oweals/openssl.git
22 years agoRephrase statement on the security of two-key 3DES.
Bodo Möller [Tue, 5 Mar 2002 15:29:30 +0000 (15:29 +0000)]
Rephrase statement on the security of two-key 3DES.

  [Chosen plaintext attack: R. Merkle, M. Hellman: "On the Security of
  Multiple Encryption", CACM 24 (1981) pp. 465-467, p. 776.

  Known plaintext angriff: P.C. van Oorschot, M. Wiener: "A
  known-plaintext attack on two-key triple encryption", EUROCRYPT '90.]

22 years agofix 'ecdsaparam -C'
Bodo Möller [Tue, 5 Mar 2002 15:17:17 +0000 (15:17 +0000)]
fix 'ecdsaparam -C'

22 years agofix printf call
Bodo Möller [Tue, 5 Mar 2002 15:05:00 +0000 (15:05 +0000)]
fix printf call

22 years agotypo
Bodo Möller [Tue, 5 Mar 2002 14:58:53 +0000 (14:58 +0000)]
typo

22 years agofix 'ecdsaparam -C' output
Bodo Möller [Tue, 5 Mar 2002 14:56:17 +0000 (14:56 +0000)]
fix 'ecdsaparam -C' output

Submitted by: Nils Larsch

22 years agoMake sure the type accessed by the LONG and ZLONG ASN1 type
Dr. Stephen Henson [Tue, 5 Mar 2002 13:48:51 +0000 (13:48 +0000)]
Make sure the type accessed by the LONG and ZLONG ASN1 type
is really a long, to avoid problems on platforms where
sizeof(int) != sizeof(long).

22 years agomore X9.62 OIDs
Bodo Möller [Tue, 5 Mar 2002 12:39:19 +0000 (12:39 +0000)]
more X9.62 OIDs

Submitted by: Nils Larsch <nla@trustcenter.de>

22 years agodisable '#ifdef DEBUG' code
Bodo Möller [Tue, 5 Mar 2002 12:37:35 +0000 (12:37 +0000)]
disable '#ifdef DEBUG' code

22 years agoProvide a pre 0.9.7 compatibility mapping if
Richard Levitte [Tue, 5 Mar 2002 11:26:03 +0000 (11:26 +0000)]
Provide a pre 0.9.7 compatibility mapping if
OPENSSL_DES_PRE_0_9_7_COMPATIBILITY is defined.  NOT AT ALL TESTED YET!
Add a comment as to the libdes compatibility.

22 years agoNew configuration targets for OpenBSD, handed to me by Bob Beck <beck@openbsd.org>
Richard Levitte [Tue, 5 Mar 2002 09:43:18 +0000 (09:43 +0000)]
New configuration targets for OpenBSD, handed to me by Bob Beck <beck@openbsd.org>

22 years ago'#if OPENSSL_VERSION_NUMBER >= ...' to document the recent change
Bodo Möller [Tue, 5 Mar 2002 09:07:16 +0000 (09:07 +0000)]
'#if OPENSSL_VERSION_NUMBER >= ...' to document the recent change

22 years agoTypo. In DCL, the continuation character is a dash at the end of the
Richard Levitte [Mon, 4 Mar 2002 18:07:59 +0000 (18:07 +0000)]
Typo.  In DCL, the continuation character is a dash at the end of the
line, which I forgot when spliting one.

22 years agoRename des_SPtrans to DES_SPtrans to differentiate from libdes and avoid certain...
Richard Levitte [Mon, 4 Mar 2002 16:08:13 +0000 (16:08 +0000)]
Rename des_SPtrans to DES_SPtrans to differentiate from libdes and avoid certain linkage clashes.

