Commit Graph

892 Commits

Author SHA1 Message Date
Geoff Thorpe
0783bf151c Note the "ERR" changes. 2001-08-25 17:59:13 +00:00
Geoff Thorpe
eb6dc02b23 Make a note of the "up" functions. 2001-08-25 17:37:46 +00:00
Lutz Jänicke
e7cf7fcd21 Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert@anl.gov>.) 2001-08-25 11:49:24 +00:00
Lutz Jänicke
a403188f92 Alert description strings for TLSv1 and documentation. 2001-08-19 16:20:42 +00:00
Ben Laurie
0e36019977 Add EVP test program. 2001-08-18 13:53:01 +00:00
Ben Laurie
354c3ace73 Add first cut symmetric crypto support. 2001-08-18 10:22:54 +00:00
Dr. Stephen Henson
35bf35411c Add CRL utility functions to allow CRLs to be
built up without accessing structures directly.

Update ca.c to use new functions.

Fix ca.c so it now build CRLs correctly again.
2001-08-17 00:33:43 +00:00
Lutz Jänicke
54fbc77dc8 Bugfixes provided by "Stephen Hinton" <shinton@netopia.com>. 2001-08-16 15:28:00 +00:00
Richard Levitte
6bc847e49e Apply the Tru64 patch from Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu>
His comments are:

1) Changes all references for `True64' to be `Tru64', which is the correct
spelling for the OS name.

2) Makes `alpha-cc' be the same as `alpha164-cc', and adds an `alphaold-cc'
entry that is the same as the previous `alpha-cc'.  The reason is that most
people these days are using the newer compiler, so it should be the default.

3) Adds a bit of commentary to Configure, regarding the name changes of
the OS over the years, so it's not so confusing to people that haven't been
with the OS for a while.

4) Adds an `alpha-cc-rpath' target (which is *not* selected automatically
by Configure under any circumstance) that builds an RPATH into the
shared libraries.  This is explained in the comment in Configure.  It's
very very useful for people that want it, and people that don't want it
just shouldn't choose that target.

5) Adds the `-pthread' flag as the best way to get POSIX thread support
from the newer compiler.

6) Updates the Makefile targets, so that when the `alpha164-cc', `alpha-cc',
or `alpha-cc-rpath' target is what Configure is set to use, it uses a Makefile
target that includes the `-msym' option when building the shared library.
This is a performance enhancement.

7) Updates `config' so that if it detects you're running version 4 or 5
of the OS, it automatically selects `alpha-cc', but uses `alphaold-cc'
for versions 1-3 of the OS.

8) Updates the comment in opensslv.h, fixing both the OS name typo and
adding a reference to IRIX 6.x, since the shared library semantics are
virtually identical there.
2001-08-10 15:26:21 +00:00
Bodo Möller
37a7cd1a11 Bugfix: larger message size in ssl3_get_key_exchange() because
ServerKeyExchange message may be skipped.

Submitted by:  Petr Lampa <lampa@fee.vutbr.cz>
2001-08-07 09:30:18 +00:00
Bodo Möller
6383bbe525 remove a comma 2001-08-03 09:28:02 +00:00
Lutz Jänicke
06da6e4977 Don't disable rollback attack detection as a recommended bug workaround. 2001-08-03 08:45:13 +00:00
Lutz Jänicke
b72faddc47 Mention removed option. 2001-08-01 10:07:55 +00:00
Ben Laurie
8408f4fbc7 Document DES changes better. 2001-07-31 13:33:58 +00:00
Ben Laurie
dbad169019 Really add the EVP and all of the DES changes. 2001-07-30 23:57:25 +00:00
Andy Polyakov
6d03b73e35 Enhanced support for IA-64 Linux and HP-UX (as well as better support for
HP-UX in common in ./config). Note that for the moment of this writing
none of 64-bit platforms pass bntest. I'm committing this anyway as it's
too frustrating to patch snapshots over and over while 0.9.6 is known to
work.
2001-07-30 16:42:15 +00:00
Lutz Jänicke
1f0c9ad7e1 Fix inconsistent behaviour with respect to verify_callback handling. 2001-07-30 11:45:34 +00:00
Lutz Jänicke
06efc222f9 Forgot to mention second fix. 2001-07-30 11:33:53 +00:00
Bodo Möller
924875e53b Undo DH_generate_key() change: s3_srvr.c was using it correctly 2001-07-27 22:34:25 +00:00
Dr. Stephen Henson
19da130053 First of several reorganisations to
reduce linker bloat. For example the
single line:

PEM_read_X509()

results in a binary of around 400K in Linux!

