oweals/openssl.git
14 years agoIf opensslconf.h and buildinf.h are to be in an architecture specific
Richard Levitte [Fri, 29 Jan 2010 11:43:53 +0000 (11:43 +0000)]
If opensslconf.h and buildinf.h are to be in an architecture specific
directory, place it in the same tree as the other architecture
specific things.

14 years agooops, revert more test code arghh!
Dr. Stephen Henson [Thu, 28 Jan 2010 17:52:18 +0000 (17:52 +0000)]
oops, revert more test code arghh!

14 years agoIn engine_table_select() don't clear out entire error queue: just clear
Dr. Stephen Henson [Thu, 28 Jan 2010 17:50:23 +0000 (17:50 +0000)]
In engine_table_select() don't clear out entire error queue: just clear
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.

14 years agoreword RI description
Dr. Stephen Henson [Wed, 27 Jan 2010 18:53:49 +0000 (18:53 +0000)]
reword RI description

14 years agoupdate documentation to reflect new renegotiation options
Dr. Stephen Henson [Wed, 27 Jan 2010 17:50:20 +0000 (17:50 +0000)]
update documentation to reflect new renegotiation options

14 years agoSome shells print out the directory name if CDPATH is set breaking the
Dr. Stephen Henson [Wed, 27 Jan 2010 16:06:58 +0000 (16:06 +0000)]
Some shells print out the directory name if CDPATH is set breaking the
pod2man test. Use ./util instead to avoid this.

14 years agotypo
Dr. Stephen Henson [Wed, 27 Jan 2010 14:05:15 +0000 (14:05 +0000)]
typo

14 years agoPR: 2157
Dr. Stephen Henson [Wed, 27 Jan 2010 12:55:52 +0000 (12:55 +0000)]
PR: 2157
Submitted by: "Green, Paul" <Paul.Green@stratus.com>

Typo.

14 years agoCosmetic changes, including changing a confusing example.
Richard Levitte [Wed, 27 Jan 2010 09:18:05 +0000 (09:18 +0000)]
Cosmetic changes, including changing a confusing example.

14 years agoApparently, test/testtsa.com was only half done
Richard Levitte [Wed, 27 Jan 2010 01:19:12 +0000 (01:19 +0000)]
Apparently, test/testtsa.com was only half done

14 years agosize_t doesn't compare less than zero...
Richard Levitte [Wed, 27 Jan 2010 01:18:26 +0000 (01:18 +0000)]
size_t doesn't compare less than zero...

14 years agoadd CHANGES entry
Dr. Stephen Henson [Tue, 26 Jan 2010 19:48:10 +0000 (19:48 +0000)]
add CHANGES entry

14 years agoPR: 1949
Dr. Stephen Henson [Tue, 26 Jan 2010 19:46:30 +0000 (19:46 +0000)]
PR: 1949
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.

14 years agoPR: 2138
Dr. Stephen Henson [Tue, 26 Jan 2010 18:07:41 +0000 (18:07 +0000)]
PR: 2138
Submitted by: Kevin Regan <k.regan@f5.com>

Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.

14 years agoAdd flags functions which were added to 0.9.8 for fips but not 1.0.0 and
Dr. Stephen Henson [Tue, 26 Jan 2010 14:33:52 +0000 (14:33 +0000)]
Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and
later.

14 years agoOPENSSL_isservice is now defined on all platforms not just WIN32
Dr. Stephen Henson [Tue, 26 Jan 2010 13:58:49 +0000 (13:58 +0000)]
OPENSSL_isservice is now defined on all platforms not just WIN32

14 years agooops
Dr. Stephen Henson [Tue, 26 Jan 2010 13:56:15 +0000 (13:56 +0000)]
oops

14 years agoexport OPENSSL_isservice and make update
Dr. Stephen Henson [Tue, 26 Jan 2010 13:55:33 +0000 (13:55 +0000)]
export OPENSSL_isservice and make update

14 years agoTypo
Dr. Stephen Henson [Tue, 26 Jan 2010 12:29:48 +0000 (12:29 +0000)]
Typo

14 years agoPR: 2149
Dr. Stephen Henson [Mon, 25 Jan 2010 16:07:51 +0000 (16:07 +0000)]
PR: 2149
Submitted by: Douglas Stebila <douglas@stebila.ca>

Fix wap OIDs.

