oweals/openssl.git
15 years agoBelt and braces. Use existing code to disable renegotiation. Die if we
Ben Laurie [Thu, 5 Nov 2009 16:07:42 +0000 (16:07 +0000)]
Belt and braces. Use existing code to disable renegotiation. Die if we
see a client hello.

15 years agoUpdate version number.
Ben Laurie [Thu, 5 Nov 2009 14:09:15 +0000 (14:09 +0000)]
Update version number.

15 years agomake update
Ben Laurie [Thu, 5 Nov 2009 13:59:17 +0000 (13:59 +0000)]
make update

15 years agoDisable renegotiation.
Ben Laurie [Thu, 5 Nov 2009 13:40:29 +0000 (13:40 +0000)]
Disable renegotiation.

15 years agoThis commit was manufactured by cvs2svn to create branch OpenSSL_0_9_8k
cvs2svn [Wed, 25 Mar 2009 12:08:15 +0000 (12:08 +0000)]
This commit was manufactured by cvs2svn to create branch
'BRANCH_OpenSSL_0_9_8k'.

15 years agoAaargh.... wrong version number....
Dr. Stephen Henson [Wed, 25 Mar 2009 12:08:14 +0000 (12:08 +0000)]
Aaargh.... wrong version number....

15 years agoMake update.
Dr. Stephen Henson [Wed, 25 Mar 2009 10:59:22 +0000 (10:59 +0000)]
Make update.

15 years agoPrepare for 0.9.8k release.
Dr. Stephen Henson [Wed, 25 Mar 2009 10:46:56 +0000 (10:46 +0000)]
Prepare for 0.9.8k release.

15 years agoPR: 1868
Dr. Stephen Henson [Wed, 25 Mar 2009 10:42:34 +0000 (10:42 +0000)]
PR: 1868
Submitted by: Paolo Ganci <Paolo.Ganci@AdNovum.CH>
Approved by: steve@openssl.org

Don't set fields to NULL when freeing them up in ASN1 code. On some platforms
with sizeof(long) < sizeof(char *) this can cause a crash.

15 years agoSubmitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Dr. Stephen Henson [Wed, 25 Mar 2009 10:40:32 +0000 (10:40 +0000)]
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Approved by: steve@openssl.org

Check return code properly in CMS_SignerInfo_verify_content().

15 years agoReject BMPStrings and UniversalStrings of invalid length. This prevents
Dr. Stephen Henson [Wed, 25 Mar 2009 10:35:57 +0000 (10:35 +0000)]
Reject BMPStrings and UniversalStrings of invalid length. This prevents
a crash in ASN1_STRING_print_ex() which assumes they are valid.

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Mon, 23 Mar 2009 21:11:50 +0000 (21:11 +0000)]
Update from HEAD.

15 years agoaes-390x.pl: commentary update.
Andy Polyakov [Tue, 17 Mar 2009 20:04:11 +0000 (20:04 +0000)]
aes-390x.pl: commentary update.

15 years agoMake SPARC assembler modules *really* Purify-friendly.
Andy Polyakov [Tue, 17 Mar 2009 18:31:08 +0000 (18:31 +0000)]
Make SPARC assembler modules *really* Purify-friendly.

15 years agoSubmitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Dr. Stephen Henson [Tue, 17 Mar 2009 15:38:34 +0000 (15:38 +0000)]
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Reviewed by: steve@openssl.org

Update ccgost engine to support parameter files.

15 years agoExcuse myself from integrating sha1-sparcv9a.pl into build system, but
Andy Polyakov [Mon, 16 Mar 2009 13:48:42 +0000 (13:48 +0000)]
Excuse myself from integrating sha1-sparcv9a.pl into build system, but
make it Purify-friendly...

15 years agodes_enc.m4, SPARC DES assembler, update from HEAD: make it Purify-friendly.
Andy Polyakov [Mon, 16 Mar 2009 13:43:43 +0000 (13:43 +0000)]
des_enc.m4, SPARC DES assembler, update from HEAD: make it Purify-friendly.
As side effect it introduces duplicate of 2KB DES_SPtrans table.

15 years agoMake SPARC assembler Pirify-friendly (Purify can't cope with certain
Andy Polyakov [Mon, 16 Mar 2009 13:32:38 +0000 (13:32 +0000)]
Make SPARC assembler Pirify-friendly (Purify can't cope with certain
PIC constructs).

15 years agoUse OPENSSL_assert() instead of assert.
Dr. Stephen Henson [Sun, 15 Mar 2009 14:04:42 +0000 (14:04 +0000)]
Use OPENSSL_assert() instead of assert.

