oweals/openssl.git
14 years agono need for empty fragments with TLS 1.1 and later due to explicit IV
Dr. Stephen Henson [Sun, 27 Jun 2010 14:42:43 +0000 (14:42 +0000)]
no need for empty fragments with TLS 1.1 and later due to explicit IV

14 years agoBackport TLS v1.1 support from HEAD, ssl/ changes
Dr. Stephen Henson [Sun, 27 Jun 2010 14:22:11 +0000 (14:22 +0000)]
Backport TLS v1.1 support from HEAD, ssl/ changes

14 years agoBackport TLS v1.1 support from HEAD
Dr. Stephen Henson [Sun, 27 Jun 2010 14:15:02 +0000 (14:15 +0000)]
Backport TLS v1.1 support from HEAD

14 years agoupdate versions for 1.0.1
Dr. Stephen Henson [Wed, 16 Jun 2010 13:48:00 +0000 (13:48 +0000)]
update versions for 1.0.1

14 years agoThis commit was manufactured by cvs2svn to create branch
cvs2svn [Wed, 16 Jun 2010 13:37:23 +0000 (13:37 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_1_0_1-stable'.

14 years agoupdate README, fix opensslv.h
Dr. Stephen Henson [Wed, 16 Jun 2010 13:37:22 +0000 (13:37 +0000)]
update README, fix opensslv.h

14 years agoupdate for next version
Dr. Stephen Henson [Wed, 16 Jun 2010 13:34:33 +0000 (13:34 +0000)]
update for next version

14 years agoclarify comment
Dr. Stephen Henson [Wed, 16 Jun 2010 13:17:22 +0000 (13:17 +0000)]
clarify comment

14 years agoFix warnings (From HEAD, original patch by Ben).
Dr. Stephen Henson [Tue, 15 Jun 2010 17:25:15 +0000 (17:25 +0000)]
Fix warnings (From HEAD, original patch by Ben).

14 years agoVC-32.pl: fix /Fd name generation [from HEAD].
Andy Polyakov [Wed, 9 Jun 2010 15:49:09 +0000 (15:49 +0000)]
VC-32.pl: fix /Fd name generation [from HEAD].
PR: 2284

14 years agoprepare for release OpenSSL_1_0_0a
Dr. Stephen Henson [Tue, 1 Jun 2010 13:31:38 +0000 (13:31 +0000)]
prepare for release

14 years agoFix CVE-2010-1633 and CVE-2010-0742.
Dr. Stephen Henson [Tue, 1 Jun 2010 13:17:06 +0000 (13:17 +0000)]
Fix CVE-2010-1633 and CVE-2010-0742.

14 years agoVC-32.pl: unconditionally generate symbols.pdb [from HEAD].
Andy Polyakov [Tue, 1 Jun 2010 06:03:20 +0000 (06:03 +0000)]
VC-32.pl: unconditionally generate symbols.pdb [from HEAD].

14 years agox86_64-xlate.pl: updates from HEAD.
Andy Polyakov [Tue, 1 Jun 2010 05:57:26 +0000 (05:57 +0000)]
x86_64-xlate.pl: updates from HEAD.

14 years agoConfigure: update mingw config-lines [from HEAD].
Andy Polyakov [Tue, 1 Jun 2010 05:53:35 +0000 (05:53 +0000)]
Configure: update mingw config-lines [from HEAD].

14 years agofix PR#2261 in a different way
Dr. Stephen Henson [Mon, 31 May 2010 13:18:08 +0000 (13:18 +0000)]
fix PR#2261 in a different way

14 years agoPR: 2278
Dr. Stephen Henson [Sat, 29 May 2010 12:49:48 +0000 (12:49 +0000)]
PR: 2278
Submitted By: Mattias Ellert <mattias.ellert@fysast.uu.se>

Fix type checking macro SKM_ASN1_SET_OF_i2d

14 years agoupdate NEWS
Dr. Stephen Henson [Thu, 27 May 2010 15:05:01 +0000 (15:05 +0000)]
update NEWS

14 years agoPR: 2262
Dr. Stephen Henson [Thu, 27 May 2010 14:09:13 +0000 (14:09 +0000)]
PR: 2262
Submitted By: Victor Wagner <vitus@cryptocom.ru>

Fix error reporting in load_key function.

