Lutz Jänicke [Fri, 19 Oct 2007 08:25:53 +0000 (08:25 +0000)]
Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f
Dr. Stephen Henson [Thu, 18 Oct 2007 11:39:11 +0000 (11:39 +0000)]
Ensure the ticket expected flag is reset when a stateless resumption is
successful.
Andy Polyakov [Wed, 17 Oct 2007 21:22:58 +0000 (21:22 +0000)]
New unused field crippled ssl_ctx_st in 0.9.8"f".
Andy Polyakov [Wed, 17 Oct 2007 21:17:49 +0000 (21:17 +0000)]
Don't let DTLS ChangeCipherSpec increment handshake sequence number. From
HEAD with a twist: server interoperates with non-compliant client.
PR: 1587
Dr. Stephen Henson [Wed, 17 Oct 2007 17:30:15 +0000 (17:30 +0000)]
Don't try to lookup zero length session.
Dr. Stephen Henson [Wed, 17 Oct 2007 11:27:25 +0000 (11:27 +0000)]
Allow TLS tickets and session ID to both be present if lifetime hint is -1.
This never happens in normal SSL sessions but can be useful if the session
is being used as a "blob" to contain other data.
Lutz Jänicke [Wed, 17 Oct 2007 07:46:49 +0000 (07:46 +0000)]
Work around inconsistent version numbering in 0.9.8f (release).
The version code of the release should have been 09086f (6=f, f=release)
but accidently it was marked "090870" (which would be "0.9.8g-dev").
Therefore we now use "090871" for the development of 0.9.8g. Once
0.9.8g is released, the problem will be "healed". We have never done
beta releases for 0.9.x-stable patch releases, so 090871 would never
be used in practice.
PR: #1589
Andy Polyakov [Sun, 14 Oct 2007 14:07:46 +0000 (14:07 +0000)]
Make ssl compile.
Dr. Stephen Henson [Sun, 14 Oct 2007 12:19:07 +0000 (12:19 +0000)]
Include USE_SOCKETS #define
Andy Polyakov [Sat, 13 Oct 2007 12:38:37 +0000 (12:38 +0000)]
Make it possible to link VC static lib with either /MT or /MD application
[from HEAD].
PR: 1230
Andy Polyakov [Sat, 13 Oct 2007 11:02:17 +0000 (11:02 +0000)]
Copy bn/asm/ia64.S from HEAD.
Dr. Stephen Henson [Fri, 12 Oct 2007 00:29:06 +0000 (00:29 +0000)]
Avoid shadow and signed/unsigned warnings.
Dr. Stephen Henson [Fri, 12 Oct 2007 00:00:36 +0000 (00:00 +0000)]
Backport certificate status request TLS extension support to 0.9.8.
Ben Laurie [Thu, 11 Oct 2007 18:27:10 +0000 (18:27 +0000)]
Back to -dev.
Ben Laurie [Thu, 11 Oct 2007 18:23:16 +0000 (18:23 +0000)]
Minor release cockups.
Ben Laurie [Thu, 11 Oct 2007 15:04:32 +0000 (15:04 +0000)]
Next version.
Ben Laurie [Thu, 11 Oct 2007 14:58:15 +0000 (14:58 +0000)]
Ready to roll.
Ben Laurie [Thu, 11 Oct 2007 14:36:59 +0000 (14:36 +0000)]
make update, and more DTLS stuff.
Andy Polyakov [Tue, 9 Oct 2007 19:31:53 +0000 (19:31 +0000)]
Respect cookie length set by app_gen_cookie_cb [from HEAD].
Submitted by: Alex Lam
Andy Polyakov [Tue, 9 Oct 2007 19:22:01 +0000 (19:22 +0000)]
Make DTLS1 record layer MAC calculation RFC compliant. From HEAD with a
twist: server interoperates with non-compliant pre-0.9.8f client.
Andy Polyakov [Fri, 5 Oct 2007 21:05:27 +0000 (21:05 +0000)]
Prohibit RC4 in DTLS [from HEAD].
Dr. Stephen Henson [Fri, 5 Oct 2007 16:47:04 +0000 (16:47 +0000)]
Fix from fips branch.
Andy Polyakov [Wed, 3 Oct 2007 10:18:06 +0000 (10:18 +0000)]
Set client_version earlier in DTLS (this is 0.9.8 specific).
Andy Polyakov [Mon, 1 Oct 2007 06:28:48 +0000 (06:28 +0000)]
Oops! This was erroneously left out commit #16633.
