oweals/openssl.git
16 years agox86nasm.pl update: use pre-defined macros and allow for /safeseh link.
Andy Polyakov [Tue, 15 Jul 2008 12:50:44 +0000 (12:50 +0000)]
x86nasm.pl update: use pre-defined macros and allow for /safeseh link.

16 years agoReaffirm that NASM is the only supported assembler for Win32 build.
Andy Polyakov [Tue, 15 Jul 2008 12:48:53 +0000 (12:48 +0000)]
Reaffirm that NASM is the only supported assembler for Win32 build.

16 years agoZero is a valid value for any_skip and map_skip
Dr. Stephen Henson [Sun, 13 Jul 2008 22:38:18 +0000 (22:38 +0000)]
Zero is a valid value for any_skip and map_skip

16 years agoWe support inhibit any policy extension, add to table.
Dr. Stephen Henson [Sun, 13 Jul 2008 15:55:37 +0000 (15:55 +0000)]
We support inhibit any policy extension, add to table.

16 years agoX509 verification fixes.
Dr. Stephen Henson [Sun, 13 Jul 2008 14:25:36 +0000 (14:25 +0000)]
X509 verification fixes.

Ignore self issued certificates when checking path length constraints.

Duplicate OIDs in policy tree in case they are allocated.

Use anyPolicy from certificate cache and not current tree level.

16 years agoIf --prefix="C:\foo\bar" is supplied to Configure for a windows target,
Geoff Thorpe [Thu, 10 Jul 2008 20:08:47 +0000 (20:08 +0000)]
If --prefix="C:\foo\bar" is supplied to Configure for a windows target,
then the backslashes need escaping to avoid being treated as switches in
the auto-generated strings in opensslconf.h. Perl users are welcome to
suggest a less hokey way of doing this ...

16 years agoAvoid warnings with -pedantic, specifically:
Dr. Stephen Henson [Fri, 4 Jul 2008 23:12:52 +0000 (23:12 +0000)]
Avoid warnings with -pedantic, specifically:

Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.

16 years agoRevert my earlier CRYPTO_THREADID commit, I will commit a reworked
Geoff Thorpe [Thu, 3 Jul 2008 19:59:25 +0000 (19:59 +0000)]
Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
version some time soon.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Thu, 26 Jun 2008 23:27:31 +0000 (23:27 +0000)]
Update from stable branch.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Wed, 25 Jun 2008 10:43:07 +0000 (10:43 +0000)]
Update from stable branch.

16 years agoavoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Bodo Möller [Mon, 23 Jun 2008 20:46:24 +0000 (20:46 +0000)]
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()

Submitted by: Huang Ying
Reviewed by: Douglas Stebila

16 years agoUpdate ordinals.
Dr. Stephen Henson [Sun, 22 Jun 2008 01:09:14 +0000 (01:09 +0000)]
Update ordinals.

16 years agoFix from stable branch.
Dr. Stephen Henson [Sat, 21 Jun 2008 23:28:55 +0000 (23:28 +0000)]
Fix from stable branch.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Wed, 18 Jun 2008 15:08:41 +0000 (15:08 +0000)]
Update from stable branch.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Wed, 18 Jun 2008 12:06:10 +0000 (12:06 +0000)]
Update from stable branch.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Mon, 16 Jun 2008 15:51:48 +0000 (15:51 +0000)]
Update from stable branch.

16 years agoAdd acknowledgement.
Dr. Stephen Henson [Mon, 9 Jun 2008 16:48:42 +0000 (16:48 +0000)]
Add acknowledgement.

16 years agoSync ordinals.
Dr. Stephen Henson [Fri, 6 Jun 2008 15:57:16 +0000 (15:57 +0000)]
Sync ordinals.

16 years agoFix memory leak. The canonical X509_NAME_ENTRY STACK is reallocated rather
Dr. Stephen Henson [Fri, 6 Jun 2008 11:26:07 +0000 (11:26 +0000)]
Fix memory leak. The canonical X509_NAME_ENTRY STACK is reallocated rather
than referencing existing X509_NAME_ENTRY structures so needs to be
completely freed.

