Bodo Möller [Mon, 23 Jun 2008 20:46:28 +0000 (20:46 +0000)]
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
Dr. Stephen Henson [Sun, 22 Jun 2008 01:10:04 +0000 (01:10 +0000)]
Update ordinals.
Dr. Stephen Henson [Sat, 21 Jun 2008 23:28:02 +0000 (23:28 +0000)]
Make WIN32 build work with no-rc4
Dr. Stephen Henson [Wed, 18 Jun 2008 14:42:27 +0000 (14:42 +0000)]
Fix typo and filter on X509_PURPOSE_SSL_CLIENT when presenting certs.
Dr. Stephen Henson [Wed, 18 Jun 2008 12:05:23 +0000 (12:05 +0000)]
Add support for machine stores and handle provider type errors properly in keys.
Dr. Stephen Henson [Mon, 16 Jun 2008 16:56:43 +0000 (16:56 +0000)]
Make ssl code consistent with FIPS branch. The new code has no effect
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
Dr. Stephen Henson [Mon, 16 Jun 2008 15:22:49 +0000 (15:22 +0000)]
Add error code for FIPS library and make library numbers consistent.
Dr. Stephen Henson [Sun, 15 Jun 2008 16:52:37 +0000 (16:52 +0000)]
Sync ordinals with FIPS branch. FIPS specific functions currently are place
holders to keep ordinals consistent.
Dr. Stephen Henson [Mon, 9 Jun 2008 16:50:48 +0000 (16:50 +0000)]
Add acknowledgement.
Ben Laurie [Sat, 7 Jun 2008 17:22:37 +0000 (17:22 +0000)]
OPENSSL_isservice() is defined on all platforms.
Dr. Stephen Henson [Fri, 6 Jun 2008 20:48:57 +0000 (20:48 +0000)]
Update from head.
Dr. Stephen Henson [Fri, 6 Jun 2008 15:54:00 +0000 (15:54 +0000)]
Update ordinals.
Dr. Stephen Henson [Fri, 6 Jun 2008 15:52:32 +0000 (15:52 +0000)]
Update CryptoAPI ENGINE from head. Export OPENSSL_isservice().
Dr. Stephen Henson [Thu, 5 Jun 2008 16:56:00 +0000 (16:56 +0000)]
Make headers work with older versions of Window platform SDK.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:32:05 +0000 (15:32 +0000)]
Update CHANGES.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:13:03 +0000 (15:13 +0000)]
If auto load ENGINE lookup fails retry adding builtin ENGINEs.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:09:40 +0000 (15:09 +0000)]
Configure options of form -Dfoo=bar should get added to CFLAGS in mk1mf.pl
Dr. Stephen Henson [Thu, 5 Jun 2008 11:44:53 +0000 (11:44 +0000)]
Don't show choice dialog if only one cert.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:38:03 +0000 (11:38 +0000)]
Search $OPTIONS for -DOPENSSL_CAPIENG_DIALOG because $cflags is
no complete at this point.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:23:35 +0000 (11:23 +0000)]
include engine.h if needed.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:57:21 +0000 (10:57 +0000)]
Update ordinals.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:56:51 +0000 (10:56 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 23:00:59 +0000 (23:00 +0000)]
Remove some unneeded columns from dialog.
Dr. Stephen Henson [Wed, 4 Jun 2008 22:39:29 +0000 (22:39 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 20:11:17 +0000 (20:11 +0000)]
Oops... missed this part of backport.
Dr. Stephen Henson [Wed, 4 Jun 2008 19:52:36 +0000 (19:52 +0000)]
Backport s_client changes.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:49:44 +0000 (18:49 +0000)]
Update CryptoAPI ENGINE from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:35:27 +0000 (18:35 +0000)]
Backport more ENGINE SSL client auth code to 0.9.8.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:01:40 +0000 (18:01 +0000)]
Backport ssl client auth ENGINE support to 0.9.8.
Bodo Möller [Sat, 31 May 2008 13:42:52 +0000 (13:42 +0000)]
Everyone's had a few years to port their favorite additions to 0.9.7
to HEAD (and the 0.9.8 branch). Remove the reminder.