14 years agoPR: 2261
Dr. Stephen Henson [Thu, 27 May 2010 13:07:45 +0000 (13:07 +0000)]
PR: 2261
Submitted By: De Rudder, Stephen L." <s_derudder@tditx.com>

Workaround for newer Windows headers which define EADDRINUSE but not to the
same value as WSAEADDRINUSE.

14 years agoPR: 2258
Dr. Stephen Henson [Thu, 27 May 2010 12:41:20 +0000 (12:41 +0000)]
PR: 2258
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Base64 BIO fixes:

Use OPENSSL_assert() instead of assert().
Use memmove() as buffers overlap.
Fix write retry logic.

14 years agoPR: 2266
Dr. Stephen Henson [Wed, 26 May 2010 23:23:44 +0000 (23:23 +0000)]
PR: 2266
Submitted By: Jonathan Gray <jsg@goblin.cx>

Correct ioctl definitions.

14 years agoAvoid use of ex_data free function in Chil ENGINE so it can be safely
Dr. Stephen Henson [Wed, 26 May 2010 16:17:06 +0000 (16:17 +0000)]
Avoid use of ex_data free function in Chil ENGINE so it can be safely
reloaded.

14 years agoPR: 2254
Dr. Stephen Henson [Sat, 22 May 2010 00:40:58 +0000 (00:40 +0000)]
PR: 2254
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Check for <= 0 i2d return value.

14 years agoPR: 2251
Dr. Stephen Henson [Sat, 22 May 2010 00:31:02 +0000 (00:31 +0000)]
PR: 2251
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Memleak, BIO chain leak and realloc checks in v3_pci.c

14 years agooops, typo
Dr. Stephen Henson [Thu, 20 May 2010 17:35:37 +0000 (17:35 +0000)]
oops, typo

14 years agoUpdate cms-test.pl to handle some Unix like Windows environments where
Dr. Stephen Henson [Thu, 20 May 2010 17:28:51 +0000 (17:28 +0000)]
Update cms-test.pl to handle some Unix like Windows environments where
calling shlib_wrap.sh doesn't work.

14 years agoPR: 2259
Dr. Stephen Henson [Mon, 17 May 2010 11:26:56 +0000 (11:26 +0000)]
PR: 2259
Submitted By: Artem Chuprina <ran@cryptocom.ru>

Check return values of HMAC in tls_P_hash and tls1_generate_key_block.

Although the previous version could in theory crash that would only happen if a
digest call failed. The standard software methods can never fail and only one
ENGINE currently uses digests and it is not compiled in by default.

14 years agoPR: 2253
Dr. Stephen Henson [Sat, 15 May 2010 00:36:12 +0000 (00:36 +0000)]
PR: 2253
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Check callback return value when outputting errors.

14 years agoPR: 2255
Dr. Stephen Henson [Sat, 15 May 2010 00:19:57 +0000 (00:19 +0000)]
PR: 2255
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Place RSA dependent variable under #ifndef OPENSSL_NO_RSA

14 years agoPR: 2252
Dr. Stephen Henson [Mon, 3 May 2010 15:29:51 +0000 (15:29 +0000)]
PR: 2252
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Update docs to BIO_f_buffer()

14 years agoPR: 2230
Dr. Stephen Henson [Mon, 3 May 2010 13:01:50 +0000 (13:01 +0000)]
PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix bug in bitmask macros and stop warnings.

