Dr. Stephen Henson [Tue, 1 Jun 2010 13:17:06 +0000 (13:17 +0000)]
Fix CVE-2010-1633 and CVE-2010-0742.
Andy Polyakov [Tue, 1 Jun 2010 06:03:20 +0000 (06:03 +0000)]
VC-32.pl: unconditionally generate symbols.pdb [from HEAD].
Andy Polyakov [Tue, 1 Jun 2010 05:57:26 +0000 (05:57 +0000)]
x86_64-xlate.pl: updates from HEAD.
Andy Polyakov [Tue, 1 Jun 2010 05:53:35 +0000 (05:53 +0000)]
Configure: update mingw config-lines [from HEAD].
Dr. Stephen Henson [Mon, 31 May 2010 13:18:08 +0000 (13:18 +0000)]
fix PR#2261 in a different way
Dr. Stephen Henson [Sat, 29 May 2010 12:49:48 +0000 (12:49 +0000)]
PR: 2278
Submitted By: Mattias Ellert <mattias.ellert@fysast.uu.se>
Fix type checking macro SKM_ASN1_SET_OF_i2d
Dr. Stephen Henson [Thu, 27 May 2010 15:05:01 +0000 (15:05 +0000)]
update NEWS
Dr. Stephen Henson [Thu, 27 May 2010 14:09:13 +0000 (14:09 +0000)]
PR: 2262
Submitted By: Victor Wagner <vitus@cryptocom.ru>
Fix error reporting in load_key function.
Dr. Stephen Henson [Thu, 27 May 2010 13:07:45 +0000 (13:07 +0000)]
PR: 2261
Submitted By: De Rudder, Stephen L." <s_derudder@tditx.com>
Workaround for newer Windows headers which define EADDRINUSE but not to the
same value as WSAEADDRINUSE.
Dr. Stephen Henson [Thu, 27 May 2010 12:41:20 +0000 (12:41 +0000)]
PR: 2258
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Base64 BIO fixes:
Use OPENSSL_assert() instead of assert().
Use memmove() as buffers overlap.
Fix write retry logic.
Dr. Stephen Henson [Wed, 26 May 2010 23:23:44 +0000 (23:23 +0000)]
PR: 2266
Submitted By: Jonathan Gray <jsg@goblin.cx>
Correct ioctl definitions.
Dr. Stephen Henson [Wed, 26 May 2010 16:17:06 +0000 (16:17 +0000)]
Avoid use of ex_data free function in Chil ENGINE so it can be safely
reloaded.
Dr. Stephen Henson [Sat, 22 May 2010 00:40:58 +0000 (00:40 +0000)]
PR: 2254
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org
Check for <= 0 i2d return value.
Dr. Stephen Henson [Sat, 22 May 2010 00:31:02 +0000 (00:31 +0000)]
PR: 2251
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org
Memleak, BIO chain leak and realloc checks in v3_pci.c
Dr. Stephen Henson [Thu, 20 May 2010 17:35:37 +0000 (17:35 +0000)]
oops, typo
Dr. Stephen Henson [Thu, 20 May 2010 17:28:51 +0000 (17:28 +0000)]
Update cms-test.pl to handle some Unix like Windows environments where
calling shlib_wrap.sh doesn't work.
Dr. Stephen Henson [Mon, 17 May 2010 11:26:56 +0000 (11:26 +0000)]
PR: 2259
Submitted By: Artem Chuprina <ran@cryptocom.ru>
Check return values of HMAC in tls_P_hash and tls1_generate_key_block.
Although the previous version could in theory crash that would only happen if a
digest call failed. The standard software methods can never fail and only one
ENGINE currently uses digests and it is not compiled in by default.
Dr. Stephen Henson [Sat, 15 May 2010 00:36:12 +0000 (00:36 +0000)]
PR: 2253
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Check callback return value when outputting errors.
Dr. Stephen Henson [Sat, 15 May 2010 00:19:57 +0000 (00:19 +0000)]
PR: 2255
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Place RSA dependent variable under #ifndef OPENSSL_NO_RSA
Dr. Stephen Henson [Mon, 3 May 2010 15:29:51 +0000 (15:29 +0000)]
PR: 2252
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Update docs to BIO_f_buffer()
Dr. Stephen Henson [Mon, 3 May 2010 13:01:50 +0000 (13:01 +0000)]
PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix bug in bitmask macros and stop warnings.
Dr. Stephen Henson [Mon, 3 May 2010 12:50:52 +0000 (12:50 +0000)]
PR: 2244
Submitted By: "PMHager" <hager@dortmund.net>
Initialise pkey callback to 0.
