Skip to content
  1. Jul 29, 2000
    • Bodo Möller's avatar
      Fix SSL 2.0 rollback checking: The previous implementation of the · 37569e64
      Bodo Möller authored
      test was never triggered due to an off-by-one error.
      
      In s23_clnt.c, don't use special rollback-attack detection padding
      (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
      client; similarly, in s23_srvr.c, don't do the rollback check if
      SSL 2.0 is the only protocol enabled in the server.
      37569e64
  2. Jul 28, 2000
    • Dr. Stephen Henson's avatar
      · a657546f
      Dr. Stephen Henson authored
      New ASN1_STRING_print_ex() and X509_NAME_print_ex()
      functions. These are intended to be replacements
      for the ancient ASN1_STRING_print() and X509_NAME_print()
      functions.
      
      The new functions support RFC2253 and various pretty
      printing options. It is also possible to display
      international characters if the terminal properly handles
      UTF8 encoding (Linux seems to tolerate this if the
      "unicode_start" script is run).
      
      Still needs to be documented, integrated into other
      utilities and extensively tested.
      a657546f
  3. Jul 27, 2000
  4. Jul 26, 2000
  5. Jul 21, 2000
    • Bodo Möller's avatar
      crypto/err.c bugfix · fa729135
      Bodo Möller authored
      fa729135
    • Richard Levitte's avatar
      Redo and enhance the support for building shared libraries. Currently · b436a982
      Richard Levitte authored
      there's support for building under Linux and True64 (using examples
      from the programming manuals), including versioning that is currently
      the same as OpenSSL versions but should really be a different series.
      
      With this change, it's up to the users to decide if they want shared
      libraries as well as the static ones.  This decision now has to be
      done at configuration time (well, not really, those who know what they
      do can still do it the same way as before).
      
      The OpenSSL programs (openssl and the test programs) are currently
      always linked statically, but this may change in the future in a
      configurable manner.  The necessary makefile variables to enable this
      are in place.
      
      Also note that I have done absolutely nothing about the Windows target
      to get something similar.  On the other hand, DLLs are already the
      default there, but without versioning, and I've no idea what the
      possibilities for such a thing are there...
      b436a982
  6. Jul 19, 2000
  7. Jul 12, 2000
    • Dr. Stephen Henson's avatar
      · fd13f0ee
      Dr. Stephen Henson authored
      Make req seed the PRNG if signing with
      an already existing DSA key.
      
      Document the new smime options.
      fd13f0ee
  8. Jul 10, 2000
    • Dr. Stephen Henson's avatar
      Fix some typose in the i2d/d2i functions that · 094fe66d
      Dr. Stephen Henson authored
      call the i2c/c2i (they were not using the
      content length for the headers).
      
      Fix ASN1 long form tag encoding. This never
      worked but it was never tested since it is
      only used for tags > 30.
      
      New options to smime program to allow the
      PKCS#7 format to be specified and the content
      supplied externally.
      094fe66d
  9. Jul 07, 2000
    • Dr. Stephen Henson's avatar
      · a338e21b
      Dr. Stephen Henson authored
      New ASN1 functions that just deal with
      content octets, not tag+length.
      a338e21b
  10. Jul 05, 2000
  11. Jun 28, 2000
  12. Jun 23, 2000
  13. Jun 22, 2000
  14. Jun 21, 2000
    • Dr. Stephen Henson's avatar
      · 13083215
      Dr. Stephen Henson authored
      Fixes for Win32 build.
      
      This is mostly a work around for the old VC++ problem
      that it treats func() as func(void).
      
      Various prototypes had been added to 'compare' function
      pointers that triggered this. This could be fixed by removing
      the prototype, adding function pointer casts to every call or
      changing the passed function to use the expected arguments.
      I mostly did the latter.
      
      The mkdef.pl script was modified to remove the typesafe
      functions which no longer exist.
      
      Oh and some functions called OPENSSL_freeLibrary() were
      changed back to FreeLibrary(), wonder how that happened :-)
      13083215
  15. Jun 20, 2000
    • Dr. Stephen Henson's avatar
      · 7ef82068
      Dr. Stephen Henson authored
      Handle ASN1_SET_OF and PKCS12_STACK_OF using function
      casts in the same way as STACK_OF.
      7ef82068
  16. Jun 16, 2000
    • Dr. Stephen Henson's avatar
      Safe stack reorganisation in terms of function casts. · 3aceb94b
      Dr. Stephen Henson authored
      After some messing around this seems to work but needs
      a few more tests. Working out the syntax for sk_set_cmp_func()
      (cast it to a function that itself returns a function pointer)
      was painful :-(
      
      Needs some testing to see what other compilers think of this
      syntax.
      
