Andy Polyakov [Tue, 15 Jul 2008 12:50:44 +0000 (12:50 +0000)]
x86nasm.pl update: use pre-defined macros and allow for /safeseh link.
Andy Polyakov [Tue, 15 Jul 2008 12:48:53 +0000 (12:48 +0000)]
Reaffirm that NASM is the only supported assembler for Win32 build.
Dr. Stephen Henson [Sun, 13 Jul 2008 22:38:18 +0000 (22:38 +0000)]
Zero is a valid value for any_skip and map_skip
Dr. Stephen Henson [Sun, 13 Jul 2008 15:55:37 +0000 (15:55 +0000)]
We support inhibit any policy extension, add to table.
Dr. Stephen Henson [Sun, 13 Jul 2008 14:25:36 +0000 (14:25 +0000)]
X509 verification fixes.
Ignore self issued certificates when checking path length constraints.
Duplicate OIDs in policy tree in case they are allocated.
Use anyPolicy from certificate cache and not current tree level.
Geoff Thorpe [Thu, 10 Jul 2008 20:08:47 +0000 (20:08 +0000)]
If --prefix="C:\foo\bar" is supplied to Configure for a windows target,
then the backslashes need escaping to avoid being treated as switches in
the auto-generated strings in opensslconf.h. Perl users are welcome to
suggest a less hokey way of doing this ...
Dr. Stephen Henson [Fri, 4 Jul 2008 23:12:52 +0000 (23:12 +0000)]
Avoid warnings with -pedantic, specifically:
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
Geoff Thorpe [Thu, 3 Jul 2008 19:59:25 +0000 (19:59 +0000)]
Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
version some time soon.
Dr. Stephen Henson [Thu, 26 Jun 2008 23:27:31 +0000 (23:27 +0000)]
Update from stable branch.
Dr. Stephen Henson [Wed, 25 Jun 2008 10:43:07 +0000 (10:43 +0000)]
Update from stable branch.
Bodo Möller [Mon, 23 Jun 2008 20:46:24 +0000 (20:46 +0000)]
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
Dr. Stephen Henson [Sun, 22 Jun 2008 01:09:14 +0000 (01:09 +0000)]
Update ordinals.
Dr. Stephen Henson [Sat, 21 Jun 2008 23:28:55 +0000 (23:28 +0000)]
Fix from stable branch.
Dr. Stephen Henson [Wed, 18 Jun 2008 15:08:41 +0000 (15:08 +0000)]
Update from stable branch.
Dr. Stephen Henson [Wed, 18 Jun 2008 12:06:10 +0000 (12:06 +0000)]
Update from stable branch.
Dr. Stephen Henson [Mon, 16 Jun 2008 15:51:48 +0000 (15:51 +0000)]
Update from stable branch.
Dr. Stephen Henson [Mon, 9 Jun 2008 16:48:42 +0000 (16:48 +0000)]
Add acknowledgement.
Dr. Stephen Henson [Fri, 6 Jun 2008 15:57:16 +0000 (15:57 +0000)]
Sync ordinals.
Dr. Stephen Henson [Fri, 6 Jun 2008 11:26:07 +0000 (11:26 +0000)]
Fix memory leak. The canonical X509_NAME_ENTRY STACK is reallocated rather
than referencing existing X509_NAME_ENTRY structures so needs to be
completely freed.
Dr. Stephen Henson [Thu, 5 Jun 2008 23:42:04 +0000 (23:42 +0000)]
Remove uidlg library from VC-32.pl, it is now bound at runtime.
Dr. Stephen Henson [Thu, 5 Jun 2008 23:19:56 +0000 (23:19 +0000)]
Don't change _WIN32_WINNT and detect GetConsoleWindow() and
CryptUIDlgSelectCertificateFromStore() at runtime. Add callback function
for selection mechanism.
Dr. Stephen Henson [Thu, 5 Jun 2008 17:04:16 +0000 (17:04 +0000)]
Update from stable branch.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:34:24 +0000 (15:34 +0000)]
Update CHANGES.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:13:45 +0000 (15:13 +0000)]
Update from stable branch.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:45:25 +0000 (11:45 +0000)]
Update from stable branch.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:10:49 +0000 (11:10 +0000)]
Sync ordinals with stable branch.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:51:48 +0000 (10:51 +0000)]
Link in extra CryptoAPI related libraries if needed.
Dr. Stephen Henson [Wed, 4 Jun 2008 23:03:28 +0000 (23:03 +0000)]
Update from stable branch.
Dr. Stephen Henson [Wed, 4 Jun 2008 22:39:05 +0000 (22:39 +0000)]
Remove test fprintf.
Dr. Stephen Henson [Wed, 4 Jun 2008 22:34:38 +0000 (22:34 +0000)]
Compilation option to use a specific ssl client auth engine automatically.
Dr. Stephen Henson [Wed, 4 Jun 2008 16:45:05 +0000 (16:45 +0000)]
Use an appropriate Window for selection dialog.
Dr. Stephen Henson [Wed, 4 Jun 2008 16:10:09 +0000 (16:10 +0000)]
Add support for Windoes dialog box based certificate selection.
