Dr. Stephen Henson [Wed, 17 Sep 2008 17:12:53 +0000 (17:12 +0000)]
Update defs.
Dr. Stephen Henson [Wed, 17 Sep 2008 17:11:09 +0000 (17:11 +0000)]
Make update: delete duplicate error code.
Dr. Stephen Henson [Wed, 17 Sep 2008 16:58:01 +0000 (16:58 +0000)]
Update some util files to recognize new FIPS directories.
Dr. Stephen Henson [Wed, 17 Sep 2008 16:27:50 +0000 (16:27 +0000)]
Add missing files.
Dr. Stephen Henson [Wed, 17 Sep 2008 15:56:42 +0000 (15:56 +0000)]
Updates to build system from FIPS branch. Make fipscanisterbuild work and
build FIPS test programs.
Dr. Stephen Henson [Wed, 17 Sep 2008 15:53:59 +0000 (15:53 +0000)]
Add RSA update from FIPS branch that got omitted....
Dr. Stephen Henson [Wed, 17 Sep 2008 15:07:41 +0000 (15:07 +0000)]
Don't change NUM_LOCKS value for non-FIPS builds.
Dr. Stephen Henson [Tue, 16 Sep 2008 22:54:30 +0000 (22:54 +0000)]
Add missing files.
Dr. Stephen Henson [Tue, 16 Sep 2008 22:48:18 +0000 (22:48 +0000)]
Add missing files.
Dr. Stephen Henson [Tue, 16 Sep 2008 21:44:57 +0000 (21:44 +0000)]
Merge changes to build system from fips branch.
Dr. Stephen Henson [Tue, 16 Sep 2008 15:14:55 +0000 (15:14 +0000)]
FIPS merge of test changes: make sure key sizes are 1024 bits.
Dr. Stephen Henson [Tue, 16 Sep 2008 15:11:50 +0000 (15:11 +0000)]
FIPS merge "crypto" functions.
Dr. Stephen Henson [Tue, 16 Sep 2008 14:55:26 +0000 (14:55 +0000)]
Merge public key FIPS code, RSA, DSA, DH.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:52:33 +0000 (11:52 +0000)]
Add missing file.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:50:05 +0000 (11:50 +0000)]
RAND library FIPS merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:37:03 +0000 (11:37 +0000)]
conf/hmac FIPS merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:26:29 +0000 (11:26 +0000)]
ERR library FIPS merge. Reorganise functions and add FIPS error
definitions.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:17:48 +0000 (11:17 +0000)]
FIPS des library merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:08:24 +0000 (11:08 +0000)]
Part FIPS bn merge: move functiosn to bn_opt.c to reduce dependencies.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:02:19 +0000 (11:02 +0000)]
Add missing RC4 algorithm block source file.
Dr. Stephen Henson [Tue, 16 Sep 2008 10:47:28 +0000 (10:47 +0000)]
Merge FIPS low level algorithm blocking code. Give hard errors if non-FIPS
algorithms are use in FIPS mode using low level API. No effect in non-FIPS
mode.
Dr. Stephen Henson [Tue, 16 Sep 2008 10:12:23 +0000 (10:12 +0000)]
Merge fips directory from FIPS branch.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:32:23 +0000 (22:32 +0000)]
Oops, restore change that got reverted accidentally.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:24:39 +0000 (22:24 +0000)]
Merge apps changes from FIPS branch.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:21:42 +0000 (22:21 +0000)]
Merge EVP changes in from FIPS branch.
Dr. Stephen Henson [Mon, 15 Sep 2008 21:42:28 +0000 (21:42 +0000)]
Port X931 key generation routines from FIPS branch. Don't include deprecated
versions as they weren't in 0.9.8 before now anyway.
Bodo Möller [Mon, 15 Sep 2008 20:39:32 +0000 (20:39 +0000)]
Fix intendation
Bodo Möller [Mon, 15 Sep 2008 20:34:13 +0000 (20:34 +0000)]
Now that we're changing the 0.9.8i CHANGES anyway, reorder them
according to the usual convention (reverse chronological order)
Dr. Stephen Henson [Mon, 15 Sep 2008 20:28:58 +0000 (20:28 +0000)]
Add missing CHANGES entry.
Bodo Möller [Mon, 15 Sep 2008 20:27:47 +0000 (20:27 +0000)]
update
Dr. Stephen Henson [Mon, 15 Sep 2008 20:16:04 +0000 (20:16 +0000)]
pkcs12 FIPS changes.
Dr. Stephen Henson [Mon, 15 Sep 2008 19:56:12 +0000 (19:56 +0000)]
Merge minor FIPS branch changes: buffer, objects, pem, x509.
Dr. Stephen Henson [Mon, 15 Sep 2008 15:30:20 +0000 (15:30 +0000)]
Prepare for next version...
Dr. Stephen Henson [Mon, 15 Sep 2008 14:26:34 +0000 (14:26 +0000)]
Oops... use correct version number this time....
