oweals/openssl.git
22 years agoimprove binary compatibility
Bodo Möller [Sun, 14 Apr 2002 08:25:41 +0000 (08:25 +0000)]
improve binary compatibility

22 years agoImplement known-IV countermeasure.
Bodo Möller [Sat, 13 Apr 2002 22:49:28 +0000 (22:49 +0000)]
Implement known-IV countermeasure.

Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().

22 years agoerror reported by Karsten Braaten
Ulf Möller [Sat, 13 Apr 2002 10:00:01 +0000 (10:00 +0000)]
error reported by Karsten Braaten

22 years agosynchronize with OpenSSL-engine-0_9_6-stable
Bodo Möller [Fri, 12 Apr 2002 13:44:04 +0000 (13:44 +0000)]
synchronize with OpenSSL-engine-0_9_6-stable

22 years agoCheck error code from a2d_ASN1_OBJECT().
Richard Levitte [Thu, 11 Apr 2002 22:14:51 +0000 (22:14 +0000)]
Check error code from a2d_ASN1_OBJECT().

22 years agoSynchronize with 0.9.7-stable
Lutz Jänicke [Thu, 11 Apr 2002 18:45:15 +0000 (18:45 +0000)]
Synchronize with 0.9.7-stable

22 years agoKeep my own specially optimized HP-UX shared library building up to date.
Lutz Jänicke [Wed, 10 Apr 2002 12:37:59 +0000 (12:37 +0000)]
Keep my own specially optimized HP-UX shared library building up to date.

22 years agoharmonize capitalization
Bodo Möller [Tue, 9 Apr 2002 12:43:18 +0000 (12:43 +0000)]
harmonize capitalization

22 years agoerror reported by Karsten Braaten
Ulf Möller [Sun, 7 Apr 2002 13:33:26 +0000 (13:33 +0000)]
error reported by Karsten Braaten

22 years agoAllow longer program names (VMS allows up to 39 characters).
Richard Levitte [Sat, 6 Apr 2002 20:22:32 +0000 (20:22 +0000)]
Allow longer program names (VMS allows up to 39 characters).
Submitted by Compaq.

22 years agomake update
Richard Levitte [Sat, 6 Apr 2002 19:08:51 +0000 (19:08 +0000)]
make update

22 years agoAllow longer program names (VMS allows up to 39 characters).
Richard Levitte [Sat, 6 Apr 2002 18:59:43 +0000 (18:59 +0000)]
Allow longer program names (VMS allows up to 39 characters).
Submitted by Compaq.

22 years agoRecognise DEC C++ as equivalent to DEC C for the definitions of OPENSSL_EXTERN and...
Richard Levitte [Sat, 6 Apr 2002 11:37:07 +0000 (11:37 +0000)]
Recognise DEC C++ as equivalent to DEC C for the definitions of OPENSSL_EXTERN and OPENSSL_GLOBAL.
Submitted by Compaq.

22 years agoUse recv() and send() for socket communication on VMS instead of read()
Richard Levitte [Sat, 6 Apr 2002 11:35:40 +0000 (11:35 +0000)]
Use recv() and send() for socket communication on VMS instead of read()
and write().  The reason is that read() and write() make additional record
level locking which causes hangs of Compaq Secure Web Server (Apache) with
SSL.
Submitted by Compaq.

22 years agoDon't define RSA-specifici variables when RSA isn't used.
Richard Levitte [Sat, 6 Apr 2002 09:57:52 +0000 (09:57 +0000)]
Don't define RSA-specifici variables when RSA isn't used.

22 years agoMake shared libraries resolve global symbols within themselves first.
Richard Levitte [Sat, 6 Apr 2002 09:42:31 +0000 (09:42 +0000)]
Make shared libraries resolve global symbols within themselves first.
Currently only on GNUish linkers...
Submitted by Steven Bade <sbade@austin.ibm.com>

22 years agoFix buggy object definitions (Svenning Sorensen <sss@sss.dnsalias.net>).
Lutz Jänicke [Thu, 4 Apr 2002 17:56:57 +0000 (17:56 +0000)]
Fix buggy object definitions (Svenning Sorensen <sss@sss.dnsalias.net>).

