Andy Polyakov [Tue, 28 Oct 2008 08:40:07 +0000 (08:40 +0000)]
x86_64-xlate.pl update: refine SEH support.
Dr. Stephen Henson [Mon, 27 Oct 2008 12:31:13 +0000 (12:31 +0000)]
Win32 fixes... add new directory to build system. Fix warnings.
Dr. Stephen Henson [Mon, 27 Oct 2008 12:02:52 +0000 (12:02 +0000)]
Fix warnings and various issues.
C++ style comments.
Signed/unsigned warning in apps.c
Missing targets in jpake/Makefile
Ben Laurie [Sun, 26 Oct 2008 18:40:52 +0000 (18:40 +0000)]
Add JPAKE.
Dr. Stephen Henson [Wed, 22 Oct 2008 19:54:55 +0000 (19:54 +0000)]
Add support for -crlnumber option in crl utility.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:48:11 +0000 (18:48 +0000)]
Add permanentIdentifier OID.
Dr. Stephen Henson [Wed, 22 Oct 2008 15:43:01 +0000 (15:43 +0000)]
Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.
This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
Geoff Thorpe [Wed, 22 Oct 2008 12:00:15 +0000 (12:00 +0000)]
Apparently '__top' is also risky, obfuscate further. (All this to
avoid inlines...)
Lutz Jänicke [Wed, 22 Oct 2008 06:46:14 +0000 (06:46 +0000)]
Allow detection of input EOF in quiet mode by adding -no_ign_eof option
to s_client application.
PR: #1761
Submitted by: David Woodhouse <dwmw2@infradead.org>
Geoff Thorpe [Wed, 22 Oct 2008 01:25:45 +0000 (01:25 +0000)]
Use of a 'top' var creates "shadow variable" warnings.
Dr. Stephen Henson [Mon, 20 Oct 2008 15:12:48 +0000 (15:12 +0000)]
Reinstate obj_xref.h as it is not auto generated on all platforms.
Dr. Stephen Henson [Mon, 20 Oct 2008 15:12:00 +0000 (15:12 +0000)]
Fix a shed load or warnings:
Duplicate const.
Use of ; outside function.
Lutz Jänicke [Mon, 20 Oct 2008 12:53:36 +0000 (12:53 +0000)]
Add missing "-d" to option list of openssl version.
Submitted by: Alex Chen <alex_chen@filemaker.com>
Ben Laurie [Sun, 19 Oct 2008 22:51:27 +0000 (22:51 +0000)]
Constification.
Dr. Stephen Henson [Sun, 19 Oct 2008 17:22:34 +0000 (17:22 +0000)]
Fix Warning...
Dr. Stephen Henson [Sat, 18 Oct 2008 15:02:59 +0000 (15:02 +0000)]
Fix multiple ; warning.
Ben Laurie [Sat, 18 Oct 2008 12:12:34 +0000 (12:12 +0000)]
Fix warning a different way.
Andy Polyakov [Thu, 16 Oct 2008 07:54:41 +0000 (07:54 +0000)]
Fix argument order in BN_nnmod call and implement rigorous boundary
condition check.
Andy Polyakov [Wed, 15 Oct 2008 10:48:52 +0000 (10:48 +0000)]
Optimize bn_correct_top.
Andy Polyakov [Wed, 15 Oct 2008 10:47:48 +0000 (10:47 +0000)]
Remove redundant BN_ucmp, fix boundary condition in BN_nist_mod_224 and
reimplement BN_nist_mod_521.
Ben Laurie [Tue, 14 Oct 2008 19:27:07 +0000 (19:27 +0000)]
Set comparison function in v3_add_canonize().
Ben Laurie [Tue, 14 Oct 2008 19:11:26 +0000 (19:11 +0000)]
Add XMPP STARTTLS support.
Dr. Stephen Henson [Tue, 14 Oct 2008 15:44:14 +0000 (15:44 +0000)]
Ooops... remove code accidentally commited from FIPS version.
Dr. Stephen Henson [Tue, 14 Oct 2008 15:24:49 +0000 (15:24 +0000)]
Add missing lock definitions...
Dr. Stephen Henson [Tue, 14 Oct 2008 15:22:11 +0000 (15:22 +0000)]
Add missing lock definitions.
Ben Laurie [Tue, 14 Oct 2008 08:10:52 +0000 (08:10 +0000)]
Type-safe OBJ_bsearch_ex.
