Commit graph

3794 commits

Author SHA1 Message Date
Ben Laurie
db75357110 Fix memory leak. 2001-08-05 16:13:49 +00:00
Ben Laurie
0713f8abe6 Parameter correction for CIOFSESSION. 2001-08-04 12:16:56 +00:00
Ben Laurie
93d9121a77 Remove extra whitespace. Sorry. 2001-08-03 21:09:21 +00:00
Ben Laurie
92dad6cc84 Reinstate accidentally deleted code. 2001-08-03 19:00:43 +00:00
Ben Laurie
61454a9f8c Get rid of the stuff we, err, got rid of. 2001-08-03 18:52:50 +00:00
Ben Laurie
bb2297a41d Header bloat reduction for EVP_PKEY. 2001-08-03 18:48:35 +00:00
Ben Laurie
75e98d0563 This ghastly hack prevents CVS wars over Kerberos (which is disabled by default). 2001-08-03 18:45:35 +00:00
Lutz Jänicke
e9eb000c53 Oops, one SSL_OP_NON_EXPORT_FIRST was left. 2001-08-03 13:05:44 +00:00
Ben Laurie
1ba01caaa3 Make /dev/crypto work with new EVP structures. 2001-08-03 11:54:37 +00:00
Richard Levitte
5cd6571fae Make sure memcpy() gets properly declared by including string.h. 2001-08-03 10:54:00 +00:00
Bodo Möller
6383bbe525 remove a comma 2001-08-03 09:28:02 +00:00
Lutz Jänicke
06da6e4977 Don't disable rollback attack detection as a recommended bug workaround. 2001-08-03 08:45:13 +00:00
Lutz Jänicke
b72faddc47 Mention removed option. 2001-08-01 10:07:55 +00:00
Lutz Jänicke
d92f0bb6e9 Remove SSL_OP_NON_EXPORT_FIRST:
It did not work, it was deactivated by #if 0/#endif anyway _and_ we now have
the working SSL_OP_CIPHER_SERVER_PREFERENCE.
2001-08-01 10:06:32 +00:00
Richard Levitte
710e5d5639 make update 2001-07-31 17:07:24 +00:00
Richard Levitte
6da980e2b5 Make sure the source file is included among the dependencies. This is
the norm for 'gcc -M' but not for 'makedepend', and is merely
introduced here to avoid commit wars.
2001-07-31 17:02:44 +00:00
Lutz Jänicke
37f599bcec Reworked manual pages with a lot of input from Bodo Moeller. 2001-07-31 15:04:50 +00:00
Ben Laurie
8408f4fbc7 Document DES changes better. 2001-07-31 13:33:58 +00:00
Ben Laurie
534164ef90 Remove old unused stuff. 2001-07-31 12:03:26 +00:00
Lutz Jänicke
e32c852e1e Indent. 2001-07-31 10:19:20 +00:00
Richard Levitte
dbfc0f8c2b Vade retro C++ comments!
(Latin for "comments", anyone?)
2001-07-31 09:15:52 +00:00
Richard Levitte
3728974460 Make as sure as possible that gethostname() will be properly declared. 2001-07-31 08:50:20 +00:00
Richard Levitte
fdc2bbcacb Correct most of the unsigned vs. signed warnings (or int vs. size_t),
and rename some local variables to avoid name shadowing.
2001-07-31 08:45:40 +00:00
Richard Levitte
c2a3358b60 Whoops, my fault, a backslash got converted to a slash... 2001-07-31 08:44:28 +00:00
Richard Levitte
882e891284 More Kerberos SSL changes from Jeffrey Altman <jaltman@columbia.edu>
His comments are:

First, it corrects a problem introduced in the last patch where the
kssl_map_enc() would intentionally return NULL for valid ENCTYPE
values.  This was done to prevent verification of the kerberos 5
authenticator from being performed when Derived Key ciphers were
in use.  Unfortunately, the authenticator verification routine was
not the only place that function was used.  And it caused core dumps.

Second, it attempt to add to SSL_SESSION the Kerberos 5 Client
Principal Name.
2001-07-31 07:21:06 +00:00
Ben Laurie
05bbf78afd Remove //. 2001-07-31 06:47:23 +00:00
Richard Levitte
99ecb90a99 make update 2001-07-31 06:40:10 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Ben Laurie
3ba5d1cf2e Make EVPs allocate context memory, thus making them extensible. Rationalise
DES's keyschedules.