22 years agoMake it so one can select tests from within the test directory
Richard Levitte [Mon, 4 Mar 2002 15:58:38 +0000 (15:58 +0000)]
Make it so one can select tests from within the test directory

22 years agoFix warnings about signed/unsigned mismatch and global
Dr. Stephen Henson [Sun, 3 Mar 2002 17:08:20 +0000 (17:08 +0000)]
Fix warnings about signed/unsigned mismatch and global
shadowing (random, index) in hw_4758_cca.c

22 years agoThis change was only made in 0.9.7-stable. Synchronise
Richard Levitte [Sun, 3 Mar 2002 01:25:21 +0000 (01:25 +0000)]
This change was only made in 0.9.7-stable.  Synchronise

22 years agoRemove the perl/ subdirectory. It hasn't been worked on for ages, is
Richard Levitte [Thu, 28 Feb 2002 22:07:50 +0000 (22:07 +0000)]
Remove the perl/ subdirectory.  It hasn't been worked on for ages, is
very broken, and there are working modules in CPAN, which makes our
module even more moot.

22 years agomake update
Richard Levitte [Thu, 28 Feb 2002 20:29:20 +0000 (20:29 +0000)]
make update

22 years agouse ERR_peek_last_error() instead of ERR_peek_error()
Bodo Möller [Thu, 28 Feb 2002 14:07:37 +0000 (14:07 +0000)]
use ERR_peek_last_error() instead of ERR_peek_error()

22 years agouse ERR_peek_last_error() instead of ERR_peek_error() to ignore
Bodo Möller [Thu, 28 Feb 2002 14:05:13 +0000 (14:05 +0000)]
use ERR_peek_last_error() instead of ERR_peek_error() to ignore
any other errors that may be left in the error queue

Submitted by: Jeffrey Altman

22 years agoVMS addaptation, including a few more long names that needed hacking.
Richard Levitte [Thu, 28 Feb 2002 13:17:40 +0000 (13:17 +0000)]
VMS addaptation, including a few more long names that needed hacking.

22 years agoMake sure aep_close_connection() is declared and has a prototype that's
Richard Levitte [Thu, 28 Feb 2002 12:58:43 +0000 (12:58 +0000)]
Make sure aep_close_connection() is declared and has a prototype that's
consistent with the rest of the AEP functions

22 years agoIncrease internal security when using strncpy, by making sure the resulting string...
Richard Levitte [Thu, 28 Feb 2002 12:42:19 +0000 (12:42 +0000)]
Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated

22 years agoUpdated AEP engine, submitted by Diarmuid O'Neill <Diarmuid.ONeill@aep.ie>
Richard Levitte [Thu, 28 Feb 2002 11:36:38 +0000 (11:36 +0000)]
Updated AEP engine, submitted by Diarmuid O'Neill <Diarmuid.ONeill@aep.ie>

22 years agoDocument the added modes for AES
Richard Levitte [Thu, 28 Feb 2002 11:29:55 +0000 (11:29 +0000)]
Document the added modes for AES

22 years agoAdd 'void *' argument to app_verify_callback.
Bodo Möller [Thu, 28 Feb 2002 10:52:56 +0000 (10:52 +0000)]
Add 'void *' argument to app_verify_callback.

Submitted by: D. K. Smetters <smetters@parc.xerox.com>
Reviewed by: Bodo Moeller

22 years agodisable '#ifdef DEBUG' sections
Bodo Möller [Thu, 28 Feb 2002 10:51:56 +0000 (10:51 +0000)]
disable '#ifdef DEBUG' sections

22 years agoThis adds a new ENGINE to support IBM 4758 cards, contributed by Maurice
Geoff Thorpe [Wed, 27 Feb 2002 22:55:28 +0000 (22:55 +0000)]
This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice
Gittens.

22 years agoFix the fix (Yoram Zahavi)...
Lutz Jänicke [Wed, 27 Feb 2002 11:23:05 +0000 (11:23 +0000)]
Fix the fix (Yoram Zahavi)...

22 years agoSSL_clear != SSL_free/SSL_new
Lutz Jänicke [Wed, 27 Feb 2002 08:08:57 +0000 (08:08 +0000)]
SSL_clear != SSL_free/SSL_new

22 years agoMake sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi).
Lutz Jänicke [Tue, 26 Feb 2002 21:40:09 +0000 (21:40 +0000)]
Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi).

22 years agoAlways init ctx_tmp in PKCS7_dataFinal since it is always cleaned up.
Dr. Stephen Henson [Tue, 26 Feb 2002 19:33:24 +0000 (19:33 +0000)]
Always init ctx_tmp in PKCS7_dataFinal since it is always cleaned up.

