oweals/openssl.git
13 years agofix for CVE-2010-4180
Dr. Stephen Henson [Thu, 2 Dec 2010 18:49:28 +0000 (18:49 +0000)]
fix for CVE-2010-4180

13 years agoPR: 2386
Dr. Stephen Henson [Thu, 2 Dec 2010 18:02:02 +0000 (18:02 +0000)]
PR: 2386
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Correct SKM_ASN1_SET_OF_d2i macro.

13 years agouse consistent FAQ between version
Dr. Stephen Henson [Thu, 2 Dec 2010 00:11:32 +0000 (00:11 +0000)]
use consistent FAQ between version

13 years agoupdate README
Dr. Stephen Henson [Wed, 1 Dec 2010 17:50:41 +0000 (17:50 +0000)]
update README

13 years agooops, no corrected fix needed for 0.9.8 branch
Dr. Stephen Henson [Wed, 1 Dec 2010 17:48:59 +0000 (17:48 +0000)]
oops, no corrected fix needed for 0.9.8 branch

13 years agoupdate NEWS
Dr. Stephen Henson [Wed, 1 Dec 2010 17:16:36 +0000 (17:16 +0000)]
update NEWS

14 years agoadd CVE to JPAKE fix
Dr. Stephen Henson [Mon, 29 Nov 2010 18:47:51 +0000 (18:47 +0000)]
add CVE to JPAKE fix

14 years ago../comm.txt
Dr. Stephen Henson [Sat, 27 Nov 2010 17:33:34 +0000 (17:33 +0000)]
../comm.txt

14 years agoBackport J-PAKE fix.
Ben Laurie [Fri, 26 Nov 2010 16:03:23 +0000 (16:03 +0000)]
Backport J-PAKE fix.

14 years agoadd acknowledgements file to 0.9.8 branch too
Dr. Stephen Henson [Mon, 22 Nov 2010 16:35:15 +0000 (16:35 +0000)]
add acknowledgements file to 0.9.8 branch too

14 years agoupdate for next version
Dr. Stephen Henson [Tue, 16 Nov 2010 16:35:37 +0000 (16:35 +0000)]
update for next version

14 years agooops, correct version number OpenSSL_0_9_8p
Dr. Stephen Henson [Tue, 16 Nov 2010 14:56:17 +0000 (14:56 +0000)]
oops, correct version number

14 years agoprepare for release
Dr. Stephen Henson [Tue, 16 Nov 2010 14:37:28 +0000 (14:37 +0000)]
prepare for release

14 years agofix CVE-2010-3864
Dr. Stephen Henson [Tue, 16 Nov 2010 14:26:18 +0000 (14:26 +0000)]
fix CVE-2010-3864

14 years agoSubmitted by: Jonathan Dixon <joth@chromium.org>
Dr. Stephen Henson [Tue, 2 Nov 2010 15:57:00 +0000 (15:57 +0000)]
Submitted by: Jonathan Dixon <joth@chromium.org>
Reviewed by: steve

If store is NULL set flags correctly.

14 years agoPR: 2295
Dr. Stephen Henson [Mon, 11 Oct 2010 23:28:54 +0000 (23:28 +0000)]
PR: 2295
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.

14 years agoPR: 2314
Dr. Stephen Henson [Sun, 10 Oct 2010 12:21:23 +0000 (12:21 +0000)]
PR: 2314
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939

14 years agoWe can't always read 6 bytes in an OCSP response: fix so error statuses
Dr. Stephen Henson [Wed, 6 Oct 2010 18:01:35 +0000 (18:01 +0000)]
We can't always read 6 bytes in an OCSP response: fix so error statuses
are read correctly for non-blocking I/O.

14 years agoMinor documentation fixes, PR#2345
Dr. Stephen Henson [Mon, 4 Oct 2010 13:28:15 +0000 (13:28 +0000)]
Minor documentation fixes, PR#2345

14 years agoMinor documentation fixes, PR#2344
Dr. Stephen Henson [Mon, 4 Oct 2010 13:25:29 +0000 (13:25 +0000)]
Minor documentation fixes, PR#2344

14 years agoAdd call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
Dr. Stephen Henson [Sun, 3 Oct 2010 18:55:57 +0000 (18:55 +0000)]
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.

