Mark J. Cox [Wed, 17 Mar 2004 11:40:44 +0000 (11:40 +0000)]
Fix null-pointer assignment in do_change_cipher_spec() revealed
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
Prepare for 0.9.6m tagging and release
Submitted by: Steven Henson
Reviewed by: Joe Orton
Approved by: Mark Cox
Dr. Stephen Henson [Wed, 17 Mar 2004 01:05:42 +0000 (01:05 +0000)]
Win32 fixes.
Dr. Stephen Henson [Fri, 5 Mar 2004 23:40:05 +0000 (23:40 +0000)]
Memory leak fix.
Richard Levitte [Thu, 4 Mar 2004 07:47:53 +0000 (07:47 +0000)]
Make our page with pointers to binary distributions visible in the FAQ
Dr. Stephen Henson [Sun, 8 Feb 2004 13:31:06 +0000 (13:31 +0000)]
Fix handling of -offset and -length in asn1parse tool.
If -offset exceeds -length of data available exit with an error.
Don't read past end of total data available when -offset supplied.
If -length exceeds total available truncate it.
Richard Levitte [Thu, 29 Jan 2004 09:33:09 +0000 (09:33 +0000)]
Typo.
Richard Levitte [Thu, 29 Jan 2004 09:32:48 +0000 (09:32 +0000)]
Change expt to something else, as in 0.9.7-stable.
Richard Levitte [Thu, 29 Jan 2004 09:31:51 +0000 (09:31 +0000)]
send_*_chars() and do_dump() are private functions and should
therefore be static. Furthermore, send_mem_chars() is unused, so I
#if 0'd it.
Richard Levitte [Thu, 29 Jan 2004 09:30:26 +0000 (09:30 +0000)]
Include e_os.h the same way as everywhere else.
Richard Levitte [Wed, 28 Jan 2004 23:59:17 +0000 (23:59 +0000)]
Synchronise my debugging target with 0.9.7-stable.
Richard Levitte [Thu, 22 Jan 2004 22:35:56 +0000 (22:35 +0000)]
[Merged from the main trunk]
Adding a slash between the directoryt and the file is a problem with
VMS. The C RTL can handle it well if the "directory" is a logical
name with no colon, therefore ending being 'logname/file'. However,
if the given logical names actually has a colon, or if you use a full
VMS-syntax directory, you end up with 'logname:/file' or
'dev:[dir1.dir2]/file', and that isn't handled in any good way.
So, on VMS, we need to check if the directory string ends with a
separator (one of ':', ']' or '>' (< and > can be used instead [ and
])), and handle that by not inserting anything between the directory
spec and the file name. In all other cases, it's assumed the
directory spec is a logical name, so we need to place a colon between
it and the file.
Notified by Kevin Greaney <kevin.greaney@hp.com>.
Dr. Stephen Henson [Wed, 21 Jan 2004 13:06:05 +0000 (13:06 +0000)]
Replace expired certificate.
Richard Levitte [Mon, 19 Jan 2004 09:04:08 +0000 (09:04 +0000)]
Just include "e_os.h" and trust the -I options to the compiler.
Andy Polyakov [Sun, 18 Jan 2004 16:56:57 +0000 (16:56 +0000)]
Buffer overrun in e_rc4.c was fixed in Nov 2002 in HEAD and 0_9_7 branches,
but never made to 0_9_6...
PR: 811
Richard Levitte [Mon, 1 Dec 2003 12:06:17 +0000 (12:06 +0000)]
CRYPTO_malloc(), CRYPTO_realloc() and variants of them should return NULL
if the give size is 0.
This is a thought that came up in PR 751.
Richard Levitte [Sat, 29 Nov 2003 10:33:26 +0000 (10:33 +0000)]
Make sure the documentation matches reality.
PR: 755
Notified by: Jakub Bogusz <qboosh@pld-linux.org>
Richard Levitte [Sat, 29 Nov 2003 10:26:41 +0000 (10:26 +0000)]
We're getting a clash with C++ because it has a type called 'list'.
