oweals/openssl.git
16 years agorandfile.c: .rnd can become orphaned on VMS [from HEAD].
Andy Polyakov [Tue, 28 Oct 2008 16:30:09 +0000 (16:30 +0000)]
randfile.c: .rnd can become orphaned on VMS [from HEAD].

Submitted by: David North

16 years ago.cvsignore update: ignore all flavors of shared objects [from HEAD].
Andy Polyakov [Tue, 28 Oct 2008 15:33:07 +0000 (15:33 +0000)]
.cvsignore update: ignore all flavors of shared objects [from HEAD].

16 years agoFix crash in BN_rshift [from HEAD].
Andy Polyakov [Tue, 28 Oct 2008 13:47:38 +0000 (13:47 +0000)]
Fix crash in BN_rshift [from HEAD].
PR: 1663

16 years agoWin32 fixes, add new directory to WIN32 build system.
Dr. Stephen Henson [Mon, 27 Oct 2008 12:30:33 +0000 (12:30 +0000)]
Win32 fixes, add new directory to WIN32 build system.

16 years agoFixes from HEAD.
Dr. Stephen Henson [Mon, 27 Oct 2008 12:04:04 +0000 (12:04 +0000)]
Fixes from HEAD.

16 years agoAdd JPAKE.
Ben Laurie [Sun, 26 Oct 2008 18:42:05 +0000 (18:42 +0000)]
Add JPAKE.

16 years agoMinor clarity enhancements.
Ben Laurie [Sun, 26 Oct 2008 15:37:31 +0000 (15:37 +0000)]
Minor clarity enhancements.

16 years agoAvoid warning.
Dr. Stephen Henson [Sun, 26 Oct 2008 11:54:26 +0000 (11:54 +0000)]
Avoid warning.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Wed, 22 Oct 2008 19:55:25 +0000 (19:55 +0000)]
Update from HEAD.

16 years agoReturn correct exit code if there is an error in dgst command.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:51:37 +0000 (18:51 +0000)]
Return correct exit code if there is an error in dgst command.

16 years agoSync OIDS with HEAD.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:48:50 +0000 (18:48 +0000)]
Sync OIDS with HEAD.

16 years agoAllow detection of input EOF in quiet mode by adding -no_ign_eof option
Lutz Jänicke [Wed, 22 Oct 2008 06:46:13 +0000 (06:46 +0000)]
Allow detection of input EOF in quiet mode by adding -no_ign_eof option
to s_client application.
PR: #1761
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoAdd missing "-d" to option list of openssl version.
Lutz Jänicke [Mon, 20 Oct 2008 12:53:33 +0000 (12:53 +0000)]
Add missing "-d" to option list of openssl version.

Submitted by: Alex Chen <alex_chen@filemaker.com>

16 years agoArmor pq_compat.h header file against multiple inclusion
Lutz Jänicke [Mon, 20 Oct 2008 12:40:20 +0000 (12:40 +0000)]
Armor pq_compat.h header file against multiple inclusion

Submitted by: Alex Chen <alex_chen@filemaker.com>

16 years agoDistinguish public/private data more clearly.
Ben Laurie [Mon, 20 Oct 2008 09:26:04 +0000 (09:26 +0000)]
Distinguish public/private data more clearly.

16 years agoIgnore executable.
Ben Laurie [Sun, 19 Oct 2008 15:34:13 +0000 (15:34 +0000)]
Ignore executable.

16 years agoAdd J-PAKE demo.
Ben Laurie [Sun, 19 Oct 2008 15:33:32 +0000 (15:33 +0000)]
Add J-PAKE demo.

16 years agoConstification.
Ben Laurie [Sat, 18 Oct 2008 14:27:36 +0000 (14:27 +0000)]
Constification.

16 years agoSet the comparison function in v3_addr_canonize().
Ben Laurie [Tue, 14 Oct 2008 19:21:30 +0000 (19:21 +0000)]
Set the comparison function in v3_addr_canonize().

16 years agoAdd XMPP STARTTLS support.
Ben Laurie [Tue, 14 Oct 2008 19:09:47 +0000 (19:09 +0000)]
Add XMPP STARTTLS support.

