Commit graph

737 commits

Author SHA1 Message Date
Bodo Möller
d349c5f8fd some updates from 0.9.7-dev 2001-04-12 12:09:07 +00:00
Richard Levitte
fa528639e3 Tagging has been done, move on to development of 0.9.6b.
(Hopefully, it will never be needed)
2001-04-05 17:59:14 +00:00
Richard Levitte
4f647957c5 Release OpenSSL 0.9.6a.
The tag will be OpenSSL_0_9_6a
2001-04-05 16:43:07 +00:00
Dr. Stephen Henson
592f5c5797 Fix couple of memory leaks in PKCS7_dataDecode(). 2001-04-04 22:30:26 +00:00
Bodo Möller
b9a96c0134 don't use shell functions 2001-04-04 16:27:44 +00:00
Richard Levitte
75c3c831db Incorporate some changes that make OpenSSL compilable in CygWin. 2001-04-04 15:51:36 +00:00
Ulf Möller
323fd27435 Note that alpha.s is no longer used. 2001-03-31 01:19:42 +00:00
Dr. Stephen Henson
ce3fc3956d Fix asn1_GetSequence() for indefinite length sequences. 2001-03-30 13:42:32 +00:00
Bodo Möller
83c4e75be9 Use enhanced bctest (as in main trunk), and add a workaround that
should solve the problems with FreeBSD's /bin/sh.
2001-03-30 09:23:14 +00:00
Richard Levitte
44924fb2b4 Since there has been reports of clashes between OpenSSL's
des_encrypt() and des_encrypt() defined on some systems (Solaris and
Unixware and maybe others), we rename des_encrypt() to des_encrypt1().
This should have very little impact on external software unless
someone has written a mode of DES, since that's all des_encrypt() is
meant for.
2001-03-29 07:45:01 +00:00
Ulf Möller
1777e3fd5e check the CRT result. 2001-03-28 04:49:39 +00:00
Ulf Möller
509ca689b0 Note the MIPS assembler bug fix. 2001-03-28 02:39:22 +00:00
Richard Levitte
ae17135ab5 Bring in the rest of the corrections for shared libraries from the
main trunk.
2001-03-24 12:26:03 +00:00
Bodo Möller
ea09a504ef Add another "[This change does not apply to 0.9.7.]" line so
that we can combine the CHANGES files later on.
2001-03-22 14:56:55 +00:00
Dr. Stephen Henson
8d82218269 Fix bug in PKCS#7 decode routines when indefinite length
encoding is used inside definite length encoding.
2001-03-22 13:49:15 +00:00
Bodo Möller
a8e738f9ad Harmonize CHANGES and STATUS files between the 0.9.6a branch and
the trunk to keep diffs small.
2001-03-22 10:59:18 +00:00
Dr. Stephen Henson
0bf5d40787 Fix PKCS#12 key generation bug. 2001-03-18 02:10:25 +00:00
Richard Levitte
9f56705f96 The change on handling shared libraries was never applied in
0.9.6a-dev...
2001-03-15 21:44:17 +00:00
Bodo Möller
ba61b14f1d More err_data memory leaks 2001-03-15 11:33:00 +00:00
Ulf Möller
42b848bcf1 that was useless - still fails with GCC 2001-03-13 07:12:02 +00:00
Ulf Möller
a1c769a5f6 Alpha workaround. This is a lot slower! 2001-03-13 06:31:36 +00:00
Bodo Möller
2c89d56a1d fix memory leak in err.c 2001-03-12 18:39:47 +00:00
Bodo Möller
ba41d8a556 ssl23_peek 2001-03-08 21:56:34 +00:00
Ulf Möller
5fb0aa6487 Note the rand_win.c change 2001-03-08 16:58:07 +00:00
Richard Levitte
3e0d891828 SSLv2 session reuse bugfix from main development branch. 2001-03-05 14:52:30 +00:00
Dr. Stephen Henson
95d334f2db Fix bug in copy_email() which would not
find emailAddress at start of subject name.
2001-03-01 13:33:53 +00:00
Ulf Möller
98486a9310 improved bignum test as in 0.9.7.
We need this to find out if the bignum failures on Irix and Alpha are
caused by new 0.9.7 code or just aren't triggered in the 0.9.6 test suite.
2001-02-27 23:00:42 +00:00
Geoff Thorpe
4910cbf6db Backfit a bugfix from 0.9.7-dev to 0.9.6-stable. init() and finish()
handlers were previously getting called before (and after, respectively)
the "ex_data" structures - this meant init() had very little that it
could initialise, and finish() had very little it could cleanup.
2001-02-24 17:32:34 +00:00
Dr. Stephen Henson
75090e0365 Stop PKCS7_verify() core dumping with unknown public
key algorithms and leaking if the signature verify
fails.
2001-02-24 01:46:46 +00:00
Bodo Möller
6d82a20624 Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
Mention BN_[pseudo_]rand with top=-1 in CHANGES.
2001-02-20 08:22:25 +00:00
Ulf Möller
15ed15d3e4 OPENSSL_issetugid() as in the main branch. 2001-02-19 23:57:18 +00:00
Bodo Möller
b6fefec364 Memory leak checking bugfixes for multi-threading. 2001-02-19 10:30:13 +00:00
Lutz Jänicke
6a0fb6083c Move entry to match chronologic ordering. 2001-02-15 14:19:43 +00:00
Lutz Jänicke
0dbfc1da4a Add '-rand' option to s_server and s_client. 2001-02-15 10:35:29 +00:00
Ulf Möller
f945040633 IRIX bugfix 2001-02-14 00:23:27 +00:00
Dr. Stephen Henson
e15abbc69f Make X509_NAME produce correct encoding when empty. 2001-02-12 03:16:13 +00:00
Dr. Stephen Henson
c6b523d3dd Workaround for libsafe "error". 2001-02-12 03:04:59 +00:00
Ulf Möller
38b3a46ffa DSA fix from main branch. 2001-02-07 22:35:11 +00:00
Ulf Möller
60b3b2c9d0 EBCDIC bug fix from main branch. 2001-02-07 22:13:10 +00:00
Bodo Möller
c7410f2693 Avoid coredumps for CONF_get_...(NULL, ...) 2001-02-06 10:14:57 +00:00
Richard Levitte
28b1bceb2f 0.9.6a will not be release in Y2K. :-) 2001-02-05 13:32:33 +00:00
Dr. Stephen Henson
2e1d669cba Tolerate some "variations" used in some
certificates.

