Andy Polyakov [Mon, 15 Sep 2008 05:45:36 +0000 (05:45 +0000)]
Fix yesterday typos in bss_dgram.c [from HEAD].
Bodo Möller [Sun, 14 Sep 2008 19:50:53 +0000 (19:50 +0000)]
update comment
Andy Polyakov [Sun, 14 Sep 2008 19:23:46 +0000 (19:23 +0000)]
Winsock handles SO_RCVTIMEO in unique manner... [from HEAD].
PR: 1648
Bodo Möller [Sun, 14 Sep 2008 18:16:09 +0000 (18:16 +0000)]
oops
Andy Polyakov [Sun, 14 Sep 2008 17:57:03 +0000 (17:57 +0000)]
dtls1_write_bytes consumers expect amount of bytes written per call, not
overall [from HEAD].
PR: 1604
Dr. Stephen Henson [Sun, 14 Sep 2008 16:43:37 +0000 (16:43 +0000)]
Fix error code discrepancy.
Make update.
Dr. Stephen Henson [Sun, 14 Sep 2008 15:46:36 +0000 (15:46 +0000)]
Stop warnings about value not used.
Bodo Möller [Sun, 14 Sep 2008 14:02:01 +0000 (14:02 +0000)]
Fix SSL state transitions.
Submitted by: Nagendra Modadugu
Bodo Möller [Sun, 14 Sep 2008 13:51:49 +0000 (13:51 +0000)]
Really get rid of unsafe double-checked locking.
Also, "CHANGES" clean-ups.
Bodo Möller [Sun, 14 Sep 2008 13:42:40 +0000 (13:42 +0000)]
Some precautions to avoid potential security-relevant problems.
Andy Polyakov [Sat, 13 Sep 2008 18:25:36 +0000 (18:25 +0000)]
DTLS didn't handle alerts correctly [from HEAD].
PR: 1632
Dr. Stephen Henson [Fri, 12 Sep 2008 17:44:26 +0000 (17:44 +0000)]
file rc4_fblk.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 11:02:19 +0000
Andy Polyakov [Fri, 12 Sep 2008 14:47:02 +0000 (14:47 +0000)]
AIX build updates [from HEAD].
Ben Laurie [Fri, 12 Sep 2008 13:29:59 +0000 (13:29 +0000)]
Allow soft-loading engines.
Ben Laurie [Fri, 12 Sep 2008 13:26:07 +0000 (13:26 +0000)]
Don't hide commands.
Dr. Stephen Henson [Wed, 3 Sep 2008 22:13:04 +0000 (22:13 +0000)]
If tickets disabled behave as if no ticket received to support
stateful resume.
Dr. Stephen Henson [Sun, 31 Aug 2008 11:15:35 +0000 (11:15 +0000)]
Fix flag clash... only used internally when policy checking is
enabled.
Bodo Möller [Thu, 14 Aug 2008 21:37:20 +0000 (21:37 +0000)]
Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.
Bodo Möller [Wed, 13 Aug 2008 19:44:44 +0000 (19:44 +0000)]
sanity check
PR: 1679
Dr. Stephen Henson [Tue, 5 Aug 2008 15:56:11 +0000 (15:56 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sat, 2 Aug 2008 11:17:04 +0000 (11:17 +0000)]
Fix from HEAD.
Lutz Jänicke [Fri, 1 Aug 2008 15:03:22 +0000 (15:03 +0000)]
Refer to SSL_pending from the man page for SSL_read
Dr. Stephen Henson [Wed, 30 Jul 2008 15:42:19 +0000 (15:42 +0000)]
Fix from HEAD.
Bodo Möller [Thu, 17 Jul 2008 22:11:24 +0000 (22:11 +0000)]
We should check the eight bytes starting at p[-9] for rollback attack
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.
PR: 1695
Andy Polyakov [Thu, 17 Jul 2008 11:59:07 +0000 (11:59 +0000)]
Harmonize darwin-i386-cc config line with HEAD.
Andy Polyakov [Thu, 17 Jul 2008 10:00:18 +0000 (10:00 +0000)]
darwin64-ppc-cc experimental line accidentally made it to stable:-(
PR: 1699
Andy Polyakov [Thu, 17 Jul 2008 09:51:34 +0000 (09:51 +0000)]
sha1-586.pl: update from HEAD.
PR: 1681
Bodo Möller [Wed, 16 Jul 2008 18:10:28 +0000 (18:10 +0000)]
Make sure not to read beyond end of buffer
Dr. Stephen Henson [Sun, 13 Jul 2008 22:38:52 +0000 (22:38 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sun, 13 Jul 2008 15:56:01 +0000 (15:56 +0000)]
Update from HEAD.
Dr. Stephen Henson [Sun, 13 Jul 2008 14:33:16 +0000 (14:33 +0000)]
Update from HEAD.
Dr. Stephen Henson [Thu, 26 Jun 2008 23:26:52 +0000 (23:26 +0000)]
Add support for Local Machine Keyset attribute in PKCS#12 files.
