oweals/openssl.git
21 years agoCorrect two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:
Richard Levitte [Thu, 7 Aug 2003 11:57:45 +0000 (11:57 +0000)]
Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:

1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error.
2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot,
   not CloseHandle.

21 years agoadd OpenSSL license
Bodo Möller [Wed, 6 Aug 2003 10:40:19 +0000 (10:40 +0000)]
add OpenSSL license

fix typo

21 years agotolerate extra data at end of client hello for SSL 3.0
Bodo Möller [Mon, 21 Jul 2003 15:16:20 +0000 (15:16 +0000)]
tolerate extra data at end of client hello for SSL 3.0

21 years agotypo
Bodo Möller [Mon, 21 Jul 2003 14:58:32 +0000 (14:58 +0000)]
typo

21 years agoAdd a slash so grep doesn't return both ./crypto/bio/bss_mem.o and
Richard Levitte [Thu, 3 Jul 2003 21:43:50 +0000 (21:43 +0000)]
Add a slash so grep doesn't return both ./crypto/bio/bss_mem.o and
./crypto/mem.o when we're looking for mem.o.

21 years agoDocument the last change.
Richard Levitte [Thu, 19 Jun 2003 19:04:17 +0000 (19:04 +0000)]
Document the last change.
PR: 587

21 years agoWe set the export flag for 512 *bit* keys, not 512 *byte* ones.
Richard Levitte [Thu, 19 Jun 2003 18:55:53 +0000 (18:55 +0000)]
We set the export flag for 512 *bit* keys, not 512 *byte* ones.
PR: 587

21 years agoIncorrect patching removed.
Richard Levitte [Thu, 12 Jun 2003 06:56:45 +0000 (06:56 +0000)]
Incorrect patching removed.

21 years agoTypo.
Richard Levitte [Thu, 12 Jun 2003 01:04:09 +0000 (01:04 +0000)]
Typo.
PR: 584

21 years agoMake sure ssize_t is defined on SunOS4.
Richard Levitte [Thu, 12 Jun 2003 00:56:30 +0000 (00:56 +0000)]
Make sure ssize_t is defined on SunOS4.
PR: 585

21 years agoMake sure DSO-dlfcn works properly on SunOS4.
Richard Levitte [Thu, 12 Jun 2003 00:51:57 +0000 (00:51 +0000)]
Make sure DSO-dlfcn works properly on SunOS4.
PR: 585

21 years agoRemove debugging output that wasn't supposed to be committed in the first place.
Richard Levitte [Wed, 11 Jun 2003 18:46:22 +0000 (18:46 +0000)]
Remove debugging output that wasn't supposed to be committed in the first place.

21 years agoMake sure to NUL-terminate the string on end-of-file (and error)
Richard Levitte [Wed, 11 Jun 2003 18:43:47 +0000 (18:43 +0000)]
Make sure to NUL-terminate the string on end-of-file (and error)
PR: 643

21 years agoCorrect a typo (basically, one can't just replace 'memset' with
Richard Levitte [Thu, 22 May 2003 09:35:46 +0000 (09:35 +0000)]
Correct a typo (basically, one can't just replace 'memset' with
'OPENSSL_cleanse', there's an argument to remove as well).

21 years agoString not properly NUL-terminated when no X509_NAME is given.
Richard Levitte [Wed, 21 May 2003 14:44:59 +0000 (14:44 +0000)]
String not properly NUL-terminated when no X509_NAME is given.
PR: 618

21 years agoDon't forget that strlen() doesn't include the ending NUL.
Richard Levitte [Wed, 21 May 2003 14:41:02 +0000 (14:41 +0000)]
Don't forget that strlen() doesn't include the ending NUL.
PR: 618

21 years agoCleanse the MD context properly when done adding or getting random data.
Richard Levitte [Wed, 21 May 2003 14:35:04 +0000 (14:35 +0000)]
Cleanse the MD context properly when done adding or getting random data.
PR: 619

21 years agoFix sign bugs.
Richard Levitte [Wed, 21 May 2003 14:29:22 +0000 (14:29 +0000)]
Fix sign bugs.
PR: 621