One is a valid CA which has no basicConstraints
but does have certSign keyUsage.

Other is S/MIME signer with nonRepudiation but
no digitalSignature.
2001-02-01 02:03:58 +00:00
Richard Levitte
3b1f393ae7 Transport from development branch. 2001-01-30 13:54:44 +00:00
Lutz Jänicke
61433519af Backported manual pages from 0.9.7. 2001-01-28 18:35:10 +00:00
Dr. Stephen Henson
7a60df7dd3 New ASN1 macros which will encode an empty SEQUENCE OF.
Fix CRL encoders to encode empty SEQUENCE OF.

The old code was breaking CRL signatures.

Note: it is best to add new macros because changing the
old ones could break other code which expects that behaviour.
None of this is needed with the new ASN1 code anyway...
2001-01-28 14:18:20 +00:00
Dr. Stephen Henson
de0b3ab7fb Zero the premaster secret after deriving the master secret in DH
ciphersuites.
2001-01-25 13:20:39 +00:00
Bodo Möller
c4fd88f519 EVP_add_digest_alias additions to SSL_library_init 2001-01-23 16:38:15 +00:00
Ulf Möller
0a0a261d64 Irix fix as in main branch 2001-01-23 16:29:06 +00:00
Ulf Möller
70f74dd946 remove newline 2001-01-21 18:51:01 +00:00
Ulf Möller
92fdeb37a0 config bug fixes from the main branch. 2001-01-21 18:48:11 +00:00
Bodo Möller
ffac355834 Fix openssl passwd -1 2001-01-19 07:38:55 +00:00
Dr. Stephen Henson
8bcceacf34 Fix PKCS#12 PBE routines to cope with passwords
from PEM callbacks which are not null terminated.
2001-01-14 14:14:45 +00:00
Bodo Möller
f99267cffc Fix C code generate by 'openssl dsaparam -C'. 2001-01-10 14:27:04 +00:00
Dr. Stephen Henson
5860ecb8ec Fix uni2asc() so it can properly convert zero length
unicode strings. Certain PKCS#12 files contain these
in BMPStrings and it used to crash on them.
2001-01-10 01:14:23 +00:00
Bodo Möller
beaea31a96 Finish SSL_peek/SSL_pending fixes. 2000-12-26 12:06:48 +00:00
Bodo Möller
a9c3dc60b9 Fix SSL_peek and SSL_pending. 2000-12-25 18:41:37 +00:00
Bodo Möller
2fb0c899c6 Include CRYPTO_mem_leaks deadlock fix. 2000-12-20 10:07:31 +00:00
Bodo Möller
cbfa030de7 Don't hold CRYPTO_LOCK_RSA during time-consuming operations. 2000-12-19 12:19:16 +00:00
Bodo Möller
bb617a9646 Obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX
structures and setting rsa->_method_mod_{n,p,q}.