This first step separates some of the PEM functions and
avoids linking in some PKCS#7 and PKCS#12 code.
2001-07-26 22:34:45 +00:00
Lutz Jänicke
a75b191502 Fix problem occuring when used from OpenSSH on Solaris 8. 2001-07-26 09:02:44 +00:00
Bodo Möller
6aecef815c Don't preserve existing keys in DH_generate_key. 2001-07-25 17:20:34 +00:00
Bodo Möller
daba492c3a md_rand.c thread safety 2001-07-25 17:17:24 +00:00
Bodo Möller
24cff6ced5 always reject data >= n 2001-07-25 17:02:58 +00:00
Bodo Möller
badb910f3c Avoid race condition.
Submitted by: Travis Vitek <vitek@roguewave.com>
2001-07-24 12:31:14 +00:00
Ben Laurie
c518ade1fd Clean up EVP macros, rename DES EDE3 modes correctly, temporary support for
OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery
is available).
2001-07-21 10:24:07 +00:00
Dr. Stephen Henson
ee306a1332 Initial OCSP server support, using index.txt format.
This can process internal requests or behave like a
mini responder.

Todo: documentation, update usage info.
2001-07-12 20:41:51 +00:00
Richard Levitte
e452de9d87 Add the possibility to specify the use of zlib compression and
decompression.  It can be set up to link at link time or to load the
zlib library at run-time.
2001-07-12 09:11:14 +00:00
Richard Levitte
0665dd6852 Document the recent Kerberos SSL changes. 2001-07-12 04:23:57 +00:00
Geoff Thorpe
af436bc158 openssl speed is quite useful for testing hardware support (among other
things), especially as the RSA keys are fixed. However, DSA only fixes the
DSA parameters and then generates the public and private components on the
fly each time - this commit hard-codes some sampled key values so that this
is no longer the case.
2001-07-11 18:59:25 +00:00
Bodo Möller
e9ad0d2c31 Fix PRNG. 2001-07-10 10:49:34 +00:00
Ben Laurie
c148d70978 A better compromise between encrypt and decrypt (but why isn't it as fast
for encrypt?).
2001-07-09 21:00:36 +00:00
Ben Laurie
f31b12503e Use & instead of % - worth about 4% for 8 byte blocks. 2001-07-08 17:27:32 +00:00
Bodo Möller
d63c6bd397 Align with 0.9.6-stable CHANGES file, and make some corrections. 2001-07-04 20:56:47 +00:00
Bodo Möller
93dbd83570 Entry for Andy's mips3.s fix. 2001-07-04 20:17:27 +00:00
Lutz Jänicke
43f9391bcc When only the key is given to "enc", the IV is undefined
(found by Andy Brown <logic@warthog.com>).
2001-07-03 10:31:11 +00:00
Richard Levitte
c80410c50c Insuline shot 2001-07-01 23:15:43 +00:00
Dr. Stephen Henson
b7a26e6daf Modify apps to use NCONF code instead of old CONF code.
Add new extension functions which work with NCONF.

Tidy up extension config routines and remove redundant code.

Fix NCONF_get_number().

Todo: more testing of apps to see they still work...
2001-06-28 11:41:50 +00:00
Dr. Stephen Henson
1e325f6149 Handle empty X509_NAME in printing routines. 2001-06-26 12:04:35 +00:00
Bodo Möller
c458a33196 DSA verification should insist that r and s are in the allowed range. 2001-06-26 09:48:17 +00:00
Richard Levitte
fd3e027faa Oops, applies to 0.9.7 only. 2001-06-23 16:28:21 +00:00
Richard Levitte
235dd0a22a Document recent changes. 2001-06-23 16:27:37 +00:00
Dr. Stephen Henson
323f289c48 Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
2001-06-19 22:30:40 +00:00
Richard Levitte
839590f576 - Add the possibility to control engines through control names but
with arbitrary arguments instead of just a string.
- Change the key loaders to take a UI_METHOD instead of a callback
  function pointer.  NOTE: this breaks binary compatibility with
  earlier versions of OpenSSL [engine].
- Addapt the nCipher code for these new conditions and add a card
  insertion callback.
2001-06-19 16:12:18 +00:00
Richard Levitte
9ad0f6812f Enhance the user interface with better support for dialog box
prompting, application-defined prompts, the possibility to use
defaults (for example default passwords from somewhere else) and
interrupts/cancelations.
2001-06-19 15:52:00 +00:00
Dr. Stephen Henson
3cc1f498a1 Don't set pointer if add_lock_callback used. 2001-06-19 00:04:57 +00:00
Bodo Möller
285b42756a pay attention to blocksize before attempting decryption 2001-06-15 18:05:09 +00:00
Bodo Möller
8a774dc9a6 Add directory name to the entry on /crypto/ui/. 2001-06-11 09:55:20 +00:00
Dr. Stephen Henson
f2a253e0dd Add support for MS CSP Name PKCS#12 attribute. 2001-06-11 00:43:20 +00:00
Bodo Möller
ecf186065c OAEP fix 2001-06-06 21:44:28 +00:00