Dr. Stephen Henson [Mon, 15 Sep 2008 12:19:09 +0000 (12:19 +0000)]
Prepare for next version....
Dr. Stephen Henson [Mon, 15 Sep 2008 10:28:13 +0000 (10:28 +0000)]
Begin release of OpenSSL 0.9.8i.
Andy Polyakov [Mon, 15 Sep 2008 07:19:41 +0000 (07:19 +0000)]
Compilation warning fix [from HEAD, "must have, as our Windows build does
not tolerate warnings].
Andy Polyakov [Mon, 15 Sep 2008 05:45:36 +0000 (05:45 +0000)]
Fix yesterday typos in bss_dgram.c [from HEAD].
Bodo Möller [Sun, 14 Sep 2008 19:50:53 +0000 (19:50 +0000)]
update comment
Andy Polyakov [Sun, 14 Sep 2008 19:23:46 +0000 (19:23 +0000)]
Winsock handles SO_RCVTIMEO in unique manner... [from HEAD].
PR: 1648
Bodo Möller [Sun, 14 Sep 2008 18:16:09 +0000 (18:16 +0000)]
oops
Andy Polyakov [Sun, 14 Sep 2008 17:57:03 +0000 (17:57 +0000)]
dtls1_write_bytes consumers expect amount of bytes written per call, not
overall [from HEAD].
PR: 1604
Dr. Stephen Henson [Sun, 14 Sep 2008 16:43:37 +0000 (16:43 +0000)]
Fix error code discrepancy.
Make update.
Dr. Stephen Henson [Sun, 14 Sep 2008 15:46:36 +0000 (15:46 +0000)]
Stop warnings about value not used.
Bodo Möller [Sun, 14 Sep 2008 14:02:01 +0000 (14:02 +0000)]
Fix SSL state transitions.
Submitted by: Nagendra Modadugu
Bodo Möller [Sun, 14 Sep 2008 13:51:49 +0000 (13:51 +0000)]
Really get rid of unsafe double-checked locking.
Also, "CHANGES" clean-ups.
Bodo Möller [Sun, 14 Sep 2008 13:42:40 +0000 (13:42 +0000)]
Some precautions to avoid potential security-relevant problems.
Andy Polyakov [Sat, 13 Sep 2008 18:25:36 +0000 (18:25 +0000)]
DTLS didn't handle alerts correctly [from HEAD].
PR: 1632
Dr. Stephen Henson [Fri, 12 Sep 2008 17:44:26 +0000 (17:44 +0000)]
file rc4_fblk.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 11:02:19 +0000
Andy Polyakov [Fri, 12 Sep 2008 14:47:02 +0000 (14:47 +0000)]
AIX build updates [from HEAD].
Ben Laurie [Fri, 12 Sep 2008 13:29:59 +0000 (13:29 +0000)]
Allow soft-loading engines.
Ben Laurie [Fri, 12 Sep 2008 13:26:07 +0000 (13:26 +0000)]
Don't hide commands.
Dr. Stephen Henson [Wed, 3 Sep 2008 22:13:04 +0000 (22:13 +0000)]
If tickets disabled behave as if no ticket received to support
stateful resume.
Dr. Stephen Henson [Sun, 31 Aug 2008 11:15:35 +0000 (11:15 +0000)]
Fix flag clash... only used internally when policy checking is
enabled.
Bodo Möller [Thu, 14 Aug 2008 21:37:20 +0000 (21:37 +0000)]
Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.
Bodo Möller [Wed, 13 Aug 2008 19:44:44 +0000 (19:44 +0000)]
sanity check
PR: 1679
Dr. Stephen Henson [Tue, 5 Aug 2008 15:56:11 +0000 (15:56 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sat, 2 Aug 2008 11:17:04 +0000 (11:17 +0000)]
Fix from HEAD.
Lutz Jänicke [Fri, 1 Aug 2008 15:03:22 +0000 (15:03 +0000)]
Refer to SSL_pending from the man page for SSL_read
Dr. Stephen Henson [Wed, 30 Jul 2008 15:42:19 +0000 (15:42 +0000)]
Fix from HEAD.
Bodo Möller [Thu, 17 Jul 2008 22:11:24 +0000 (22:11 +0000)]
We should check the eight bytes starting at p[-9] for rollback attack
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.
PR: 1695
Andy Polyakov [Thu, 17 Jul 2008 11:59:07 +0000 (11:59 +0000)]
Harmonize darwin-i386-cc config line with HEAD.
Andy Polyakov [Thu, 17 Jul 2008 10:00:18 +0000 (10:00 +0000)]
darwin64-ppc-cc experimental line accidentally made it to stable:-(
PR: 1699
Andy Polyakov [Thu, 17 Jul 2008 09:51:34 +0000 (09:51 +0000)]
sha1-586.pl: update from HEAD.