21 years agofix typo
Bodo Möller [Tue, 22 Apr 2003 12:45:47 +0000 (12:45 +0000)]
fix typo

Submitted by: Nils Larsch

21 years agoTypo.
Richard Levitte [Thu, 17 Apr 2003 21:49:47 +0000 (21:49 +0000)]
Typo.
PR: 562

21 years agoMemory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.
Richard Levitte [Wed, 16 Apr 2003 06:25:25 +0000 (06:25 +0000)]
Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.
Memory leak fix: RSA_blinding_on() would leave a dangling pointer in
                 rsa->blinding under certain circumstances.
Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.

21 years agoMemory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()
Richard Levitte [Tue, 15 Apr 2003 13:01:43 +0000 (13:01 +0000)]
Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()

21 years agoThe release is tagged, time to hope we won't have to work on 0.9.6k.
Richard Levitte [Thu, 10 Apr 2003 20:41:02 +0000 (20:41 +0000)]
The release is tagged, time to hope we won't have to work on 0.9.6k.

21 years agoI forgot to change the status bits to release. OpenSSL_0_9_6j
Richard Levitte [Thu, 10 Apr 2003 20:30:41 +0000 (20:30 +0000)]
I forgot to change the status bits to release.
This file will be retagged.

21 years agoTime to release 0.9.6j.
Richard Levitte [Thu, 10 Apr 2003 20:21:28 +0000 (20:21 +0000)]
Time to release 0.9.6j.
The ticket will be OpenSSL_0_9_6j.

21 years agomake update
Richard Levitte [Thu, 10 Apr 2003 20:11:28 +0000 (20:11 +0000)]
make update

21 years agoAdd the change from HEAD that allows us to parse multi-line comments.
Richard Levitte [Thu, 10 Apr 2003 20:07:51 +0000 (20:07 +0000)]
Add the change from HEAD that allows us to parse multi-line comments.

21 years agonew NEWS
Richard Levitte [Thu, 10 Apr 2003 19:33:23 +0000 (19:33 +0000)]
new NEWS

21 years agoMake the same changes for svr5 shared library building as in
Richard Levitte [Wed, 9 Apr 2003 06:49:01 +0000 (06:49 +0000)]
Make the same changes for svr5 shared library building as in
0.9.7-stable.

21 years agoSome ld implementations use LD_LIBRARY_PATH to find libraries, and
Richard Levitte [Wed, 9 Apr 2003 06:48:19 +0000 (06:48 +0000)]
Some ld implementations use LD_LIBRARY_PATH to find libraries, and
what's worse, they seem to use LD_LIBRARY_PATH as the first
directories to look into.  This is documented in the manual page for
ld on OpenUNIX 8.  Therefore, we need to hack LD_LIBRARY_PATH to
include the directory where the newly built libcrypto and libssl are.

21 years agoInclude rand.h, so RAND_status() and friends get properly declared.
Richard Levitte [Tue, 8 Apr 2003 11:07:09 +0000 (11:07 +0000)]
Include rand.h, so RAND_status() and friends get properly declared.

21 years agomake RSA blinding thread-safe
Bodo Möller [Wed, 2 Apr 2003 09:50:17 +0000 (09:50 +0000)]
make RSA blinding thread-safe

21 years agoFix the problem with missing definition of THREADS on VMS.
Richard Levitte [Thu, 27 Mar 2003 12:25:12 +0000 (12:25 +0000)]
Fix the problem with missing definition of THREADS on VMS.
Also produce a better configuration header file.
PR: 548

21 years agoPR:make sure RSA blinding works when the PRNG is not properly seeded;
Bodo Möller [Thu, 20 Mar 2003 17:24:54 +0000 (17:24 +0000)]
PR:make sure RSA blinding works when the PRNG is not properly seeded;
enable it automatically only for the built-in engine

21 years agoBlinding fix.
Ben Laurie [Thu, 20 Mar 2003 16:00:18 +0000 (16:00 +0000)]
Blinding fix.