Dr. Stephen Henson [Thu, 26 Jun 2008 23:20:52 +0000 (23:20 +0000)]
Sync OIDs with HEAD so we don't need to rebuild OID database and change
all NIDs every time an OID is added to 0.9.8.
Dr. Stephen Henson [Wed, 25 Jun 2008 10:41:48 +0000 (10:41 +0000)]
Changes to allow capi ENGINE to compile with older headers on e.g. VC6.
Bodo Möller [Mon, 23 Jun 2008 20:46:28 +0000 (20:46 +0000)]
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
Dr. Stephen Henson [Sun, 22 Jun 2008 01:10:04 +0000 (01:10 +0000)]
Update ordinals.
Dr. Stephen Henson [Sat, 21 Jun 2008 23:28:02 +0000 (23:28 +0000)]
Make WIN32 build work with no-rc4
Dr. Stephen Henson [Wed, 18 Jun 2008 14:42:27 +0000 (14:42 +0000)]
Fix typo and filter on X509_PURPOSE_SSL_CLIENT when presenting certs.
Dr. Stephen Henson [Wed, 18 Jun 2008 12:05:23 +0000 (12:05 +0000)]
Add support for machine stores and handle provider type errors properly in keys.
Dr. Stephen Henson [Mon, 16 Jun 2008 16:56:43 +0000 (16:56 +0000)]
Make ssl code consistent with FIPS branch. The new code has no effect
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
Dr. Stephen Henson [Mon, 16 Jun 2008 15:22:49 +0000 (15:22 +0000)]
Add error code for FIPS library and make library numbers consistent.
Dr. Stephen Henson [Sun, 15 Jun 2008 16:52:37 +0000 (16:52 +0000)]
Sync ordinals with FIPS branch. FIPS specific functions currently are place
holders to keep ordinals consistent.
Dr. Stephen Henson [Mon, 9 Jun 2008 16:50:48 +0000 (16:50 +0000)]
Add acknowledgement.
Ben Laurie [Sat, 7 Jun 2008 17:22:37 +0000 (17:22 +0000)]
OPENSSL_isservice() is defined on all platforms.
Dr. Stephen Henson [Fri, 6 Jun 2008 20:48:57 +0000 (20:48 +0000)]
Update from head.
Dr. Stephen Henson [Fri, 6 Jun 2008 15:54:00 +0000 (15:54 +0000)]
Update ordinals.
Dr. Stephen Henson [Fri, 6 Jun 2008 15:52:32 +0000 (15:52 +0000)]
Update CryptoAPI ENGINE from head. Export OPENSSL_isservice().
Dr. Stephen Henson [Thu, 5 Jun 2008 16:56:00 +0000 (16:56 +0000)]
Make headers work with older versions of Window platform SDK.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:32:05 +0000 (15:32 +0000)]
Update CHANGES.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:13:03 +0000 (15:13 +0000)]
If auto load ENGINE lookup fails retry adding builtin ENGINEs.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:09:40 +0000 (15:09 +0000)]
Configure options of form -Dfoo=bar should get added to CFLAGS in mk1mf.pl
Dr. Stephen Henson [Thu, 5 Jun 2008 11:44:53 +0000 (11:44 +0000)]
Don't show choice dialog if only one cert.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:38:03 +0000 (11:38 +0000)]
Search $OPTIONS for -DOPENSSL_CAPIENG_DIALOG because $cflags is
no complete at this point.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:23:35 +0000 (11:23 +0000)]
include engine.h if needed.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:57:21 +0000 (10:57 +0000)]
Update ordinals.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:56:51 +0000 (10:56 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 23:00:59 +0000 (23:00 +0000)]
Remove some unneeded columns from dialog.
Dr. Stephen Henson [Wed, 4 Jun 2008 22:39:29 +0000 (22:39 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 20:11:17 +0000 (20:11 +0000)]
Oops... missed this part of backport.
Dr. Stephen Henson [Wed, 4 Jun 2008 19:52:36 +0000 (19:52 +0000)]
Backport s_client changes.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:49:44 +0000 (18:49 +0000)]
Update CryptoAPI ENGINE from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:35:27 +0000 (18:35 +0000)]
Backport more ENGINE SSL client auth code to 0.9.8.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:01:40 +0000 (18:01 +0000)]
Backport ssl client auth ENGINE support to 0.9.8.
Bodo Möller [Sat, 31 May 2008 13:42:52 +0000 (13:42 +0000)]
Everyone's had a few years to port their favorite additions to 0.9.7
to HEAD (and the 0.9.8 branch). Remove the reminder.
Dr. Stephen Henson [Fri, 30 May 2008 17:44:36 +0000 (17:44 +0000)]
DSA method slightly more tested and fixed ;-)
Dr. Stephen Henson [Fri, 30 May 2008 17:07:18 +0000 (17:07 +0000)]
Update error codes.
Dr. Stephen Henson [Fri, 30 May 2008 17:03:16 +0000 (17:03 +0000)]
Untested initial CryptoAPI dsa signing code.
Dr. Stephen Henson [Fri, 30 May 2008 16:31:51 +0000 (16:31 +0000)]
Some DSA method structures and placeholders, not complete yet.
