oweals/openssl.git
16 years agoUpdate from HEAD.
Dr. Stephen Henson [Wed, 22 Oct 2008 19:55:25 +0000 (19:55 +0000)]
Update from HEAD.

16 years agoReturn correct exit code if there is an error in dgst command.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:51:37 +0000 (18:51 +0000)]
Return correct exit code if there is an error in dgst command.

16 years agoSync OIDS with HEAD.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:48:50 +0000 (18:48 +0000)]
Sync OIDS with HEAD.

16 years agoAllow detection of input EOF in quiet mode by adding -no_ign_eof option
Lutz Jänicke [Wed, 22 Oct 2008 06:46:13 +0000 (06:46 +0000)]
Allow detection of input EOF in quiet mode by adding -no_ign_eof option
to s_client application.
PR: #1761
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoAdd missing "-d" to option list of openssl version.
Lutz Jänicke [Mon, 20 Oct 2008 12:53:33 +0000 (12:53 +0000)]
Add missing "-d" to option list of openssl version.

Submitted by: Alex Chen <alex_chen@filemaker.com>

16 years agoArmor pq_compat.h header file against multiple inclusion
Lutz Jänicke [Mon, 20 Oct 2008 12:40:20 +0000 (12:40 +0000)]
Armor pq_compat.h header file against multiple inclusion

Submitted by: Alex Chen <alex_chen@filemaker.com>

16 years agoDistinguish public/private data more clearly.
Ben Laurie [Mon, 20 Oct 2008 09:26:04 +0000 (09:26 +0000)]
Distinguish public/private data more clearly.

16 years agoIgnore executable.
Ben Laurie [Sun, 19 Oct 2008 15:34:13 +0000 (15:34 +0000)]
Ignore executable.

16 years agoAdd J-PAKE demo.
Ben Laurie [Sun, 19 Oct 2008 15:33:32 +0000 (15:33 +0000)]
Add J-PAKE demo.

16 years agoConstification.
Ben Laurie [Sat, 18 Oct 2008 14:27:36 +0000 (14:27 +0000)]
Constification.

16 years agoSet the comparison function in v3_addr_canonize().
Ben Laurie [Tue, 14 Oct 2008 19:21:30 +0000 (19:21 +0000)]
Set the comparison function in v3_addr_canonize().

16 years agoAdd XMPP STARTTLS support.
Ben Laurie [Tue, 14 Oct 2008 19:09:47 +0000 (19:09 +0000)]
Add XMPP STARTTLS support.

16 years agoFix warnings.
Ben Laurie [Tue, 14 Oct 2008 19:05:02 +0000 (19:05 +0000)]
Fix warnings.

16 years agoFirstly, the bitmap we use for replay protection was ending up with zero
Lutz Jänicke [Mon, 13 Oct 2008 06:43:06 +0000 (06:43 +0000)]
Firstly, the bitmap we use for replay protection was ending up with zero
length, so a _single_ pair of packets getting switched around would
cause one of them to be 'dropped'.

Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoWhen the underlying BIO_write() fails to send a datagram, we leave the
Lutz Jänicke [Fri, 10 Oct 2008 10:41:32 +0000 (10:41 +0000)]
When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().

The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoFix incorrect command for assember file generation on IA64
Lutz Jänicke [Mon, 6 Oct 2008 10:35:29 +0000 (10:35 +0000)]
Fix incorrect command for assember file generation on IA64

Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>

16 years agoCheck for errors in ASN1 sign and verify routines.
Dr. Stephen Henson [Thu, 25 Sep 2008 16:38:07 +0000 (16:38 +0000)]
Check for errors in ASN1 sign and verify routines.

16 years agoFix EC_KEY_check_key [from HEAD].
Andy Polyakov [Tue, 23 Sep 2008 17:34:08 +0000 (17:34 +0000)]
Fix EC_KEY_check_key [from HEAD].

16 years agoTypo.
Dr. Stephen Henson [Tue, 23 Sep 2008 11:21:17 +0000 (11:21 +0000)]
Typo.

16 years agoMake sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
Bodo Möller [Mon, 22 Sep 2008 21:22:51 +0000 (21:22 +0000)]
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.

