Dr. Stephen Henson [Mon, 10 Nov 2008 19:08:37 +0000 (19:08 +0000)]
Make -DKSSL_DEBUG work again.
Lutz Jänicke [Mon, 10 Nov 2008 11:26:44 +0000 (11:26 +0000)]
Clarify (non-)blocking behavior of EGD socket interface used by RAND_egd().
Dr. Stephen Henson [Wed, 5 Nov 2008 23:14:32 +0000 (23:14 +0000)]
PR: 1777
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>
Approved by: steve@openssl.org
Fix some size_t issues.
Dr. Stephen Henson [Wed, 5 Nov 2008 18:39:08 +0000 (18:39 +0000)]
Update obsolete email address...
Dr. Stephen Henson [Wed, 5 Nov 2008 18:28:24 +0000 (18:28 +0000)]
Don't use clobbered 'i' for checking UTCTime and GeneralizedTime length.
Ben Laurie [Tue, 4 Nov 2008 15:16:23 +0000 (15:16 +0000)]
Only one of these needs to be signed.
Ben Laurie [Tue, 4 Nov 2008 12:06:09 +0000 (12:06 +0000)]
Formatting.
Andy Polyakov [Mon, 3 Nov 2008 21:15:07 +0000 (21:15 +0000)]
Add initial support for mingw64.
PR: 1693
Submitted by: Alon Bar-Lev
Andy Polyakov [Mon, 3 Nov 2008 08:46:07 +0000 (08:46 +0000)]
Minor perlasm updates.
Dr. Stephen Henson [Sun, 2 Nov 2008 18:29:27 +0000 (18:29 +0000)]
Not sure about this one... seems to be needed to make 64 bit release
builds work properly...
Dr. Stephen Henson [Sun, 2 Nov 2008 18:12:36 +0000 (18:12 +0000)]
Fix prototypes.
Dr. Stephen Henson [Sun, 2 Nov 2008 16:56:13 +0000 (16:56 +0000)]
Use stddef.h to pick up size_t def.
Dr. Stephen Henson [Sun, 2 Nov 2008 16:13:19 +0000 (16:13 +0000)]
Fix prototypes.
Dr. Stephen Henson [Sun, 2 Nov 2008 16:00:39 +0000 (16:00 +0000)]
Update HMAC functions to return an error where relevant.
Dr. Stephen Henson [Sun, 2 Nov 2008 15:41:30 +0000 (15:41 +0000)]
Fix warnings: printf format mismatches on 64 bit platforms.
Change assert to OPENSSL_assert().
Fix e_padlock prototype.
Ben Laurie [Sun, 2 Nov 2008 13:15:06 +0000 (13:15 +0000)]
Fix asserts. Fix incorrect dependency.
Dr. Stephen Henson [Sun, 2 Nov 2008 12:50:48 +0000 (12:50 +0000)]
Fix warnings about mismatched prototypes, undefined size_t and value computed
not used.
Ben Laurie [Sun, 2 Nov 2008 09:22:29 +0000 (09:22 +0000)]
Fix warnings.
Ben Laurie [Sun, 2 Nov 2008 09:00:25 +0000 (09:00 +0000)]
Fix warning.
Andy Polyakov [Sat, 1 Nov 2008 21:09:54 +0000 (21:09 +0000)]
Fix bss_log.c on Windows.
Ben Laurie [Sat, 1 Nov 2008 16:40:37 +0000 (16:40 +0000)]
More size_tification.
Ben Laurie [Sat, 1 Nov 2008 14:37:00 +0000 (14:37 +0000)]
size_tification.
Andy Polyakov [Sat, 1 Nov 2008 12:46:18 +0000 (12:46 +0000)]
Fix SHA512 and optimize BN for mingw64.
Andy Polyakov [Fri, 31 Oct 2008 20:20:54 +0000 (20:20 +0000)]
Fix warnings after commit#17578.
Andy Polyakov [Fri, 31 Oct 2008 19:48:25 +0000 (19:48 +0000)]
size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
underlying cipher to be size_t-fied, it allows for size_t, signed and
unsigned long. It maintains source and even binary compatibility.
Andy Polyakov [Fri, 31 Oct 2008 19:30:11 +0000 (19:30 +0000)]
size_t-fy AES, Camellia and RC4.