22 years agomake update, after moving around symbols in libeay.num to match
Richard Levitte [Tue, 26 Feb 2002 14:41:29 +0000 (14:41 +0000)]
make update, after moving around symbols in libeay.num to match
0.9.7-stable.

22 years agoFix new -aes command argument handling
Dr. Stephen Henson [Tue, 26 Feb 2002 13:46:55 +0000 (13:46 +0000)]
Fix new -aes command argument handling

22 years agoMake the engine config module always add dynamic ENGINEs
Dr. Stephen Henson [Sun, 24 Feb 2002 16:20:50 +0000 (16:20 +0000)]
Make the engine config module always add dynamic ENGINEs
to the list using dynamic_path. This stops ENGINEs which
don't supply any default algorithms being automatically
freed (because they have no references) and allows them
to be accessed by id.

Alternative dynamic loading behaviour can be achieved by
issuing the dynamic ENGINE ctrls separately in the config file.

22 years agoUpdates from stable branch.
Dr. Stephen Henson [Sat, 23 Feb 2002 13:50:29 +0000 (13:50 +0000)]
Updates from stable branch.

22 years agoNew OPENSSL_LOAD_CONF define to load openssl.cnf
Dr. Stephen Henson [Sat, 23 Feb 2002 01:00:44 +0000 (01:00 +0000)]
New OPENSSL_LOAD_CONF define to load openssl.cnf
when OpenSSL_add_all_algorithms() is called.

22 years agoFix for AIX.
Dr. Stephen Henson [Fri, 22 Feb 2002 21:26:25 +0000 (21:26 +0000)]
Fix for AIX.

Submitted by Dawn Whiteside <dwhitesi@tiercel.uwaterloo.ca>

22 years agonon-Monolith fixes.
Dr. Stephen Henson [Fri, 22 Feb 2002 21:21:18 +0000 (21:21 +0000)]
non-Monolith fixes.

Submitted by Andrew W. Gray <agray@iconsinc.com>

22 years agomake errors
Dr. Stephen Henson [Fri, 22 Feb 2002 21:17:31 +0000 (21:17 +0000)]
make errors

22 years agoUpdate from stable branch.
Dr. Stephen Henson [Fri, 22 Feb 2002 14:07:35 +0000 (14:07 +0000)]
Update from stable branch.

22 years agoConfig code updates.
Dr. Stephen Henson [Fri, 22 Feb 2002 14:01:21 +0000 (14:01 +0000)]
Config code updates.

CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.

22 years agoWe have AES support in openssl speed
Richard Levitte [Thu, 21 Feb 2002 17:23:04 +0000 (17:23 +0000)]
We have AES support in openssl speed

22 years agodisable '#ifdef DEBUG' sections
Bodo Möller [Thu, 21 Feb 2002 13:07:44 +0000 (13:07 +0000)]
disable '#ifdef DEBUG' sections

22 years agoConfig file updates from stable branch
Dr. Stephen Henson [Thu, 21 Feb 2002 00:54:54 +0000 (00:54 +0000)]
Config file updates from stable branch

22 years agoAdd AES support in the applications that support -des and -des3.
Richard Levitte [Wed, 20 Feb 2002 18:03:07 +0000 (18:03 +0000)]
Add AES support in the applications that support -des and -des3.

22 years agoAdd comfy aliases for AES in CBC mode.
Richard Levitte [Wed, 20 Feb 2002 17:59:49 +0000 (17:59 +0000)]
Add comfy aliases for AES in CBC mode.

22 years agoStop assuming the IV is 8 bytes long, use the real size instead.
Richard Levitte [Wed, 20 Feb 2002 17:55:08 +0000 (17:55 +0000)]
Stop assuming the IV is 8 bytes long, use the real size instead.
This is especially important for AES that has a 16 bytes IV.

22 years agoIncluding openssl/e_os.h in the OpenSSL 0.9.6 branch is legal, since
Richard Levitte [Wed, 20 Feb 2002 14:07:07 +0000 (14:07 +0000)]
Including openssl/e_os.h in the OpenSSL 0.9.6 branch is legal, since
it's exported.  Changing that is a BIG step, which has been done in
0.9.7-dev.

