Bodo Möller
46ce790727
fix order of changes -- if B depends on A, A should be listed
...
after B (reversed 'chronological' order)
2002-11-12 13:35:27 +00:00
Ben Laurie
9831d941ca
Many security improvements (CHATS) and a warning fix.
2002-11-12 13:23:40 +00:00
Richard Levitte
8bcc049399
X509_NAME_cmp() now compares PrintableString and emailAddress with a value of type
...
ia5String correctly.
PR: 244
2002-11-09 21:55:12 +00:00
Geoff Thorpe
96a2c35d91
The recent CHANGES note between 0.9.6g and 0.9.6h needs copying into the
...
other branches.
2002-10-29 17:59:18 +00:00
Bodo Möller
84236041c1
synchronize with 0.9.6-stable version of this file
2002-10-11 17:53:21 +00:00
Bodo Möller
8d44d96ec3
remove redundant empty line
2002-10-11 17:29:07 +00:00
Richard Levitte
12a2ff9625
RFC 2712 redefines the codes for use of Kerberos 5 in SSL/TLS.
...
PR: 189
2002-10-10 07:59:45 +00:00
Bodo Möller
64cb996206
fix more race conditions
...
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
2002-09-26 15:54:15 +00:00
Bodo Möller
fbf4c7b4f1
really fix race conditions
...
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
PR: 291
2002-09-25 15:38:17 +00:00
Bodo Möller
4e33db9a3f
really fix race condition
...
PR: 262
2002-09-23 14:28:12 +00:00
Bodo Möller
f7eb95852c
there is no minimum length for session IDs
...
PR: 274
fix race condition
PR: 262
2002-09-20 08:37:13 +00:00
Dr. Stephen Henson
a98beb3a2d
Apply -nameopt patches to 0.9.7
2002-08-30 18:26:26 +00:00
Lutz Jänicke
68a9ee13e8
Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb().
...
Submitted by:
Reviewed by:
PR: 212
2002-08-16 17:02:30 +00:00
Dr. Stephen Henson
ea050a6eb3
Fix block_size field for CFB and OFB modes: it should be 1.
2002-08-16 01:38:34 +00:00
Dr. Stephen Henson
f84acec8ea
Fix typo in OBJ_txt2obj which incorrectly passed the content
...
length, instead of the encoding length to d2i_ASN1_OBJECT.
This wasn't visible before becuse ASN1_get_object() used
to read past the length of the supplied buffer.
2002-08-14 00:50:35 +00:00
Bodo Möller
3c1a6f441b
add 0.9.6g information
2002-08-12 08:43:32 +00:00
Richard Levitte
00c8546d21
0.9.6f is released
2002-08-08 22:56:05 +00:00
Dr. Stephen Henson
b012127a99
Fix the ASN1 sanity check: correct header length
...
calculation and check overflow against LONG_MAX.
2002-08-02 18:42:40 +00:00
Bodo Möller
265a9e2c5d
get rid of OpenSSLDie
2002-08-02 11:47:24 +00:00
Lutz Jänicke
bca9dc2a51
OpenSSL Security Advisory [30 July 2002]
...
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
Submitted by:
Reviewed by:
PR:
2002-07-30 11:21:19 +00:00
Richard Levitte
b721e1e239
Document the recent DJGPP-related changes
2002-07-23 13:46:05 +00:00
Bodo Möller
16758de0a2
add an explanation and fix a typo
2002-07-22 08:38:14 +00:00
Lutz Jänicke
f19b6474fe
New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT.
...
Submitted by:
Reviewed by:
PR: 127
2002-07-19 19:53:02 +00:00
Richard Levitte
4810644f65
For those wanting to build for several platforms with the same source
...
directory, making a separate directory tree with lots of symbolic links
seems to be the solution. Unfortunately, Configure doesn't take appropriate
steps to support this solution (as in removing a file that's going to be
rewritten). This change corrects that situation. Now I just have to
find all other places where there's lack of support for this.
2002-07-16 09:18:25 +00:00
Lutz Jänicke
4064a85205
Ciphers with NULL encryption were not properly handled because they were
...
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
2002-07-10 06:40:18 +00:00
Bodo Möller
5af9fcaf35
AES cipher suites are now official (RFC3268)
2002-07-04 08:50:33 +00:00
Bodo Möller
e003386793
update an entry on EVP changes
2002-06-26 14:22:39 +00:00
Geoff Thorpe
a2ffad81c8
Make sure any ENGINE control commands make local copies of string
...
pointers passed to them whenever necessary. Otherwise it is possible the
caller may have overwritten (or deallocated) the original string data
when a later ENGINE operation tries to use the stored values.