Dr. Stephen Henson [Wed, 4 Jun 2008 14:34:39 +0000 (14:34 +0000)]
Remove old non-safestack code.
Dr. Stephen Henson [Wed, 4 Jun 2008 12:03:57 +0000 (12:03 +0000)]
Tidy up and add comments to selection code.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:53:14 +0000 (11:53 +0000)]
Make DSO WIN32 compile again.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:52:36 +0000 (11:52 +0000)]
Update ordinals.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:45:15 +0000 (11:45 +0000)]
Remove store from Windows build.
Ben Laurie [Wed, 4 Jun 2008 11:01:43 +0000 (11:01 +0000)]
More type-checking.
Dr. Stephen Henson [Wed, 4 Jun 2008 10:57:38 +0000 (10:57 +0000)]
Avoid name clash.
Ben Laurie [Wed, 4 Jun 2008 05:21:13 +0000 (05:21 +0000)]
Only include windows headers when under windows.
Dr. Stephen Henson [Tue, 3 Jun 2008 23:54:31 +0000 (23:54 +0000)]
Add initial support for multiple SSL client certifcate selection in
CryptoAPI ENGINE.
Dr. Stephen Henson [Tue, 3 Jun 2008 11:37:52 +0000 (11:37 +0000)]
Match empty CA list to anything for ssl client auth in CryptoAPI engine.
Dr. Stephen Henson [Tue, 3 Jun 2008 11:26:27 +0000 (11:26 +0000)]
Add support for client cert engine setting in s_client app.
Add appropriate #ifdefs round client cert functions in headers.
Dr. Stephen Henson [Tue, 3 Jun 2008 10:27:39 +0000 (10:27 +0000)]
Add preliminary SSL client auth callback to CryptoAPI ENGINE.
Dr. Stephen Henson [Tue, 3 Jun 2008 10:17:45 +0000 (10:17 +0000)]
Prevent signed/unsigned warning on VC++
Ben Laurie [Tue, 3 Jun 2008 02:48:34 +0000 (02:48 +0000)]
Memory saving patch.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:41:38 +0000 (23:41 +0000)]
Update year.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:10:34 +0000 (23:10 +0000)]
Windows batch file to rebuild error codes for CryptoAPI ENGINE.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:09:04 +0000 (23:09 +0000)]
#undef OCSP_RESPONSE: CryptoAPI uses this too.
Dr. Stephen Henson [Mon, 2 Jun 2008 14:29:32 +0000 (14:29 +0000)]
Fix indentation.
Dr. Stephen Henson [Mon, 2 Jun 2008 12:10:06 +0000 (12:10 +0000)]
Avoid case in ca.c fix.
Dr. Stephen Henson [Mon, 2 Jun 2008 10:42:57 +0000 (10:42 +0000)]
Revert, doesn't fix warning :-(
Dr. Stephen Henson [Mon, 2 Jun 2008 10:37:53 +0000 (10:37 +0000)]
Avoid cast with wrapper function.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:45:11 +0000 (23:45 +0000)]
Free old store name (if any).
Dr. Stephen Henson [Sun, 1 Jun 2008 23:42:49 +0000 (23:42 +0000)]
Add ctrl for alternative certificate store names.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:28:17 +0000 (23:28 +0000)]
Use keyspec for DSA too.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:24:53 +0000 (23:24 +0000)]
Get and note keyspec when signing.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:06:48 +0000 (23:06 +0000)]
Release engine reference when calling SSL_CTX_free().
Dr. Stephen Henson [Sun, 1 Jun 2008 22:45:08 +0000 (22:45 +0000)]
Allow ENGINE client cert callback to specify a set of other certs, for
the rest of the certificate chain. Currently unused.
Dr. Stephen Henson [Sun, 1 Jun 2008 22:34:40 +0000 (22:34 +0000)]
Update error codes.
Dr. Stephen Henson [Sun, 1 Jun 2008 22:33:24 +0000 (22:33 +0000)]
Add client cert engine to SSL routines.
Dr. Stephen Henson [Sun, 1 Jun 2008 21:18:47 +0000 (21:18 +0000)]
Update error codes, move typedef of SSL, SSL_CTX to ossl_typ.h
Dr. Stephen Henson [Sun, 1 Jun 2008 21:10:30 +0000 (21:10 +0000)]
Add support for ENGINE supplied SSL client auth.
Dr. Stephen Henson [Sun, 1 Jun 2008 11:07:34 +0000 (11:07 +0000)]
Update from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 23:48:02 +0000 (23:48 +0000)]
Update from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 23:21:40 +0000 (23:21 +0000)]
Update VC-32.pl and load CryptoAPI engine in the right place.
Dr. Stephen Henson [Sat, 31 May 2008 22:53:16 +0000 (22:53 +0000)]
More CryptoAPI engine code from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 22:50:00 +0000 (22:50 +0000)]
Add CryptoAPI error file too.
Dr. Stephen Henson [Sat, 31 May 2008 22:49:32 +0000 (22:49 +0000)]
Add CryptoAPI ENGINE from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 21:20:53 +0000 (21:20 +0000)]
Recognize LHASH_OF().
