oweals/openssl.git
17 years agoAdd caRepository OID to OpenSSL.
Dr. Stephen Henson [Fri, 23 Nov 2007 00:07:48 +0000 (00:07 +0000)]
Add caRepository OID to OpenSSL.

17 years agoTypos in man pages: dependant->dependent
Lutz Jänicke [Mon, 19 Nov 2007 09:18:01 +0000 (09:18 +0000)]
Typos in man pages: dependant->dependent

Submitted by: Tobias Stoeckmann <tobias@bugol.de>

17 years agoShould reject signatures that we can't properly verify
Bodo Möller [Mon, 19 Nov 2007 07:25:28 +0000 (07:25 +0000)]
Should reject signatures that we can't properly verify
and couldn't generate
(as pointed out by Ernst G Giessmann)

17 years agofix typos
Bodo Möller [Mon, 19 Nov 2007 07:23:52 +0000 (07:23 +0000)]
fix typos

Submitted by: Ernst G. Giessmann

17 years agoThe hash length check wasn't strict enough,
Bodo Möller [Fri, 16 Nov 2007 13:00:57 +0000 (13:00 +0000)]
The hash length check wasn't strict enough,
as pointed out by Ernst G Giessmann

17 years agoFix buffer overflow.
Ben Laurie [Thu, 15 Nov 2007 13:33:47 +0000 (13:33 +0000)]
Fix buffer overflow.

17 years agoMake depend.
Ben Laurie [Thu, 15 Nov 2007 13:32:53 +0000 (13:32 +0000)]
Make depend.

17 years agoFix warnings.
Ben Laurie [Thu, 15 Nov 2007 13:32:16 +0000 (13:32 +0000)]
Fix warnings.

17 years agoAdd x86_64-mont.pl [from HEAD].
Andy Polyakov [Sun, 11 Nov 2007 21:04:34 +0000 (21:04 +0000)]
Add x86_64-mont.pl [from HEAD].

17 years agoAdd framework for bn_mul_mont [from 098-fips].
Andy Polyakov [Sun, 11 Nov 2007 20:43:23 +0000 (20:43 +0000)]
Add framework for bn_mul_mont [from 098-fips].

17 years agodoc/crypto/OPENSSL_ia32cap.pod update [from HEAD].
Andy Polyakov [Sun, 11 Nov 2007 20:10:09 +0000 (20:10 +0000)]
doc/crypto/OPENSSL_ia32cap.pod update [from HEAD].

17 years agoComply with updated x86cpuid.pl.
Andy Polyakov [Sun, 11 Nov 2007 20:06:17 +0000 (20:06 +0000)]
Comply with updated x86cpuid.pl.

17 years agox86cpuid.pl update [from HEAD].
Andy Polyakov [Sun, 11 Nov 2007 19:44:42 +0000 (19:44 +0000)]
x86cpuid.pl update [from HEAD].

17 years agoTypos in Configure.
Andy Polyakov [Sun, 11 Nov 2007 16:39:31 +0000 (16:39 +0000)]
Typos in Configure.

17 years agorc4-x86_64.pl update [from HEAD].
Andy Polyakov [Sun, 11 Nov 2007 16:25:46 +0000 (16:25 +0000)]
rc4-x86_64.pl update [from HEAD].

17 years agox86_64cpuid.pl update [from HEAD].
Andy Polyakov [Sun, 11 Nov 2007 16:25:00 +0000 (16:25 +0000)]
x86_64cpuid.pl update [from HEAD].

17 years agoAdd AES x86_64 assembler. Note that it's not latest version from HEAD,
Andy Polyakov [Sun, 11 Nov 2007 14:49:56 +0000 (14:49 +0000)]
Add AES x86_64 assembler. Note that it's not latest version from HEAD,
but older one corresponding to x86 module from 098-stable.

