oweals/openssl.git
16 years agoavoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Bodo Möller [Mon, 23 Jun 2008 20:46:28 +0000 (20:46 +0000)]
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()

Submitted by: Huang Ying
Reviewed by: Douglas Stebila

16 years agoUpdate ordinals.
Dr. Stephen Henson [Sun, 22 Jun 2008 01:10:04 +0000 (01:10 +0000)]
Update ordinals.

16 years agoMake WIN32 build work with no-rc4
Dr. Stephen Henson [Sat, 21 Jun 2008 23:28:02 +0000 (23:28 +0000)]
Make WIN32 build work with no-rc4

16 years agoFix typo and filter on X509_PURPOSE_SSL_CLIENT when presenting certs.
Dr. Stephen Henson [Wed, 18 Jun 2008 14:42:27 +0000 (14:42 +0000)]
Fix typo and filter on X509_PURPOSE_SSL_CLIENT when presenting certs.

16 years agoAdd support for machine stores and handle provider type errors properly in keys.
Dr. Stephen Henson [Wed, 18 Jun 2008 12:05:23 +0000 (12:05 +0000)]
Add support for machine stores and handle provider type errors properly in keys.

16 years agoMake ssl code consistent with FIPS branch. The new code has no effect
Dr. Stephen Henson [Mon, 16 Jun 2008 16:56:43 +0000 (16:56 +0000)]
Make ssl code consistent with FIPS branch. The new code has no effect
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.

16 years agoAdd error code for FIPS library and make library numbers consistent.
Dr. Stephen Henson [Mon, 16 Jun 2008 15:22:49 +0000 (15:22 +0000)]
Add error code for FIPS library and make library numbers consistent.

16 years agoSync ordinals with FIPS branch. FIPS specific functions currently are place
Dr. Stephen Henson [Sun, 15 Jun 2008 16:52:37 +0000 (16:52 +0000)]
Sync ordinals with FIPS branch. FIPS specific functions currently are place
holders to keep ordinals consistent.

16 years agoAdd acknowledgement.
Dr. Stephen Henson [Mon, 9 Jun 2008 16:50:48 +0000 (16:50 +0000)]
Add acknowledgement.

16 years agoOPENSSL_isservice() is defined on all platforms.
Ben Laurie [Sat, 7 Jun 2008 17:22:37 +0000 (17:22 +0000)]
OPENSSL_isservice() is defined on all platforms.

16 years agoUpdate from head.
Dr. Stephen Henson [Fri, 6 Jun 2008 20:48:57 +0000 (20:48 +0000)]
Update from head.

16 years agoUpdate ordinals.
Dr. Stephen Henson [Fri, 6 Jun 2008 15:54:00 +0000 (15:54 +0000)]
Update ordinals.

16 years agoUpdate CryptoAPI ENGINE from head. Export OPENSSL_isservice().
Dr. Stephen Henson [Fri, 6 Jun 2008 15:52:32 +0000 (15:52 +0000)]
Update CryptoAPI ENGINE from head. Export OPENSSL_isservice().

16 years agoMake headers work with older versions of Window platform SDK.
Dr. Stephen Henson [Thu, 5 Jun 2008 16:56:00 +0000 (16:56 +0000)]
Make headers work with older versions of Window platform SDK.

16 years agoUpdate CHANGES.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:32:05 +0000 (15:32 +0000)]
Update CHANGES.

16 years agoIf auto load ENGINE lookup fails retry adding builtin ENGINEs.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:13:03 +0000 (15:13 +0000)]
If auto load ENGINE lookup fails retry adding builtin ENGINEs.

16 years agoConfigure options of form -Dfoo=bar should get added to CFLAGS in mk1mf.pl
Dr. Stephen Henson [Thu, 5 Jun 2008 15:09:40 +0000 (15:09 +0000)]
Configure options of form -Dfoo=bar should get added to CFLAGS in mk1mf.pl

16 years agoDon't show choice dialog if only one cert.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:44:53 +0000 (11:44 +0000)]
Don't show choice dialog if only one cert.

16 years agoSearch $OPTIONS for -DOPENSSL_CAPIENG_DIALOG because $cflags is
Dr. Stephen Henson [Thu, 5 Jun 2008 11:38:03 +0000 (11:38 +0000)]
Search $OPTIONS for -DOPENSSL_CAPIENG_DIALOG because $cflags is
no complete at this point.

16 years agoinclude engine.h if needed.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:23:35 +0000 (11:23 +0000)]
include engine.h if needed.