Dr. Stephen Henson [Fri, 30 May 2008 16:14:34 +0000 (16:14 +0000)]
Delete unused functions.
Dr. Stephen Henson [Fri, 30 May 2008 15:28:40 +0000 (15:28 +0000)]
Get BIO_snprintf() argument order right....
Dr. Stephen Henson [Fri, 30 May 2008 15:24:19 +0000 (15:24 +0000)]
Add new error codes, log unknown magic or algorithm IDs.
Dr. Stephen Henson [Fri, 30 May 2008 15:05:39 +0000 (15:05 +0000)]
Initial DSA public key loading support in CryptoAPI ENGINE.
Dr. Stephen Henson [Fri, 30 May 2008 15:04:58 +0000 (15:04 +0000)]
Add support for ENGINE loaded keys in dsa app.
Dr. Stephen Henson [Fri, 30 May 2008 11:58:50 +0000 (11:58 +0000)]
Add error codes for blob sanity checks, rebuild error table.
Dr. Stephen Henson [Fri, 30 May 2008 11:54:51 +0000 (11:54 +0000)]
Blob type and algorithm type sanity checks
Dr. Stephen Henson [Fri, 30 May 2008 10:57:13 +0000 (10:57 +0000)]
Don't set extended type is mbstring flag set.
Dr. Stephen Henson [Fri, 30 May 2008 10:31:43 +0000 (10:31 +0000)]
Update default depflag.
Dr. Stephen Henson [Thu, 29 May 2008 23:47:40 +0000 (23:47 +0000)]
Load CryptoAPI engine if supported.
Dr. Stephen Henson [Thu, 29 May 2008 23:15:41 +0000 (23:15 +0000)]
Update mkdef.pl to recognize CAPIENG
Dr. Stephen Henson [Thu, 29 May 2008 21:03:48 +0000 (21:03 +0000)]
Make CryptoAPI engine look more like the others....
Dr. Stephen Henson [Thu, 29 May 2008 17:51:22 +0000 (17:51 +0000)]
Make dynamic engine link work with capi.
Dr. Stephen Henson [Thu, 29 May 2008 17:20:42 +0000 (17:20 +0000)]
Disable CryptoAPI engine compilation by default.
Dr. Stephen Henson [Thu, 29 May 2008 17:13:15 +0000 (17:13 +0000)]
Create error codes, compile in source.
Dr. Stephen Henson [Thu, 29 May 2008 16:46:38 +0000 (16:46 +0000)]
CryptoAPI ENGINE... initial version, not compiled in yet.
Bodo Möller [Wed, 28 May 2008 22:30:39 +0000 (22:30 +0000)]
FAQ updates from HEAD
Bodo Möller [Wed, 28 May 2008 22:22:50 +0000 (22:22 +0000)]
fix whitespace
Mark J. Cox [Wed, 28 May 2008 07:47:50 +0000 (07:47 +0000)]
After tagging, bump ready for 0.9.8i development
Mark J. Cox [Wed, 28 May 2008 07:37:14 +0000 (07:37 +0000)]
Prepare for 0.9.8h release
Mark J. Cox [Wed, 28 May 2008 07:29:27 +0000 (07:29 +0000)]
Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)
Reviewed by: openssl-security@openssl.org
Obtained from: mark@awe.com
Mark J. Cox [Wed, 28 May 2008 07:26:33 +0000 (07:26 +0000)]
Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)
Reviewed by: openssl-security@openssl.org
Obtained from: jorton@redhat.com
Bodo Möller [Tue, 27 May 2008 18:43:30 +0000 (18:43 +0000)]
grammar
Bodo Möller [Tue, 27 May 2008 18:41:02 +0000 (18:41 +0000)]
year 2008
Lutz Jänicke [Mon, 26 May 2008 06:23:55 +0000 (06:23 +0000)]
Add README about removed root CA certificates.
Lutz Jänicke [Mon, 26 May 2008 06:21:10 +0000 (06:21 +0000)]
Reword comment to be much shorter to stop other people from complaining
about "overcommenting"
Lutz Jänicke [Fri, 23 May 2008 10:37:22 +0000 (10:37 +0000)]
Clear error queue when starting SSL_CTX_use_certificate_chain_file
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
Lutz Jänicke [Fri, 23 May 2008 08:59:56 +0000 (08:59 +0000)]
Remove all root CA files (beyond test CAs including private key)
from the OpenSSL distribution.
Dr. Stephen Henson [Tue, 20 May 2008 18:48:22 +0000 (18:48 +0000)]
Fix off by one error ;-)
Dr. Stephen Henson [Tue, 20 May 2008 16:13:11 +0000 (16:13 +0000)]
Typo.
Dr. Stephen Henson [Tue, 20 May 2008 12:12:22 +0000 (12:12 +0000)]
Update ordinals.
Dr. Stephen Henson [Tue, 20 May 2008 12:10:28 +0000 (12:10 +0000)]
Oops... PEM_write_bio_ASN1_stream() shouldn't be in 0.9.8 CMS backport.