oweals/openssl.git
15 years agoUpdate from 1.0.0-stable.
Dr. Stephen Henson [Wed, 22 Apr 2009 17:37:47 +0000 (17:37 +0000)]
Update from 1.0.0-stable.

15 years agoPR: 1751
Dr. Stephen Henson [Sun, 19 Apr 2009 18:08:12 +0000 (18:08 +0000)]
PR: 1751
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.

15 years agoUpdate .cvsignore
Dr. Stephen Henson [Sun, 19 Apr 2009 15:17:49 +0000 (15:17 +0000)]
Update .cvsignore

15 years agoTypo.
Dr. Stephen Henson [Sun, 19 Apr 2009 15:16:21 +0000 (15:16 +0000)]
Typo.

15 years agoPQGVer support.
Dr. Stephen Henson [Sun, 19 Apr 2009 14:04:55 +0000 (14:04 +0000)]
PQGVer support.

15 years agoMinor format change to match expected PQGVer format.
Dr. Stephen Henson [Sun, 19 Apr 2009 13:44:43 +0000 (13:44 +0000)]
Minor format change to match expected PQGVer format.

15 years agoAdd DES3 CFB1 mode tests.
Dr. Stephen Henson [Sat, 18 Apr 2009 22:41:46 +0000 (22:41 +0000)]
Add DES3 CFB1 mode tests.

15 years agoFixes to make DES3 cfb1 work.
Dr. Stephen Henson [Sat, 18 Apr 2009 22:41:17 +0000 (22:41 +0000)]
Fixes to make DES3 cfb1 work.

15 years agoUpdate from 1.0.0-stable.
Dr. Stephen Henson [Thu, 16 Apr 2009 16:43:18 +0000 (16:43 +0000)]
Update from 1.0.0-stable.

15 years agoPR: 1829
Dr. Stephen Henson [Tue, 14 Apr 2009 15:20:48 +0000 (15:20 +0000)]
PR: 1829
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timer bug fix from 1.0.0-stable with fixes.

15 years agoPR: 1647
Dr. Stephen Henson [Tue, 14 Apr 2009 14:28:33 +0000 (14:28 +0000)]
PR: 1647
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Renogotiation bug fix.

15 years agoFix from 1.0.0-stable.
Dr. Stephen Henson [Wed, 8 Apr 2009 15:58:26 +0000 (15:58 +0000)]
Fix from 1.0.0-stable.

15 years agoSubmitted by: Darryl Miles <darryl-mailinglists@netbauds.net>
Dr. Stephen Henson [Tue, 7 Apr 2009 16:28:30 +0000 (16:28 +0000)]
Submitted by:  Darryl Miles <darryl-mailinglists@netbauds.net>
Approved by: steve@openssl.org

Handle non-blocking I/O properly in SSL_shutdown() call.

15 years agoPR: 1795
Dr. Stephen Henson [Tue, 7 Apr 2009 12:10:12 +0000 (12:10 +0000)]
PR: 1795
Submitted by: Peter Edwards <peter.edwards@vordel.com>
Approved by: steve@openssl.org

Avoid race condition by sorting cipher list straight away.

15 years agoPR: 1700
Dr. Stephen Henson [Fri, 3 Apr 2009 16:54:04 +0000 (16:54 +0000)]
PR: 1700
Submitted by: "Robbins, Aharon" <aharon.robbins@intel.com>
Approved by: steve@openssl.org

#undef X509_EXTENSIONS for WIN32 too.

15 years agoUpdate from 1.0.0-stable
Dr. Stephen Henson [Fri, 3 Apr 2009 16:28:20 +0000 (16:28 +0000)]
Update from 1.0.0-stable

15 years agoPR: 1616
Dr. Stephen Henson [Fri, 3 Apr 2009 11:36:49 +0000 (11:36 +0000)]
PR: 1616
Submitted by: Dequin_Eric@emc.com
Approved by: steve@openssl.org

Check tree->levels to ensure malloc worked.

15 years agoPR: 1827
Dr. Stephen Henson [Thu, 2 Apr 2009 22:34:59 +0000 (22:34 +0000)]
PR: 1827
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix application data in handshake bug.

15 years agoPR: 1828
Dr. Stephen Henson [Thu, 2 Apr 2009 22:32:16 +0000 (22:32 +0000)]
PR: 1828
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS retransmission bug.

15 years agoPR: 1826
Dr. Stephen Henson [Thu, 2 Apr 2009 22:28:35 +0000 (22:28 +0000)]
PR: 1826
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Client random bug fix.

