Dr. Stephen Henson [Tue, 7 Apr 2009 12:10:12 +0000 (12:10 +0000)]
PR: 1795
Submitted by: Peter Edwards <peter.edwards@vordel.com>
Approved by: steve@openssl.org
Avoid race condition by sorting cipher list straight away.
Dr. Stephen Henson [Fri, 3 Apr 2009 16:54:04 +0000 (16:54 +0000)]
PR: 1700
Submitted by: "Robbins, Aharon" <aharon.robbins@intel.com>
Approved by: steve@openssl.org
#undef X509_EXTENSIONS for WIN32 too.
Dr. Stephen Henson [Fri, 3 Apr 2009 16:28:20 +0000 (16:28 +0000)]
Update from 1.0.0-stable
Dr. Stephen Henson [Fri, 3 Apr 2009 11:36:49 +0000 (11:36 +0000)]
PR: 1616
Submitted by: Dequin_Eric@emc.com
Approved by: steve@openssl.org
Check tree->levels to ensure malloc worked.
Dr. Stephen Henson [Thu, 2 Apr 2009 22:34:59 +0000 (22:34 +0000)]
PR: 1827
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Fix application data in handshake bug.
Dr. Stephen Henson [Thu, 2 Apr 2009 22:32:16 +0000 (22:32 +0000)]
PR: 1828
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Fix DTLS retransmission bug.
Dr. Stephen Henson [Thu, 2 Apr 2009 22:28:35 +0000 (22:28 +0000)]
PR: 1826
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Client random bug fix.
Dr. Stephen Henson [Thu, 2 Apr 2009 22:19:07 +0000 (22:19 +0000)]
Ooops, revert patch... due to non-portable gettimeofday call.
Dr. Stephen Henson [Thu, 2 Apr 2009 22:16:02 +0000 (22:16 +0000)]
PR: 1829
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS timer bug fix.
Dr. Stephen Henson [Thu, 2 Apr 2009 22:12:13 +0000 (22:12 +0000)]
PR: 1838
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS fragment bug.
Dr. Stephen Henson [Wed, 25 Mar 2009 22:22:42 +0000 (22:22 +0000)]
Typo.
Dr. Stephen Henson [Wed, 25 Mar 2009 19:01:03 +0000 (19:01 +0000)]
Submitted by: Ilya O. <vrghost@gmail.com>
Approved by: steve@openssl.org
Add 2.5.4.* OIDs.
Dr. Stephen Henson [Wed, 25 Mar 2009 13:02:49 +0000 (13:02 +0000)]
Prepare for next version.
Dr. Stephen Henson [Wed, 25 Mar 2009 12:08:14 +0000 (12:08 +0000)]
Aaargh.... wrong version number....
Dr. Stephen Henson [Wed, 25 Mar 2009 10:59:22 +0000 (10:59 +0000)]
Make update.
Dr. Stephen Henson [Wed, 25 Mar 2009 10:46:56 +0000 (10:46 +0000)]
Prepare for 0.9.8k release.
Dr. Stephen Henson [Wed, 25 Mar 2009 10:42:34 +0000 (10:42 +0000)]
PR: 1868
Submitted by: Paolo Ganci <Paolo.Ganci@AdNovum.CH>
Approved by: steve@openssl.org
Don't set fields to NULL when freeing them up in ASN1 code. On some platforms
with sizeof(long) < sizeof(char *) this can cause a crash.
Dr. Stephen Henson [Wed, 25 Mar 2009 10:40:32 +0000 (10:40 +0000)]
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Approved by: steve@openssl.org
Check return code properly in CMS_SignerInfo_verify_content().
Dr. Stephen Henson [Wed, 25 Mar 2009 10:35:57 +0000 (10:35 +0000)]
Reject BMPStrings and UniversalStrings of invalid length. This prevents
a crash in ASN1_STRING_print_ex() which assumes they are valid.
Dr. Stephen Henson [Mon, 23 Mar 2009 21:11:50 +0000 (21:11 +0000)]
Update from HEAD.
Andy Polyakov [Mon, 16 Mar 2009 13:43:43 +0000 (13:43 +0000)]
des_enc.m4, SPARC DES assembler, update from HEAD: make it Purify-friendly.
As side effect it introduces duplicate of 2KB DES_SPtrans table.
Dr. Stephen Henson [Sun, 15 Mar 2009 14:03:29 +0000 (14:03 +0000)]
Oops.