17 years agoAdd SHA x86_64 assembler [from HEAD].
Andy Polyakov [Sun, 11 Nov 2007 13:56:47 +0000 (13:56 +0000)]
Add SHA x86_64 assembler [from HEAD].

17 years agoSynchronize message digests in 098-fips with 098.
Andy Polyakov [Sun, 11 Nov 2007 13:34:08 +0000 (13:34 +0000)]
Synchronize message digests in 098-fips with 098.

17 years agoCommit #16325 fixed one thing but broke DH with certain moduli [from HEAD].
Andy Polyakov [Sat, 3 Nov 2007 20:09:29 +0000 (20:09 +0000)]
Commit #16325 fixed one thing but broke DH with certain moduli [from HEAD].

17 years agoAllow new session ticket when resuming.
Dr. Stephen Henson [Sat, 3 Nov 2007 13:07:39 +0000 (13:07 +0000)]
Allow new session ticket when resuming.

17 years agoAdd OIDs by CMP (RFC 4210) and CRMF (RFC 4211)
Lutz Jänicke [Thu, 1 Nov 2007 08:25:28 +0000 (08:25 +0000)]
Add OIDs by CMP (RFC 4210) and CRMF (RFC 4211)

Submitted by: Martin Peylo <martinmeis@googlemail.com>

17 years agoMake it possible for older masm to compile sse2 modules.
Andy Polyakov [Sun, 21 Oct 2007 14:15:40 +0000 (14:15 +0000)]
Make it possible for older masm to compile sse2 modules.
PR: 1592

17 years agoRelease OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f
Lutz Jänicke [Fri, 19 Oct 2007 08:25:53 +0000 (08:25 +0000)]
Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f

17 years agoEnsure the ticket expected flag is reset when a stateless resumption is
Dr. Stephen Henson [Thu, 18 Oct 2007 11:39:11 +0000 (11:39 +0000)]
Ensure the ticket expected flag is reset when a stateless resumption is
successful.

17 years agoNew unused field crippled ssl_ctx_st in 0.9.8"f".
Andy Polyakov [Wed, 17 Oct 2007 21:22:58 +0000 (21:22 +0000)]
New unused field crippled ssl_ctx_st in 0.9.8"f".

17 years agoDon't let DTLS ChangeCipherSpec increment handshake sequence number. From
Andy Polyakov [Wed, 17 Oct 2007 21:17:49 +0000 (21:17 +0000)]
Don't let DTLS ChangeCipherSpec increment handshake sequence number. From
HEAD with a twist: server interoperates with non-compliant client.
PR: 1587

17 years agoDon't try to lookup zero length session.
Dr. Stephen Henson [Wed, 17 Oct 2007 17:30:15 +0000 (17:30 +0000)]
Don't try to lookup zero length session.

17 years agoAllow TLS tickets and session ID to both be present if lifetime hint is -1.
Dr. Stephen Henson [Wed, 17 Oct 2007 11:27:25 +0000 (11:27 +0000)]
Allow TLS tickets and session ID to both be present if lifetime hint is -1.
This never happens in normal SSL sessions but can be useful if the session
is being used as a "blob" to contain other data.

17 years agoWork around inconsistent version numbering in 0.9.8f (release).
Lutz Jänicke [Wed, 17 Oct 2007 07:46:49 +0000 (07:46 +0000)]
Work around inconsistent version numbering in 0.9.8f (release).
The version code of the release should have been 09086f (6=f, f=release)
but accidently it was marked "090870" (which would be "0.9.8g-dev").

Therefore we now use "090871" for the development of 0.9.8g. Once
0.9.8g is released, the problem will be "healed". We have never done
beta releases for 0.9.x-stable patch releases, so 090871 would never
be used in practice.

PR: #1589

17 years agoMake ssl compile.
Andy Polyakov [Sun, 14 Oct 2007 14:07:46 +0000 (14:07 +0000)]
Make ssl compile.