14 years agoDon't announce tests run in empty directories
Dr. Stephen Henson [Mon, 20 Sep 2010 23:25:07 +0000 (23:25 +0000)]
Don't announce tests run in empty directories

14 years agosupport customisable rm and mkdir commands
Dr. Stephen Henson [Sun, 19 Sep 2010 15:34:23 +0000 (15:34 +0000)]
support customisable rm and mkdir commands

14 years agoupdate FIPS script generator to make output easier to hand edit
Dr. Stephen Henson [Sun, 19 Sep 2010 11:30:14 +0000 (11:30 +0000)]
update FIPS script generator to make output easier to hand edit

14 years agofix bug in AES_unwrap()
Dr. Stephen Henson [Mon, 30 Aug 2010 23:57:03 +0000 (23:57 +0000)]
fix bug in AES_unwrap()

14 years agoECC library bugfixes.
Bodo Möller [Thu, 26 Aug 2010 12:10:25 +0000 (12:10 +0000)]
ECC library bugfixes.

Submitted by: Emilia Kapser (Google)

14 years agoVersion tree clarification.
Bodo Möller [Thu, 26 Aug 2010 11:15:09 +0000 (11:15 +0000)]
Version tree clarification.

14 years agoPR: 2297
Dr. Stephen Henson [Fri, 9 Jul 2010 17:24:29 +0000 (17:24 +0000)]
PR: 2297
Submitted by: Antony, Benoy <bantony@ebay.com>
Approved by: steve@openssl.org

Fix bug in AES wrap code when t > 0xff.

14 years agoinitialise pbe_tmp
Dr. Stephen Henson [Thu, 8 Jul 2010 16:51:48 +0000 (16:51 +0000)]
initialise pbe_tmp

14 years agorand_nw.c: compensate for gcc bug (using %edx instead of %eax at -O3)
Andy Polyakov [Thu, 8 Jul 2010 09:15:14 +0000 (09:15 +0000)]
rand_nw.c: compensate for gcc bug (using %edx instead of %eax at -O3)
[from HEAD].
PR: 2296

14 years agoPROBLEMS: MacOS X is not necessarily a problem anymore [from HEAD].
Andy Polyakov [Thu, 8 Jul 2010 09:01:33 +0000 (09:01 +0000)]
PROBLEMS: MacOS X is not necessarily a problem anymore [from HEAD].

14 years agomake WIN32 compile work again
Dr. Stephen Henson [Thu, 8 Jul 2010 01:23:25 +0000 (01:23 +0000)]
make WIN32 compile work again

14 years agofix so it is safe to repeatedly add PBE algorithms
Dr. Stephen Henson [Sat, 26 Jun 2010 12:55:01 +0000 (12:55 +0000)]
fix so it is safe to repeatedly add PBE algorithms

14 years agoprepare for next release
Dr. Stephen Henson [Wed, 16 Jun 2010 13:40:09 +0000 (13:40 +0000)]
prepare for next release

14 years agoFix gcc 4.6 warnings. Check TLS server hello extension length.
Ben Laurie [Sat, 12 Jun 2010 13:18:58 +0000 (13:18 +0000)]
Fix gcc 4.6 warnings. Check TLS server hello extension length.

14 years agoPrepare for release. OpenSSL_0_9_8o
Dr. Stephen Henson [Tue, 1 Jun 2010 14:47:12 +0000 (14:47 +0000)]
Prepare for release.

14 years agoFix CVE-2010-0742
Dr. Stephen Henson [Tue, 1 Jun 2010 14:39:57 +0000 (14:39 +0000)]
Fix CVE-2010-0742

14 years agofix PR#2261 in a different way
Dr. Stephen Henson [Mon, 31 May 2010 13:17:52 +0000 (13:17 +0000)]
fix PR#2261 in a different way

14 years ago098 aes-x86_64.pl module was erroneously enabled in Win64 build without
Andy Polyakov [Sun, 30 May 2010 22:02:03 +0000 (22:02 +0000)]
098 aes-x86_64.pl module was erroneously enabled in Win64 build without
being adapted for Win64 ABI. Fix this.

14 years agoupdate NEWS file
Dr. Stephen Henson [Thu, 27 May 2010 15:02:27 +0000 (15:02 +0000)]
update NEWS file

14 years agoPR: 2262
Dr. Stephen Henson [Thu, 27 May 2010 14:09:22 +0000 (14:09 +0000)]
PR: 2262
Submitted By: Victor Wagner <vitus@cryptocom.ru>

Fix error reporting in load_key function.

14 years agoPR: 2245
Dr. Stephen Henson [Thu, 27 May 2010 13:16:28 +0000 (13:16 +0000)]
PR: 2245
Submitted By: Mounir IDRASSI <mounir.idrassi@idrix.net>

Add /Zi to WIN32 debug builds in 0.9.8 tree.