Dr. Stephen Henson [Sun, 15 Mar 2009 13:36:01 +0000 (13:36 +0000)]
Don't force S/MIME signing purpose: allow it to be overridden by store
settings.
Don't set default values in X509_VERIFY_PARAM_new(): it stops parameters
being inherited properly.
Dr. Stephen Henson [Sat, 14 Mar 2009 18:33:25 +0000 (18:33 +0000)]
Permit nested ASN1 string encoding but with a maximum depth to avoid
stack overflow.
Dr. Stephen Henson [Sat, 14 Mar 2009 12:40:46 +0000 (12:40 +0000)]
Update from HEAD.
Dr. Stephen Henson [Sat, 14 Mar 2009 12:26:03 +0000 (12:26 +0000)]
PR: 1863
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Reviewed by: steve@openssl.org
Check return value, use OPENSSL_assert and unsigned int.
Dr. Stephen Henson [Sat, 14 Mar 2009 12:07:42 +0000 (12:07 +0000)]
PR: 1846
Submitted by: Andrea Schoenberg <asg@ftpproxy.org>
Reviewed by: steve@openssl.org
Fix for HP Nonstop(Tandem) systems.
Dr. Stephen Henson [Thu, 12 Mar 2009 17:31:18 +0000 (17:31 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Thu, 12 Mar 2009 17:13:44 +0000 (17:13 +0000)]
Update from head.
Dr. Stephen Henson [Thu, 12 Mar 2009 17:09:46 +0000 (17:09 +0000)]
PR: 1861
l must be > 0 or array will be accessed out of bounds.
Dr. Stephen Henson [Mon, 9 Mar 2009 13:07:16 +0000 (13:07 +0000)]
PR: 1856
Check return value of PKCS12_add_safes()
Dr. Stephen Henson [Mon, 9 Mar 2009 12:17:56 +0000 (12:17 +0000)]
PR: 1859
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org
Don't affect echo on/off state for calling scripts.
Dr. Stephen Henson [Mon, 9 Mar 2009 12:14:08 +0000 (12:14 +0000)]
PR: 1860
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openss.org
Make Windows build more silent.
Dr. Stephen Henson [Mon, 9 Mar 2009 12:09:03 +0000 (12:09 +0000)]
PR: 1858
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org
Make OPENSSL_NO_SOCK work.
Dr. Stephen Henson [Mon, 9 Mar 2009 12:06:23 +0000 (12:06 +0000)]
PR: 1857
Submitted by: Jurko GospodnetiÄ\87 <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org
Make OPENSSL_NO_FP_API work again.
Dr. Stephen Henson [Sun, 8 Mar 2009 23:05:34 +0000 (23:05 +0000)]
PR: 1841
Submitted by: Martin Kaiser <lists@kaiser.cx>
Reviewed by: steve@openssl.org
Remove unused code.
Ben Laurie [Sun, 8 Mar 2009 10:48:03 +0000 (10:48 +0000)]
Fix display of all 0 IPv6 address (from Rob Austein).
Dr. Stephen Henson [Sat, 7 Mar 2009 16:58:43 +0000 (16:58 +0000)]
Submitted by: Jeremy Shapiro <jnshapir@us.ibm.com>
Reviewed by: steve@openssl.org
Improve efficientcy of mem_gets().
Dr. Stephen Henson [Tue, 3 Mar 2009 22:40:29 +0000 (22:40 +0000)]
Ooops @ should be for the if command not set.
Ben Laurie [Tue, 3 Mar 2009 15:07:35 +0000 (15:07 +0000)]
Only require -iv for ciphers that use an IV!
Ben Laurie [Tue, 3 Mar 2009 15:06:49 +0000 (15:06 +0000)]
Use the correct length (reported by Quanhong Wang).
Dr. Stephen Henson [Wed, 25 Feb 2009 23:29:20 +0000 (23:29 +0000)]
Do a "make links" in fips directory even if not compiling for fips.
Ben Laurie [Mon, 23 Feb 2009 16:02:47 +0000 (16:02 +0000)]
Fix memory leak.
Ben Laurie [Wed, 18 Feb 2009 10:43:10 +0000 (10:43 +0000)]
Do not link nonexistent file.
Ben Laurie [Wed, 18 Feb 2009 10:27:23 +0000 (10:27 +0000)]
Fix FIPS typo.
Dr. Stephen Henson [Mon, 16 Feb 2009 23:24:06 +0000 (23:24 +0000)]
Update from HEAD.