PR: 1681
Bodo Möller [Wed, 16 Jul 2008 18:10:28 +0000 (18:10 +0000)]
Make sure not to read beyond end of buffer
Dr. Stephen Henson [Sun, 13 Jul 2008 22:38:52 +0000 (22:38 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sun, 13 Jul 2008 15:56:01 +0000 (15:56 +0000)]
Update from HEAD.
Dr. Stephen Henson [Sun, 13 Jul 2008 14:33:16 +0000 (14:33 +0000)]
Update from HEAD.
Dr. Stephen Henson [Thu, 26 Jun 2008 23:26:52 +0000 (23:26 +0000)]
Add support for Local Machine Keyset attribute in PKCS#12 files.
Dr. Stephen Henson [Thu, 26 Jun 2008 23:20:52 +0000 (23:20 +0000)]
Sync OIDs with HEAD so we don't need to rebuild OID database and change
all NIDs every time an OID is added to 0.9.8.
Dr. Stephen Henson [Wed, 25 Jun 2008 10:41:48 +0000 (10:41 +0000)]
Changes to allow capi ENGINE to compile with older headers on e.g. VC6.
Bodo Möller [Mon, 23 Jun 2008 20:46:28 +0000 (20:46 +0000)]
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
Dr. Stephen Henson [Sun, 22 Jun 2008 01:10:04 +0000 (01:10 +0000)]
Update ordinals.
Dr. Stephen Henson [Sat, 21 Jun 2008 23:28:02 +0000 (23:28 +0000)]
Make WIN32 build work with no-rc4
Dr. Stephen Henson [Wed, 18 Jun 2008 14:42:27 +0000 (14:42 +0000)]
Fix typo and filter on X509_PURPOSE_SSL_CLIENT when presenting certs.
Dr. Stephen Henson [Wed, 18 Jun 2008 12:05:23 +0000 (12:05 +0000)]
Add support for machine stores and handle provider type errors properly in keys.
Dr. Stephen Henson [Mon, 16 Jun 2008 16:56:43 +0000 (16:56 +0000)]
Make ssl code consistent with FIPS branch. The new code has no effect
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
Dr. Stephen Henson [Mon, 16 Jun 2008 15:22:49 +0000 (15:22 +0000)]
Add error code for FIPS library and make library numbers consistent.
Dr. Stephen Henson [Sun, 15 Jun 2008 16:52:37 +0000 (16:52 +0000)]
Sync ordinals with FIPS branch. FIPS specific functions currently are place
holders to keep ordinals consistent.
Dr. Stephen Henson [Mon, 9 Jun 2008 16:50:48 +0000 (16:50 +0000)]
Add acknowledgement.
Ben Laurie [Sat, 7 Jun 2008 17:22:37 +0000 (17:22 +0000)]
OPENSSL_isservice() is defined on all platforms.
Dr. Stephen Henson [Fri, 6 Jun 2008 20:48:57 +0000 (20:48 +0000)]
Update from head.
Dr. Stephen Henson [Fri, 6 Jun 2008 15:54:00 +0000 (15:54 +0000)]
Update ordinals.
Dr. Stephen Henson [Fri, 6 Jun 2008 15:52:32 +0000 (15:52 +0000)]
Update CryptoAPI ENGINE from head. Export OPENSSL_isservice().
Dr. Stephen Henson [Thu, 5 Jun 2008 16:56:00 +0000 (16:56 +0000)]
Make headers work with older versions of Window platform SDK.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:32:05 +0000 (15:32 +0000)]
Update CHANGES.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:13:03 +0000 (15:13 +0000)]
If auto load ENGINE lookup fails retry adding builtin ENGINEs.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:09:40 +0000 (15:09 +0000)]
Configure options of form -Dfoo=bar should get added to CFLAGS in mk1mf.pl
Dr. Stephen Henson [Thu, 5 Jun 2008 11:44:53 +0000 (11:44 +0000)]
Don't show choice dialog if only one cert.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:38:03 +0000 (11:38 +0000)]
Search $OPTIONS for -DOPENSSL_CAPIENG_DIALOG because $cflags is
no complete at this point.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:23:35 +0000 (11:23 +0000)]
include engine.h if needed.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:57:21 +0000 (10:57 +0000)]
Update ordinals.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:56:51 +0000 (10:56 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 23:00:59 +0000 (23:00 +0000)]
Remove some unneeded columns from dialog.
Dr. Stephen Henson [Wed, 4 Jun 2008 22:39:29 +0000 (22:39 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 20:11:17 +0000 (20:11 +0000)]
Oops... missed this part of backport.
Dr. Stephen Henson [Wed, 4 Jun 2008 19:52:36 +0000 (19:52 +0000)]
Backport s_client changes.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:49:44 +0000 (18:49 +0000)]
Update CryptoAPI ENGINE from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:35:27 +0000 (18:35 +0000)]
Backport more ENGINE SSL client auth code to 0.9.8.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:01:40 +0000 (18:01 +0000)]
Backport ssl client auth ENGINE support to 0.9.8.