oweals/openssl.git
16 years agoMake -DKSSL_DEBUG work again.
Dr. Stephen Henson [Mon, 10 Nov 2008 19:08:37 +0000 (19:08 +0000)]
Make -DKSSL_DEBUG work again.

16 years agoClarify (non-)blocking behavior of EGD socket interface used by RAND_egd().
Lutz Jänicke [Mon, 10 Nov 2008 11:26:44 +0000 (11:26 +0000)]
Clarify (non-)blocking behavior of EGD socket interface used by RAND_egd().

16 years agoPR: 1777
Dr. Stephen Henson [Wed, 5 Nov 2008 23:14:32 +0000 (23:14 +0000)]
PR: 1777
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>
Approved by: steve@openssl.org

Fix some size_t issues.

16 years agoUpdate obsolete email address...
Dr. Stephen Henson [Wed, 5 Nov 2008 18:39:08 +0000 (18:39 +0000)]
Update obsolete email address...

16 years agoDon't use clobbered 'i' for checking UTCTime and GeneralizedTime length.
Dr. Stephen Henson [Wed, 5 Nov 2008 18:28:24 +0000 (18:28 +0000)]
Don't use clobbered 'i' for checking UTCTime and GeneralizedTime length.

16 years agoOnly one of these needs to be signed.
Ben Laurie [Tue, 4 Nov 2008 15:16:23 +0000 (15:16 +0000)]
Only one of these needs to be signed.

16 years agoFormatting.
Ben Laurie [Tue, 4 Nov 2008 12:06:09 +0000 (12:06 +0000)]
Formatting.

16 years agoAdd initial support for mingw64.
Andy Polyakov [Mon, 3 Nov 2008 21:15:07 +0000 (21:15 +0000)]
Add initial support for mingw64.
PR: 1693
Submitted by: Alon Bar-Lev

16 years agoMinor perlasm updates.
Andy Polyakov [Mon, 3 Nov 2008 08:46:07 +0000 (08:46 +0000)]
Minor perlasm updates.

16 years agoNot sure about this one... seems to be needed to make 64 bit release
Dr. Stephen Henson [Sun, 2 Nov 2008 18:29:27 +0000 (18:29 +0000)]
Not sure about this one... seems to be needed to make 64 bit release
builds work properly...

16 years agoFix prototypes.
Dr. Stephen Henson [Sun, 2 Nov 2008 18:12:36 +0000 (18:12 +0000)]
Fix prototypes.

16 years agoUse stddef.h to pick up size_t def.
Dr. Stephen Henson [Sun, 2 Nov 2008 16:56:13 +0000 (16:56 +0000)]
Use stddef.h to pick up size_t def.

16 years agoFix prototypes.
Dr. Stephen Henson [Sun, 2 Nov 2008 16:13:19 +0000 (16:13 +0000)]
Fix prototypes.

16 years agoUpdate HMAC functions to return an error where relevant.
Dr. Stephen Henson [Sun, 2 Nov 2008 16:00:39 +0000 (16:00 +0000)]
Update HMAC functions to return an error where relevant.

16 years agoFix warnings: printf format mismatches on 64 bit platforms.
Dr. Stephen Henson [Sun, 2 Nov 2008 15:41:30 +0000 (15:41 +0000)]
Fix warnings: printf format mismatches on 64 bit platforms.
Change assert to OPENSSL_assert().
Fix e_padlock prototype.

16 years agoFix asserts. Fix incorrect dependency.
Ben Laurie [Sun, 2 Nov 2008 13:15:06 +0000 (13:15 +0000)]
Fix asserts. Fix incorrect dependency.

16 years agoFix warnings about mismatched prototypes, undefined size_t and value computed
Dr. Stephen Henson [Sun, 2 Nov 2008 12:50:48 +0000 (12:50 +0000)]
Fix warnings about mismatched prototypes, undefined size_t and value computed
not used.

16 years agoFix warnings.
Ben Laurie [Sun, 2 Nov 2008 09:22:29 +0000 (09:22 +0000)]
Fix warnings.

16 years agoFix warning.
Ben Laurie [Sun, 2 Nov 2008 09:00:25 +0000 (09:00 +0000)]
Fix warning.

16 years agoFix bss_log.c on Windows.
Andy Polyakov [Sat, 1 Nov 2008 21:09:54 +0000 (21:09 +0000)]
Fix bss_log.c on Windows.

16 years agoMore size_tification.
Ben Laurie [Sat, 1 Nov 2008 16:40:37 +0000 (16:40 +0000)]
More size_tification.