Submitted by: Götz Babin-Ebell <babinebell@trustcenter.de>
Reviewed by: Geoff Thorpe
PR: 98
2002-06-21 02:48:57 +00:00
Bodo Möller
2f8275c52d
New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC
...
vulnerability workaround (included in SSL_OP_ALL).
PR: #90
2002-06-14 12:20:27 +00:00
Lutz Jänicke
f10581829d
Make change uniqueIdentifier -> x500UniqueIdentifier clearly visible.
...
Submitted by:
Reviewed by:
PR: 82
2002-06-12 20:42:04 +00:00
Ben Laurie
461f00dd53
Handle read failures better.
2002-06-11 11:41:26 +00:00
Richard Levitte
1b97c938e9
Document the AES changes.
2002-05-31 13:16:37 +00:00
Bodo Möller
855f0b4f2f
fix EVP_dsa_sha macro
...
Submitted by: Nils Larsch
2002-05-16 12:53:34 +00:00
Dr. Stephen Henson
38dbcb2248
Oops, forgot CHANGES entry and description:
...
Allow reuse of cipher contexts by removing
automatic cleanup in EVP_*Final().
2002-05-15 18:23:07 +00:00
Dr. Stephen Henson
1c511bdb7c
Fallback to normal multiply if n2 == 8 and dna or dnb is not zero
...
in bn_mul_recursive.
This is (hopefully) what was triggering bignum errors on 64 bit
platforms and causing the BN_mod_mul test to fail.
2002-05-10 22:22:55 +00:00
Bodo Möller
aa9fed8cc2
refer to latest draft for AES ciphersuites
2002-05-07 07:56:09 +00:00
Bodo Möller
29f6a99432
disable AES ciphersuites unless explicitly requested
2002-05-05 23:47:09 +00:00
Lutz Jänicke
fb0f53b2e0
Fix escaping when using the -subj option of "openssl req", document
...
'hidden' -nameopt support. (Robert Joop <joop@fokus.gmd.de>)
Submitted by:
Reviewed by:
PR: #2
2002-04-30 12:10:10 +00:00
Bodo Möller
dfc5336975
Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
...
encoded as NULL) with id-dsa-with-sha1.
Submitted by: Nils Larsch
2002-04-26 08:29:18 +00:00
Bodo Möller
d4a67e3186
check return values
...
Submitted by: Nils Larsch
2002-04-17 09:31:02 +00:00
Lutz Jänicke
18e10315e5
Document OID changes.
...
Submitted by:
Reviewed by:
PR:
2002-04-15 14:17:20 +00:00
Lutz Jänicke
a6198b9ed1
Some more OID enhancements.
...
Submitted by:
Reviewed by:
PR:
2002-04-15 10:38:37 +00:00
Lutz Jänicke
a7be294ed7
Fix CRLF problem in BASE64 decode.
...
Submitted by:
Reviewed by:
PR:
2002-04-15 09:53:47 +00:00
Bodo Möller
a9ab63c01c
Implement known-IV countermeasure.
...
Fix length checks in ssl3_get_client_hello().
Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-04-13 22:51:26 +00:00
Bodo Möller
2d96549cd0
looks like a typo
2002-04-12 13:51:42 +00:00
Bodo Möller
b48892d403
synchronize with main branch
2002-04-12 13:46:46 +00:00
Lutz Jänicke
9be529f12d
In preparation of 0.9.7: re-order changelog, so that the changes
...
are listed as of ... -> 0.9.6c -> 0.9.6d -> 0.9.7
Submitted by:
Reviewed by:
PR:
2002-04-10 19:50:23 +00:00
Bodo Möller
2826fcc851
add usage examples
2002-04-09 11:53:51 +00:00
Lutz Jänicke
ce34d0ac09
Fix buggy object definitions (Svenning Sorensen <sss@sss.dnsalias.net>).
...
Submitted by:
Reviewed by:
PR:
2002-04-04 17:49:39 +00:00
Lutz Jänicke
75b9c0044c
Make short names of objects RFC2256-compliant.
...
Submitted by:
Reviewed by:
PR:
2002-03-26 17:15:32 +00:00
Richard Levitte
600b77a93f
Add the possibility to enable olde des support, not just disable it, for future support. Redocument
2002-03-26 14:26:08 +00:00
Bodo Möller
afcf54a5c9
fix DH_generate_parameters for general 'generator'
2002-03-20 16:02:46 +00:00
Lutz Jänicke
3671e38af4
Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>).
