Bodo Möller
d349c5f8fd
some updates from 0.9.7-dev
2001-04-12 12:09:07 +00:00
Richard Levitte
fa528639e3
Tagging has been done, move on to development of 0.9.6b.
...
(Hopefully, it will never be needed)
2001-04-05 17:59:14 +00:00
Richard Levitte
4f647957c5
Release OpenSSL 0.9.6a.
...
The tag will be OpenSSL_0_9_6a
2001-04-05 16:43:07 +00:00
Dr. Stephen Henson
592f5c5797
Fix couple of memory leaks in PKCS7_dataDecode().
2001-04-04 22:30:26 +00:00
Bodo Möller
b9a96c0134
don't use shell functions
2001-04-04 16:27:44 +00:00
Richard Levitte
75c3c831db
Incorporate some changes that make OpenSSL compilable in CygWin.
2001-04-04 15:51:36 +00:00
Ulf Möller
323fd27435
Note that alpha.s is no longer used.
2001-03-31 01:19:42 +00:00
Dr. Stephen Henson
ce3fc3956d
Fix asn1_GetSequence() for indefinite length sequences.
2001-03-30 13:42:32 +00:00
Bodo Möller
83c4e75be9
Use enhanced bctest (as in main trunk), and add a workaround that
...
should solve the problems with FreeBSD's /bin/sh.
2001-03-30 09:23:14 +00:00
Richard Levitte
44924fb2b4
Since there has been reports of clashes between OpenSSL's
...
des_encrypt() and des_encrypt() defined on some systems (Solaris and
Unixware and maybe others), we rename des_encrypt() to des_encrypt1().
This should have very little impact on external software unless
someone has written a mode of DES, since that's all des_encrypt() is
meant for.
2001-03-29 07:45:01 +00:00
Ulf Möller
1777e3fd5e
check the CRT result.
2001-03-28 04:49:39 +00:00
Ulf Möller
509ca689b0
Note the MIPS assembler bug fix.
2001-03-28 02:39:22 +00:00
Richard Levitte
ae17135ab5
Bring in the rest of the corrections for shared libraries from the
...
main trunk.
2001-03-24 12:26:03 +00:00
Bodo Möller
ea09a504ef
Add another "[This change does not apply to 0.9.7.]" line so
...
that we can combine the CHANGES files later on.
2001-03-22 14:56:55 +00:00
Dr. Stephen Henson
8d82218269
Fix bug in PKCS#7 decode routines when indefinite length
...
encoding is used inside definite length encoding.
2001-03-22 13:49:15 +00:00
Bodo Möller
a8e738f9ad
Harmonize CHANGES and STATUS files between the 0.9.6a branch and
...
the trunk to keep diffs small.
2001-03-22 10:59:18 +00:00
Dr. Stephen Henson
0bf5d40787
Fix PKCS#12 key generation bug.
2001-03-18 02:10:25 +00:00
Richard Levitte
9f56705f96
The change on handling shared libraries was never applied in
...
0.9.6a-dev...
2001-03-15 21:44:17 +00:00
Bodo Möller
ba61b14f1d
More err_data memory leaks
2001-03-15 11:33:00 +00:00
Ulf Möller
42b848bcf1
that was useless - still fails with GCC
2001-03-13 07:12:02 +00:00
Ulf Möller
a1c769a5f6
Alpha workaround. This is a lot slower!
2001-03-13 06:31:36 +00:00
Bodo Möller
2c89d56a1d
fix memory leak in err.c
2001-03-12 18:39:47 +00:00
Bodo Möller
ba41d8a556
ssl23_peek
2001-03-08 21:56:34 +00:00
Ulf Möller
5fb0aa6487
Note the rand_win.c change
2001-03-08 16:58:07 +00:00
Richard Levitte
3e0d891828
SSLv2 session reuse bugfix from main development branch.
2001-03-05 14:52:30 +00:00
Dr. Stephen Henson
95d334f2db
Fix bug in copy_email() which would not
...
find emailAddress at start of subject name.
2001-03-01 13:33:53 +00:00
Ulf Möller
98486a9310
improved bignum test as in 0.9.7.
...
We need this to find out if the bignum failures on Irix and Alpha are
caused by new 0.9.7 code or just aren't triggered in the 0.9.6 test suite.
