Bodo Möller [Fri, 9 Nov 2001 13:03:12 +0000 (13:03 +0000)]
fix warning
Bodo Möller [Fri, 9 Nov 2001 12:59:15 +0000 (12:59 +0000)]
cast to 'unsigned long' before using ~ if we need an unsigned long result
Submitted by: "Stefan Marxen" <stefan.marxen@gmx.net>
Bodo Möller [Thu, 8 Nov 2001 14:52:40 +0000 (14:52 +0000)]
clarify
Bodo Möller [Thu, 8 Nov 2001 14:36:49 +0000 (14:36 +0000)]
Don't define _REENTRANT here in e_os.h. On systems where we need
_REENTRANT if threads support is enabled, the ./Configure entry must
define it so that it ends up in CFLAG.
Richard Levitte [Mon, 29 Oct 2001 13:06:29 +0000 (13:06 +0000)]
Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names
Bodo Möller [Fri, 26 Oct 2001 14:03:51 +0000 (14:03 +0000)]
typo
Bodo Möller [Fri, 26 Oct 2001 13:03:28 +0000 (13:03 +0000)]
disable caching in BIO_gethostbyname
Bodo Möller [Thu, 25 Oct 2001 08:36:22 +0000 (08:36 +0000)]
'make update'
Bodo Möller [Thu, 25 Oct 2001 08:18:56 +0000 (08:18 +0000)]
Consistency with s2_... and s23_... variants (no real functional
change)
Bodo Möller [Thu, 25 Oct 2001 08:18:36 +0000 (08:18 +0000)]
Oops
Bodo Möller [Thu, 25 Oct 2001 06:06:50 +0000 (06:06 +0000)]
Assume TLS 1.0 if ClientHello fragment is too short.
Bodo Möller [Wed, 24 Oct 2001 19:05:26 +0000 (19:05 +0000)]
Fix SSL handshake functions and SSL_clear() such that SSL_clear()
never resets s->method to s->ctx->method when called from within one
of the SSL handshake functions.
Bodo Möller [Sat, 20 Oct 2001 17:52:40 +0000 (17:52 +0000)]
In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
Dr. Stephen Henson [Sat, 20 Oct 2001 16:23:18 +0000 (16:23 +0000)]
Typo.
Lutz Jänicke [Tue, 16 Oct 2001 14:25:27 +0000 (14:25 +0000)]
Flush buffers to prevent mixed output (Adam Back <adam@cypherspace.org>).
Bodo Möller [Mon, 15 Oct 2001 17:57:27 +0000 (17:57 +0000)]
make sure .rnd exists
Bodo Möller [Mon, 15 Oct 2001 17:42:43 +0000 (17:42 +0000)]
Fix ssl3_get_message to handle message fragmentation correctly.
Bodo Möller [Mon, 15 Oct 2001 17:40:22 +0000 (17:40 +0000)]
the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK
case of ssl3_accept
Ulf Möller [Sun, 14 Oct 2001 00:58:32 +0000 (00:58 +0000)]
openbsd-x86 macros
Submitted by: Toomas Kiisk <vix@cyber.ee>
Lutz Jänicke [Fri, 12 Oct 2001 12:29:57 +0000 (12:29 +0000)]
Update information as a partial response to the post
From: "Chris D. Peterson" <cpeterson@aventail.com>
Subject: Implementation Issues with OpenSSL
To: openssl-users@openssl.org
Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
Richard Levitte [Thu, 11 Oct 2001 19:43:45 +0000 (19:43 +0000)]
In certain cases, no encoding has been set up for the b64 filter. In
such cases, a flush should *not* attempt to finalise the encoding, as
the EVP_ENCODE_CTX structure will only be filled with garbage. For
the same reason, do the same check when a wpending is performed.
Richard Levitte [Thu, 11 Oct 2001 07:59:25 +0000 (07:59 +0000)]
Make sure the macro PEDANTIC is defined when we compile with
-pedantic, or some parts of the source will raise complaints from the
compiler.
Richard Levitte [Wed, 10 Oct 2001 21:52:27 +0000 (21:52 +0000)]
'make update'
Richard Levitte [Wed, 10 Oct 2001 21:51:00 +0000 (21:51 +0000)]
Add support for md4WithRSAEncryption.