Andy Polyakov [Sun, 30 Sep 2007 22:03:07 +0000 (22:03 +0000)]
Explicit IV update [from HEAD].
Andy Polyakov [Sun, 30 Sep 2007 21:20:59 +0000 (21:20 +0000)]
Make ChangeCipherSpec compliant with DTLS RFC4347. From HEAD with a twist:
server interoperates with non-compliant pre-0.9.8f.
Andy Polyakov [Sun, 30 Sep 2007 19:36:32 +0000 (19:36 +0000)]
DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. From HEAD with a
twist: server allows for non-compliant Finished calculations in order to
enable interop with pre-0.9.8f.
Andy Polyakov [Sun, 30 Sep 2007 19:15:46 +0000 (19:15 +0000)]
DTLS RFC4347 requires client to use rame random field in reply to
HelloVerifyRequest [from HEAD].
Andy Polyakov [Sun, 30 Sep 2007 18:55:59 +0000 (18:55 +0000)]
Switch for RFC-compliant version encoding in DTLS. From HEAD with a twist:
server accepts even non-compliant encoding in order to enable interop with
pre-0.9.8f clients.
Dr. Stephen Henson [Fri, 28 Sep 2007 16:29:24 +0000 (16:29 +0000)]
Update from HEAD.
Lutz Jänicke [Mon, 24 Sep 2007 11:22:31 +0000 (11:22 +0000)]
Typos
PR: 1578
Submitted by: Charles Longeau <chl@tuxfamily.org>
Lutz Jänicke [Mon, 24 Sep 2007 10:58:15 +0000 (10:58 +0000)]
Finish sentence with a "."
Dr. Stephen Henson [Sun, 23 Sep 2007 15:55:54 +0000 (15:55 +0000)]
Fix from HEAD.
Bodo Möller [Fri, 21 Sep 2007 14:05:08 +0000 (14:05 +0000)]
More changes from HEAD:
- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME
now that ssl23_client_hello takes care of that
- fix buffer overrun checks in ssl_add_serverhello_tlsext()
Dr. Stephen Henson [Fri, 21 Sep 2007 13:40:51 +0000 (13:40 +0000)]
Fixes from HEAD.
Lutz Jänicke [Fri, 21 Sep 2007 10:10:47 +0000 (10:10 +0000)]
The use of the PURIFY macro in ssleay_rand_bytes() is sufficient to
resolve the Valgrind issue with random numbers. Undo the changes to
RAND_bytes() and RAND_pseudo_bytes() that are redundant in this
respect.
Update documentation and FAQ accordingly, as the PURIFY macro is
available at least since 0.9.7.
Ben Laurie [Thu, 20 Sep 2007 12:33:24 +0000 (12:33 +0000)]
Use PURIFY instead of PEDANTIC.
Dr. Stephen Henson [Thu, 20 Sep 2007 11:32:09 +0000 (11:32 +0000)]
Clarify wording a little.
Lutz Jänicke [Thu, 20 Sep 2007 07:39:15 +0000 (07:39 +0000)]
Add FAQ entry on how to get rid of Valgrind warnings.
PR: 521
Lutz Jänicke [Thu, 20 Sep 2007 07:24:45 +0000 (07:24 +0000)]
Add passage to manual page actually reflecting the usage of the
contents of "buf" when calling RAND_*bytes().
Dr. Stephen Henson [Wed, 19 Sep 2007 13:29:05 +0000 (13:29 +0000)]
Wrap "keep valgrind happy" change in #ifdef PEDANTIC so any entropy in the
buffer can be normally used.
Ben Laurie [Wed, 19 Sep 2007 13:10:34 +0000 (13:10 +0000)]
Slight bug in dependencies caused occasional unnecessary diffs. Fixed.
Ben Laurie [Wed, 19 Sep 2007 12:17:11 +0000 (12:17 +0000)]
make depend
Ben Laurie [Wed, 19 Sep 2007 12:16:21 +0000 (12:16 +0000)]
Lingering "security" fix.
Andy Polyakov [Tue, 18 Sep 2007 20:59:33 +0000 (20:59 +0000)]
Wire DES weak_keys to read-only segment [from HEAD].
Andy Polyakov [Tue, 18 Sep 2007 20:55:10 +0000 (20:55 +0000)]
Minimize stack utilization in probable_prime [from HEAD].
Andy Polyakov [Tue, 18 Sep 2007 20:49:25 +0000 (20:49 +0000)]
Remove excessive whitespaces from bio.h.
