oweals/openssl.git
15 years agoAdd missing modules
Richard Levitte [Wed, 28 Jan 2009 07:54:16 +0000 (07:54 +0000)]
Add missing modules

15 years agoPR: 1806
Dr. Stephen Henson [Wed, 21 Jan 2009 21:44:52 +0000 (21:44 +0000)]
PR: 1806
Submitted by: philipp_subx@redfish-solutions.com
Approved by: steve

Use ${CC:-gcc} instead of just gcc in domd, to support cross compilation.

15 years agoNo need to add fips to @skip
Dr. Stephen Henson [Mon, 19 Jan 2009 16:42:18 +0000 (16:42 +0000)]
No need to add fips to @skip

15 years agoIf not compiling for fips don't do anything in fips directory.
Dr. Stephen Henson [Mon, 19 Jan 2009 16:40:44 +0000 (16:40 +0000)]
If not compiling for fips don't do anything in fips directory.

Install fipscanister.o and friends from FIPSLIBDIR location.

15 years agoMake it possible to override CC.
Ben Laurie [Sat, 17 Jan 2009 14:36:17 +0000 (14:36 +0000)]
Make it possible to override CC.

15 years agoAnother symbol that's longer than 31 characters.
Richard Levitte [Sat, 17 Jan 2009 12:33:43 +0000 (12:33 +0000)]
Another symbol that's longer than 31 characters.

15 years agoA forgotten module...
Richard Levitte [Sat, 17 Jan 2009 12:33:11 +0000 (12:33 +0000)]
A forgotten module...

15 years agoStop warnings on WIN64
Dr. Stephen Henson [Thu, 15 Jan 2009 12:34:54 +0000 (12:34 +0000)]
Stop warnings on WIN64

15 years agoSome platforms need $(EX_LIBS) when building fips_standalone_sha1 from
Dr. Stephen Henson [Wed, 14 Jan 2009 11:10:33 +0000 (11:10 +0000)]
Some platforms need $(EX_LIBS) when building fips_standalone_sha1 from
an external fipscanister.o

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Wed, 14 Jan 2009 10:46:00 +0000 (10:46 +0000)]
Update from HEAD.

15 years agoOops, remove duplicate entry.
Dr. Stephen Henson [Wed, 7 Jan 2009 23:45:19 +0000 (23:45 +0000)]
Oops, remove duplicate entry.

15 years agoPrepare for next version.
Dr. Stephen Henson [Wed, 7 Jan 2009 23:38:34 +0000 (23:38 +0000)]
Prepare for next version.

15 years agoPrepare for 0.9.8j release. OpenSSL_0_9_8j
Dr. Stephen Henson [Wed, 7 Jan 2009 10:50:54 +0000 (10:50 +0000)]
Prepare for 0.9.8j release.

15 years agoProperly check EVP_VerifyFinal() and similar return values
Dr. Stephen Henson [Wed, 7 Jan 2009 10:48:23 +0000 (10:48 +0000)]
Properly check EVP_VerifyFinal() and similar return values
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team

15 years agoFix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP
Lutz Jänicke [Mon, 5 Jan 2009 14:43:07 +0000 (14:43 +0000)]
Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP

Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.

15 years agomake update.
Dr. Stephen Henson [Mon, 5 Jan 2009 12:47:11 +0000 (12:47 +0000)]
make update.

15 years agoUpdate ordinals.
Dr. Stephen Henson [Wed, 31 Dec 2008 12:00:35 +0000 (12:00 +0000)]
Update ordinals.

15 years agoSynchronize with bn_nist.c from HEAD.
Andy Polyakov [Tue, 30 Dec 2008 13:41:08 +0000 (13:41 +0000)]
Synchronize with bn_nist.c from HEAD.

15 years agoBackport http://cvs.openssl.org/chngview?cn=17710 from HEAD.
Andy Polyakov [Tue, 30 Dec 2008 13:30:57 +0000 (13:30 +0000)]
Backport cvs.openssl.org/chngview?cn=17710 from HEAD.
PR: 1230

15 years agoSome seasoned makes fail to build. For reference. I had problem with Irix
Andy Polyakov [Tue, 30 Dec 2008 13:26:26 +0000 (13:26 +0000)]
Some seasoned makes fail to build. For reference. I had problem with Irix
make which doesn't tolerate empty targets, and fips/Makefile ends up with
one when FIPSCANLIB is empty. Build failed as early as 'make links' phase.