      Also needs similar stuff for ASN1_SET_OF etc etc.
      3aceb94b
  17. Jun 15, 2000
  18. Jun 11, 2000
  19. Jun 10, 2000
  20. Jun 08, 2000
  21. Jun 07, 2000
  22. Jun 03, 2000
  23. Jun 01, 2000
    • Geoff Thorpe's avatar
      This change will cause builds (by default) to not use different STACK · e41c8d6a
      Geoff Thorpe authored
      structures and functions for each stack type. The previous behaviour
      can be enabled by configuring with the "-DDEBUG_SAFESTACK" option.
      This will also cause "make update" (mkdef.pl in particular) to
      update the libeay.num and ssleay.num symbol tables with the number of
      extra functions DEBUG_SAFESTACK creates.
      
      The way this change works is to accompany each DECLARE_STACK_OF()
      macro with a set of "#define"d versions of the sk_##type##_***
      functions that ensures all the existing "type-safe" stack calls are
      precompiled into the underlying stack calls. The presence or abscence
      of the DEBUG_SAFESTACK symbol controls whether this block of
      "#define"s or the DECLARE_STACK_OF() macro is taking effect. The
      block of "#define"s is in turn generated and maintained by a perl
      script (util/mkstack.pl) that encompasses the block with delimiting
      C comments. This works in a similar way to the auto-generated error
      codes and, like the other such maintenance utilities, is invoked
      by the "make update" target.
      
      A long (but mundane) commit will follow this with the results of
      "make update" - this will include all the "#define" blocks for
      each DECLARE_STACK_OF() statement, along with stripped down
      libeay.num and ssleay.num files.
      e41c8d6a
    • Geoff Thorpe's avatar
      The previous commit to crypto/stack/*.[ch] pulled the type-safety strings · ccd86b68
      Geoff Thorpe authored
      yet tighter, and also put some heat on the rest of the library by
      insisting (correctly) that compare callbacks used in stacks are prototyped
      with "const" parameters. This has led to a depth-first explosion of
      compiler warnings in the code where 1 constification has led to 3 or 4
      more. Fortunately these have all been resolved to completion and the code
      seems cleaner as a result - in particular many of the _cmp() functions
      should have been prototyped with "const"s, and now are. There was one
      little problem however;
      
      X509_cmp() should by rights compare "const X509 *" pointers, and it is now
      declared as such. However, it's internal workings can involve
      recalculating hash values and extensions if they have not already been
      setup. Someone with a more intricate understanding of the flow control of
      X509 might be able to tighten this up, but for now - this seemed the
      obvious place to stop the "depth-first" constification of the code by
      using an evil cast (they have migrated all the way here from safestack.h).
      
      Fortunately, this is the only place in the code where this was required
      to complete these type-safety changes, and it's reasonably clear and
      commented, and seemed the least unacceptable of the options. Trying to
      take the constification further ends up exploding out considerably, and
      indeed leads directly into generalised ASN functions which are not likely
      to cooperate well with this.
      ccd86b68
  24. May 30, 2000
    • Bodo Möller's avatar
      Improve PRNG robustness. · 361ee973
      Bodo Möller authored
      361ee973
    • Dr. Stephen Henson's avatar
      · 49528751
      Dr. Stephen Henson authored
      More EVP cipher revision.
      
      Change EVP_SealInit() and EVP_OpenInit() to
      handle cipher parameters.
      
      Make it possible to set RC2 and RC5 params.
      
      Make RC2 ASN1 code use the effective key bits
      and not the key length.
      
      TODO: document how new API works.
      49528751
    • Dr. Stephen Henson's avatar
      Fourth phase EVP revision. · 57ae2e24
      Dr. Stephen Henson authored
      Declare ciphers in terms of macros. This reduces
      the amount of code and places each block cipher EVP
      definition in a single file instead of being spread
      over 4 files.
      57ae2e24
  25. May 28, 2000
  26. May 27, 2000
  27. May 26, 2000
    • Dr. Stephen Henson's avatar
      · 7f060601
      Dr. Stephen Henson authored
      Beginnings of EVP cipher overhaul. This should eventually
      enhance and tidy up the EVP interface.
      
      This patch adds initial support for variable length ciphers
      and changes S/MIME code to use this.
      
      Some other library functions need modifying to support use
      of modified cipher parameters.
      
      Also need to change all the cipher functions that should
      return error codes, but currenly don't.
      
      And of course it needs extensive testing...
      7f060601
  28. May 25, 2000