Dr. Stephen Henson [Tue, 16 Nov 2010 14:56:17 +0000 (14:56 +0000)]
oops, correct version number
Dr. Stephen Henson [Tue, 16 Nov 2010 14:37:28 +0000 (14:37 +0000)]
prepare for release
Dr. Stephen Henson [Tue, 16 Nov 2010 14:26:18 +0000 (14:26 +0000)]
fix CVE-2010-3864
Dr. Stephen Henson [Tue, 2 Nov 2010 15:57:00 +0000 (15:57 +0000)]
Submitted by: Jonathan Dixon <joth@chromium.org>
Reviewed by: steve
If store is NULL set flags correctly.
Dr. Stephen Henson [Mon, 11 Oct 2010 23:28:54 +0000 (23:28 +0000)]
PR: 2295
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
Dr. Stephen Henson [Sun, 10 Oct 2010 12:21:23 +0000 (12:21 +0000)]
PR: 2314
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve
Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
Dr. Stephen Henson [Wed, 6 Oct 2010 18:01:35 +0000 (18:01 +0000)]
We can't always read 6 bytes in an OCSP response: fix so error statuses
are read correctly for non-blocking I/O.
Dr. Stephen Henson [Mon, 4 Oct 2010 13:28:15 +0000 (13:28 +0000)]
Minor documentation fixes, PR#2345
Dr. Stephen Henson [Mon, 4 Oct 2010 13:25:29 +0000 (13:25 +0000)]
Minor documentation fixes, PR#2344
Dr. Stephen Henson [Sun, 3 Oct 2010 18:55:57 +0000 (18:55 +0000)]
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
Dr. Stephen Henson [Mon, 20 Sep 2010 23:25:07 +0000 (23:25 +0000)]
Don't announce tests run in empty directories
Dr. Stephen Henson [Sun, 19 Sep 2010 15:34:23 +0000 (15:34 +0000)]
support customisable rm and mkdir commands
Dr. Stephen Henson [Sun, 19 Sep 2010 11:30:14 +0000 (11:30 +0000)]
update FIPS script generator to make output easier to hand edit
Dr. Stephen Henson [Mon, 30 Aug 2010 23:57:03 +0000 (23:57 +0000)]
fix bug in AES_unwrap()
Bodo Möller [Thu, 26 Aug 2010 12:10:25 +0000 (12:10 +0000)]
ECC library bugfixes.
Submitted by: Emilia Kapser (Google)
Bodo Möller [Thu, 26 Aug 2010 11:15:09 +0000 (11:15 +0000)]
Version tree clarification.
Dr. Stephen Henson [Fri, 9 Jul 2010 17:24:29 +0000 (17:24 +0000)]
PR: 2297
Submitted by: Antony, Benoy <bantony@ebay.com>
Approved by: steve@openssl.org
Fix bug in AES wrap code when t > 0xff.
Dr. Stephen Henson [Thu, 8 Jul 2010 16:51:48 +0000 (16:51 +0000)]
initialise pbe_tmp
Andy Polyakov [Thu, 8 Jul 2010 09:15:14 +0000 (09:15 +0000)]
rand_nw.c: compensate for gcc bug (using %edx instead of %eax at -O3)
[from HEAD].
PR: 2296
Andy Polyakov [Thu, 8 Jul 2010 09:01:33 +0000 (09:01 +0000)]
PROBLEMS: MacOS X is not necessarily a problem anymore [from HEAD].
Dr. Stephen Henson [Thu, 8 Jul 2010 01:23:25 +0000 (01:23 +0000)]
make WIN32 compile work again
Dr. Stephen Henson [Sat, 26 Jun 2010 12:55:01 +0000 (12:55 +0000)]
fix so it is safe to repeatedly add PBE algorithms
Dr. Stephen Henson [Wed, 16 Jun 2010 13:40:09 +0000 (13:40 +0000)]
prepare for next release
Ben Laurie [Sat, 12 Jun 2010 13:18:58 +0000 (13:18 +0000)]
Fix gcc 4.6 warnings. Check TLS server hello extension length.
Dr. Stephen Henson [Tue, 1 Jun 2010 14:47:12 +0000 (14:47 +0000)]
Prepare for release.
