oweals/openssl.git
16 years agoFix SSL state transitions.
Bodo Möller [Sun, 14 Sep 2008 14:02:01 +0000 (14:02 +0000)]
Fix SSL state transitions.

Submitted by: Nagendra Modadugu

16 years agoReally get rid of unsafe double-checked locking.
Bodo Möller [Sun, 14 Sep 2008 13:51:49 +0000 (13:51 +0000)]
Really get rid of unsafe double-checked locking.

Also, "CHANGES" clean-ups.

16 years agoSome precautions to avoid potential security-relevant problems.
Bodo Möller [Sun, 14 Sep 2008 13:42:40 +0000 (13:42 +0000)]
Some precautions to avoid potential security-relevant problems.

16 years agoDTLS didn't handle alerts correctly [from HEAD].
Andy Polyakov [Sat, 13 Sep 2008 18:25:36 +0000 (18:25 +0000)]
DTLS didn't handle alerts correctly [from HEAD].
PR: 1632

16 years agofile rc4_fblk.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 11:02:19 ...
Dr. Stephen Henson [Fri, 12 Sep 2008 17:44:26 +0000 (17:44 +0000)]
file rc4_fblk.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 11:02:19 +0000

16 years agoAIX build updates [from HEAD].
Andy Polyakov [Fri, 12 Sep 2008 14:47:02 +0000 (14:47 +0000)]
AIX build updates [from HEAD].

16 years agoAllow soft-loading engines.
Ben Laurie [Fri, 12 Sep 2008 13:29:59 +0000 (13:29 +0000)]
Allow soft-loading engines.

16 years agoDon't hide commands.
Ben Laurie [Fri, 12 Sep 2008 13:26:07 +0000 (13:26 +0000)]
Don't hide commands.

16 years agoIf tickets disabled behave as if no ticket received to support
Dr. Stephen Henson [Wed, 3 Sep 2008 22:13:04 +0000 (22:13 +0000)]
If tickets disabled behave as if no ticket received to support
stateful resume.

16 years agoFix flag clash... only used internally when policy checking is
Dr. Stephen Henson [Sun, 31 Aug 2008 11:15:35 +0000 (11:15 +0000)]
Fix flag clash... only used internally when policy checking is
enabled.

16 years agoDon't use assertions to check application-provided arguments;
Bodo Möller [Thu, 14 Aug 2008 21:37:20 +0000 (21:37 +0000)]
Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.

16 years agosanity check
Bodo Möller [Wed, 13 Aug 2008 19:44:44 +0000 (19:44 +0000)]
sanity check

PR: 1679

16 years agoFix from HEAD.
Dr. Stephen Henson [Tue, 5 Aug 2008 15:56:11 +0000 (15:56 +0000)]
Fix from HEAD.

16 years agoFix from HEAD.
Dr. Stephen Henson [Sat, 2 Aug 2008 11:17:04 +0000 (11:17 +0000)]
Fix from HEAD.

16 years agoRefer to SSL_pending from the man page for SSL_read
Lutz Jänicke [Fri, 1 Aug 2008 15:03:22 +0000 (15:03 +0000)]
Refer to SSL_pending from the man page for SSL_read

16 years agoFix from HEAD.
Dr. Stephen Henson [Wed, 30 Jul 2008 15:42:19 +0000 (15:42 +0000)]
Fix from HEAD.

16 years agoWe should check the eight bytes starting at p[-9] for rollback attack
Bodo Möller [Thu, 17 Jul 2008 22:11:24 +0000 (22:11 +0000)]
We should check the eight bytes starting at p[-9] for rollback attack
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.

PR: 1695

16 years agoHarmonize darwin-i386-cc config line with HEAD.
Andy Polyakov [Thu, 17 Jul 2008 11:59:07 +0000 (11:59 +0000)]
Harmonize darwin-i386-cc config line with HEAD.