Richard Levitte [Wed, 10 Oct 2001 06:15:42 +0000 (06:15 +0000)]
A few more OIDs, contributed by Peter Sylvester <Peter.Sylvester@EdelWeb.fr>
Lutz Jänicke [Mon, 8 Oct 2001 08:38:12 +0000 (08:38 +0000)]
Small documentation fixes (Howard Lum <howard@pumpkin.canada.sun.com>)
Lutz Jänicke [Mon, 1 Oct 2001 14:39:23 +0000 (14:39 +0000)]
Typos (Chris Pepper <pepper@mail.reppep.com>)
Richard Levitte [Mon, 24 Sep 2001 15:06:44 +0000 (15:06 +0000)]
In case of memory problems, the va_start() wasn't cleaned with a va_end().
Noticed by Thomas Klausner <wiz@danbala.ifoer.tuwien.ac.at>.
Bodo Möller [Mon, 24 Sep 2001 07:57:20 +0000 (07:57 +0000)]
comment
Bodo Möller [Sat, 22 Sep 2001 01:37:36 +0000 (01:37 +0000)]
crypto/idea was missing in the list of directories that may have been deleted
Bodo Möller [Fri, 21 Sep 2001 11:19:26 +0000 (11:19 +0000)]
bugfix: handle HelloRequest received during handshake correctly
Bodo Möller [Fri, 21 Sep 2001 07:01:04 +0000 (07:01 +0000)]
Disable session related stuff in SSL_ST_OK case of ssl3_accept if we
just sent a HelloRequest.
Bodo Möller [Fri, 21 Sep 2001 00:03:00 +0000 (00:03 +0000)]
Bugfix: correct cleanup after sending a HelloRequest
Bodo Möller [Thu, 20 Sep 2001 21:36:39 +0000 (21:36 +0000)]
fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case
Bodo Möller [Thu, 20 Sep 2001 18:34:36 +0000 (18:34 +0000)]
Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured.
In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
Bodo Möller [Fri, 14 Sep 2001 13:48:37 +0000 (13:48 +0000)]
add comment
Bodo Möller [Fri, 14 Sep 2001 13:32:03 +0000 (13:32 +0000)]
Increase permissible ClientKeyExchange message length as in main
branch (revision 1.50, 2000-11-17)
Lutz Jänicke [Thu, 13 Sep 2001 15:19:39 +0000 (15:19 +0000)]
Synchronize typo corrections with 0.9.7-dev
Lutz Jänicke [Thu, 13 Sep 2001 15:07:21 +0000 (15:07 +0000)]
One more manual page.
cvs2svn [Thu, 13 Sep 2001 15:05:43 +0000 (15:05 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_6-stable'.
Lutz Jänicke [Thu, 13 Sep 2001 15:05:42 +0000 (15:05 +0000)]
One more manual page.
Lutz Jänicke [Thu, 13 Sep 2001 13:21:38 +0000 (13:21 +0000)]
Rework section about return values another time (based on hints from
Bodo Moeller).
Bodo Möller [Thu, 13 Sep 2001 13:02:59 +0000 (13:02 +0000)]
avoid "statement not reached" warning
Geoff Thorpe [Wed, 12 Sep 2001 02:43:22 +0000 (02:43 +0000)]
Updated dependencies from "make update"
Geoff Thorpe [Wed, 12 Sep 2001 02:39:06 +0000 (02:39 +0000)]
Reduce the header dependencies on engine.h in apps/.
Geoff Thorpe [Wed, 12 Sep 2001 02:34:20 +0000 (02:34 +0000)]
ENGINE uses a very opaque design, so we can predeclare the structure type
in "types.h" so that very few headers will need to include engine.h,
generally only C files using API functions will need it (reducing
the header dependencies quite a lot).
Geoff Thorpe [Wed, 12 Sep 2001 01:54:17 +0000 (01:54 +0000)]
ENGINE files were renamed, and error strings are now in eng_err.c
Dr. Stephen Henson [Wed, 12 Sep 2001 00:19:20 +0000 (00:19 +0000)]
Add certificate and request demos.
Fix X509V3 macro so they compile.
Lutz Jänicke [Tue, 11 Sep 2001 13:08:51 +0000 (13:08 +0000)]
Make maximum certifcate chain size accepted from the peer application
settable (proposed by "Douglas E. Engert" <deengert@anl.gov>).
Bodo Möller [Tue, 11 Sep 2001 12:46:50 +0000 (12:46 +0000)]
add 'release showstopper' entry
Bodo Möller [Tue, 11 Sep 2001 12:26:56 +0000 (12:26 +0000)]
update
Bodo Möller [Tue, 11 Sep 2001 12:26:35 +0000 (12:26 +0000)]
update from main branch
Bodo Möller [Tue, 11 Sep 2001 12:20:20 +0000 (12:20 +0000)]
ex_data situation is no longer that bad
Geoff Thorpe [Mon, 10 Sep 2001 21:18:11 +0000 (21:18 +0000)]
make update
Geoff Thorpe [Mon, 10 Sep 2001 21:04:14 +0000 (21:04 +0000)]
Put all "common" initialisation in the apps_startup() and apps_shutdown()
macros in apps.h.