Dr. Stephen Henson [Tue, 1 Jun 2010 14:39:57 +0000 (14:39 +0000)]
Fix CVE-2010-0742
Dr. Stephen Henson [Mon, 31 May 2010 13:17:52 +0000 (13:17 +0000)]
fix PR#2261 in a different way
Andy Polyakov [Sun, 30 May 2010 22:02:03 +0000 (22:02 +0000)]
098 aes-x86_64.pl module was erroneously enabled in Win64 build without
being adapted for Win64 ABI. Fix this.
Dr. Stephen Henson [Thu, 27 May 2010 15:02:27 +0000 (15:02 +0000)]
update NEWS file
Dr. Stephen Henson [Thu, 27 May 2010 14:09:22 +0000 (14:09 +0000)]
PR: 2262
Submitted By: Victor Wagner <vitus@cryptocom.ru>
Fix error reporting in load_key function.
Dr. Stephen Henson [Thu, 27 May 2010 13:16:28 +0000 (13:16 +0000)]
PR: 2245
Submitted By: Mounir IDRASSI <mounir.idrassi@idrix.net>
Add /Zi to WIN32 debug builds in 0.9.8 tree.
Dr. Stephen Henson [Thu, 27 May 2010 13:07:54 +0000 (13:07 +0000)]
PR: 2261
Submitted By: De Rudder, Stephen L." <s_derudder@tditx.com>
Workaround for newer Windows headers which define EADDRINUSE but not to the
same value as WSAEADDRINUSE.
Dr. Stephen Henson [Thu, 27 May 2010 12:41:33 +0000 (12:41 +0000)]
PR: 2258
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Base64 BIO fixes:
Use OPENSSL_assert() instead of assert().
Use memmove() as buffers overlap.
Fix write retry logic.
Dr. Stephen Henson [Wed, 26 May 2010 23:23:53 +0000 (23:23 +0000)]
PR: 2266
Submitted By: Jonathan Gray <jsg@goblin.cx>
Correct ioctl definitions.
Dr. Stephen Henson [Wed, 26 May 2010 16:16:49 +0000 (16:16 +0000)]
Avoid use of ex_data free function in Chil ENGINE so it can be safely
reloaded.
Dr. Stephen Henson [Sat, 22 May 2010 00:31:18 +0000 (00:31 +0000)]
PR: 2251
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org
Memleak, BIO chain leak and realloc checks in v3_pci.c
Dr. Stephen Henson [Thu, 20 May 2010 17:36:24 +0000 (17:36 +0000)]
oops, typo
Dr. Stephen Henson [Thu, 20 May 2010 17:33:25 +0000 (17:33 +0000)]
make cms-test.pl consistent with other branches
Dr. Stephen Henson [Sat, 15 May 2010 00:36:40 +0000 (00:36 +0000)]
PR: 2253
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Check callback return value when outputting errors.
Dr. Stephen Henson [Thu, 6 May 2010 13:10:36 +0000 (13:10 +0000)]
Use /MD in FIPS mode for WIN64 too.
Dr. Stephen Henson [Mon, 3 May 2010 15:29:38 +0000 (15:29 +0000)]
PR: 2252
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Update docs to BIO_f_buffer()
Dr. Stephen Henson [Mon, 3 May 2010 13:01:59 +0000 (13:01 +0000)]
PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix bug in bitmask macros and stop warnings.
Andy Polyakov [Tue, 20 Apr 2010 20:28:30 +0000 (20:28 +0000)]
Prevent ERR_print_errors_fp crash on Win32 [from HEAD].
Dr. Stephen Henson [Wed, 14 Apr 2010 13:26:50 +0000 (13:26 +0000)]
PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixed various DTLS fragment reassembly bugs patch for 0.9.8.
Dr. Stephen Henson [Wed, 14 Apr 2010 13:21:37 +0000 (13:21 +0000)]
update FAQ
Dr. Stephen Henson [Wed, 14 Apr 2010 00:41:25 +0000 (00:41 +0000)]
fix signed/unsigned comparison warnings
Dr. Stephen Henson [Wed, 14 Apr 2010 00:17:12 +0000 (00:17 +0000)]
PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix various DTLS fragment reassembly bugs.
Dr. Stephen Henson [Wed, 14 Apr 2010 00:09:39 +0000 (00:09 +0000)]
PR: 2229
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Don't drop DTLS connection if mac or decryption failed.
Dr. Stephen Henson [Wed, 14 Apr 2010 00:02:50 +0000 (00:02 +0000)]
PR: 2228
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS buffer record MAC failure bug.