16 years agoFix warnings.
Ben Laurie [Tue, 14 Oct 2008 19:05:02 +0000 (19:05 +0000)]
Fix warnings.

16 years agoFirstly, the bitmap we use for replay protection was ending up with zero
Lutz Jänicke [Mon, 13 Oct 2008 06:43:06 +0000 (06:43 +0000)]
Firstly, the bitmap we use for replay protection was ending up with zero
length, so a _single_ pair of packets getting switched around would
cause one of them to be 'dropped'.

Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoWhen the underlying BIO_write() fails to send a datagram, we leave the
Lutz Jänicke [Fri, 10 Oct 2008 10:41:32 +0000 (10:41 +0000)]
When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().

The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoFix incorrect command for assember file generation on IA64
Lutz Jänicke [Mon, 6 Oct 2008 10:35:29 +0000 (10:35 +0000)]
Fix incorrect command for assember file generation on IA64

Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>

16 years agoCheck for errors in ASN1 sign and verify routines.
Dr. Stephen Henson [Thu, 25 Sep 2008 16:38:07 +0000 (16:38 +0000)]
Check for errors in ASN1 sign and verify routines.

16 years agoFix EC_KEY_check_key [from HEAD].
Andy Polyakov [Tue, 23 Sep 2008 17:34:08 +0000 (17:34 +0000)]
Fix EC_KEY_check_key [from HEAD].

16 years agoTypo.
Dr. Stephen Henson [Tue, 23 Sep 2008 11:21:17 +0000 (11:21 +0000)]
Typo.

16 years agoMake sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
Bodo Möller [Mon, 22 Sep 2008 21:22:51 +0000 (21:22 +0000)]
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.

16 years agoFix warnings when more pedantic "debuge-steve32" target is used.
Dr. Stephen Henson [Sun, 21 Sep 2008 11:40:36 +0000 (11:40 +0000)]
Fix warnings when more pedantic "debuge-steve32" target is used.

16 years agoCamellia low level API algorithm blocking.
Dr. Stephen Henson [Sun, 21 Sep 2008 11:21:43 +0000 (11:21 +0000)]
Camellia low level API algorithm blocking.

16 years agoMake camellia work with updated EVP macros.
Dr. Stephen Henson [Sun, 21 Sep 2008 10:24:08 +0000 (10:24 +0000)]
Make camellia work with updated EVP macros.

16 years agoAdd do_fips.bat WIN32 build script. Update version in Configure.
Dr. Stephen Henson [Thu, 18 Sep 2008 12:13:54 +0000 (12:13 +0000)]
Add do_fips.bat WIN32 build script. Update version in Configure.

16 years agoBuild montgomery ASM file on WIN32.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:56:09 +0000 (11:56 +0000)]
Build montgomery ASM file on WIN32.

16 years agoMerge FIPS changes to VC-32 build system.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:45:30 +0000 (11:45 +0000)]
Merge FIPS changes to VC-32 build system.

16 years agoAdd extra utilities from FIPS branch.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:20:08 +0000 (11:20 +0000)]
Add extra utilities from FIPS branch.

16 years agoAdd FIPS changes to mk1mf.pl
Dr. Stephen Henson [Wed, 17 Sep 2008 17:21:31 +0000 (17:21 +0000)]
Add FIPS changes to mk1mf.pl

16 years agoUpdate defs.
Dr. Stephen Henson [Wed, 17 Sep 2008 17:12:53 +0000 (17:12 +0000)]
Update defs.

16 years agoMake update: delete duplicate error code.
Dr. Stephen Henson [Wed, 17 Sep 2008 17:11:09 +0000 (17:11 +0000)]
Make update: delete duplicate error code.

16 years agoUpdate some util files to recognize new FIPS directories.
Dr. Stephen Henson [Wed, 17 Sep 2008 16:58:01 +0000 (16:58 +0000)]
Update some util files to recognize new FIPS directories.

16 years agoAdd missing files.
Dr. Stephen Henson [Wed, 17 Sep 2008 16:27:50 +0000 (16:27 +0000)]
Add missing files.

16 years agoUpdates to build system from FIPS branch. Make fipscanisterbuild work and
Dr. Stephen Henson [Wed, 17 Sep 2008 15:56:42 +0000 (15:56 +0000)]
Updates to build system from FIPS branch. Make fipscanisterbuild work and
build FIPS test programs.