15 years agoUpdate default compiler options for default tls extension config.
Dr. Stephen Henson [Mon, 29 Dec 2008 00:18:23 +0000 (00:18 +0000)]
Update default compiler options for default tls extension config.

Add -Wsign-compare to debug-steve64

15 years agoAvoid signed/unsigned compare warnings.
Dr. Stephen Henson [Mon, 29 Dec 2008 00:17:36 +0000 (00:17 +0000)]
Avoid signed/unsigned compare warnings.

15 years agoBackport aes-x86_64.pl update from HEAD.
Andy Polyakov [Sat, 27 Dec 2008 13:34:30 +0000 (13:34 +0000)]
Backport aes-x86_64.pl update from HEAD.

15 years agoEnable TLS Extensions by default.
Ben Laurie [Fri, 26 Dec 2008 15:27:51 +0000 (15:27 +0000)]
Enable TLS Extensions by default.

15 years agoIn BIO_write(), update the write statistics, not the read statistics.
Richard Levitte [Thu, 25 Dec 2008 22:24:21 +0000 (22:24 +0000)]
In BIO_write(), update the write statistics, not the read statistics.
PR: 1803

15 years agoFurther synchronisation with Unix
Richard Levitte [Thu, 25 Dec 2008 22:04:45 +0000 (22:04 +0000)]
Further synchronisation with Unix

15 years agoSynchronise with Unixly build.
Richard Levitte [Mon, 22 Dec 2008 09:30:09 +0000 (09:30 +0000)]
Synchronise with Unixly build.

15 years agoMake no-engine work again...
Dr. Stephen Henson [Sat, 20 Dec 2008 17:04:09 +0000 (17:04 +0000)]
Make no-engine work again...

15 years agoBackport aes-x86_64.pl update from HEAD and revisit same code in aes-586.pl.
Andy Polyakov [Wed, 17 Dec 2008 14:14:51 +0000 (14:14 +0000)]
Backport aes-x86_64.pl update from HEAD and revisit same code in aes-586.pl.
PR: 1801

15 years agoMissing return values (Coverity ID 204).
Ben Laurie [Sat, 13 Dec 2008 17:00:53 +0000 (17:00 +0000)]
Missing return values (Coverity ID 204).

15 years agoMake depend.
Ben Laurie [Sat, 13 Dec 2008 12:22:47 +0000 (12:22 +0000)]
Make depend.

15 years agoRemove tests which rely on old root certs being present.
Dr. Stephen Henson [Wed, 10 Dec 2008 17:34:11 +0000 (17:34 +0000)]
Remove tests which rely on old root certs being present.

15 years agoapps/speed.c: children should not inherit buffered I/O
Lutz Jänicke [Wed, 10 Dec 2008 08:03:48 +0000 (08:03 +0000)]
apps/speed.c: children should not inherit buffered I/O
PR: 1787
Submitted by: Artur Klauser <aklauser@google.com>

15 years agoFix from HEAD.
Dr. Stephen Henson [Mon, 8 Dec 2008 19:13:57 +0000 (19:13 +0000)]
Fix from HEAD.

15 years agoFix from HEAD.
Dr. Stephen Henson [Sun, 7 Dec 2008 23:59:13 +0000 (23:59 +0000)]
Fix from HEAD.

15 years agoexperimental-foo support for mk1mf.pl.
Bodo Möller [Tue, 2 Dec 2008 23:50:21 +0000 (23:50 +0000)]
experimental-foo support for mk1mf.pl.

15 years agoFix warnings.
Ben Laurie [Tue, 2 Dec 2008 18:14:44 +0000 (18:14 +0000)]
Fix warnings.

15 years agoWarn about JPAKE brokenness.
Ben Laurie [Tue, 2 Dec 2008 13:36:47 +0000 (13:36 +0000)]
Warn about JPAKE brokenness.

15 years agoImplement Configure option pattern "experimental-foo"
Bodo Möller [Tue, 2 Dec 2008 01:21:06 +0000 (01:21 +0000)]
Implement Configure option pattern "experimental-foo"
(specifically, "experimental-jpake").

15 years agoDon't clobber passed GENERAL_NAME on error.
Dr. Stephen Henson [Sun, 30 Nov 2008 16:07:11 +0000 (16:07 +0000)]
Don't clobber passed GENERAL_NAME on error.

