Commit Graph

3132 Commits

Author SHA1 Message Date
Richard Levitte
c2bf70a27c The check for request including a nonce and response not having it was
inversed.  Corrected.  Hopefully, this will make it work without
dumping core.
2001-02-08 19:28:10 +00:00
Richard Levitte
9235adbf47 Add the -VAfile option to 'openssl ocsp'. This option will give the
client code certificates to use to only check response signatures.
I'm not entirely sure if the way I just implemented the verification
is the right way to do it, and would be happy if someone would like to
review this.
2001-02-08 17:59:29 +00:00
Ulf Möller
a71b5abfa4 use <= instead of == 2001-02-08 17:45:32 +00:00
Ulf Möller
928cc3a6de point out that RAND_load_file() etc are only for seed files, not for
entropy devices or sockets.
2001-02-08 17:22:56 +00:00
Ulf Möller
466e4249ab Note that EGD is used automatically. 2001-02-08 17:16:44 +00:00
Ulf Möller
9fbc45b159 cleanup 2001-02-08 17:14:07 +00:00
Bodo Möller
792e2ce7f4 Another comment change. (Previous comment does not apply
for range = 11000000... or range = 100000...)
2001-02-08 12:34:08 +00:00
Bodo Möller
3952584571 Change comments. (The expected number of iterations in BN_rand_range
never exceeds 1.333...).
2001-02-08 12:27:22 +00:00
Bodo Möller
a5d2acfc79 oops -- remove observation code 2001-02-08 12:24:41 +00:00
Bodo Möller
35ed8cb8b6 Integrate my implementation of a countermeasure against
Bleichenbacher's DSA attack.  With this implementation, the expected
number of iterations never exceeds 2.

New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
     min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
     min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
2001-02-08 12:14:51 +00:00
Bodo Möller
7edc5ed90a platform specific CFLAGS don't belong into this Makefile 2001-02-08 11:15:50 +00:00
Lutz Jänicke
420125f996 Update documentation to match the state at 0.9.6 _and_ the recent changes. 2001-02-08 10:42:01 +00:00
Ulf Möller
57e7d3ce15 Bleichenbacher's DSA attack 2001-02-07 22:24:35 +00:00
Lutz Jänicke
a8ebe4697e Modify access to EGD socket to deal with EINTR etc that can appear
during connect() and other calls. First seen on Unixware-7.

Unify access to EGD-socket for all RAND_egd_*() methods.
2001-02-07 22:13:38 +00:00
Dr. Stephen Henson
deb2c1a1c5 Fix AES code.
Update Rijndael source to v3.0

Add AES OIDs.

Change most references of Rijndael to AES.

Add new draft AES ciphersuites.
2001-02-07 18:15:18 +00:00
Lutz Jänicke
d4219c485b Change preferences for sockets of EGD-style entropy daemons to a more
reasonable selection.
2001-02-07 14:26:43 +00:00
Lutz Jänicke
73fc98a7bf Fix typo preventing correct usage of -out option. 2001-02-07 14:15:41 +00:00
Ben Laurie
259810e05b Rijdael CBC mode and partial undebugged SSL support. 2001-02-06 14:09:13 +00:00
Ben Laurie
171cc53a96 Improve the state machine. 2001-02-06 13:13:31 +00:00
Bodo Möller
9eea2be6f1 Avoid coredumps for CONF_get_...(NULL, ...) 2001-02-06 10:26:34 +00:00
Bodo Möller
69a03c1799 don't dump core 2001-02-06 09:47:47 +00:00
Ulf Möller
4327aae816 format strings 2001-02-06 02:57:35 +00:00
Ulf Möller
741a9690df Fix potential buffer overrun for EBCDIC. 2001-02-06 02:54:02 +00:00
Richard Levitte
e24e40657f Fix a memory leak in BIO_get_accept_socket(). This leak was small and
only happened when the port number wasn't parsable ot the host wasn't
possible to convert to an IP address.
Contributed by Niko Baric <Niko.Baric@epost.de>
2001-02-05 09:15:09 +00:00
Bodo Möller
448361a86c Include string.h (whis is in all relevant standards) instead of
memory.h (which is not).
2001-02-05 09:07:50 +00:00
Dr. Stephen Henson
26e083ccb7 New function to copy nonce values from OCSP
request to response.
2001-02-05 00:35:06 +00:00
Ben Laurie
4978361212 Make depend. 2001-02-04 21:06:55 +00:00
Ben Laurie
247c1361f3 BN assembler is no longer option on x86. 2001-02-04 21:03:22 +00:00
Ben Laurie
1618bc7921 Can't remember why this was needed? 2001-02-04 21:02:22 +00:00
Ben Laurie
1b843d3c69 Fix a warning. 2001-02-04 21:01:32 +00:00
Lutz Jänicke
0bc6597d4d Documenting session caching, 2nd step. 2001-02-04 18:05:27 +00:00
Dr. Stephen Henson
2b916952a8 Fix ASN1_TIME_to_generlizedtime().
Add protoype for OCSP_response_create().