15 years agoOoops, revert patch... due to non-portable gettimeofday call.
Dr. Stephen Henson [Thu, 2 Apr 2009 22:19:07 +0000 (22:19 +0000)]
Ooops, revert patch... due to non-portable gettimeofday call.

15 years agoPR: 1829
Dr. Stephen Henson [Thu, 2 Apr 2009 22:16:02 +0000 (22:16 +0000)]
PR: 1829
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timer bug fix.

15 years agoPR: 1838
Dr. Stephen Henson [Thu, 2 Apr 2009 22:12:13 +0000 (22:12 +0000)]
PR: 1838
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS fragment bug.

15 years agoTypo.
Dr. Stephen Henson [Wed, 25 Mar 2009 22:22:42 +0000 (22:22 +0000)]
Typo.

15 years agoSubmitted by: Ilya O. <vrghost@gmail.com>
Dr. Stephen Henson [Wed, 25 Mar 2009 19:01:03 +0000 (19:01 +0000)]
Submitted by: Ilya O. <vrghost@gmail.com>
Approved by: steve@openssl.org

Add 2.5.4.* OIDs.

15 years agoPrepare for next version.
Dr. Stephen Henson [Wed, 25 Mar 2009 13:02:49 +0000 (13:02 +0000)]
Prepare for next version.

15 years agoAaargh.... wrong version number....
Dr. Stephen Henson [Wed, 25 Mar 2009 12:08:14 +0000 (12:08 +0000)]
Aaargh.... wrong version number....

15 years agoMake update.
Dr. Stephen Henson [Wed, 25 Mar 2009 10:59:22 +0000 (10:59 +0000)]
Make update.

15 years agoPrepare for 0.9.8k release.
Dr. Stephen Henson [Wed, 25 Mar 2009 10:46:56 +0000 (10:46 +0000)]
Prepare for 0.9.8k release.

15 years agoPR: 1868
Dr. Stephen Henson [Wed, 25 Mar 2009 10:42:34 +0000 (10:42 +0000)]
PR: 1868
Submitted by: Paolo Ganci <Paolo.Ganci@AdNovum.CH>
Approved by: steve@openssl.org

Don't set fields to NULL when freeing them up in ASN1 code. On some platforms
with sizeof(long) < sizeof(char *) this can cause a crash.

15 years agoSubmitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Dr. Stephen Henson [Wed, 25 Mar 2009 10:40:32 +0000 (10:40 +0000)]
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Approved by: steve@openssl.org

Check return code properly in CMS_SignerInfo_verify_content().

15 years agoReject BMPStrings and UniversalStrings of invalid length. This prevents
Dr. Stephen Henson [Wed, 25 Mar 2009 10:35:57 +0000 (10:35 +0000)]
Reject BMPStrings and UniversalStrings of invalid length. This prevents
a crash in ASN1_STRING_print_ex() which assumes they are valid.

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Mon, 23 Mar 2009 21:11:50 +0000 (21:11 +0000)]
Update from HEAD.

15 years agodes_enc.m4, SPARC DES assembler, update from HEAD: make it Purify-friendly.
Andy Polyakov [Mon, 16 Mar 2009 13:43:43 +0000 (13:43 +0000)]
des_enc.m4, SPARC DES assembler, update from HEAD: make it Purify-friendly.
As side effect it introduces duplicate of 2KB DES_SPtrans table.

15 years agoOops.
Dr. Stephen Henson [Sun, 15 Mar 2009 14:03:29 +0000 (14:03 +0000)]
Oops.

15 years agoDon't force S/MIME signing purpose: allow it to be overridden by store
Dr. Stephen Henson [Sun, 15 Mar 2009 13:36:01 +0000 (13:36 +0000)]
Don't force S/MIME signing purpose: allow it to be overridden by store
settings.

Don't set default values in X509_VERIFY_PARAM_new(): it stops parameters
being inherited properly.

15 years agoPermit nested ASN1 string encoding but with a maximum depth to avoid
Dr. Stephen Henson [Sat, 14 Mar 2009 18:33:25 +0000 (18:33 +0000)]
Permit nested ASN1 string encoding but with a maximum depth to avoid
stack overflow.

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Sat, 14 Mar 2009 12:40:46 +0000 (12:40 +0000)]
Update from HEAD.

15 years agoPR: 1863
Dr. Stephen Henson [Sat, 14 Mar 2009 12:26:03 +0000 (12:26 +0000)]
PR: 1863
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Reviewed by: steve@openssl.org

Check return value, use OPENSSL_assert and unsigned int.