14 years agoPR: 2261
Dr. Stephen Henson [Thu, 27 May 2010 13:07:54 +0000 (13:07 +0000)]
PR: 2261
Submitted By: De Rudder, Stephen L." <s_derudder@tditx.com>

Workaround for newer Windows headers which define EADDRINUSE but not to the
same value as WSAEADDRINUSE.

14 years agoPR: 2258
Dr. Stephen Henson [Thu, 27 May 2010 12:41:33 +0000 (12:41 +0000)]
PR: 2258
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Base64 BIO fixes:

Use OPENSSL_assert() instead of assert().
Use memmove() as buffers overlap.
Fix write retry logic.

14 years agoPR: 2266
Dr. Stephen Henson [Wed, 26 May 2010 23:23:53 +0000 (23:23 +0000)]
PR: 2266
Submitted By: Jonathan Gray <jsg@goblin.cx>

Correct ioctl definitions.

14 years agoAvoid use of ex_data free function in Chil ENGINE so it can be safely
Dr. Stephen Henson [Wed, 26 May 2010 16:16:49 +0000 (16:16 +0000)]
Avoid use of ex_data free function in Chil ENGINE so it can be safely
reloaded.

14 years agoPR: 2251
Dr. Stephen Henson [Sat, 22 May 2010 00:31:18 +0000 (00:31 +0000)]
PR: 2251
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Memleak, BIO chain leak and realloc checks in v3_pci.c

14 years agooops, typo
Dr. Stephen Henson [Thu, 20 May 2010 17:36:24 +0000 (17:36 +0000)]
oops, typo

14 years agomake cms-test.pl consistent with other branches
Dr. Stephen Henson [Thu, 20 May 2010 17:33:25 +0000 (17:33 +0000)]
make cms-test.pl consistent with other branches

14 years agoPR: 2253
Dr. Stephen Henson [Sat, 15 May 2010 00:36:40 +0000 (00:36 +0000)]
PR: 2253
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Check callback return value when outputting errors.

14 years agoUse /MD in FIPS mode for WIN64 too.
Dr. Stephen Henson [Thu, 6 May 2010 13:10:36 +0000 (13:10 +0000)]
Use /MD in FIPS mode for WIN64 too.

14 years agoPR: 2252
Dr. Stephen Henson [Mon, 3 May 2010 15:29:38 +0000 (15:29 +0000)]
PR: 2252
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Update docs to BIO_f_buffer()

14 years agoPR: 2230
Dr. Stephen Henson [Mon, 3 May 2010 13:01:59 +0000 (13:01 +0000)]
PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix bug in bitmask macros and stop warnings.

14 years agoPrevent ERR_print_errors_fp crash on Win32 [from HEAD].
Andy Polyakov [Tue, 20 Apr 2010 20:28:30 +0000 (20:28 +0000)]
Prevent ERR_print_errors_fp crash on Win32 [from HEAD].

14 years agoPR: 2230
Dr. Stephen Henson [Wed, 14 Apr 2010 13:26:50 +0000 (13:26 +0000)]
PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixed various DTLS fragment reassembly bugs patch for 0.9.8.

14 years agoupdate FAQ
Dr. Stephen Henson [Wed, 14 Apr 2010 13:21:37 +0000 (13:21 +0000)]
update FAQ

14 years agofix signed/unsigned comparison warnings
Dr. Stephen Henson [Wed, 14 Apr 2010 00:41:25 +0000 (00:41 +0000)]
fix signed/unsigned comparison warnings

14 years agoPR: 2230
Dr. Stephen Henson [Wed, 14 Apr 2010 00:17:12 +0000 (00:17 +0000)]
PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix various DTLS fragment reassembly bugs.

14 years agoPR: 2229
Dr. Stephen Henson [Wed, 14 Apr 2010 00:09:39 +0000 (00:09 +0000)]
PR: 2229
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Don't drop DTLS connection if mac or decryption failed.

14 years agoPR: 2228
Dr. Stephen Henson [Wed, 14 Apr 2010 00:02:50 +0000 (00:02 +0000)]
PR: 2228
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS buffer record MAC failure bug.

14 years agoThird argument to dtls1_buffer_record is by reference
Richard Levitte [Tue, 13 Apr 2010 08:42:01 +0000 (08:42 +0000)]
Third argument to dtls1_buffer_record is by reference

14 years agoAdd SHA2 algorithms to SSL_library_init(). Although these aren't used
Dr. Stephen Henson [Wed, 7 Apr 2010 13:19:48 +0000 (13:19 +0000)]
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.