22 years agoFix of mixup bwtween SOMAXCONN and SO_MAXCONN.
Richard Levitte [Fri, 29 Mar 2002 23:48:29 +0000 (23:48 +0000)]
Fix of mixup bwtween SOMAXCONN and SO_MAXCONN.
Furthermore, make SO_MAXCONN the first choice, since that's the standard
(as far as I know).

22 years agoFix typo (Craig Davison <cd@securityfocus.com>).
Lutz Jänicke [Mon, 25 Mar 2002 17:10:20 +0000 (17:10 +0000)]
Fix typo (Craig Davison <cd@securityfocus.com>).

22 years agoFix warning.
Ben Laurie [Mon, 25 Mar 2002 12:53:25 +0000 (12:53 +0000)]
Fix warning.

22 years agoFix buggy if-condition (thomas poindessous <poinde_t@epita.fr>).
Lutz Jänicke [Thu, 21 Mar 2002 19:14:56 +0000 (19:14 +0000)]
Fix buggy if-condition (thomas poindessous <poinde_t@epita.fr>).

22 years agoRemove superflous (and buggy) statement <justin.fletcher@ntlworld.com>.
Lutz Jänicke [Thu, 21 Mar 2002 19:11:19 +0000 (19:11 +0000)]
Remove superflous (and buggy) statement <justin.fletcher@ntlworld.com>.

22 years agofix DH_generate_parameters for general 'generator'
Bodo Möller [Wed, 20 Mar 2002 16:01:29 +0000 (16:01 +0000)]
fix DH_generate_parameters for general 'generator'

22 years agoMap new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>).
Lutz Jänicke [Tue, 19 Mar 2002 16:47:09 +0000 (16:47 +0000)]
Map new X509 verification errors to alert codes (Tom Wu <tom@arcot.com>).

22 years agoin INCLUDES, use '-I../..' so that we find "e_os.h"
Bodo Möller [Mon, 18 Mar 2002 10:54:56 +0000 (10:54 +0000)]
in INCLUDES, use '-I../..' so that we find "e_os.h"

22 years agouse '-I../..' so that we find "e_os.h"
Bodo Möller [Mon, 18 Mar 2002 10:53:01 +0000 (10:53 +0000)]
use '-I../..' so that we find "e_os.h"

22 years agoRename 'cray-t90-cc' into 'cray-j90'.
Bodo Möller [Fri, 15 Mar 2002 16:47:23 +0000 (16:47 +0000)]
Rename 'cray-t90-cc' into 'cray-j90'.
Add to 'config'.

22 years agooops -- undo previous commit, I'm still waiting for confirmation
Bodo Möller [Fri, 15 Mar 2002 11:09:31 +0000 (11:09 +0000)]
oops -- undo previous commit, I'm still waiting for confirmation
from Weny Palm

22 years agofix ssl3_pending
Bodo Möller [Fri, 15 Mar 2002 10:53:34 +0000 (10:53 +0000)]
fix ssl3_pending

22 years agoAdd missing strength entries.
Lutz Jänicke [Thu, 14 Mar 2002 18:56:59 +0000 (18:56 +0000)]
Add missing strength entries.

22 years agouse BIO_nwrite() more properly to demonstrate the general idea of
Bodo Möller [Thu, 14 Mar 2002 09:49:10 +0000 (09:49 +0000)]
use BIO_nwrite() more properly to demonstrate the general idea of
BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not
in general)

22 years agowe need e_os.h
Bodo Möller [Thu, 14 Mar 2002 09:45:37 +0000 (09:45 +0000)]
we need e_os.h

22 years agoadd a paragraph from 0.9.7-dev/0.9.8-dev
Bodo Möller [Tue, 12 Mar 2002 12:22:08 +0000 (12:22 +0000)]
add a paragraph from 0.9.7-dev/0.9.8-dev

22 years agoTypo.
Richard Levitte [Wed, 6 Mar 2002 06:13:44 +0000 (06:13 +0000)]
Typo.