16 years agosize_tification.
Ben Laurie [Sat, 1 Nov 2008 14:37:00 +0000 (14:37 +0000)]
size_tification.

16 years agoFix SHA512 and optimize BN for mingw64.
Andy Polyakov [Sat, 1 Nov 2008 12:46:18 +0000 (12:46 +0000)]
Fix SHA512 and optimize BN for mingw64.

16 years agoFix warnings after commit#17578.
Andy Polyakov [Fri, 31 Oct 2008 20:20:54 +0000 (20:20 +0000)]
Fix warnings after commit#17578.

16 years agosize_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
Andy Polyakov [Fri, 31 Oct 2008 19:48:25 +0000 (19:48 +0000)]
size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
underlying cipher to be size_t-fied, it allows for size_t, signed and
unsigned long. It maintains source and even binary compatibility.

16 years agosize_t-fy AES, Camellia and RC4.
Andy Polyakov [Fri, 31 Oct 2008 19:30:11 +0000 (19:30 +0000)]
size_t-fy AES, Camellia and RC4.

16 years agoAdd install target to crypto/jpake/Makefile
Dr. Stephen Henson [Fri, 31 Oct 2008 12:06:25 +0000 (12:06 +0000)]
Add install target to crypto/jpake/Makefile

16 years agoFix warning.
Ben Laurie [Wed, 29 Oct 2008 05:10:09 +0000 (05:10 +0000)]
Fix warning.

16 years agorandfile.c: .rnd can become orphaned on VMS.
Andy Polyakov [Tue, 28 Oct 2008 16:25:47 +0000 (16:25 +0000)]
randfile.c: .rnd can become orphaned on VMS.

Submitted by: David North

16 years ago.cvsignore update: ignore all flavors of shared objects.
Andy Polyakov [Tue, 28 Oct 2008 15:29:25 +0000 (15:29 +0000)]
.cvsignore update: ignore all flavors of shared objects.

16 years agoFix typo in ./config.
Andy Polyakov [Tue, 28 Oct 2008 15:09:06 +0000 (15:09 +0000)]
Fix typo in ./config.

Submitted by: Sander Temme

16 years agoec2_mult.c readability update.
Andy Polyakov [Tue, 28 Oct 2008 13:53:51 +0000 (13:53 +0000)]
ec2_mult.c readability update.

16 years agoMinor clean-up in bn_lib.c: constification and optimization.
Andy Polyakov [Tue, 28 Oct 2008 13:52:51 +0000 (13:52 +0000)]
Minor clean-up in bn_lib.c: constification and optimization.

16 years agoFix crash in BN_rshift.
Andy Polyakov [Tue, 28 Oct 2008 13:46:14 +0000 (13:46 +0000)]
Fix crash in BN_rshift.
PR: 1663

16 years agoHarmonize Camellia API with version 1.x.
Andy Polyakov [Tue, 28 Oct 2008 12:13:52 +0000 (12:13 +0000)]
Harmonize Camellia API with version 1.x.

16 years agoCamellia update. Quoting camellia.c:
Andy Polyakov [Tue, 28 Oct 2008 08:47:24 +0000 (08:47 +0000)]
Camellia update. Quoting camellia.c:

/*
 * This release balances code size and performance. In particular key
 * schedule setup is fully unrolled, because doing so *significantly*
 * reduces amount of instructions per setup round and code increase is
 * justifiable. In block functions on the other hand only inner loops
 * are unrolled, as full unroll gives only nominal performance boost,
 * while code size grows 4 or 7 times. Also, unlike previous versions
 * this one "encourages" compiler to keep intermediate variables in
 * registers, which should give better "all round" results, in other
 * words reasonable performance even with not so modern compilers.
 */

16 years agox86_64-xlate.pl update: refine SEH support.
Andy Polyakov [Tue, 28 Oct 2008 08:40:07 +0000 (08:40 +0000)]
x86_64-xlate.pl update: refine SEH support.

16 years agoWin32 fixes... add new directory to build system. Fix warnings.
Dr. Stephen Henson [Mon, 27 Oct 2008 12:31:13 +0000 (12:31 +0000)]
Win32 fixes... add new directory to build system. Fix warnings.

16 years agoFix warnings and various issues.
Dr. Stephen Henson [Mon, 27 Oct 2008 12:02:52 +0000 (12:02 +0000)]
Fix warnings and various issues.

