summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2003-04-05Trivial sprintf() -> snprintf() changes. ok deraadt@Hakan Olsson
2003-04-04more strcpy & sprintf murder; ho okTheo de Raadt
2003-04-03Correct off-by-one error in previous commit. millert@ ok.Hakan Olsson
2003-04-03str{cat,cpy}/sprintf cleanup. markus@, deraadt@ okHakan Olsson
2003-04-03Remove crypt macro, it conflicts with unistd.hHans Insulander
ok markus@
2003-03-19Fix for Klima-Pokorny-Rosa attack on RSA in SSL/TLS, seeMarkus Friedl
http://marc.theaimsgroup.com/?l=bugtraq&m=104811162730834&w=2
2003-03-17update to official patch from openssl.org; ok deraadt@, millert@Markus Friedl
2003-03-16Less strcpy/strcat/sprintf. tdeval@ ok.Hakan Olsson
2003-03-15Enforce blinding on RSA operations involving private keys.Hakan Olsson
From http://www.openssl.org/~geoff, modified to be enabled at all times.
2003-02-28DSAparams_print_pf() -> DSAparams_print_fp()Cedric Berger
ok deraadt@
2003-02-21check for size < 0 when allocating memory, from openssl (-r1.34)Markus Friedl
2003-02-19security fix from openssl 0.9.7a:Markus Friedl
In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked via timing by performing a MAC computation even if incorrrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CAN-2003-0078)
2003-01-04spellingTheo de Raadt
2002-12-03Crank all library major numbers. Needed due to the fact that weTodd C. Miller
now build libraries with propolice enabled. Without this, existing binaries (such as ports/packages) that link with any system library other than libc will fail with an undefined symbol of "___guard" (__guard on ELF). Pointed out by markus@ and discussed with deraadt@
2002-09-25remove rc5Markus Friedl
2002-09-23pull in fix from openssl-0.9.7-stable-SNAP-20020921:Markus Friedl
*) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes). [Bodo Moeller]
2002-09-17use arc4random instead of /dev/arandom,Markus Friedl
allows RAND_poll after chroot, ok deraadt, fgsch
2002-09-17undo local change, HMAC_Init() already does HMAC_CTX_init if(key && md)Markus Friedl
2002-09-16sync with 0.9.7-beta3Markus Friedl
2002-09-16remove generated file (from -beta3)Markus Friedl
2002-09-14merge with openssl-0.9.7-stable-SNAP-20020911,Markus Friedl
new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
2002-09-12import openssl-0.9.7-stable-SNAP-20020911 (without idea)Markus Friedl
2002-09-10evp.h should not pull in all other header files, especiallyMarkus Friedl
since it's supposed to hid the specific ciphers. this change also avoids problems when evp is used together with kerberos (and <des.h>). ok deraadt@
2002-09-10merge openssl-0.9.7-beta3, tested on vax by miod@Markus Friedl
2002-09-05import openssl-0.9.7-beta3Markus Friedl
2002-09-05merge with 0.9.7-beta1Markus Friedl
2002-09-05import openssl-0.9.7-beta1Markus Friedl
2002-09-05import openssl-0.9.7-beta1Markus Friedl
2002-09-04more cruftMarkus Friedl
2002-09-04more cruft.Markus Friedl
2002-09-04sync formatting with 0.9.7Markus Friedl
2002-09-04execute bourne shell scripts with 'sh' and not with $SHELLMarkus Friedl
2002-09-03sync tests with 0.9.7-beta1Markus Friedl
2002-09-03remove whitespace changes (keep diffs to 0.9.7-beta1 minimal)Markus Friedl
2002-09-03sync these files with openssl-0.9.7-beta1, tooMarkus Friedl
2002-09-03unused files, not part of OpenSSL 0.9.7Markus Friedl
2002-08-30protect <openssl/krb5_asn.h> with OPENSSL_NO_KRB5Markus Friedl
2002-08-30do not modify input files, allows ro source builds; tested by fries@Markus Friedl
2002-08-05Better fixes from openssl cvs; from markus@Miod Vallat
2002-08-02typo; from openssl cvsMarkus Friedl
2002-07-30sync with http://www.openssl.org/news/patch_20020730_0_9_7.txtMarkus Friedl
(adds fix for unused kerberos and engine code, and some more assertions, as well as a 64bit integer string fix for conf_mod.c)
2002-07-30apply patches from OpenSSL Security Advisory [30 July 2002],Markus Friedl
http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2
2002-07-19remove #define crypt DES_crypt; ok deraadt@Markus Friedl
2002-07-16correct memset arguments; from Moritz Jodeit <moritz@jodeit.org> via PR/2822.Federico G. Schwindt
2002-07-07enviroment -> environmentJan-Uwe Finck
2002-06-20remove support for RC4 via /dev/crypto, suggested by Niels; ok provos@Markus Friedl
2002-06-19do not syslog from libraries!Theo de Raadt
2002-06-19KNF, -Wall, and other cleanups. still does not failover 100% correctlyTheo de Raadt
for operations when /dev/crypto is missing, for instance in chroot
2002-06-19stupid stupid bug ja ja ja jaTheo de Raadt
2002-06-18unbreak sshd with privsep: open /dev/crypto, keep fd, and callMarkus Friedl
CRIOGET per EVP_Init(); ok niklas@, miod@