Dr. Stephen Henson [Fri, 30 May 2008 17:44:36 +0000 (17:44 +0000)]
DSA method slightly more tested and fixed ;-)
Dr. Stephen Henson [Fri, 30 May 2008 17:07:18 +0000 (17:07 +0000)]
Update error codes.
Dr. Stephen Henson [Fri, 30 May 2008 17:03:16 +0000 (17:03 +0000)]
Untested initial CryptoAPI dsa signing code.
Dr. Stephen Henson [Fri, 30 May 2008 16:31:51 +0000 (16:31 +0000)]
Some DSA method structures and placeholders, not complete yet.
Dr. Stephen Henson [Fri, 30 May 2008 16:14:34 +0000 (16:14 +0000)]
Delete unused functions.
Dr. Stephen Henson [Fri, 30 May 2008 15:28:40 +0000 (15:28 +0000)]
Get BIO_snprintf() argument order right....
Dr. Stephen Henson [Fri, 30 May 2008 15:24:19 +0000 (15:24 +0000)]
Add new error codes, log unknown magic or algorithm IDs.
Dr. Stephen Henson [Fri, 30 May 2008 15:05:39 +0000 (15:05 +0000)]
Initial DSA public key loading support in CryptoAPI ENGINE.
Dr. Stephen Henson [Fri, 30 May 2008 15:04:58 +0000 (15:04 +0000)]
Add support for ENGINE loaded keys in dsa app.
Dr. Stephen Henson [Fri, 30 May 2008 11:58:50 +0000 (11:58 +0000)]
Add error codes for blob sanity checks, rebuild error table.
Dr. Stephen Henson [Fri, 30 May 2008 11:54:51 +0000 (11:54 +0000)]
Blob type and algorithm type sanity checks
Dr. Stephen Henson [Fri, 30 May 2008 10:57:13 +0000 (10:57 +0000)]
Don't set extended type is mbstring flag set.
Dr. Stephen Henson [Fri, 30 May 2008 10:31:43 +0000 (10:31 +0000)]
Update default depflag.
Dr. Stephen Henson [Thu, 29 May 2008 23:47:40 +0000 (23:47 +0000)]
Load CryptoAPI engine if supported.
Dr. Stephen Henson [Thu, 29 May 2008 23:15:41 +0000 (23:15 +0000)]
Update mkdef.pl to recognize CAPIENG
Dr. Stephen Henson [Thu, 29 May 2008 21:03:48 +0000 (21:03 +0000)]
Make CryptoAPI engine look more like the others....
Dr. Stephen Henson [Thu, 29 May 2008 17:51:22 +0000 (17:51 +0000)]
Make dynamic engine link work with capi.
Dr. Stephen Henson [Thu, 29 May 2008 17:20:42 +0000 (17:20 +0000)]
Disable CryptoAPI engine compilation by default.
Dr. Stephen Henson [Thu, 29 May 2008 17:13:15 +0000 (17:13 +0000)]
Create error codes, compile in source.
Dr. Stephen Henson [Thu, 29 May 2008 16:46:38 +0000 (16:46 +0000)]
CryptoAPI ENGINE... initial version, not compiled in yet.
Bodo Möller [Wed, 28 May 2008 22:30:39 +0000 (22:30 +0000)]
FAQ updates from HEAD
Bodo Möller [Wed, 28 May 2008 22:22:50 +0000 (22:22 +0000)]
fix whitespace
Mark J. Cox [Wed, 28 May 2008 07:47:50 +0000 (07:47 +0000)]
After tagging, bump ready for 0.9.8i development
Mark J. Cox [Wed, 28 May 2008 07:37:14 +0000 (07:37 +0000)]
Prepare for 0.9.8h release
Mark J. Cox [Wed, 28 May 2008 07:29:27 +0000 (07:29 +0000)]
Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)
Reviewed by: openssl-security@openssl.org
Obtained from: mark@awe.com
Mark J. Cox [Wed, 28 May 2008 07:26:33 +0000 (07:26 +0000)]
Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)
Reviewed by: openssl-security@openssl.org
Obtained from: jorton@redhat.com
Bodo Möller [Tue, 27 May 2008 18:43:30 +0000 (18:43 +0000)]
grammar
Bodo Möller [Tue, 27 May 2008 18:41:02 +0000 (18:41 +0000)]
year 2008
Lutz Jänicke [Mon, 26 May 2008 06:23:55 +0000 (06:23 +0000)]
Add README about removed root CA certificates.