Lutz Jänicke [Mon, 13 Oct 2008 06:45:59 +0000 (06:45 +0000)]
Remove the DTLS1_BAD_VER thing from 0.9.9-dev. It is present in 0.9.8
but has been omitted from HEAD (0.9.9), see commit
http://cvs.openssl.org/chngview?cn=16627
by appro.
Lutz Jänicke [Mon, 13 Oct 2008 06:43:03 +0000 (06:43 +0000)]
Half of the commit for 0.9.8 as the bitmap handling has changed.
(Firstly... ommitted)
Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>
Ben Laurie [Sun, 12 Oct 2008 14:32:47 +0000 (14:32 +0000)]
Type-checked (and modern C compliant) OBJ_bsearch.
Ben Laurie [Sun, 12 Oct 2008 14:04:34 +0000 (14:04 +0000)]
Add missing DTLS1_BAD_VER (hope I got the value right).
Lutz Jänicke [Fri, 10 Oct 2008 10:41:35 +0000 (10:41 +0000)]
When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().
The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>
Dr. Stephen Henson [Tue, 7 Oct 2008 22:55:27 +0000 (22:55 +0000)]
Experimental new date handling routines. These fix issues with X509_time_adj()
and should avoid any OS date limitations such as the year 2038 bug.
Lutz Jänicke [Mon, 6 Oct 2008 10:34:49 +0000 (10:34 +0000)]
Fix incorrect command for assember file generation on IA64
Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>
Andy Polyakov [Tue, 23 Sep 2008 17:33:11 +0000 (17:33 +0000)]
Fix EC_KEY_check_key.
Bodo Möller [Mon, 22 Sep 2008 21:22:47 +0000 (21:22 +0000)]
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.
Bodo Möller [Mon, 15 Sep 2008 20:41:24 +0000 (20:41 +0000)]
From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.
Also, fix CHANGES (consistency with stable branch).
Dr. Stephen Henson [Mon, 15 Sep 2008 20:30:58 +0000 (20:30 +0000)]
Add missing CHANGES entry.
Bodo Möller [Mon, 15 Sep 2008 20:30:17 +0000 (20:30 +0000)]
from 0.9.8 branch
Dr. Stephen Henson [Mon, 15 Sep 2008 11:27:58 +0000 (11:27 +0000)]
Update FAQ.
Andy Polyakov [Mon, 15 Sep 2008 05:43:04 +0000 (05:43 +0000)]
Fix yesterday typos in bss_dgram.c.
Geoff Thorpe [Mon, 15 Sep 2008 04:02:37 +0000 (04:02 +0000)]
Fix build warnings.
Bodo Möller [Sun, 14 Sep 2008 19:50:55 +0000 (19:50 +0000)]
update comment
Andy Polyakov [Sun, 14 Sep 2008 19:22:52 +0000 (19:22 +0000)]
Winsock handles SO_RCVTIMEO in unique manner...
PR: 1648
Bodo Möller [Sun, 14 Sep 2008 18:16:07 +0000 (18:16 +0000)]
oops
Andy Polyakov [Sun, 14 Sep 2008 17:56:15 +0000 (17:56 +0000)]
dtls1_write_bytes consumers expect amount of bytes written per call, not
overall.
PR: 1604
Bodo Möller [Sun, 14 Sep 2008 14:02:07 +0000 (14:02 +0000)]
Fix SSL state transitions.
Submitted by: Nagendra Modadugu
Bodo Möller [Sun, 14 Sep 2008 13:53:18 +0000 (13:53 +0000)]
Note about CVS branch inconsistency.
Bodo Möller [Sun, 14 Sep 2008 13:51:44 +0000 (13:51 +0000)]
Really get rid of unsafe double-checked locking.
Also, "CHANGES" clean-ups.
Bodo Möller [Sun, 14 Sep 2008 13:42:34 +0000 (13:42 +0000)]
Some precautions to avoid potential security-relevant problems.
Andy Polyakov [Sat, 13 Sep 2008 18:24:38 +0000 (18:24 +0000)]
DTLS didn't handle alerts correctly.
PR: 1632
Andy Polyakov [Fri, 12 Sep 2008 14:45:54 +0000 (14:45 +0000)]
AIX build updates.
Dr. Stephen Henson [Wed, 10 Sep 2008 16:02:09 +0000 (16:02 +0000)]
Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new
strength "FIPS" to represent all FIPS approved ciphersuites without NULL
encryption.
Ben Laurie [Tue, 9 Sep 2008 19:08:40 +0000 (19:08 +0000)]
Ignoring errors in makedepend can hide problems.
