Dr. Stephen Henson [Wed, 3 Sep 2003 23:35:54 +0000 (23:35 +0000)]
Only accept a client certificate if the server requests
one, as required by SSL/TLS specs.
Richard Levitte [Thu, 14 Aug 2003 06:30:32 +0000 (06:30 +0000)]
Undo the change that left LD_LIBRARY_PATH unchanged. The errors I saw
weren't due to that, but to a change on the SCO machines I used for
testing, where my $PATH was suddenly incorrect.
Bodo Möller [Mon, 11 Aug 2003 18:56:50 +0000 (18:56 +0000)]
make sure no error is left in the queue that is intentionally ignored
Richard Levitte [Sat, 9 Aug 2003 09:30:39 +0000 (09:30 +0000)]
Typo, I had typed { instead of [.
Richard Levitte [Fri, 8 Aug 2003 09:36:46 +0000 (09:36 +0000)]
Some installations (currently, it's been noted on a sco5 system where
gcc is used to build with) don't take it too well if LD_LIBRARY_PATH
is messed with when linknig programs. I'm going to assume that it's
OK to leave it unchanged when linking non-shared.
Richard Levitte [Thu, 7 Aug 2003 11:57:45 +0000 (11:57 +0000)]
Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:
1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error.
2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot,
not CloseHandle.
Bodo Möller [Wed, 6 Aug 2003 10:40:19 +0000 (10:40 +0000)]
add OpenSSL license
fix typo
Bodo Möller [Mon, 21 Jul 2003 15:16:20 +0000 (15:16 +0000)]
tolerate extra data at end of client hello for SSL 3.0
Bodo Möller [Mon, 21 Jul 2003 14:58:32 +0000 (14:58 +0000)]
typo
Richard Levitte [Thu, 3 Jul 2003 21:43:50 +0000 (21:43 +0000)]
Add a slash so grep doesn't return both ./crypto/bio/bss_mem.o and
./crypto/mem.o when we're looking for mem.o.
Richard Levitte [Thu, 19 Jun 2003 19:04:17 +0000 (19:04 +0000)]
Document the last change.
PR: 587
Richard Levitte [Thu, 19 Jun 2003 18:55:53 +0000 (18:55 +0000)]
We set the export flag for 512 *bit* keys, not 512 *byte* ones.
PR: 587
Richard Levitte [Thu, 12 Jun 2003 06:56:45 +0000 (06:56 +0000)]
Incorrect patching removed.
Richard Levitte [Thu, 12 Jun 2003 01:04:09 +0000 (01:04 +0000)]
Typo.
PR: 584
Richard Levitte [Thu, 12 Jun 2003 00:56:30 +0000 (00:56 +0000)]
Make sure ssize_t is defined on SunOS4.
PR: 585
Richard Levitte [Thu, 12 Jun 2003 00:51:57 +0000 (00:51 +0000)]
Make sure DSO-dlfcn works properly on SunOS4.
PR: 585
Richard Levitte [Wed, 11 Jun 2003 18:46:22 +0000 (18:46 +0000)]
Remove debugging output that wasn't supposed to be committed in the first place.
Richard Levitte [Wed, 11 Jun 2003 18:43:47 +0000 (18:43 +0000)]
Make sure to NUL-terminate the string on end-of-file (and error)
PR: 643
Richard Levitte [Thu, 22 May 2003 09:35:46 +0000 (09:35 +0000)]
Correct a typo (basically, one can't just replace 'memset' with
'OPENSSL_cleanse', there's an argument to remove as well).
Richard Levitte [Wed, 21 May 2003 14:44:59 +0000 (14:44 +0000)]
String not properly NUL-terminated when no X509_NAME is given.
PR: 618
Richard Levitte [Wed, 21 May 2003 14:41:02 +0000 (14:41 +0000)]
Don't forget that strlen() doesn't include the ending NUL.
PR: 618
Richard Levitte [Wed, 21 May 2003 14:35:04 +0000 (14:35 +0000)]
Cleanse the MD context properly when done adding or getting random data.
PR: 619
Richard Levitte [Wed, 21 May 2003 14:29:22 +0000 (14:29 +0000)]
Fix sign bugs.
PR: 621
Bodo Möller [Tue, 22 Apr 2003 12:45:47 +0000 (12:45 +0000)]
fix typo
Submitted by: Nils Larsch
Richard Levitte [Thu, 17 Apr 2003 21:49:47 +0000 (21:49 +0000)]
Typo.
PR: 562
Richard Levitte [Wed, 16 Apr 2003 06:25:25 +0000 (06:25 +0000)]
Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.
