what Configure is set to use, it uses a Makefile
target that includes the `-msym' option when building the shared library.
This is a performance enhancement.

7) Updates `config' so that if it detects you're running version 4 or 5
of the OS, it automatically selects `alpha-cc', but uses `alphaold-cc'
for versions 1-3 of the OS.

8) Updates the comment in opensslv.h, fixing both the OS name typo and
adding a reference to IRIX 6.x, since the shared library semantics are
virtually identical there.
2001-08-10 15:25:50 +00:00
Bodo Möller
904de6e4f5 Bugfix: larger message size in ssl3_get_key_exchange() because
ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>
2001-08-07 09:31:03 +00:00
Lutz Jänicke
03a70bad4f Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:48:20 +00:00
Lutz Jänicke
7146221bbe Forgot to mention second fix. 2001-07-30 11:44:14 +00:00
Bodo Möller
1a76a85c93 Undo DH_generate_key() change: s3_srvr.c was using it correctly 2001-07-27 22:34:00 +00:00
Lutz Jänicke
44d4b684f9 Fix problem occuring when used from OpenSSH on Solaris 8. 2001-07-26 09:03:42 +00:00
Bodo Möller
475e21bc7b Don't preserve existing keys in DH_generate_key. 2001-07-25 17:20:16 +00:00
Bodo Möller
5204726bfe md_rand.c thread safety 2001-07-25 17:18:02 +00:00
Bodo Möller
27f3a1bd9c always reject data >= n 2001-07-25 17:03:22 +00:00
Bodo Möller
c6719ffb77 Avoid race condition.
Submitted by: Travis Vitek <vitek@roguewave.com>
2001-07-24 12:33:41 +00:00
Richard Levitte
0410b6c50b Tagging has been done, move on to 0.9.6c-dev. 2001-07-09 15:10:56 +00:00
Richard Levitte
483c4e0682 Add security patch and create release.
Tags will be OpenSSL_0_9_6b and OpenSSL-engine-0_9_6b
2001-07-09 14:36:30 +00:00
Bodo Möller
731e14031c Andy's mips3.s fix (as in main branch). 2001-07-04 20:17:52 +00:00
Lutz Jänicke
93074b2509 When only the key is given to "enc", the IV is undefined
(found by Andy Brown <logic@warthog.com>).
2001-07-03 10:32:30 +00:00
Dr. Stephen Henson
e319a89f84 Handle empty X509_NAME in printing routines. 2001-06-26 12:04:12 +00:00
Bodo Möller
9fa5786340 DSA verification should insist that r and s are in the allowed range. 2001-06-26 09:48:56 +00:00
Dr. Stephen Henson
1b822decb8 Don't set *pointer if add_lock_callback used. 2001-06-19 00:09:20 +00:00
Bodo Möller
dab4c2824f pay attention to blocksize before attempting decryption 2001-06-15 18:06:06 +00:00
Bodo Möller
630c1aedd2 OAEP fix 2001-06-06 21:44:48 +00:00
Bodo Möller
83583e9479 Fix Bleichenbacher PKCS #1 1.5 countermeasure.
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway,
otherwise this would be a security relevant patch.)
2001-06-01 09:43:23 +00:00
Dr. Stephen Henson
39bed15e53 Add missing variable length cipher flag for Blowfish.
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
2001-05-24 23:00:46 +00:00
Dr. Stephen Henson
4b04466f14 Fix for missing DSA parameters. 2001-05-24 22:33:16 +00:00
Bodo Möller
77c6edc1d1 fix an old entry 2001-05-08 12:46:33 +00:00
Bodo Möller
99bd4baa54 .rnd issues 2001-05-03 09:28:19 +00:00
Bodo Möller
ecacb136c5 typo 2001-04-18 15:12:26 +00:00
Bodo Möller
db17ecdae3 fix md_rand.c locking bugs 2001-04-18 15:08:19 +00:00