14 years agoPR: 2244
Dr. Stephen Henson [Mon, 3 May 2010 12:50:52 +0000 (12:50 +0000)]
PR: 2244
Submitted By: "PMHager" <hager@dortmund.net>

Initialise pkey callback to 0.

14 years agobss_file.c: reserve for option to encode file name in UTF-8 on Windows
Andy Polyakov [Wed, 28 Apr 2010 20:04:37 +0000 (20:04 +0000)]
bss_file.c: reserve for option to encode file name in UTF-8 on Windows
[from HEAD].

14 years agomd5-ia64.S: fix assembler warning [from HEAD].
Andy Polyakov [Tue, 20 Apr 2010 20:41:23 +0000 (20:41 +0000)]
md5-ia64.S: fix assembler warning [from HEAD].

14 years agoPR: 2241
Dr. Stephen Henson [Tue, 20 Apr 2010 12:53:05 +0000 (12:53 +0000)]
PR: 2241
Submitted By: Artemy Lebedev <vagran.ast@gmail.com>

Typo.

14 years agooops, commit Configure part of PR#2234
Dr. Stephen Henson [Thu, 15 Apr 2010 13:17:05 +0000 (13:17 +0000)]
oops, commit Configure part of PR#2234

14 years agoPR: 2234
Dr. Stephen Henson [Wed, 14 Apr 2010 23:07:28 +0000 (23:07 +0000)]
PR: 2234
Submitted By: Matthias Andree <matthias.andree@gmx.de>

Use correct path to openssl utility in c_rehash script.

14 years agoPR: 2235
Dr. Stephen Henson [Wed, 14 Apr 2010 23:04:19 +0000 (23:04 +0000)]
PR: 2235
Submitted By: Bruce Stephens <bruce.stephens@isode.com>

Make ts/Makefile consistent with other Makefiles.

14 years agox86_64cpuid.pl: ml64 is allergic to db on label line [from HEAD].
Andy Polyakov [Wed, 14 Apr 2010 19:25:09 +0000 (19:25 +0000)]
x86_64cpuid.pl: ml64 is allergic to db on label line [from HEAD].

14 years agoupdate FAQ
Dr. Stephen Henson [Wed, 14 Apr 2010 13:20:53 +0000 (13:20 +0000)]
update FAQ

14 years ago[co]cf128.c: fix "n=0" bug [from HEAD].
Andy Polyakov [Wed, 14 Apr 2010 07:47:53 +0000 (07:47 +0000)]
[co]cf128.c: fix "n=0" bug [from HEAD].

14 years agofix signed/unsigned comparison warnings
Dr. Stephen Henson [Wed, 14 Apr 2010 00:41:01 +0000 (00:41 +0000)]
fix signed/unsigned comparison warnings

14 years agofix bug in ccgost CFB mode code
Dr. Stephen Henson [Wed, 14 Apr 2010 00:33:22 +0000 (00:33 +0000)]
fix bug in ccgost CFB mode code

14 years agocheck ASN1 type before using it
Dr. Stephen Henson [Wed, 14 Apr 2010 00:30:12 +0000 (00:30 +0000)]
check ASN1 type before using it

14 years agoPR: 2230
Dr. Stephen Henson [Wed, 14 Apr 2010 00:17:29 +0000 (00:17 +0000)]
PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix various DTLS fragment reassembly bugs.

14 years agoPR: 2229
Dr. Stephen Henson [Wed, 14 Apr 2010 00:09:55 +0000 (00:09 +0000)]
PR: 2229
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Don't drop DTLS connection if mac or decryption failed.

14 years agoPR: 2228
Dr. Stephen Henson [Wed, 14 Apr 2010 00:03:13 +0000 (00:03 +0000)]
PR: 2228
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS buffer record MAC failure bug.

14 years agomake update
Dr. Stephen Henson [Tue, 13 Apr 2010 17:08:50 +0000 (17:08 +0000)]
make update

14 years agoNo need to look for the file if none was entered.
Richard Levitte [Tue, 13 Apr 2010 14:39:58 +0000 (14:39 +0000)]
No need to look for the file if none was entered.