16 years agoFix warnings when more pedantic "debuge-steve32" target is used.
Dr. Stephen Henson [Sun, 21 Sep 2008 11:40:36 +0000 (11:40 +0000)]
Fix warnings when more pedantic "debuge-steve32" target is used.

16 years agoCamellia low level API algorithm blocking.
Dr. Stephen Henson [Sun, 21 Sep 2008 11:21:43 +0000 (11:21 +0000)]
Camellia low level API algorithm blocking.

16 years agoMake camellia work with updated EVP macros.
Dr. Stephen Henson [Sun, 21 Sep 2008 10:24:08 +0000 (10:24 +0000)]
Make camellia work with updated EVP macros.

16 years agoAdd do_fips.bat WIN32 build script. Update version in Configure.
Dr. Stephen Henson [Thu, 18 Sep 2008 12:13:54 +0000 (12:13 +0000)]
Add do_fips.bat WIN32 build script. Update version in Configure.

16 years agoBuild montgomery ASM file on WIN32.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:56:09 +0000 (11:56 +0000)]
Build montgomery ASM file on WIN32.

16 years agoMerge FIPS changes to VC-32 build system.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:45:30 +0000 (11:45 +0000)]
Merge FIPS changes to VC-32 build system.

16 years agoAdd extra utilities from FIPS branch.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:20:08 +0000 (11:20 +0000)]
Add extra utilities from FIPS branch.

16 years agoAdd FIPS changes to mk1mf.pl
Dr. Stephen Henson [Wed, 17 Sep 2008 17:21:31 +0000 (17:21 +0000)]
Add FIPS changes to mk1mf.pl

16 years agoUpdate defs.
Dr. Stephen Henson [Wed, 17 Sep 2008 17:12:53 +0000 (17:12 +0000)]
Update defs.

16 years agoMake update: delete duplicate error code.
Dr. Stephen Henson [Wed, 17 Sep 2008 17:11:09 +0000 (17:11 +0000)]
Make update: delete duplicate error code.

16 years agoUpdate some util files to recognize new FIPS directories.
Dr. Stephen Henson [Wed, 17 Sep 2008 16:58:01 +0000 (16:58 +0000)]
Update some util files to recognize new FIPS directories.

16 years agoAdd missing files.
Dr. Stephen Henson [Wed, 17 Sep 2008 16:27:50 +0000 (16:27 +0000)]
Add missing files.

16 years agoUpdates to build system from FIPS branch. Make fipscanisterbuild work and
Dr. Stephen Henson [Wed, 17 Sep 2008 15:56:42 +0000 (15:56 +0000)]
Updates to build system from FIPS branch. Make fipscanisterbuild work and
build FIPS test programs.

16 years agoAdd RSA update from FIPS branch that got omitted....
Dr. Stephen Henson [Wed, 17 Sep 2008 15:53:59 +0000 (15:53 +0000)]
Add RSA update from FIPS branch that got omitted....

16 years agoDon't change NUM_LOCKS value for non-FIPS builds.
Dr. Stephen Henson [Wed, 17 Sep 2008 15:07:41 +0000 (15:07 +0000)]
Don't change NUM_LOCKS value for non-FIPS builds.

16 years agoAdd missing files.
Dr. Stephen Henson [Tue, 16 Sep 2008 22:54:30 +0000 (22:54 +0000)]
Add missing files.

16 years agoAdd missing files.
Dr. Stephen Henson [Tue, 16 Sep 2008 22:48:18 +0000 (22:48 +0000)]
Add missing files.

16 years agoMerge changes to build system from fips branch.
Dr. Stephen Henson [Tue, 16 Sep 2008 21:44:57 +0000 (21:44 +0000)]
Merge changes to build system from fips branch.

16 years agoFIPS merge of test changes: make sure key sizes are 1024 bits.
Dr. Stephen Henson [Tue, 16 Sep 2008 15:14:55 +0000 (15:14 +0000)]
FIPS merge of test changes: make sure key sizes are 1024 bits.

16 years agoFIPS merge "crypto" functions.
Dr. Stephen Henson [Tue, 16 Sep 2008 15:11:50 +0000 (15:11 +0000)]
FIPS merge "crypto" functions.