Memory leak fix: RSA_blinding_on() would leave a dangling pointer in
rsa->blinding under certain circumstances.
Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.
Richard Levitte [Tue, 15 Apr 2003 13:01:43 +0000 (13:01 +0000)]
Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()
Richard Levitte [Thu, 10 Apr 2003 20:41:02 +0000 (20:41 +0000)]
The release is tagged, time to hope we won't have to work on 0.9.6k.
Richard Levitte [Thu, 10 Apr 2003 20:30:41 +0000 (20:30 +0000)]
I forgot to change the status bits to release.
This file will be retagged.
Richard Levitte [Thu, 10 Apr 2003 20:21:28 +0000 (20:21 +0000)]
Time to release 0.9.6j.
The ticket will be OpenSSL_0_9_6j.
Richard Levitte [Thu, 10 Apr 2003 20:11:28 +0000 (20:11 +0000)]
make update
Richard Levitte [Thu, 10 Apr 2003 20:07:51 +0000 (20:07 +0000)]
Add the change from HEAD that allows us to parse multi-line comments.
Richard Levitte [Thu, 10 Apr 2003 19:33:23 +0000 (19:33 +0000)]
new NEWS
Richard Levitte [Wed, 9 Apr 2003 06:49:01 +0000 (06:49 +0000)]
Make the same changes for svr5 shared library building as in
0.9.7-stable.
Richard Levitte [Wed, 9 Apr 2003 06:48:19 +0000 (06:48 +0000)]
Some ld implementations use LD_LIBRARY_PATH to find libraries, and
what's worse, they seem to use LD_LIBRARY_PATH as the first
directories to look into. This is documented in the manual page for
ld on OpenUNIX 8. Therefore, we need to hack LD_LIBRARY_PATH to
include the directory where the newly built libcrypto and libssl are.
Richard Levitte [Tue, 8 Apr 2003 11:07:09 +0000 (11:07 +0000)]
Include rand.h, so RAND_status() and friends get properly declared.
Bodo Möller [Wed, 2 Apr 2003 09:50:17 +0000 (09:50 +0000)]
make RSA blinding thread-safe
Richard Levitte [Thu, 27 Mar 2003 12:25:12 +0000 (12:25 +0000)]
Fix the problem with missing definition of THREADS on VMS.
Also produce a better configuration header file.
PR: 548
Bodo Möller [Thu, 20 Mar 2003 17:24:54 +0000 (17:24 +0000)]
PR:make sure RSA blinding works when the PRNG is not properly seeded;
enable it automatically only for the built-in engine
Ben Laurie [Thu, 20 Mar 2003 16:00:18 +0000 (16:00 +0000)]
Blinding fix.
Bodo Möller [Wed, 19 Mar 2003 19:20:30 +0000 (19:20 +0000)]
countermeasure against new Klima-Pokorny-Rosa atack
Bodo Möller [Tue, 18 Mar 2003 12:50:07 +0000 (12:50 +0000)]
fix formatting
Bodo Möller [Mon, 24 Feb 2003 17:46:46 +0000 (17:46 +0000)]
year 2003
Richard Levitte [Wed, 19 Feb 2003 12:56:04 +0000 (12:56 +0000)]
Release of 0.9.6i is tagged, let's pretend to move on to 0.9.6j.
Richard Levitte [Wed, 19 Feb 2003 12:34:21 +0000 (12:34 +0000)]
Time to release 0.9.6i.
The tag will be OpenSSL_0_9_6i.
Richard Levitte [Wed, 19 Feb 2003 12:04:07 +0000 (12:04 +0000)]
Security fix: Vaudenay timing attack on CBC.
An advisory will be posted to the web. Expect a release within the hour.
Richard Levitte [Wed, 19 Feb 2003 11:54:53 +0000 (11:54 +0000)]
Make sure the memory allocation routines check for negative sizes
Richard Levitte [Fri, 14 Feb 2003 05:20:32 +0000 (05:20 +0000)]
Change no_rmd160 to no_ripemd for consistency.
PR: 500
Bodo Möller [Wed, 12 Feb 2003 14:17:33 +0000 (14:17 +0000)]
comments
Bodo Möller [Wed, 5 Feb 2003 16:52:37 +0000 (16:52 +0000)]
typo in WIN16 section
Submitted by: Toni Andjelkovic <toni@soth.at>
Bodo Möller [Tue, 4 Feb 2003 12:57:51 +0000 (12:57 +0000)]
typo
Bodo Möller [Tue, 4 Feb 2003 12:26:30 +0000 (12:26 +0000)]
Update PRNG entry:
- OpenSSL version differences
- Sun /dev/urandom patch information
Richard Levitte [Tue, 14 Jan 2003 13:56:44 +0000 (13:56 +0000)]
Correct an example that has a few typos.