Dr. Stephen Henson [Fri, 31 Oct 2008 12:06:25 +0000 (12:06 +0000)]
Add install target to crypto/jpake/Makefile
Ben Laurie [Wed, 29 Oct 2008 05:10:09 +0000 (05:10 +0000)]
Fix warning.
Andy Polyakov [Tue, 28 Oct 2008 16:25:47 +0000 (16:25 +0000)]
randfile.c: .rnd can become orphaned on VMS.
Submitted by: David North
Andy Polyakov [Tue, 28 Oct 2008 15:29:25 +0000 (15:29 +0000)]
.cvsignore update: ignore all flavors of shared objects.
Andy Polyakov [Tue, 28 Oct 2008 15:09:06 +0000 (15:09 +0000)]
Fix typo in ./config.
Submitted by: Sander Temme
Andy Polyakov [Tue, 28 Oct 2008 13:53:51 +0000 (13:53 +0000)]
ec2_mult.c readability update.
Andy Polyakov [Tue, 28 Oct 2008 13:52:51 +0000 (13:52 +0000)]
Minor clean-up in bn_lib.c: constification and optimization.
Andy Polyakov [Tue, 28 Oct 2008 13:46:14 +0000 (13:46 +0000)]
Fix crash in BN_rshift.
PR: 1663
Andy Polyakov [Tue, 28 Oct 2008 12:13:52 +0000 (12:13 +0000)]
Harmonize Camellia API with version 1.x.
Andy Polyakov [Tue, 28 Oct 2008 08:47:24 +0000 (08:47 +0000)]
Camellia update. Quoting camellia.c:
/*
* This release balances code size and performance. In particular key
* schedule setup is fully unrolled, because doing so *significantly*
* reduces amount of instructions per setup round and code increase is
* justifiable. In block functions on the other hand only inner loops
* are unrolled, as full unroll gives only nominal performance boost,
* while code size grows 4 or 7 times. Also, unlike previous versions
* this one "encourages" compiler to keep intermediate variables in
* registers, which should give better "all round" results, in other
* words reasonable performance even with not so modern compilers.
*/
Andy Polyakov [Tue, 28 Oct 2008 08:40:07 +0000 (08:40 +0000)]
x86_64-xlate.pl update: refine SEH support.
Dr. Stephen Henson [Mon, 27 Oct 2008 12:31:13 +0000 (12:31 +0000)]
Win32 fixes... add new directory to build system. Fix warnings.
Dr. Stephen Henson [Mon, 27 Oct 2008 12:02:52 +0000 (12:02 +0000)]
Fix warnings and various issues.
C++ style comments.
Signed/unsigned warning in apps.c
Missing targets in jpake/Makefile
Ben Laurie [Sun, 26 Oct 2008 18:40:52 +0000 (18:40 +0000)]
Add JPAKE.
Dr. Stephen Henson [Wed, 22 Oct 2008 19:54:55 +0000 (19:54 +0000)]
Add support for -crlnumber option in crl utility.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:48:11 +0000 (18:48 +0000)]
Add permanentIdentifier OID.
Dr. Stephen Henson [Wed, 22 Oct 2008 15:43:01 +0000 (15:43 +0000)]
Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.
This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
Geoff Thorpe [Wed, 22 Oct 2008 12:00:15 +0000 (12:00 +0000)]
Apparently '__top' is also risky, obfuscate further. (All this to
avoid inlines...)
Lutz Jänicke [Wed, 22 Oct 2008 06:46:14 +0000 (06:46 +0000)]
Allow detection of input EOF in quiet mode by adding -no_ign_eof option
to s_client application.
PR: #1761
Submitted by: David Woodhouse <dwmw2@infradead.org>
Geoff Thorpe [Wed, 22 Oct 2008 01:25:45 +0000 (01:25 +0000)]
Use of a 'top' var creates "shadow variable" warnings.
Dr. Stephen Henson [Mon, 20 Oct 2008 15:12:48 +0000 (15:12 +0000)]
Reinstate obj_xref.h as it is not auto generated on all platforms.
Dr. Stephen Henson [Mon, 20 Oct 2008 15:12:00 +0000 (15:12 +0000)]
Fix a shed load or warnings:
Duplicate const.
Use of ; outside function.