Geoff Thorpe [Mon, 10 Sep 2001 21:02:06 +0000 (21:02 +0000)]
enginetest needs 'memset' defined.
Ulf Möller [Mon, 10 Sep 2001 20:16:31 +0000 (20:16 +0000)]
missed one file
Bodo Möller [Mon, 10 Sep 2001 18:59:53 +0000 (18:59 +0000)]
While ispell may not like it, "cancelling" may be spelt with two "l"s
Bodo Möller [Mon, 10 Sep 2001 18:50:09 +0000 (18:50 +0000)]
fix memory leak (I think)
Bodo Möller [Mon, 10 Sep 2001 18:49:25 +0000 (18:49 +0000)]
remove an old comment
Bodo Möller [Mon, 10 Sep 2001 18:47:33 +0000 (18:47 +0000)]
restore previous revision -- memory leak should be fixed in mem.c
Bodo Möller [Mon, 10 Sep 2001 18:13:16 +0000 (18:13 +0000)]
fix memory leak
Bodo Möller [Mon, 10 Sep 2001 17:46:54 +0000 (17:46 +0000)]
avoid warning ('const' discarded)
Bodo Möller [Mon, 10 Sep 2001 17:18:56 +0000 (17:18 +0000)]
exclude disabled message digests
Bodo Möller [Mon, 10 Sep 2001 17:12:31 +0000 (17:12 +0000)]
add AES ciphers
Bodo Möller [Mon, 10 Sep 2001 17:00:28 +0000 (17:00 +0000)]
Update so that progs.h can indeed be automatically generated
(Working file: progs.h
revision 1.24
date: 2001/02/19 16:06:03; author: levitte; state: Exp; lines: +59 -59
Make all configuration macros available for application by making
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
[...])
Bodo Möller [Mon, 10 Sep 2001 16:57:06 +0000 (16:57 +0000)]
typo
Bodo Möller [Mon, 10 Sep 2001 15:03:08 +0000 (15:03 +0000)]
comments
Bodo Möller [Mon, 10 Sep 2001 15:00:30 +0000 (15:00 +0000)]
Get rid of hazardous EVP_DigestInit_dbg/EVP_DigestInit case
distinction (which does not work well because if CRYPTO_MDEBUG is
defined at library compile time, it is not necessarily defined at
application compile time; and memory debugging now can be reconfigured
at run-time anyway). To get the intended semantics, we could just use
the EVP_DigestInit_dbg unconditionally (which uses the caller's
__FILE__ and __LINE__ for memory leak debugging), but this would make
memory debugging inconsistent. Instead, callers can use
CRYPTO_push_info() to track down memory leaks.
Bodo Möller [Mon, 10 Sep 2001 14:59:17 +0000 (14:59 +0000)]
Get rid of hazardous EVP_DigestInit_dbg/EVP_DigestInit case
distinction (which does not work well because if CRYPTO_MDEBUG is
defined at library compile time, it is not necessarily defined at
application compile time; and memory debugging now can be reconfigured
at run-time anyway). To get the intended semantics, we could just use
the EVP_DigestInit_dbg unconditionally (which uses the caller's
__FILE__ and __LINE__ for memory leak debugging), but this would make
memory debugging inconsistent. Instead, callers can use
CRYPTO_push_info() to track down memory leaks.
Also fix indentation, and add OpenSSL copyright.
Bodo Möller [Mon, 10 Sep 2001 14:51:45 +0000 (14:51 +0000)]
copyright
Bodo Möller [Mon, 10 Sep 2001 14:51:19 +0000 (14:51 +0000)]
copyright
Bodo Möller [Mon, 10 Sep 2001 14:10:10 +0000 (14:10 +0000)]
Delete pointless casts
Bodo Möller [Mon, 10 Sep 2001 09:50:30 +0000 (09:50 +0000)]
Fix apps/openssl.c and ssl/ssltest.c so that they use
CRYPTO_set_mem_debug_options() instead of CRYPTO_dbg_set_options(),
which is the default implementation of the former and should usually
not be directly used by applications (at least if we assume that the
options accepted by the default implementation will also be meaningful
to any other implementations).
Also fix apps/openssl.c and ssl/ssltest such that environment variable
setting 'OPENSSL_DEBUG_MEMORY=off' actively disables the compiled-in
library defaults (i.e. such that CRYPTO_MDEBUG is ignored in this
case).