16 years agoMerge public key FIPS code, RSA, DSA, DH.
Dr. Stephen Henson [Tue, 16 Sep 2008 14:55:26 +0000 (14:55 +0000)]
Merge public key FIPS code, RSA, DSA, DH.

16 years agoAdd missing file.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:52:33 +0000 (11:52 +0000)]
Add missing file.

16 years agoRAND library FIPS merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:50:05 +0000 (11:50 +0000)]
RAND library FIPS merge.

16 years agoconf/hmac FIPS merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:37:03 +0000 (11:37 +0000)]
conf/hmac FIPS merge.

16 years agoERR library FIPS merge. Reorganise functions and add FIPS error
Dr. Stephen Henson [Tue, 16 Sep 2008 11:26:29 +0000 (11:26 +0000)]
ERR library FIPS merge. Reorganise functions and add FIPS error
definitions.

16 years agoFIPS des library merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:17:48 +0000 (11:17 +0000)]
FIPS des library merge.

16 years agoPart FIPS bn merge: move functiosn to bn_opt.c to reduce dependencies.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:08:24 +0000 (11:08 +0000)]
Part FIPS bn merge: move functiosn to bn_opt.c to reduce dependencies.

16 years agoAdd missing RC4 algorithm block source file.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:02:19 +0000 (11:02 +0000)]
Add missing RC4 algorithm block source file.

16 years agoMerge FIPS low level algorithm blocking code. Give hard errors if non-FIPS
Dr. Stephen Henson [Tue, 16 Sep 2008 10:47:28 +0000 (10:47 +0000)]
Merge FIPS low level algorithm blocking code. Give hard errors if non-FIPS
algorithms are use in FIPS mode using low level API. No effect in non-FIPS
mode.

16 years agoMerge fips directory from FIPS branch.
Dr. Stephen Henson [Tue, 16 Sep 2008 10:12:23 +0000 (10:12 +0000)]
Merge fips directory from FIPS branch.

16 years agoOops, restore change that got reverted accidentally.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:32:23 +0000 (22:32 +0000)]
Oops, restore change that got reverted accidentally.

16 years agoMerge apps changes from FIPS branch.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:24:39 +0000 (22:24 +0000)]
Merge apps changes from FIPS branch.

16 years agoMerge EVP changes in from FIPS branch.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:21:42 +0000 (22:21 +0000)]
Merge EVP changes in from FIPS branch.

16 years agoPort X931 key generation routines from FIPS branch. Don't include deprecated
Dr. Stephen Henson [Mon, 15 Sep 2008 21:42:28 +0000 (21:42 +0000)]
Port X931 key generation routines from FIPS branch. Don't include deprecated
versions as they weren't in 0.9.8 before now anyway.

16 years agoFix intendation
Bodo Möller [Mon, 15 Sep 2008 20:39:32 +0000 (20:39 +0000)]
Fix intendation

16 years agoNow that we're changing the 0.9.8i CHANGES anyway, reorder them
Bodo Möller [Mon, 15 Sep 2008 20:34:13 +0000 (20:34 +0000)]
Now that we're changing the 0.9.8i CHANGES anyway, reorder them
according to the usual convention (reverse chronological order)

16 years agoAdd missing CHANGES entry.
Dr. Stephen Henson [Mon, 15 Sep 2008 20:28:58 +0000 (20:28 +0000)]
Add missing CHANGES entry.

16 years agoupdate
Bodo Möller [Mon, 15 Sep 2008 20:27:47 +0000 (20:27 +0000)]
update

16 years agopkcs12 FIPS changes.
Dr. Stephen Henson [Mon, 15 Sep 2008 20:16:04 +0000 (20:16 +0000)]
pkcs12 FIPS changes.

16 years agoMerge minor FIPS branch changes: buffer, objects, pem, x509.
Dr. Stephen Henson [Mon, 15 Sep 2008 19:56:12 +0000 (19:56 +0000)]
Merge minor FIPS branch changes: buffer, objects, pem, x509.

16 years agoPrepare for next version...
Dr. Stephen Henson [Mon, 15 Sep 2008 15:30:20 +0000 (15:30 +0000)]
Prepare for next version...