PR: 458
Bodo Möller [Mon, 13 Jan 2003 13:23:08 +0000 (13:23 +0000)]
fix release date (CHANGES as released with OpenSSL 0.9.6h on
2002-12-05 said '[21 Dec 2002]')
Bodo Möller [Mon, 13 Jan 2003 13:16:49 +0000 (13:16 +0000)]
typo
Richard Levitte [Sat, 28 Dec 2002 01:47:11 +0000 (01:47 +0000)]
A function returning int should really return an int, even if it exits
first...
Richard Levitte [Sat, 28 Dec 2002 01:46:21 +0000 (01:46 +0000)]
Make sure OPENSSL_cleanse is declared properly.
Richard Levitte [Sat, 21 Dec 2002 23:54:23 +0000 (23:54 +0000)]
Merge from HEAD...
Richard Levitte [Thu, 12 Dec 2002 18:43:29 +0000 (18:43 +0000)]
Skip DH-specific tests when no-dh has been configured.
PR: 353
Richard Levitte [Wed, 11 Dec 2002 08:56:38 +0000 (08:56 +0000)]
In CRYPTO_lock(), check that the application cares about locking (provided
callbacks) before attempting to lock.
Richard Levitte [Wed, 11 Dec 2002 08:33:34 +0000 (08:33 +0000)]
sk_*_push() returns the number of items on the stack, not the index of the
pushed item. The index is the number of items - 1. And if a NULL item was
found, actually use it.
Finally, provide a little bit of safety in CRYPTO_lock() by asserting the a
requested dynamic lock really must exist, instead of just being silent about it
Richard Levitte [Tue, 10 Dec 2002 08:28:16 +0000 (08:28 +0000)]
A memset() too many got converted into a OPENSSL_cleanse().
PR: 393
Lutz Jänicke [Mon, 9 Dec 2002 08:49:03 +0000 (08:49 +0000)]
Fix wrong URI.
Submitted by: assar@kth.se
Reviewed by:
PR: 390
Richard Levitte [Thu, 5 Dec 2002 22:53:30 +0000 (22:53 +0000)]
Update version to 0.9.6i, even if that's never going to be released.
Richard Levitte [Thu, 5 Dec 2002 22:44:12 +0000 (22:44 +0000)]
Small fault corrected
Richard Levitte [Thu, 5 Dec 2002 21:51:02 +0000 (21:51 +0000)]
make update
Richard Levitte [Thu, 5 Dec 2002 21:40:48 +0000 (21:40 +0000)]
Time to release OpenSSL 0.9.6h.
The tag will be OpenSSL_0_9_6h.
Richard Levitte [Thu, 5 Dec 2002 01:20:53 +0000 (01:20 +0000)]
Make sure using SSL_CERT_FILE actually works, and has priority over system defaults.
PR: 376
Richard Levitte [Wed, 4 Dec 2002 23:13:07 +0000 (23:13 +0000)]
Fixes for VxWorks. Are these needed for 0.9.7 and up as well?
PR: 374
Dr. Stephen Henson [Wed, 4 Dec 2002 23:08:08 +0000 (23:08 +0000)]
Include crypto.h to pull in definition of OPENSSL_cleanse in various
places.
Lutz Jänicke [Wed, 4 Dec 2002 13:30:16 +0000 (13:30 +0000)]
Missing ")"
Submitted by: Christian Hohnstaedt <chohnstaedt@innominate.com>
Reviewed by:
PR:
Richard Levitte [Wed, 4 Dec 2002 08:24:23 +0000 (08:24 +0000)]
A gcc 3.0 bug is triggered by our code. Add a section about it in PROBLEMS.
PR: 375
Richard Levitte [Tue, 3 Dec 2002 16:51:51 +0000 (16:51 +0000)]
EXIT() may mean return(). That's confusing, so let's have it really mean
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)
Richard Levitte [Tue, 3 Dec 2002 16:06:52 +0000 (16:06 +0000)]
Make CRYPTO_cleanse() independent of endianness.
Richard Levitte [Sun, 1 Dec 2002 01:23:13 +0000 (01:23 +0000)]
EXIT() needs to be in a function that returns int.
Richard Levitte [Fri, 29 Nov 2002 14:21:58 +0000 (14:21 +0000)]
Correct some names.