...
Submitted by:
Reviewed by:
PR:
2002-03-19 16:44:26 +00:00
Bodo Möller
0bdbc5a86e
fix ssl3_pending
2002-03-15 10:52:03 +00:00
Lutz Jänicke
abecef77cf
Add missing strength classification.
...
Submitted by:
Reviewed by:
PR:
2002-03-14 18:47:51 +00:00
Dr. Stephen Henson
c913cf446f
ENGINE module additions.
...
Add "init" command to control ENGINE
initialization.
Call ENGINE_finish on initialized ENGINEs on exit.
Reorder shutdown in apps.c: modules should be shut
down first.
Add test private key loader to openssl ENGINE: this
just loads a private key in PEM format.
Fix print format for dh length parameter.
2002-03-06 14:09:46 +00:00
Richard Levitte
cea698f19c
Document the added modes for AES
2002-02-28 11:30:42 +00:00
Bodo Möller
48781ef7f7
Add 'void *' argument to app_verify_callback.
...
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
2002-02-28 10:55:52 +00:00
Geoff Thorpe
6d1a837df7
This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice
...
Gittens.
2002-02-27 22:45:48 +00:00
Lutz Jänicke
3b79d2789d
Make sure that bad sessions are removed in SSL_clear() (found by
...
Yoram Zahavi).
Submitted by:
Reviewed by:
PR:
2002-02-26 21:44:07 +00:00
Dr. Stephen Henson
344b3b5ce1
OPENSSL_LOAD_CONF define as in main trunk
2002-02-23 02:09:29 +00:00
Dr. Stephen Henson
0cd8572b2d
Config code updates.
...
CONF_modules_unload() now calls CONF_modules_finish()
automatically.
Default use of section openssl_conf moved to
CONF_modules_load()
Load config file in several openssl utilities.
Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.
In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
2002-02-22 13:58:15 +00:00
Dr. Stephen Henson
9c75b2d931
Use default openssl.cnf if config filename set to NULL and
...
openssl_conf if appname NULL.
2002-02-19 23:25:18 +00:00
Dr. Stephen Henson
86a0d0234d
Add argument to OPENSSL_config() and add flag to
...
tolerate missing config file.
2002-02-14 23:39:36 +00:00
Richard Levitte
be37dc73f6
At Corinna Vinschen's request, change CygWin32 to Cygwin
2002-02-14 12:29:32 +00:00
Richard Levitte
1fe198b6f9
Update the configuration of CygWin32 to use the new capabilities of
...
CygWin 1.3.x, which includes thread and shared library support.
Submitted by Corinna Vinschen <vinschen@redhat.com> and modified a
little bit.
2002-02-13 14:44:33 +00:00
Lutz Jänicke
acfe628b6e
Make removal from session cache more robust.
2002-02-10 12:46:41 +00:00
Lutz Jänicke
4de920c91d
Do not store unneeded data.
2002-02-08 15:15:04 +00:00
Richard Levitte
3cd039dd8f
Add notes on the added support for aep and sureware crypto cards in
...
0.9.7.
2002-02-07 22:15:53 +00:00
Richard Levitte
b9a3ef4c6e
ASN1_BIT_STRING_set_bit() didn't clear previously set bits
2002-02-03 21:31:41 +00:00
Richard Levitte
1199e2d8cf
Apply patch from Toomas Kiisk <vix@cyber.ee> and complete it.
2002-01-29 12:36:01 +00:00
Richard Levitte
a3fffd648b
Add old patch from Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> to
...
make it possible to produce shared libraries on ReliantUNIX.
2002-01-26 03:17:27 +00:00
Richard Levitte
2d57b73a50
I got a request to make the "old des" symbols more closely tied to
...
OpenSSL. Adding '_ossl' in the name seems to be a good way to do
this.
2002-01-26 01:14:09 +00:00
Richard Levitte
f14845d999
Apply Neale Ferguson's patch to add a configuration target for linux-s390x
2002-01-25 22:06:59 +00:00
Richard Levitte
80bb905d3d
Apply the following changes by Toomas Kiisk <vix@cyber.ee>:
...
* make openssl rsa work with -engine chil
* misc changes, including debug-linux-ppro Configure target
and FORMAT_NETSCAPE-aware load_{,pub}key()
This completes the application of his changes.
