Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						05bbbe9204 
					 
					
						
						
							
							PR: 2295  
						
						... 
						
						
						
						Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com >
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination. 
						
						
					 
					
						2010-10-11 23:28:54 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Laurie 
							
						 
					 
					
						
						
							
						
						d886975835 
					 
					
						
						
							
							Fix gcc 4.6 warnings. Check TLS server hello extension length.  
						
						
						
						
					 
					
						2010-06-12 13:18:58 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Laurie 
							
						 
					 
					
						
						
							
						
						4e92353d23 
					 
					
						
						
							
							Make it build, plus make depend.  
						
						
						
						
					 
					
						2009-09-27 14:04:33 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						3cc52ee97a 
					 
					
						
						
							
							Don't set non fips allow flags when calling RSA_new() and DSA_new().  
						
						
						
						
					 
					
						2009-09-22 11:28:05 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						cf51a0dccb 
					 
					
						
						
							
							Seed PRNG with DSA and ECDSA digests for additional protection against  
						
						... 
						
						
						
						possible PRNG state duplication. 
						
						
					 
					
						2009-09-09 12:07:41 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						3795297af8 
					 
					
						
						
							
							Change old obsolete email address...  
						
						
						
						
					 
					
						2008-11-05 18:36:57 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						e852835da6 
					 
					
						
						
							
							Make update: delete duplicate error code.  
						
						
						
						
					 
					
						2008-09-17 17:11:09 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						d83dde6180 
					 
					
						
						
							
							Merge changes to build system from fips branch.  
						
						
						
						
					 
					
						2008-09-16 21:44:57 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						e3f2860e73 
					 
					
						
						
							
							Merge public key FIPS code, RSA, DSA, DH.  
						
						
						
						
					 
					
						2008-09-16 14:55:26 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						1af12ff1d1 
					 
					
						
						
							
							Fix error code discrepancy.  
						
						... 
						
						
						
						Make update. 
						
						
					 
					
						2008-09-14 16:43:37 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						fb8fcce2ac 
					 
					
						
						
							
							Fix from fips branch.  
						
						
						
						
					 
					
						2007-10-05 16:47:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bodo Möller 
							
						 
					 
					
						
						
							
						
						7cdb81582c 
					 
					
						
						
							
							Change to mitigate branch prediction attacks  
						
						... 
						
						
						
						Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller 
						
						
					 
					
						2007-03-28 00:14:25 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						4a0d3530e0 
					 
					
						
						
							
							Update from HEAD.  
						
						
						
						
					 
					
						2007-01-21 13:16:49 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						115fc340cb 
					 
					
						
						
							
							Rebuild error file C source files.  
						
						
						
						
					 
					
						2006-11-21 20:14:46 +00:00 
						 
				 
			
				
					
						
							
							
								Mark J. Cox 
							
						 
					 
					
						
						
							
						
						951dfbb13a 
					 
					
						
						
							
							Introduce limits to prevent malicious keys being able to  
						
						... 
						
						
						
						cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team] 
						
						
					 
					
						2006-09-28 11:29:03 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						9f85fcefdc 
					 
					
						
						
							
							Update filenames in makefiles  
						
						
						
						
					 
					
						2006-02-04 01:49:36 +00:00 
						 
				 
			
				
					
						
							
							
								Nils Larsch 
							
						 
					 
					
						
						
							
						
						4913b88f70 
					 
					
						
						
							
							make  
						
						... 
						
						
						
						./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
	make all test
work again (+ make update)
PR: 1159 
						
						
					 
					
						2005-07-16 11:13:10 +00:00 
						 
				 
			
				
					
						
							
							
								Bodo Möller 
							
						 
					 
					
						
						
							
						
						cad811fc41 
					 
					
						
						
							
							Use BN_with_flags() in a cleaner way.  
						
						
						
						
					 
					
						2005-05-27 15:39:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bodo Möller 
							
						 
					 
					
						
						
							
						
						e4106a4e24 
					 
					
						
						
							
							make sure DSA signing exponentiations really are constant-time  
						
						
						
						
					 
					
						2005-05-26 04:40:57 +00:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						ce92b6eb9c 
					 
					
						
						
							
							Further BUILDENV refinement, further fool-proofing of Makefiles and  
						
						... 
						
						
						
						[most importantly] put back dependencies accidentaly eliminated in
check-in #13342 . 
						