Andy Polyakov [Wed, 28 Apr 2010 20:04:37 +0000 (20:04 +0000)]
bss_file.c: reserve for option to encode file name in UTF-8 on Windows
[from HEAD].
Andy Polyakov [Tue, 20 Apr 2010 20:41:23 +0000 (20:41 +0000)]
md5-ia64.S: fix assembler warning [from HEAD].
Dr. Stephen Henson [Tue, 20 Apr 2010 12:53:05 +0000 (12:53 +0000)]
PR: 2241
Submitted By: Artemy Lebedev <vagran.ast@gmail.com>
Typo.
Dr. Stephen Henson [Thu, 15 Apr 2010 13:17:05 +0000 (13:17 +0000)]
oops, commit Configure part of PR#2234
Dr. Stephen Henson [Wed, 14 Apr 2010 23:07:28 +0000 (23:07 +0000)]
PR: 2234
Submitted By: Matthias Andree <matthias.andree@gmx.de>
Use correct path to openssl utility in c_rehash script.
Dr. Stephen Henson [Wed, 14 Apr 2010 23:04:19 +0000 (23:04 +0000)]
PR: 2235
Submitted By: Bruce Stephens <bruce.stephens@isode.com>
Make ts/Makefile consistent with other Makefiles.
Andy Polyakov [Wed, 14 Apr 2010 19:25:09 +0000 (19:25 +0000)]
x86_64cpuid.pl: ml64 is allergic to db on label line [from HEAD].
Dr. Stephen Henson [Wed, 14 Apr 2010 13:20:53 +0000 (13:20 +0000)]
update FAQ
Andy Polyakov [Wed, 14 Apr 2010 07:47:53 +0000 (07:47 +0000)]
[co]cf128.c: fix "n=0" bug [from HEAD].
Dr. Stephen Henson [Wed, 14 Apr 2010 00:41:01 +0000 (00:41 +0000)]
fix signed/unsigned comparison warnings
Dr. Stephen Henson [Wed, 14 Apr 2010 00:33:22 +0000 (00:33 +0000)]
fix bug in ccgost CFB mode code
Dr. Stephen Henson [Wed, 14 Apr 2010 00:30:12 +0000 (00:30 +0000)]
check ASN1 type before using it
Dr. Stephen Henson [Wed, 14 Apr 2010 00:17:29 +0000 (00:17 +0000)]
PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix various DTLS fragment reassembly bugs.
Dr. Stephen Henson [Wed, 14 Apr 2010 00:09:55 +0000 (00:09 +0000)]
PR: 2229
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Don't drop DTLS connection if mac or decryption failed.
Dr. Stephen Henson [Wed, 14 Apr 2010 00:03:13 +0000 (00:03 +0000)]
PR: 2228
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS buffer record MAC failure bug.
Dr. Stephen Henson [Tue, 13 Apr 2010 17:08:50 +0000 (17:08 +0000)]
make update
Richard Levitte [Tue, 13 Apr 2010 14:39:58 +0000 (14:39 +0000)]
No need to look for the file if none was entered.
Richard Levitte [Tue, 13 Apr 2010 14:39:08 +0000 (14:39 +0000)]
A few more things that aren't built on VAX
Richard Levitte [Tue, 13 Apr 2010 14:38:39 +0000 (14:38 +0000)]
Since test modules aren't copied to the test/ directory any more on
VMS, we need to rework this script with knowledge of where they are.
Richard Levitte [Tue, 13 Apr 2010 14:37:43 +0000 (14:37 +0000)]
Rework the way engines are built
Richard Levitte [Tue, 13 Apr 2010 14:36:58 +0000 (14:36 +0000)]
Too long symbols
Richard Levitte [Tue, 13 Apr 2010 14:34:48 +0000 (14:34 +0000)]
Spelling
Richard Levitte [Tue, 13 Apr 2010 14:33:04 +0000 (14:33 +0000)]
Rework the configuration of avoided algorithms.
Avoid copying test modules.
Richard Levitte [Tue, 13 Apr 2010 11:10:07 +0000 (11:10 +0000)]
Undo the previous change, it was incorrect in this branch.
Richard Levitte [Tue, 13 Apr 2010 08:41:58 +0000 (08:41 +0000)]
Third argument to dtls1_buffer_record is by reference
Andy Polyakov [Sat, 10 Apr 2010 14:54:34 +0000 (14:54 +0000)]
aes-ppc.pl: 10% performance improvement on Power6 [from HEAD].
