oweals/openssl.git
15 years agoWarn about JPAKE brokenness.
Ben Laurie [Tue, 2 Dec 2008 13:36:47 +0000 (13:36 +0000)]
Warn about JPAKE brokenness.

15 years agoImplement Configure option pattern "experimental-foo"
Bodo Möller [Tue, 2 Dec 2008 01:21:06 +0000 (01:21 +0000)]
Implement Configure option pattern "experimental-foo"
(specifically, "experimental-jpake").

15 years agoDon't clobber passed GENERAL_NAME on error.
Dr. Stephen Henson [Sun, 30 Nov 2008 16:07:11 +0000 (16:07 +0000)]
Don't clobber passed GENERAL_NAME on error.

15 years agoClarify a 'chil' engine param that is a little unintuitive.
Geoff Thorpe [Fri, 28 Nov 2008 22:04:25 +0000 (22:04 +0000)]
Clarify a 'chil' engine param that is a little unintuitive.

Submitted by: Sander Temme <sander@temme.net>

15 years agoUpdate dependencies.
Dr. Stephen Henson [Mon, 24 Nov 2008 17:49:21 +0000 (17:49 +0000)]
Update dependencies.

15 years agoMove new function CRYPTO_strdup to mem_dbg.c because mem.c is excluded in
Dr. Stephen Henson [Mon, 24 Nov 2008 17:02:49 +0000 (17:02 +0000)]
Move new function CRYPTO_strdup to mem_dbg.c because mem.c is excluded in
a fips build.

15 years agoRevert OPENSSL_EXPERIMENTAL patch.
Dr. Stephen Henson [Mon, 24 Nov 2008 16:14:15 +0000 (16:14 +0000)]
Revert OPENSSL_EXPERIMENTAL patch.

Change it so JPAKE uses the standard OPENSSL_NO_JPAKE instead.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Fri, 21 Nov 2008 18:18:28 +0000 (18:18 +0000)]
Update from HEAD.

16 years agoCommit default dependencies.
Dr. Stephen Henson [Wed, 19 Nov 2008 16:03:51 +0000 (16:03 +0000)]
Commit default dependencies.

16 years agoAllow the CHIL engine to load even if dynamic locks aren't registered.
Geoff Thorpe [Wed, 19 Nov 2008 14:08:06 +0000 (14:08 +0000)]
Allow the CHIL engine to load even if dynamic locks aren't registered.

Submitted by: Sander Temme

16 years agoRemove jpake.h dependencies from default build.
Dr. Stephen Henson [Wed, 19 Nov 2008 00:40:59 +0000 (00:40 +0000)]
Remove jpake.h dependencies from default build.

16 years agoOn WIN32 use /MD for static library in FIPS mode to match value of
Dr. Stephen Henson [Tue, 18 Nov 2008 22:23:20 +0000 (22:23 +0000)]
On WIN32 use /MD for static library in FIPS mode to match value of
validated module.

16 years agoUpdate .cvsignore
Dr. Stephen Henson [Sat, 15 Nov 2008 17:47:31 +0000 (17:47 +0000)]
Update .cvsignore

16 years agoStop warnings.
Dr. Stephen Henson [Sat, 15 Nov 2008 17:46:41 +0000 (17:46 +0000)]
Stop warnings.

16 years agowarnings
Bodo Möller [Fri, 14 Nov 2008 00:18:23 +0000 (00:18 +0000)]
warnings

16 years agomake update
Bodo Möller [Fri, 14 Nov 2008 00:17:43 +0000 (00:17 +0000)]
make update

16 years agoFixes for "make depend". Features which need a #define to be set to
Dr. Stephen Henson [Thu, 13 Nov 2008 15:08:33 +0000 (15:08 +0000)]
Fixes for "make depend". Features which need a #define to be set to
enable them, like FIPS and JPAKE need to have these set when building
dependencies.

16 years agoNot an error to include jpake.h when disabled.
Ben Laurie [Thu, 13 Nov 2008 11:35:23 +0000 (11:35 +0000)]
Not an error to include jpake.h when disabled.

16 years agoJ-PAKE is not RSA.
Ben Laurie [Thu, 13 Nov 2008 09:50:24 +0000 (09:50 +0000)]
J-PAKE is not RSA.