16 years agoOops... use correct version number this time.... OpenSSL_0_9_8i
Dr. Stephen Henson [Mon, 15 Sep 2008 14:26:34 +0000 (14:26 +0000)]
Oops... use correct version number this time....

16 years agoPrepare for next version....
Dr. Stephen Henson [Mon, 15 Sep 2008 12:19:09 +0000 (12:19 +0000)]
Prepare for next version....

16 years agoBegin release of OpenSSL 0.9.8i.
Dr. Stephen Henson [Mon, 15 Sep 2008 10:28:13 +0000 (10:28 +0000)]
Begin release of OpenSSL 0.9.8i.

16 years agoCompilation warning fix [from HEAD, "must have, as our Windows build does
Andy Polyakov [Mon, 15 Sep 2008 07:19:41 +0000 (07:19 +0000)]
Compilation warning fix [from HEAD, "must have, as our Windows build does
not tolerate warnings].

16 years agoFix yesterday typos in bss_dgram.c [from HEAD].
Andy Polyakov [Mon, 15 Sep 2008 05:45:36 +0000 (05:45 +0000)]
Fix yesterday typos in bss_dgram.c [from HEAD].

16 years agoupdate comment
Bodo Möller [Sun, 14 Sep 2008 19:50:53 +0000 (19:50 +0000)]
update comment

16 years agoWinsock handles SO_RCVTIMEO in unique manner... [from HEAD].
Andy Polyakov [Sun, 14 Sep 2008 19:23:46 +0000 (19:23 +0000)]
Winsock handles SO_RCVTIMEO in unique manner... [from HEAD].
PR: 1648

16 years agooops
Bodo Möller [Sun, 14 Sep 2008 18:16:09 +0000 (18:16 +0000)]
oops

16 years agodtls1_write_bytes consumers expect amount of bytes written per call, not
Andy Polyakov [Sun, 14 Sep 2008 17:57:03 +0000 (17:57 +0000)]
dtls1_write_bytes consumers expect amount of bytes written per call, not
overall [from HEAD].
PR: 1604

16 years agoFix error code discrepancy.
Dr. Stephen Henson [Sun, 14 Sep 2008 16:43:37 +0000 (16:43 +0000)]
Fix error code discrepancy.
Make update.

16 years agoStop warnings about value not used.
Dr. Stephen Henson [Sun, 14 Sep 2008 15:46:36 +0000 (15:46 +0000)]
Stop warnings about value not used.

16 years agoFix SSL state transitions.
Bodo Möller [Sun, 14 Sep 2008 14:02:01 +0000 (14:02 +0000)]
Fix SSL state transitions.

Submitted by: Nagendra Modadugu

16 years agoReally get rid of unsafe double-checked locking.
Bodo Möller [Sun, 14 Sep 2008 13:51:49 +0000 (13:51 +0000)]
Really get rid of unsafe double-checked locking.

Also, "CHANGES" clean-ups.

16 years agoSome precautions to avoid potential security-relevant problems.
Bodo Möller [Sun, 14 Sep 2008 13:42:40 +0000 (13:42 +0000)]
Some precautions to avoid potential security-relevant problems.

16 years agoDTLS didn't handle alerts correctly [from HEAD].
Andy Polyakov [Sat, 13 Sep 2008 18:25:36 +0000 (18:25 +0000)]
DTLS didn't handle alerts correctly [from HEAD].
PR: 1632

16 years agofile rc4_fblk.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 11:02:19 ...
Dr. Stephen Henson [Fri, 12 Sep 2008 17:44:26 +0000 (17:44 +0000)]
file rc4_fblk.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 11:02:19 +0000

16 years agoAIX build updates [from HEAD].
Andy Polyakov [Fri, 12 Sep 2008 14:47:02 +0000 (14:47 +0000)]
AIX build updates [from HEAD].

16 years agoAllow soft-loading engines.
Ben Laurie [Fri, 12 Sep 2008 13:29:59 +0000 (13:29 +0000)]
Allow soft-loading engines.

16 years agoDon't hide commands.
Ben Laurie [Fri, 12 Sep 2008 13:26:07 +0000 (13:26 +0000)]
Don't hide commands.