Lutz Jänicke [Mon, 20 Oct 2008 12:53:36 +0000 (12:53 +0000)]
Add missing "-d" to option list of openssl version.
Submitted by: Alex Chen <alex_chen@filemaker.com>
Ben Laurie [Sun, 19 Oct 2008 22:51:27 +0000 (22:51 +0000)]
Constification.
Dr. Stephen Henson [Sun, 19 Oct 2008 17:22:34 +0000 (17:22 +0000)]
Fix Warning...
Dr. Stephen Henson [Sat, 18 Oct 2008 15:02:59 +0000 (15:02 +0000)]
Fix multiple ; warning.
Ben Laurie [Sat, 18 Oct 2008 12:12:34 +0000 (12:12 +0000)]
Fix warning a different way.
Andy Polyakov [Thu, 16 Oct 2008 07:54:41 +0000 (07:54 +0000)]
Fix argument order in BN_nnmod call and implement rigorous boundary
condition check.
Andy Polyakov [Wed, 15 Oct 2008 10:48:52 +0000 (10:48 +0000)]
Optimize bn_correct_top.
Andy Polyakov [Wed, 15 Oct 2008 10:47:48 +0000 (10:47 +0000)]
Remove redundant BN_ucmp, fix boundary condition in BN_nist_mod_224 and
reimplement BN_nist_mod_521.
Ben Laurie [Tue, 14 Oct 2008 19:27:07 +0000 (19:27 +0000)]
Set comparison function in v3_add_canonize().
Ben Laurie [Tue, 14 Oct 2008 19:11:26 +0000 (19:11 +0000)]
Add XMPP STARTTLS support.
Dr. Stephen Henson [Tue, 14 Oct 2008 15:44:14 +0000 (15:44 +0000)]
Ooops... remove code accidentally commited from FIPS version.
Dr. Stephen Henson [Tue, 14 Oct 2008 15:24:49 +0000 (15:24 +0000)]
Add missing lock definitions...
Dr. Stephen Henson [Tue, 14 Oct 2008 15:22:11 +0000 (15:22 +0000)]
Add missing lock definitions.
Ben Laurie [Tue, 14 Oct 2008 08:10:52 +0000 (08:10 +0000)]
Type-safe OBJ_bsearch_ex.
Lutz Jänicke [Mon, 13 Oct 2008 06:45:59 +0000 (06:45 +0000)]
Remove the DTLS1_BAD_VER thing from 0.9.9-dev. It is present in 0.9.8
but has been omitted from HEAD (0.9.9), see commit
http://cvs.openssl.org/chngview?cn=16627
by appro.
Lutz Jänicke [Mon, 13 Oct 2008 06:43:03 +0000 (06:43 +0000)]
Half of the commit for 0.9.8 as the bitmap handling has changed.
(Firstly... ommitted)
Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>
Ben Laurie [Sun, 12 Oct 2008 14:32:47 +0000 (14:32 +0000)]
Type-checked (and modern C compliant) OBJ_bsearch.
Ben Laurie [Sun, 12 Oct 2008 14:04:34 +0000 (14:04 +0000)]
Add missing DTLS1_BAD_VER (hope I got the value right).
Lutz Jänicke [Fri, 10 Oct 2008 10:41:35 +0000 (10:41 +0000)]
When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().
The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>
Dr. Stephen Henson [Tue, 7 Oct 2008 22:55:27 +0000 (22:55 +0000)]
Experimental new date handling routines. These fix issues with X509_time_adj()
and should avoid any OS date limitations such as the year 2038 bug.
Lutz Jänicke [Mon, 6 Oct 2008 10:34:49 +0000 (10:34 +0000)]
Fix incorrect command for assember file generation on IA64
Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>
Andy Polyakov [Tue, 23 Sep 2008 17:33:11 +0000 (17:33 +0000)]
Fix EC_KEY_check_key.
Bodo Möller [Mon, 22 Sep 2008 21:22:47 +0000 (21:22 +0000)]
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.
Bodo Möller [Mon, 15 Sep 2008 20:41:24 +0000 (20:41 +0000)]
From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.
Also, fix CHANGES (consistency with stable branch).
Dr. Stephen Henson [Mon, 15 Sep 2008 20:30:58 +0000 (20:30 +0000)]
Add missing CHANGES entry.