15 years agoUse correct ctx name.
Dr. Stephen Henson [Sun, 15 Mar 2009 14:03:47 +0000 (14:03 +0000)]
Use correct ctx name.

15 years agoOops.
Dr. Stephen Henson [Sun, 15 Mar 2009 14:03:29 +0000 (14:03 +0000)]
Oops.

15 years agoFix from stable branch.
Dr. Stephen Henson [Sun, 15 Mar 2009 13:37:34 +0000 (13:37 +0000)]
Fix from stable branch.

15 years agoDon't force S/MIME signing purpose: allow it to be overridden by store
Dr. Stephen Henson [Sun, 15 Mar 2009 13:36:01 +0000 (13:36 +0000)]
Don't force S/MIME signing purpose: allow it to be overridden by store
settings.

Don't set default values in X509_VERIFY_PARAM_new(): it stops parameters
being inherited properly.

15 years agoUpdate from stable branch.
Dr. Stephen Henson [Sat, 14 Mar 2009 18:33:49 +0000 (18:33 +0000)]
Update from stable branch.

15 years agoPermit nested ASN1 string encoding but with a maximum depth to avoid
Dr. Stephen Henson [Sat, 14 Mar 2009 18:33:25 +0000 (18:33 +0000)]
Permit nested ASN1 string encoding but with a maximum depth to avoid
stack overflow.

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Sat, 14 Mar 2009 12:40:46 +0000 (12:40 +0000)]
Update from HEAD.

15 years agoPR: 1864
Dr. Stephen Henson [Sat, 14 Mar 2009 12:39:05 +0000 (12:39 +0000)]
PR: 1864
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Reviewed by: steve@openssl.org

Check return value.

15 years agoUpdate from stable branch.
Dr. Stephen Henson [Sat, 14 Mar 2009 12:26:48 +0000 (12:26 +0000)]
Update from stable branch.

15 years agoPR: 1863
Dr. Stephen Henson [Sat, 14 Mar 2009 12:26:03 +0000 (12:26 +0000)]
PR: 1863
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Reviewed by: steve@openssl.org

Check return value, use OPENSSL_assert and unsigned int.

15 years agoPR: 1846
Dr. Stephen Henson [Sat, 14 Mar 2009 12:07:42 +0000 (12:07 +0000)]
PR: 1846
Submitted by: Andrea Schoenberg <asg@ftpproxy.org>
Reviewed by: steve@openssl.org

Fix for HP Nonstop(Tandem) systems.

15 years agoFix from HEAD.
Dr. Stephen Henson [Thu, 12 Mar 2009 17:31:18 +0000 (17:31 +0000)]
Fix from HEAD.

15 years agoSubmitted by: Victor Duchovni <Victor.Duchovni@morganstanley.com>
Dr. Stephen Henson [Thu, 12 Mar 2009 17:30:29 +0000 (17:30 +0000)]
Submitted by: Victor Duchovni <Victor.Duchovni@morganstanley.com>
Reviewed by: steve@openssl.org

Check return value of sk_SSL_COMP_find() properly.

15 years agoUpdate from head.
Dr. Stephen Henson [Thu, 12 Mar 2009 17:13:44 +0000 (17:13 +0000)]
Update from head.

15 years agoPR: 1862
Dr. Stephen Henson [Thu, 12 Mar 2009 17:13:15 +0000 (17:13 +0000)]
PR: 1862

Typo.

15 years agoUpdate from stable branch.
Dr. Stephen Henson [Thu, 12 Mar 2009 17:10:26 +0000 (17:10 +0000)]
Update from stable branch.

15 years agoPR: 1861
Dr. Stephen Henson [Thu, 12 Mar 2009 17:09:46 +0000 (17:09 +0000)]
PR: 1861

l must be > 0 or array will be accessed out of bounds.

15 years agoPR: 1854
Dr. Stephen Henson [Mon, 9 Mar 2009 13:59:07 +0000 (13:59 +0000)]
PR: 1854
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org

Support GeneralizedTime in ca utility.

15 years agoUpdate from stable branch.
Dr. Stephen Henson [Mon, 9 Mar 2009 13:08:04 +0000 (13:08 +0000)]
Update from stable branch.

15 years agoPR: 1856
Dr. Stephen Henson [Mon, 9 Mar 2009 13:07:16 +0000 (13:07 +0000)]
PR: 1856

Check return value of PKCS12_add_safes()

15 years agoUpdate from stable branch.
Dr. Stephen Henson [Mon, 9 Mar 2009 12:30:10 +0000 (12:30 +0000)]
Update from stable branch.