C++ style comments.
Signed/unsigned warning in apps.c
Missing targets in jpake/Makefile

16 years agoAdd JPAKE.
Ben Laurie [Sun, 26 Oct 2008 18:40:52 +0000 (18:40 +0000)]
Add JPAKE.

16 years agoAdd support for -crlnumber option in crl utility.
Dr. Stephen Henson [Wed, 22 Oct 2008 19:54:55 +0000 (19:54 +0000)]
Add support for -crlnumber option in crl utility.

16 years agoAdd permanentIdentifier OID.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:48:11 +0000 (18:48 +0000)]
Add permanentIdentifier OID.

16 years agoCreate function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
Dr. Stephen Henson [Wed, 22 Oct 2008 15:43:01 +0000 (15:43 +0000)]
Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.

This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()

16 years agoApparently '__top' is also risky, obfuscate further. (All this to
Geoff Thorpe [Wed, 22 Oct 2008 12:00:15 +0000 (12:00 +0000)]
Apparently '__top' is also risky, obfuscate further. (All this to
avoid inlines...)

16 years agoAllow detection of input EOF in quiet mode by adding -no_ign_eof option
Lutz Jänicke [Wed, 22 Oct 2008 06:46:14 +0000 (06:46 +0000)]
Allow detection of input EOF in quiet mode by adding -no_ign_eof option
to s_client application.
PR: #1761
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoUse of a 'top' var creates "shadow variable" warnings.
Geoff Thorpe [Wed, 22 Oct 2008 01:25:45 +0000 (01:25 +0000)]
Use of a 'top' var creates "shadow variable" warnings.

16 years agoReinstate obj_xref.h as it is not auto generated on all platforms.
Dr. Stephen Henson [Mon, 20 Oct 2008 15:12:48 +0000 (15:12 +0000)]
Reinstate obj_xref.h as it is not auto generated on all platforms.

16 years agoFix a shed load or warnings:
Dr. Stephen Henson [Mon, 20 Oct 2008 15:12:00 +0000 (15:12 +0000)]
Fix a shed load or warnings:

Duplicate const.
Use of ; outside function.

16 years agoAdd missing "-d" to option list of openssl version.
Lutz Jänicke [Mon, 20 Oct 2008 12:53:36 +0000 (12:53 +0000)]
Add missing "-d" to option list of openssl version.

Submitted by: Alex Chen <alex_chen@filemaker.com>

16 years agoConstification.
Ben Laurie [Sun, 19 Oct 2008 22:51:27 +0000 (22:51 +0000)]
Constification.

16 years agoFix Warning...
Dr. Stephen Henson [Sun, 19 Oct 2008 17:22:34 +0000 (17:22 +0000)]
Fix Warning...

16 years agoFix multiple ; warning.
Dr. Stephen Henson [Sat, 18 Oct 2008 15:02:59 +0000 (15:02 +0000)]
Fix multiple ; warning.

16 years agoFix warning a different way.
Ben Laurie [Sat, 18 Oct 2008 12:12:34 +0000 (12:12 +0000)]
Fix warning a different way.

16 years agoFix argument order in BN_nnmod call and implement rigorous boundary
Andy Polyakov [Thu, 16 Oct 2008 07:54:41 +0000 (07:54 +0000)]
Fix argument order in BN_nnmod call and implement rigorous boundary
condition check.

16 years agoOptimize bn_correct_top.
Andy Polyakov [Wed, 15 Oct 2008 10:48:52 +0000 (10:48 +0000)]
Optimize bn_correct_top.

16 years agoRemove redundant BN_ucmp, fix boundary condition in BN_nist_mod_224 and
Andy Polyakov [Wed, 15 Oct 2008 10:47:48 +0000 (10:47 +0000)]
Remove redundant BN_ucmp, fix boundary condition in BN_nist_mod_224 and
reimplement BN_nist_mod_521.

16 years agoSet comparison function in v3_add_canonize().
Ben Laurie [Tue, 14 Oct 2008 19:27:07 +0000 (19:27 +0000)]
Set comparison function in v3_add_canonize().

16 years agoAdd XMPP STARTTLS support.
Ben Laurie [Tue, 14 Oct 2008 19:11:26 +0000 (19:11 +0000)]
Add XMPP STARTTLS support.

16 years agoOoops... remove code accidentally commited from FIPS version.
Dr. Stephen Henson [Tue, 14 Oct 2008 15:44:14 +0000 (15:44 +0000)]
Ooops... remove code accidentally commited from FIPS version.

16 years agoAdd missing lock definitions...
Dr. Stephen Henson [Tue, 14 Oct 2008 15:24:49 +0000 (15:24 +0000)]
Add missing lock definitions...