Ben Laurie [Sun, 7 Sep 2008 13:22:34 +0000 (13:22 +0000)]
Fix warning.
Dr. Stephen Henson [Wed, 3 Sep 2008 22:17:11 +0000 (22:17 +0000)]
Fix from stable branch.
Dr. Stephen Henson [Wed, 3 Sep 2008 12:36:16 +0000 (12:36 +0000)]
Do not discard cached handshake records during resumed sessions:
they are used for mac computation.
Dr. Stephen Henson [Wed, 3 Sep 2008 12:29:57 +0000 (12:29 +0000)]
Make no-tlsext compile.
Dr. Stephen Henson [Mon, 1 Sep 2008 15:53:53 +0000 (15:53 +0000)]
Perl script to run and verify OpenSSL against PKITS RFC3280 compliance
test suite.
Dr. Stephen Henson [Mon, 1 Sep 2008 15:15:16 +0000 (15:15 +0000)]
Initial support for delta CRLs. If "use deltas" flag is set attempt to find
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
Dr. Stephen Henson [Fri, 29 Aug 2008 11:37:21 +0000 (11:37 +0000)]
Add support for CRLs partitioned by reason code.
Tidy CRL scoring system.
Add new CRL path validation error.
Dr. Stephen Henson [Wed, 27 Aug 2008 15:52:05 +0000 (15:52 +0000)]
Add support for freshest CRL extension.
Dr. Stephen Henson [Wed, 20 Aug 2008 16:42:19 +0000 (16:42 +0000)]
Initial indirect CRL support.
Dr. Stephen Henson [Mon, 18 Aug 2008 16:48:47 +0000 (16:48 +0000)]
Support for certificateIssuer CRL entry extension.
Bodo Möller [Thu, 14 Aug 2008 21:37:51 +0000 (21:37 +0000)]
Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.
Bodo Möller [Wed, 13 Aug 2008 19:45:06 +0000 (19:45 +0000)]
sanity check
PR: 1679
Bodo Möller [Wed, 13 Aug 2008 19:44:15 +0000 (19:44 +0000)]
fix error function codes
Bodo Möller [Wed, 13 Aug 2008 19:30:01 +0000 (19:30 +0000)]
Mention ERR_remove_state() deprecation, and ERR_remove_thread_state(NULL).
Dr. Stephen Henson [Wed, 13 Aug 2008 16:00:11 +0000 (16:00 +0000)]
Initial support for CRL path validation. This supports distinct certificate
and CRL signing keys.
Dr. Stephen Henson [Tue, 12 Aug 2008 16:07:52 +0000 (16:07 +0000)]
Initial code to support distinct certificate and CRL signing keys where the
CRL issuer is not part of the main path.
Not complete yet and not compiled in because the CRL issuer certificate is
not validated.
Dr. Stephen Henson [Tue, 12 Aug 2008 10:32:56 +0000 (10:32 +0000)]
Support for policy mappings extension.
Delete X509_POLICY_REF code.
Fix handling of invalid policy extensions to return the correct error.
Add command line option to inhibit policy mappings.
Dr. Stephen Henson [Fri, 8 Aug 2008 15:35:29 +0000 (15:35 +0000)]
Initial support for name constraints certificate extension.
TODO: robustness checking on name forms.
Geoff Thorpe [Wed, 6 Aug 2008 16:41:50 +0000 (16:41 +0000)]
Correct the FAQ and the threads man page re: CRYPTO_THREADID changes.
Geoff Thorpe [Wed, 6 Aug 2008 15:54:15 +0000 (15:54 +0000)]
Remove the dual-callback scheme for numeric and pointer thread IDs,
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).
Thanks to Bodo, for invaluable review and feedback.
Andy Polyakov [Wed, 6 Aug 2008 08:58:45 +0000 (08:58 +0000)]
sha1-armv4-large cosmetics.
Andy Polyakov [Wed, 6 Aug 2008 08:47:07 +0000 (08:47 +0000)]
sha1-armv4-large.pl performance improvement. On PXA255 it gives +10% on
8KB block, +60% on 1KB, +160% on 256B...
Geoff Thorpe [Tue, 5 Aug 2008 17:48:02 +0000 (17:48 +0000)]
Fix signed/unsigned warning.
Dr. Stephen Henson [Tue, 5 Aug 2008 15:55:53 +0000 (15:55 +0000)]
Correctly handle errors in CMS I/O code.