15 years agoClarify a 'chil' engine param that is a little unintuitive.
Geoff Thorpe [Fri, 28 Nov 2008 22:04:25 +0000 (22:04 +0000)]
Clarify a 'chil' engine param that is a little unintuitive.

Submitted by: Sander Temme <sander@temme.net>

15 years agoUpdate dependencies.
Dr. Stephen Henson [Mon, 24 Nov 2008 17:49:21 +0000 (17:49 +0000)]
Update dependencies.

15 years agoMove new function CRYPTO_strdup to mem_dbg.c because mem.c is excluded in
Dr. Stephen Henson [Mon, 24 Nov 2008 17:02:49 +0000 (17:02 +0000)]
Move new function CRYPTO_strdup to mem_dbg.c because mem.c is excluded in
a fips build.

15 years agoRevert OPENSSL_EXPERIMENTAL patch.
Dr. Stephen Henson [Mon, 24 Nov 2008 16:14:15 +0000 (16:14 +0000)]
Revert OPENSSL_EXPERIMENTAL patch.

Change it so JPAKE uses the standard OPENSSL_NO_JPAKE instead.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Fri, 21 Nov 2008 18:18:28 +0000 (18:18 +0000)]
Update from HEAD.

16 years agoCommit default dependencies.
Dr. Stephen Henson [Wed, 19 Nov 2008 16:03:51 +0000 (16:03 +0000)]
Commit default dependencies.

16 years agoAllow the CHIL engine to load even if dynamic locks aren't registered.
Geoff Thorpe [Wed, 19 Nov 2008 14:08:06 +0000 (14:08 +0000)]
Allow the CHIL engine to load even if dynamic locks aren't registered.

Submitted by: Sander Temme

16 years agoRemove jpake.h dependencies from default build.
Dr. Stephen Henson [Wed, 19 Nov 2008 00:40:59 +0000 (00:40 +0000)]
Remove jpake.h dependencies from default build.

16 years agoOn WIN32 use /MD for static library in FIPS mode to match value of
Dr. Stephen Henson [Tue, 18 Nov 2008 22:23:20 +0000 (22:23 +0000)]
On WIN32 use /MD for static library in FIPS mode to match value of
validated module.

16 years agoUpdate .cvsignore
Dr. Stephen Henson [Sat, 15 Nov 2008 17:47:31 +0000 (17:47 +0000)]
Update .cvsignore

16 years agoStop warnings.
Dr. Stephen Henson [Sat, 15 Nov 2008 17:46:41 +0000 (17:46 +0000)]
Stop warnings.

16 years agowarnings
Bodo Möller [Fri, 14 Nov 2008 00:18:23 +0000 (00:18 +0000)]
warnings

16 years agomake update
Bodo Möller [Fri, 14 Nov 2008 00:17:43 +0000 (00:17 +0000)]
make update

16 years agoFixes for "make depend". Features which need a #define to be set to
Dr. Stephen Henson [Thu, 13 Nov 2008 15:08:33 +0000 (15:08 +0000)]
Fixes for "make depend". Features which need a #define to be set to
enable them, like FIPS and JPAKE need to have these set when building
dependencies.

16 years agoNot an error to include jpake.h when disabled.
Ben Laurie [Thu, 13 Nov 2008 11:35:23 +0000 (11:35 +0000)]
Not an error to include jpake.h when disabled.

16 years agoJ-PAKE is not RSA.
Ben Laurie [Thu, 13 Nov 2008 09:50:24 +0000 (09:50 +0000)]
J-PAKE is not RSA.

16 years agoOops...
Dr. Stephen Henson [Wed, 12 Nov 2008 19:05:42 +0000 (19:05 +0000)]
Oops...

16 years agoUpdate mk1mf.pl for new JPAKE options. Update jpaketest.c for WIN32.
Dr. Stephen Henson [Wed, 12 Nov 2008 18:27:17 +0000 (18:27 +0000)]
Update mk1mf.pl for new JPAKE options. Update jpaketest.c for WIN32.

16 years agoAdd support for experimental code, not compiled in by default and
Dr. Stephen Henson [Wed, 12 Nov 2008 16:54:35 +0000 (16:54 +0000)]
Add support for experimental code, not compiled in by default and
with OPENSSL_EXPERIMENTAL_FOO around it. Make JPAKE experimental.

