mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
4,803 Commits 33 Branches 385 Tags 477 MiB
f908226898
Commit Graph

518 Commits

Author SHA1 Message Date
Bodo Möller
5574e0ed41 get rid of OpenSSLDie 2002-08-02 11:48:15 +00:00
Richard Levitte
e70a39830c Make sure to use $(MAKE) everywhere instead of make. 
Part of PR 181
 2002-07-31 13:49:06 +00:00
Lutz Jänicke
dd7ab82e75 Typo. 
Submitted by: Jeffrey Altman <jaltman@columbia.edu>
Reviewed by:
PR: 169
 2002-07-30 13:36:31 +00:00
Lutz Jänicke
c046fffa16 OpenSSL Security Advisory [30 July 2002] 
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
 2002-07-30 13:04:04 +00:00
Lutz Jänicke
3aecef7697 "make update" 2002-07-30 12:44:33 +00:00
Lutz Jänicke
c6ccf055ba New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT. 
Submitted by:
Reviewed by:
PR: 127
 2002-07-19 19:55:34 +00:00
Bodo Möller
5dbd3efce7 Replace 'ecdsaparam' commandline utility by 'ecparam' 
(the same keys can be used for ECC schemes other than ECDSA)
and add some new options.

Similarly, use string "EC PARAMETERS" instead of "ECDSA PARAMETERS"
in 'PEM' format.

Fix ec_asn1.c (take into account the desired conversion form).

'make update'.

Submitted by: Nils Larsch
 2002-07-14 16:54:31 +00:00
Lutz Jänicke
7b63c0fa8c Reorder inclusion of header files: 
des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
 2002-07-10 07:01:54 +00:00
Lutz Jänicke
063a8905bf Ciphers with NULL encryption were not properly handled because they were 
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
 2002-07-10 06:41:55 +00:00
Bodo Möller
d1d0be3cd2 emtpy fragments are not necessary for SSL_eNULL 
(but noone uses it anyway)

fix t1_enc.c: use OPENSSL_NO_RC4, not NO_RC4
 2002-07-09 08:49:09 +00:00
Bodo Möller
ea4f109c99 AES cipher suites are now official (RFC3268) 2002-07-04 08:51:09 +00:00
Richard Levitte
17085b022c Pass CFLAG to dependency makers, so non-standard system include paths are 
handled properly.
Part of PR 75
 2002-06-27 16:39:25 +00:00
Bodo Möller
c21506ba02 New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC 
vulnerability workaround (included in SSL_OP_ALL).