14 years agoRemove obsolete PRNG note. Add comment about use of SHA256 et al.
Dr. Stephen Henson [Tue, 6 Apr 2010 15:02:43 +0000 (15:02 +0000)]
Remove obsolete PRNG note. Add comment about use of SHA256 et al.

14 years agoPR: 2209
Dr. Stephen Henson [Tue, 6 Apr 2010 14:45:40 +0000 (14:45 +0000)]
PR: 2209
Submitted Daniel Mentz <danielml@sent.com>

Documentation typo.

14 years agoPR: 2218
Dr. Stephen Henson [Tue, 6 Apr 2010 12:44:44 +0000 (12:44 +0000)]
PR: 2218
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS replay bug.

14 years agoPR: 2219
Dr. Stephen Henson [Tue, 6 Apr 2010 12:39:57 +0000 (12:39 +0000)]
PR: 2219
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS buffering bug.

14 years agoPR: 2223
Dr. Stephen Henson [Tue, 6 Apr 2010 12:29:08 +0000 (12:29 +0000)]
PR: 2223
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS timeout bug

14 years agomake no-comp compile again
Dr. Stephen Henson [Tue, 30 Mar 2010 17:31:58 +0000 (17:31 +0000)]
make no-comp compile again

14 years agomake FAQ, STATUS consistent with other branches
Dr. Stephen Henson [Tue, 30 Mar 2010 00:58:23 +0000 (00:58 +0000)]
make FAQ, STATUS consistent with other branches

14 years agomd32_common.h: fix copy-n-paste typo. The typo was present in 098 only.
Andy Polyakov [Mon, 29 Mar 2010 11:23:11 +0000 (11:23 +0000)]
md32_common.h: fix copy-n-paste typo. The typo was present in 098 only.

14 years agoPR: 1696
Dr. Stephen Henson [Sun, 28 Mar 2010 00:42:17 +0000 (00:42 +0000)]
PR: 1696

Check return value if d2i_PBEPARAM().

14 years agoPR: 2083
Dr. Stephen Henson [Sun, 28 Mar 2010 00:17:28 +0000 (00:17 +0000)]
PR: 2083
Submitted by: Mike Frysinger <vapier@gentoo.org>

Add includes in synopsis, fix some indents. For some reason this never got
applied to the 0.9.8-stable branch.

14 years agoPR: 1763
Dr. Stephen Henson [Sat, 27 Mar 2010 23:28:33 +0000 (23:28 +0000)]
PR: 1763

Remove useless num = 0 assignment.

Remove redundant cases on sock_ctrl(): default case handles them.

14 years agoPR: 1813
Dr. Stephen Henson [Sat, 27 Mar 2010 18:28:24 +0000 (18:28 +0000)]
PR: 1813
Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com>

Fix memory leak when engine name cannot be loaded.

14 years agoWe don't have a whirlpool test in this branch.
Richard Levitte [Thu, 25 Mar 2010 20:36:48 +0000 (20:36 +0000)]
We don't have a whirlpool test in this branch.

14 years agoHave an underscore before <ARCH> to make sure any future architecture
Richard Levitte [Thu, 25 Mar 2010 16:25:42 +0000 (16:25 +0000)]
Have an underscore before <ARCH> to make sure any future architecture
name won't be mixed up with any crypto name.
Missed the other spot.

14 years agoHave an underscore before <ARCH> to make sure any future architecture
Richard Levitte [Thu, 25 Mar 2010 16:18:51 +0000 (16:18 +0000)]
Have an underscore before <ARCH> to make sure any future architecture
name won't be mixed up with any crypto name.
Missed one spot.

14 years agoTry to define the tests and their respective directories in a way that
Richard Levitte [Thu, 25 Mar 2010 14:46:58 +0000 (14:46 +0000)]
Try to define the tests and their respective directories in a way that
preserves the order of the tests (to make it as easy as possible to
synchronise with future Unix builds)

14 years agoHave an underscore before <ARCH> to make sure any future architecture
Richard Levitte [Thu, 25 Mar 2010 14:45:22 +0000 (14:45 +0000)]
Have an underscore before <ARCH> to make sure any future architecture
name won't be mixed up with any crypto name.

14 years agoPR: 2202 (partial)
Dr. Stephen Henson [Thu, 25 Mar 2010 12:29:56 +0000 (12:29 +0000)]
PR: 2202 (partial)
Submitted by: Steven M. Schweda <sms@antinode.info>

VMS fixes:
Reduce copying into .apps and .test in makevms.com
Don't try to use blank CA certificate in CA.com
Allow use of C files from original directories in maketests.com

14 years agoPR: 2202 (partial)
Dr. Stephen Henson [Thu, 25 Mar 2010 12:17:17 +0000 (12:17 +0000)]
PR: 2202 (partial)
Submitted by: Steven M. Schweda <sms@antinode.info>

Make some declarations conditional on FIPS/ENGINE.
Make pqueue_print non-VAX.