Bodo Möller [Mon, 15 Sep 2008 20:30:17 +0000 (20:30 +0000)]
from 0.9.8 branch
Dr. Stephen Henson [Mon, 15 Sep 2008 11:27:58 +0000 (11:27 +0000)]
Update FAQ.
Andy Polyakov [Mon, 15 Sep 2008 05:43:04 +0000 (05:43 +0000)]
Fix yesterday typos in bss_dgram.c.
Geoff Thorpe [Mon, 15 Sep 2008 04:02:37 +0000 (04:02 +0000)]
Fix build warnings.
Bodo Möller [Sun, 14 Sep 2008 19:50:55 +0000 (19:50 +0000)]
update comment
Andy Polyakov [Sun, 14 Sep 2008 19:22:52 +0000 (19:22 +0000)]
Winsock handles SO_RCVTIMEO in unique manner...
PR: 1648
Bodo Möller [Sun, 14 Sep 2008 18:16:07 +0000 (18:16 +0000)]
oops
Andy Polyakov [Sun, 14 Sep 2008 17:56:15 +0000 (17:56 +0000)]
dtls1_write_bytes consumers expect amount of bytes written per call, not
overall.
PR: 1604
Bodo Möller [Sun, 14 Sep 2008 14:02:07 +0000 (14:02 +0000)]
Fix SSL state transitions.
Submitted by: Nagendra Modadugu
Bodo Möller [Sun, 14 Sep 2008 13:53:18 +0000 (13:53 +0000)]
Note about CVS branch inconsistency.
Bodo Möller [Sun, 14 Sep 2008 13:51:44 +0000 (13:51 +0000)]
Really get rid of unsafe double-checked locking.
Also, "CHANGES" clean-ups.
Bodo Möller [Sun, 14 Sep 2008 13:42:34 +0000 (13:42 +0000)]
Some precautions to avoid potential security-relevant problems.
Andy Polyakov [Sat, 13 Sep 2008 18:24:38 +0000 (18:24 +0000)]
DTLS didn't handle alerts correctly.
PR: 1632
Andy Polyakov [Fri, 12 Sep 2008 14:45:54 +0000 (14:45 +0000)]
AIX build updates.
Dr. Stephen Henson [Wed, 10 Sep 2008 16:02:09 +0000 (16:02 +0000)]
Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new
strength "FIPS" to represent all FIPS approved ciphersuites without NULL
encryption.
Ben Laurie [Tue, 9 Sep 2008 19:08:40 +0000 (19:08 +0000)]
Ignoring errors in makedepend can hide problems.
Ben Laurie [Sun, 7 Sep 2008 13:22:34 +0000 (13:22 +0000)]
Fix warning.
Dr. Stephen Henson [Wed, 3 Sep 2008 22:17:11 +0000 (22:17 +0000)]
Fix from stable branch.
Dr. Stephen Henson [Wed, 3 Sep 2008 12:36:16 +0000 (12:36 +0000)]
Do not discard cached handshake records during resumed sessions:
they are used for mac computation.
Dr. Stephen Henson [Wed, 3 Sep 2008 12:29:57 +0000 (12:29 +0000)]
Make no-tlsext compile.
Dr. Stephen Henson [Mon, 1 Sep 2008 15:53:53 +0000 (15:53 +0000)]
Perl script to run and verify OpenSSL against PKITS RFC3280 compliance
test suite.
Dr. Stephen Henson [Mon, 1 Sep 2008 15:15:16 +0000 (15:15 +0000)]
Initial support for delta CRLs. If "use deltas" flag is set attempt to find
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
Dr. Stephen Henson [Fri, 29 Aug 2008 11:37:21 +0000 (11:37 +0000)]
Add support for CRLs partitioned by reason code.
Tidy CRL scoring system.
Add new CRL path validation error.
Dr. Stephen Henson [Wed, 27 Aug 2008 15:52:05 +0000 (15:52 +0000)]
Add support for freshest CRL extension.
Dr. Stephen Henson [Wed, 20 Aug 2008 16:42:19 +0000 (16:42 +0000)]
Initial indirect CRL support.
Dr. Stephen Henson [Mon, 18 Aug 2008 16:48:47 +0000 (16:48 +0000)]
Support for certificateIssuer CRL entry extension.
Bodo Möller [Thu, 14 Aug 2008 21:37:51 +0000 (21:37 +0000)]
Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.