Richard Levitte [Mon, 16 Feb 2009 15:17:26 +0000 (15:17 +0000)]
Data not initialised.
Notified by Gerardo Ganis <gerardo.ganis@cern.ch>
Ben Laurie [Mon, 16 Feb 2009 08:44:23 +0000 (08:44 +0000)]
Use shared dev team flags, fix resulting warning.
Ben Laurie [Mon, 16 Feb 2009 08:43:41 +0000 (08:43 +0000)]
Don't eat the whole word for -d. This allows -debug to be passed to
the compiler.
Dr. Stephen Henson [Sun, 15 Feb 2009 15:46:46 +0000 (15:46 +0000)]
Include common warning options in 0.9.8, fix warnings in debug-steve64.
Dr. Stephen Henson [Sun, 15 Feb 2009 12:10:39 +0000 (12:10 +0000)]
PR: 1422
Fix return value of X509_NAME_cmp() so it works with qsort/bsearch again.
Dr. Stephen Henson [Sat, 14 Feb 2009 23:08:31 +0000 (23:08 +0000)]
Skip engines directory if no-engine
Dr. Stephen Henson [Sat, 14 Feb 2009 22:19:31 +0000 (22:19 +0000)]
PR: 1840
Submitted by: Martin Kaiser <lists@kaiser.cx>
Approved by: steve@openssl.org
Handle NULL passing in parameter and BN_CTX_new() error correctly.
Dr. Stephen Henson [Sat, 14 Feb 2009 21:50:14 +0000 (21:50 +0000)]
PR: 1835
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org
Fix various typos.
Dr. Stephen Henson [Fri, 13 Feb 2009 18:37:31 +0000 (18:37 +0000)]
Install the fipsld link script.
Bodo Möller [Mon, 2 Feb 2009 00:51:49 +0000 (00:51 +0000)]
oops
Bodo Möller [Mon, 2 Feb 2009 00:40:59 +0000 (00:40 +0000)]
For -hex, print just one \n
Richard Levitte [Mon, 2 Feb 2009 00:27:57 +0000 (00:27 +0000)]
Updated symbol for VMS
Bodo Möller [Mon, 2 Feb 2009 00:27:56 +0000 (00:27 +0000)]
-hex option for openssl rand
PR: 1831
Submitted by: Damien Miller
Bodo Möller [Mon, 2 Feb 2009 00:25:00 +0000 (00:25 +0000)]
Make sure we have a library to link dummytest.o with.
Richard Levitte [Mon, 2 Feb 2009 00:18:09 +0000 (00:18 +0000)]
Add the CAPI engine
Dr. Stephen Henson [Wed, 28 Jan 2009 12:55:36 +0000 (12:55 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 28 Jan 2009 12:35:10 +0000 (12:35 +0000)]
Support NumericString for name components.
Richard Levitte [Wed, 28 Jan 2009 07:54:16 +0000 (07:54 +0000)]
Add missing modules
Dr. Stephen Henson [Wed, 21 Jan 2009 21:44:52 +0000 (21:44 +0000)]
PR: 1806
Submitted by: philipp_subx@redfish-solutions.com
Approved by: steve
Use ${CC:-gcc} instead of just gcc in domd, to support cross compilation.
Dr. Stephen Henson [Mon, 19 Jan 2009 16:42:18 +0000 (16:42 +0000)]
No need to add fips to @skip
Dr. Stephen Henson [Mon, 19 Jan 2009 16:40:44 +0000 (16:40 +0000)]
If not compiling for fips don't do anything in fips directory.
Install fipscanister.o and friends from FIPSLIBDIR location.
Ben Laurie [Sat, 17 Jan 2009 14:36:17 +0000 (14:36 +0000)]
Make it possible to override CC.
Richard Levitte [Sat, 17 Jan 2009 12:33:43 +0000 (12:33 +0000)]
Another symbol that's longer than 31 characters.
Richard Levitte [Sat, 17 Jan 2009 12:33:11 +0000 (12:33 +0000)]
A forgotten module...
Dr. Stephen Henson [Thu, 15 Jan 2009 12:34:54 +0000 (12:34 +0000)]
Stop warnings on WIN64
Dr. Stephen Henson [Wed, 14 Jan 2009 11:10:33 +0000 (11:10 +0000)]
Some platforms need $(EX_LIBS) when building fips_standalone_sha1 from
an external fipscanister.o
Dr. Stephen Henson [Wed, 14 Jan 2009 10:46:00 +0000 (10:46 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 7 Jan 2009 23:45:19 +0000 (23:45 +0000)]
Oops, remove duplicate entry.