16 years agoRemove uidlg library from VC-32.pl, it is now bound at runtime.
Dr. Stephen Henson [Thu, 5 Jun 2008 23:42:04 +0000 (23:42 +0000)]
Remove uidlg library from VC-32.pl, it is now bound at runtime.

16 years agoDon't change _WIN32_WINNT and detect GetConsoleWindow() and
Dr. Stephen Henson [Thu, 5 Jun 2008 23:19:56 +0000 (23:19 +0000)]
Don't change _WIN32_WINNT and detect GetConsoleWindow() and
CryptUIDlgSelectCertificateFromStore() at runtime. Add callback function
for selection mechanism.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Thu, 5 Jun 2008 17:04:16 +0000 (17:04 +0000)]
Update from stable branch.

16 years agoUpdate CHANGES.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:34:24 +0000 (15:34 +0000)]
Update CHANGES.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:13:45 +0000 (15:13 +0000)]
Update from stable branch.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:45:25 +0000 (11:45 +0000)]
Update from stable branch.

16 years agoSync ordinals with stable branch.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:10:49 +0000 (11:10 +0000)]
Sync ordinals with stable branch.

16 years agoLink in extra CryptoAPI related libraries if needed.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:51:48 +0000 (10:51 +0000)]
Link in extra CryptoAPI related libraries if needed.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Wed, 4 Jun 2008 23:03:28 +0000 (23:03 +0000)]
Update from stable branch.

16 years agoRemove test fprintf.
Dr. Stephen Henson [Wed, 4 Jun 2008 22:39:05 +0000 (22:39 +0000)]
Remove test fprintf.

16 years agoCompilation option to use a specific ssl client auth engine automatically.
Dr. Stephen Henson [Wed, 4 Jun 2008 22:34:38 +0000 (22:34 +0000)]
Compilation option to use a specific ssl client auth engine automatically.

16 years agoUse an appropriate Window for selection dialog.
Dr. Stephen Henson [Wed, 4 Jun 2008 16:45:05 +0000 (16:45 +0000)]
Use an appropriate Window for selection dialog.

16 years agoAdd support for Windoes dialog box based certificate selection.
Dr. Stephen Henson [Wed, 4 Jun 2008 16:10:09 +0000 (16:10 +0000)]
Add support for Windoes dialog box based certificate selection.

16 years agoRemove old non-safestack code.
Dr. Stephen Henson [Wed, 4 Jun 2008 14:34:39 +0000 (14:34 +0000)]
Remove old non-safestack code.

16 years agoTidy up and add comments to selection code.
Dr. Stephen Henson [Wed, 4 Jun 2008 12:03:57 +0000 (12:03 +0000)]
Tidy up and add comments to selection code.

16 years agoMake DSO WIN32 compile again.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:53:14 +0000 (11:53 +0000)]
Make DSO WIN32 compile again.

16 years agoUpdate ordinals.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:52:36 +0000 (11:52 +0000)]
Update ordinals.

16 years agoRemove store from Windows build.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:45:15 +0000 (11:45 +0000)]
Remove store from Windows build.

16 years agoMore type-checking.
Ben Laurie [Wed, 4 Jun 2008 11:01:43 +0000 (11:01 +0000)]
More type-checking.

16 years agoAvoid name clash.
Dr. Stephen Henson [Wed, 4 Jun 2008 10:57:38 +0000 (10:57 +0000)]
Avoid name clash.

16 years agoOnly include windows headers when under windows.
Ben Laurie [Wed, 4 Jun 2008 05:21:13 +0000 (05:21 +0000)]
Only include windows headers when under windows.

16 years agoAdd initial support for multiple SSL client certifcate selection in
Dr. Stephen Henson [Tue, 3 Jun 2008 23:54:31 +0000 (23:54 +0000)]
Add initial support for multiple SSL client certifcate selection in
CryptoAPI ENGINE.