22 years agoRephrase statement on the security of two-key 3DES.
Bodo Möller [Tue, 5 Mar 2002 15:30:41 +0000 (15:30 +0000)]
Rephrase statement on the security of two-key 3DES.

  [Chosen plaintext attack: R. Merkle, M. Hellman: "On the Security of
  Multiple Encryption", CACM 24 (1981) pp. 465-467, p. 776.

  Known plaintext angriff: P.C. van Oorschot, M. Wiener: "A
  known-plaintext attack on two-key triple encryption", EUROCRYPT '90.]

22 years agoMake it so one can select tests from within the test directory
Richard Levitte [Mon, 4 Mar 2002 15:58:49 +0000 (15:58 +0000)]
Make it so one can select tests from within the test directory

22 years ago_INT_MAX should read INT_MAX (this is correct in the 0.9.7-dev and
Bodo Möller [Fri, 1 Mar 2002 14:05:30 +0000 (14:05 +0000)]
_INT_MAX should read INT_MAX (this is correct in the 0.9.7-dev and
main branches)

22 years agoadd missing '#endif'
Bodo Möller [Fri, 1 Mar 2002 14:01:27 +0000 (14:01 +0000)]
add missing '#endif'

Submitted by:  Oscar Jacobsson <oscar@jacobsson.org>

22 years agoFix the fix (Yoram Zahavi)...
Lutz Jänicke [Wed, 27 Feb 2002 11:26:20 +0000 (11:26 +0000)]
Fix the fix (Yoram Zahavi)...

22 years agoSSL_clear != SSL_free/SSL_new
Lutz Jänicke [Wed, 27 Feb 2002 08:11:18 +0000 (08:11 +0000)]
SSL_clear != SSL_free/SSL_new

22 years agoMake sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi).
Lutz Jänicke [Tue, 26 Feb 2002 21:50:28 +0000 (21:50 +0000)]
Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi).

22 years agomake update
Richard Levitte [Tue, 26 Feb 2002 14:18:23 +0000 (14:18 +0000)]
make update

22 years agoAs in 0.9.7 and on, let's remove the use of MS_FAR, and thereby the
Richard Levitte [Thu, 21 Feb 2002 16:38:09 +0000 (16:38 +0000)]
As in 0.9.7 and on, let's remove the use of MS_FAR, and thereby the
need for e_os.h.

22 years agodisable '#ifdef DEBUG' sections
Bodo Möller [Thu, 21 Feb 2002 14:07:55 +0000 (14:07 +0000)]
disable '#ifdef DEBUG' sections

22 years agodisable '#ifdef DEBUG' sections
Bodo Möller [Thu, 21 Feb 2002 12:56:50 +0000 (12:56 +0000)]
disable '#ifdef DEBUG' sections

22 years agoStop assuming the IV is 8 bytes long, use the real size instead.
Richard Levitte [Wed, 20 Feb 2002 17:55:34 +0000 (17:55 +0000)]
Stop assuming the IV is 8 bytes long, use the real size instead.
This is especially important for AES that has a 16 bytes IV.

22 years agoIncluding openssl/e_os.h in the OpenSSL 0.9.6 branch is legal, since
Richard Levitte [Wed, 20 Feb 2002 17:39:25 +0000 (17:39 +0000)]
Including openssl/e_os.h in the OpenSSL 0.9.6 branch is legal, since
it's exported.  Changing that is a BIG step, which has been done in
0.9.7-dev.

22 years agoMerge in Cygwin-related changes from main trunk.
Richard Levitte [Sat, 16 Feb 2002 22:45:06 +0000 (22:45 +0000)]
Merge in Cygwin-related changes from main trunk.