16 years agodarwin64-ppc-cc experimental line accidentally made it to stable:-(
Andy Polyakov [Thu, 17 Jul 2008 10:00:18 +0000 (10:00 +0000)]
darwin64-ppc-cc experimental line accidentally made it to stable:-(
PR: 1699

16 years agosha1-586.pl: update from HEAD.
Andy Polyakov [Thu, 17 Jul 2008 09:51:34 +0000 (09:51 +0000)]
sha1-586.pl: update from HEAD.
PR: 1681

16 years agoMake sure not to read beyond end of buffer
Bodo Möller [Wed, 16 Jul 2008 18:10:28 +0000 (18:10 +0000)]
Make sure not to read beyond end of buffer

16 years agoFix from HEAD.
Dr. Stephen Henson [Sun, 13 Jul 2008 22:38:52 +0000 (22:38 +0000)]
Fix from HEAD.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Sun, 13 Jul 2008 15:56:01 +0000 (15:56 +0000)]
Update from HEAD.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Sun, 13 Jul 2008 14:33:16 +0000 (14:33 +0000)]
Update from HEAD.

16 years agoAdd support for Local Machine Keyset attribute in PKCS#12 files.
Dr. Stephen Henson [Thu, 26 Jun 2008 23:26:52 +0000 (23:26 +0000)]
Add support for Local Machine Keyset attribute in PKCS#12 files.

16 years agoSync OIDs with HEAD so we don't need to rebuild OID database and change
Dr. Stephen Henson [Thu, 26 Jun 2008 23:20:52 +0000 (23:20 +0000)]
Sync OIDs with HEAD so we don't need to rebuild OID database and change
all NIDs every time an OID is added to 0.9.8.

16 years agoChanges to allow capi ENGINE to compile with older headers on e.g. VC6.
Dr. Stephen Henson [Wed, 25 Jun 2008 10:41:48 +0000 (10:41 +0000)]
Changes to allow capi ENGINE to compile with older headers on e.g. VC6.

16 years agoavoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Bodo Möller [Mon, 23 Jun 2008 20:46:28 +0000 (20:46 +0000)]
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()

Submitted by: Huang Ying
Reviewed by: Douglas Stebila

16 years agoUpdate ordinals.
Dr. Stephen Henson [Sun, 22 Jun 2008 01:10:04 +0000 (01:10 +0000)]
Update ordinals.

16 years agoMake WIN32 build work with no-rc4
Dr. Stephen Henson [Sat, 21 Jun 2008 23:28:02 +0000 (23:28 +0000)]
Make WIN32 build work with no-rc4

16 years agoFix typo and filter on X509_PURPOSE_SSL_CLIENT when presenting certs.
Dr. Stephen Henson [Wed, 18 Jun 2008 14:42:27 +0000 (14:42 +0000)]
Fix typo and filter on X509_PURPOSE_SSL_CLIENT when presenting certs.

16 years agoAdd support for machine stores and handle provider type errors properly in keys.
Dr. Stephen Henson [Wed, 18 Jun 2008 12:05:23 +0000 (12:05 +0000)]
Add support for machine stores and handle provider type errors properly in keys.

16 years agoMake ssl code consistent with FIPS branch. The new code has no effect
Dr. Stephen Henson [Mon, 16 Jun 2008 16:56:43 +0000 (16:56 +0000)]
Make ssl code consistent with FIPS branch. The new code has no effect
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.

16 years agoAdd error code for FIPS library and make library numbers consistent.
Dr. Stephen Henson [Mon, 16 Jun 2008 15:22:49 +0000 (15:22 +0000)]
Add error code for FIPS library and make library numbers consistent.

16 years agoSync ordinals with FIPS branch. FIPS specific functions currently are place
Dr. Stephen Henson [Sun, 15 Jun 2008 16:52:37 +0000 (16:52 +0000)]
Sync ordinals with FIPS branch. FIPS specific functions currently are place
holders to keep ordinals consistent.

16 years agoAdd acknowledgement.
Dr. Stephen Henson [Mon, 9 Jun 2008 16:50:48 +0000 (16:50 +0000)]
Add acknowledgement.

16 years agoOPENSSL_isservice() is defined on all platforms.
Ben Laurie [Sat, 7 Jun 2008 17:22:37 +0000 (17:22 +0000)]
OPENSSL_isservice() is defined on all platforms.

16 years agoUpdate from head.
Dr. Stephen Henson [Fri, 6 Jun 2008 20:48:57 +0000 (20:48 +0000)]
Update from head.

16 years agoUpdate ordinals.
Dr. Stephen Henson [Fri, 6 Jun 2008 15:54:00 +0000 (15:54 +0000)]
Update ordinals.