Dr. Stephen Henson [Sat, 31 May 2008 19:28:57 +0000 (19:28 +0000)]
Stop const mismatch warning.
Dr. Stephen Henson [Sat, 31 May 2008 19:17:25 +0000 (19:17 +0000)]
Stop warning about extra ';' outside of function.
Dr. Stephen Henson [Sat, 31 May 2008 18:55:23 +0000 (18:55 +0000)]
Stop const mismatch warning in VC++.
Bodo Möller [Sat, 31 May 2008 13:42:53 +0000 (13:42 +0000)]
Everyone's had a few years to port their favorite additions to 0.9.7
to HEAD (and the 0.9.8 branch). Remove the reminder.
Dr. Stephen Henson [Fri, 30 May 2008 10:57:49 +0000 (10:57 +0000)]
Fix from stable branch.
Bodo Möller [Wed, 28 May 2008 22:30:28 +0000 (22:30 +0000)]
sync with 0.9.8 branch
Bodo Möller [Wed, 28 May 2008 22:17:34 +0000 (22:17 +0000)]
From HEAD:
Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)
Reviewed by: openssl-security@openssl.org
Obtained from: mark@awe.com
Bodo Möller [Wed, 28 May 2008 22:15:48 +0000 (22:15 +0000)]
From HEAD:
Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)
Reviewed by: openssl-security@openssl.org
Obtained from: jorton@redhat.com
Bodo Möller [Tue, 27 May 2008 18:43:20 +0000 (18:43 +0000)]
grammar
Bodo Möller [Tue, 27 May 2008 18:41:09 +0000 (18:41 +0000)]
year 2008
Dr. Stephen Henson [Tue, 27 May 2008 11:44:03 +0000 (11:44 +0000)]
Avoid "duplicate const" warnings.
Dr. Stephen Henson [Tue, 27 May 2008 11:28:49 +0000 (11:28 +0000)]
Avoid warning about empty structures and always define CHECKED_PTR_OF
Dr. Stephen Henson [Mon, 26 May 2008 15:39:36 +0000 (15:39 +0000)]
C++ style comments fixed.
Ben Laurie [Mon, 26 May 2008 11:24:29 +0000 (11:24 +0000)]
LHASH revamp. make depend.
Lutz Jänicke [Mon, 26 May 2008 06:23:57 +0000 (06:23 +0000)]
Add README about removed root CA certificates.
Lutz Jänicke [Mon, 26 May 2008 06:21:13 +0000 (06:21 +0000)]
Reword comment to be much shorter to stop other people from complaining
about "overcommenting".
Lutz Jänicke [Fri, 23 May 2008 10:37:52 +0000 (10:37 +0000)]
Clear error queue when starting SSL_CTX_use_certificate_chain_file
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
Lutz Jänicke [Fri, 23 May 2008 08:59:23 +0000 (08:59 +0000)]
Remove all root CA files (beyond test CAs including private key)
from the OpenSSL distribution.
Dr. Stephen Henson [Tue, 20 May 2008 18:49:00 +0000 (18:49 +0000)]
Typo.
Dr. Stephen Henson [Tue, 20 May 2008 16:13:57 +0000 (16:13 +0000)]
Typo.
Dr. Stephen Henson [Tue, 20 May 2008 12:23:38 +0000 (12:23 +0000)]
Update ordinals.
Dr. Stephen Henson [Tue, 20 May 2008 11:52:57 +0000 (11:52 +0000)]
Update from stable branch.
Dr. Stephen Henson [Tue, 20 May 2008 11:30:27 +0000 (11:30 +0000)]
Fix from stable branch.
Lutz Jänicke [Tue, 20 May 2008 08:10:48 +0000 (08:10 +0000)]
Correctly adjust location of comment
Submitted by: Ben Laurie <ben@links.org>
Dr. Stephen Henson [Mon, 19 May 2008 21:33:55 +0000 (21:33 +0000)]
Fix two invalid memory reads in RSA OAEP mode.
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
Bodo Möller [Mon, 19 May 2008 20:45:25 +0000 (20:45 +0000)]
Change use of CRYPTO_THREADID so that we always use both the ulong and
ptr members.
(So if the id_callback is bogus, we still have &errno.)
Bodo Möller [Mon, 19 May 2008 19:44:45 +0000 (19:44 +0000)]
Disable code that clearly doesn't currently serve any useful purpose.
(Buggy line reported by Matthias Koenig.)
Lutz Jänicke [Mon, 19 May 2008 07:52:15 +0000 (07:52 +0000)]
Document "openssl s_server" -crl_check* options
Submitted by: Daniel Black <daniel.subs@internode.on.net>
Lutz Jänicke [Mon, 19 May 2008 07:43:34 +0000 (07:43 +0000)]
Provide information about "openssl dgst" -hmac option.
Lutz Jänicke [Mon, 19 May 2008 06:21:05 +0000 (06:21 +0000)]
Typo. (From 0.9.8-stable/S. Henson)
PR: 1672