2001-02-27 23:00:42 +00:00
Geoff Thorpe
4910cbf6db
Backfit a bugfix from 0.9.7-dev to 0.9.6-stable. init() and finish()
...
handlers were previously getting called before (and after, respectively)
the "ex_data" structures - this meant init() had very little that it
could initialise, and finish() had very little it could cleanup.
2001-02-24 17:32:34 +00:00
Dr. Stephen Henson
75090e0365
Stop PKCS7_verify() core dumping with unknown public
...
key algorithms and leaking if the signature verify
fails.
2001-02-24 01:46:46 +00:00
Bodo Möller
6d82a20624
Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
...
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
2001-02-20 08:22:25 +00:00
Ulf Möller
15ed15d3e4
OPENSSL_issetugid() as in the main branch.
2001-02-19 23:57:18 +00:00
Bodo Möller
b6fefec364
Memory leak checking bugfixes for multi-threading.
2001-02-19 10:30:13 +00:00
Lutz Jänicke
6a0fb6083c
Move entry to match chronologic ordering.
2001-02-15 14:19:43 +00:00
Lutz Jänicke
0dbfc1da4a
Add '-rand' option to s_server and s_client.
2001-02-15 10:35:29 +00:00
Ulf Möller
f945040633
IRIX bugfix
2001-02-14 00:23:27 +00:00
Dr. Stephen Henson
e15abbc69f
Make X509_NAME produce correct encoding when empty.
2001-02-12 03:16:13 +00:00
Dr. Stephen Henson
c6b523d3dd
Workaround for libsafe "error".
2001-02-12 03:04:59 +00:00
Ulf Möller
38b3a46ffa
DSA fix from main branch.
2001-02-07 22:35:11 +00:00
Ulf Möller
60b3b2c9d0
EBCDIC bug fix from main branch.
2001-02-07 22:13:10 +00:00
Bodo Möller
c7410f2693
Avoid coredumps for CONF_get_...(NULL, ...)
2001-02-06 10:14:57 +00:00
Richard Levitte
28b1bceb2f
0.9.6a will not be release in Y2K. :-)
2001-02-05 13:32:33 +00:00
Dr. Stephen Henson
2e1d669cba
Tolerate some "variations" used in some
...
certificates.
One is a valid CA which has no basicConstraints
but does have certSign keyUsage.
Other is S/MIME signer with nonRepudiation but
no digitalSignature.
2001-02-01 02:03:58 +00:00
Richard Levitte
3b1f393ae7
Transport from development branch.
2001-01-30 13:54:44 +00:00
Lutz Jänicke
61433519af
Backported manual pages from 0.9.7.
2001-01-28 18:35:10 +00:00
Dr. Stephen Henson
7a60df7dd3
New ASN1 macros which will encode an empty SEQUENCE OF.
...
Fix CRL encoders to encode empty SEQUENCE OF.
The old code was breaking CRL signatures.
Note: it is best to add new macros because changing the
old ones could break other code which expects that behaviour.
None of this is needed with the new ASN1 code anyway...
2001-01-28 14:18:20 +00:00
Dr. Stephen Henson
de0b3ab7fb
Zero the premaster secret after deriving the master secret in DH
...
ciphersuites.
2001-01-25 13:20:39 +00:00
Bodo Möller
c4fd88f519
EVP_add_digest_alias additions to SSL_library_init
2001-01-23 16:38:15 +00:00
Ulf Möller
0a0a261d64
Irix fix as in main branch
2001-01-23 16:29:06 +00:00
Ulf Möller
70f74dd946
remove newline
2001-01-21 18:51:01 +00:00
Ulf Möller
92fdeb37a0
config bug fixes from the main branch.
2001-01-21 18:48:11 +00:00
Bodo Möller
ffac355834
Fix openssl passwd -1
2001-01-19 07:38:55 +00:00
Dr. Stephen Henson
8bcceacf34
Fix PKCS#12 PBE routines to cope with passwords
...
from PEM callbacks which are not null terminated.
2001-01-14 14:14:45 +00:00
Bodo Möller
f99267cffc
Fix C code generate by 'openssl dsaparam -C'.
2001-01-10 14:27:04 +00:00
Dr. Stephen Henson
5860ecb8ec
Fix uni2asc() so it can properly convert zero length
...
unicode strings. Certain PKCS#12 files contain these
in BMPStrings and it used to crash on them.