15 years agoPR: 1846
Dr. Stephen Henson [Sat, 14 Mar 2009 12:07:42 +0000 (12:07 +0000)]
PR: 1846
Submitted by: Andrea Schoenberg <asg@ftpproxy.org>
Reviewed by: steve@openssl.org

Fix for HP Nonstop(Tandem) systems.

15 years agoFix from HEAD.
Dr. Stephen Henson [Thu, 12 Mar 2009 17:31:18 +0000 (17:31 +0000)]
Fix from HEAD.

15 years agoUpdate from head.
Dr. Stephen Henson [Thu, 12 Mar 2009 17:13:44 +0000 (17:13 +0000)]
Update from head.

15 years agoPR: 1861
Dr. Stephen Henson [Thu, 12 Mar 2009 17:09:46 +0000 (17:09 +0000)]
PR: 1861

l must be > 0 or array will be accessed out of bounds.

15 years agoPR: 1856
Dr. Stephen Henson [Mon, 9 Mar 2009 13:07:16 +0000 (13:07 +0000)]
PR: 1856

Check return value of PKCS12_add_safes()

15 years agoPR: 1859
Dr. Stephen Henson [Mon, 9 Mar 2009 12:17:56 +0000 (12:17 +0000)]
PR: 1859
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Don't affect echo on/off state for calling scripts.

15 years agoPR: 1860
Dr. Stephen Henson [Mon, 9 Mar 2009 12:14:08 +0000 (12:14 +0000)]
PR: 1860
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openss.org

Make Windows build more silent.

15 years agoPR: 1858
Dr. Stephen Henson [Mon, 9 Mar 2009 12:09:03 +0000 (12:09 +0000)]
PR: 1858
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Make OPENSSL_NO_SOCK work.

15 years agoPR: 1857
Dr. Stephen Henson [Mon, 9 Mar 2009 12:06:23 +0000 (12:06 +0000)]
PR: 1857
Submitted by: Jurko GospodnetiÄ\87 <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Make OPENSSL_NO_FP_API work again.

15 years agoPR: 1841
Dr. Stephen Henson [Sun, 8 Mar 2009 23:05:34 +0000 (23:05 +0000)]
PR: 1841
Submitted by: Martin Kaiser <lists@kaiser.cx>
Reviewed by: steve@openssl.org

Remove unused code.

15 years agoFix display of all 0 IPv6 address (from Rob Austein).
Ben Laurie [Sun, 8 Mar 2009 10:48:03 +0000 (10:48 +0000)]
Fix display of all 0 IPv6 address (from Rob Austein).

15 years agoSubmitted by: Jeremy Shapiro <jnshapir@us.ibm.com>
Dr. Stephen Henson [Sat, 7 Mar 2009 16:58:43 +0000 (16:58 +0000)]
Submitted by: Jeremy Shapiro <jnshapir@us.ibm.com>
Reviewed by: steve@openssl.org

Improve efficientcy of mem_gets().

15 years agoOoops @ should be for the if command not set.
Dr. Stephen Henson [Tue, 3 Mar 2009 22:40:29 +0000 (22:40 +0000)]
Ooops @ should be for the if command not set.

15 years agoOnly require -iv for ciphers that use an IV!
Ben Laurie [Tue, 3 Mar 2009 15:07:35 +0000 (15:07 +0000)]
Only require -iv for ciphers that use an IV!

15 years agoUse the correct length (reported by Quanhong Wang).
Ben Laurie [Tue, 3 Mar 2009 15:06:49 +0000 (15:06 +0000)]
Use the correct length (reported by Quanhong Wang).

15 years agoDo a "make links" in fips directory even if not compiling for fips.
Dr. Stephen Henson [Wed, 25 Feb 2009 23:29:20 +0000 (23:29 +0000)]
Do a "make links" in fips directory even if not compiling for fips.

15 years agoFix memory leak.
Ben Laurie [Mon, 23 Feb 2009 16:02:47 +0000 (16:02 +0000)]
Fix memory leak.

15 years agoDo not link nonexistent file.
Ben Laurie [Wed, 18 Feb 2009 10:43:10 +0000 (10:43 +0000)]
Do not link nonexistent file.

15 years agoFix FIPS typo.
Ben Laurie [Wed, 18 Feb 2009 10:27:23 +0000 (10:27 +0000)]
Fix FIPS typo.

