summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2004-01-23evp api and manual page for acssHans-Joerg Hoexer
ok deraadt@ markus@
2004-01-23Add acss to libcrypto.Hans-Joerg Hoexer
ok deraadt@ markus@
2003-11-18use bn_asm_vax.S (from netbsd); test + ok by miodMarkus Friedl
use asm code for i386, except for the CBC code, because it is not clean PIC code. add <machime/asm.h> support to x86unix.pl tested by: nick (on 30386), henning, djm, tedu, jmc and more; no shlib minor crank necessary, only internal symbols changed.
2003-11-13remove obsolete filesMarkus Friedl
2003-11-11merge 0.9.7c; minor bugsfixes;Markus Friedl
API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
2003-11-11import 0.9.7cMarkus Friedl
2003-11-11import 0.9.7cMarkus Friedl
2003-10-25don't destroy old pointer if realloc fails; from Daniel Lucq; ok deraadt@Markus Friedl
2003-10-01Correct some off-by-ones. They currently don't matter, but thisChad Loder
is for future safety and consistency. OK krw@, markus@
2003-09-30more fixes from 0.9.7c, ok deraadt, cloderMarkus Friedl
2003-09-30security fix from http://www.openssl.org/news/secadv_20030930.txtMarkus Friedl
see also http://cvs.openssl.org/chngview?cn=11471
2003-09-29Revert BN_cmp() change. Its arguments are const. Spotted by miod@.Otto Moerbeek
ok deraadt@
2003-09-25Return immediately if argument to BN_sub_word is zero.Otto Moerbeek
ok markus@ deraadt@
2003-09-25Use BN_is_zero(), not x->top == 0 to test if a BN is zero.Otto Moerbeek
ok markus@ deraadt@
2003-09-25Add extra calls to bn_fix_top() in BN_cmp(), since some functions mayOtto Moerbeek
leave an invalid BN. ok markus@ deraadt@
2003-08-25You shall NOT BREAK THE TREETheo de Raadt
2003-08-25Setup /dev/crypto early (SSL_library_init) to make sure it's actually doneJason Wright
for all applications; ok markus and deraadt
2003-08-21Do not produce a corrupt BIGNUM when adding 0 to 0 using BN_add_word().Otto Moerbeek
ok markus@
2003-08-07support AES with 192 and 256 bit keys, too.Markus Friedl
tested with kern.cryptodevallowsoft=1; ok deraadt@
2003-08-06Remove some double semicolons (hmm, do two semis equal a maxi?).Todd C. Miller
I've skipped the GNU stuff for now. From Patrick Latifi.
2003-06-13obsoleteMarkus Friedl
2003-06-03nuke term 3, since we're all in ~deraadt/terms and I clued in now.Bob Beck
2003-05-12merge 0.9.7b with local changes; crank majors for libssl/libcryptoMarkus Friedl
2003-05-11import 0.9.7b (without idea and rc5)Markus Friedl
2003-04-08remove printf("bar\n");Markus Friedl
2003-04-06sprintf->snprintf. deraadt@ suggestions and okHakan Olsson
2003-04-05Trivial sprintf() -> snprintf() changes. ok deraadt@Hakan Olsson
2003-04-04more strcpy & sprintf murder; ho okTheo de Raadt
2003-04-03Correct off-by-one error in previous commit. millert@ ok.Hakan Olsson
2003-04-03str{cat,cpy}/sprintf cleanup. markus@, deraadt@ okHakan Olsson
2003-04-03Remove crypt macro, it conflicts with unistd.hHans Insulander
ok markus@
2003-03-19Fix for Klima-Pokorny-Rosa attack on RSA in SSL/TLS, seeMarkus Friedl
http://marc.theaimsgroup.com/?l=bugtraq&m=104811162730834&w=2
2003-03-17update to official patch from openssl.org; ok deraadt@, millert@Markus Friedl
2003-03-16Less strcpy/strcat/sprintf. tdeval@ ok.Hakan Olsson
2003-03-15Enforce blinding on RSA operations involving private keys.Hakan Olsson
From http://www.openssl.org/~geoff, modified to be enabled at all times.
2003-02-28DSAparams_print_pf() -> DSAparams_print_fp()Cedric Berger
ok deraadt@
2003-02-21check for size < 0 when allocating memory, from openssl (-r1.34)Markus Friedl
2003-02-19security fix from openssl 0.9.7a:Markus Friedl
In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078)
2003-01-04spellingTheo de Raadt
2002-12-03Crank all library major numbers. Needed due to the fact that weTodd C. Miller
now build libraries with propolice enabled. Without this, existing binaries (such as ports/packages) that link with any system library other than libc will fail with an undefined symbol of "___guard" (__guard on ELF). Pointed out by markus@ and discussed with deraadt@
2002-09-25remove rc5Markus Friedl
2002-09-23pull in fix from openssl-0.9.7-stable-SNAP-20020921:Markus Friedl
*) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes). [Bodo Moeller]
2002-09-17use arc4random instead of /dev/arandom,Markus Friedl
allows RAND_poll after chroot, ok deraadt, fgsch
2002-09-17undo local change, HMAC_Init() already does HMAC_CTX_init if(key && md)Markus Friedl
2002-09-16sync with 0.9.7-beta3Markus Friedl
2002-09-16remove generated file (from -beta3)Markus Friedl
2002-09-14merge with openssl-0.9.7-stable-SNAP-20020911,Markus Friedl
new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
2002-09-12import openssl-0.9.7-stable-SNAP-20020911 (without idea)Markus Friedl
2002-09-10evp.h should not pull in all other header files, especiallyMarkus Friedl
since it's supposed to hid the specific ciphers. this change also avoids problems when evp is used together with kerberos (and <des.h>). ok deraadt@
2002-09-10merge openssl-0.9.7-beta3, tested on vax by miod@Markus Friedl