17 years agoInclude USE_SOCKETS #define
Dr. Stephen Henson [Sun, 14 Oct 2007 12:19:07 +0000 (12:19 +0000)]
Include USE_SOCKETS #define

17 years agoMake it possible to link VC static lib with either /MT or /MD application
Andy Polyakov [Sat, 13 Oct 2007 12:38:37 +0000 (12:38 +0000)]
Make it possible to link VC static lib with either /MT or /MD application
[from HEAD].
PR: 1230

17 years agoCopy bn/asm/ia64.S from HEAD.
Andy Polyakov [Sat, 13 Oct 2007 11:02:17 +0000 (11:02 +0000)]
Copy bn/asm/ia64.S from HEAD.

17 years agoAvoid shadow and signed/unsigned warnings.
Dr. Stephen Henson [Fri, 12 Oct 2007 00:29:06 +0000 (00:29 +0000)]
Avoid shadow and signed/unsigned warnings.

17 years agoBackport certificate status request TLS extension support to 0.9.8.
Dr. Stephen Henson [Fri, 12 Oct 2007 00:00:36 +0000 (00:00 +0000)]
Backport certificate status request TLS extension support to 0.9.8.

17 years agoBack to -dev.
Ben Laurie [Thu, 11 Oct 2007 18:27:10 +0000 (18:27 +0000)]
Back to -dev.

17 years agoMinor release cockups.
Ben Laurie [Thu, 11 Oct 2007 18:23:16 +0000 (18:23 +0000)]
Minor release cockups.

17 years agoNext version.
Ben Laurie [Thu, 11 Oct 2007 15:04:32 +0000 (15:04 +0000)]
Next version.

17 years agoReady to roll.
Ben Laurie [Thu, 11 Oct 2007 14:58:15 +0000 (14:58 +0000)]
Ready to roll.

17 years agomake update, and more DTLS stuff.
Ben Laurie [Thu, 11 Oct 2007 14:36:59 +0000 (14:36 +0000)]
make update, and more DTLS stuff.

17 years agoRespect cookie length set by app_gen_cookie_cb [from HEAD].
Andy Polyakov [Tue, 9 Oct 2007 19:31:53 +0000 (19:31 +0000)]
Respect cookie length set by app_gen_cookie_cb [from HEAD].

Submitted by: Alex Lam

17 years agoMake DTLS1 record layer MAC calculation RFC compliant. From HEAD with a
Andy Polyakov [Tue, 9 Oct 2007 19:22:01 +0000 (19:22 +0000)]
Make DTLS1 record layer MAC calculation RFC compliant. From HEAD with a
twist: server interoperates with non-compliant pre-0.9.8f client.

17 years agoProhibit RC4 in DTLS [from HEAD].
Andy Polyakov [Fri, 5 Oct 2007 21:05:27 +0000 (21:05 +0000)]
Prohibit RC4 in DTLS [from HEAD].

17 years agoFix from fips branch.
Dr. Stephen Henson [Fri, 5 Oct 2007 16:47:04 +0000 (16:47 +0000)]
Fix from fips branch.

17 years agoSet client_version earlier in DTLS (this is 0.9.8 specific).
Andy Polyakov [Wed, 3 Oct 2007 10:18:06 +0000 (10:18 +0000)]
Set client_version earlier in DTLS (this is 0.9.8 specific).

17 years agoOops! This was erroneously left out commit #16633.
Andy Polyakov [Mon, 1 Oct 2007 06:28:48 +0000 (06:28 +0000)]
Oops! This was erroneously left out commit #16633.

17 years agoExplicit IV update [from HEAD].
Andy Polyakov [Sun, 30 Sep 2007 22:03:07 +0000 (22:03 +0000)]
Explicit IV update [from HEAD].

17 years agoMake ChangeCipherSpec compliant with DTLS RFC4347. From HEAD with a twist:
Andy Polyakov [Sun, 30 Sep 2007 21:20:59 +0000 (21:20 +0000)]
Make ChangeCipherSpec compliant with DTLS RFC4347. From HEAD with a twist:
server interoperates with non-compliant pre-0.9.8f.