						
					 
					
						2005-05-16 16:55:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bodo Möller 
							
						 
					 
					
						
						
							
						
						46a643763d 
					 
					
						
						
							
							Implement fixed-window exponentiation to mitigate hyper-threading  
						
						... 
						
						
						
						timing attacks.
BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller 
						
						
					 
					
						2005-05-16 01:43:31 +00:00 
						 
				 
			
				
					
						
							
							
								Andy Polyakov 
							
						 
					 
					
						
						
							
						
						81a86fcf17 
					 
					
						
						
							
							Fool-proofing Makefiles  
						
						
						
						
					 
					
						2005-05-15 22:23:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bodo Möller 
							
						 
					 
					
						
						
							
						
						b0ac0a8ef8 
					 
					
						
						
							
							improve comment readability  
						
						
						
						
					 
					
						2005-05-09 00:06:54 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						879b19801a 
					 
					
						
						
							
							Change method_mont_p from (char *) to (BN_MONT_CTX *) and remove several  
						
						... 
						
						
						
						casts. 
						
						
					 
					
						2005-04-27 00:04:59 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						6ec8e63af6 
					 
					
						
						
							
							Port BN_MONT_CTX_set_locked() from stable branch.  
						
						... 
						
						
						
						The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change. 
						
						
					 
					
						2005-04-26 23:58:54 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Laurie 
							
						 
					 
					
						
						
							
						
						e9ad6665a5 
					 
					
						
						
							
							Add debug target, remove cast, note possible bug.  
						
						
						
						
					 
					
						2005-04-23 06:05:24 +00:00 
						 
				 
			
				
					
						
							
							
								Nils Larsch 
							
						 
					 
					
						
						
							
						
						ff22e913a3 
					 
					
						
						
							
							- use BN_set_negative and BN_is_negative instead of BN_set_sign  
						
						... 
						
						
						
						and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)" 
						
						
					 
					
						2005-04-22 20:02:44 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						29dc350813 
					 
					
						
						
							
							Rebuild error codes.  
						
						
						
						
					 
					
						2005-04-12 16:15:22 +00:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						4bb61becbb 
					 
					
						
						
							
							Add emacs cache files to .cvsignore.  
						
						
						
						
					 
					
						2005-04-11 14:17:07 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Laurie 
							
						 
					 
					
						
						
							
						
						41a15c4f0f 
					 
					
						
						
							
							Give everything prototypes (well, everything that's actually used).  
						
						
						
						
					 
					
						2005-03-31 09:26:39 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Laurie 
							
						 
					 
					
						
						
							
						
						42ba5d2329 
					 
					
						
						
							
							Blow away Makefile.ssl.  
						
						
						
						
					 
					
						2005-03-30 13:05:57 +00:00 
						 
				 
			
				
					
						
							
							
								Nils Larsch 
							
						 
					 
					
						
						
							
						
						c01d2b974e 
					 
					
						
						
							
							when building with OPENSSL_NO_DEPRECATED defined BN_zero is a macro  
						
						... 
						
						
						
						which cannot be evaluated in an if statement 
						
						
					 
					
						2005-03-28 15:06:29 +00:00 
						 
				 
			
				
					
						
							
							
								Dr. Stephen Henson 
							
						 
					 
					
						
						
							
						
						41c70d47d7 
					 
					
						
						
							
							Remaing bits of PR:620 relevant to 0.9.8.  
						
						
						
						
					 
					
						2004-12-05 01:50:56 +00:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						a2ac429da2 
					 
					
						
						
							
							Don't use $(EXHEADER) directly in for loops, as most shells will break  
						
						... 
						
						
						
						if $(EXHEADER) is empty.
Notified by many, solution suggested by Carson Gaspar <carson@taltos.org > 
						
						
					 
					
						2004-11-02 23:55:01 +00:00 
						 
				 
			
				
					
						
							
							
								Geoff Thorpe 
							
						 
					 
					
						
						
							
						
						9c52d2cc75 
					 
					
						
						
							
							After the latest round of header-hacking, regenerate the dependencies in  
						
						... 
						
						
						
						the Makefiles. NB: this commit is probably going to generate a huge posting
and it is highly uninteresting to read. 
						