15 years agoUpdate from stable branch.
Dr. Stephen Henson [Mon, 9 Mar 2009 12:21:19 +0000 (12:21 +0000)]
Update from stable branch.

15 years agoPR: 1859
Dr. Stephen Henson [Mon, 9 Mar 2009 12:17:56 +0000 (12:17 +0000)]
PR: 1859
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Don't affect echo on/off state for calling scripts.

15 years agoPR: 1860
Dr. Stephen Henson [Mon, 9 Mar 2009 12:14:08 +0000 (12:14 +0000)]
PR: 1860
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openss.org

Make Windows build more silent.

15 years agoPR: 1858
Dr. Stephen Henson [Mon, 9 Mar 2009 12:09:03 +0000 (12:09 +0000)]
PR: 1858
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Make OPENSSL_NO_SOCK work.

15 years agoPR: 1857
Dr. Stephen Henson [Mon, 9 Mar 2009 12:06:23 +0000 (12:06 +0000)]
PR: 1857
Submitted by: Jurko GospodnetiÄ\87 <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Make OPENSSL_NO_FP_API work again.

15 years agoPR: 1841
Dr. Stephen Henson [Sun, 8 Mar 2009 23:05:34 +0000 (23:05 +0000)]
PR: 1841
Submitted by: Martin Kaiser <lists@kaiser.cx>
Reviewed by: steve@openssl.org

Remove unused code.

15 years agoTypo.
Dr. Stephen Henson [Sun, 8 Mar 2009 12:01:20 +0000 (12:01 +0000)]
Typo.

15 years agoPrint IPv6 all 0s correctly (Rob Austein).
Ben Laurie [Sun, 8 Mar 2009 10:54:45 +0000 (10:54 +0000)]
Print IPv6 all 0s correctly (Rob Austein).

15 years agoFix display of all 0 IPv6 address (from Rob Austein).
Ben Laurie [Sun, 8 Mar 2009 10:48:03 +0000 (10:48 +0000)]
Fix display of all 0 IPv6 address (from Rob Austein).

15 years agoUpdate from stable branch.
Dr. Stephen Henson [Sat, 7 Mar 2009 17:00:23 +0000 (17:00 +0000)]
Update from stable branch.

15 years agoSubmitted by: Jeremy Shapiro <jnshapir@us.ibm.com>
Dr. Stephen Henson [Sat, 7 Mar 2009 16:58:43 +0000 (16:58 +0000)]
Submitted by: Jeremy Shapiro <jnshapir@us.ibm.com>
Reviewed by: steve@openssl.org

Improve efficientcy of mem_gets().

15 years agoOoops @ should be for the if command not set.
Dr. Stephen Henson [Tue, 3 Mar 2009 22:40:29 +0000 (22:40 +0000)]
Ooops @ should be for the if command not set.

15 years agoDon't ask for -iv for ciphers that need no IV.
Ben Laurie [Tue, 3 Mar 2009 15:14:33 +0000 (15:14 +0000)]
Don't ask for -iv for ciphers that need no IV.

15 years agoUse the right length (reported by Quanhong Wang).
Ben Laurie [Tue, 3 Mar 2009 15:12:56 +0000 (15:12 +0000)]
Use the right length (reported by Quanhong Wang).

15 years agoOnly require -iv for ciphers that use an IV!
Ben Laurie [Tue, 3 Mar 2009 15:07:35 +0000 (15:07 +0000)]
Only require -iv for ciphers that use an IV!

15 years agoUse the correct length (reported by Quanhong Wang).
Ben Laurie [Tue, 3 Mar 2009 15:06:49 +0000 (15:06 +0000)]
Use the correct length (reported by Quanhong Wang).

15 years agoDo a "make links" in fips directory even if not compiling for fips.
Dr. Stephen Henson [Wed, 25 Feb 2009 23:29:20 +0000 (23:29 +0000)]
Do a "make links" in fips directory even if not compiling for fips.

15 years agoSubmitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Dr. Stephen Henson [Wed, 25 Feb 2009 11:55:15 +0000 (11:55 +0000)]
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Approved by: steve

Recognise "enable-zlib" in mkdef.pl to handle "zlib" option when passed
to Configure.

15 years agoFix memory leak.
Ben Laurie [Mon, 23 Feb 2009 16:40:59 +0000 (16:40 +0000)]
Fix memory leak.