17 years agoDTLS RFC4347 says HelloVerifyRequest resets Finished MAC. From HEAD with a
Andy Polyakov [Sun, 30 Sep 2007 19:36:32 +0000 (19:36 +0000)]
DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. From HEAD with a
twist: server allows for non-compliant Finished calculations in order to
enable interop with pre-0.9.8f.

17 years agoDTLS RFC4347 requires client to use rame random field in reply to
Andy Polyakov [Sun, 30 Sep 2007 19:15:46 +0000 (19:15 +0000)]
DTLS RFC4347 requires client to use rame random field in reply to
HelloVerifyRequest [from HEAD].

17 years agoSwitch for RFC-compliant version encoding in DTLS. From HEAD with a twist:
Andy Polyakov [Sun, 30 Sep 2007 18:55:59 +0000 (18:55 +0000)]
Switch for RFC-compliant version encoding in DTLS. From HEAD with a twist:
server accepts even non-compliant encoding in order to enable interop with
pre-0.9.8f clients.

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Fri, 28 Sep 2007 16:29:24 +0000 (16:29 +0000)]
Update from HEAD.

17 years agoTypos
Lutz Jänicke [Mon, 24 Sep 2007 11:22:31 +0000 (11:22 +0000)]
Typos
PR: 1578
Submitted by: Charles Longeau <chl@tuxfamily.org>

17 years agoFinish sentence with a "."
Lutz Jänicke [Mon, 24 Sep 2007 10:58:15 +0000 (10:58 +0000)]
Finish sentence with a "."

17 years agoFix from HEAD.
Dr. Stephen Henson [Sun, 23 Sep 2007 15:55:54 +0000 (15:55 +0000)]
Fix from HEAD.

17 years agoMore changes from HEAD:
Bodo Möller [Fri, 21 Sep 2007 14:05:08 +0000 (14:05 +0000)]
More changes from HEAD:

- no need to disable SSL 2.0 for SSL_CTRL_SET_TLSEXT_HOSTNAME
  now that ssl23_client_hello takes care of that

- fix buffer overrun checks in ssl_add_serverhello_tlsext()

17 years agoFixes from HEAD.
Dr. Stephen Henson [Fri, 21 Sep 2007 13:40:51 +0000 (13:40 +0000)]
Fixes from HEAD.

17 years agoThe use of the PURIFY macro in ssleay_rand_bytes() is sufficient to
Lutz Jänicke [Fri, 21 Sep 2007 10:10:47 +0000 (10:10 +0000)]
The use of the PURIFY macro in ssleay_rand_bytes() is sufficient to
resolve the Valgrind issue with random numbers. Undo the changes to
RAND_bytes() and RAND_pseudo_bytes() that are redundant in this
respect.
Update documentation and FAQ accordingly, as the PURIFY macro is
available at least since 0.9.7.

17 years agoUse PURIFY instead of PEDANTIC.
Ben Laurie [Thu, 20 Sep 2007 12:33:24 +0000 (12:33 +0000)]
Use PURIFY instead of PEDANTIC.

17 years agoClarify wording a little.
Dr. Stephen Henson [Thu, 20 Sep 2007 11:32:09 +0000 (11:32 +0000)]
Clarify wording a little.

17 years agoAdd FAQ entry on how to get rid of Valgrind warnings.
Lutz Jänicke [Thu, 20 Sep 2007 07:39:15 +0000 (07:39 +0000)]
Add FAQ entry on how to get rid of Valgrind warnings.

PR: 521

17 years agoAdd passage to manual page actually reflecting the usage of the
Lutz Jänicke [Thu, 20 Sep 2007 07:24:45 +0000 (07:24 +0000)]
Add passage to manual page actually reflecting the usage of the
contents of "buf" when calling RAND_*bytes().