16 years agoUpdate CryptoAPI ENGINE from head. Export OPENSSL_isservice().
Dr. Stephen Henson [Fri, 6 Jun 2008 15:52:32 +0000 (15:52 +0000)]
Update CryptoAPI ENGINE from head. Export OPENSSL_isservice().

16 years agoMake headers work with older versions of Window platform SDK.
Dr. Stephen Henson [Thu, 5 Jun 2008 16:56:00 +0000 (16:56 +0000)]
Make headers work with older versions of Window platform SDK.

16 years agoUpdate CHANGES.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:32:05 +0000 (15:32 +0000)]
Update CHANGES.

16 years agoIf auto load ENGINE lookup fails retry adding builtin ENGINEs.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:13:03 +0000 (15:13 +0000)]
If auto load ENGINE lookup fails retry adding builtin ENGINEs.

16 years agoConfigure options of form -Dfoo=bar should get added to CFLAGS in mk1mf.pl
Dr. Stephen Henson [Thu, 5 Jun 2008 15:09:40 +0000 (15:09 +0000)]
Configure options of form -Dfoo=bar should get added to CFLAGS in mk1mf.pl

16 years agoDon't show choice dialog if only one cert.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:44:53 +0000 (11:44 +0000)]
Don't show choice dialog if only one cert.

16 years agoSearch $OPTIONS for -DOPENSSL_CAPIENG_DIALOG because $cflags is
Dr. Stephen Henson [Thu, 5 Jun 2008 11:38:03 +0000 (11:38 +0000)]
Search $OPTIONS for -DOPENSSL_CAPIENG_DIALOG because $cflags is
no complete at this point.

16 years agoinclude engine.h if needed.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:23:35 +0000 (11:23 +0000)]
include engine.h if needed.

16 years agoUpdate ordinals.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:57:21 +0000 (10:57 +0000)]
Update ordinals.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:56:51 +0000 (10:56 +0000)]
Update from HEAD.

16 years agoRemove some unneeded columns from dialog.
Dr. Stephen Henson [Wed, 4 Jun 2008 23:00:59 +0000 (23:00 +0000)]
Remove some unneeded columns from dialog.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 22:39:29 +0000 (22:39 +0000)]
Update from HEAD.

16 years agoOops... missed this part of backport.
Dr. Stephen Henson [Wed, 4 Jun 2008 20:11:17 +0000 (20:11 +0000)]
Oops... missed this part of backport.

16 years agoBackport s_client changes.
Dr. Stephen Henson [Wed, 4 Jun 2008 19:52:36 +0000 (19:52 +0000)]
Backport s_client changes.

16 years agoUpdate CryptoAPI ENGINE from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:49:44 +0000 (18:49 +0000)]
Update CryptoAPI ENGINE from HEAD.

16 years agoBackport more ENGINE SSL client auth code to 0.9.8.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:35:27 +0000 (18:35 +0000)]
Backport more ENGINE SSL client auth code to 0.9.8.

16 years agoBackport ssl client auth ENGINE support to 0.9.8.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:01:40 +0000 (18:01 +0000)]
Backport ssl client auth ENGINE support to 0.9.8.

16 years agoEveryone's had a few years to port their favorite additions to 0.9.7
Bodo Möller [Sat, 31 May 2008 13:42:52 +0000 (13:42 +0000)]
Everyone's had a few years to port their favorite additions to 0.9.7
to HEAD (and the 0.9.8 branch).  Remove the reminder.

16 years agoDSA method slightly more tested and fixed ;-)
Dr. Stephen Henson [Fri, 30 May 2008 17:44:36 +0000 (17:44 +0000)]
DSA method slightly more tested and fixed ;-)

16 years agoUpdate error codes.
Dr. Stephen Henson [Fri, 30 May 2008 17:07:18 +0000 (17:07 +0000)]
Update error codes.

16 years agoUntested initial CryptoAPI dsa signing code.
Dr. Stephen Henson [Fri, 30 May 2008 17:03:16 +0000 (17:03 +0000)]
Untested initial CryptoAPI dsa signing code.

16 years agoSome DSA method structures and placeholders, not complete yet.
Dr. Stephen Henson [Fri, 30 May 2008 16:31:51 +0000 (16:31 +0000)]
Some DSA method structures and placeholders, not complete yet.