2001-01-10 01:14:23 +00:00
Bodo Möller
beaea31a96
Finish SSL_peek/SSL_pending fixes.
2000-12-26 12:06:48 +00:00
Bodo Möller
a9c3dc60b9
Fix SSL_peek and SSL_pending.
2000-12-25 18:41:37 +00:00
Bodo Möller
2fb0c899c6
Include CRYPTO_mem_leaks deadlock fix.
2000-12-20 10:07:31 +00:00
Bodo Möller
cbfa030de7
Don't hold CRYPTO_LOCK_RSA during time-consuming operations.
2000-12-19 12:19:16 +00:00
Bodo Möller
bb617a9646
Obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX
...
structures and setting rsa->_method_mod_{n,p,q}.
Submitted by: "Reddie, Steven" <Steven.Reddie@ca.com>
2000-12-18 16:36:07 +00:00
Bodo Möller
fc4868cb47
Increase wbuf by one byte to fix the bug reported by
...
Eric Day <eday@concentric.net> to openssl-dev@openssl.org ,
Message-ID: <20001218013437.A5526@concentric.net>
2000-12-18 11:23:23 +00:00
Bodo Möller
2452e013aa
The first step towards a SSL_peek fix.
...
The main thing to verify about these changes is that nothing at all
has changed, as far as behaviour is concerned (except that some
SSLerr() invocations now have a different function code): SSL_read
(ssl2_read, ssl3_read) behaves exactly as before, and SSL_peek refuses
to do any work exactly as before. But now the functions actually
doing the work have a 'peek' flag, so it should be easy to change them
to behave accordingly.
2000-12-14 17:34:42 +00:00
Ulf Möller
99cf5acd5c
fix for Borland C
2000-12-01 03:06:55 +00:00
Bodo Möller
d2c38b1c73
Fix BN_rshift.
2000-11-30 22:35:52 +00:00
Lutz Jänicke
673d7ac121
Store verify_result with sessions to avoid potential security hole.
...
For the server side this was already done one year ago :-(
2000-11-29 18:12:32 +00:00
Bodo Möller
666d437538
Disable SSL_peek.
2000-11-28 11:14:39 +00:00
Bodo Möller
ddf72ed59f
SSL_CTX-related fixes.
2000-11-08 10:09:10 +00:00
Richard Levitte
bee4756251
Fix from main trunk, 2000-10-15 01:51 steve:
...
Fix for typo in certificate directory lookup code.
2000-10-27 20:09:13 +00:00
Richard Levitte
24802a6d91
Fix from main trunk, 2000-09-26 13:39 bodo:
...
Note read_ahead-flag related fixes.
2000-10-11 09:16:47 +00:00
Richard Levitte
1f1f23a882
Fix from main trunk, 2000-09-25 13:12 levitte:
...
Document the change.
2000-10-11 02:28:39 +00:00
Richard Levitte
0e8f2fdfdd
Time to build the release. Bump the version info accordingly.
2000-09-24 15:21:30 +00:00
Ulf Möller
d49da3aa5b
Add some missing info.
2000-09-23 05:17:40 +00:00
Bodo Möller
5a5accdd64
typo
2000-09-22 21:45:49 +00:00
Bodo Möller
f1192b7f2e
Avoid protocol rollback.
2000-09-22 21:39:33 +00:00
Dr. Stephen Henson
dbba890cf1
Only use the new informational verify codes if we
...
specifically ask for them.
Fix typo in docs.
2000-09-22 21:32:08 +00:00
Dr. Stephen Henson
6cffb201f3
Fix ASN1_TYPE bug.
2000-09-21 18:57:00 +00:00
Richard Levitte
645749ef98
On VMS, stdout may very well lead to a file that is written to in a
...
record-oriented fashion. That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it. This can be very confusing.
The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record. Voila, BIO_f_linebuffer() is born.
Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this. After
the release, this BIO method will be enabled on all other platforms as
well.
2000-09-20 13:55:50 +00:00
Bodo Möller
fe03519704
Totally remove the supposedly 'faster' variant in
...
BN_mod_mul_montgomery, which calls bn_sqr_recursive
without much preparation.
bn_sqr_recursive requires the length of its argument to be
a power of 2, which is not always the case here.
There's no reason for not using BN_sqr -- if a simpler
approach to squaring made sense, then why not change
BN_sqr? (Using BN_sqr should also speed up DH where g is chosen
such that it becomes small [e.g., 2] when converted
to Montgomery representation.)