Dr. Stephen Henson [Wed, 7 Jan 2009 23:38:34 +0000 (23:38 +0000)]
Prepare for next version.
Dr. Stephen Henson [Wed, 7 Jan 2009 10:50:54 +0000 (10:50 +0000)]
Prepare for 0.9.8j release.
Dr. Stephen Henson [Wed, 7 Jan 2009 10:48:23 +0000 (10:48 +0000)]
Properly check EVP_VerifyFinal() and similar return values
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
Lutz Jänicke [Mon, 5 Jan 2009 14:43:07 +0000 (14:43 +0000)]
Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
Dr. Stephen Henson [Mon, 5 Jan 2009 12:47:11 +0000 (12:47 +0000)]
make update.
Dr. Stephen Henson [Wed, 31 Dec 2008 12:00:35 +0000 (12:00 +0000)]
Update ordinals.
Andy Polyakov [Tue, 30 Dec 2008 13:41:08 +0000 (13:41 +0000)]
Synchronize with bn_nist.c from HEAD.
Andy Polyakov [Tue, 30 Dec 2008 13:30:57 +0000 (13:30 +0000)]
Backport cvs.openssl.org/chngview?cn=17710 from HEAD.
PR: 1230
Andy Polyakov [Tue, 30 Dec 2008 13:26:26 +0000 (13:26 +0000)]
Some seasoned makes fail to build. For reference. I had problem with Irix
make which doesn't tolerate empty targets, and fips/Makefile ends up with
one when FIPSCANLIB is empty. Build failed as early as 'make links' phase.
Dr. Stephen Henson [Mon, 29 Dec 2008 00:18:23 +0000 (00:18 +0000)]
Update default compiler options for default tls extension config.
Add -Wsign-compare to debug-steve64
Dr. Stephen Henson [Mon, 29 Dec 2008 00:17:36 +0000 (00:17 +0000)]
Avoid signed/unsigned compare warnings.
Andy Polyakov [Sat, 27 Dec 2008 13:34:30 +0000 (13:34 +0000)]
Backport aes-x86_64.pl update from HEAD.
Ben Laurie [Fri, 26 Dec 2008 15:27:51 +0000 (15:27 +0000)]
Enable TLS Extensions by default.
Richard Levitte [Thu, 25 Dec 2008 22:24:21 +0000 (22:24 +0000)]
In BIO_write(), update the write statistics, not the read statistics.
PR: 1803
Richard Levitte [Thu, 25 Dec 2008 22:04:45 +0000 (22:04 +0000)]
Further synchronisation with Unix
Richard Levitte [Mon, 22 Dec 2008 09:30:09 +0000 (09:30 +0000)]
Synchronise with Unixly build.
Dr. Stephen Henson [Sat, 20 Dec 2008 17:04:09 +0000 (17:04 +0000)]
Make no-engine work again...
Andy Polyakov [Wed, 17 Dec 2008 14:14:51 +0000 (14:14 +0000)]
Backport aes-x86_64.pl update from HEAD and revisit same code in aes-586.pl.
PR: 1801
Ben Laurie [Sat, 13 Dec 2008 17:00:53 +0000 (17:00 +0000)]
Missing return values (Coverity ID 204).
Ben Laurie [Sat, 13 Dec 2008 12:22:47 +0000 (12:22 +0000)]
Make depend.
Dr. Stephen Henson [Wed, 10 Dec 2008 17:34:11 +0000 (17:34 +0000)]
Remove tests which rely on old root certs being present.
Lutz Jänicke [Wed, 10 Dec 2008 08:03:48 +0000 (08:03 +0000)]
apps/speed.c: children should not inherit buffered I/O
PR: 1787
Submitted by: Artur Klauser <aklauser@google.com>
Dr. Stephen Henson [Mon, 8 Dec 2008 19:13:57 +0000 (19:13 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sun, 7 Dec 2008 23:59:13 +0000 (23:59 +0000)]
Fix from HEAD.
Bodo Möller [Tue, 2 Dec 2008 23:50:21 +0000 (23:50 +0000)]
experimental-foo support for mk1mf.pl.
Ben Laurie [Tue, 2 Dec 2008 18:14:44 +0000 (18:14 +0000)]
Fix warnings.