16 years agoDon't attempt to enter FIPS mode in autoconfig module if already in FIPS mode.
Dr. Stephen Henson [Tue, 11 Nov 2008 12:52:14 +0000 (12:52 +0000)]
Don't attempt to enter FIPS mode in autoconfig module if already in FIPS mode.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Tue, 11 Nov 2008 12:42:32 +0000 (12:42 +0000)]
Update from HEAD.

16 years agoAvoid conflict with some version of Windows platform SDK.
Dr. Stephen Henson [Tue, 11 Nov 2008 12:22:17 +0000 (12:22 +0000)]
Avoid conflict with some version of Windows platform SDK.

16 years agoPR: 1782
Dr. Stephen Henson [Tue, 11 Nov 2008 10:17:22 +0000 (10:17 +0000)]
PR: 1782
Submitted by: Philip Prindeville <philipp_subx@redfish-solutions.com>
Approved by: steve@openssl.org

16 years agoMake -DKSSL_DEBUG work again.
Dr. Stephen Henson [Mon, 10 Nov 2008 18:55:07 +0000 (18:55 +0000)]
Make -DKSSL_DEBUG work again.

16 years agoFix warnings.
Dr. Stephen Henson [Mon, 10 Nov 2008 18:22:50 +0000 (18:22 +0000)]
Fix warnings.

16 years agoClarify (non-)blocking behavior of EGD socket interface used by RAND_egd().
Lutz Jänicke [Mon, 10 Nov 2008 11:26:46 +0000 (11:26 +0000)]
Clarify (non-)blocking behavior of EGD socket interface used by RAND_egd().

16 years agoChange old obsolete email address...
Dr. Stephen Henson [Wed, 5 Nov 2008 18:36:57 +0000 (18:36 +0000)]
Change old obsolete email address...

16 years agoFix from HEAD.
Dr. Stephen Henson [Wed, 5 Nov 2008 18:29:49 +0000 (18:29 +0000)]
Fix from HEAD.

16 years agoOops...
Dr. Stephen Henson [Fri, 31 Oct 2008 12:18:42 +0000 (12:18 +0000)]
Oops...

16 years agoFix from HEAD.
Dr. Stephen Henson [Fri, 31 Oct 2008 12:09:18 +0000 (12:09 +0000)]
Fix from HEAD.

16 years agorandfile.c: .rnd can become orphaned on VMS [from HEAD].
Andy Polyakov [Tue, 28 Oct 2008 16:30:09 +0000 (16:30 +0000)]
randfile.c: .rnd can become orphaned on VMS [from HEAD].

Submitted by: David North

16 years ago.cvsignore update: ignore all flavors of shared objects [from HEAD].
Andy Polyakov [Tue, 28 Oct 2008 15:33:07 +0000 (15:33 +0000)]
.cvsignore update: ignore all flavors of shared objects [from HEAD].

16 years agoFix crash in BN_rshift [from HEAD].
Andy Polyakov [Tue, 28 Oct 2008 13:47:38 +0000 (13:47 +0000)]
Fix crash in BN_rshift [from HEAD].
PR: 1663

16 years agoWin32 fixes, add new directory to WIN32 build system.
Dr. Stephen Henson [Mon, 27 Oct 2008 12:30:33 +0000 (12:30 +0000)]
Win32 fixes, add new directory to WIN32 build system.

16 years agoFixes from HEAD.
Dr. Stephen Henson [Mon, 27 Oct 2008 12:04:04 +0000 (12:04 +0000)]
Fixes from HEAD.

16 years agoAdd JPAKE.
Ben Laurie [Sun, 26 Oct 2008 18:42:05 +0000 (18:42 +0000)]
Add JPAKE.

16 years agoMinor clarity enhancements.
Ben Laurie [Sun, 26 Oct 2008 15:37:31 +0000 (15:37 +0000)]
Minor clarity enhancements.

16 years agoAvoid warning.
Dr. Stephen Henson [Sun, 26 Oct 2008 11:54:26 +0000 (11:54 +0000)]
Avoid warning.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Wed, 22 Oct 2008 19:55:25 +0000 (19:55 +0000)]
Update from HEAD.

16 years agoReturn correct exit code if there is an error in dgst command.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:51:37 +0000 (18:51 +0000)]
Return correct exit code if there is an error in dgst command.