Richard Levitte [Tue, 13 Apr 2010 08:42:01 +0000 (08:42 +0000)]
Third argument to dtls1_buffer_record is by reference
Dr. Stephen Henson [Wed, 7 Apr 2010 13:19:48 +0000 (13:19 +0000)]
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.
Update docs.
Dr. Stephen Henson [Tue, 6 Apr 2010 15:02:43 +0000 (15:02 +0000)]
Remove obsolete PRNG note. Add comment about use of SHA256 et al.
Dr. Stephen Henson [Tue, 6 Apr 2010 14:45:40 +0000 (14:45 +0000)]
PR: 2209
Submitted Daniel Mentz <danielml@sent.com>
Documentation typo.
Dr. Stephen Henson [Tue, 6 Apr 2010 12:44:44 +0000 (12:44 +0000)]
PR: 2218
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS replay bug.
Dr. Stephen Henson [Tue, 6 Apr 2010 12:39:57 +0000 (12:39 +0000)]
PR: 2219
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS buffering bug.
Dr. Stephen Henson [Tue, 6 Apr 2010 12:29:08 +0000 (12:29 +0000)]
PR: 2223
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS timeout bug
Dr. Stephen Henson [Tue, 30 Mar 2010 17:31:58 +0000 (17:31 +0000)]
make no-comp compile again
Dr. Stephen Henson [Tue, 30 Mar 2010 00:58:23 +0000 (00:58 +0000)]
make FAQ, STATUS consistent with other branches
Andy Polyakov [Mon, 29 Mar 2010 11:23:11 +0000 (11:23 +0000)]
md32_common.h: fix copy-n-paste typo. The typo was present in 098 only.
Dr. Stephen Henson [Sun, 28 Mar 2010 00:42:17 +0000 (00:42 +0000)]
PR: 1696
Check return value if d2i_PBEPARAM().
Dr. Stephen Henson [Sun, 28 Mar 2010 00:17:28 +0000 (00:17 +0000)]
PR: 2083
Submitted by: Mike Frysinger <vapier@gentoo.org>
Add includes in synopsis, fix some indents. For some reason this never got
applied to the 0.9.8-stable branch.
Dr. Stephen Henson [Sat, 27 Mar 2010 23:28:33 +0000 (23:28 +0000)]
PR: 1763
Remove useless num = 0 assignment.
Remove redundant cases on sock_ctrl(): default case handles them.
Dr. Stephen Henson [Sat, 27 Mar 2010 18:28:24 +0000 (18:28 +0000)]
PR: 1813
Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Fix memory leak when engine name cannot be loaded.
Richard Levitte [Thu, 25 Mar 2010 20:36:48 +0000 (20:36 +0000)]
We don't have a whirlpool test in this branch.
Richard Levitte [Thu, 25 Mar 2010 16:25:42 +0000 (16:25 +0000)]
Have an underscore before <ARCH> to make sure any future architecture
name won't be mixed up with any crypto name.
Missed the other spot.
Richard Levitte [Thu, 25 Mar 2010 16:18:51 +0000 (16:18 +0000)]
Have an underscore before <ARCH> to make sure any future architecture
name won't be mixed up with any crypto name.
Missed one spot.
Richard Levitte [Thu, 25 Mar 2010 14:46:58 +0000 (14:46 +0000)]
Try to define the tests and their respective directories in a way that
preserves the order of the tests (to make it as easy as possible to
synchronise with future Unix builds)
Richard Levitte [Thu, 25 Mar 2010 14:45:22 +0000 (14:45 +0000)]
Have an underscore before <ARCH> to make sure any future architecture
name won't be mixed up with any crypto name.
Dr. Stephen Henson [Thu, 25 Mar 2010 12:29:56 +0000 (12:29 +0000)]
PR: 2202 (partial)
Submitted by: Steven M. Schweda <sms@antinode.info>
VMS fixes:
Reduce copying into .apps and .test in makevms.com
Don't try to use blank CA certificate in CA.com
Allow use of C files from original directories in maketests.com
Dr. Stephen Henson [Thu, 25 Mar 2010 12:17:17 +0000 (12:17 +0000)]
PR: 2202 (partial)
Submitted by: Steven M. Schweda <sms@antinode.info>
Make some declarations conditional on FIPS/ENGINE.