16 years agoIf tickets disabled behave as if no ticket received to support
Dr. Stephen Henson [Wed, 3 Sep 2008 22:13:04 +0000 (22:13 +0000)]
If tickets disabled behave as if no ticket received to support
stateful resume.

16 years agoFix flag clash... only used internally when policy checking is
Dr. Stephen Henson [Sun, 31 Aug 2008 11:15:35 +0000 (11:15 +0000)]
Fix flag clash... only used internally when policy checking is
enabled.

16 years agoDon't use assertions to check application-provided arguments;
Bodo Möller [Thu, 14 Aug 2008 21:37:20 +0000 (21:37 +0000)]
Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.

16 years agosanity check
Bodo Möller [Wed, 13 Aug 2008 19:44:44 +0000 (19:44 +0000)]
sanity check

PR: 1679

16 years agoFix from HEAD.
Dr. Stephen Henson [Tue, 5 Aug 2008 15:56:11 +0000 (15:56 +0000)]
Fix from HEAD.

16 years agoFix from HEAD.
Dr. Stephen Henson [Sat, 2 Aug 2008 11:17:04 +0000 (11:17 +0000)]
Fix from HEAD.

16 years agoRefer to SSL_pending from the man page for SSL_read
Lutz Jänicke [Fri, 1 Aug 2008 15:03:22 +0000 (15:03 +0000)]
Refer to SSL_pending from the man page for SSL_read

16 years agoFix from HEAD.
Dr. Stephen Henson [Wed, 30 Jul 2008 15:42:19 +0000 (15:42 +0000)]
Fix from HEAD.

16 years agoWe should check the eight bytes starting at p[-9] for rollback attack
Bodo Möller [Thu, 17 Jul 2008 22:11:24 +0000 (22:11 +0000)]
We should check the eight bytes starting at p[-9] for rollback attack
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.

PR: 1695

16 years agoHarmonize darwin-i386-cc config line with HEAD.
Andy Polyakov [Thu, 17 Jul 2008 11:59:07 +0000 (11:59 +0000)]
Harmonize darwin-i386-cc config line with HEAD.

16 years agodarwin64-ppc-cc experimental line accidentally made it to stable:-(
Andy Polyakov [Thu, 17 Jul 2008 10:00:18 +0000 (10:00 +0000)]
darwin64-ppc-cc experimental line accidentally made it to stable:-(
PR: 1699

16 years agosha1-586.pl: update from HEAD.
Andy Polyakov [Thu, 17 Jul 2008 09:51:34 +0000 (09:51 +0000)]
sha1-586.pl: update from HEAD.
PR: 1681

16 years agoMake sure not to read beyond end of buffer
Bodo Möller [Wed, 16 Jul 2008 18:10:28 +0000 (18:10 +0000)]
Make sure not to read beyond end of buffer

16 years agoFix from HEAD.
Dr. Stephen Henson [Sun, 13 Jul 2008 22:38:52 +0000 (22:38 +0000)]
Fix from HEAD.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Sun, 13 Jul 2008 15:56:01 +0000 (15:56 +0000)]
Update from HEAD.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Sun, 13 Jul 2008 14:33:16 +0000 (14:33 +0000)]
Update from HEAD.

16 years agoAdd support for Local Machine Keyset attribute in PKCS#12 files.
Dr. Stephen Henson [Thu, 26 Jun 2008 23:26:52 +0000 (23:26 +0000)]
Add support for Local Machine Keyset attribute in PKCS#12 files.

16 years agoSync OIDs with HEAD so we don't need to rebuild OID database and change
Dr. Stephen Henson [Thu, 26 Jun 2008 23:20:52 +0000 (23:20 +0000)]
Sync OIDs with HEAD so we don't need to rebuild OID database and change
all NIDs every time an OID is added to 0.9.8.

16 years agoChanges to allow capi ENGINE to compile with older headers on e.g. VC6.
Dr. Stephen Henson [Wed, 25 Jun 2008 10:41:48 +0000 (10:41 +0000)]
Changes to allow capi ENGINE to compile with older headers on e.g. VC6.

16 years agoavoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Bodo Möller [Mon, 23 Jun 2008 20:46:28 +0000 (20:46 +0000)]
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()

Submitted by: Huang Ying
Reviewed by: Douglas Stebila