22 years agoGive the linux-sparv9 target shared capability.
Richard Levitte [Fri, 15 Feb 2002 16:22:58 +0000 (16:22 +0000)]
Give the linux-sparv9 target shared capability.
Submitted by Ian Marsh <mushypea@dominion.net.uk>

22 years agoEven though it is not really practical people should know about it.
Lutz Jänicke [Fri, 15 Feb 2002 09:36:08 +0000 (09:36 +0000)]
Even though it is not really practical people should know about it.

22 years agoThis commit was manufactured by cvs2svn to create branch
cvs2svn [Fri, 15 Feb 2002 07:41:45 +0000 (07:41 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_0_9_6-stable'.

22 years agoEven though it is not really practical people should know about it.
Lutz Jänicke [Fri, 15 Feb 2002 07:41:42 +0000 (07:41 +0000)]
Even though it is not really practical people should know about it.

22 years agofix indentation
Bodo Möller [Thu, 14 Feb 2002 16:08:55 +0000 (16:08 +0000)]
fix indentation

22 years agofix indentation
Bodo Möller [Thu, 14 Feb 2002 16:06:19 +0000 (16:06 +0000)]
fix indentation

22 years agoAdd the configuration target VxWorks.
Richard Levitte [Thu, 14 Feb 2002 15:37:38 +0000 (15:37 +0000)]
Add the configuration target VxWorks.

22 years agoAdd the configuration target VxWorks.
Richard Levitte [Thu, 14 Feb 2002 15:36:50 +0000 (15:36 +0000)]
Add the configuration target VxWorks.

22 years agomake it possible to disable memory checking for timings
Bodo Möller [Thu, 14 Feb 2002 14:41:13 +0000 (14:41 +0000)]
make it possible to disable memory checking for timings

22 years ago'-C' is still quite broken
Bodo Möller [Thu, 14 Feb 2002 14:30:20 +0000 (14:30 +0000)]
'-C' is still quite broken

22 years agofix '-C'
Bodo Möller [Thu, 14 Feb 2002 14:25:33 +0000 (14:25 +0000)]
fix '-C'

22 years agofix memory leak
Bodo Möller [Thu, 14 Feb 2002 14:21:49 +0000 (14:21 +0000)]
fix memory leak

22 years agomove ECDSA test right after EC test
Bodo Möller [Thu, 14 Feb 2002 14:03:32 +0000 (14:03 +0000)]
move ECDSA test right after EC test

22 years agodon't call OPENSSL_config(), this does not make any sense during "make test"
Bodo Möller [Thu, 14 Feb 2002 13:51:20 +0000 (13:51 +0000)]
don't call OPENSSL_config(), this does not make any sense during "make test"

22 years agoMake sure memset() is defined by including string.h
Richard Levitte [Thu, 14 Feb 2002 13:51:04 +0000 (13:51 +0000)]
Make sure memset() is defined by including string.h
Notified by Oscar Jacobsson <oscar@jacobsson.org>

22 years agoFor some reason, getting the topmost error was done the same way as
Richard Levitte [Thu, 14 Feb 2002 13:45:26 +0000 (13:45 +0000)]
For some reason, getting the topmost error was done the same way as
getting the bottommost one.  I hope I understood correctly how this
should be done.  It seems to work when running evp_test in an
environment where it can't find openssl.cnf.

22 years agomake update, with libeay.num remade to match the 0.9.7-stable one.
Richard Levitte [Thu, 14 Feb 2002 13:43:30 +0000 (13:43 +0000)]
make update, with libeay.num remade to match the 0.9.7-stable one.

22 years agomake update
Richard Levitte [Thu, 14 Feb 2002 13:37:29 +0000 (13:37 +0000)]
make update

22 years agoThe Cygwin shared extension was shifted.
Richard Levitte [Thu, 14 Feb 2002 13:36:38 +0000 (13:36 +0000)]
The Cygwin shared extension was shifted.

22 years agoThe Cygwin shared extension was shifted.
Richard Levitte [Thu, 14 Feb 2002 13:36:28 +0000 (13:36 +0000)]
The Cygwin shared extension was shifted.