Andy Polyakov [Sat, 10 Apr 2010 14:13:12 +0000 (14:13 +0000)]
cryptlib.c: allow application to override OPENSSL_isservice [from HEAD].
Andy Polyakov [Sat, 10 Apr 2010 13:47:11 +0000 (13:47 +0000)]
ctr129.c: fix typo, simplify ctr128_inc and fix "n=0" bug [from HEAD].
Andy Polyakov [Sat, 10 Apr 2010 13:41:58 +0000 (13:41 +0000)]
darwin-ppc-cc: add -Wa,-force_cpusubtype_ALL to produce binaries not
specific to G5. This was already added to HEAD earlier.
PR: 2231
Andy Polyakov [Sat, 10 Apr 2010 13:37:06 +0000 (13:37 +0000)]
sparccpuid.S: some assembler is allergic to apostrophes in comments [from HEAD].
Andy Polyakov [Sat, 10 Apr 2010 13:33:46 +0000 (13:33 +0000)]
alpha-mont.pl: comply with stack alignment requirement [from HEAD].
Dr. Stephen Henson [Thu, 8 Apr 2010 10:54:54 +0000 (10:54 +0000)]
make GOST MAC work again
Dr. Stephen Henson [Wed, 7 Apr 2010 13:18:30 +0000 (13:18 +0000)]
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.
Update docs.
Dr. Stephen Henson [Tue, 6 Apr 2010 15:05:47 +0000 (15:05 +0000)]
Remove obsolete PRNG note. Add comment about use of SHA256 et al.
Dr. Stephen Henson [Tue, 6 Apr 2010 14:45:31 +0000 (14:45 +0000)]
PR: 2209
Submitted Daniel Mentz <danielml@sent.com>
Documentation typo.
Dr. Stephen Henson [Tue, 6 Apr 2010 12:44:55 +0000 (12:44 +0000)]
PR: 2218
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS replay bug.
Dr. Stephen Henson [Tue, 6 Apr 2010 12:40:10 +0000 (12:40 +0000)]
PR: 2219
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS buffering bug.
Dr. Stephen Henson [Tue, 6 Apr 2010 12:29:21 +0000 (12:29 +0000)]
PR: 2223
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS timeout bug
Dr. Stephen Henson [Tue, 6 Apr 2010 11:18:32 +0000 (11:18 +0000)]
PR: 2220
Fixes to make OpenSSL compile with no-rc4
Dr. Stephen Henson [Tue, 30 Mar 2010 00:55:00 +0000 (00:55 +0000)]
updates for next release
Dr. Stephen Henson [Mon, 29 Mar 2010 13:11:54 +0000 (13:11 +0000)]
Prepare for 1.0.0 release - finally ;-)
Andy Polyakov [Mon, 29 Mar 2010 09:59:58 +0000 (09:59 +0000)]
ARMv4 assembler: [unconfirmed] fix for compilation failure [from HEAD].
Andy Polyakov [Mon, 29 Mar 2010 09:50:33 +0000 (09:50 +0000)]
dso_dlfcn.c: fix compile failure on Tru64 [from HEAD].
Dr. Stephen Henson [Sun, 28 Mar 2010 00:42:29 +0000 (00:42 +0000)]
PR: 1696
Check return value if d2i_PBEPARAM().
Dr. Stephen Henson [Sat, 27 Mar 2010 23:28:23 +0000 (23:28 +0000)]
PR: 1763
Remove useless num = 0 assignment.
Remove redundant cases on sock_ctrl(): default case handles them.
Dr. Stephen Henson [Sat, 27 Mar 2010 19:27:51 +0000 (19:27 +0000)]
PR: 1904
Submitted by: David Woodhouse <dwmw2@infradead.org>
Pass passphrase minimum length down to UI.
Dr. Stephen Henson [Sat, 27 Mar 2010 18:28:13 +0000 (18:28 +0000)]
PR: 1813
Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Fix memory leak when engine name cannot be loaded.
Dr. Stephen Henson [Thu, 25 Mar 2010 12:07:45 +0000 (12:07 +0000)]
update FAQ
Bodo Möller [Thu, 25 Mar 2010 11:22:42 +0000 (11:22 +0000)]
Fix for "Record of death" vulnerability CVE-2010-0740.
Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010).
Dr. Stephen Henson [Wed, 24 Mar 2010 23:42:20 +0000 (23:42 +0000)]
initialise buf if wrong_info not used
Dr. Stephen Henson [Wed, 24 Mar 2010 23:16:49 +0000 (23:16 +0000)]
PR: 1731 and maybe 2197
Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.