14 years agoA few more things that aren't built on VAX
Richard Levitte [Tue, 13 Apr 2010 14:39:08 +0000 (14:39 +0000)]
A few more things that aren't built on VAX

14 years agoSince test modules aren't copied to the test/ directory any more on
Richard Levitte [Tue, 13 Apr 2010 14:38:39 +0000 (14:38 +0000)]
Since test modules aren't copied to the test/ directory any more on
VMS, we need to rework this script with knowledge of where they are.

14 years agoRework the way engines are built
Richard Levitte [Tue, 13 Apr 2010 14:37:43 +0000 (14:37 +0000)]
Rework the way engines are built

14 years agoToo long symbols
Richard Levitte [Tue, 13 Apr 2010 14:36:58 +0000 (14:36 +0000)]
Too long symbols

14 years agoSpelling
Richard Levitte [Tue, 13 Apr 2010 14:34:48 +0000 (14:34 +0000)]
Spelling

14 years agoRework the configuration of avoided algorithms.
Richard Levitte [Tue, 13 Apr 2010 14:33:04 +0000 (14:33 +0000)]
Rework the configuration of avoided algorithms.
Avoid copying test modules.

14 years agoUndo the previous change, it was incorrect in this branch.
Richard Levitte [Tue, 13 Apr 2010 11:10:07 +0000 (11:10 +0000)]
Undo the previous change, it was incorrect in this branch.

14 years agoThird argument to dtls1_buffer_record is by reference
Richard Levitte [Tue, 13 Apr 2010 08:41:58 +0000 (08:41 +0000)]
Third argument to dtls1_buffer_record is by reference

14 years agoaes-ppc.pl: 10% performance improvement on Power6 [from HEAD].
Andy Polyakov [Sat, 10 Apr 2010 14:54:34 +0000 (14:54 +0000)]
aes-ppc.pl: 10% performance improvement on Power6 [from HEAD].

14 years agocryptlib.c: allow application to override OPENSSL_isservice [from HEAD].
Andy Polyakov [Sat, 10 Apr 2010 14:13:12 +0000 (14:13 +0000)]
cryptlib.c: allow application to override OPENSSL_isservice [from HEAD].

14 years agoctr129.c: fix typo, simplify ctr128_inc and fix "n=0" bug [from HEAD].
Andy Polyakov [Sat, 10 Apr 2010 13:47:11 +0000 (13:47 +0000)]
ctr129.c: fix typo, simplify ctr128_inc and fix "n=0" bug [from HEAD].

14 years agodarwin-ppc-cc: add -Wa,-force_cpusubtype_ALL to produce binaries not
Andy Polyakov [Sat, 10 Apr 2010 13:41:58 +0000 (13:41 +0000)]
darwin-ppc-cc: add -Wa,-force_cpusubtype_ALL to produce binaries not
specific to G5. This was already added to HEAD earlier.
PR: 2231

14 years agosparccpuid.S: some assembler is allergic to apostrophes in comments [from HEAD].
Andy Polyakov [Sat, 10 Apr 2010 13:37:06 +0000 (13:37 +0000)]
sparccpuid.S: some assembler is allergic to apostrophes in comments [from HEAD].

14 years agoalpha-mont.pl: comply with stack alignment requirement [from HEAD].
Andy Polyakov [Sat, 10 Apr 2010 13:33:46 +0000 (13:33 +0000)]
alpha-mont.pl: comply with stack alignment requirement [from HEAD].

14 years agomake GOST MAC work again
Dr. Stephen Henson [Thu, 8 Apr 2010 10:54:54 +0000 (10:54 +0000)]
make GOST MAC work again

14 years agoAdd SHA2 algorithms to SSL_library_init(). Although these aren't used
Dr. Stephen Henson [Wed, 7 Apr 2010 13:18:30 +0000 (13:18 +0000)]
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.