						
					 
					
						2004-05-17 19:26:06 +00:00 
						 
				 
			
				
					
						
							
							
								Geoff Thorpe 
							
						 
					 
					
						
						
							
						
						0f814687b9 
					 
					
						
						
							
							Deprecate the recursive includes of bn.h from various API headers (asn1.h,  
						
						... 
						
						
						
						dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros. 
						
						
					 
					
						2004-05-17 19:14:22 +00:00 
						 
				 
			
				
					
						
							
							
								Geoff Thorpe 
							
						 
					 
					
						
						
							
						
						08e1cbc62c 
					 
					
						
						
							
							The new BN_CTX code makes this sort of abuse unnecessary.  
						
						
						
						
					 
					
						2004-04-28 18:34:39 +00:00 
						 
				 
			
				
					
						
							
							
								Geoff Thorpe 
							
						 
					 
					
						
						
							
						
						c57bc2dc51 
					 
					
						
						
							
							make update  
						
						
						
						
					 
					
						2004-04-19 18:33:41 +00:00 
						 
				 
			
				
					
						
							
							
								Geoff Thorpe 
							
						 
					 
					
						
						
							
						
						60a938c6bc 
					 
					
						
						
							
							(oops) Apologies all, that last header-cleanup commit was from the wrong  
						
						... 
						
						
						
						tree. This further reduces header interdependencies, and makes some
associated cleanups. 
						
						
					 
					
						2004-04-19 18:09:28 +00:00 
						 
				 
			
				
					
						
							
							
								Geoff Thorpe 
							
						 
					 
					
						
						
							
						
						3a87a9b9db 
					 
					
						
						
							
							Reduce header interdependencies, initially in engine.h (the rest of the  
						
						... 
						
						
						
						changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic. 
						
						
					 
					
						2004-04-19 17:46:04 +00:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						79b42e7654 
					 
					
						
						
							
							Use sh explicitely to run point.sh  
						
						... 
						
						
						
						This is part of a large change submitted by Markus Friedl <markus@openbsd.org > 
						
						
					 
					
						2003-12-27 14:59:07 +00:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						4d8743f490 
					 
					
						
						
							
							Netware-specific changes,  
						
						... 
						
						
						
						PR: 780
Submitted by: Verdon Walker <VWalker@novell.com >
Reviewed by: Richard Levitte 
						
						
					 
					
						2003-11-28 13:10:58 +00:00 
						 
				 
			
				
					
						
							
							
								Geoff Thorpe 
							
						 
					 
					
						
						
							
						
						2aaec9cced 
					 
					
						
						
							
							Update any code that was using deprecated functions so that everything builds  
						
						... 
						
						
						
						and links with OPENSSL_NO_DEPRECATED defined. 
						
						
					 
					
						2003-10-29 04:14:08 +00:00 
						 
				 
			
				
					
						
							
							
								Geoff Thorpe 
							
						 
					 
					
						
						
							
						
						9d473aa2e4 
					 
					
						
						
							
							When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should  
						
						... 
						
						
						
						be) precompiled out in the API headers. This change is to ensure that if
it is defined when compiling openssl, the deprecated functions aren't
implemented either. 
						
						
					 
					
						2003-10-29 04:06:50 +00:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						d1465bac90 
					 
					
						
						
							
							make update  
						
						
						
						
					 
					
						2003-05-01 04:10:32 +00:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						1a0c1f9052 
					 
					
						
						
							
							make update  
						
						
						
						
					 
					
						2003-04-10 20:11:09 +00:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						43eb3b0130 
					 
					
						
						
							
							We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form  
						
						... 
						
						
						
						of unneeded includes of openssl/engine.h. 
						
						
					 
					
						2003-04-08 06:00:05 +00:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						3ae70939ba 
					 
					
						
						
							
							Correct a lot of printing calls.  Remove extra arguments...  
						
						
						
						
					 
					
						2003-04-03 23:39:48 +00:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						751ff1d376 
					 
					
						
						
							
							Make sure we get the definition of OPENSSL_NO_DSA and OPENSSL_NO_SHA.  
						
						
						
						
					 
					
						2003-03-20 23:21:51 +00:00 
						 
				 
			
				
					
						
							
							
								Richard Levitte 
							
						 
					 
					
						
						
							
						
						78951e7711 
					 
					
						
						
							
							Make sure we get the definition of OPENSSL_NO_ERR.  
						
						
						
						
					 
					
						2003-03-20 23:19:41 +00:00