17 years agoWrap "keep valgrind happy" change in #ifdef PEDANTIC so any entropy in the
Dr. Stephen Henson [Wed, 19 Sep 2007 13:29:05 +0000 (13:29 +0000)]
Wrap "keep valgrind happy" change in #ifdef PEDANTIC so any entropy in the
buffer can be normally used.

17 years agoSlight bug in dependencies caused occasional unnecessary diffs. Fixed.
Ben Laurie [Wed, 19 Sep 2007 13:10:34 +0000 (13:10 +0000)]
Slight bug in dependencies caused occasional unnecessary diffs. Fixed.

17 years agomake depend
Ben Laurie [Wed, 19 Sep 2007 12:17:11 +0000 (12:17 +0000)]
make depend

17 years agoLingering "security" fix.
Ben Laurie [Wed, 19 Sep 2007 12:16:21 +0000 (12:16 +0000)]
Lingering "security" fix.

17 years agoWire DES weak_keys to read-only segment [from HEAD].
Andy Polyakov [Tue, 18 Sep 2007 20:59:33 +0000 (20:59 +0000)]
Wire DES weak_keys to read-only segment [from HEAD].

17 years agoMinimize stack utilization in probable_prime [from HEAD].
Andy Polyakov [Tue, 18 Sep 2007 20:55:10 +0000 (20:55 +0000)]
Minimize stack utilization in probable_prime [from HEAD].

17 years agoRemove excessive whitespaces from bio.h.
Andy Polyakov [Tue, 18 Sep 2007 20:49:25 +0000 (20:49 +0000)]
Remove excessive whitespaces from bio.h.

17 years agoMake sure that BN_from_montgomery keeps the BIGNUMS in proper format
Bodo Möller [Tue, 18 Sep 2007 16:31:18 +0000 (16:31 +0000)]
Make sure that BN_from_montgomery keeps the BIGNUMS in proper format

17 years agoPR: 1560
Dr. Stephen Henson [Mon, 17 Sep 2007 17:54:02 +0000 (17:54 +0000)]
PR: 1560

17 years agoPR: 1582
Dr. Stephen Henson [Mon, 17 Sep 2007 17:30:01 +0000 (17:30 +0000)]
PR: 1582

17 years agoenc.pod update [from HEAD].
Andy Polyakov [Mon, 17 Sep 2007 16:43:11 +0000 (16:43 +0000)]
enc.pod update [from HEAD].
PR: 1529

17 years agoTypo in pq_compat.h [note that this file is not present in HEAD].
Andy Polyakov [Mon, 17 Sep 2007 16:21:21 +0000 (16:21 +0000)]
Typo in pq_compat.h [note that this file is not present in HEAD].
PR: 1537

17 years agoMention SHA2 in apps/dgst and openssl.pod.
Andy Polyakov [Mon, 17 Sep 2007 15:57:31 +0000 (15:57 +0000)]
Mention SHA2 in apps/dgst and openssl.pod.
PR: 1575

17 years agoIt's inappropraite to override application signal, nor is it appropriate
Andy Polyakov [Sun, 16 Sep 2007 18:35:45 +0000 (18:35 +0000)]
It's inappropraite to override application signal, nor is it appropriate
to shut down Winsock unless we know it won't be used [and we never do]
[from HEAD].
PR: 1439

17 years agoMinor fix in link_[oa].hpux [from HEAD].
Andy Polyakov [Sun, 16 Sep 2007 14:11:51 +0000 (14:11 +0000)]
Minor fix in link_[oa].hpux [from HEAD].

17 years agoBSD run-time linkers apparently demand RPATH on .so objects [from HEAD].
Andy Polyakov [Sun, 16 Sep 2007 12:24:17 +0000 (12:24 +0000)]
BSD run-time linkers apparently demand RPATH on .so objects [from HEAD].
PR: 1381

17 years agoMake bn2dec work on "SIXTY_FOUR_BIT" platforms [from HEAD].
Andy Polyakov [Sat, 15 Sep 2007 17:05:57 +0000 (17:05 +0000)]
Make bn2dec work on "SIXTY_FOUR_BIT" platforms [from HEAD].
PR: 1456

17 years agoMore Intel cc fix-ups [from HEAD].
Andy Polyakov [Fri, 14 Sep 2007 19:32:54 +0000 (19:32 +0000)]
More Intel cc fix-ups [from HEAD].