14 years agoThere's really no need to use $ENV::HOME
Richard Levitte [Mon, 25 Jan 2010 00:22:52 +0000 (00:22 +0000)]
There's really no need to use $ENV::HOME

14 years agoForgot to correct the definition of __arch in this file.
Richard Levitte [Mon, 25 Jan 2010 00:21:14 +0000 (00:21 +0000)]
Forgot to correct the definition of __arch in this file.
Submitted by Steven M. Schweda <sms@antinode.info>

14 years agoIt seems like sslroot: needs to be defined for some tests to work.
Richard Levitte [Mon, 25 Jan 2010 00:20:32 +0000 (00:20 +0000)]
It seems like sslroot: needs to be defined for some tests to work.
Submitted by Steven M. Schweda <sms@antinode.info>

14 years agoCompile t1_reneg on VMS as well.
Richard Levitte [Mon, 25 Jan 2010 00:19:33 +0000 (00:19 +0000)]
Compile t1_reneg on VMS as well.
Submitted by Steven M. Schweda <sms@antinode.info>

14 years agoA few more macros for long symbols.
Richard Levitte [Mon, 25 Jan 2010 00:18:31 +0000 (00:18 +0000)]
A few more macros for long symbols.
Submitted by Steven M. Schweda <sms@antinode.info>

14 years agoPR: 2153, 2125
Dr. Stephen Henson [Sun, 24 Jan 2010 16:57:38 +0000 (16:57 +0000)]
PR: 2153, 2125
Submitted by: steve@openssl.org

The original fix for PR#2125 broke compilation on some Unixware platforms:
revert and make conditional on VMS.

14 years agoThe fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING
Dr. Stephen Henson [Sun, 24 Jan 2010 13:54:07 +0000 (13:54 +0000)]
The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING
ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.

14 years agoTolerate PKCS#8 DSA format with negative private key.
Dr. Stephen Henson [Fri, 22 Jan 2010 20:17:30 +0000 (20:17 +0000)]
Tolerate PKCS#8 DSA format with negative private key.

14 years agoIf legacy renegotiation is not permitted then send a fatal alert if a patched
Dr. Stephen Henson [Fri, 22 Jan 2010 18:49:19 +0000 (18:49 +0000)]
If legacy renegotiation is not permitted then send a fatal alert if a patched
server attempts to renegotiate with an unpatched client.

14 years agotypo
Dr. Stephen Henson [Thu, 21 Jan 2010 18:46:28 +0000 (18:46 +0000)]
typo

14 years agofix comments
Dr. Stephen Henson [Thu, 21 Jan 2010 01:17:45 +0000 (01:17 +0000)]
fix comments

14 years agoupdate version for next beta if we have one...
Dr. Stephen Henson [Wed, 20 Jan 2010 15:40:27 +0000 (15:40 +0000)]
update version for next beta if we have one...

14 years agomake update OpenSSL_1_0_0-beta5
Dr. Stephen Henson [Wed, 20 Jan 2010 15:05:52 +0000 (15:05 +0000)]
make update

14 years agoPrepare for beta5 release
Dr. Stephen Henson [Wed, 20 Jan 2010 15:00:49 +0000 (15:00 +0000)]
Prepare for beta5 release

14 years agoUpdate demo
Dr. Stephen Henson [Wed, 20 Jan 2010 14:05:56 +0000 (14:05 +0000)]
Update demo

14 years agoSupport -L options in VC++ link.
Dr. Stephen Henson [Wed, 20 Jan 2010 14:04:55 +0000 (14:04 +0000)]
Support -L options in VC++ link.

14 years agorand_win.c: handel GetTickCount wrap-around [from HEAD].
Andy Polyakov [Tue, 19 Jan 2010 21:44:07 +0000 (21:44 +0000)]
rand_win.c: handel GetTickCount wrap-around [from HEAD].

14 years agox86_64-xlate.pl: refine sign extension logic when handling lea [from HEAD].
Andy Polyakov [Tue, 19 Jan 2010 21:43:05 +0000 (21:43 +0000)]
x86_64-xlate.pl: refine sign extension logic when handling lea [from HEAD].
PR: 2094,2095

14 years agos390x assembler update: add support for run-time facility detection [from HEAD].
Andy Polyakov [Tue, 19 Jan 2010 21:40:58 +0000 (21:40 +0000)]
s390x assembler update: add support for run-time facility detection [from HEAD].

14 years agoThe use of NIDs in the password based encryption table can result in
Dr. Stephen Henson [Tue, 19 Jan 2010 19:55:47 +0000 (19:55 +0000)]
The use of NIDs in the password based encryption table can result in
algorithms not found when an application uses PKCS#12 and only calls
SSL_library_init() instead of OpenSSL_add_all_algorithms(). Simple
work around is to add the missing algorithm (40 bit RC2) in
SSL_library_init().