16 years agoAdd RSA update from FIPS branch that got omitted....
Dr. Stephen Henson [Wed, 17 Sep 2008 15:53:59 +0000 (15:53 +0000)]
Add RSA update from FIPS branch that got omitted....

16 years agoDon't change NUM_LOCKS value for non-FIPS builds.
Dr. Stephen Henson [Wed, 17 Sep 2008 15:07:41 +0000 (15:07 +0000)]
Don't change NUM_LOCKS value for non-FIPS builds.

16 years agoAdd missing files.
Dr. Stephen Henson [Tue, 16 Sep 2008 22:54:30 +0000 (22:54 +0000)]
Add missing files.

16 years agoAdd missing files.
Dr. Stephen Henson [Tue, 16 Sep 2008 22:48:18 +0000 (22:48 +0000)]
Add missing files.

16 years agoMerge changes to build system from fips branch.
Dr. Stephen Henson [Tue, 16 Sep 2008 21:44:57 +0000 (21:44 +0000)]
Merge changes to build system from fips branch.

16 years agoFIPS merge of test changes: make sure key sizes are 1024 bits.
Dr. Stephen Henson [Tue, 16 Sep 2008 15:14:55 +0000 (15:14 +0000)]
FIPS merge of test changes: make sure key sizes are 1024 bits.

16 years agoFIPS merge "crypto" functions.
Dr. Stephen Henson [Tue, 16 Sep 2008 15:11:50 +0000 (15:11 +0000)]
FIPS merge "crypto" functions.

16 years agoMerge public key FIPS code, RSA, DSA, DH.
Dr. Stephen Henson [Tue, 16 Sep 2008 14:55:26 +0000 (14:55 +0000)]
Merge public key FIPS code, RSA, DSA, DH.

16 years agoAdd missing file.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:52:33 +0000 (11:52 +0000)]
Add missing file.

16 years agoRAND library FIPS merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:50:05 +0000 (11:50 +0000)]
RAND library FIPS merge.

16 years agoconf/hmac FIPS merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:37:03 +0000 (11:37 +0000)]
conf/hmac FIPS merge.

16 years agoERR library FIPS merge. Reorganise functions and add FIPS error
Dr. Stephen Henson [Tue, 16 Sep 2008 11:26:29 +0000 (11:26 +0000)]
ERR library FIPS merge. Reorganise functions and add FIPS error
definitions.

16 years agoFIPS des library merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:17:48 +0000 (11:17 +0000)]
FIPS des library merge.

16 years agoPart FIPS bn merge: move functiosn to bn_opt.c to reduce dependencies.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:08:24 +0000 (11:08 +0000)]
Part FIPS bn merge: move functiosn to bn_opt.c to reduce dependencies.

16 years agoAdd missing RC4 algorithm block source file.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:02:19 +0000 (11:02 +0000)]
Add missing RC4 algorithm block source file.

16 years agoMerge FIPS low level algorithm blocking code. Give hard errors if non-FIPS
Dr. Stephen Henson [Tue, 16 Sep 2008 10:47:28 +0000 (10:47 +0000)]
Merge FIPS low level algorithm blocking code. Give hard errors if non-FIPS
algorithms are use in FIPS mode using low level API. No effect in non-FIPS
mode.

16 years agoMerge fips directory from FIPS branch.
Dr. Stephen Henson [Tue, 16 Sep 2008 10:12:23 +0000 (10:12 +0000)]
Merge fips directory from FIPS branch.

16 years agoOops, restore change that got reverted accidentally.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:32:23 +0000 (22:32 +0000)]
Oops, restore change that got reverted accidentally.

16 years agoMerge apps changes from FIPS branch.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:24:39 +0000 (22:24 +0000)]
Merge apps changes from FIPS branch.

16 years agoMerge EVP changes in from FIPS branch.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:21:42 +0000 (22:21 +0000)]
Merge EVP changes in from FIPS branch.