Bodo Möller [Tue, 18 Sep 2007 16:31:18 +0000 (16:31 +0000)]
Make sure that BN_from_montgomery keeps the BIGNUMS in proper format
Dr. Stephen Henson [Mon, 17 Sep 2007 17:54:02 +0000 (17:54 +0000)]
PR: 1560
Dr. Stephen Henson [Mon, 17 Sep 2007 17:30:01 +0000 (17:30 +0000)]
PR: 1582
Andy Polyakov [Mon, 17 Sep 2007 16:43:11 +0000 (16:43 +0000)]
enc.pod update [from HEAD].
PR: 1529
Andy Polyakov [Mon, 17 Sep 2007 16:21:21 +0000 (16:21 +0000)]
Typo in pq_compat.h [note that this file is not present in HEAD].
PR: 1537
Andy Polyakov [Mon, 17 Sep 2007 15:57:31 +0000 (15:57 +0000)]
Mention SHA2 in apps/dgst and openssl.pod.
PR: 1575
Andy Polyakov [Sun, 16 Sep 2007 18:35:45 +0000 (18:35 +0000)]
It's inappropraite to override application signal, nor is it appropriate
to shut down Winsock unless we know it won't be used [and we never do]
[from HEAD].
PR: 1439
Andy Polyakov [Sun, 16 Sep 2007 14:11:51 +0000 (14:11 +0000)]
Minor fix in link_[oa].hpux [from HEAD].
Andy Polyakov [Sun, 16 Sep 2007 12:24:17 +0000 (12:24 +0000)]
BSD run-time linkers apparently demand RPATH on .so objects [from HEAD].
PR: 1381
Andy Polyakov [Sat, 15 Sep 2007 17:05:57 +0000 (17:05 +0000)]
Make bn2dec work on "SIXTY_FOUR_BIT" platforms [from HEAD].
PR: 1456
Andy Polyakov [Fri, 14 Sep 2007 19:32:54 +0000 (19:32 +0000)]
More Intel cc fix-ups [from HEAD].
Andy Polyakov [Fri, 14 Sep 2007 15:39:49 +0000 (15:39 +0000)]
It's unfortunate, but we have to disengage DES assembler in linux64-sparcv9
build, because it expects DES_INT and the latter didn't make it to first
0.9.8.
Andy Polyakov [Fri, 7 Sep 2007 12:27:50 +0000 (12:27 +0000)]
Integrate remaining parts of #14247 [from HEAD].
Dr. Stephen Henson [Thu, 6 Sep 2007 21:07:43 +0000 (21:07 +0000)]
Reimplement safestack to avoid function pointer casts.
Dr. Stephen Henson [Thu, 6 Sep 2007 12:59:34 +0000 (12:59 +0000)]
Update NEWS file.
Dr. Stephen Henson [Thu, 6 Sep 2007 12:43:54 +0000 (12:43 +0000)]
gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.
Fix various "computed value not used" warnings too.
Dr. Stephen Henson [Fri, 31 Aug 2007 00:28:51 +0000 (00:28 +0000)]
Update from HEAD.
Andy Polyakov [Thu, 30 Aug 2007 08:11:25 +0000 (08:11 +0000)]
aes_ige update [from HEAD].
Andy Polyakov [Thu, 30 Aug 2007 08:10:39 +0000 (08:10 +0000)]
darwin platform updates [from HEAD].
Dr. Stephen Henson [Tue, 28 Aug 2007 01:12:44 +0000 (01:12 +0000)]
Update from HEAD.
Dr. Stephen Henson [Mon, 27 Aug 2007 23:47:10 +0000 (23:47 +0000)]
Update from HEAD.
Andy Polyakov [Mon, 27 Aug 2007 08:52:57 +0000 (08:52 +0000)]
shlib_wrap update [from HEAD].
Andy Polyakov [Sun, 26 Aug 2007 14:18:05 +0000 (14:18 +0000)]
IRIX and Tru64 platform updates [from HEAD].
Dr. Stephen Henson [Thu, 23 Aug 2007 22:58:24 +0000 (22:58 +0000)]
Clarify CHANGES entry.
Dr. Stephen Henson [Thu, 23 Aug 2007 22:53:57 +0000 (22:53 +0000)]
Update docs and NEWS file.
Dr. Stephen Henson [Thu, 23 Aug 2007 22:49:42 +0000 (22:49 +0000)]
Update from HEAD.