15 years agoFix memory leak.
Ben Laurie [Mon, 23 Feb 2009 16:02:47 +0000 (16:02 +0000)]
Fix memory leak.

15 years agoMake STORE an experimental feature.
Richard Levitte [Thu, 19 Feb 2009 09:43:18 +0000 (09:43 +0000)]
Make STORE an experimental feature.

15 years agoMake it possible to disable STORE.
Richard Levitte [Thu, 19 Feb 2009 09:42:51 +0000 (09:42 +0000)]
Make it possible to disable STORE.

15 years agoReference bug.
Richard Levitte [Thu, 19 Feb 2009 09:42:32 +0000 (09:42 +0000)]
Reference bug.

15 years agoDo not link nonexistent file.
Ben Laurie [Wed, 18 Feb 2009 10:43:10 +0000 (10:43 +0000)]
Do not link nonexistent file.

15 years agoFix FIPS typo.
Ben Laurie [Wed, 18 Feb 2009 10:27:23 +0000 (10:27 +0000)]
Fix FIPS typo.

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Mon, 16 Feb 2009 23:24:06 +0000 (23:24 +0000)]
Update from HEAD.

15 years agoPR: 1778
Dr. Stephen Henson [Mon, 16 Feb 2009 23:23:21 +0000 (23:23 +0000)]
PR: 1778

Increase default verify depth to 100.

15 years agoSubmitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Dr. Stephen Henson [Mon, 16 Feb 2009 21:52:01 +0000 (21:52 +0000)]
Submitted by:  "Victor B. Wagner" <vitus@cryptocom.ru>
Reviewed by: steve@openssl.org

Change default Gost parameter set to id_Gost28147_89_CryptoPro_A_ParamSet

15 years agoPR: 1843
Dr. Stephen Henson [Mon, 16 Feb 2009 21:42:48 +0000 (21:42 +0000)]
PR: 1843
Use correct array size for SHA1 hash.

15 years agoData not initialised.
Richard Levitte [Mon, 16 Feb 2009 15:17:26 +0000 (15:17 +0000)]
Data not initialised.
Notified by Gerardo Ganis <gerardo.ganis@cern.ch>

15 years agoData not initialised.
Richard Levitte [Mon, 16 Feb 2009 15:17:24 +0000 (15:17 +0000)]
Data not initialised.
Notified by Gerardo Ganis <gerardo.ganis@cern.ch>

15 years agoUse shared dev team flags, fix resulting warning.
Ben Laurie [Mon, 16 Feb 2009 08:44:23 +0000 (08:44 +0000)]
Use shared dev team flags, fix resulting warning.

15 years agoDon't eat the whole word for -d. This allows -debug to be passed to
Ben Laurie [Mon, 16 Feb 2009 08:43:41 +0000 (08:43 +0000)]
Don't eat the whole word for -d. This allows -debug to be passed to
the compiler.

15 years agoInclude common warning options in 0.9.8, fix warnings in debug-steve64.
Dr. Stephen Henson [Sun, 15 Feb 2009 15:46:46 +0000 (15:46 +0000)]
Include common warning options in 0.9.8, fix warnings in debug-steve64.

15 years agoStop warning about use of *printf() without a format.
Dr. Stephen Henson [Sun, 15 Feb 2009 15:29:59 +0000 (15:29 +0000)]
Stop warning about use of *printf() without a format.

15 years agoMake no-engine work again.
Dr. Stephen Henson [Sun, 15 Feb 2009 15:28:18 +0000 (15:28 +0000)]
Make no-engine work again.

15 years agoUse new common flags and fix resulting warnings.
Ben Laurie [Sun, 15 Feb 2009 14:08:51 +0000 (14:08 +0000)]
Use new common flags and fix resulting warnings.

15 years agoPR: 1422
Dr. Stephen Henson [Sun, 15 Feb 2009 12:10:39 +0000 (12:10 +0000)]
PR: 1422

Fix return value of X509_NAME_cmp() so it works with qsort/bsearch again.

15 years agoSkip engines directory if no-engine
Dr. Stephen Henson [Sat, 14 Feb 2009 23:08:31 +0000 (23:08 +0000)]
Skip engines directory if no-engine

15 years agoPR: 1840
Dr. Stephen Henson [Sat, 14 Feb 2009 22:19:31 +0000 (22:19 +0000)]
PR: 1840
Submitted by: Martin Kaiser <lists@kaiser.cx>
Approved by: steve@openssl.org

Handle NULL passing in parameter and BN_CTX_new() error correctly.