14 years agoPR: 2141
Dr. Stephen Henson [Tue, 19 Jan 2010 19:28:03 +0000 (19:28 +0000)]
PR: 2141
Submitted by: "NARUSE, Yui" <naruse@airemix.jp>

Remove non-ASCII comment which causes compilation errors on some versions
of VC++.

14 years agostop asn1test compilation producing link errors
Dr. Stephen Henson [Tue, 19 Jan 2010 19:25:16 +0000 (19:25 +0000)]
stop asn1test compilation producing link errors

14 years agoPR: 2144
Dr. Stephen Henson [Tue, 19 Jan 2010 19:11:21 +0000 (19:11 +0000)]
PR: 2144
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Better fix for PR#2144

14 years agoReverted patch for PR#2095. Addressed by Andy now in x86_64-xlate.pl
Dr. Stephen Henson [Sun, 17 Jan 2010 16:58:56 +0000 (16:58 +0000)]
Reverted patch for PR#2095. Addressed by Andy now in x86_64-xlate.pl

14 years agoPR: 2135
Dr. Stephen Henson [Sat, 16 Jan 2010 20:06:10 +0000 (20:06 +0000)]
PR: 2135
Submitted by: Mike Frysinger <vapier@gentoo.org>

Change missed references to lib to $(LIBDIR)

14 years agoPR: 2144
Dr. Stephen Henson [Sat, 16 Jan 2010 19:45:59 +0000 (19:45 +0000)]
PR: 2144
Submitted by: steve@openssl.org

Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.

14 years agoPR: 2133
Dr. Stephen Henson [Sat, 16 Jan 2010 19:20:38 +0000 (19:20 +0000)]
PR: 2133
Submitted by: steve@openssl.org

Add missing DTLS state strings.

14 years agoFix type-checking/casting issue.
Ben Laurie [Sat, 16 Jan 2010 13:32:14 +0000 (13:32 +0000)]
Fix type-checking/casting issue.

14 years agoconvert to Unix EOL form
Dr. Stephen Henson [Fri, 15 Jan 2010 15:26:32 +0000 (15:26 +0000)]
convert to Unix EOL form

14 years agoPR: 2125
Dr. Stephen Henson [Thu, 14 Jan 2010 17:51:52 +0000 (17:51 +0000)]
PR: 2125
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>

Fix gcc-aix compilation issue.

14 years agoFix version handling so it can cope with a major version >3.
Dr. Stephen Henson [Wed, 13 Jan 2010 19:08:29 +0000 (19:08 +0000)]
Fix version handling so it can cope with a major version >3.

Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.

14 years agoModify compression code so it avoids using ex_data free functions. This
Dr. Stephen Henson [Wed, 13 Jan 2010 18:46:01 +0000 (18:46 +0000)]
Modify compression code so it avoids using ex_data free functions. This
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.

14 years agoupdate ordinals
Dr. Stephen Henson [Tue, 12 Jan 2010 17:33:59 +0000 (17:33 +0000)]
update ordinals

14 years agoPR: 2136
Dr. Stephen Henson [Tue, 12 Jan 2010 17:27:11 +0000 (17:27 +0000)]
PR: 2136
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0

14 years agomake update
Dr. Stephen Henson [Tue, 12 Jan 2010 01:59:11 +0000 (01:59 +0000)]
make update

14 years agoSimplify RI+SCSV logic:
Dr. Stephen Henson [Thu, 7 Jan 2010 19:05:03 +0000 (19:05 +0000)]
Simplify RI+SCSV logic:

1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.

14 years agob_sock.c: bind/connect are picky about socket address length [from HEAD].
Andy Polyakov [Thu, 7 Jan 2010 13:15:39 +0000 (13:15 +0000)]
b_sock.c: bind/connect are picky about socket address length [from HEAD].

14 years agosendto is reportedly picky about destination socket address length [from HEAD].
Andy Polyakov [Thu, 7 Jan 2010 10:44:21 +0000 (10:44 +0000)]
sendto is reportedly picky about destination socket address length [from HEAD].
PR: 2114
Submitted by: Robin Seggelmann

14 years agoFix compilation on older Linux [from HEAD].
Andy Polyakov [Wed, 6 Jan 2010 21:25:22 +0000 (21:25 +0000)]
Fix compilation on older Linux [from HEAD].

