Dr. Stephen Henson [Mon, 29 Dec 2008 00:17:36 +0000 (00:17 +0000)]
Avoid signed/unsigned compare warnings.
Andy Polyakov [Sat, 27 Dec 2008 13:34:30 +0000 (13:34 +0000)]
Backport aes-x86_64.pl update from HEAD.
Ben Laurie [Fri, 26 Dec 2008 15:27:51 +0000 (15:27 +0000)]
Enable TLS Extensions by default.
Richard Levitte [Thu, 25 Dec 2008 22:24:21 +0000 (22:24 +0000)]
In BIO_write(), update the write statistics, not the read statistics.
PR: 1803
Richard Levitte [Thu, 25 Dec 2008 22:04:45 +0000 (22:04 +0000)]
Further synchronisation with Unix
Richard Levitte [Mon, 22 Dec 2008 09:30:09 +0000 (09:30 +0000)]
Synchronise with Unixly build.
Dr. Stephen Henson [Sat, 20 Dec 2008 17:04:09 +0000 (17:04 +0000)]
Make no-engine work again...
Andy Polyakov [Wed, 17 Dec 2008 14:14:51 +0000 (14:14 +0000)]
Backport aes-x86_64.pl update from HEAD and revisit same code in aes-586.pl.
PR: 1801
Ben Laurie [Sat, 13 Dec 2008 17:00:53 +0000 (17:00 +0000)]
Missing return values (Coverity ID 204).
Ben Laurie [Sat, 13 Dec 2008 12:22:47 +0000 (12:22 +0000)]
Make depend.
Dr. Stephen Henson [Wed, 10 Dec 2008 17:34:11 +0000 (17:34 +0000)]
Remove tests which rely on old root certs being present.
Lutz Jänicke [Wed, 10 Dec 2008 08:03:48 +0000 (08:03 +0000)]
apps/speed.c: children should not inherit buffered I/O
PR: 1787
Submitted by: Artur Klauser <aklauser@google.com>
Dr. Stephen Henson [Mon, 8 Dec 2008 19:13:57 +0000 (19:13 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sun, 7 Dec 2008 23:59:13 +0000 (23:59 +0000)]
Fix from HEAD.
Bodo Möller [Tue, 2 Dec 2008 23:50:21 +0000 (23:50 +0000)]
experimental-foo support for mk1mf.pl.
Ben Laurie [Tue, 2 Dec 2008 18:14:44 +0000 (18:14 +0000)]
Fix warnings.
Ben Laurie [Tue, 2 Dec 2008 13:36:47 +0000 (13:36 +0000)]
Warn about JPAKE brokenness.
Bodo Möller [Tue, 2 Dec 2008 01:21:06 +0000 (01:21 +0000)]
Implement Configure option pattern "experimental-foo"
(specifically, "experimental-jpake").
Dr. Stephen Henson [Sun, 30 Nov 2008 16:07:11 +0000 (16:07 +0000)]
Don't clobber passed GENERAL_NAME on error.
Geoff Thorpe [Fri, 28 Nov 2008 22:04:25 +0000 (22:04 +0000)]
Clarify a 'chil' engine param that is a little unintuitive.
Submitted by: Sander Temme <sander@temme.net>
Dr. Stephen Henson [Mon, 24 Nov 2008 17:49:21 +0000 (17:49 +0000)]
Update dependencies.
Dr. Stephen Henson [Mon, 24 Nov 2008 17:02:49 +0000 (17:02 +0000)]
Move new function CRYPTO_strdup to mem_dbg.c because mem.c is excluded in
a fips build.
Dr. Stephen Henson [Mon, 24 Nov 2008 16:14:15 +0000 (16:14 +0000)]
Revert OPENSSL_EXPERIMENTAL patch.
Change it so JPAKE uses the standard OPENSSL_NO_JPAKE instead.
Dr. Stephen Henson [Fri, 21 Nov 2008 18:18:28 +0000 (18:18 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 19 Nov 2008 16:03:51 +0000 (16:03 +0000)]
Commit default dependencies.