Therefore, change all instances of the symbol 'list' to something else.
PR: 758
Submitted by: Frédéric Giudicelli <groups@newpki.org>
Richard Levitte [Fri, 28 Nov 2003 23:03:16 +0000 (23:03 +0000)]
RSA_size() and DH_size() return the amount of bytes in a key, and we
compared it to the amount of bits required...
PR: 770
Submitted by: c zhang <czhang2005@hotmail.com>
Richard Levitte [Fri, 28 Nov 2003 22:39:20 +0000 (22:39 +0000)]
1024 is the export key bits limit according to current regulations, not 512.
PR: 771
Submitted by: c zhang <czhang2005@hotmail.com>
Richard Levitte [Fri, 28 Nov 2003 14:32:33 +0000 (14:32 +0000)]
Let's use text/plain in the example instead of crapy HTML.
PR: 777
Submitted by: Michael Shields <mshields@sunblocksystems.com>
Lutz Jänicke [Sun, 16 Nov 2003 15:57:33 +0000 (15:57 +0000)]
Fix typo breaking linux-s390x target: "," -> "." .
PR: #759
Submitted by: Martin Kraemer <Martin.Kraemer@Fujitsu-Siemens.com>
Mark J. Cox [Tue, 4 Nov 2003 11:37:18 +0000 (11:37 +0000)]
Bump revision after tagging
Mark J. Cox [Tue, 4 Nov 2003 11:30:40 +0000 (11:30 +0000)]
Stop bug triggering large recursion when presented with
certain ASN.1 tags (CAN-2003-0851)
Richard Levitte [Mon, 3 Nov 2003 09:14:48 +0000 (09:14 +0000)]
In this version of OpenSSL, declarations aren't always strict
prototypes, so I'm removing -Wstrict-prototypes and
-Wmissing-prototypes from my debugging target in favor of
-Wmissing-declarations. That will make other issues more visible than
in the middle of a thousand warnings telling me there isn't a proper
prototype for this or that function pointer...
Richard Levitte [Thu, 2 Oct 2003 10:39:31 +0000 (10:39 +0000)]
Correct a mixup of return values
Richard Levitte [Wed, 1 Oct 2003 20:43:30 +0000 (20:43 +0000)]
Include e_os.h to get a proper definition of memmove on the platforms
that do not have it.
Dr. Stephen Henson [Tue, 30 Sep 2003 13:09:07 +0000 (13:09 +0000)]
New dev version.
Dr. Stephen Henson [Tue, 30 Sep 2003 12:09:13 +0000 (12:09 +0000)]
Changes for release
Dr. Stephen Henson [Tue, 30 Sep 2003 12:05:11 +0000 (12:05 +0000)]
Fix for ASN1 parsing bugs.
Dr. Stephen Henson [Mon, 29 Sep 2003 17:17:54 +0000 (17:17 +0000)]
Fix warning on Win32.
Richard Levitte [Sat, 27 Sep 2003 22:14:43 +0000 (22:14 +0000)]
Make MD5 assembler code able to handle messages larger than 2GB on 32-bit
systems and above.
PR: 664
Richard Levitte [Sat, 27 Sep 2003 19:32:12 +0000 (19:32 +0000)]
Have ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B.
PR: 679
Richard Levitte [Sat, 27 Sep 2003 19:28:54 +0000 (19:28 +0000)]
Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B.
PR: 680
Richard Levitte [Sat, 27 Sep 2003 18:31:43 +0000 (18:31 +0000)]
Remove extra argument to BIO_printf().
PR: 685
Richard Levitte [Sat, 27 Sep 2003 10:39:21 +0000 (10:39 +0000)]
Correct small documentation error.
PR: 698
Dr. Stephen Henson [Sun, 21 Sep 2003 02:11:31 +0000 (02:11 +0000)]
In order to get the expected self signed error when
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.