14 years agoupdates for next version
Dr. Stephen Henson [Thu, 25 Mar 2010 12:07:04 +0000 (12:07 +0000)]
updates for next version

14 years agoinitialise buf if wrong_info not used
Dr. Stephen Henson [Wed, 24 Mar 2010 23:42:30 +0000 (23:42 +0000)]
initialise buf if wrong_info not used

14 years agoPR: 1731 and maybe 2197
Dr. Stephen Henson [Wed, 24 Mar 2010 23:16:35 +0000 (23:16 +0000)]
PR: 1731 and maybe 2197

Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.

14 years agoprepare for release OpenSSL_0_9_8n
Dr. Stephen Henson [Wed, 24 Mar 2010 13:16:55 +0000 (13:16 +0000)]
prepare for release

14 years agoSubmitted by: Bodo Moeller and Adam Langley (Google).
Dr. Stephen Henson [Wed, 24 Mar 2010 13:16:42 +0000 (13:16 +0000)]
Submitted by: Bodo Moeller and Adam Langley (Google).

Fix for "Record of death" vulnerability CVE-2010-0740.

14 years agorand_win.c: fix logical bug in readscreen [from HEAD].
Andy Polyakov [Mon, 22 Mar 2010 22:44:48 +0000 (22:44 +0000)]
rand_win.c: fix logical bug in readscreen [from HEAD].

14 years agobss_file.c: fix MSC 6.0 warning [from HEAD].
Andy Polyakov [Mon, 22 Mar 2010 22:40:18 +0000 (22:40 +0000)]
bss_file.c: fix MSC 6.0 warning [from HEAD].

14 years agoppc.pl: assembler Y chokes on apostrophes in comment.
Andy Polyakov [Mon, 22 Mar 2010 20:58:43 +0000 (20:58 +0000)]
ppc.pl: assembler Y chokes on apostrophes in comment.

14 years agoe_capi.c: fix typo [from HEAD].
Andy Polyakov [Mon, 15 Mar 2010 22:30:09 +0000 (22:30 +0000)]
e_capi.c: fix typo [from HEAD].

14 years agoFix UPLINK typo [from HEAD].
Andy Polyakov [Mon, 15 Mar 2010 22:27:32 +0000 (22:27 +0000)]
Fix UPLINK typo [from HEAD].

14 years agoworkaround for missing definition in some headers
Dr. Stephen Henson [Mon, 15 Mar 2010 13:12:00 +0000 (13:12 +0000)]
workaround for missing definition in some headers

14 years agoPR: 2192
Dr. Stephen Henson [Fri, 12 Mar 2010 12:48:56 +0000 (12:48 +0000)]
PR: 2192
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

The prompt_info and wrong_info parameters can be empty strings which
can produce confusing prompts. Treat empty string same as NULL.

14 years agomissing goto meant signature was never printed out
Dr. Stephen Henson [Fri, 12 Mar 2010 12:07:16 +0000 (12:07 +0000)]
missing goto meant signature was never printed out

14 years agodon't leave bogus errors in the queue
Dr. Stephen Henson [Wed, 10 Mar 2010 13:48:35 +0000 (13:48 +0000)]
don't leave bogus errors in the queue

14 years agoPR: 2186
Dr. Stephen Henson [Tue, 9 Mar 2010 17:08:24 +0000 (17:08 +0000)]
PR: 2186
Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch@tecsys.com>

Detect aix64-gcc

14 years agoThe OID sanity check was incorrect. It should only disallow *leading* 0x80
Dr. Stephen Henson [Sun, 7 Mar 2010 16:40:31 +0000 (16:40 +0000)]
The OID sanity check was incorrect. It should only disallow *leading* 0x80
values.

14 years agodon't add digest alias if signature algorithm is undefined
Dr. Stephen Henson [Sat, 6 Mar 2010 20:52:33 +0000 (20:52 +0000)]
don't add digest alias if signature algorithm is undefined

14 years agoFix memory leak: free up ENGINE functional reference if digest is not
Dr. Stephen Henson [Fri, 5 Mar 2010 13:35:06 +0000 (13:35 +0000)]
Fix memory leak: free up ENGINE functional reference if digest is not
found in an ENGINE.

14 years agoPR: 2183
Dr. Stephen Henson [Wed, 3 Mar 2010 19:56:00 +0000 (19:56 +0000)]
PR: 2183

PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0