16 years agoMatch empty CA list to anything for ssl client auth in CryptoAPI engine.
Dr. Stephen Henson [Tue, 3 Jun 2008 11:37:52 +0000 (11:37 +0000)]
Match empty CA list to anything for ssl client auth in CryptoAPI engine.

16 years agoAdd support for client cert engine setting in s_client app.
Dr. Stephen Henson [Tue, 3 Jun 2008 11:26:27 +0000 (11:26 +0000)]
Add support for client cert engine setting in s_client app.
Add appropriate #ifdefs round client cert functions in headers.

16 years agoAdd preliminary SSL client auth callback to CryptoAPI ENGINE.
Dr. Stephen Henson [Tue, 3 Jun 2008 10:27:39 +0000 (10:27 +0000)]
Add preliminary SSL client auth callback to CryptoAPI ENGINE.

16 years agoPrevent signed/unsigned warning on VC++
Dr. Stephen Henson [Tue, 3 Jun 2008 10:17:45 +0000 (10:17 +0000)]
Prevent signed/unsigned warning on VC++

16 years agoMemory saving patch.
Ben Laurie [Tue, 3 Jun 2008 02:48:34 +0000 (02:48 +0000)]
Memory saving patch.

16 years agoUpdate year.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:41:38 +0000 (23:41 +0000)]
Update year.

16 years agoWindows batch file to rebuild error codes for CryptoAPI ENGINE.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:10:34 +0000 (23:10 +0000)]
Windows batch file to rebuild error codes for CryptoAPI ENGINE.

16 years ago#undef OCSP_RESPONSE: CryptoAPI uses this too.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:09:04 +0000 (23:09 +0000)]
#undef OCSP_RESPONSE: CryptoAPI uses this too.

16 years agoFix indentation.
Dr. Stephen Henson [Mon, 2 Jun 2008 14:29:32 +0000 (14:29 +0000)]
Fix indentation.

16 years agoAvoid case in ca.c fix.
Dr. Stephen Henson [Mon, 2 Jun 2008 12:10:06 +0000 (12:10 +0000)]
Avoid case in ca.c fix.

16 years agoRevert, doesn't fix warning :-(
Dr. Stephen Henson [Mon, 2 Jun 2008 10:42:57 +0000 (10:42 +0000)]
Revert, doesn't fix warning :-(

16 years agoAvoid cast with wrapper function.
Dr. Stephen Henson [Mon, 2 Jun 2008 10:37:53 +0000 (10:37 +0000)]
Avoid cast with wrapper function.

16 years agoFree old store name (if any).
Dr. Stephen Henson [Sun, 1 Jun 2008 23:45:11 +0000 (23:45 +0000)]
Free old store name (if any).

16 years agoAdd ctrl for alternative certificate store names.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:42:49 +0000 (23:42 +0000)]
Add ctrl for alternative certificate store names.

16 years agoUse keyspec for DSA too.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:28:17 +0000 (23:28 +0000)]
Use keyspec for DSA too.

16 years agoGet and note keyspec when signing.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:24:53 +0000 (23:24 +0000)]
Get and note keyspec when signing.

16 years agoRelease engine reference when calling SSL_CTX_free().
Dr. Stephen Henson [Sun, 1 Jun 2008 23:06:48 +0000 (23:06 +0000)]
Release engine reference when calling SSL_CTX_free().

16 years agoAllow ENGINE client cert callback to specify a set of other certs, for
Dr. Stephen Henson [Sun, 1 Jun 2008 22:45:08 +0000 (22:45 +0000)]
Allow ENGINE client cert callback to specify a set of other certs, for
the rest of the certificate chain. Currently unused.

16 years agoUpdate error codes.
Dr. Stephen Henson [Sun, 1 Jun 2008 22:34:40 +0000 (22:34 +0000)]
Update error codes.

16 years agoAdd client cert engine to SSL routines.
Dr. Stephen Henson [Sun, 1 Jun 2008 22:33:24 +0000 (22:33 +0000)]
Add client cert engine to SSL routines.