21 years agocountermeasure against new Klima-Pokorny-Rosa atack
Bodo Möller [Wed, 19 Mar 2003 19:20:30 +0000 (19:20 +0000)]
countermeasure against new Klima-Pokorny-Rosa atack

21 years agofix formatting
Bodo Möller [Tue, 18 Mar 2003 12:50:07 +0000 (12:50 +0000)]
fix formatting

21 years agoyear 2003
Bodo Möller [Mon, 24 Feb 2003 17:46:46 +0000 (17:46 +0000)]
year 2003

21 years agoRelease of 0.9.6i is tagged, let's pretend to move on to 0.9.6j.
Richard Levitte [Wed, 19 Feb 2003 12:56:04 +0000 (12:56 +0000)]
Release of 0.9.6i is tagged, let's pretend to move on to 0.9.6j.

21 years agoTime to release 0.9.6i. OpenSSL_0_9_6i
Richard Levitte [Wed, 19 Feb 2003 12:34:21 +0000 (12:34 +0000)]
Time to release 0.9.6i.
The tag will be OpenSSL_0_9_6i.

21 years agoSecurity fix: Vaudenay timing attack on CBC.
Richard Levitte [Wed, 19 Feb 2003 12:04:07 +0000 (12:04 +0000)]
Security fix: Vaudenay timing attack on CBC.
An advisory will be posted to the web.  Expect a release within the hour.

21 years agoMake sure the memory allocation routines check for negative sizes
Richard Levitte [Wed, 19 Feb 2003 11:54:53 +0000 (11:54 +0000)]
Make sure the memory allocation routines check for negative sizes

21 years agoChange no_rmd160 to no_ripemd for consistency.
Richard Levitte [Fri, 14 Feb 2003 05:20:32 +0000 (05:20 +0000)]
Change no_rmd160 to no_ripemd for consistency.
PR: 500

21 years agocomments
Bodo Möller [Wed, 12 Feb 2003 14:17:33 +0000 (14:17 +0000)]
comments

21 years agotypo in WIN16 section
Bodo Möller [Wed, 5 Feb 2003 16:52:37 +0000 (16:52 +0000)]
typo in WIN16 section

Submitted by: Toni Andjelkovic <toni@soth.at>

21 years agotypo
Bodo Möller [Tue, 4 Feb 2003 12:57:51 +0000 (12:57 +0000)]
typo

21 years agoUpdate PRNG entry:
Bodo Möller [Tue, 4 Feb 2003 12:26:30 +0000 (12:26 +0000)]
Update PRNG entry:
- OpenSSL version differences
- Sun /dev/urandom patch information

21 years agoCorrect an example that has a few typos.
Richard Levitte [Tue, 14 Jan 2003 13:56:44 +0000 (13:56 +0000)]
Correct an example that has a few typos.
PR: 458

21 years agofix release date (CHANGES as released with OpenSSL 0.9.6h on
Bodo Möller [Mon, 13 Jan 2003 13:23:08 +0000 (13:23 +0000)]
fix release date (CHANGES as released with OpenSSL 0.9.6h on
2002-12-05 said '[21 Dec 2002]')

21 years agotypo
Bodo Möller [Mon, 13 Jan 2003 13:16:49 +0000 (13:16 +0000)]
typo

21 years agoA function returning int should really return an int, even if it exits
Richard Levitte [Sat, 28 Dec 2002 01:47:11 +0000 (01:47 +0000)]
A function returning int should really return an int, even if it exits
first...

21 years agoMake sure OPENSSL_cleanse is declared properly.
Richard Levitte [Sat, 28 Dec 2002 01:46:21 +0000 (01:46 +0000)]
Make sure OPENSSL_cleanse is declared properly.

21 years agoMerge from HEAD...
Richard Levitte [Sat, 21 Dec 2002 23:54:23 +0000 (23:54 +0000)]
Merge from HEAD...