16 years agoAdd missing lock definitions.
Dr. Stephen Henson [Tue, 14 Oct 2008 15:22:11 +0000 (15:22 +0000)]
Add missing lock definitions.

16 years agoType-safe OBJ_bsearch_ex.
Ben Laurie [Tue, 14 Oct 2008 08:10:52 +0000 (08:10 +0000)]
Type-safe OBJ_bsearch_ex.

16 years agoRemove the DTLS1_BAD_VER thing from 0.9.9-dev. It is present in 0.9.8
Lutz Jänicke [Mon, 13 Oct 2008 06:45:59 +0000 (06:45 +0000)]
Remove the DTLS1_BAD_VER thing from 0.9.9-dev. It is present in 0.9.8
but has been omitted from HEAD (0.9.9), see commit
  http://cvs.openssl.org/chngview?cn=16627
by appro.

16 years agoHalf of the commit for 0.9.8 as the bitmap handling has changed.
Lutz Jänicke [Mon, 13 Oct 2008 06:43:03 +0000 (06:43 +0000)]
Half of the commit for 0.9.8 as the bitmap handling has changed.
(Firstly... ommitted)

Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoType-checked (and modern C compliant) OBJ_bsearch.
Ben Laurie [Sun, 12 Oct 2008 14:32:47 +0000 (14:32 +0000)]
Type-checked (and modern C compliant) OBJ_bsearch.

16 years agoAdd missing DTLS1_BAD_VER (hope I got the value right).
Ben Laurie [Sun, 12 Oct 2008 14:04:34 +0000 (14:04 +0000)]
Add missing DTLS1_BAD_VER (hope I got the value right).

16 years agoWhen the underlying BIO_write() fails to send a datagram, we leave the
Lutz Jänicke [Fri, 10 Oct 2008 10:41:35 +0000 (10:41 +0000)]
When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().

The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>

16 years agoExperimental new date handling routines. These fix issues with X509_time_adj()
Dr. Stephen Henson [Tue, 7 Oct 2008 22:55:27 +0000 (22:55 +0000)]
Experimental new date handling routines. These fix issues with X509_time_adj()
and should avoid any OS date limitations such as the year 2038 bug.

16 years agoFix incorrect command for assember file generation on IA64
Lutz Jänicke [Mon, 6 Oct 2008 10:34:49 +0000 (10:34 +0000)]
Fix incorrect command for assember file generation on IA64

Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>

16 years agoFix EC_KEY_check_key.
Andy Polyakov [Tue, 23 Sep 2008 17:33:11 +0000 (17:33 +0000)]
Fix EC_KEY_check_key.

16 years agoMake sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
Bodo Möller [Mon, 22 Sep 2008 21:22:47 +0000 (21:22 +0000)]
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.

16 years agoFrom branch OpenSSL_0_9_8-stable: Allow soft-loading engines.
Bodo Möller [Mon, 15 Sep 2008 20:41:24 +0000 (20:41 +0000)]
From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.

Also, fix CHANGES (consistency with stable branch).

16 years agoAdd missing CHANGES entry.
Dr. Stephen Henson [Mon, 15 Sep 2008 20:30:58 +0000 (20:30 +0000)]
Add missing CHANGES entry.

16 years agofrom 0.9.8 branch
Bodo Möller [Mon, 15 Sep 2008 20:30:17 +0000 (20:30 +0000)]
from 0.9.8 branch

16 years agoUpdate FAQ.
Dr. Stephen Henson [Mon, 15 Sep 2008 11:27:58 +0000 (11:27 +0000)]
Update FAQ.

16 years agoFix yesterday typos in bss_dgram.c.
Andy Polyakov [Mon, 15 Sep 2008 05:43:04 +0000 (05:43 +0000)]
Fix yesterday typos in bss_dgram.c.

16 years agoFix build warnings.
Geoff Thorpe [Mon, 15 Sep 2008 04:02:37 +0000 (04:02 +0000)]
Fix build warnings.