16 years agoSync OIDS with HEAD.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:48:50 +0000 (18:48 +0000)]
Sync OIDS with HEAD.

16 years agoAllow detection of input EOF in quiet mode by adding -no_ign_eof option
Lutz Jänicke [Wed, 22 Oct 2008 06:46:13 +0000 (06:46 +0000)]
Allow detection of input EOF in quiet mode by adding -no_ign_eof option
to s_client application.
PR: #1761
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoAdd missing "-d" to option list of openssl version.
Lutz Jänicke [Mon, 20 Oct 2008 12:53:33 +0000 (12:53 +0000)]
Add missing "-d" to option list of openssl version.

Submitted by: Alex Chen <alex_chen@filemaker.com>

16 years agoArmor pq_compat.h header file against multiple inclusion
Lutz Jänicke [Mon, 20 Oct 2008 12:40:20 +0000 (12:40 +0000)]
Armor pq_compat.h header file against multiple inclusion

Submitted by: Alex Chen <alex_chen@filemaker.com>

16 years agoDistinguish public/private data more clearly.
Ben Laurie [Mon, 20 Oct 2008 09:26:04 +0000 (09:26 +0000)]
Distinguish public/private data more clearly.

16 years agoIgnore executable.
Ben Laurie [Sun, 19 Oct 2008 15:34:13 +0000 (15:34 +0000)]
Ignore executable.

16 years agoAdd J-PAKE demo.
Ben Laurie [Sun, 19 Oct 2008 15:33:32 +0000 (15:33 +0000)]
Add J-PAKE demo.

16 years agoConstification.
Ben Laurie [Sat, 18 Oct 2008 14:27:36 +0000 (14:27 +0000)]
Constification.

16 years agoSet the comparison function in v3_addr_canonize().
Ben Laurie [Tue, 14 Oct 2008 19:21:30 +0000 (19:21 +0000)]
Set the comparison function in v3_addr_canonize().

16 years agoAdd XMPP STARTTLS support.
Ben Laurie [Tue, 14 Oct 2008 19:09:47 +0000 (19:09 +0000)]
Add XMPP STARTTLS support.

16 years agoFix warnings.
Ben Laurie [Tue, 14 Oct 2008 19:05:02 +0000 (19:05 +0000)]
Fix warnings.

16 years agoFirstly, the bitmap we use for replay protection was ending up with zero
Lutz Jänicke [Mon, 13 Oct 2008 06:43:06 +0000 (06:43 +0000)]
Firstly, the bitmap we use for replay protection was ending up with zero
length, so a _single_ pair of packets getting switched around would
cause one of them to be 'dropped'.

Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoWhen the underlying BIO_write() fails to send a datagram, we leave the
Lutz Jänicke [Fri, 10 Oct 2008 10:41:32 +0000 (10:41 +0000)]
When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().

The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoFix incorrect command for assember file generation on IA64
Lutz Jänicke [Mon, 6 Oct 2008 10:35:29 +0000 (10:35 +0000)]
Fix incorrect command for assember file generation on IA64

Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>

16 years agoCheck for errors in ASN1 sign and verify routines.
Dr. Stephen Henson [Thu, 25 Sep 2008 16:38:07 +0000 (16:38 +0000)]
Check for errors in ASN1 sign and verify routines.

16 years agoFix EC_KEY_check_key [from HEAD].
Andy Polyakov [Tue, 23 Sep 2008 17:34:08 +0000 (17:34 +0000)]
Fix EC_KEY_check_key [from HEAD].

16 years agoTypo.
Dr. Stephen Henson [Tue, 23 Sep 2008 11:21:17 +0000 (11:21 +0000)]
Typo.

16 years agoMake sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
Bodo Möller [Mon, 22 Sep 2008 21:22:51 +0000 (21:22 +0000)]
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.

16 years agoFix warnings when more pedantic "debuge-steve32" target is used.
Dr. Stephen Henson [Sun, 21 Sep 2008 11:40:36 +0000 (11:40 +0000)]
Fix warnings when more pedantic "debuge-steve32" target is used.

16 years agoCamellia low level API algorithm blocking.
Dr. Stephen Henson [Sun, 21 Sep 2008 11:21:43 +0000 (11:21 +0000)]
Camellia low level API algorithm blocking.