16 years agoPort X931 key generation routines from FIPS branch. Don't include deprecated
Dr. Stephen Henson [Mon, 15 Sep 2008 21:42:28 +0000 (21:42 +0000)]
Port X931 key generation routines from FIPS branch. Don't include deprecated
versions as they weren't in 0.9.8 before now anyway.

16 years agoFix intendation
Bodo Möller [Mon, 15 Sep 2008 20:39:32 +0000 (20:39 +0000)]
Fix intendation

16 years agoNow that we're changing the 0.9.8i CHANGES anyway, reorder them
Bodo Möller [Mon, 15 Sep 2008 20:34:13 +0000 (20:34 +0000)]
Now that we're changing the 0.9.8i CHANGES anyway, reorder them
according to the usual convention (reverse chronological order)

16 years agoAdd missing CHANGES entry.
Dr. Stephen Henson [Mon, 15 Sep 2008 20:28:58 +0000 (20:28 +0000)]
Add missing CHANGES entry.

16 years agoupdate
Bodo Möller [Mon, 15 Sep 2008 20:27:47 +0000 (20:27 +0000)]
update

16 years agopkcs12 FIPS changes.
Dr. Stephen Henson [Mon, 15 Sep 2008 20:16:04 +0000 (20:16 +0000)]
pkcs12 FIPS changes.

16 years agoMerge minor FIPS branch changes: buffer, objects, pem, x509.
Dr. Stephen Henson [Mon, 15 Sep 2008 19:56:12 +0000 (19:56 +0000)]
Merge minor FIPS branch changes: buffer, objects, pem, x509.

16 years agoPrepare for next version...
Dr. Stephen Henson [Mon, 15 Sep 2008 15:30:20 +0000 (15:30 +0000)]
Prepare for next version...

16 years agoOops... use correct version number this time.... OpenSSL_0_9_8i
Dr. Stephen Henson [Mon, 15 Sep 2008 14:26:34 +0000 (14:26 +0000)]
Oops... use correct version number this time....

16 years agoPrepare for next version....
Dr. Stephen Henson [Mon, 15 Sep 2008 12:19:09 +0000 (12:19 +0000)]
Prepare for next version....

16 years agoBegin release of OpenSSL 0.9.8i.
Dr. Stephen Henson [Mon, 15 Sep 2008 10:28:13 +0000 (10:28 +0000)]
Begin release of OpenSSL 0.9.8i.

16 years agoCompilation warning fix [from HEAD, "must have, as our Windows build does
Andy Polyakov [Mon, 15 Sep 2008 07:19:41 +0000 (07:19 +0000)]
Compilation warning fix [from HEAD, "must have, as our Windows build does
not tolerate warnings].

16 years agoFix yesterday typos in bss_dgram.c [from HEAD].
Andy Polyakov [Mon, 15 Sep 2008 05:45:36 +0000 (05:45 +0000)]
Fix yesterday typos in bss_dgram.c [from HEAD].

16 years agoupdate comment
Bodo Möller [Sun, 14 Sep 2008 19:50:53 +0000 (19:50 +0000)]
update comment

16 years agoWinsock handles SO_RCVTIMEO in unique manner... [from HEAD].
Andy Polyakov [Sun, 14 Sep 2008 19:23:46 +0000 (19:23 +0000)]
Winsock handles SO_RCVTIMEO in unique manner... [from HEAD].
PR: 1648

16 years agooops
Bodo Möller [Sun, 14 Sep 2008 18:16:09 +0000 (18:16 +0000)]
oops

16 years agodtls1_write_bytes consumers expect amount of bytes written per call, not
Andy Polyakov [Sun, 14 Sep 2008 17:57:03 +0000 (17:57 +0000)]
dtls1_write_bytes consumers expect amount of bytes written per call, not
overall [from HEAD].
PR: 1604

16 years agoFix error code discrepancy.
Dr. Stephen Henson [Sun, 14 Sep 2008 16:43:37 +0000 (16:43 +0000)]
Fix error code discrepancy.
Make update.

16 years agoStop warnings about value not used.
Dr. Stephen Henson [Sun, 14 Sep 2008 15:46:36 +0000 (15:46 +0000)]
Stop warnings about value not used.

16 years agoFix SSL state transitions.
Bodo Möller [Sun, 14 Sep 2008 14:02:01 +0000 (14:02 +0000)]
Fix SSL state transitions.