16 years agoOops...
Dr. Stephen Henson [Wed, 12 Nov 2008 19:05:42 +0000 (19:05 +0000)]
Oops...

16 years agoUpdate mk1mf.pl for new JPAKE options. Update jpaketest.c for WIN32.
Dr. Stephen Henson [Wed, 12 Nov 2008 18:27:17 +0000 (18:27 +0000)]
Update mk1mf.pl for new JPAKE options. Update jpaketest.c for WIN32.

16 years agoAdd support for experimental code, not compiled in by default and
Dr. Stephen Henson [Wed, 12 Nov 2008 16:54:35 +0000 (16:54 +0000)]
Add support for experimental code, not compiled in by default and
with OPENSSL_EXPERIMENTAL_FOO around it. Make JPAKE experimental.

16 years agoDon't attempt to enter FIPS mode in autoconfig module if already in FIPS mode.
Dr. Stephen Henson [Tue, 11 Nov 2008 12:52:14 +0000 (12:52 +0000)]
Don't attempt to enter FIPS mode in autoconfig module if already in FIPS mode.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Tue, 11 Nov 2008 12:42:32 +0000 (12:42 +0000)]
Update from HEAD.

16 years agoAvoid conflict with some version of Windows platform SDK.
Dr. Stephen Henson [Tue, 11 Nov 2008 12:22:17 +0000 (12:22 +0000)]
Avoid conflict with some version of Windows platform SDK.

16 years agoPR: 1782
Dr. Stephen Henson [Tue, 11 Nov 2008 10:17:22 +0000 (10:17 +0000)]
PR: 1782
Submitted by: Philip Prindeville <philipp_subx@redfish-solutions.com>
Approved by: steve@openssl.org

16 years agoMake -DKSSL_DEBUG work again.
Dr. Stephen Henson [Mon, 10 Nov 2008 18:55:07 +0000 (18:55 +0000)]
Make -DKSSL_DEBUG work again.

16 years agoFix warnings.
Dr. Stephen Henson [Mon, 10 Nov 2008 18:22:50 +0000 (18:22 +0000)]
Fix warnings.

16 years agoClarify (non-)blocking behavior of EGD socket interface used by RAND_egd().
Lutz Jänicke [Mon, 10 Nov 2008 11:26:46 +0000 (11:26 +0000)]
Clarify (non-)blocking behavior of EGD socket interface used by RAND_egd().

16 years agoChange old obsolete email address...
Dr. Stephen Henson [Wed, 5 Nov 2008 18:36:57 +0000 (18:36 +0000)]
Change old obsolete email address...

16 years agoFix from HEAD.
Dr. Stephen Henson [Wed, 5 Nov 2008 18:29:49 +0000 (18:29 +0000)]
Fix from HEAD.

16 years agoOops...
Dr. Stephen Henson [Fri, 31 Oct 2008 12:18:42 +0000 (12:18 +0000)]
Oops...

16 years agoFix from HEAD.
Dr. Stephen Henson [Fri, 31 Oct 2008 12:09:18 +0000 (12:09 +0000)]
Fix from HEAD.

16 years agorandfile.c: .rnd can become orphaned on VMS [from HEAD].
Andy Polyakov [Tue, 28 Oct 2008 16:30:09 +0000 (16:30 +0000)]
randfile.c: .rnd can become orphaned on VMS [from HEAD].

Submitted by: David North

16 years ago.cvsignore update: ignore all flavors of shared objects [from HEAD].
Andy Polyakov [Tue, 28 Oct 2008 15:33:07 +0000 (15:33 +0000)]
.cvsignore update: ignore all flavors of shared objects [from HEAD].

16 years agoFix crash in BN_rshift [from HEAD].
Andy Polyakov [Tue, 28 Oct 2008 13:47:38 +0000 (13:47 +0000)]
Fix crash in BN_rshift [from HEAD].
PR: 1663

16 years agoWin32 fixes, add new directory to WIN32 build system.
Dr. Stephen Henson [Mon, 27 Oct 2008 12:30:33 +0000 (12:30 +0000)]
Win32 fixes, add new directory to WIN32 build system.