Submitted by: "Reddie, Steven" <Steven.Reddie@ca.com>
2000-12-18 16:36:07 +00:00
Bodo Möller
fc4868cb47 Increase wbuf by one byte to fix the bug reported by
Eric Day <eday@concentric.net> to openssl-dev@openssl.org,
Message-ID: <20001218013437.A5526@concentric.net>
2000-12-18 11:23:23 +00:00
Bodo Möller
2452e013aa The first step towards a SSL_peek fix.
The main thing to verify about these changes is that nothing at all
has changed, as far as behaviour is concerned (except that some
SSLerr() invocations now have a different function code): SSL_read
(ssl2_read, ssl3_read) behaves exactly as before, and SSL_peek refuses
to do any work exactly as before.  But now the functions actually
doing the work have a 'peek' flag, so it should be easy to change them
to behave accordingly.
2000-12-14 17:34:42 +00:00
Ulf Möller
99cf5acd5c fix for Borland C 2000-12-01 03:06:55 +00:00
Bodo Möller
d2c38b1c73 Fix BN_rshift. 2000-11-30 22:35:52 +00:00
Lutz Jänicke
673d7ac121 Store verify_result with sessions to avoid potential security hole.
For the server side this was already done one year ago :-(
2000-11-29 18:12:32 +00:00
Bodo Möller
666d437538 Disable SSL_peek. 2000-11-28 11:14:39 +00:00
Bodo Möller
ddf72ed59f SSL_CTX-related fixes. 2000-11-08 10:09:10 +00:00
Richard Levitte
bee4756251 Fix from main trunk, 2000-10-15 01:51 steve:
Fix for typo in certificate directory lookup code.
2000-10-27 20:09:13 +00:00
Richard Levitte
24802a6d91 Fix from main trunk, 2000-09-26 13:39 bodo:
Note read_ahead-flag related fixes.
2000-10-11 09:16:47 +00:00
Richard Levitte
1f1f23a882 Fix from main trunk, 2000-09-25 13:12 levitte:
Document the change.
2000-10-11 02:28:39 +00:00
Richard Levitte
0e8f2fdfdd Time to build the release. Bump the version info accordingly. 2000-09-24 15:21:30 +00:00
Ulf Möller
d49da3aa5b Add some missing info. 2000-09-23 05:17:40 +00:00
Bodo Möller
5a5accdd64 typo 2000-09-22 21:45:49 +00:00
Bodo Möller
f1192b7f2e Avoid protocol rollback. 2000-09-22 21:39:33 +00:00
Dr. Stephen Henson
dbba890cf1 Only use the new informational verify codes if we
specifically ask for them.

Fix typo in docs.
2000-09-22 21:32:08 +00:00
Dr. Stephen Henson
6cffb201f3 Fix ASN1_TYPE bug. 2000-09-21 18:57:00 +00:00
Richard Levitte
645749ef98 On VMS, stdout may very well lead to a file that is written to in a
record-oriented fashion.  That means that every write() will write a
separate record, which will be read separately by the programs trying
to read from it.  This can be very confusing.

The solution is to put a BIO filter in the way that will buffer text
until a linefeed is reached, and then write everything a line at a
time, so every record written will be an actual line, not chunks of
lines and not (usually doesn't happen, but I've seen it once) several
lines in one record.  Voila, BIO_f_linebuffer() is born.

Since we're so close to release time, I'm making this VMS-only for
now, just to make sure no code is needlessly broken by this.  After
the release, this BIO method will be enabled on all other platforms as
well.
2000-09-20 13:55:50 +00:00
Bodo Möller
fe03519704 Totally remove the supposedly 'faster' variant in
BN_mod_mul_montgomery, which calls bn_sqr_recursive
without much preparation.

bn_sqr_recursive requires the length of its argument to be
a power of 2, which is not always the case here.
There's no reason for not using BN_sqr -- if a simpler
approach to squaring made sense, then why not change
BN_sqr?  (Using BN_sqr should also speed up DH where g is chosen
such that it becomes small [e.g., 2] when converted
to Montgomery representation.)