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Mon, 16 Feb 2009 23:24:06 +0000 (23:24 +0000)]
Update from HEAD.

15 years agoData not initialised.
Richard Levitte [Mon, 16 Feb 2009 15:17:26 +0000 (15:17 +0000)]
Data not initialised.
Notified by Gerardo Ganis <gerardo.ganis@cern.ch>

15 years agoUse shared dev team flags, fix resulting warning.
Ben Laurie [Mon, 16 Feb 2009 08:44:23 +0000 (08:44 +0000)]
Use shared dev team flags, fix resulting warning.

15 years agoDon't eat the whole word for -d. This allows -debug to be passed to
Ben Laurie [Mon, 16 Feb 2009 08:43:41 +0000 (08:43 +0000)]
Don't eat the whole word for -d. This allows -debug to be passed to
the compiler.

15 years agoInclude common warning options in 0.9.8, fix warnings in debug-steve64.
Dr. Stephen Henson [Sun, 15 Feb 2009 15:46:46 +0000 (15:46 +0000)]
Include common warning options in 0.9.8, fix warnings in debug-steve64.

15 years agoPR: 1422
Dr. Stephen Henson [Sun, 15 Feb 2009 12:10:39 +0000 (12:10 +0000)]
PR: 1422

Fix return value of X509_NAME_cmp() so it works with qsort/bsearch again.

15 years agoSkip engines directory if no-engine
Dr. Stephen Henson [Sat, 14 Feb 2009 23:08:31 +0000 (23:08 +0000)]
Skip engines directory if no-engine

15 years agoPR: 1840
Dr. Stephen Henson [Sat, 14 Feb 2009 22:19:31 +0000 (22:19 +0000)]
PR: 1840
Submitted by: Martin Kaiser <lists@kaiser.cx>
Approved by: steve@openssl.org

Handle NULL passing in parameter and BN_CTX_new() error correctly.

15 years agoPR: 1835
Dr. Stephen Henson [Sat, 14 Feb 2009 21:50:14 +0000 (21:50 +0000)]
PR: 1835
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.

15 years agoInstall the fipsld link script.
Dr. Stephen Henson [Fri, 13 Feb 2009 18:37:31 +0000 (18:37 +0000)]
Install the fipsld link script.

15 years agooops
Bodo Möller [Mon, 2 Feb 2009 00:51:49 +0000 (00:51 +0000)]
oops

15 years agoFor -hex, print just one \n
Bodo Möller [Mon, 2 Feb 2009 00:40:59 +0000 (00:40 +0000)]
For -hex, print just one \n

15 years agoUpdated symbol for VMS
Richard Levitte [Mon, 2 Feb 2009 00:27:57 +0000 (00:27 +0000)]
Updated symbol for VMS

15 years ago-hex option for openssl rand
Bodo Möller [Mon, 2 Feb 2009 00:27:56 +0000 (00:27 +0000)]
-hex option for openssl rand

PR: 1831
Submitted by: Damien Miller

15 years agoMake sure we have a library to link dummytest.o with.
Bodo Möller [Mon, 2 Feb 2009 00:25:00 +0000 (00:25 +0000)]
Make sure we have a library to link dummytest.o with.

15 years agoAdd the CAPI engine
Richard Levitte [Mon, 2 Feb 2009 00:18:09 +0000 (00:18 +0000)]
Add the CAPI engine

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Wed, 28 Jan 2009 12:55:36 +0000 (12:55 +0000)]
Update from HEAD.

15 years agoSupport NumericString for name components.
Dr. Stephen Henson [Wed, 28 Jan 2009 12:35:10 +0000 (12:35 +0000)]
Support NumericString for name components.

15 years agoAdd missing modules
Richard Levitte [Wed, 28 Jan 2009 07:54:16 +0000 (07:54 +0000)]
Add missing modules

15 years agoPR: 1806
Dr. Stephen Henson [Wed, 21 Jan 2009 21:44:52 +0000 (21:44 +0000)]
PR: 1806
Submitted by: philipp_subx@redfish-solutions.com
Approved by: steve

Use ${CC:-gcc} instead of just gcc in domd, to support cross compilation.

15 years agoNo need to add fips to @skip
Dr. Stephen Henson [Mon, 19 Jan 2009 16:42:18 +0000 (16:42 +0000)]
No need to add fips to @skip

15 years agoIf not compiling for fips don't do anything in fips directory.
Dr. Stephen Henson [Mon, 19 Jan 2009 16:40:44 +0000 (16:40 +0000)]
If not compiling for fips don't do anything in fips directory.