21 years agoSkip DH-specific tests when no-dh has been configured.
Richard Levitte [Thu, 12 Dec 2002 18:43:29 +0000 (18:43 +0000)]
Skip DH-specific tests when no-dh has been configured.
PR: 353

21 years agoIn CRYPTO_lock(), check that the application cares about locking (provided
Richard Levitte [Wed, 11 Dec 2002 08:56:38 +0000 (08:56 +0000)]
In CRYPTO_lock(), check that the application cares about locking (provided
callbacks) before attempting to lock.

21 years agosk_*_push() returns the number of items on the stack, not the index of the
Richard Levitte [Wed, 11 Dec 2002 08:33:34 +0000 (08:33 +0000)]
sk_*_push() returns the number of items on the stack, not the index of the
pushed item.  The index is the number of items - 1.  And if a NULL item was
found, actually use it.
Finally, provide a little bit of safety in CRYPTO_lock() by asserting the a
requested dynamic lock really must exist, instead of just being silent about it

21 years agoA memset() too many got converted into a OPENSSL_cleanse().
Richard Levitte [Tue, 10 Dec 2002 08:28:16 +0000 (08:28 +0000)]
A memset() too many got converted into a OPENSSL_cleanse().
PR: 393

21 years agoFix wrong URI.
Lutz Jänicke [Mon, 9 Dec 2002 08:49:03 +0000 (08:49 +0000)]
Fix wrong URI.
Submitted by: assar@kth.se
Reviewed by:
PR: 390

22 years agoUpdate version to 0.9.6i, even if that's never going to be released.
Richard Levitte [Thu, 5 Dec 2002 22:53:30 +0000 (22:53 +0000)]
Update version to 0.9.6i, even if that's never going to be released.

22 years agoSmall fault corrected OpenSSL_0_9_6h
Richard Levitte [Thu, 5 Dec 2002 22:44:12 +0000 (22:44 +0000)]
Small fault corrected

22 years agomake update
Richard Levitte [Thu, 5 Dec 2002 21:51:02 +0000 (21:51 +0000)]
make update

22 years agoTime to release OpenSSL 0.9.6h.
Richard Levitte [Thu, 5 Dec 2002 21:40:48 +0000 (21:40 +0000)]
Time to release OpenSSL 0.9.6h.
The tag will be OpenSSL_0_9_6h.

22 years agoMake sure using SSL_CERT_FILE actually works, and has priority over system defaults.
Richard Levitte [Thu, 5 Dec 2002 01:20:53 +0000 (01:20 +0000)]
Make sure using SSL_CERT_FILE actually works, and has priority over system defaults.
PR: 376

22 years agoFixes for VxWorks. Are these needed for 0.9.7 and up as well?
Richard Levitte [Wed, 4 Dec 2002 23:13:07 +0000 (23:13 +0000)]
Fixes for VxWorks.  Are these needed for 0.9.7 and up as well?
PR: 374

22 years agoInclude crypto.h to pull in definition of OPENSSL_cleanse in various
Dr. Stephen Henson [Wed, 4 Dec 2002 23:08:08 +0000 (23:08 +0000)]
Include crypto.h to pull in definition of OPENSSL_cleanse in various
places.

22 years agoMissing ")"
Lutz Jänicke [Wed, 4 Dec 2002 13:30:16 +0000 (13:30 +0000)]
Missing ")"
Submitted by: Christian Hohnstaedt <chohnstaedt@innominate.com>
Reviewed by:
PR:

22 years agoA gcc 3.0 bug is triggered by our code. Add a section about it in PROBLEMS.
Richard Levitte [Wed, 4 Dec 2002 08:24:23 +0000 (08:24 +0000)]
A gcc 3.0 bug is triggered by our code.  Add a section about it in PROBLEMS.
PR: 375

22 years agoEXIT() may mean return(). That's confusing, so let's have it really mean
Richard Levitte [Tue, 3 Dec 2002 16:51:51 +0000 (16:51 +0000)]
EXIT() may mean return().  That's confusing, so let's have it really mean
exit() in whatever way works for the intended platform, and define
OPENSSL_EXIT() to have the old meaning (the name is of course because
it's only used in the openssl program)

22 years agoMake CRYPTO_cleanse() independent of endianness.
Richard Levitte [Tue, 3 Dec 2002 16:06:52 +0000 (16:06 +0000)]
Make CRYPTO_cleanse() independent of endianness.