Dr. Stephen Henson [Thu, 23 Aug 2007 12:20:56 +0000 (12:20 +0000)]
Update from HEAD.
Dr. Stephen Henson [Thu, 23 Aug 2007 12:16:03 +0000 (12:16 +0000)]
Update docs.
Richard Levitte [Wed, 22 Aug 2007 20:58:56 +0000 (20:58 +0000)]
VAX C can't handle 64 bit integers, making SHA512 impossible...
Dr. Stephen Henson [Mon, 20 Aug 2007 12:44:22 +0000 (12:44 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 15 Aug 2007 13:35:44 +0000 (13:35 +0000)]
file fips_rsa_sign.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:21 +0000
Dr. Stephen Henson [Wed, 15 Aug 2007 13:35:43 +0000 (13:35 +0000)]
file fips_rsa_lib.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:21 +0000
Dr. Stephen Henson [Wed, 15 Aug 2007 13:35:40 +0000 (13:35 +0000)]
file fips_dsa_key.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:15 +0000
Dr. Stephen Henson [Wed, 15 Aug 2007 13:35:39 +0000 (13:35 +0000)]
file fips_dsa_sign.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:16 +0000
Dr. Stephen Henson [Wed, 15 Aug 2007 13:35:38 +0000 (13:35 +0000)]
file fips_dsa_lib.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:15 +0000
Dr. Stephen Henson [Wed, 15 Aug 2007 13:35:37 +0000 (13:35 +0000)]
file dh_gen.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:14 +0000
Dr. Stephen Henson [Wed, 15 Aug 2007 13:35:36 +0000 (13:35 +0000)]
file fips_dh_lib.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:14 +0000
Dr. Stephen Henson [Wed, 15 Aug 2007 13:35:35 +0000 (13:35 +0000)]
file fipstests.sh was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:10 +0000
Dr. Stephen Henson [Wed, 15 Aug 2007 13:35:34 +0000 (13:35 +0000)]
file fipstests.bat was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:10 +0000
Dr. Stephen Henson [Wed, 15 Aug 2007 13:35:33 +0000 (13:35 +0000)]
file mkfipsscr.pl was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:10 +0000
Dr. Stephen Henson [Wed, 15 Aug 2007 13:35:32 +0000 (13:35 +0000)]
file fips_utl.h was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:10 +0000
Dr. Stephen Henson [Wed, 15 Aug 2007 13:35:31 +0000 (13:35 +0000)]
file fips_premain.c.sha1 was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:10 +0000
Dr. Stephen Henson [Wed, 15 Aug 2007 13:35:30 +0000 (13:35 +0000)]
file fips-nodiff.txt was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:09 +0000
Dr. Stephen Henson [Sun, 12 Aug 2007 22:31:16 +0000 (22:31 +0000)]
Update to Win32 build system to it knows about TLS extension code.
Dr. Stephen Henson [Sun, 12 Aug 2007 19:05:17 +0000 (19:05 +0000)]
Update default dependency flag.
Dr. Stephen Henson [Sun, 12 Aug 2007 18:59:03 +0000 (18:59 +0000)]
Backport of TLS extension code to OpenSSL 0.9.8.
Include server name and RFC4507bis support.
This is not compiled in by default and must be explicitly enabled with
the Configure option enable-tlsext
Andy Polyakov [Wed, 1 Aug 2007 11:21:35 +0000 (11:21 +0000)]
Typos in ./config [from HEAD].
PR: 1563
Andy Polyakov [Tue, 31 Jul 2007 20:03:26 +0000 (20:03 +0000)]
MacOS X update [from HEAD].
Andy Polyakov [Fri, 27 Jul 2007 20:34:56 +0000 (20:34 +0000)]
Respect ISO aliasing rules [from HEAD].
PR: 1296
Andy Polyakov [Fri, 27 Jul 2007 18:22:04 +0000 (18:22 +0000)]
AES for IA64 update [from HEAD].
Andy Polyakov [Tue, 24 Jul 2007 14:40:26 +0000 (14:40 +0000)]
Don't set OPENSSL_IA32_SSE2 on x86_64.
Dr. Stephen Henson [Thu, 19 Jul 2007 17:39:07 +0000 (17:39 +0000)]
SSE2 and AES assembly language support for VC++ build.
Dr. Stephen Henson [Thu, 19 Jul 2007 16:11:20 +0000 (16:11 +0000)]
file do_fips.bat was added on branch OpenSSL_0_9_8-stable on 2008-09-18 12:13:54 +0000
projects / oweals / openssl.git / log