16 years agoUpdate ordinals.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:57:21 +0000 (10:57 +0000)]
Update ordinals.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:56:51 +0000 (10:56 +0000)]
Update from HEAD.

16 years agoRemove some unneeded columns from dialog.
Dr. Stephen Henson [Wed, 4 Jun 2008 23:00:59 +0000 (23:00 +0000)]
Remove some unneeded columns from dialog.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 22:39:29 +0000 (22:39 +0000)]
Update from HEAD.

16 years agoOops... missed this part of backport.
Dr. Stephen Henson [Wed, 4 Jun 2008 20:11:17 +0000 (20:11 +0000)]
Oops... missed this part of backport.

16 years agoBackport s_client changes.
Dr. Stephen Henson [Wed, 4 Jun 2008 19:52:36 +0000 (19:52 +0000)]
Backport s_client changes.

16 years agoUpdate CryptoAPI ENGINE from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:49:44 +0000 (18:49 +0000)]
Update CryptoAPI ENGINE from HEAD.

16 years agoBackport more ENGINE SSL client auth code to 0.9.8.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:35:27 +0000 (18:35 +0000)]
Backport more ENGINE SSL client auth code to 0.9.8.

16 years agoBackport ssl client auth ENGINE support to 0.9.8.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:01:40 +0000 (18:01 +0000)]
Backport ssl client auth ENGINE support to 0.9.8.

16 years agoEveryone's had a few years to port their favorite additions to 0.9.7
Bodo Möller [Sat, 31 May 2008 13:42:52 +0000 (13:42 +0000)]
Everyone's had a few years to port their favorite additions to 0.9.7
to HEAD (and the 0.9.8 branch).  Remove the reminder.

16 years agoDSA method slightly more tested and fixed ;-)
Dr. Stephen Henson [Fri, 30 May 2008 17:44:36 +0000 (17:44 +0000)]
DSA method slightly more tested and fixed ;-)

16 years agoUpdate error codes.
Dr. Stephen Henson [Fri, 30 May 2008 17:07:18 +0000 (17:07 +0000)]
Update error codes.

16 years agoUntested initial CryptoAPI dsa signing code.
Dr. Stephen Henson [Fri, 30 May 2008 17:03:16 +0000 (17:03 +0000)]
Untested initial CryptoAPI dsa signing code.

16 years agoSome DSA method structures and placeholders, not complete yet.
Dr. Stephen Henson [Fri, 30 May 2008 16:31:51 +0000 (16:31 +0000)]
Some DSA method structures and placeholders, not complete yet.

16 years agoDelete unused functions.
Dr. Stephen Henson [Fri, 30 May 2008 16:14:34 +0000 (16:14 +0000)]
Delete unused functions.

16 years agoGet BIO_snprintf() argument order right....
Dr. Stephen Henson [Fri, 30 May 2008 15:28:40 +0000 (15:28 +0000)]
Get BIO_snprintf() argument order right....

16 years agoAdd new error codes, log unknown magic or algorithm IDs.
Dr. Stephen Henson [Fri, 30 May 2008 15:24:19 +0000 (15:24 +0000)]
Add new error codes, log unknown magic or algorithm IDs.

16 years agoInitial DSA public key loading support in CryptoAPI ENGINE.
Dr. Stephen Henson [Fri, 30 May 2008 15:05:39 +0000 (15:05 +0000)]
Initial DSA public key loading support in CryptoAPI ENGINE.

16 years agoAdd support for ENGINE loaded keys in dsa app.
Dr. Stephen Henson [Fri, 30 May 2008 15:04:58 +0000 (15:04 +0000)]
Add support for ENGINE loaded keys in dsa app.

16 years agoAdd error codes for blob sanity checks, rebuild error table.
Dr. Stephen Henson [Fri, 30 May 2008 11:58:50 +0000 (11:58 +0000)]
Add error codes for blob sanity checks, rebuild error table.

16 years agoBlob type and algorithm type sanity checks
Dr. Stephen Henson [Fri, 30 May 2008 11:54:51 +0000 (11:54 +0000)]
Blob type and algorithm type sanity checks

16 years agoDon't set extended type is mbstring flag set.
Dr. Stephen Henson [Fri, 30 May 2008 10:57:13 +0000 (10:57 +0000)]
Don't set extended type is mbstring flag set.