Lutz Jänicke [Sun, 9 Sep 2001 07:43:12 +0000 (07:43 +0000)]
Fix typo.
Dr. Stephen Henson [Sat, 8 Sep 2001 12:16:24 +0000 (12:16 +0000)]
Replace old (and invalid) copyright notice.
Dr. Stephen Henson [Sat, 8 Sep 2001 12:15:09 +0000 (12:15 +0000)]
Replace old (and invalid) copyright notice.
Bodo Möller [Fri, 7 Sep 2001 23:55:15 +0000 (23:55 +0000)]
The various hash #includes in rand_lcl.h *are* needed despite
<openssl/evp.h> is now used (MD_DIGEST_LENGTH definitions!).
No need to include such headers directly in md_rand.c.
Lutz Jänicke [Fri, 7 Sep 2001 13:22:41 +0000 (13:22 +0000)]
Support for OpenUNIX-8 (Boyd Lynn Gerber <gerberb@zenez.com>)
Lutz Jänicke [Fri, 7 Sep 2001 12:16:52 +0000 (12:16 +0000)]
Recognize OpenUNIX
Lutz Jänicke [Fri, 7 Sep 2001 12:13:10 +0000 (12:13 +0000)]
Recognize OpenUNIX-8 with compiler
Ben Laurie [Fri, 7 Sep 2001 12:03:24 +0000 (12:03 +0000)]
Add a cleanup function for MDs.
Ben Laurie [Fri, 7 Sep 2001 11:45:42 +0000 (11:45 +0000)]
Look up MD5 by name.
Ben Laurie [Fri, 7 Sep 2001 11:44:59 +0000 (11:44 +0000)]
Remove duplication.
Ben Laurie [Fri, 7 Sep 2001 11:44:17 +0000 (11:44 +0000)]
Now need sha.h for some reason.
Ben Laurie [Fri, 7 Sep 2001 11:43:30 +0000 (11:43 +0000)]
Redo type-safety fix.
Ulf Möller [Fri, 7 Sep 2001 06:39:38 +0000 (06:39 +0000)]
ispell
Ulf Möller [Fri, 7 Sep 2001 06:13:40 +0000 (06:13 +0000)]
ispell
Ulf Möller [Fri, 7 Sep 2001 04:32:11 +0000 (04:32 +0000)]
make update
Ulf Möller [Fri, 7 Sep 2001 04:14:48 +0000 (04:14 +0000)]
make engine file names unique in 8.3
Lutz Jänicke [Thu, 6 Sep 2001 19:25:56 +0000 (19:25 +0000)]
Completely reworked SVR5 shared library support.
Ulf Möller [Thu, 6 Sep 2001 17:02:33 +0000 (17:02 +0000)]
unused function
Ulf Möller [Thu, 6 Sep 2001 16:25:34 +0000 (16:25 +0000)]
include the proper header file
Ulf Möller [Thu, 6 Sep 2001 16:24:29 +0000 (16:24 +0000)]
double definition
Lutz Jänicke [Thu, 6 Sep 2001 14:28:35 +0000 (14:28 +0000)]
Even more corrections for OpenUNIX 8
Bodo Möller [Thu, 6 Sep 2001 13:09:00 +0000 (13:09 +0000)]
Avoid strdup.
(Some platforms need _XOPEN_SOURCE and _XOPEN_SOURCE_EXTENDED to get
the declaration, but on other platforms _XOPEN_SOURCE disables
the strdup declaration in <string.h>.)
Lutz Jänicke [Thu, 6 Sep 2001 12:48:16 +0000 (12:48 +0000)]
Sort out mess of colons...
Lutz Jänicke [Thu, 6 Sep 2001 12:39:00 +0000 (12:39 +0000)]
Support for shared libraries on Unixware-7 and OpenUNIX-8
(Boyd Lynn Gerber <gerberb@zenez.com>).
Bodo Möller [Thu, 6 Sep 2001 12:37:36 +0000 (12:37 +0000)]
Totally get rid of CRYPTO_LOCK_ERR_HASH.
In err.c, flags int_error_hash_set and int_thread_hash_set
appear superfluous since we can just as well initialize
int_error_hash and int_thread_hash to NULL.
Change some of the err.c formatting to conform with the rest of
OpenSSL.
Lutz Jänicke [Thu, 6 Sep 2001 12:30:17 +0000 (12:30 +0000)]
Build shared libraries on Unixware-7 and OpenUNIX-8 in old (pre-0.9.7)
style (Boyd Lynn Gerber <gerberb@zenez.com>.