Geoff Thorpe [Mon, 8 Sep 2003 16:01:38 +0000 (16:01 +0000)]
These should be write-locks, not read-locks.
Dr. Stephen Henson [Wed, 3 Sep 2003 23:35:54 +0000 (23:35 +0000)]
Only accept a client certificate if the server requests
one, as required by SSL/TLS specs.
Richard Levitte [Thu, 14 Aug 2003 06:30:32 +0000 (06:30 +0000)]
Undo the change that left LD_LIBRARY_PATH unchanged. The errors I saw
weren't due to that, but to a change on the SCO machines I used for
testing, where my $PATH was suddenly incorrect.
Bodo Möller [Mon, 11 Aug 2003 18:56:50 +0000 (18:56 +0000)]
make sure no error is left in the queue that is intentionally ignored
Richard Levitte [Sat, 9 Aug 2003 09:30:39 +0000 (09:30 +0000)]
Typo, I had typed { instead of [.
Richard Levitte [Fri, 8 Aug 2003 09:36:46 +0000 (09:36 +0000)]
Some installations (currently, it's been noted on a sco5 system where
gcc is used to build with) don't take it too well if LD_LIBRARY_PATH
is messed with when linknig programs. I'm going to assume that it's
OK to leave it unchanged when linking non-shared.
Richard Levitte [Thu, 7 Aug 2003 11:57:45 +0000 (11:57 +0000)]
Correct two problems, found by Martin Kochanski <cardbox@easynet.co.uk>:
1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error.
2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot,
not CloseHandle.
Bodo Möller [Wed, 6 Aug 2003 10:40:19 +0000 (10:40 +0000)]
add OpenSSL license
fix typo
Bodo Möller [Mon, 21 Jul 2003 15:16:20 +0000 (15:16 +0000)]
tolerate extra data at end of client hello for SSL 3.0
Bodo Möller [Mon, 21 Jul 2003 14:58:32 +0000 (14:58 +0000)]
typo
Richard Levitte [Thu, 3 Jul 2003 21:43:50 +0000 (21:43 +0000)]
Add a slash so grep doesn't return both ./crypto/bio/bss_mem.o and
./crypto/mem.o when we're looking for mem.o.
Richard Levitte [Thu, 19 Jun 2003 19:04:17 +0000 (19:04 +0000)]
Document the last change.
PR: 587
Richard Levitte [Thu, 19 Jun 2003 18:55:53 +0000 (18:55 +0000)]
We set the export flag for 512 *bit* keys, not 512 *byte* ones.
PR: 587
Richard Levitte [Thu, 12 Jun 2003 06:56:45 +0000 (06:56 +0000)]
Incorrect patching removed.
Richard Levitte [Thu, 12 Jun 2003 01:04:09 +0000 (01:04 +0000)]
Typo.
PR: 584
Richard Levitte [Thu, 12 Jun 2003 00:56:30 +0000 (00:56 +0000)]
Make sure ssize_t is defined on SunOS4.
PR: 585
Richard Levitte [Thu, 12 Jun 2003 00:51:57 +0000 (00:51 +0000)]
Make sure DSO-dlfcn works properly on SunOS4.
PR: 585
Richard Levitte [Wed, 11 Jun 2003 18:46:22 +0000 (18:46 +0000)]
Remove debugging output that wasn't supposed to be committed in the first place.
Richard Levitte [Wed, 11 Jun 2003 18:43:47 +0000 (18:43 +0000)]
Make sure to NUL-terminate the string on end-of-file (and error)
PR: 643
Richard Levitte [Thu, 22 May 2003 09:35:46 +0000 (09:35 +0000)]
Correct a typo (basically, one can't just replace 'memset' with
'OPENSSL_cleanse', there's an argument to remove as well).