22 years agogcc figures that the format specifier %2x means unsigned int, so let's
Richard Levitte [Wed, 20 Feb 2002 13:50:36 +0000 (13:50 +0000)]
gcc figures that the format specifier %2x means unsigned int, so let's
make n unsigned.

22 years agoInstead of casting a lvalue, let's constify meth.
Richard Levitte [Wed, 20 Feb 2002 13:49:17 +0000 (13:49 +0000)]
Instead of casting a lvalue, let's constify meth.

22 years agoUpdate the status on 64-bit thingy.
Richard Levitte [Wed, 20 Feb 2002 13:19:59 +0000 (13:19 +0000)]
Update the status on 64-bit thingy.

22 years agosimplifications
Bodo Möller [Wed, 20 Feb 2002 13:08:17 +0000 (13:08 +0000)]
simplifications

Submitted by: Nils Larsch

22 years agotypo
Bodo Möller [Wed, 20 Feb 2002 12:38:00 +0000 (12:38 +0000)]
typo

22 years agoAdd reports on checked 64-bit platforms and make space to add platforms that need...
Richard Levitte [Wed, 20 Feb 2002 12:31:23 +0000 (12:31 +0000)]
Add reports on checked 64-bit platforms and make space to add platforms that need to be checked

22 years agoWith Compaq make, it seems like # inside an action becomes part of the command, not...
Richard Levitte [Wed, 20 Feb 2002 12:16:17 +0000 (12:16 +0000)]
With Compaq make, it seems like # inside an action becomes part of the command, not a comment at all

22 years agoInstead of just checking for OpenVMS, check if DEC C is used, since it's as
Richard Levitte [Wed, 20 Feb 2002 12:01:24 +0000 (12:01 +0000)]
Instead of just checking for OpenVMS, check if DEC C is used, since it's as
picky on all platforms

22 years agobugfix: allocate sufficiently large buffer
Bodo Möller [Wed, 20 Feb 2002 11:59:42 +0000 (11:59 +0000)]
bugfix: allocate sufficiently large buffer

Submitted by: Nils Larsch

22 years agoComparing a pointer (data) with 0 using > is incorrect. The changed
Richard Levitte [Wed, 20 Feb 2002 11:57:33 +0000 (11:57 +0000)]
Comparing a pointer (data) with 0 using > is incorrect.  The changed
comparison doesn't look right, but at least it compiles.  It would be nice
if the one who knows what this is supposed to do changed it to do it correctly

22 years agoWith Compaq make, it seems like # inside an action becomes part of the command, not...
Richard Levitte [Wed, 20 Feb 2002 11:43:40 +0000 (11:43 +0000)]
With Compaq make, it seems like # inside an action becomes part of the command, not a comment at all

22 years agoDon't shadow already defined variables
Richard Levitte [Wed, 20 Feb 2002 11:42:42 +0000 (11:42 +0000)]
Don't shadow already defined variables

22 years agomake update
Geoff Thorpe [Wed, 20 Feb 2002 08:33:55 +0000 (08:33 +0000)]
make update

22 years agoA rough little self-test for tunala. This runs through all cipher-suite /
Geoff Thorpe [Wed, 20 Feb 2002 05:12:45 +0000 (05:12 +0000)]
A rough little self-test for tunala. This runs through all cipher-suite /
SSL/TLS version combinations looking for mishaps.

22 years agoMake the "ungunk" logic a little more robust.
Geoff Thorpe [Wed, 20 Feb 2002 05:09:22 +0000 (05:09 +0000)]
Make the "ungunk" logic a little more robust.

22 years ago- Add support for cipher suites that require a temporary RSA key for
Geoff Thorpe [Wed, 20 Feb 2002 05:02:50 +0000 (05:02 +0000)]
- Add support for cipher suites that require a temporary RSA key for
  key-agreement.
- Tolerate signal interruptions of select().

22 years agoOh, and since config figures out that we run Cygwin and what versions,
Richard Levitte [Sat, 16 Feb 2002 22:31:16 +0000 (22:31 +0000)]
Oh, and since config figures out that we run Cygwin and what versions,
let's recommend running config instead of a manual Configure.