2002-01-25 19:43:52 +00:00
Richard Levitte
8242a6a9fc
Document the change in rsautl.
2002-01-25 17:00:56 +00:00
Bodo Möller
a14e2d9dfe
New functions
...
ERR_peek_last_error
ERR_peek_last_error_line
ERR_peek_last_error_line_data
(supersedes ERR_peek_top_error).
Rename OPENSSL_NO_OLD_DES_SUPPORT into OPENSSL_DISABLE_OLD_DES_SUPPORT
because OPENSSL_NO_... indicates disabled algorithms (according to
mkdef.pl).
2002-01-24 16:16:43 +00:00
Bodo Möller
a8b94d6409
Reword CHANGES entry for _old_des_..., as it was a little complicated
...
syntactically.
2002-01-24 14:05:55 +00:00
Richard Levitte
1285221370
To avoid all kinds of link-level clashes, rename all old des_*
...
functions to _old_des_*.
2002-01-24 12:26:50 +00:00
Lutz Jänicke
9b2f486c9e
Document the current behaviour of the DES interface.
2002-01-23 10:12:45 +00:00
Dr. Stephen Henson
df5eaa8a52
default_algorithms option in ENGINE config.
2002-01-22 01:40:18 +00:00
Dr. Stephen Henson
c9501c223f
Initial ENGINE config module, docs to follow.
...
Fix buffer overrun errors in OPENSSL_conf().
2002-01-21 03:02:36 +00:00
Bodo Möller
8c74b5e56c
Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'
...
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
2002-01-14 23:40:26 +00:00
Bodo Möller
c59ba5b528
Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if
...
the SSL_R_LENGTH_MISMATCH error is detected.
2002-01-14 12:37:59 +00:00
Dr. Stephen Henson
bc37d996fc
Experimental configuration code.
...
Incomplete, largely untested and subject to change/deletion.
2002-01-05 01:37:16 +00:00
Bodo Möller
d59fb0dd2f
Changes that break something should be included in CHANGES
...
to make it easier to fix things.
2002-01-04 13:27:52 +00:00
Bodo Möller
e5d6528a12
fix EVP_CIPHER_mode macro
...
Submitted by: "Dan S. Camper" <dan@bti.net>
2002-01-04 13:04:45 +00:00
Richard Levitte
6f9079fd50
Because Rijndael is more known as AES, use crypto/aes instead of
...
crypto/rijndael. Additionally, I applied the AES integration patch
from Stephen Sprunk <stephen@sprunk.org> and fiddled it to work
properly with the normal EVP constructs (and incidently work the same
way as all other symmetric cipher implementations).
This results in an API that looks a lot like the rest of the OpenSSL
cipher suite.
2002-01-02 16:55:35 +00:00
Ulf Möller
dcbbf83dba
ssl3_read_bytes bug fix
...
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
2001-12-28 17:14:35 +00:00
Bodo Möller
3c89d78dba
update FAQ and CHANGES file (0.9.6c has been released)
2001-12-21 12:29:52 +00:00
Ben Laurie
7c517a04b1
Security fix.
2001-12-20 12:18:08 +00:00
Bodo Möller
b5348a095d
consistency with 0.9.6 stable "CHANGES"
2001-12-17 19:11:03 +00:00
Bodo Möller
66df02fd98
fix BN_rand_range
2001-12-14 10:09:29 +00:00
Dr. Stephen Henson
f3e24baddf
Don't overwrite signing time.
2001-12-07 00:36:32 +00:00
Bodo Möller
35e25255e0
crypto/objects stuff
2001-12-03 14:03:23 +00:00
Dr. Stephen Henson
21a85f1977
Add -pubkey option to req command.
2001-12-01 23:03:30 +00:00
Bodo Möller
898f856c44
info on 0.9.6 engine branch
2001-11-23 21:12:44 +00:00
Bodo Möller
883b0c2274
fix submitted by Andy Schneider <andy.schneider@bjss.co.uk>
...
(in main branch, hn_ncipher.c is already correct)
2001-11-23 20:58:40 +00:00
Bodo Möller
1d4581c2dd
OS/390 support
...
Submitted by: Richard Shapiro <rshapiro@abinitio.com>
2001-11-22 11:09:42 +00:00
Bodo Möller
76c4336c43
wNAFs use does not bring that much performance on Sparcs (where
...
elliptic curves are are relatively faster than on PCs anyway)
2001-11-16 12:02:01 +00:00