Geoff Thorpe [Wed, 19 Nov 2008 14:08:06 +0000 (14:08 +0000)]
Allow the CHIL engine to load even if dynamic locks aren't registered.
Submitted by: Sander Temme
Dr. Stephen Henson [Wed, 19 Nov 2008 00:40:59 +0000 (00:40 +0000)]
Remove jpake.h dependencies from default build.
Dr. Stephen Henson [Tue, 18 Nov 2008 22:23:20 +0000 (22:23 +0000)]
On WIN32 use /MD for static library in FIPS mode to match value of
validated module.
Dr. Stephen Henson [Sat, 15 Nov 2008 17:47:31 +0000 (17:47 +0000)]
Update .cvsignore
Dr. Stephen Henson [Sat, 15 Nov 2008 17:46:41 +0000 (17:46 +0000)]
Stop warnings.
Bodo Möller [Fri, 14 Nov 2008 00:18:23 +0000 (00:18 +0000)]
warnings
Bodo Möller [Fri, 14 Nov 2008 00:17:43 +0000 (00:17 +0000)]
make update
Dr. Stephen Henson [Thu, 13 Nov 2008 15:08:33 +0000 (15:08 +0000)]
Fixes for "make depend". Features which need a #define to be set to
enable them, like FIPS and JPAKE need to have these set when building
dependencies.
Ben Laurie [Thu, 13 Nov 2008 11:35:23 +0000 (11:35 +0000)]
Not an error to include jpake.h when disabled.
Ben Laurie [Thu, 13 Nov 2008 09:50:24 +0000 (09:50 +0000)]
J-PAKE is not RSA.
Dr. Stephen Henson [Wed, 12 Nov 2008 19:05:42 +0000 (19:05 +0000)]
Oops...
Dr. Stephen Henson [Wed, 12 Nov 2008 18:27:17 +0000 (18:27 +0000)]
Update mk1mf.pl for new JPAKE options. Update jpaketest.c for WIN32.
Dr. Stephen Henson [Wed, 12 Nov 2008 16:54:35 +0000 (16:54 +0000)]
Add support for experimental code, not compiled in by default and
with OPENSSL_EXPERIMENTAL_FOO around it. Make JPAKE experimental.
Dr. Stephen Henson [Tue, 11 Nov 2008 12:52:14 +0000 (12:52 +0000)]
Don't attempt to enter FIPS mode in autoconfig module if already in FIPS mode.
Dr. Stephen Henson [Tue, 11 Nov 2008 12:42:32 +0000 (12:42 +0000)]
Update from HEAD.
Dr. Stephen Henson [Tue, 11 Nov 2008 12:22:17 +0000 (12:22 +0000)]
Avoid conflict with some version of Windows platform SDK.
Dr. Stephen Henson [Tue, 11 Nov 2008 10:17:22 +0000 (10:17 +0000)]
PR: 1782
Submitted by: Philip Prindeville <philipp_subx@redfish-solutions.com>
Approved by: steve@openssl.org
Dr. Stephen Henson [Mon, 10 Nov 2008 18:55:07 +0000 (18:55 +0000)]
Make -DKSSL_DEBUG work again.
Dr. Stephen Henson [Mon, 10 Nov 2008 18:22:50 +0000 (18:22 +0000)]
Fix warnings.
Lutz Jänicke [Mon, 10 Nov 2008 11:26:46 +0000 (11:26 +0000)]
Clarify (non-)blocking behavior of EGD socket interface used by RAND_egd().
Dr. Stephen Henson [Wed, 5 Nov 2008 18:36:57 +0000 (18:36 +0000)]
Change old obsolete email address...
Dr. Stephen Henson [Wed, 5 Nov 2008 18:29:49 +0000 (18:29 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Fri, 31 Oct 2008 12:18:42 +0000 (12:18 +0000)]
Oops...