Richard Levitte [Fri, 29 Nov 2002 11:31:18 +0000 (11:31 +0000)]
A few more memset()s converted to OPENSSL_cleanse().
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343
Richard Levitte [Thu, 28 Nov 2002 18:56:18 +0000 (18:56 +0000)]
Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
always give the expected result on some platforms.
Richard Levitte [Thu, 28 Nov 2002 18:52:18 +0000 (18:52 +0000)]
Make sure EXIT() can always be used as one statement.
Richard Levitte [Thu, 28 Nov 2002 08:06:36 +0000 (08:06 +0000)]
Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.
Richard Levitte [Wed, 27 Nov 2002 13:45:38 +0000 (13:45 +0000)]
make update
Richard Levitte [Wed, 27 Nov 2002 12:24:54 +0000 (12:24 +0000)]
Add OPENSSL_cleanse() to help cleanse memory and avoid certain compiler
and linker optimizations.
PR: 343
cvs2svn [Wed, 27 Nov 2002 12:24:09 +0000 (12:24 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_6-stable'.
Richard Levitte [Wed, 27 Nov 2002 12:24:05 +0000 (12:24 +0000)]
Add OPENSSL_cleanse() to help cleanse memory and avoid certain compiler
and linker optimizations.
PR: 343
Richard Levitte [Tue, 26 Nov 2002 15:27:05 +0000 (15:27 +0000)]
I forgot that @ in strings must be escaped in Perl
Richard Levitte [Tue, 26 Nov 2002 11:14:38 +0000 (11:14 +0000)]
The logic in the main signing and verifying functions to check lengths was
incorrect. Fortunately, there is a second check that's correct, when adding
the pads.
PR: 355
Richard Levitte [Tue, 26 Nov 2002 11:14:32 +0000 (11:14 +0000)]
The logic in the main signing and verifying functions to check lengths was
incorrect. Fortunately, there is a second check that's correct, when adding
the pads.
PR: 355
Richard Levitte [Tue, 26 Nov 2002 10:11:58 +0000 (10:11 +0000)]
Heimdal isn't really supported right now. Say so, and offer a possibility
to force the use of Heimdal, and warn if that's used.
PR: 346
Richard Levitte [Tue, 26 Nov 2002 10:09:36 +0000 (10:09 +0000)]
Small bugfixes to the KSSL implementation.
PR: 349
Richard Levitte [Tue, 26 Nov 2002 09:19:17 +0000 (09:19 +0000)]
Heimdal isn't really supported right now. Say so, and offer a possibility
to force the use of Heimdal, and warn if that's used.
PR: 346
Bodo Möller [Sat, 23 Nov 2002 18:16:09 +0000 (18:16 +0000)]
rename some functions to improve consistency
Submitted by: Sheueling Chang
Bodo Möller [Fri, 22 Nov 2002 09:25:35 +0000 (09:25 +0000)]
add a comment
Richard Levitte [Fri, 22 Nov 2002 08:45:20 +0000 (08:45 +0000)]
Disable this module if OPENSSL_NO_SOCK is defined.
Richard Levitte [Fri, 22 Nov 2002 08:40:34 +0000 (08:40 +0000)]
Typo. OPENSSL_NO_ECDH, not NO_OPENSSL_ECDH
Richard Levitte [Thu, 21 Nov 2002 22:39:16 +0000 (22:39 +0000)]
Mention a current showstopper
Richard Levitte [Thu, 21 Nov 2002 22:39:08 +0000 (22:39 +0000)]
Mention a current showstopper
Bodo Möller [Wed, 20 Nov 2002 10:55:27 +0000 (10:55 +0000)]
avoid uninitialized memory read
Submitted by: Nils Larsch
Bodo Möller [Wed, 20 Nov 2002 10:53:33 +0000 (10:53 +0000)]
Make ec_GFp_simple_point_get_affine_coordinates() faster
for Montgomery representations.
Submitted by: Sheueling Chang, Bodo Moeller
Lutz Jänicke [Wed, 20 Nov 2002 10:48:58 +0000 (10:48 +0000)]
Fix bug introduced by the attempt to fix client side external session
caching (#288): now internal caching failed (#351):
Make sure, that cipher_id is set before comparing.
Submitted by:
Reviewed by:
PR: 288 (and 351)
Lutz Jänicke [Wed, 20 Nov 2002 10:48:05 +0000 (10:48 +0000)]
Fix bug introduced by the attempt to fix client side external session
caching (#288): now internal caching failed (#351):
Make sure, that cipher_id is set before comparing.
Submitted by:
Reviewed by:
PR: 288 (and 351)