14 years agoUpdates to conform with draft-ietf-tls-renegotiation-03.txt:
Dr. Stephen Henson [Wed, 6 Jan 2010 17:37:38 +0000 (17:37 +0000)]
Updates to conform with draft-ietf-tls-renegotiation-03.txt:

1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.

14 years agoENGINE_load_capi() now exists on all platforms (but no op on non-WIN32)
Dr. Stephen Henson [Wed, 6 Jan 2010 13:20:52 +0000 (13:20 +0000)]
ENGINE_load_capi() now exists on all platforms (but no op on non-WIN32)

14 years agoPR: 2102
Dr. Stephen Henson [Tue, 5 Jan 2010 17:58:15 +0000 (17:58 +0000)]
PR: 2102
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Remove duplicate definitions.

14 years agoTypo
Dr. Stephen Henson [Tue, 5 Jan 2010 17:50:01 +0000 (17:50 +0000)]
Typo

14 years agoPR: 2132
Dr. Stephen Henson [Tue, 5 Jan 2010 17:33:09 +0000 (17:33 +0000)]
PR: 2132
Submitted by: steve

Fix bundled pod2man.pl to handle alternative comment formats.

14 years agoRemove tabs on blank lines: they produce warnings in pod2man
Dr. Stephen Henson [Tue, 5 Jan 2010 17:17:20 +0000 (17:17 +0000)]
Remove tabs on blank lines: they produce warnings in pod2man

14 years agocompress_meth should be unsigned
Dr. Stephen Henson [Tue, 5 Jan 2010 16:46:39 +0000 (16:46 +0000)]
compress_meth should be unsigned

14 years agoClient side compression algorithm sanity checks: ensure old compression
Dr. Stephen Henson [Fri, 1 Jan 2010 14:39:51 +0000 (14:39 +0000)]
Client side compression algorithm sanity checks: ensure old compression
algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).

14 years agoCompression handling on session resume was badly broken: it always
Dr. Stephen Henson [Fri, 1 Jan 2010 00:44:36 +0000 (00:44 +0000)]
Compression handling on session resume was badly broken: it always
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).

14 years agob_sock.c: correct indirect calls on WinSock platforms [from HEAD].
Andy Polyakov [Wed, 30 Dec 2009 12:56:16 +0000 (12:56 +0000)]
b_sock.c: correct indirect calls on WinSock platforms [from HEAD].
PR: 2130
Submitted by: Eugeny Gostyukhin

14 years agoAdapt mingw config for newer mingw environment [from HEAD].
Andy Polyakov [Wed, 30 Dec 2009 11:57:39 +0000 (11:57 +0000)]
Adapt mingw config for newer mingw environment [from HEAD].
PR: 2113

14 years agosha512.c update for esoteric PPC platfrom(s) [from HEAD].
Andy Polyakov [Wed, 30 Dec 2009 11:53:33 +0000 (11:53 +0000)]
sha512.c update for esoteric PPC platfrom(s) [from HEAD].
PR: 1998

14 years agoDeploy multilib config-line parameter [from HEAD].
Andy Polyakov [Tue, 29 Dec 2009 10:46:46 +0000 (10:46 +0000)]
Deploy multilib config-line parameter [from HEAD].

14 years agoTypo
Dr. Stephen Henson [Sun, 27 Dec 2009 23:03:25 +0000 (23:03 +0000)]
Typo

14 years agoUpdate RI to match latest spec.
Dr. Stephen Henson [Sun, 27 Dec 2009 22:59:09 +0000 (22:59 +0000)]
Update RI to match latest spec.

MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.

14 years agoTraditional Yuletide commit ;-)
Dr. Stephen Henson [Fri, 25 Dec 2009 14:12:24 +0000 (14:12 +0000)]
Traditional Yuletide commit ;-)

Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.

14 years agoUse properly local variables for thread-safety.
Bodo Möller [Tue, 22 Dec 2009 11:52:15 +0000 (11:52 +0000)]
Use properly local variables for thread-safety.

Submitted by: Martin Rex

14 years agoConstify crypto/cast.
Bodo Möller [Tue, 22 Dec 2009 11:45:59 +0000 (11:45 +0000)]
Constify crypto/cast.

14 years agoConstify crypto/cast.
Bodo Möller [Tue, 22 Dec 2009 10:58:01 +0000 (10:58 +0000)]
Constify crypto/cast.