Dr. Stephen Henson [Fri, 31 Oct 2008 12:09:18 +0000 (12:09 +0000)]
Fix from HEAD.
Andy Polyakov [Tue, 28 Oct 2008 16:30:09 +0000 (16:30 +0000)]
randfile.c: .rnd can become orphaned on VMS [from HEAD].
Submitted by: David North
Andy Polyakov [Tue, 28 Oct 2008 15:33:07 +0000 (15:33 +0000)]
.cvsignore update: ignore all flavors of shared objects [from HEAD].
Andy Polyakov [Tue, 28 Oct 2008 13:47:38 +0000 (13:47 +0000)]
Fix crash in BN_rshift [from HEAD].
PR: 1663
Dr. Stephen Henson [Mon, 27 Oct 2008 12:30:33 +0000 (12:30 +0000)]
Win32 fixes, add new directory to WIN32 build system.
Dr. Stephen Henson [Mon, 27 Oct 2008 12:04:04 +0000 (12:04 +0000)]
Fixes from HEAD.
Ben Laurie [Sun, 26 Oct 2008 18:42:05 +0000 (18:42 +0000)]
Add JPAKE.
Ben Laurie [Sun, 26 Oct 2008 15:37:31 +0000 (15:37 +0000)]
Minor clarity enhancements.
Dr. Stephen Henson [Sun, 26 Oct 2008 11:54:26 +0000 (11:54 +0000)]
Avoid warning.
Dr. Stephen Henson [Wed, 22 Oct 2008 19:55:25 +0000 (19:55 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:51:37 +0000 (18:51 +0000)]
Return correct exit code if there is an error in dgst command.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:48:50 +0000 (18:48 +0000)]
Sync OIDS with HEAD.
Lutz Jänicke [Wed, 22 Oct 2008 06:46:13 +0000 (06:46 +0000)]
Allow detection of input EOF in quiet mode by adding -no_ign_eof option
to s_client application.
PR: #1761
Submitted by: David Woodhouse <dwmw2@infradead.org>
Lutz Jänicke [Mon, 20 Oct 2008 12:53:33 +0000 (12:53 +0000)]
Add missing "-d" to option list of openssl version.
Submitted by: Alex Chen <alex_chen@filemaker.com>
Lutz Jänicke [Mon, 20 Oct 2008 12:40:20 +0000 (12:40 +0000)]
Armor pq_compat.h header file against multiple inclusion
Submitted by: Alex Chen <alex_chen@filemaker.com>
Ben Laurie [Mon, 20 Oct 2008 09:26:04 +0000 (09:26 +0000)]
Distinguish public/private data more clearly.
Ben Laurie [Sun, 19 Oct 2008 15:34:13 +0000 (15:34 +0000)]
Ignore executable.
Ben Laurie [Sun, 19 Oct 2008 15:33:32 +0000 (15:33 +0000)]
Add J-PAKE demo.
Ben Laurie [Sat, 18 Oct 2008 14:27:36 +0000 (14:27 +0000)]
Constification.
Ben Laurie [Tue, 14 Oct 2008 19:21:30 +0000 (19:21 +0000)]
Set the comparison function in v3_addr_canonize().
Ben Laurie [Tue, 14 Oct 2008 19:09:47 +0000 (19:09 +0000)]
Add XMPP STARTTLS support.
Ben Laurie [Tue, 14 Oct 2008 19:05:02 +0000 (19:05 +0000)]
Fix warnings.
Lutz Jänicke [Mon, 13 Oct 2008 06:43:06 +0000 (06:43 +0000)]
Firstly, the bitmap we use for replay protection was ending up with zero
length, so a _single_ pair of packets getting switched around would
cause one of them to be 'dropped'.
Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>
Lutz Jänicke [Fri, 10 Oct 2008 10:41:32 +0000 (10:41 +0000)]
When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().