16 years agoUpdate error codes, move typedef of SSL, SSL_CTX to ossl_typ.h
Dr. Stephen Henson [Sun, 1 Jun 2008 21:18:47 +0000 (21:18 +0000)]
Update error codes, move typedef of SSL, SSL_CTX to ossl_typ.h

16 years agoAdd support for ENGINE supplied SSL client auth.
Dr. Stephen Henson [Sun, 1 Jun 2008 21:10:30 +0000 (21:10 +0000)]
Add support for ENGINE supplied SSL client auth.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Sun, 1 Jun 2008 11:07:34 +0000 (11:07 +0000)]
Update from stable branch.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 23:48:02 +0000 (23:48 +0000)]
Update from stable branch.

16 years agoUpdate VC-32.pl and load CryptoAPI engine in the right place.
Dr. Stephen Henson [Sat, 31 May 2008 23:21:40 +0000 (23:21 +0000)]
Update VC-32.pl and load CryptoAPI engine in the right place.

16 years agoMore CryptoAPI engine code from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 22:53:16 +0000 (22:53 +0000)]
More CryptoAPI engine code from stable branch.

16 years agoAdd CryptoAPI error file too.
Dr. Stephen Henson [Sat, 31 May 2008 22:50:00 +0000 (22:50 +0000)]
Add CryptoAPI error file too.

16 years agoAdd CryptoAPI ENGINE from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 22:49:32 +0000 (22:49 +0000)]
Add CryptoAPI ENGINE from stable branch.

16 years agoRecognize LHASH_OF().
Dr. Stephen Henson [Sat, 31 May 2008 21:20:53 +0000 (21:20 +0000)]
Recognize LHASH_OF().

16 years agoStop const mismatch warning.
Dr. Stephen Henson [Sat, 31 May 2008 19:28:57 +0000 (19:28 +0000)]
Stop const mismatch warning.

16 years agoStop warning about extra ';' outside of function.
Dr. Stephen Henson [Sat, 31 May 2008 19:17:25 +0000 (19:17 +0000)]
Stop warning about extra ';' outside of function.

16 years agoStop const mismatch warning in VC++.
Dr. Stephen Henson [Sat, 31 May 2008 18:55:23 +0000 (18:55 +0000)]
Stop const mismatch warning in VC++.

16 years agoEveryone's had a few years to port their favorite additions to 0.9.7
Bodo Möller [Sat, 31 May 2008 13:42:53 +0000 (13:42 +0000)]
Everyone's had a few years to port their favorite additions to 0.9.7
to HEAD (and the 0.9.8 branch).  Remove the reminder.

16 years agoFix from stable branch.
Dr. Stephen Henson [Fri, 30 May 2008 10:57:49 +0000 (10:57 +0000)]
Fix from stable branch.

16 years agosync with 0.9.8 branch
Bodo Möller [Wed, 28 May 2008 22:30:28 +0000 (22:30 +0000)]
sync with 0.9.8 branch

16 years agoFrom HEAD:
Bodo Möller [Wed, 28 May 2008 22:17:34 +0000 (22:17 +0000)]
From HEAD:

Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com

16 years agoFrom HEAD:
Bodo Möller [Wed, 28 May 2008 22:15:48 +0000 (22:15 +0000)]
From HEAD:

Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com

16 years agogrammar
Bodo Möller [Tue, 27 May 2008 18:43:20 +0000 (18:43 +0000)]
grammar

16 years agoyear 2008
Bodo Möller [Tue, 27 May 2008 18:41:09 +0000 (18:41 +0000)]
year 2008

16 years agoAvoid "duplicate const" warnings.
Dr. Stephen Henson [Tue, 27 May 2008 11:44:03 +0000 (11:44 +0000)]
Avoid "duplicate const" warnings.