14 years agoAlert to use is now defined in spec: update code
Dr. Stephen Henson [Thu, 17 Dec 2009 15:42:43 +0000 (15:42 +0000)]
Alert to use is now defined in spec: update code

14 years agoPR: 2127
Dr. Stephen Henson [Thu, 17 Dec 2009 15:28:45 +0000 (15:28 +0000)]
PR: 2127
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check for lookup failures in EVP_PBE_CipherInit().

14 years agoOoops revert stuff which shouldn't have been part of previous commit.
Dr. Stephen Henson [Wed, 16 Dec 2009 20:33:11 +0000 (20:33 +0000)]
Ooops revert stuff which shouldn't have been part of previous commit.

14 years agoNew option to enable/disable connection to unpatched servers
Dr. Stephen Henson [Wed, 16 Dec 2009 20:28:30 +0000 (20:28 +0000)]
New option to enable/disable connection to unpatched servers

14 years agoAllow initial connection (but no renegoriation) to servers which don't support
Dr. Stephen Henson [Mon, 14 Dec 2009 13:55:39 +0000 (13:55 +0000)]
Allow initial connection (but no renegoriation) to servers which don't support
RI.

Reorganise RI checking code and handle some missing cases.

14 years agoMissing error code.
Ben Laurie [Sat, 12 Dec 2009 15:57:53 +0000 (15:57 +0000)]
Missing error code.

14 years agoUse gcc 4.4.
Ben Laurie [Sat, 12 Dec 2009 15:57:19 +0000 (15:57 +0000)]
Use gcc 4.4.

14 years agoMove SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL
Dr. Stephen Henson [Fri, 11 Dec 2009 00:20:58 +0000 (00:20 +0000)]
Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL

14 years agoclarify docs
Dr. Stephen Henson [Wed, 9 Dec 2009 18:17:09 +0000 (18:17 +0000)]
clarify docs

14 years agoDocument option clearning functions.
Dr. Stephen Henson [Wed, 9 Dec 2009 18:00:52 +0000 (18:00 +0000)]
Document option clearning functions.

Initial secure renegotiation documentation.

14 years agoAdd patch to crypto/evp which didn't apply from PR#2124
Dr. Stephen Henson [Wed, 9 Dec 2009 15:02:14 +0000 (15:02 +0000)]
Add patch to crypto/evp which didn't apply from PR#2124

14 years agoRevert lhash patch for PR#2124
Dr. Stephen Henson [Wed, 9 Dec 2009 15:00:20 +0000 (15:00 +0000)]
Revert lhash patch for PR#2124

14 years agoCheck s3 is not NULL
Dr. Stephen Henson [Wed, 9 Dec 2009 14:53:51 +0000 (14:53 +0000)]
Check s3 is not NULL

14 years agoPR: 2124
Dr. Stephen Henson [Wed, 9 Dec 2009 13:38:20 +0000 (13:38 +0000)]
PR: 2124
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.

14 years agoAdd ctrls to clear options and mode.
Dr. Stephen Henson [Wed, 9 Dec 2009 13:25:38 +0000 (13:25 +0000)]
Add ctrls to clear options and mode.

Change RI ctrl so it doesn't clash.

14 years agoSend no_renegotiation alert as required by spec.
Dr. Stephen Henson [Tue, 8 Dec 2009 19:06:09 +0000 (19:06 +0000)]
Send no_renegotiation alert as required by spec.

14 years agoAdd ctrl and macro so we can determine if peer support secure renegotiation.
Dr. Stephen Henson [Tue, 8 Dec 2009 13:42:32 +0000 (13:42 +0000)]
Add ctrl and macro so we can determine if peer support secure renegotiation.

14 years agoAdd support for magic cipher suite value (MCSV). Make secure renegotiation
Dr. Stephen Henson [Tue, 8 Dec 2009 13:15:12 +0000 (13:15 +0000)]
Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.

14 years agoPR: 2121
Dr. Stephen Henson [Tue, 8 Dec 2009 11:38:18 +0000 (11:38 +0000)]
PR: 2121
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.

14 years agoPR: 2111
Dr. Stephen Henson [Wed, 2 Dec 2009 15:28:05 +0000 (15:28 +0000)]
PR: 2111
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c

14 years agoReplace the broken SPKAC certification with the correct version.
Dr. Stephen Henson [Wed, 2 Dec 2009 14:41:24 +0000 (14:41 +0000)]
Replace the broken SPKAC certification with the correct version.

14 years agoCheck it actually compiles this time ;-)
Dr. Stephen Henson [Wed, 2 Dec 2009 14:25:55 +0000 (14:25 +0000)]
Check it actually compiles this time ;-)