22 years agoAt Corinna Vinschen's request, change CygWin32 to Cygwin
Richard Levitte [Thu, 14 Feb 2002 12:29:02 +0000 (12:29 +0000)]
At Corinna Vinschen's request, change CygWin32 to Cygwin

22 years agoAt Corinna Vinschen's request, change CygWin32 to Cygwin
Richard Levitte [Thu, 14 Feb 2002 12:28:24 +0000 (12:28 +0000)]
At Corinna Vinschen's request, change CygWin32 to Cygwin

22 years agoEC_GROUP_get_group_by_name() is now called EC_GROUP_new_by_name()
Bodo Möller [Thu, 14 Feb 2002 10:23:20 +0000 (10:23 +0000)]
EC_GROUP_get_group_by_name() is now called EC_GROUP_new_by_name()

22 years agoFix warnings.
Ben Laurie [Thu, 14 Feb 2002 09:59:35 +0000 (09:59 +0000)]
Fix warnings.

22 years agoCorrect sh, please
Richard Levitte [Thu, 14 Feb 2002 02:20:41 +0000 (02:20 +0000)]
Correct sh, please

22 years agoCorrect sh, please
Richard Levitte [Thu, 14 Feb 2002 02:20:34 +0000 (02:20 +0000)]
Correct sh, please

22 years agoit's year 2002 now
Bodo Möller [Wed, 13 Feb 2002 18:22:18 +0000 (18:22 +0000)]
it's year 2002 now

22 years agoECDSA support
Bodo Möller [Wed, 13 Feb 2002 18:21:51 +0000 (18:21 +0000)]
ECDSA support

Submitted by: Nils Larsch <nla@trustcenter.de>

22 years agosome modifications to named curve support
Bodo Möller [Wed, 13 Feb 2002 17:57:52 +0000 (17:57 +0000)]
some modifications to named curve support

22 years agoModify the main trunk version to 0.9.8-dev.
Richard Levitte [Wed, 13 Feb 2002 17:46:38 +0000 (17:46 +0000)]
Modify the main trunk version to 0.9.8-dev.
0.9.7 now lives in the branch OpenSSL_0_9_7-stable.

22 years agonew locks
Bodo Möller [Wed, 13 Feb 2002 17:25:27 +0000 (17:25 +0000)]
new locks

22 years agoadd support for named curves
Bodo Möller [Wed, 13 Feb 2002 17:22:59 +0000 (17:22 +0000)]
add support for named curves

Submitted by: Nils Larsch <nla@trustcenter.de>

22 years agoUpdate the configuration of CygWin32 to use the new capabilities of
Richard Levitte [Wed, 13 Feb 2002 14:45:19 +0000 (14:45 +0000)]
Update the configuration of CygWin32 to use the new capabilities of
CygWin 1.3.x, which includes thread and shared library support.

Submitted by Corinna Vinschen <vinschen@redhat.com> and modified a
little bit.

22 years agoUpdate the configuration of CygWin32 to use the new capabilities of
Richard Levitte [Wed, 13 Feb 2002 14:44:33 +0000 (14:44 +0000)]
Update the configuration of CygWin32 to use the new capabilities of
CygWin 1.3.x, which includes thread and shared library support.

Submitted by Corinna Vinschen <vinschen@redhat.com> and modified a
little bit.

22 years agoMerge in the slightly more efficient variant of link-shared from the
Richard Levitte [Wed, 13 Feb 2002 10:32:07 +0000 (10:32 +0000)]
Merge in the slightly more efficient variant of link-shared from the
main trunk.

22 years agoWe should implement a countermeasure against the predictable-IV CBC
Bodo Möller [Wed, 13 Feb 2002 10:21:25 +0000 (10:21 +0000)]
We should implement a countermeasure against the predictable-IV CBC
weakness in SSL/TLS

22 years agoMove teh silencer to the right place.
Richard Levitte [Wed, 13 Feb 2002 10:16:37 +0000 (10:16 +0000)]
Move teh silencer to the right place.