22 years agoSince Cygwin is the proper spelling, let's change to that everywhere.
Richard Levitte [Sat, 16 Feb 2002 22:28:31 +0000 (22:28 +0000)]
Since Cygwin is the proper spelling, let's change to that everywhere.
Also, with the change in Configure, it now knows on it's own if
threads are supported or not.

22 years agoCygwin target name has been changed!
Ulf Möller [Sat, 16 Feb 2002 16:53:25 +0000 (16:53 +0000)]
Cygwin target name has been changed!

22 years agoThe AES modes OFB and CFB are defined with 128 feedback bits. This
Richard Levitte [Sat, 16 Feb 2002 12:39:07 +0000 (12:39 +0000)]
The AES modes OFB and CFB are defined with 128 feedback bits.  This
deviates from the "standard" 64 bits of feedback that all other
algorithms are using.  Therefore, let's redo certain EVP macros to
accept different amounts of feedback bits for these modes.

Also, change e_aes.c to provide all usually available modes for AES.
CTR isn't included yet.

22 years agoAdd the modes OFB128, CFB128 and CTR128 to AES.
Richard Levitte [Sat, 16 Feb 2002 12:20:34 +0000 (12:20 +0000)]
Add the modes OFB128, CFB128 and CTR128 to AES.
Submitted by Stephen Sprunk <stephen@sprunk.org>

22 years agoAdjust the NID names for the AES modes OFB and CFB to contain the number
Richard Levitte [Sat, 16 Feb 2002 12:15:30 +0000 (12:15 +0000)]
Adjust the NID names for the AES modes OFB and CFB to contain the number
of feedback bits

22 years agoThe macro IMPLEMENT_ASN1_FUNCTIONS_const already contains an ending ;,
Richard Levitte [Sat, 16 Feb 2002 12:03:25 +0000 (12:03 +0000)]
The macro IMPLEMENT_ASN1_FUNCTIONS_const already contains an ending ;,
so do not add one after the expansion, since ANSI C doesn't allow ;;
at this level (or at least, so tells me gcc).

22 years agoLocal `time' shadows the global function `time()'. Rename the local
Richard Levitte [Sat, 16 Feb 2002 12:01:13 +0000 (12:01 +0000)]
Local `time' shadows the global function `time()'.  Rename the local
variable to `tim' (and, as a matter of consequence, `time_d' to `tim_d').

22 years agoMissing #endif
Richard Levitte [Sat, 16 Feb 2002 11:58:16 +0000 (11:58 +0000)]
Missing #endif

22 years agogcc chokes on C++ comments in C code.
Richard Levitte [Sat, 16 Feb 2002 11:57:25 +0000 (11:57 +0000)]
gcc chokes on C++ comments in C code.

22 years agoGive the linux-sparv9 target shared capability.
Richard Levitte [Fri, 15 Feb 2002 16:22:22 +0000 (16:22 +0000)]
Give the linux-sparv9 target shared capability.
Submitted by Ian Marsh <mushypea@dominion.net.uk>

22 years agoEven though it is not really practical people should know about it.
Lutz Jänicke [Fri, 15 Feb 2002 07:41:42 +0000 (07:41 +0000)]
Even though it is not really practical people should know about it.

22 years agofix indentation
Bodo Möller [Thu, 14 Feb 2002 16:08:55 +0000 (16:08 +0000)]
fix indentation

22 years agoAdd the configuration target VxWorks.
Richard Levitte [Thu, 14 Feb 2002 15:37:38 +0000 (15:37 +0000)]
Add the configuration target VxWorks.