14 years agoRemove obsolete PRNG note. Add comment about use of SHA256 et al.
Dr. Stephen Henson [Tue, 6 Apr 2010 15:05:47 +0000 (15:05 +0000)]
Remove obsolete PRNG note. Add comment about use of SHA256 et al.

14 years agoPR: 2209
Dr. Stephen Henson [Tue, 6 Apr 2010 14:45:31 +0000 (14:45 +0000)]
PR: 2209
Submitted Daniel Mentz <danielml@sent.com>

Documentation typo.

14 years agoPR: 2218
Dr. Stephen Henson [Tue, 6 Apr 2010 12:44:55 +0000 (12:44 +0000)]
PR: 2218
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS replay bug.

14 years agoPR: 2219
Dr. Stephen Henson [Tue, 6 Apr 2010 12:40:10 +0000 (12:40 +0000)]
PR: 2219
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS buffering bug.

14 years agoPR: 2223
Dr. Stephen Henson [Tue, 6 Apr 2010 12:29:21 +0000 (12:29 +0000)]
PR: 2223
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS timeout bug

14 years agoPR: 2220
Dr. Stephen Henson [Tue, 6 Apr 2010 11:18:32 +0000 (11:18 +0000)]
PR: 2220

Fixes to make OpenSSL compile with no-rc4

14 years agoupdates for next release
Dr. Stephen Henson [Tue, 30 Mar 2010 00:55:00 +0000 (00:55 +0000)]
updates for next release

14 years agoPrepare for 1.0.0 release - finally ;-) OpenSSL_1_0_0
Dr. Stephen Henson [Mon, 29 Mar 2010 13:11:54 +0000 (13:11 +0000)]
Prepare for 1.0.0 release - finally ;-)

14 years agoARMv4 assembler: [unconfirmed] fix for compilation failure [from HEAD].
Andy Polyakov [Mon, 29 Mar 2010 09:59:58 +0000 (09:59 +0000)]
ARMv4 assembler: [unconfirmed] fix for compilation failure [from HEAD].

14 years agodso_dlfcn.c: fix compile failure on Tru64 [from HEAD].
Andy Polyakov [Mon, 29 Mar 2010 09:50:33 +0000 (09:50 +0000)]
dso_dlfcn.c: fix compile failure on Tru64 [from HEAD].

14 years agoPR: 1696
Dr. Stephen Henson [Sun, 28 Mar 2010 00:42:29 +0000 (00:42 +0000)]
PR: 1696

Check return value if d2i_PBEPARAM().

14 years agoPR: 1763
Dr. Stephen Henson [Sat, 27 Mar 2010 23:28:23 +0000 (23:28 +0000)]
PR: 1763

Remove useless num = 0 assignment.

Remove redundant cases on sock_ctrl(): default case handles them.

14 years agoPR: 1904
Dr. Stephen Henson [Sat, 27 Mar 2010 19:27:51 +0000 (19:27 +0000)]
PR: 1904
Submitted by: David Woodhouse <dwmw2@infradead.org>

Pass passphrase minimum length down to UI.

14 years agoPR: 1813
Dr. Stephen Henson [Sat, 27 Mar 2010 18:28:13 +0000 (18:28 +0000)]
PR: 1813
Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com>

Fix memory leak when engine name cannot be loaded.

14 years agoupdate FAQ
Dr. Stephen Henson [Thu, 25 Mar 2010 12:07:45 +0000 (12:07 +0000)]
update FAQ

14 years agoFix for "Record of death" vulnerability CVE-2010-0740.
Bodo Möller [Thu, 25 Mar 2010 11:22:42 +0000 (11:22 +0000)]
Fix for "Record of death" vulnerability CVE-2010-0740.

Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010).