16 years agoFixes from HEAD.
Dr. Stephen Henson [Mon, 27 Oct 2008 12:04:04 +0000 (12:04 +0000)]
Fixes from HEAD.

16 years agoAdd JPAKE.
Ben Laurie [Sun, 26 Oct 2008 18:42:05 +0000 (18:42 +0000)]
Add JPAKE.

16 years agoMinor clarity enhancements.
Ben Laurie [Sun, 26 Oct 2008 15:37:31 +0000 (15:37 +0000)]
Minor clarity enhancements.

16 years agoAvoid warning.
Dr. Stephen Henson [Sun, 26 Oct 2008 11:54:26 +0000 (11:54 +0000)]
Avoid warning.

16 years agoUpdate from HEAD.
Dr. Stephen Henson [Wed, 22 Oct 2008 19:55:25 +0000 (19:55 +0000)]
Update from HEAD.

16 years agoReturn correct exit code if there is an error in dgst command.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:51:37 +0000 (18:51 +0000)]
Return correct exit code if there is an error in dgst command.

16 years agoSync OIDS with HEAD.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:48:50 +0000 (18:48 +0000)]
Sync OIDS with HEAD.

16 years agoAllow detection of input EOF in quiet mode by adding -no_ign_eof option
Lutz Jänicke [Wed, 22 Oct 2008 06:46:13 +0000 (06:46 +0000)]
Allow detection of input EOF in quiet mode by adding -no_ign_eof option
to s_client application.
PR: #1761
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoAdd missing "-d" to option list of openssl version.
Lutz Jänicke [Mon, 20 Oct 2008 12:53:33 +0000 (12:53 +0000)]
Add missing "-d" to option list of openssl version.

Submitted by: Alex Chen <alex_chen@filemaker.com>

16 years agoArmor pq_compat.h header file against multiple inclusion
Lutz Jänicke [Mon, 20 Oct 2008 12:40:20 +0000 (12:40 +0000)]
Armor pq_compat.h header file against multiple inclusion

Submitted by: Alex Chen <alex_chen@filemaker.com>

16 years agoDistinguish public/private data more clearly.
Ben Laurie [Mon, 20 Oct 2008 09:26:04 +0000 (09:26 +0000)]
Distinguish public/private data more clearly.

16 years agoIgnore executable.
Ben Laurie [Sun, 19 Oct 2008 15:34:13 +0000 (15:34 +0000)]
Ignore executable.

16 years agoAdd J-PAKE demo.
Ben Laurie [Sun, 19 Oct 2008 15:33:32 +0000 (15:33 +0000)]
Add J-PAKE demo.

16 years agoConstification.
Ben Laurie [Sat, 18 Oct 2008 14:27:36 +0000 (14:27 +0000)]
Constification.

16 years agoSet the comparison function in v3_addr_canonize().
Ben Laurie [Tue, 14 Oct 2008 19:21:30 +0000 (19:21 +0000)]
Set the comparison function in v3_addr_canonize().

16 years agoAdd XMPP STARTTLS support.
Ben Laurie [Tue, 14 Oct 2008 19:09:47 +0000 (19:09 +0000)]
Add XMPP STARTTLS support.

16 years agoFix warnings.
Ben Laurie [Tue, 14 Oct 2008 19:05:02 +0000 (19:05 +0000)]
Fix warnings.

16 years agoFirstly, the bitmap we use for replay protection was ending up with zero
Lutz Jänicke [Mon, 13 Oct 2008 06:43:06 +0000 (06:43 +0000)]
Firstly, the bitmap we use for replay protection was ending up with zero
length, so a _single_ pair of packets getting switched around would
cause one of them to be 'dropped'.

Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoWhen the underlying BIO_write() fails to send a datagram, we leave the
Lutz Jänicke [Fri, 10 Oct 2008 10:41:32 +0000 (10:41 +0000)]
When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().

The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoFix incorrect command for assember file generation on IA64
Lutz Jänicke [Mon, 6 Oct 2008 10:35:29 +0000 (10:35 +0000)]
Fix incorrect command for assember file generation on IA64

Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>

16 years agoCheck for errors in ASN1 sign and verify routines.
Dr. Stephen Henson [Thu, 25 Sep 2008 16:38:07 +0000 (16:38 +0000)]
Check for errors in ASN1 sign and verify routines.