22 years agoEXIT() needs to be in a function that returns int.
Richard Levitte [Sun, 1 Dec 2002 01:23:13 +0000 (01:23 +0000)]
EXIT() needs to be in a function that returns int.

22 years agoCorrect some names.
Richard Levitte [Fri, 29 Nov 2002 14:21:58 +0000 (14:21 +0000)]
Correct some names.

22 years agoA few more memset()s converted to OPENSSL_cleanse().
Richard Levitte [Fri, 29 Nov 2002 11:31:18 +0000 (11:31 +0000)]
A few more memset()s converted to OPENSSL_cleanse().
I *think* I got them all covered by now, bu please, if you find any more,
tell me and I'll correct it.
PR: 343

22 years agoHave all tests use EXIT() to exit rather than exit(), since the latter doesn't
Richard Levitte [Thu, 28 Nov 2002 18:56:18 +0000 (18:56 +0000)]
Have all tests use EXIT() to exit rather than exit(), since the latter doesn't
always give the expected result on some platforms.

22 years agoMake sure EXIT() can always be used as one statement.
Richard Levitte [Thu, 28 Nov 2002 18:52:18 +0000 (18:52 +0000)]
Make sure EXIT() can always be used as one statement.

22 years agoCleanse memory using the new OPENSSL_cleanse() function.
Richard Levitte [Thu, 28 Nov 2002 08:06:36 +0000 (08:06 +0000)]
Cleanse memory using the new OPENSSL_cleanse() function.
I've covered all the memset()s I felt safe modifying, but may have missed some.

22 years agomake update
Richard Levitte [Wed, 27 Nov 2002 13:45:38 +0000 (13:45 +0000)]
make update

22 years agoAdd OPENSSL_cleanse() to help cleanse memory and avoid certain compiler
Richard Levitte [Wed, 27 Nov 2002 12:24:54 +0000 (12:24 +0000)]
Add OPENSSL_cleanse() to help cleanse memory and avoid certain compiler
and linker optimizations.
PR: 343

22 years agoThis commit was manufactured by cvs2svn to create branch
cvs2svn [Wed, 27 Nov 2002 12:24:09 +0000 (12:24 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_6-stable'.

22 years agoAdd OPENSSL_cleanse() to help cleanse memory and avoid certain compiler
Richard Levitte [Wed, 27 Nov 2002 12:24:05 +0000 (12:24 +0000)]
Add OPENSSL_cleanse() to help cleanse memory and avoid certain compiler
and linker optimizations.
PR: 343

22 years agoI forgot that @ in strings must be escaped in Perl
Richard Levitte [Tue, 26 Nov 2002 15:27:05 +0000 (15:27 +0000)]
I forgot that @ in strings must be escaped in Perl

22 years agoThe logic in the main signing and verifying functions to check lengths was
Richard Levitte [Tue, 26 Nov 2002 11:14:38 +0000 (11:14 +0000)]
The logic in the main signing and verifying functions to check lengths was
incorrect.  Fortunately, there is a second check that's correct, when adding
the pads.
PR: 355

22 years agoThe logic in the main signing and verifying functions to check lengths was
Richard Levitte [Tue, 26 Nov 2002 11:14:32 +0000 (11:14 +0000)]
The logic in the main signing and verifying functions to check lengths was
incorrect.  Fortunately, there is a second check that's correct, when adding
the pads.
PR: 355

22 years agoHeimdal isn't really supported right now. Say so, and offer a possibility
Richard Levitte [Tue, 26 Nov 2002 10:11:58 +0000 (10:11 +0000)]
Heimdal isn't really supported right now.  Say so, and offer a possibility
to force the use of Heimdal, and warn if that's used.
PR: 346

22 years agoSmall bugfixes to the KSSL implementation.
Richard Levitte [Tue, 26 Nov 2002 10:09:36 +0000 (10:09 +0000)]
Small bugfixes to the KSSL implementation.
PR: 349