Submitted by: Nagendra Modadugu

16 years agoReally get rid of unsafe double-checked locking.
Bodo Möller [Sun, 14 Sep 2008 13:51:49 +0000 (13:51 +0000)]
Really get rid of unsafe double-checked locking.

Also, "CHANGES" clean-ups.

16 years agoSome precautions to avoid potential security-relevant problems.
Bodo Möller [Sun, 14 Sep 2008 13:42:40 +0000 (13:42 +0000)]
Some precautions to avoid potential security-relevant problems.

16 years agoDTLS didn't handle alerts correctly [from HEAD].
Andy Polyakov [Sat, 13 Sep 2008 18:25:36 +0000 (18:25 +0000)]
DTLS didn't handle alerts correctly [from HEAD].
PR: 1632

16 years agofile rc4_fblk.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 11:02:19 ...
Dr. Stephen Henson [Fri, 12 Sep 2008 17:44:26 +0000 (17:44 +0000)]
file rc4_fblk.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 11:02:19 +0000

16 years agoAIX build updates [from HEAD].
Andy Polyakov [Fri, 12 Sep 2008 14:47:02 +0000 (14:47 +0000)]
AIX build updates [from HEAD].

16 years agoAllow soft-loading engines.
Ben Laurie [Fri, 12 Sep 2008 13:29:59 +0000 (13:29 +0000)]
Allow soft-loading engines.

16 years agoDon't hide commands.
Ben Laurie [Fri, 12 Sep 2008 13:26:07 +0000 (13:26 +0000)]
Don't hide commands.

16 years agoIf tickets disabled behave as if no ticket received to support
Dr. Stephen Henson [Wed, 3 Sep 2008 22:13:04 +0000 (22:13 +0000)]
If tickets disabled behave as if no ticket received to support
stateful resume.

16 years agoFix flag clash... only used internally when policy checking is
Dr. Stephen Henson [Sun, 31 Aug 2008 11:15:35 +0000 (11:15 +0000)]
Fix flag clash... only used internally when policy checking is
enabled.

16 years agoDon't use assertions to check application-provided arguments;
Bodo Möller [Thu, 14 Aug 2008 21:37:20 +0000 (21:37 +0000)]
Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.

16 years agosanity check
Bodo Möller [Wed, 13 Aug 2008 19:44:44 +0000 (19:44 +0000)]
sanity check

PR: 1679

16 years agoFix from HEAD.
Dr. Stephen Henson [Tue, 5 Aug 2008 15:56:11 +0000 (15:56 +0000)]
Fix from HEAD.

16 years agoFix from HEAD.
Dr. Stephen Henson [Sat, 2 Aug 2008 11:17:04 +0000 (11:17 +0000)]
Fix from HEAD.

16 years agoRefer to SSL_pending from the man page for SSL_read
Lutz Jänicke [Fri, 1 Aug 2008 15:03:22 +0000 (15:03 +0000)]
Refer to SSL_pending from the man page for SSL_read

16 years agoFix from HEAD.
Dr. Stephen Henson [Wed, 30 Jul 2008 15:42:19 +0000 (15:42 +0000)]
Fix from HEAD.

16 years agoWe should check the eight bytes starting at p[-9] for rollback attack
Bodo Möller [Thu, 17 Jul 2008 22:11:24 +0000 (22:11 +0000)]
We should check the eight bytes starting at p[-9] for rollback attack
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.

PR: 1695

16 years agoHarmonize darwin-i386-cc config line with HEAD.
Andy Polyakov [Thu, 17 Jul 2008 11:59:07 +0000 (11:59 +0000)]
Harmonize darwin-i386-cc config line with HEAD.

16 years agodarwin64-ppc-cc experimental line accidentally made it to stable:-(
Andy Polyakov [Thu, 17 Jul 2008 10:00:18 +0000 (10:00 +0000)]
darwin64-ppc-cc experimental line accidentally made it to stable:-(
PR: 1699

16 years agosha1-586.pl: update from HEAD.
Andy Polyakov [Thu, 17 Jul 2008 09:51:34 +0000 (09:51 +0000)]
sha1-586.pl: update from HEAD.
PR: 1681