PR: #90
 2002-06-14 12:21:11 +00:00
Richard Levitte
b2c04539a1 Merge from 0.9.7-stable. 2002-06-06 07:22:33 +00:00
Richard Levitte
a9a025d08c Recover from errors 2002-05-23 23:31:22 +00:00
Richard Levitte
b935754cb0 Allow the use of the TCP/IP stack keyword TCPIP and NONE 2002-05-22 11:37:20 +00:00
Bodo Möller
98a9092af1 Fix ciphersuite list to enforce low priority for RC4. 2002-05-07 08:36:26 +00:00
Bodo Möller
87108f5af9 ensure that, for each strength, RC4 ciphers have least preference 
in the default ciphersuite list
 2002-05-07 07:59:35 +00:00
Bodo Möller
f257d984b7 refer to latest draft for AES ciphersuites 2002-05-07 07:55:36 +00:00
Bodo Möller
b889d6a8e8 fix warning 2002-05-06 10:44:59 +00:00
Bodo Möller
a4f576a378 disable AES ciphersuites unless explicitly requested 2002-05-05 23:44:27 +00:00
Bodo Möller
3def5a010e fix casts 2002-05-05 23:00:28 +00:00
Bodo Möller
b52f3818f4 undo nonsense patch (r *is* signed or we have signedness mismatches elsewhere) 2002-04-29 11:03:06 +00:00
Richard Levitte
cc12975514 Fix unsigned vs. signed clash 2002-04-29 10:29:38 +00:00
Richard Levitte
9738f395c6 Synchronise with 0.9.7-stable. 2002-04-29 10:28:29 +00:00
Richard Levitte
d4294c8984 Synchronise with 0.9.7-stable. 2002-04-29 10:19:19 +00:00
Richard Levitte
8b07f23c30 Signedness mismatch. 
Notified by Bernd Matthes <bernd.matthes@gemplus.com>
 2002-04-20 10:23:19 +00:00
Richard Levitte
6176df94ed Make sure the opened directory is closed on exit. 
Notified by Lorinczy Zsigmond <lzsiga@mail.ahiv.hu>
 2002-04-18 16:20:13 +00:00
Bodo Möller
2fb3f002d0 fix length field we create when converting SSL 2.0 format into SSL 3.0/TLS 1.0 format 
(the bug was introduced with message callback support)
 2002-04-14 13:05:15 +00:00
Bodo Möller
82b0bf0b87 Implement known-IV countermeasure. 
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
 2002-04-13 22:47:20 +00:00
Lutz Jänicke
11c26ecf81 Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>). 2002-03-19 16:42:09 +00:00
Dr. Stephen Henson
611ba3f4a1 Initialize ciph_ctx in kssl.c 2002-03-19 01:28:00 +00:00
Bodo Möller
304d90425f fix ssl3_pending 2002-03-15 10:52:32 +00:00
Lutz Jänicke
bfaa8a89e1 Add missing strength entries. 2002-03-14 18:53:15 +00:00
Dr. Stephen Henson
de941e289e Initialize cipher context in KRB5 
("D. Russell" <russelld@aol.net>)

Allow HMAC functions to use an alternative ENGINE.
 2002-03-14 18:22:23 +00:00
Bodo Möller
234c73767d use BIO_nwrite() more properly to demonstrate the general idea of 
BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not
in general)
 2002-03-14 09:48:54 +00:00
Dr. Stephen Henson
497810cae7 Undo previous patch: avoid warnings by #undef'ing 
duplicate definitions.

Suggested by "Kenneth R. Robinette" <support@securenetterm.com>
 2002-03-13 13:59:38 +00:00
Dr. Stephen Henson
cbc9d9713d Fix Kerberos warnings with VC++. 2002-03-12 19:37:18 +00:00
Dr. Stephen Henson
98fa4fe8c5 Fix ASN1 additions for KRB5 2002-03-12 13:32:35 +00:00
Dr. Stephen Henson
0b4c91c0fc Fix various warnings when compiling with KRB5 code. 2002-03-12 02:59:37 +00:00
Bodo Möller
9437fef8cc use ERR_peek_last_error() instead of ERR_peek_error() 2002-02-28 14:07:37 +00:00
Richard Levitte
26414ee013 Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated 2002-02-28 12:42:19 +00:00
Bodo Möller
023ec151df Add 'void *' argument to app_verify_callback. 
Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller
 2002-02-28 10:52:56 +00:00
Lutz Jänicke
d62bfb39cd Fix the fix (Yoram Zahavi)... 2002-02-27 11:23:05 +00:00
Lutz Jänicke
334f1842fc Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi). 2002-02-26 21:40:09 +00:00
Dr. Stephen Henson
3a3ca3f515 Fix for AIX. 
Submitted by Dawn Whiteside <dwhitesi@tiercel.uwaterloo.ca>
 2002-02-22 21:26:25 +00:00
Bodo Möller
4d94ae00d5 ECDSA support 
Submitted by: Nils Larsch <nla@trustcenter.de>
 2002-02-13 18:21:51 +00:00
Lutz Jänicke
acfe628b6e Make removal from session cache more robust. 2002-02-10 12:46:41 +00:00
Lutz Jänicke
4de920c91d Do not store unneeded data. 2002-02-08 15:15:04 +00:00
Bodo Möller
8c74b5e56c Bugfix: In ssl3_accept, don't use a local variable 'got_new_session' 
to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.
 2002-01-14 23:40:26 +00:00