Richard Levitte [Wed, 21 May 2003 14:44:59 +0000 (14:44 +0000)]
String not properly NUL-terminated when no X509_NAME is given.
PR: 618
Richard Levitte [Wed, 21 May 2003 14:41:02 +0000 (14:41 +0000)]
Don't forget that strlen() doesn't include the ending NUL.
PR: 618
Richard Levitte [Wed, 21 May 2003 14:35:04 +0000 (14:35 +0000)]
Cleanse the MD context properly when done adding or getting random data.
PR: 619
Richard Levitte [Wed, 21 May 2003 14:29:22 +0000 (14:29 +0000)]
Fix sign bugs.
PR: 621
Bodo Möller [Tue, 22 Apr 2003 12:45:47 +0000 (12:45 +0000)]
fix typo
Submitted by: Nils Larsch
Richard Levitte [Thu, 17 Apr 2003 21:49:47 +0000 (21:49 +0000)]
Typo.
PR: 562
Richard Levitte [Wed, 16 Apr 2003 06:25:25 +0000 (06:25 +0000)]
Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances.
Memory leak fix: RSA_blinding_on() would leave a dangling pointer in
rsa->blinding under certain circumstances.
Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.
Richard Levitte [Tue, 15 Apr 2003 13:01:43 +0000 (13:01 +0000)]
Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()
Richard Levitte [Thu, 10 Apr 2003 20:41:02 +0000 (20:41 +0000)]
The release is tagged, time to hope we won't have to work on 0.9.6k.
Richard Levitte [Thu, 10 Apr 2003 20:30:41 +0000 (20:30 +0000)]
I forgot to change the status bits to release.
This file will be retagged.
Richard Levitte [Thu, 10 Apr 2003 20:21:28 +0000 (20:21 +0000)]
Time to release 0.9.6j.
The ticket will be OpenSSL_0_9_6j.
Richard Levitte [Thu, 10 Apr 2003 20:11:28 +0000 (20:11 +0000)]
make update
Richard Levitte [Thu, 10 Apr 2003 20:07:51 +0000 (20:07 +0000)]
Add the change from HEAD that allows us to parse multi-line comments.
Richard Levitte [Thu, 10 Apr 2003 19:33:23 +0000 (19:33 +0000)]
new NEWS
Richard Levitte [Wed, 9 Apr 2003 06:49:01 +0000 (06:49 +0000)]
Make the same changes for svr5 shared library building as in
0.9.7-stable.
Richard Levitte [Wed, 9 Apr 2003 06:48:19 +0000 (06:48 +0000)]
Some ld implementations use LD_LIBRARY_PATH to find libraries, and
what's worse, they seem to use LD_LIBRARY_PATH as the first
directories to look into. This is documented in the manual page for
ld on OpenUNIX 8. Therefore, we need to hack LD_LIBRARY_PATH to
include the directory where the newly built libcrypto and libssl are.
Richard Levitte [Tue, 8 Apr 2003 11:07:09 +0000 (11:07 +0000)]
Include rand.h, so RAND_status() and friends get properly declared.
Bodo Möller [Wed, 2 Apr 2003 09:50:17 +0000 (09:50 +0000)]
make RSA blinding thread-safe
Richard Levitte [Thu, 27 Mar 2003 12:25:12 +0000 (12:25 +0000)]
Fix the problem with missing definition of THREADS on VMS.
Also produce a better configuration header file.
PR: 548
Bodo Möller [Thu, 20 Mar 2003 17:24:54 +0000 (17:24 +0000)]
PR:make sure RSA blinding works when the PRNG is not properly seeded;
enable it automatically only for the built-in engine
Ben Laurie [Thu, 20 Mar 2003 16:00:18 +0000 (16:00 +0000)]
Blinding fix.