16 years agoUpdate default depflag.
Dr. Stephen Henson [Fri, 30 May 2008 10:31:43 +0000 (10:31 +0000)]
Update default depflag.

16 years agoLoad CryptoAPI engine if supported.
Dr. Stephen Henson [Thu, 29 May 2008 23:47:40 +0000 (23:47 +0000)]
Load CryptoAPI engine if supported.

16 years agoUpdate mkdef.pl to recognize CAPIENG
Dr. Stephen Henson [Thu, 29 May 2008 23:15:41 +0000 (23:15 +0000)]
Update mkdef.pl to recognize CAPIENG

16 years agoMake CryptoAPI engine look more like the others....
Dr. Stephen Henson [Thu, 29 May 2008 21:03:48 +0000 (21:03 +0000)]
Make CryptoAPI engine look more like the others....

16 years agoMake dynamic engine link work with capi.
Dr. Stephen Henson [Thu, 29 May 2008 17:51:22 +0000 (17:51 +0000)]
Make dynamic engine link work with capi.

16 years agoDisable CryptoAPI engine compilation by default.
Dr. Stephen Henson [Thu, 29 May 2008 17:20:42 +0000 (17:20 +0000)]
Disable CryptoAPI engine compilation by default.

16 years agoCreate error codes, compile in source.
Dr. Stephen Henson [Thu, 29 May 2008 17:13:15 +0000 (17:13 +0000)]
Create error codes, compile in source.

16 years agoCryptoAPI ENGINE... initial version, not compiled in yet.
Dr. Stephen Henson [Thu, 29 May 2008 16:46:38 +0000 (16:46 +0000)]
CryptoAPI ENGINE... initial version, not compiled in yet.

16 years agoFAQ updates from HEAD
Bodo Möller [Wed, 28 May 2008 22:30:39 +0000 (22:30 +0000)]
FAQ updates from HEAD

16 years agofix whitespace
Bodo Möller [Wed, 28 May 2008 22:22:50 +0000 (22:22 +0000)]
fix whitespace

16 years agoAfter tagging, bump ready for 0.9.8i development
Mark J. Cox [Wed, 28 May 2008 07:47:50 +0000 (07:47 +0000)]
After tagging, bump ready for 0.9.8i development

16 years agoPrepare for 0.9.8h release OpenSSL_0_9_8h
Mark J. Cox [Wed, 28 May 2008 07:37:14 +0000 (07:37 +0000)]
Prepare for 0.9.8h release

16 years agoFix flaw if 'Server Key exchange message' is omitted from a TLS
Mark J. Cox [Wed, 28 May 2008 07:29:27 +0000 (07:29 +0000)]
Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com

16 years agoFix double-free in TLS server name extensions which could lead to a remote
Mark J. Cox [Wed, 28 May 2008 07:26:33 +0000 (07:26 +0000)]
Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com

16 years agogrammar
Bodo Möller [Tue, 27 May 2008 18:43:30 +0000 (18:43 +0000)]
grammar

16 years agoyear 2008
Bodo Möller [Tue, 27 May 2008 18:41:02 +0000 (18:41 +0000)]
year 2008

16 years agoAdd README about removed root CA certificates.
Lutz Jänicke [Mon, 26 May 2008 06:23:55 +0000 (06:23 +0000)]
Add README about removed root CA certificates.

16 years agoReword comment to be much shorter to stop other people from complaining
Lutz Jänicke [Mon, 26 May 2008 06:21:10 +0000 (06:21 +0000)]
Reword comment to be much shorter to stop other people from complaining
about "overcommenting"

16 years agoClear error queue when starting SSL_CTX_use_certificate_chain_file
Lutz Jänicke [Fri, 23 May 2008 10:37:22 +0000 (10:37 +0000)]
Clear error queue when starting SSL_CTX_use_certificate_chain_file
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>

16 years agoRemove all root CA files (beyond test CAs including private key)
Lutz Jänicke [Fri, 23 May 2008 08:59:56 +0000 (08:59 +0000)]
Remove all root CA files (beyond test CAs including private key)
from the OpenSSL distribution.

16 years agoFix off by one error ;-)
Dr. Stephen Henson [Tue, 20 May 2008 18:48:22 +0000 (18:48 +0000)]
Fix off by one error ;-)

16 years agoTypo.
Dr. Stephen Henson [Tue, 20 May 2008 16:13:11 +0000 (16:13 +0000)]
Typo.

16 years agoUpdate ordinals.
Dr. Stephen Henson [Tue, 20 May 2008 12:12:22 +0000 (12:12 +0000)]
Update ordinals.