Install fipscanister.o and friends from FIPSLIBDIR location.

15 years agoMake it possible to override CC.
Ben Laurie [Sat, 17 Jan 2009 14:36:17 +0000 (14:36 +0000)]
Make it possible to override CC.

15 years agoAnother symbol that's longer than 31 characters.
Richard Levitte [Sat, 17 Jan 2009 12:33:43 +0000 (12:33 +0000)]
Another symbol that's longer than 31 characters.

15 years agoA forgotten module...
Richard Levitte [Sat, 17 Jan 2009 12:33:11 +0000 (12:33 +0000)]
A forgotten module...

15 years agoStop warnings on WIN64
Dr. Stephen Henson [Thu, 15 Jan 2009 12:34:54 +0000 (12:34 +0000)]
Stop warnings on WIN64

15 years agoSome platforms need $(EX_LIBS) when building fips_standalone_sha1 from
Dr. Stephen Henson [Wed, 14 Jan 2009 11:10:33 +0000 (11:10 +0000)]
Some platforms need $(EX_LIBS) when building fips_standalone_sha1 from
an external fipscanister.o

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Wed, 14 Jan 2009 10:46:00 +0000 (10:46 +0000)]
Update from HEAD.

15 years agoOops, remove duplicate entry.
Dr. Stephen Henson [Wed, 7 Jan 2009 23:45:19 +0000 (23:45 +0000)]
Oops, remove duplicate entry.

15 years agoPrepare for next version.
Dr. Stephen Henson [Wed, 7 Jan 2009 23:38:34 +0000 (23:38 +0000)]
Prepare for next version.

15 years agoPrepare for 0.9.8j release. OpenSSL_0_9_8j
Dr. Stephen Henson [Wed, 7 Jan 2009 10:50:54 +0000 (10:50 +0000)]
Prepare for 0.9.8j release.

15 years agoProperly check EVP_VerifyFinal() and similar return values
Dr. Stephen Henson [Wed, 7 Jan 2009 10:48:23 +0000 (10:48 +0000)]
Properly check EVP_VerifyFinal() and similar return values
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team

15 years agoFix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP
Lutz Jänicke [Mon, 5 Jan 2009 14:43:07 +0000 (14:43 +0000)]
Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP

Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.

15 years agomake update.
Dr. Stephen Henson [Mon, 5 Jan 2009 12:47:11 +0000 (12:47 +0000)]
make update.

15 years agoUpdate ordinals.
Dr. Stephen Henson [Wed, 31 Dec 2008 12:00:35 +0000 (12:00 +0000)]
Update ordinals.

15 years agoSynchronize with bn_nist.c from HEAD.
Andy Polyakov [Tue, 30 Dec 2008 13:41:08 +0000 (13:41 +0000)]
Synchronize with bn_nist.c from HEAD.

15 years agoBackport http://cvs.openssl.org/chngview?cn=17710 from HEAD.
Andy Polyakov [Tue, 30 Dec 2008 13:30:57 +0000 (13:30 +0000)]
Backport cvs.openssl.org/chngview?cn=17710 from HEAD.
PR: 1230

15 years agoSome seasoned makes fail to build. For reference. I had problem with Irix
Andy Polyakov [Tue, 30 Dec 2008 13:26:26 +0000 (13:26 +0000)]
Some seasoned makes fail to build. For reference. I had problem with Irix
make which doesn't tolerate empty targets, and fips/Makefile ends up with
one when FIPSCANLIB is empty. Build failed as early as 'make links' phase.

15 years agoUpdate default compiler options for default tls extension config.
Dr. Stephen Henson [Mon, 29 Dec 2008 00:18:23 +0000 (00:18 +0000)]
Update default compiler options for default tls extension config.

Add -Wsign-compare to debug-steve64

15 years agoAvoid signed/unsigned compare warnings.
Dr. Stephen Henson [Mon, 29 Dec 2008 00:17:36 +0000 (00:17 +0000)]
Avoid signed/unsigned compare warnings.

15 years agoBackport aes-x86_64.pl update from HEAD.
Andy Polyakov [Sat, 27 Dec 2008 13:34:30 +0000 (13:34 +0000)]
Backport aes-x86_64.pl update from HEAD.

15 years agoEnable TLS Extensions by default.
Ben Laurie [Fri, 26 Dec 2008 15:27:51 +0000 (15:27 +0000)]
Enable TLS Extensions by default.