22 years agomake it possible to disable memory checking for timings
Bodo Möller [Thu, 14 Feb 2002 14:41:13 +0000 (14:41 +0000)]
make it possible to disable memory checking for timings

22 years ago'-C' is still quite broken
Bodo Möller [Thu, 14 Feb 2002 14:30:20 +0000 (14:30 +0000)]
'-C' is still quite broken

22 years agofix '-C'
Bodo Möller [Thu, 14 Feb 2002 14:25:33 +0000 (14:25 +0000)]
fix '-C'

22 years agofix memory leak
Bodo Möller [Thu, 14 Feb 2002 14:21:49 +0000 (14:21 +0000)]
fix memory leak

22 years agomove ECDSA test right after EC test
Bodo Möller [Thu, 14 Feb 2002 14:03:32 +0000 (14:03 +0000)]
move ECDSA test right after EC test

22 years agodon't call OPENSSL_config(), this does not make any sense during "make test"
Bodo Möller [Thu, 14 Feb 2002 13:51:20 +0000 (13:51 +0000)]
don't call OPENSSL_config(), this does not make any sense during "make test"

22 years agoMake sure memset() is defined by including string.h
Richard Levitte [Thu, 14 Feb 2002 13:51:04 +0000 (13:51 +0000)]
Make sure memset() is defined by including string.h
Notified by Oscar Jacobsson <oscar@jacobsson.org>

22 years agoFor some reason, getting the topmost error was done the same way as
Richard Levitte [Thu, 14 Feb 2002 13:45:26 +0000 (13:45 +0000)]
For some reason, getting the topmost error was done the same way as
getting the bottommost one.  I hope I understood correctly how this
should be done.  It seems to work when running evp_test in an
environment where it can't find openssl.cnf.

22 years agomake update, with libeay.num remade to match the 0.9.7-stable one.
Richard Levitte [Thu, 14 Feb 2002 13:43:30 +0000 (13:43 +0000)]
make update, with libeay.num remade to match the 0.9.7-stable one.

22 years agoThe Cygwin shared extension was shifted.
Richard Levitte [Thu, 14 Feb 2002 13:36:28 +0000 (13:36 +0000)]
The Cygwin shared extension was shifted.

22 years agoAt Corinna Vinschen's request, change CygWin32 to Cygwin
Richard Levitte [Thu, 14 Feb 2002 12:28:24 +0000 (12:28 +0000)]
At Corinna Vinschen's request, change CygWin32 to Cygwin

22 years agoEC_GROUP_get_group_by_name() is now called EC_GROUP_new_by_name()
Bodo Möller [Thu, 14 Feb 2002 10:23:20 +0000 (10:23 +0000)]
EC_GROUP_get_group_by_name() is now called EC_GROUP_new_by_name()

22 years agoFix warnings.
Ben Laurie [Thu, 14 Feb 2002 09:59:35 +0000 (09:59 +0000)]
Fix warnings.

22 years agoCorrect sh, please
Richard Levitte [Thu, 14 Feb 2002 02:20:34 +0000 (02:20 +0000)]
Correct sh, please

22 years agoECDSA support
Bodo Möller [Wed, 13 Feb 2002 18:21:51 +0000 (18:21 +0000)]
ECDSA support

Submitted by: Nils Larsch <nla@trustcenter.de>

22 years agosome modifications to named curve support
Bodo Möller [Wed, 13 Feb 2002 17:57:52 +0000 (17:57 +0000)]
some modifications to named curve support

22 years agoModify the main trunk version to 0.9.8-dev.
Richard Levitte [Wed, 13 Feb 2002 17:46:38 +0000 (17:46 +0000)]
Modify the main trunk version to 0.9.8-dev.
0.9.7 now lives in the branch OpenSSL_0_9_7-stable.

22 years agonew locks
Bodo Möller [Wed, 13 Feb 2002 17:25:27 +0000 (17:25 +0000)]
new locks

22 years agoadd support for named curves
Bodo Möller [Wed, 13 Feb 2002 17:22:59 +0000 (17:22 +0000)]
add support for named curves

Submitted by: Nils Larsch <nla@trustcenter.de>

22 years agoUpdate the configuration of CygWin32 to use the new capabilities of
Richard Levitte [Wed, 13 Feb 2002 14:44:33 +0000 (14:44 +0000)]
Update the configuration of CygWin32 to use the new capabilities of
CygWin 1.3.x, which includes thread and shared library support.

Submitted by Corinna Vinschen <vinschen@redhat.com> and modified a
little bit.

22 years agoWe should implement a countermeasure against the predictable-IV CBC
Bodo Möller [Wed, 13 Feb 2002 10:21:25 +0000 (10:21 +0000)]
We should implement a countermeasure against the predictable-IV CBC
weakness in SSL/TLS