17 years agoIt's unfortunate, but we have to disengage DES assembler in linux64-sparcv9
Andy Polyakov [Fri, 14 Sep 2007 15:39:49 +0000 (15:39 +0000)]
It's unfortunate, but we have to disengage DES assembler in linux64-sparcv9
build, because it expects DES_INT and the latter didn't make it to first
0.9.8.

17 years agoIntegrate remaining parts of #14247 [from HEAD].
Andy Polyakov [Fri, 7 Sep 2007 12:27:50 +0000 (12:27 +0000)]
Integrate remaining parts of #14247 [from HEAD].

17 years agoReimplement safestack to avoid function pointer casts.
Dr. Stephen Henson [Thu, 6 Sep 2007 21:07:43 +0000 (21:07 +0000)]
Reimplement safestack to avoid function pointer casts.

17 years agoUpdate NEWS file.
Dr. Stephen Henson [Thu, 6 Sep 2007 12:59:34 +0000 (12:59 +0000)]
Update NEWS file.

17 years agogcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.
Dr. Stephen Henson [Thu, 6 Sep 2007 12:43:54 +0000 (12:43 +0000)]
gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.

Fix various "computed value not used" warnings too.

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Fri, 31 Aug 2007 00:28:51 +0000 (00:28 +0000)]
Update from HEAD.

17 years agoaes_ige update [from HEAD].
Andy Polyakov [Thu, 30 Aug 2007 08:11:25 +0000 (08:11 +0000)]
aes_ige update [from HEAD].

17 years agodarwin platform updates [from HEAD].
Andy Polyakov [Thu, 30 Aug 2007 08:10:39 +0000 (08:10 +0000)]
darwin platform updates [from HEAD].

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Tue, 28 Aug 2007 01:12:44 +0000 (01:12 +0000)]
Update from HEAD.

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Mon, 27 Aug 2007 23:47:10 +0000 (23:47 +0000)]
Update from HEAD.

17 years agoshlib_wrap update [from HEAD].
Andy Polyakov [Mon, 27 Aug 2007 08:52:57 +0000 (08:52 +0000)]
shlib_wrap update [from HEAD].

17 years agoIRIX and Tru64 platform updates [from HEAD].
Andy Polyakov [Sun, 26 Aug 2007 14:18:05 +0000 (14:18 +0000)]
IRIX and Tru64 platform updates [from HEAD].

17 years agoClarify CHANGES entry.
Dr. Stephen Henson [Thu, 23 Aug 2007 22:58:24 +0000 (22:58 +0000)]
Clarify CHANGES entry.

17 years agoUpdate docs and NEWS file.
Dr. Stephen Henson [Thu, 23 Aug 2007 22:53:57 +0000 (22:53 +0000)]
Update docs and NEWS file.

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Thu, 23 Aug 2007 22:49:42 +0000 (22:49 +0000)]
Update from HEAD.

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Thu, 23 Aug 2007 12:20:56 +0000 (12:20 +0000)]
Update from HEAD.

17 years agoUpdate docs.
Dr. Stephen Henson [Thu, 23 Aug 2007 12:16:03 +0000 (12:16 +0000)]
Update docs.

17 years agoVAX C can't handle 64 bit integers, making SHA512 impossible...
Richard Levitte [Wed, 22 Aug 2007 20:58:56 +0000 (20:58 +0000)]
VAX C can't handle 64 bit integers, making SHA512 impossible...

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Mon, 20 Aug 2007 12:44:22 +0000 (12:44 +0000)]
Update from HEAD.