16 years agoOops... PEM_write_bio_ASN1_stream() shouldn't be in 0.9.8 CMS backport.
Dr. Stephen Henson [Tue, 20 May 2008 12:10:28 +0000 (12:10 +0000)]
Oops... PEM_write_bio_ASN1_stream() shouldn't be in 0.9.8 CMS backport.

16 years agoRemove deleted function definitions from header files
Dr. Stephen Henson [Tue, 20 May 2008 11:50:13 +0000 (11:50 +0000)]
Remove deleted function definitions from header files
so Windows build picks it up.

Recognize new option in mk1mf.pl

16 years agoRemove old DES definition of deleted function too.
Dr. Stephen Henson [Tue, 20 May 2008 11:23:49 +0000 (11:23 +0000)]
Remove old DES definition of deleted function too.

16 years agoCorrectly adjust location of comment
Lutz Jänicke [Tue, 20 May 2008 08:10:51 +0000 (08:10 +0000)]
Correctly adjust location of comment

Submitted by: Ben Laurie <ben@links.org>

16 years agoFix warning.
Ben Laurie [Tue, 20 May 2008 03:05:50 +0000 (03:05 +0000)]
Fix warning.

16 years agoFix two invalid memory reads in RSA OAEP mode.
Dr. Stephen Henson [Mon, 19 May 2008 21:26:28 +0000 (21:26 +0000)]
Fix two invalid memory reads in RSA OAEP mode.
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve

16 years agoDisable code that clearly doesn't currently serve any useful purpose.
Bodo Möller [Mon, 19 May 2008 19:44:33 +0000 (19:44 +0000)]
Disable code that clearly doesn't currently serve any useful purpose.
(Buggy line reported by Matthias Koenig.)

16 years agoDocument "openssl s_server" -crl_check* options
Lutz Jänicke [Mon, 19 May 2008 07:52:17 +0000 (07:52 +0000)]
Document "openssl s_server" -crl_check* options

Submitted by: Daniel Black <daniel.subs@internode.on.net>

16 years agoProvide information about "openssl dgst" -hmac option.
Lutz Jänicke [Mon, 19 May 2008 07:43:41 +0000 (07:43 +0000)]
Provide information about "openssl dgst" -hmac option.

16 years agoTypo.
Dr. Stephen Henson [Sun, 18 May 2008 13:52:05 +0000 (13:52 +0000)]
Typo.
PR: 1672

16 years agoAnother occurance of possible valgrind/purify "uninitialized memory"
Lutz Jänicke [Fri, 16 May 2008 07:14:58 +0000 (07:14 +0000)]
Another occurance of possible valgrind/purify "uninitialized memory"
complaint related to the PRNG: with PURIFY policy don't feed uninitialized
memory into the PRNG.

Submitted by: Bodo Moeller <bmoeller@openssl.org> :-)

16 years agoAlways seed PRNG for new requests no matter what key type. RSA may need
Dr. Stephen Henson [Mon, 12 May 2008 16:07:00 +0000 (16:07 +0000)]
Always seed PRNG for new requests no matter what key type. RSA may need
the PRNG for blinding.

PR: 1666

16 years agoFix from HEAD.
Dr. Stephen Henson [Fri, 9 May 2008 23:17:10 +0000 (23:17 +0000)]
Fix from HEAD.

16 years agoAvoid BN_MONT_CTX incompatibility.
Bodo Möller [Fri, 2 May 2008 18:47:19 +0000 (18:47 +0000)]
Avoid BN_MONT_CTX incompatibility.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Thu, 1 May 2008 23:31:03 +0000 (23:31 +0000)]
Update from HEAD.

16 years agoUnobtrusive backport of 32-bit x86 Montgomery improvements from 0.9.9-dev:
Bodo Möller [Thu, 1 May 2008 23:11:34 +0000 (23:11 +0000)]
Unobtrusive backport of 32-bit x86 Montgomery improvements from 0.9.9-dev:
you need to use "enable-montasm" to see a difference.  (Huge speed
advantage, but BN_MONT_CTX is not binary compatible, so this can't be
enabled by default in the 0.9.8 branch.)

The CHANGES entry also covers the 64-bit x86 backport in November 2007
by appro.

16 years agoTLS ticket key setting callback: this allows and application to set
Dr. Stephen Henson [Wed, 30 Apr 2008 16:11:33 +0000 (16:11 +0000)]
TLS ticket key setting callback: this allows and application to set
its own TLS ticket keys.