16 years agoAvoid warning about empty structures and always define CHECKED_PTR_OF
Dr. Stephen Henson [Tue, 27 May 2008 11:28:49 +0000 (11:28 +0000)]
Avoid warning about empty structures and always define CHECKED_PTR_OF

16 years agoC++ style comments fixed.
Dr. Stephen Henson [Mon, 26 May 2008 15:39:36 +0000 (15:39 +0000)]
C++ style comments fixed.

16 years agoLHASH revamp. make depend.
Ben Laurie [Mon, 26 May 2008 11:24:29 +0000 (11:24 +0000)]
LHASH revamp. make depend.

16 years agoAdd README about removed root CA certificates.
Lutz Jänicke [Mon, 26 May 2008 06:23:57 +0000 (06:23 +0000)]
Add README about removed root CA certificates.

16 years agoReword comment to be much shorter to stop other people from complaining
Lutz Jänicke [Mon, 26 May 2008 06:21:13 +0000 (06:21 +0000)]
Reword comment to be much shorter to stop other people from complaining
about "overcommenting".

16 years agoClear error queue when starting SSL_CTX_use_certificate_chain_file
Lutz Jänicke [Fri, 23 May 2008 10:37:52 +0000 (10:37 +0000)]
Clear error queue when starting SSL_CTX_use_certificate_chain_file
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>

16 years agoRemove all root CA files (beyond test CAs including private key)
Lutz Jänicke [Fri, 23 May 2008 08:59:23 +0000 (08:59 +0000)]
Remove all root CA files (beyond test CAs including private key)
from the OpenSSL distribution.

16 years agoTypo.
Dr. Stephen Henson [Tue, 20 May 2008 18:49:00 +0000 (18:49 +0000)]
Typo.

16 years agoTypo.
Dr. Stephen Henson [Tue, 20 May 2008 16:13:57 +0000 (16:13 +0000)]
Typo.

16 years agoUpdate ordinals.
Dr. Stephen Henson [Tue, 20 May 2008 12:23:38 +0000 (12:23 +0000)]
Update ordinals.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Tue, 20 May 2008 11:52:57 +0000 (11:52 +0000)]
Update from stable branch.

16 years agoFix from stable branch.
Dr. Stephen Henson [Tue, 20 May 2008 11:30:27 +0000 (11:30 +0000)]
Fix from stable branch.

16 years agoCorrectly adjust location of comment
Lutz Jänicke [Tue, 20 May 2008 08:10:48 +0000 (08:10 +0000)]
Correctly adjust location of comment

Submitted by: Ben Laurie <ben@links.org>

16 years agoFix two invalid memory reads in RSA OAEP mode.
Dr. Stephen Henson [Mon, 19 May 2008 21:33:55 +0000 (21:33 +0000)]
Fix two invalid memory reads in RSA OAEP mode.
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve

16 years agoChange use of CRYPTO_THREADID so that we always use both the ulong and
Bodo Möller [Mon, 19 May 2008 20:45:25 +0000 (20:45 +0000)]
Change use of CRYPTO_THREADID so that we always use both the ulong and
ptr members.

(So if the id_callback is bogus, we still have &errno.)

16 years agoDisable code that clearly doesn't currently serve any useful purpose.
Bodo Möller [Mon, 19 May 2008 19:44:45 +0000 (19:44 +0000)]
Disable code that clearly doesn't currently serve any useful purpose.
(Buggy line reported by Matthias Koenig.)

16 years agoDocument "openssl s_server" -crl_check* options
Lutz Jänicke [Mon, 19 May 2008 07:52:15 +0000 (07:52 +0000)]
Document "openssl s_server" -crl_check* options

Submitted by: Daniel Black <daniel.subs@internode.on.net>

16 years agoProvide information about "openssl dgst" -hmac option.
Lutz Jänicke [Mon, 19 May 2008 07:43:34 +0000 (07:43 +0000)]
Provide information about "openssl dgst" -hmac option.

16 years agoTypo. (From 0.9.8-stable/S. Henson)
Lutz Jänicke [Mon, 19 May 2008 06:21:05 +0000 (06:21 +0000)]
Typo. (From 0.9.8-stable/S. Henson)
PR: 1672