Lutz Jänicke [Mon, 26 May 2008 06:21:10 +0000 (06:21 +0000)]
Reword comment to be much shorter to stop other people from complaining
about "overcommenting"
Lutz Jänicke [Fri, 23 May 2008 10:37:22 +0000 (10:37 +0000)]
Clear error queue when starting SSL_CTX_use_certificate_chain_file
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
Lutz Jänicke [Fri, 23 May 2008 08:59:56 +0000 (08:59 +0000)]
Remove all root CA files (beyond test CAs including private key)
from the OpenSSL distribution.
Dr. Stephen Henson [Tue, 20 May 2008 18:48:22 +0000 (18:48 +0000)]
Fix off by one error ;-)
Dr. Stephen Henson [Tue, 20 May 2008 16:13:11 +0000 (16:13 +0000)]
Typo.
Dr. Stephen Henson [Tue, 20 May 2008 12:12:22 +0000 (12:12 +0000)]
Update ordinals.
Dr. Stephen Henson [Tue, 20 May 2008 12:10:28 +0000 (12:10 +0000)]
Oops... PEM_write_bio_ASN1_stream() shouldn't be in 0.9.8 CMS backport.
Dr. Stephen Henson [Tue, 20 May 2008 11:50:13 +0000 (11:50 +0000)]
Remove deleted function definitions from header files
so Windows build picks it up.
Recognize new option in mk1mf.pl
Dr. Stephen Henson [Tue, 20 May 2008 11:23:49 +0000 (11:23 +0000)]
Remove old DES definition of deleted function too.
Lutz Jänicke [Tue, 20 May 2008 08:10:51 +0000 (08:10 +0000)]
Correctly adjust location of comment
Submitted by: Ben Laurie <ben@links.org>
Ben Laurie [Tue, 20 May 2008 03:05:50 +0000 (03:05 +0000)]
Fix warning.
Dr. Stephen Henson [Mon, 19 May 2008 21:26:28 +0000 (21:26 +0000)]
Fix two invalid memory reads in RSA OAEP mode.
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
Bodo Möller [Mon, 19 May 2008 19:44:33 +0000 (19:44 +0000)]
Disable code that clearly doesn't currently serve any useful purpose.
(Buggy line reported by Matthias Koenig.)
Lutz Jänicke [Mon, 19 May 2008 07:52:17 +0000 (07:52 +0000)]
Document "openssl s_server" -crl_check* options
Submitted by: Daniel Black <daniel.subs@internode.on.net>
Lutz Jänicke [Mon, 19 May 2008 07:43:41 +0000 (07:43 +0000)]
Provide information about "openssl dgst" -hmac option.
Dr. Stephen Henson [Sun, 18 May 2008 13:52:05 +0000 (13:52 +0000)]
Typo.
PR: 1672
Lutz Jänicke [Fri, 16 May 2008 07:14:58 +0000 (07:14 +0000)]
Another occurance of possible valgrind/purify "uninitialized memory"
complaint related to the PRNG: with PURIFY policy don't feed uninitialized
memory into the PRNG.
Submitted by: Bodo Moeller <bmoeller@openssl.org> :-)
Dr. Stephen Henson [Mon, 12 May 2008 16:07:00 +0000 (16:07 +0000)]
Always seed PRNG for new requests no matter what key type. RSA may need
the PRNG for blinding.
PR: 1666
Dr. Stephen Henson [Fri, 9 May 2008 23:17:10 +0000 (23:17 +0000)]
Fix from HEAD.
Bodo Möller [Fri, 2 May 2008 18:47:19 +0000 (18:47 +0000)]
Avoid BN_MONT_CTX incompatibility.
Dr. Stephen Henson [Thu, 1 May 2008 23:31:03 +0000 (23:31 +0000)]
Update from HEAD.