22 years agoMake link-shard a little bit more efficient. If there are no
Richard Levitte [Wed, 13 Feb 2002 10:15:05 +0000 (10:15 +0000)]
Make link-shard a little bit more efficient.  If there are no
extensions to link together, there's no point looping at all.

22 years agoadd casts as in head (required for VC++)
Ulf Möller [Mon, 11 Feb 2002 17:44:30 +0000 (17:44 +0000)]
add casts as in head (required for VC++)

22 years agoBackport from 0.9.7:
Lutz Jänicke [Sun, 10 Feb 2002 12:52:57 +0000 (12:52 +0000)]
Backport from 0.9.7:
Make removal from internal session cache more robust and do not store
into internal session cache when it won't be looked up anyway.

22 years agoMake removal from session cache more robust.
Lutz Jänicke [Sun, 10 Feb 2002 12:46:41 +0000 (12:46 +0000)]
Make removal from session cache more robust.

22 years agoadd a wish
Bodo Möller [Sat, 9 Feb 2002 01:49:53 +0000 (01:49 +0000)]
add a wish

22 years agoDo not store unneeded data.
Lutz Jänicke [Fri, 8 Feb 2002 15:15:04 +0000 (15:15 +0000)]
Do not store unneeded data.

22 years agoAdd notes on the added support for aep and sureware crypto cards in
Richard Levitte [Thu, 7 Feb 2002 22:15:53 +0000 (22:15 +0000)]
Add notes on the added support for aep and sureware crypto cards in
0.9.7.

22 years agoRemove an unused variable.
Richard Levitte [Thu, 7 Feb 2002 21:55:22 +0000 (21:55 +0000)]
Remove an unused variable.

22 years agoOops, do not unlock CRYPTO_LOCK_DYNLOCK when we locked
Richard Levitte [Thu, 7 Feb 2002 21:49:21 +0000 (21:49 +0000)]
Oops, do not unlock CRYPTO_LOCK_DYNLOCK when we locked
CRYPTO_LOCK_RAND...

22 years agoI forgot to include the aep and sureware vendor header files.
Richard Levitte [Thu, 7 Feb 2002 21:43:05 +0000 (21:43 +0000)]
I forgot to include the aep and sureware vendor header files.

22 years agoBecause AEP and we used the same AEP_R_ prefix for error reasons,
Richard Levitte [Thu, 7 Feb 2002 21:12:08 +0000 (21:12 +0000)]
Because AEP and we used the same AEP_R_ prefix for error reasons,
lets change our prefix to AEPHK_R_.  Otherwise, we get very mysterious
errors because we happen to redefine AEP_R_OK and AEP_R_GENERAL_ERROR.

22 years agoAdd aep and sureware implementations and clean up some error reasons
Richard Levitte [Thu, 7 Feb 2002 20:44:14 +0000 (20:44 +0000)]
Add aep and sureware implementations and clean up some error reasons
that were never part of the engine framework.

The aep and sureware implementations are taken directly from 0.9.6c
[engine] and have been modified to fit the newer engine framework and
to be possible to build shared libraries of.

The aep implementation has gone through quite a bunch of tests and is
cleaned up (there were some misunderstandings in it about how to use
locks).

The sureware hasn't been tested at all in this incarnation and is
basically a quick hack to get it to compile properly.

22 years agoCertain reasons aren't really part of the engine framework, so let's
Richard Levitte [Thu, 7 Feb 2002 20:37:55 +0000 (20:37 +0000)]
Certain reasons aren't really part of the engine framework, so let's
make them ubsec-specific in the ubsec implementation.

22 years agoGenerate the individual engines' error strings and macros
Richard Levitte [Thu, 7 Feb 2002 20:02:49 +0000 (20:02 +0000)]
Generate the individual engines' error strings and macros
automatically.

22 years agoIf the intended header file doesn't exist, create it.
Richard Levitte [Thu, 7 Feb 2002 19:23:35 +0000 (19:23 +0000)]
If the intended header file doesn't exist, create it.