14 years agoinitialise buf if wrong_info not used
Dr. Stephen Henson [Wed, 24 Mar 2010 23:42:20 +0000 (23:42 +0000)]
initialise buf if wrong_info not used

14 years agoPR: 1731 and maybe 2197
Dr. Stephen Henson [Wed, 24 Mar 2010 23:16:49 +0000 (23:16 +0000)]
PR: 1731 and maybe 2197

Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.

14 years agorand_win.c: fix logical bug in readscreen [from HEAD].
Andy Polyakov [Mon, 22 Mar 2010 22:44:35 +0000 (22:44 +0000)]
rand_win.c: fix logical bug in readscreen [from HEAD].

14 years agobss_file.c: fix MSC 6.0 warning [from HEAD].
Andy Polyakov [Mon, 22 Mar 2010 22:39:46 +0000 (22:39 +0000)]
bss_file.c: fix MSC 6.0 warning [from HEAD].

14 years agoe_capi.c: fix typo.
Andy Polyakov [Mon, 15 Mar 2010 22:29:20 +0000 (22:29 +0000)]
e_capi.c: fix typo.

14 years agoFix UPLINK typo [from HEAD].
Andy Polyakov [Mon, 15 Mar 2010 22:26:33 +0000 (22:26 +0000)]
Fix UPLINK typo [from HEAD].

14 years agoworkaround for missing definition in some headers
Dr. Stephen Henson [Mon, 15 Mar 2010 13:09:39 +0000 (13:09 +0000)]
workaround for missing definition in some headers

14 years agoPR: 2192
Dr. Stephen Henson [Fri, 12 Mar 2010 12:48:46 +0000 (12:48 +0000)]
PR: 2192
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

The prompt_info and wrong_info parameters can be empty strings which
can produce confusing prompts. Treat empty string same as NULL.

14 years agomissing goto meant signature was never printed out
Dr. Stephen Henson [Fri, 12 Mar 2010 12:07:05 +0000 (12:07 +0000)]
missing goto meant signature was never printed out

14 years agodon't leave bogus errors in the queue
Dr. Stephen Henson [Wed, 10 Mar 2010 13:48:21 +0000 (13:48 +0000)]
don't leave bogus errors in the queue

14 years agomake update
Dr. Stephen Henson [Tue, 9 Mar 2010 17:23:51 +0000 (17:23 +0000)]
make update

14 years agoPR: 2188
Dr. Stephen Henson [Tue, 9 Mar 2010 17:18:17 +0000 (17:18 +0000)]
PR: 2188
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

Add "missing" functions to get and set prompt constructor.

14 years agoPR: 2186
Dr. Stephen Henson [Tue, 9 Mar 2010 17:08:39 +0000 (17:08 +0000)]
PR: 2186
Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch@tecsys.com>

Detect aix64-gcc

14 years agoreserve a few more bits for future cipher modes
Dr. Stephen Henson [Mon, 8 Mar 2010 23:47:57 +0000 (23:47 +0000)]
reserve a few more bits for future cipher modes

14 years agoThe OID sanity check was incorrect. It should only disallow *leading* 0x80
Dr. Stephen Henson [Sun, 7 Mar 2010 16:40:19 +0000 (16:40 +0000)]
The OID sanity check was incorrect. It should only disallow *leading* 0x80
values.

14 years agodon't add digest alias if signature algorithm is undefined
Dr. Stephen Henson [Sat, 6 Mar 2010 20:47:45 +0000 (20:47 +0000)]
don't add digest alias if signature algorithm is undefined

14 years agoFix memory leak: free up ENGINE functional reference if digest is not
Dr. Stephen Henson [Fri, 5 Mar 2010 13:33:43 +0000 (13:33 +0000)]
Fix memory leak: free up ENGINE functional reference if digest is not
found in an ENGINE.

14 years agoPR: 2183
Dr. Stephen Henson [Wed, 3 Mar 2010 19:56:17 +0000 (19:56 +0000)]
PR: 2183

PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0