Bodo Möller [Thu, 1 May 2008 23:11:34 +0000 (23:11 +0000)]
Unobtrusive backport of 32-bit x86 Montgomery improvements from 0.9.9-dev:
you need to use "enable-montasm" to see a difference. (Huge speed
advantage, but BN_MONT_CTX is not binary compatible, so this can't be
enabled by default in the 0.9.8 branch.)
The CHANGES entry also covers the 64-bit x86 backport in November 2007
by appro.
Dr. Stephen Henson [Wed, 30 Apr 2008 16:11:33 +0000 (16:11 +0000)]
TLS ticket key setting callback: this allows and application to set
its own TLS ticket keys.
Dr. Stephen Henson [Tue, 29 Apr 2008 17:22:01 +0000 (17:22 +0000)]
Do not permit stateless session resumption is session IDs mismatch.
Dr. Stephen Henson [Tue, 29 Apr 2008 16:41:53 +0000 (16:41 +0000)]
Support ticket renewal in state machine (not used at present).
Dr. Stephen Henson [Tue, 29 Apr 2008 16:38:26 +0000 (16:38 +0000)]
Status strings for ticket states.
Geoff Thorpe [Mon, 28 Apr 2008 21:45:43 +0000 (21:45 +0000)]
Fix auto-discovery of ENGINEs, ported from HEAD.
NB, this fixes a regression relative to 0.9.7 and the documented behaviour,
but it would make sense for distro maintainers and others with an interest
in system behaviour to test with this change. The fix re-enables behaviour
that was broken and thus inherently disabled. In particular, if you
register an ENGINE implementation, and that ENGINE is able to successfully
self-initialise on the host, it will get used automatically (as claimed in
the documentation and as was the case for 0.9.7) - this was not the case
with 0.9.8 until now because of a bug.
PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe
Geoff Thorpe [Sun, 27 Apr 2008 18:52:14 +0000 (18:52 +0000)]
Update from HEAD.
Dr. Stephen Henson [Fri, 25 Apr 2008 16:27:25 +0000 (16:27 +0000)]
Fix from HEAD.
Andy Polyakov [Thu, 24 Apr 2008 10:00:40 +0000 (10:00 +0000)]
Compensate inline assembler in sha512.c for gcc 2.7.2 compiler bug [from HEAD].
PR: 1667
Andy Polyakov [Fri, 18 Apr 2008 15:51:31 +0000 (15:51 +0000)]
bn_nist.c update from HEAD.
PR: 1593
Dr. Stephen Henson [Fri, 18 Apr 2008 11:19:56 +0000 (11:19 +0000)]
Update from HEAD.
Lutz Jänicke [Fri, 18 Apr 2008 07:43:23 +0000 (07:43 +0000)]
Add missing 'extern "C" {' to some _err.h files in crypto/engines/
PR: 1609
Richard Levitte [Fri, 18 Apr 2008 06:07:43 +0000 (06:07 +0000)]
Synchronise with Unix
Lutz Jänicke [Thu, 17 Apr 2008 14:15:29 +0000 (14:15 +0000)]
Fix incorrect return value in apps/apps.c:parse_yesno()
PR: 1607
Submitted by: "Christophe Macé" <mace.christophe@gmail.com>
Lutz Jänicke [Thu, 17 Apr 2008 13:36:16 +0000 (13:36 +0000)]
Correctly handle case of bad arguments supplied to rsautl
PR: 1659
Dr. Stephen Henson [Sat, 12 Apr 2008 10:15:33 +0000 (10:15 +0000)]
Update from HEAD.
Richard Levitte [Sat, 12 Apr 2008 08:40:03 +0000 (08:40 +0000)]
Provide other forms for symbols that are too long or that clash with others
Dr. Stephen Henson [Fri, 11 Apr 2008 23:23:57 +0000 (23:23 +0000)]
Revert change from HEAD.
Dr. Stephen Henson [Fri, 11 Apr 2008 17:34:42 +0000 (17:34 +0000)]
Fix from HEAD.
Richard Levitte [Fri, 11 Apr 2008 01:53:19 +0000 (01:53 +0000)]
Synchronise with Unix build