16 years agoFix EC_KEY_check_key [from HEAD].
Andy Polyakov [Tue, 23 Sep 2008 17:34:08 +0000 (17:34 +0000)]
Fix EC_KEY_check_key [from HEAD].

16 years agoTypo.
Dr. Stephen Henson [Tue, 23 Sep 2008 11:21:17 +0000 (11:21 +0000)]
Typo.

16 years agoMake sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
Bodo Möller [Mon, 22 Sep 2008 21:22:51 +0000 (21:22 +0000)]
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.

16 years agoFix warnings when more pedantic "debuge-steve32" target is used.
Dr. Stephen Henson [Sun, 21 Sep 2008 11:40:36 +0000 (11:40 +0000)]
Fix warnings when more pedantic "debuge-steve32" target is used.

16 years agoCamellia low level API algorithm blocking.
Dr. Stephen Henson [Sun, 21 Sep 2008 11:21:43 +0000 (11:21 +0000)]
Camellia low level API algorithm blocking.

16 years agoMake camellia work with updated EVP macros.
Dr. Stephen Henson [Sun, 21 Sep 2008 10:24:08 +0000 (10:24 +0000)]
Make camellia work with updated EVP macros.

16 years agoAdd do_fips.bat WIN32 build script. Update version in Configure.
Dr. Stephen Henson [Thu, 18 Sep 2008 12:13:54 +0000 (12:13 +0000)]
Add do_fips.bat WIN32 build script. Update version in Configure.

16 years agoBuild montgomery ASM file on WIN32.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:56:09 +0000 (11:56 +0000)]
Build montgomery ASM file on WIN32.

16 years agoMerge FIPS changes to VC-32 build system.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:45:30 +0000 (11:45 +0000)]
Merge FIPS changes to VC-32 build system.

16 years agoAdd extra utilities from FIPS branch.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:20:08 +0000 (11:20 +0000)]
Add extra utilities from FIPS branch.

16 years agoAdd FIPS changes to mk1mf.pl
Dr. Stephen Henson [Wed, 17 Sep 2008 17:21:31 +0000 (17:21 +0000)]
Add FIPS changes to mk1mf.pl

16 years agoUpdate defs.
Dr. Stephen Henson [Wed, 17 Sep 2008 17:12:53 +0000 (17:12 +0000)]
Update defs.

16 years agoMake update: delete duplicate error code.
Dr. Stephen Henson [Wed, 17 Sep 2008 17:11:09 +0000 (17:11 +0000)]
Make update: delete duplicate error code.

16 years agoUpdate some util files to recognize new FIPS directories.
Dr. Stephen Henson [Wed, 17 Sep 2008 16:58:01 +0000 (16:58 +0000)]
Update some util files to recognize new FIPS directories.

16 years agoAdd missing files.
Dr. Stephen Henson [Wed, 17 Sep 2008 16:27:50 +0000 (16:27 +0000)]
Add missing files.

16 years agoUpdates to build system from FIPS branch. Make fipscanisterbuild work and
Dr. Stephen Henson [Wed, 17 Sep 2008 15:56:42 +0000 (15:56 +0000)]
Updates to build system from FIPS branch. Make fipscanisterbuild work and
build FIPS test programs.

16 years agoAdd RSA update from FIPS branch that got omitted....
Dr. Stephen Henson [Wed, 17 Sep 2008 15:53:59 +0000 (15:53 +0000)]
Add RSA update from FIPS branch that got omitted....

16 years agoDon't change NUM_LOCKS value for non-FIPS builds.
Dr. Stephen Henson [Wed, 17 Sep 2008 15:07:41 +0000 (15:07 +0000)]
Don't change NUM_LOCKS value for non-FIPS builds.

16 years agoAdd missing files.
Dr. Stephen Henson [Tue, 16 Sep 2008 22:54:30 +0000 (22:54 +0000)]
Add missing files.

16 years agoAdd missing files.
Dr. Stephen Henson [Tue, 16 Sep 2008 22:48:18 +0000 (22:48 +0000)]
Add missing files.

16 years agoMerge changes to build system from fips branch.
Dr. Stephen Henson [Tue, 16 Sep 2008 21:44:57 +0000 (21:44 +0000)]
Merge changes to build system from fips branch.