I know these two should be separate, and I'll back out the DES changes if they
are deemed to be an error.

Note that there is a memory leak lurking in SSL somewhere in this version.
2001-07-30 17:46:22 +00:00
Ben Laurie
be2e2c3297 Only set the verify callback if there's one to set! 2001-07-30 17:17:26 +00:00
Andy Polyakov
ed0015284b Just a "get to know your system" bit. 2001-07-30 16:46:37 +00:00
Andy Polyakov
6d03b73e35 Enhanced support for IA-64 Linux and HP-UX (as well as better support for
HP-UX in common in ./config). Note that for the moment of this writing
none of 64-bit platforms pass bntest. I'm committing this anyway as it's
too frustrating to patch snapshots over and over while 0.9.6 is known to
work.
2001-07-30 16:42:15 +00:00
Andy Polyakov
622d3d3592 Support for Intel and HP-UXi assemblers. 2001-07-30 15:54:13 +00:00
Ben Laurie
0e06354402 ANSIfication. 2001-07-30 15:33:46 +00:00
Andy Polyakov
62c271610b Typo in stty command lines. 2001-07-30 14:33:58 +00:00
Lutz Jänicke
db089ad60d Don't miss files... 2001-07-30 11:50:37 +00:00
Lutz Jänicke
1f0c9ad7e1 Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:45:34 +00:00
Lutz Jänicke
06efc222f9 Forgot to mention second fix. 2001-07-30 11:33:53 +00:00
Bodo Möller
de3333bae4 length of secret exponent is needed only when we create one 2001-07-27 22:45:35 +00:00
Bodo Möller
924875e53b Undo DH_generate_key() change: s3_srvr.c was using it correctly 2001-07-27 22:34:25 +00:00
Lutz Jänicke
3a64458217 Another uninitialized static that may lead to problems on Solaris under some
circumstances.
2001-07-27 12:35:27 +00:00
Richard Levitte
ea71c22731 Addapt VMS script to the latest changes in the makefiles. 2001-07-27 07:47:51 +00:00
Dr. Stephen Henson
dc706cd35f Make sure *outl is always initialized in EVP_EncryptUpdate(). 2001-07-27 02:24:47 +00:00
Dr. Stephen Henson
1241126adf More linker bloat reorganisation:
Split private key PEM and normal PEM handling. Private key
handling needs to link in stuff like PKCS#8.

Relocate the ASN1 *_dup() functions, to the relevant ASN1
modules using new macro IMPLEMENT_ASN1_DUP_FUNCTION. Previously
these were all in crypto/x509/x_all.c along with every ASN1
BIO/fp function which linked in *every* ASN1 function if
a single dup was used.

Move the authority key id ASN1 structure to a separate file.
This is used in the X509 routines and its previous location
linked in all the v3 extension code.

Also move ASN1_tag2bit to avoid linking in a_bytes.c which
is now largely obsolete.

So far under Linux stripped binary with single PEM_read_X509
is now 238K compared to 380K before these changes.
2001-07-27 02:22:42 +00:00
Dr. Stephen Henson
19da130053 First of several reorganisations to
reduce linker bloat. For example the
single line:

PEM_read_X509()

results in a binary of around 400K in Linux!

This first step separates some of the PEM functions and
avoids linking in some PKCS#7 and PKCS#12 code.
2001-07-26 22:34:45 +00:00
Lutz Jänicke
a75b191502 Fix problem occuring when used from OpenSSH on Solaris 8. 2001-07-26 09:02:44 +00:00
Bodo Möller
e5cb260365 DH key generation should not use a do ... while loop,
or bogus DH parameters can be used for launching DOS attacks
2001-07-25 17:48:51 +00:00
Bodo Möller
6aecef815c Don't preserve existing keys in DH_generate_key. 2001-07-25 17:20:34 +00:00
Bodo Möller
daba492c3a md_rand.c thread safety 2001-07-25 17:17:24 +00:00
Bodo Möller
24cff6ced5 always reject data >= n 2001-07-25 17:02:58 +00:00