Case closed :-)
2000-09-19 23:25:00 +00:00
Bodo Möller
cb1fbf8e6a
Clarification about Montgomery problem
2000-09-19 23:06:14 +00:00
Bodo Möller
a45bd29535
Document BN_mod_mul_montgomery bug;
...
make disabled code slightly more correct (this does not solve
the problem though).
2000-09-19 18:02:15 +00:00
Dr. Stephen Henson
730e37edb6
Work around for Netscape PKCS#7 signedData bug.
2000-09-18 12:30:57 +00:00
Bodo Möller
07fcf422a1
Rename new BIO_set_shutdown_wr macro to just BIO_shutdown_wr
...
(it's similar to the shutdown(..., SHUT_WR) system call
for sockets).
2000-09-17 01:23:53 +00:00
Richard Levitte
0e05f54516
A DSO method for VMS was missing, and I had the code lying around...
2000-09-15 21:22:50 +00:00
Ulf Möller
1d84fd64fc
Bug fix: Montgomery multiplication could produce results with the wrong
...
sign.
2000-09-14 18:37:53 +00:00
Richard Levitte
775bcebde5
Add Damien Miller's RPM specification file with a few modifications.
2000-09-14 15:28:44 +00:00
Richard Levitte
cc99526db1
Add a number of documentation files, mostly for SSL routines, but also
...
for a few BIO routines.
Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-09-14 13:11:56 +00:00
Richard Levitte
72660f5f15
Add a configuration for Sony News 4.
...
Submitted by NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>
2000-09-14 12:48:48 +00:00
Ulf Möller
523d778aef
The other log message should have read "Note the DSA change".
2000-09-13 02:01:35 +00:00
Ulf Möller
5401c4c2bf
Not the DSA change.
2000-09-13 01:48:05 +00:00
Bodo Möller
54f10e6adc
New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default
...
behaviour that SSL_read may result in SSL_ERROR_WANT_READ.
2000-09-12 20:28:30 +00:00
Ben Laurie
2959f292db
Document an old change.
2000-09-11 17:58:09 +00:00
Richard Levitte
97d8e82c4c
Marin Kraemer <Martin.Kraemer@MchP.Siemens.De> sent us patches to make
...
the OpenSSL commands x50 and req work better on a EBCDIC system.
2000-09-10 14:45:19 +00:00
Dr. Stephen Henson
84b65340e1
Two new PKCS#12 demo programs.
...
Update PKCS12_parse().
Make the keyid in certificate aux info more usable.
2000-09-07 23:14:26 +00:00
Dr. Stephen Henson
f50c11ca40
Ugh, BIO_find_type() cannot be passed a NULL.
...
Fix doc example, and fix BIO_find_type().
Fix PKCS7_verify(). It was using 'i' for both the
loop variable and the verify return value.
2000-09-07 17:42:25 +00:00
Richard Levitte
948d0125db
Major hack of mkdef.pl. There should be no more need to redo the
...
process when some symbols are missing. Instead, all needed info is
saved in the .num files, including what conditions are needed for a
specific symbol to exist.
This was needed for the work I'm doing with shared libraries under
VMS.
2000-09-07 08:43:08 +00:00
Dr. Stephen Henson
bbb720034a
Fix typo in rsautl.
...
Add support for settable verify time in X509_verify_cert().
Document rsautl utility.
2000-09-05 22:30:38 +00:00
Dr. Stephen Henson
2f043896d1
*BIG* verify code reorganisation.
...
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.
The new code performs several tests on a candidate issuer
certificate based on certificate extensions.
It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.
Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...
This must have broken something though :-(
2000-09-05 17:53:58 +00:00
Dr. Stephen Henson
34216c0422
Keep a not of original encoding in certificate requests.
...
Add new option to PKCS7_sign to exclude S/MIME capabilities.
2000-09-05 13:27:57 +00:00
Bodo Möller
22c7ea4068
Mention fix in bio_lib.c.
2000-09-05 12:46:10 +00:00
Bodo Möller
affadbef0b
Consistency
2000-09-04 15:47:17 +00:00
Bodo Möller
bbb8de0966
Avoid abort() throughout the library, except when preprocessor
...
symbols for debugging are defined.
2000-09-04 15:34:43 +00:00