16 years agoFIPS merge of test changes: make sure key sizes are 1024 bits.
Dr. Stephen Henson [Tue, 16 Sep 2008 15:14:55 +0000 (15:14 +0000)]
FIPS merge of test changes: make sure key sizes are 1024 bits.

16 years agoFIPS merge "crypto" functions.
Dr. Stephen Henson [Tue, 16 Sep 2008 15:11:50 +0000 (15:11 +0000)]
FIPS merge "crypto" functions.

16 years agoMerge public key FIPS code, RSA, DSA, DH.
Dr. Stephen Henson [Tue, 16 Sep 2008 14:55:26 +0000 (14:55 +0000)]
Merge public key FIPS code, RSA, DSA, DH.

16 years agoAdd missing file.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:52:33 +0000 (11:52 +0000)]
Add missing file.

16 years agoRAND library FIPS merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:50:05 +0000 (11:50 +0000)]
RAND library FIPS merge.

16 years agoconf/hmac FIPS merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:37:03 +0000 (11:37 +0000)]
conf/hmac FIPS merge.

16 years agoERR library FIPS merge. Reorganise functions and add FIPS error
Dr. Stephen Henson [Tue, 16 Sep 2008 11:26:29 +0000 (11:26 +0000)]
ERR library FIPS merge. Reorganise functions and add FIPS error
definitions.

16 years agoFIPS des library merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:17:48 +0000 (11:17 +0000)]
FIPS des library merge.

16 years agoPart FIPS bn merge: move functiosn to bn_opt.c to reduce dependencies.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:08:24 +0000 (11:08 +0000)]
Part FIPS bn merge: move functiosn to bn_opt.c to reduce dependencies.

16 years agoAdd missing RC4 algorithm block source file.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:02:19 +0000 (11:02 +0000)]
Add missing RC4 algorithm block source file.

16 years agoMerge FIPS low level algorithm blocking code. Give hard errors if non-FIPS
Dr. Stephen Henson [Tue, 16 Sep 2008 10:47:28 +0000 (10:47 +0000)]
Merge FIPS low level algorithm blocking code. Give hard errors if non-FIPS
algorithms are use in FIPS mode using low level API. No effect in non-FIPS
mode.

16 years agoMerge fips directory from FIPS branch.
Dr. Stephen Henson [Tue, 16 Sep 2008 10:12:23 +0000 (10:12 +0000)]
Merge fips directory from FIPS branch.

16 years agoOops, restore change that got reverted accidentally.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:32:23 +0000 (22:32 +0000)]
Oops, restore change that got reverted accidentally.

16 years agoMerge apps changes from FIPS branch.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:24:39 +0000 (22:24 +0000)]
Merge apps changes from FIPS branch.

16 years agoMerge EVP changes in from FIPS branch.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:21:42 +0000 (22:21 +0000)]
Merge EVP changes in from FIPS branch.

16 years agoPort X931 key generation routines from FIPS branch. Don't include deprecated
Dr. Stephen Henson [Mon, 15 Sep 2008 21:42:28 +0000 (21:42 +0000)]
Port X931 key generation routines from FIPS branch. Don't include deprecated
versions as they weren't in 0.9.8 before now anyway.

16 years agoFix intendation
Bodo Möller [Mon, 15 Sep 2008 20:39:32 +0000 (20:39 +0000)]
Fix intendation

16 years agoNow that we're changing the 0.9.8i CHANGES anyway, reorder them
Bodo Möller [Mon, 15 Sep 2008 20:34:13 +0000 (20:34 +0000)]
Now that we're changing the 0.9.8i CHANGES anyway, reorder them
according to the usual convention (reverse chronological order)

16 years agoAdd missing CHANGES entry.
Dr. Stephen Henson [Mon, 15 Sep 2008 20:28:58 +0000 (20:28 +0000)]
Add missing CHANGES entry.

16 years agoupdate
Bodo Möller [Mon, 15 Sep 2008 20:27:47 +0000 (20:27 +0000)]
update

16 years agopkcs12 FIPS changes.
Dr. Stephen Henson [Mon, 15 Sep 2008 20:16:04 +0000 (20:16 +0000)]
pkcs12 FIPS changes.