Bodo Möller [Wed, 19 Mar 2003 19:20:30 +0000 (19:20 +0000)]
countermeasure against new Klima-Pokorny-Rosa atack
Bodo Möller [Tue, 18 Mar 2003 12:50:07 +0000 (12:50 +0000)]
fix formatting
Bodo Möller [Mon, 24 Feb 2003 17:46:46 +0000 (17:46 +0000)]
year 2003
Richard Levitte [Wed, 19 Feb 2003 12:56:04 +0000 (12:56 +0000)]
Release of 0.9.6i is tagged, let's pretend to move on to 0.9.6j.
Richard Levitte [Wed, 19 Feb 2003 12:34:21 +0000 (12:34 +0000)]
Time to release 0.9.6i.
The tag will be OpenSSL_0_9_6i.
Richard Levitte [Wed, 19 Feb 2003 12:04:07 +0000 (12:04 +0000)]
Security fix: Vaudenay timing attack on CBC.
An advisory will be posted to the web. Expect a release within the hour.
Richard Levitte [Wed, 19 Feb 2003 11:54:53 +0000 (11:54 +0000)]
Make sure the memory allocation routines check for negative sizes
Richard Levitte [Fri, 14 Feb 2003 05:20:32 +0000 (05:20 +0000)]
Change no_rmd160 to no_ripemd for consistency.
PR: 500
Bodo Möller [Wed, 12 Feb 2003 14:17:33 +0000 (14:17 +0000)]
comments
Bodo Möller [Wed, 5 Feb 2003 16:52:37 +0000 (16:52 +0000)]
typo in WIN16 section
Submitted by: Toni Andjelkovic <toni@soth.at>
Bodo Möller [Tue, 4 Feb 2003 12:57:51 +0000 (12:57 +0000)]
typo
Bodo Möller [Tue, 4 Feb 2003 12:26:30 +0000 (12:26 +0000)]
Update PRNG entry:
- OpenSSL version differences
- Sun /dev/urandom patch information
Richard Levitte [Tue, 14 Jan 2003 13:56:44 +0000 (13:56 +0000)]
Correct an example that has a few typos.
PR: 458
Bodo Möller [Mon, 13 Jan 2003 13:23:08 +0000 (13:23 +0000)]
fix release date (CHANGES as released with OpenSSL 0.9.6h on
2002-12-05 said '[21 Dec 2002]')
Bodo Möller [Mon, 13 Jan 2003 13:16:49 +0000 (13:16 +0000)]
typo
Richard Levitte [Sat, 28 Dec 2002 01:47:11 +0000 (01:47 +0000)]
A function returning int should really return an int, even if it exits
first...
Richard Levitte [Sat, 28 Dec 2002 01:46:21 +0000 (01:46 +0000)]
Make sure OPENSSL_cleanse is declared properly.
Richard Levitte [Sat, 21 Dec 2002 23:54:23 +0000 (23:54 +0000)]
Merge from HEAD...
Richard Levitte [Thu, 12 Dec 2002 18:43:29 +0000 (18:43 +0000)]
Skip DH-specific tests when no-dh has been configured.
PR: 353
Richard Levitte [Wed, 11 Dec 2002 08:56:38 +0000 (08:56 +0000)]
In CRYPTO_lock(), check that the application cares about locking (provided
callbacks) before attempting to lock.
Richard Levitte [Wed, 11 Dec 2002 08:33:34 +0000 (08:33 +0000)]
sk_*_push() returns the number of items on the stack, not the index of the
pushed item. The index is the number of items - 1. And if a NULL item was
found, actually use it.
Finally, provide a little bit of safety in CRYPTO_lock() by asserting the a
requested dynamic lock really must exist, instead of just being silent about it
Richard Levitte [Tue, 10 Dec 2002 08:28:16 +0000 (08:28 +0000)]
A memset() too many got converted into a OPENSSL_cleanse().
PR: 393
Lutz Jänicke [Mon, 9 Dec 2002 08:49:03 +0000 (08:49 +0000)]
Fix wrong URI.
Submitted by: assar@kth.se
Reviewed by:
PR: 390