16 years agoDelete unused functions.
Dr. Stephen Henson [Fri, 30 May 2008 16:14:34 +0000 (16:14 +0000)]
Delete unused functions.

16 years agoGet BIO_snprintf() argument order right....
Dr. Stephen Henson [Fri, 30 May 2008 15:28:40 +0000 (15:28 +0000)]
Get BIO_snprintf() argument order right....

16 years agoAdd new error codes, log unknown magic or algorithm IDs.
Dr. Stephen Henson [Fri, 30 May 2008 15:24:19 +0000 (15:24 +0000)]
Add new error codes, log unknown magic or algorithm IDs.

16 years agoInitial DSA public key loading support in CryptoAPI ENGINE.
Dr. Stephen Henson [Fri, 30 May 2008 15:05:39 +0000 (15:05 +0000)]
Initial DSA public key loading support in CryptoAPI ENGINE.

16 years agoAdd support for ENGINE loaded keys in dsa app.
Dr. Stephen Henson [Fri, 30 May 2008 15:04:58 +0000 (15:04 +0000)]
Add support for ENGINE loaded keys in dsa app.

16 years agoAdd error codes for blob sanity checks, rebuild error table.
Dr. Stephen Henson [Fri, 30 May 2008 11:58:50 +0000 (11:58 +0000)]
Add error codes for blob sanity checks, rebuild error table.

16 years agoBlob type and algorithm type sanity checks
Dr. Stephen Henson [Fri, 30 May 2008 11:54:51 +0000 (11:54 +0000)]
Blob type and algorithm type sanity checks

16 years agoDon't set extended type is mbstring flag set.
Dr. Stephen Henson [Fri, 30 May 2008 10:57:13 +0000 (10:57 +0000)]
Don't set extended type is mbstring flag set.

16 years agoUpdate default depflag.
Dr. Stephen Henson [Fri, 30 May 2008 10:31:43 +0000 (10:31 +0000)]
Update default depflag.

16 years agoLoad CryptoAPI engine if supported.
Dr. Stephen Henson [Thu, 29 May 2008 23:47:40 +0000 (23:47 +0000)]
Load CryptoAPI engine if supported.

16 years agoUpdate mkdef.pl to recognize CAPIENG
Dr. Stephen Henson [Thu, 29 May 2008 23:15:41 +0000 (23:15 +0000)]
Update mkdef.pl to recognize CAPIENG

16 years agoMake CryptoAPI engine look more like the others....
Dr. Stephen Henson [Thu, 29 May 2008 21:03:48 +0000 (21:03 +0000)]
Make CryptoAPI engine look more like the others....

16 years agoMake dynamic engine link work with capi.
Dr. Stephen Henson [Thu, 29 May 2008 17:51:22 +0000 (17:51 +0000)]
Make dynamic engine link work with capi.

16 years agoDisable CryptoAPI engine compilation by default.
Dr. Stephen Henson [Thu, 29 May 2008 17:20:42 +0000 (17:20 +0000)]
Disable CryptoAPI engine compilation by default.

16 years agoCreate error codes, compile in source.
Dr. Stephen Henson [Thu, 29 May 2008 17:13:15 +0000 (17:13 +0000)]
Create error codes, compile in source.

16 years agoCryptoAPI ENGINE... initial version, not compiled in yet.
Dr. Stephen Henson [Thu, 29 May 2008 16:46:38 +0000 (16:46 +0000)]
CryptoAPI ENGINE... initial version, not compiled in yet.

16 years agoFAQ updates from HEAD
Bodo Möller [Wed, 28 May 2008 22:30:39 +0000 (22:30 +0000)]
FAQ updates from HEAD

16 years agofix whitespace
Bodo Möller [Wed, 28 May 2008 22:22:50 +0000 (22:22 +0000)]
fix whitespace

16 years agoAfter tagging, bump ready for 0.9.8i development
Mark J. Cox [Wed, 28 May 2008 07:47:50 +0000 (07:47 +0000)]
After tagging, bump ready for 0.9.8i development

16 years agoPrepare for 0.9.8h release OpenSSL_0_9_8h
Mark J. Cox [Wed, 28 May 2008 07:37:14 +0000 (07:37 +0000)]
Prepare for 0.9.8h release