22 years agoHeimdal isn't really supported right now. Say so, and offer a possibility
Richard Levitte [Tue, 26 Nov 2002 09:19:17 +0000 (09:19 +0000)]
Heimdal isn't really supported right now.  Say so, and offer a possibility
to force the use of Heimdal, and warn if that's used.
PR: 346

22 years agorename some functions to improve consistency
Bodo Möller [Sat, 23 Nov 2002 18:16:09 +0000 (18:16 +0000)]
rename some functions to improve consistency

Submitted by: Sheueling Chang

22 years agoadd a comment
Bodo Möller [Fri, 22 Nov 2002 09:25:35 +0000 (09:25 +0000)]
add a comment

22 years agoDisable this module if OPENSSL_NO_SOCK is defined.
Richard Levitte [Fri, 22 Nov 2002 08:45:20 +0000 (08:45 +0000)]
Disable this module if OPENSSL_NO_SOCK is defined.

22 years agoTypo. OPENSSL_NO_ECDH, not NO_OPENSSL_ECDH
Richard Levitte [Fri, 22 Nov 2002 08:40:34 +0000 (08:40 +0000)]
Typo.  OPENSSL_NO_ECDH, not NO_OPENSSL_ECDH

22 years agoMention a current showstopper
Richard Levitte [Thu, 21 Nov 2002 22:39:16 +0000 (22:39 +0000)]
Mention a current showstopper

22 years agoMention a current showstopper
Richard Levitte [Thu, 21 Nov 2002 22:39:08 +0000 (22:39 +0000)]
Mention a current showstopper

22 years agoavoid uninitialized memory read
Bodo Möller [Wed, 20 Nov 2002 10:55:27 +0000 (10:55 +0000)]
avoid uninitialized memory read

Submitted by: Nils Larsch

22 years agoMake ec_GFp_simple_point_get_affine_coordinates() faster
Bodo Möller [Wed, 20 Nov 2002 10:53:33 +0000 (10:53 +0000)]
Make ec_GFp_simple_point_get_affine_coordinates() faster
for Montgomery representations.

Submitted by: Sheueling Chang, Bodo Moeller

22 years agoFix bug introduced by the attempt to fix client side external session
Lutz Jänicke [Wed, 20 Nov 2002 10:48:58 +0000 (10:48 +0000)]
Fix bug introduced by the attempt to fix client side external session
caching (#288): now internal caching failed (#351):
Make sure, that cipher_id is set before comparing.
Submitted by:
Reviewed by:
PR: 288 (and 351)

22 years agoFix bug introduced by the attempt to fix client side external session
Lutz Jänicke [Wed, 20 Nov 2002 10:48:05 +0000 (10:48 +0000)]
Fix bug introduced by the attempt to fix client side external session
caching (#288): now internal caching failed (#351):
Make sure, that cipher_id is set before comparing.
Submitted by:
Reviewed by:
PR: 288 (and 351)

22 years agoallocate bio_err before memory debugging is enabled to avoid memory leaks
Bodo Möller [Tue, 19 Nov 2002 12:10:08 +0000 (12:10 +0000)]
allocate bio_err before memory debugging is enabled to avoid memory leaks
(we can't release it before the CRYPTO_mem_leaks() call!)

Submitted by: Nils Larsch

22 years agoallocate bio_err before memory debugging is enabled to avoid memory leaks
Bodo Möller [Tue, 19 Nov 2002 11:56:05 +0000 (11:56 +0000)]
allocate bio_err before memory debugging is enabled to avoid memory leaks
(we can't release it before the CRYPTO_mem_leaks() call!)

Submitted by: Nils Larsch

22 years agoIt works on my laptop :-).
Richard Levitte [Tue, 19 Nov 2002 11:52:24 +0000 (11:52 +0000)]
It works on my laptop :-).

22 years agomake update
Richard Levitte [Tue, 19 Nov 2002 11:40:14 +0000 (11:40 +0000)]
make update

22 years agoFix an unsigned/signed mismatch.
Richard Levitte [Tue, 19 Nov 2002 11:28:28 +0000 (11:28 +0000)]
Fix an unsigned/signed mismatch.