Case closed :-)
2000-09-19 23:25:00 +00:00
Bodo Möller
cb1fbf8e6a Clarification about Montgomery problem 2000-09-19 23:06:14 +00:00
Bodo Möller
a45bd29535 Document BN_mod_mul_montgomery bug;
make disabled code slightly more correct (this does not solve
the problem though).
2000-09-19 18:02:15 +00:00
Dr. Stephen Henson
730e37edb6 Work around for Netscape PKCS#7 signedData bug. 2000-09-18 12:30:57 +00:00
Bodo Möller
07fcf422a1 Rename new BIO_set_shutdown_wr macro to just BIO_shutdown_wr
(it's similar to the shutdown(..., SHUT_WR) system call
for sockets).
2000-09-17 01:23:53 +00:00
Richard Levitte
0e05f54516 A DSO method for VMS was missing, and I had the code lying around... 2000-09-15 21:22:50 +00:00
Ulf Möller
1d84fd64fc Bug fix: Montgomery multiplication could produce results with the wrong
sign.
2000-09-14 18:37:53 +00:00
Richard Levitte
775bcebde5 Add Damien Miller's RPM specification file with a few modifications. 2000-09-14 15:28:44 +00:00
Richard Levitte
cc99526db1 Add a number of documentation files, mostly for SSL routines, but also
for a few BIO routines.
Submitted by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
2000-09-14 13:11:56 +00:00
Richard Levitte
72660f5f15 Add a configuration for Sony News 4.
Submitted by NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>
2000-09-14 12:48:48 +00:00
Ulf Möller
523d778aef The other log message should have read "Note the DSA change". 2000-09-13 02:01:35 +00:00
Ulf Möller
5401c4c2bf Not the DSA change. 2000-09-13 01:48:05 +00:00
Bodo Möller
54f10e6adc New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default
behaviour that SSL_read may result in SSL_ERROR_WANT_READ.
2000-09-12 20:28:30 +00:00
Ben Laurie
2959f292db Document an old change. 2000-09-11 17:58:09 +00:00
Richard Levitte
97d8e82c4c Marin Kraemer <Martin.Kraemer@MchP.Siemens.De> sent us patches to make
the OpenSSL commands x50 and req work better on a EBCDIC system.
2000-09-10 14:45:19 +00:00
Dr. Stephen Henson
84b65340e1 Two new PKCS#12 demo programs.
Update PKCS12_parse().

Make the keyid in certificate aux info more usable.
2000-09-07 23:14:26 +00:00
Dr. Stephen Henson
f50c11ca40 Ugh, BIO_find_type() cannot be passed a NULL.
Fix doc example, and fix BIO_find_type().

Fix PKCS7_verify(). It was using 'i' for both the
loop variable and the verify return value.
2000-09-07 17:42:25 +00:00
Richard Levitte
948d0125db Major hack of mkdef.pl. There should be no more need to redo the
process when some symbols are missing.  Instead, all needed info is
saved in the .num files, including what conditions are needed for a
specific symbol to exist.

This was needed for the work I'm doing with shared libraries under
VMS.
2000-09-07 08:43:08 +00:00
Dr. Stephen Henson
bbb720034a Fix typo in rsautl.
Add support for settable verify time in X509_verify_cert().

Document rsautl utility.
2000-09-05 22:30:38 +00:00
Dr. Stephen Henson
2f043896d1 *BIG* verify code reorganisation.
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.

The new code performs several tests on a candidate issuer
certificate based on certificate extensions.

It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.

Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...

This must have broken something though :-(
2000-09-05 17:53:58 +00:00
Dr. Stephen Henson
34216c0422 Keep a not of original encoding in certificate requests.
Add new option to PKCS7_sign to exclude S/MIME capabilities.
2000-09-05 13:27:57 +00:00
Bodo Möller
22c7ea4068 Mention fix in bio_lib.c. 2000-09-05 12:46:10 +00:00
Bodo Möller
affadbef0b Consistency 2000-09-04 15:47:17 +00:00
Bodo Möller
bbb8de0966 Avoid abort() throughout the library, except when preprocessor
symbols for debugging are defined.
2000-09-04 15:34:43 +00:00