The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>
Lutz Jänicke [Mon, 6 Oct 2008 10:35:29 +0000 (10:35 +0000)]
Fix incorrect command for assember file generation on IA64
Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>
Dr. Stephen Henson [Thu, 25 Sep 2008 16:38:07 +0000 (16:38 +0000)]
Check for errors in ASN1 sign and verify routines.
Andy Polyakov [Tue, 23 Sep 2008 17:34:08 +0000 (17:34 +0000)]
Fix EC_KEY_check_key [from HEAD].
Dr. Stephen Henson [Tue, 23 Sep 2008 11:21:17 +0000 (11:21 +0000)]
Typo.
Bodo Möller [Mon, 22 Sep 2008 21:22:51 +0000 (21:22 +0000)]
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.
Dr. Stephen Henson [Sun, 21 Sep 2008 11:40:36 +0000 (11:40 +0000)]
Fix warnings when more pedantic "debuge-steve32" target is used.
Dr. Stephen Henson [Sun, 21 Sep 2008 11:21:43 +0000 (11:21 +0000)]
Camellia low level API algorithm blocking.
Dr. Stephen Henson [Sun, 21 Sep 2008 10:24:08 +0000 (10:24 +0000)]
Make camellia work with updated EVP macros.
Dr. Stephen Henson [Thu, 18 Sep 2008 12:13:54 +0000 (12:13 +0000)]
Add do_fips.bat WIN32 build script. Update version in Configure.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:56:09 +0000 (11:56 +0000)]
Build montgomery ASM file on WIN32.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:45:30 +0000 (11:45 +0000)]
Merge FIPS changes to VC-32 build system.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:20:08 +0000 (11:20 +0000)]
Add extra utilities from FIPS branch.
Dr. Stephen Henson [Wed, 17 Sep 2008 17:21:31 +0000 (17:21 +0000)]
Add FIPS changes to mk1mf.pl
Dr. Stephen Henson [Wed, 17 Sep 2008 17:12:53 +0000 (17:12 +0000)]
Update defs.
Dr. Stephen Henson [Wed, 17 Sep 2008 17:11:09 +0000 (17:11 +0000)]
Make update: delete duplicate error code.
Dr. Stephen Henson [Wed, 17 Sep 2008 16:58:01 +0000 (16:58 +0000)]
Update some util files to recognize new FIPS directories.
Dr. Stephen Henson [Wed, 17 Sep 2008 16:27:50 +0000 (16:27 +0000)]
Add missing files.
Dr. Stephen Henson [Wed, 17 Sep 2008 15:56:42 +0000 (15:56 +0000)]
Updates to build system from FIPS branch. Make fipscanisterbuild work and
build FIPS test programs.
Dr. Stephen Henson [Wed, 17 Sep 2008 15:53:59 +0000 (15:53 +0000)]
Add RSA update from FIPS branch that got omitted....
Dr. Stephen Henson [Wed, 17 Sep 2008 15:07:41 +0000 (15:07 +0000)]
Don't change NUM_LOCKS value for non-FIPS builds.
Dr. Stephen Henson [Tue, 16 Sep 2008 22:54:30 +0000 (22:54 +0000)]
Add missing files.
Dr. Stephen Henson [Tue, 16 Sep 2008 22:48:18 +0000 (22:48 +0000)]
Add missing files.
Dr. Stephen Henson [Tue, 16 Sep 2008 21:44:57 +0000 (21:44 +0000)]
Merge changes to build system from fips branch.
Dr. Stephen Henson [Tue, 16 Sep 2008 15:14:55 +0000 (15:14 +0000)]
FIPS merge of test changes: make sure key sizes are 1024 bits.
Dr. Stephen Henson [Tue, 16 Sep 2008 15:11:50 +0000 (15:11 +0000)]
FIPS merge "crypto" functions.
Dr. Stephen Henson [Tue, 16 Sep 2008 14:55:26 +0000 (14:55 +0000)]
Merge public key FIPS code, RSA, DSA, DH.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:52:33 +0000 (11:52 +0000)]
Add missing file.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:50:05 +0000 (11:50 +0000)]
RAND library FIPS merge.