16 years agoupdate comment
Bodo Möller [Sun, 14 Sep 2008 19:50:55 +0000 (19:50 +0000)]
update comment

16 years agoWinsock handles SO_RCVTIMEO in unique manner...
Andy Polyakov [Sun, 14 Sep 2008 19:22:52 +0000 (19:22 +0000)]
Winsock handles SO_RCVTIMEO in unique manner...
PR: 1648

16 years agooops
Bodo Möller [Sun, 14 Sep 2008 18:16:07 +0000 (18:16 +0000)]
oops

16 years agodtls1_write_bytes consumers expect amount of bytes written per call, not
Andy Polyakov [Sun, 14 Sep 2008 17:56:15 +0000 (17:56 +0000)]
dtls1_write_bytes consumers expect amount of bytes written per call, not
overall.
PR: 1604

16 years agoFix SSL state transitions.
Bodo Möller [Sun, 14 Sep 2008 14:02:07 +0000 (14:02 +0000)]
Fix SSL state transitions.

Submitted by: Nagendra Modadugu

16 years agoNote about CVS branch inconsistency.
Bodo Möller [Sun, 14 Sep 2008 13:53:18 +0000 (13:53 +0000)]
Note about CVS branch inconsistency.

16 years agoReally get rid of unsafe double-checked locking.
Bodo Möller [Sun, 14 Sep 2008 13:51:44 +0000 (13:51 +0000)]
Really get rid of unsafe double-checked locking.

Also, "CHANGES" clean-ups.

16 years agoSome precautions to avoid potential security-relevant problems.
Bodo Möller [Sun, 14 Sep 2008 13:42:34 +0000 (13:42 +0000)]
Some precautions to avoid potential security-relevant problems.

16 years agoDTLS didn't handle alerts correctly.
Andy Polyakov [Sat, 13 Sep 2008 18:24:38 +0000 (18:24 +0000)]
DTLS didn't handle alerts correctly.
PR: 1632

16 years agoAIX build updates.
Andy Polyakov [Fri, 12 Sep 2008 14:45:54 +0000 (14:45 +0000)]
AIX build updates.

16 years agoAdd SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new
Dr. Stephen Henson [Wed, 10 Sep 2008 16:02:09 +0000 (16:02 +0000)]
Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new
strength "FIPS" to represent all FIPS approved ciphersuites without NULL
encryption.

16 years agoIgnoring errors in makedepend can hide problems.
Ben Laurie [Tue, 9 Sep 2008 19:08:40 +0000 (19:08 +0000)]
Ignoring errors in makedepend can hide problems.

16 years agoFix warning.
Ben Laurie [Sun, 7 Sep 2008 13:22:34 +0000 (13:22 +0000)]
Fix warning.

16 years agoFix from stable branch.
Dr. Stephen Henson [Wed, 3 Sep 2008 22:17:11 +0000 (22:17 +0000)]
Fix from stable branch.

16 years agoDo not discard cached handshake records during resumed sessions:
Dr. Stephen Henson [Wed, 3 Sep 2008 12:36:16 +0000 (12:36 +0000)]
Do not discard cached handshake records during resumed sessions:
they are used for mac computation.

16 years agoMake no-tlsext compile.
Dr. Stephen Henson [Wed, 3 Sep 2008 12:29:57 +0000 (12:29 +0000)]
Make no-tlsext compile.

16 years agoPerl script to run and verify OpenSSL against PKITS RFC3280 compliance
Dr. Stephen Henson [Mon, 1 Sep 2008 15:53:53 +0000 (15:53 +0000)]
Perl script to run and verify OpenSSL against PKITS RFC3280 compliance
test suite.

16 years agoInitial support for delta CRLs. If "use deltas" flag is set attempt to find
Dr. Stephen Henson [Mon, 1 Sep 2008 15:15:16 +0000 (15:15 +0000)]
Initial support for delta CRLs. If "use deltas" flag is set attempt to find
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.

16 years agoAdd support for CRLs partitioned by reason code.
Dr. Stephen Henson [Fri, 29 Aug 2008 11:37:21 +0000 (11:37 +0000)]
Add support for CRLs partitioned by reason code.

Tidy CRL scoring system.

Add new CRL path validation error.

16 years agoAdd support for freshest CRL extension.
Dr. Stephen Henson [Wed, 27 Aug 2008 15:52:05 +0000 (15:52 +0000)]
Add support for freshest CRL extension.

16 years agoInitial indirect CRL support.
Dr. Stephen Henson [Wed, 20 Aug 2008 16:42:19 +0000 (16:42 +0000)]
Initial indirect CRL support.

16 years agoSupport for certificateIssuer CRL entry extension.
Dr. Stephen Henson [Mon, 18 Aug 2008 16:48:47 +0000 (16:48 +0000)]
Support for certificateIssuer CRL entry extension.

16 years agoDon't use assertions to check application-provided arguments;
Bodo Möller [Thu, 14 Aug 2008 21:37:51 +0000 (21:37 +0000)]
Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.