15 years agoPR: 1835
Dr. Stephen Henson [Sat, 14 Feb 2009 21:50:14 +0000 (21:50 +0000)]
PR: 1835
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.

15 years agoPR: 1835
Dr. Stephen Henson [Sat, 14 Feb 2009 21:49:38 +0000 (21:49 +0000)]
PR: 1835
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.

15 years agoInstall the fipsld link script.
Dr. Stephen Henson [Fri, 13 Feb 2009 18:37:31 +0000 (18:37 +0000)]
Install the fipsld link script.

15 years agoReturn correct exit code.
Dr. Stephen Henson [Thu, 12 Feb 2009 18:06:11 +0000 (18:06 +0000)]
Return correct exit code.

15 years agoAvoid leaks in pkcs8 app, tidy code up.
Dr. Stephen Henson [Thu, 12 Feb 2009 18:02:47 +0000 (18:02 +0000)]
Avoid leaks in pkcs8 app, tidy code up.

15 years agorc4-s390x.pl: allow for older assembler and optimize character loop.
Andy Polyakov [Thu, 12 Feb 2009 14:48:49 +0000 (14:48 +0000)]
rc4-s390x.pl: allow for older assembler and optimize character loop.

15 years agoRC4 for s390x.
Andy Polyakov [Wed, 11 Feb 2009 10:01:36 +0000 (10:01 +0000)]
RC4 for s390x.

15 years agoAdd error checking to obj_xref.pl and add command line support for data
Dr. Stephen Henson [Tue, 10 Feb 2009 13:03:31 +0000 (13:03 +0000)]
Add error checking to obj_xref.pl and add command line support for data
file locations.

15 years agoSubmitted by: Peter Sylvester <Peter.Sylvester@edelweb.fr>
Dr. Stephen Henson [Tue, 10 Feb 2009 12:13:08 +0000 (12:13 +0000)]
Submitted by: Peter Sylvester <Peter.Sylvester@edelweb.fr>
Reviewed by: steve

If tagging is universal and SET or SEQUENCE set constructed bit.

15 years agos390x-mont.pl: optimize prologue.
Andy Polyakov [Tue, 10 Feb 2009 08:46:48 +0000 (08:46 +0000)]
s390x-mont.pl: optimize prologue.

15 years agolinux-s390x failed link after assembler pack update.
Andy Polyakov [Tue, 10 Feb 2009 07:43:48 +0000 (07:43 +0000)]
linux-s390x failed link after assembler pack update.

15 years agosha1-sparcv9a.pl: fix bug in commentary section.
Andy Polyakov [Mon, 9 Feb 2009 16:03:33 +0000 (16:03 +0000)]
sha1-sparcv9a.pl: fix bug in commentary section.

15 years agos390x assembler pack update.
Andy Polyakov [Mon, 9 Feb 2009 15:42:04 +0000 (15:42 +0000)]
s390x assembler pack update.

15 years agoReserve for "multilib" suffix, the one allowing to perform multi-ABI
Andy Polyakov [Mon, 9 Feb 2009 15:11:22 +0000 (15:11 +0000)]
Reserve for "multilib" suffix, the one allowing to perform multi-ABI
installations. It's not enabled in Makefiles yet.

15 years agoJust to be awkward Ubuntu 8.10 doesn't like _XOPEN_SOURCE_EXTENDED...
Dr. Stephen Henson [Fri, 6 Feb 2009 16:43:52 +0000 (16:43 +0000)]
Just to be awkward Ubuntu 8.10 doesn't like _XOPEN_SOURCE_EXTENDED...

15 years agooops
Bodo Möller [Mon, 2 Feb 2009 00:51:49 +0000 (00:51 +0000)]
oops

15 years agoFor -hex, print just one \n
Bodo Möller [Mon, 2 Feb 2009 00:40:59 +0000 (00:40 +0000)]
For -hex, print just one \n

15 years agoFor -hex, print just one \n
Bodo Möller [Mon, 2 Feb 2009 00:40:29 +0000 (00:40 +0000)]
For -hex, print just one \n

15 years agoUpdated symbol for VMS
Richard Levitte [Mon, 2 Feb 2009 00:27:57 +0000 (00:27 +0000)]
Updated symbol for VMS

15 years ago-hex option for openssl rand
Bodo Möller [Mon, 2 Feb 2009 00:27:56 +0000 (00:27 +0000)]
-hex option for openssl rand

PR: 1831
Submitted by: Damien Miller