Andy Polyakov [Mon, 22 Mar 2010 22:44:35 +0000 (22:44 +0000)]
rand_win.c: fix logical bug in readscreen [from HEAD].
Andy Polyakov [Mon, 22 Mar 2010 22:39:46 +0000 (22:39 +0000)]
bss_file.c: fix MSC 6.0 warning [from HEAD].
Andy Polyakov [Mon, 15 Mar 2010 22:29:20 +0000 (22:29 +0000)]
e_capi.c: fix typo.
Andy Polyakov [Mon, 15 Mar 2010 22:26:33 +0000 (22:26 +0000)]
Fix UPLINK typo [from HEAD].
Dr. Stephen Henson [Mon, 15 Mar 2010 13:09:39 +0000 (13:09 +0000)]
workaround for missing definition in some headers
Dr. Stephen Henson [Fri, 12 Mar 2010 12:48:46 +0000 (12:48 +0000)]
PR: 2192
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>
The prompt_info and wrong_info parameters can be empty strings which
can produce confusing prompts. Treat empty string same as NULL.
Dr. Stephen Henson [Fri, 12 Mar 2010 12:07:05 +0000 (12:07 +0000)]
missing goto meant signature was never printed out
Dr. Stephen Henson [Wed, 10 Mar 2010 13:48:21 +0000 (13:48 +0000)]
don't leave bogus errors in the queue
Dr. Stephen Henson [Tue, 9 Mar 2010 17:23:51 +0000 (17:23 +0000)]
make update
Dr. Stephen Henson [Tue, 9 Mar 2010 17:18:17 +0000 (17:18 +0000)]
PR: 2188
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>
Add "missing" functions to get and set prompt constructor.
Dr. Stephen Henson [Tue, 9 Mar 2010 17:08:39 +0000 (17:08 +0000)]
PR: 2186
Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch@tecsys.com>
Detect aix64-gcc
Dr. Stephen Henson [Mon, 8 Mar 2010 23:47:57 +0000 (23:47 +0000)]
reserve a few more bits for future cipher modes
Dr. Stephen Henson [Sun, 7 Mar 2010 16:40:19 +0000 (16:40 +0000)]
The OID sanity check was incorrect. It should only disallow *leading* 0x80
values.
Dr. Stephen Henson [Sat, 6 Mar 2010 20:47:45 +0000 (20:47 +0000)]
don't add digest alias if signature algorithm is undefined
Dr. Stephen Henson [Fri, 5 Mar 2010 13:33:43 +0000 (13:33 +0000)]
Fix memory leak: free up ENGINE functional reference if digest is not
found in an ENGINE.
Dr. Stephen Henson [Wed, 3 Mar 2010 19:56:17 +0000 (19:56 +0000)]
PR: 2183
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
Dr. Stephen Henson [Wed, 3 Mar 2010 15:41:00 +0000 (15:41 +0000)]
Submitted by: Tomas Hoger <thoger@redhat.com>
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
Dr. Stephen Henson [Wed, 3 Mar 2010 15:30:26 +0000 (15:30 +0000)]
don't mix definitions and code
Andy Polyakov [Tue, 2 Mar 2010 16:25:10 +0000 (16:25 +0000)]
Fix s390x-specific HOST_l2c|c2l [from HEAD].
Submitted by: Andreas Krebbel
Dr. Stephen Henson [Mon, 1 Mar 2010 23:54:34 +0000 (23:54 +0000)]
PR: 2178
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>
Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.
Dr. Stephen Henson [Mon, 1 Mar 2010 14:22:02 +0000 (14:22 +0000)]
use supplied ENGINE in genrsa
Dr. Stephen Henson [Mon, 1 Mar 2010 03:01:56 +0000 (03:01 +0000)]
use correct prototype as in HEAD
Dr. Stephen Henson [Mon, 1 Mar 2010 01:52:47 +0000 (01:52 +0000)]
'typo'
Dr. Stephen Henson [Mon, 1 Mar 2010 01:19:36 +0000 (01:19 +0000)]
make USE_CRYPTODEV_DIGESTS work
Ben Laurie [Sun, 28 Feb 2010 13:38:16 +0000 (13:38 +0000)]
Fix warning.
Dr. Stephen Henson [Sun, 28 Feb 2010 00:24:24 +0000 (00:24 +0000)]
algorithms field has changed in 1.0.0 and later: update
Dr. Stephen Henson [Sat, 27 Feb 2010 23:04:10 +0000 (23:04 +0000)]
Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."