16 years agoDo not permit stateless session resumption is session IDs mismatch.
Dr. Stephen Henson [Tue, 29 Apr 2008 17:22:01 +0000 (17:22 +0000)]
Do not permit stateless session resumption is session IDs mismatch.

16 years agoSupport ticket renewal in state machine (not used at present).
Dr. Stephen Henson [Tue, 29 Apr 2008 16:41:53 +0000 (16:41 +0000)]
Support ticket renewal in state machine (not used at present).

16 years agoStatus strings for ticket states.
Dr. Stephen Henson [Tue, 29 Apr 2008 16:38:26 +0000 (16:38 +0000)]
Status strings for ticket states.

16 years agoFix auto-discovery of ENGINEs, ported from HEAD.
Geoff Thorpe [Mon, 28 Apr 2008 21:45:43 +0000 (21:45 +0000)]
Fix auto-discovery of ENGINEs, ported from HEAD.

NB, this fixes a regression relative to 0.9.7 and the documented behaviour,
but it would make sense for distro maintainers and others with an interest
in system behaviour to test with this change. The fix re-enables behaviour
that was broken and thus inherently disabled. In particular, if you
register an ENGINE implementation, and that ENGINE is able to successfully
self-initialise on the host, it will get used automatically (as claimed in
the documentation and as was the case for 0.9.7) - this was not the case
with 0.9.8 until now because of a bug.

PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe

16 years agoUpdate from HEAD.
Geoff Thorpe [Sun, 27 Apr 2008 18:52:14 +0000 (18:52 +0000)]
Update from HEAD.

16 years agoFix from HEAD.
Dr. Stephen Henson [Fri, 25 Apr 2008 16:27:25 +0000 (16:27 +0000)]
Fix from HEAD.

16 years agoCompensate inline assembler in sha512.c for gcc 2.7.2 compiler bug [from HEAD].
Andy Polyakov [Thu, 24 Apr 2008 10:00:40 +0000 (10:00 +0000)]
Compensate inline assembler in sha512.c for gcc 2.7.2 compiler bug [from HEAD].
PR: 1667

16 years agobn_nist.c update from HEAD.
Andy Polyakov [Fri, 18 Apr 2008 15:51:31 +0000 (15:51 +0000)]
bn_nist.c update from HEAD.
PR: 1593

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Fri, 18 Apr 2008 11:19:56 +0000 (11:19 +0000)]
Update from HEAD.

16 years agoAdd missing 'extern "C" {' to some _err.h files in crypto/engines/
Lutz Jänicke [Fri, 18 Apr 2008 07:43:23 +0000 (07:43 +0000)]
Add missing 'extern "C" {' to some _err.h files in crypto/engines/
PR: 1609

16 years agoSynchronise with Unix
Richard Levitte [Fri, 18 Apr 2008 06:07:43 +0000 (06:07 +0000)]
Synchronise with Unix

16 years agoFix incorrect return value in apps/apps.c:parse_yesno()
Lutz Jänicke [Thu, 17 Apr 2008 14:15:29 +0000 (14:15 +0000)]
Fix incorrect return value in apps/apps.c:parse_yesno()
PR: 1607
Submitted by: "Christophe Macé" <mace.christophe@gmail.com>

16 years agoCorrectly handle case of bad arguments supplied to rsautl
Lutz Jänicke [Thu, 17 Apr 2008 13:36:16 +0000 (13:36 +0000)]
Correctly handle case of bad arguments supplied to rsautl
PR: 1659

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Sat, 12 Apr 2008 10:15:33 +0000 (10:15 +0000)]
Update from HEAD.

16 years agoProvide other forms for symbols that are too long or that clash with others
Richard Levitte [Sat, 12 Apr 2008 08:40:03 +0000 (08:40 +0000)]
Provide other forms for symbols that are too long or that clash with others

16 years agoRevert change from HEAD.
Dr. Stephen Henson [Fri, 11 Apr 2008 23:23:57 +0000 (23:23 +0000)]
Revert change from HEAD.

16 years agoFix from HEAD.
Dr. Stephen Henson [Fri, 11 Apr 2008 17:34:42 +0000 (17:34 +0000)]
Fix from HEAD.

16 years agoSynchronise with Unix build
Richard Levitte [Fri, 11 Apr 2008 01:53:19 +0000 (01:53 +0000)]
Synchronise with Unix build