Bodo Möller [Mon, 4 Aug 2008 22:10:38 +0000 (22:10 +0000)]
Fix error codes for memory-saving patch.
Also, get rid of compile-time switch OPENSSL_NO_RELEASE_BUFFERS
because it was rather pointless (the new behavior has to be explicitly
requested by setting SSL_MODE_RELEASE_BUFFERS anyway).
Dr. Stephen Henson [Mon, 4 Aug 2008 15:34:27 +0000 (15:34 +0000)]
Add support for nameRelativeToCRLIssuer field in distribution point name
fields.
Dr. Stephen Henson [Sat, 2 Aug 2008 11:16:35 +0000 (11:16 +0000)]
Make explicit_policy handling match expected RFC3280 behaviour.
Lutz Jänicke [Fri, 1 Aug 2008 15:03:20 +0000 (15:03 +0000)]
Refer to SSL_pending from the man page for SSL_read
Dr. Stephen Henson [Wed, 30 Jul 2008 15:49:12 +0000 (15:49 +0000)]
Initial support for alternative CRL issuing certificates.
Allow inibit any policy flag to be set in apps.
Dr. Stephen Henson [Wed, 30 Jul 2008 15:41:42 +0000 (15:41 +0000)]
Policy validation fixes.
Inhibit any policy count should ignore self issued certificates.
Require explicit policy is the number certificate before an explict policy
is required.
Ralf S. Engelschall [Sun, 27 Jul 2008 15:51:35 +0000 (15:51 +0000)]
remove a doubled entry for '-binary' in the usage message
Andy Polyakov [Tue, 22 Jul 2008 08:47:35 +0000 (08:47 +0000)]
Split ms/uplink.pl to corresponding platform versions.
Andy Polyakov [Tue, 22 Jul 2008 08:44:31 +0000 (08:44 +0000)]
perlasm update: implement dataseg directive.
Andy Polyakov [Tue, 22 Jul 2008 08:42:06 +0000 (08:42 +0000)]
x86_64-xlate.pl: implement indirect jump/calls, support for Win64 SEH.
Bodo Möller [Thu, 17 Jul 2008 22:11:53 +0000 (22:11 +0000)]
We should check the eight bytes starting at p[-9] for rollback attack
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.
PR: 1695
Andy Polyakov [Thu, 17 Jul 2008 13:58:21 +0000 (13:58 +0000)]
mem_dbg.c: avoid compiler warnings.
PR: 1693
Submitted by: Stefan Neis
Andy Polyakov [Thu, 17 Jul 2008 09:50:56 +0000 (09:50 +0000)]
Remove junk argument to function_begin in sha/asm/*-586.pl.
PR: 1681
Andy Polyakov [Thu, 17 Jul 2008 09:46:09 +0000 (09:46 +0000)]
x86masm.pl: harmonize functions' alignment.
Bodo Möller [Wed, 16 Jul 2008 18:10:27 +0000 (18:10 +0000)]
Make sure not to read beyond end of buffer
Andy Polyakov [Tue, 15 Jul 2008 19:52:20 +0000 (19:52 +0000)]
x86_64cpuid.pl cosmetics: harmonize $dir treatment with other modules.
Andy Polyakov [Tue, 15 Jul 2008 13:24:16 +0000 (13:24 +0000)]
des-596.pl update: short-circuit reference to DES_SPtrans.
Andy Polyakov [Tue, 15 Jul 2008 13:16:42 +0000 (13:16 +0000)]
x86masm.pl cosmetics.
Andy Polyakov [Tue, 15 Jul 2008 12:50:44 +0000 (12:50 +0000)]
x86nasm.pl update: use pre-defined macros and allow for /safeseh link.
Andy Polyakov [Tue, 15 Jul 2008 12:48:53 +0000 (12:48 +0000)]
Reaffirm that NASM is the only supported assembler for Win32 build.
Dr. Stephen Henson [Sun, 13 Jul 2008 22:38:18 +0000 (22:38 +0000)]
Zero is a valid value for any_skip and map_skip
Dr. Stephen Henson [Sun, 13 Jul 2008 15:55:37 +0000 (15:55 +0000)]
We support inhibit any policy extension, add to table.
Dr. Stephen Henson [Sun, 13 Jul 2008 14:25:36 +0000 (14:25 +0000)]
X509 verification fixes.
Ignore self issued certificates when checking path length constraints.
Duplicate OIDs in policy tree in case they are allocated.
Use anyPolicy from certificate cache and not current tree level.