16 years agoFix flaw if 'Server Key exchange message' is omitted from a TLS
Mark J. Cox [Wed, 28 May 2008 07:29:27 +0000 (07:29 +0000)]
Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com

16 years agoFix double-free in TLS server name extensions which could lead to a remote
Mark J. Cox [Wed, 28 May 2008 07:26:33 +0000 (07:26 +0000)]
Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com

16 years agogrammar
Bodo Möller [Tue, 27 May 2008 18:43:30 +0000 (18:43 +0000)]
grammar

16 years agoyear 2008
Bodo Möller [Tue, 27 May 2008 18:41:02 +0000 (18:41 +0000)]
year 2008

16 years agoAdd README about removed root CA certificates.
Lutz Jänicke [Mon, 26 May 2008 06:23:55 +0000 (06:23 +0000)]
Add README about removed root CA certificates.

16 years agoReword comment to be much shorter to stop other people from complaining
Lutz Jänicke [Mon, 26 May 2008 06:21:10 +0000 (06:21 +0000)]
Reword comment to be much shorter to stop other people from complaining
about "overcommenting"

16 years agoClear error queue when starting SSL_CTX_use_certificate_chain_file
Lutz Jänicke [Fri, 23 May 2008 10:37:22 +0000 (10:37 +0000)]
Clear error queue when starting SSL_CTX_use_certificate_chain_file
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>

16 years agoRemove all root CA files (beyond test CAs including private key)
Lutz Jänicke [Fri, 23 May 2008 08:59:56 +0000 (08:59 +0000)]
Remove all root CA files (beyond test CAs including private key)
from the OpenSSL distribution.

16 years agoFix off by one error ;-)
Dr. Stephen Henson [Tue, 20 May 2008 18:48:22 +0000 (18:48 +0000)]
Fix off by one error ;-)

16 years agoTypo.
Dr. Stephen Henson [Tue, 20 May 2008 16:13:11 +0000 (16:13 +0000)]
Typo.

16 years agoUpdate ordinals.
Dr. Stephen Henson [Tue, 20 May 2008 12:12:22 +0000 (12:12 +0000)]
Update ordinals.

16 years agoOops... PEM_write_bio_ASN1_stream() shouldn't be in 0.9.8 CMS backport.
Dr. Stephen Henson [Tue, 20 May 2008 12:10:28 +0000 (12:10 +0000)]
Oops... PEM_write_bio_ASN1_stream() shouldn't be in 0.9.8 CMS backport.

16 years agoRemove deleted function definitions from header files
Dr. Stephen Henson [Tue, 20 May 2008 11:50:13 +0000 (11:50 +0000)]
Remove deleted function definitions from header files
so Windows build picks it up.

Recognize new option in mk1mf.pl

16 years agoRemove old DES definition of deleted function too.
Dr. Stephen Henson [Tue, 20 May 2008 11:23:49 +0000 (11:23 +0000)]
Remove old DES definition of deleted function too.

16 years agoCorrectly adjust location of comment
Lutz Jänicke [Tue, 20 May 2008 08:10:51 +0000 (08:10 +0000)]
Correctly adjust location of comment

Submitted by: Ben Laurie <ben@links.org>

16 years agoFix warning.
Ben Laurie [Tue, 20 May 2008 03:05:50 +0000 (03:05 +0000)]
Fix warning.

16 years agoFix two invalid memory reads in RSA OAEP mode.
Dr. Stephen Henson [Mon, 19 May 2008 21:26:28 +0000 (21:26 +0000)]
Fix two invalid memory reads in RSA OAEP mode.
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve

16 years agoDisable code that clearly doesn't currently serve any useful purpose.
Bodo Möller [Mon, 19 May 2008 19:44:33 +0000 (19:44 +0000)]
Disable code that clearly doesn't currently serve any useful purpose.
(Buggy line reported by Matthias Koenig.)

16 years agoDocument "openssl s_server" -crl_check* options
Lutz Jänicke [Mon, 19 May 2008 07:52:17 +0000 (07:52 +0000)]
Document "openssl s_server" -crl_check* options

Submitted by: Daniel Black <daniel.subs@internode.on.net>