Add OCSP_request_sign() and OCSP_basic_sign()
private key and certificate checks and make
OCSP_NOCERTS consistent with PKCS7_NOCERTS
2001-02-04 03:04:43 +00:00
Dr. Stephen Henson
02e4fbed3d Various OCSP responder utility functions.
Delete obsolete OCSP functions.

Largely untested at present...
2001-02-03 19:20:45 +00:00
Lutz Jänicke
7403c34b0b Clarify why SSL_CTX_use_certificate_chain_file() should be preferred. 2001-02-03 15:15:00 +00:00
Lutz Jänicke
9022f2403b Typo: on my screen it nicely wrapped around at 80 :-) 2001-02-03 11:02:02 +00:00
Lutz Jänicke
08f3f07212 If the source has already been succesfully queried, do not try to open it
again as file.
2001-02-03 10:59:13 +00:00
Lutz Jänicke
8cbceba610 Document session caching, first step. 2001-02-02 14:40:52 +00:00
Dr. Stephen Henson
88ce56f8c1 Various function for commmon operations. 2001-02-02 00:45:54 +00:00
Dr. Stephen Henson
664d83bb23 Tidy up the mess in bss_sock.c and bss_fd.c
by placing them socket/fd code in separate
files rather than trying to have them both
share the same one.
2001-02-02 00:31:45 +00:00
Dr. Stephen Henson
8cff6331c9 Tolerate some "variations" used in some
certificates.

One is a valid CA which has no basicConstraints
but does have certSign keyUsage.

Other is S/MIME signer with nonRepudiation but
no digitalSignature.
2001-02-01 01:57:32 +00:00
Lutz Jänicke
cd6aa710b5 New manual page for a hardly known but important item :-) 2001-01-31 14:14:20 +00:00
Richard Levitte
903872d65e Document the change. 2001-01-30 13:47:59 +00:00
Richard Levitte
16a44ae7e9 Increase consistency of header data (some mail readers really do not
like spaces before the semicolon, and besides, other parts of this
file makes the values without those spaces), and move spacing of
continuation lines to support BIO's that break lines after each
write.
2001-01-30 13:38:59 +00:00
Bodo Möller
739423fceb Remove serial number file during 'make clean'. 2001-01-29 11:41:12 +00:00
Bodo Möller
78f3a2aad7 Comment and indentation 2001-01-28 14:38:11 +00:00
Dr. Stephen Henson
b847024026 Make sk_sort tolearate a NULL argument. 2001-01-28 14:20:13 +00:00
Dr. Stephen Henson
50d5199120 New OCSP response verify option OCSP_TRUSTOTHER 2001-01-26 01:55:52 +00:00
Richard Levitte
9020b86250 Documentation language corrections, contributed by Chris Pepper <pepper@mail.reppep.com> 2001-01-25 14:46:00 +00:00
Dr. Stephen Henson
a342cc5a70 Zero the premaster secret after deriving the master secret in DH
ciphersuites.
2001-01-25 13:15:01 +00:00
Geoff Thorpe
67c3cf0675 Insert a missing space to stop pod2man giving stroppy "malformed" warnings. 2001-01-25 02:26:58 +00:00