Make pqueue_print non-VAX.
Dr. Stephen Henson [Thu, 25 Mar 2010 12:07:04 +0000 (12:07 +0000)]
updates for next version
Dr. Stephen Henson [Wed, 24 Mar 2010 23:42:30 +0000 (23:42 +0000)]
initialise buf if wrong_info not used
Dr. Stephen Henson [Wed, 24 Mar 2010 23:16:35 +0000 (23:16 +0000)]
PR: 1731 and maybe 2197
Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.
Dr. Stephen Henson [Wed, 24 Mar 2010 13:16:55 +0000 (13:16 +0000)]
prepare for release
Dr. Stephen Henson [Wed, 24 Mar 2010 13:16:42 +0000 (13:16 +0000)]
Submitted by: Bodo Moeller and Adam Langley (Google).
Fix for "Record of death" vulnerability CVE-2010-0740.
Andy Polyakov [Mon, 22 Mar 2010 22:44:48 +0000 (22:44 +0000)]
rand_win.c: fix logical bug in readscreen [from HEAD].
Andy Polyakov [Mon, 22 Mar 2010 22:40:18 +0000 (22:40 +0000)]
bss_file.c: fix MSC 6.0 warning [from HEAD].
Andy Polyakov [Mon, 22 Mar 2010 20:58:43 +0000 (20:58 +0000)]
ppc.pl: assembler Y chokes on apostrophes in comment.
Andy Polyakov [Mon, 15 Mar 2010 22:30:09 +0000 (22:30 +0000)]
e_capi.c: fix typo [from HEAD].
Andy Polyakov [Mon, 15 Mar 2010 22:27:32 +0000 (22:27 +0000)]
Fix UPLINK typo [from HEAD].
Dr. Stephen Henson [Mon, 15 Mar 2010 13:12:00 +0000 (13:12 +0000)]
workaround for missing definition in some headers
Dr. Stephen Henson [Fri, 12 Mar 2010 12:48:56 +0000 (12:48 +0000)]
PR: 2192
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>
The prompt_info and wrong_info parameters can be empty strings which
can produce confusing prompts. Treat empty string same as NULL.
Dr. Stephen Henson [Fri, 12 Mar 2010 12:07:16 +0000 (12:07 +0000)]
missing goto meant signature was never printed out
Dr. Stephen Henson [Wed, 10 Mar 2010 13:48:35 +0000 (13:48 +0000)]
don't leave bogus errors in the queue
Dr. Stephen Henson [Tue, 9 Mar 2010 17:08:24 +0000 (17:08 +0000)]
PR: 2186
Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch@tecsys.com>
Detect aix64-gcc
Dr. Stephen Henson [Sun, 7 Mar 2010 16:40:31 +0000 (16:40 +0000)]
The OID sanity check was incorrect. It should only disallow *leading* 0x80
values.
Dr. Stephen Henson [Sat, 6 Mar 2010 20:52:33 +0000 (20:52 +0000)]
don't add digest alias if signature algorithm is undefined
Dr. Stephen Henson [Fri, 5 Mar 2010 13:35:06 +0000 (13:35 +0000)]
Fix memory leak: free up ENGINE functional reference if digest is not
found in an ENGINE.
Dr. Stephen Henson [Wed, 3 Mar 2010 19:56:00 +0000 (19:56 +0000)]
PR: 2183
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
Dr. Stephen Henson [Wed, 3 Mar 2010 15:34:11 +0000 (15:34 +0000)]
Submitted by: Tomas Hoger <thoger@redhat.com>
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
Dr. Stephen Henson [Wed, 3 Mar 2010 15:30:05 +0000 (15:30 +0000)]
don't mix definitions and code
Andy Polyakov [Tue, 2 Mar 2010 16:26:13 +0000 (16:26 +0000)]
Fix s390x-specific HOST_l2c|c2l [from HEAD].
Submitted by: Andreas Krebbel
Dr. Stephen Henson [Mon, 1 Mar 2010 23:54:19 +0000 (23:54 +0000)]
PR: 2178
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>
Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.
Dr. Stephen Henson [Mon, 1 Mar 2010 00:30:11 +0000 (00:30 +0000)]
load cryptodev if HAVE_CRYPTODEV is set too
Ben Laurie [Sun, 28 Feb 2010 13:37:15 +0000 (13:37 +0000)]
Fix warnings.
Dr. Stephen Henson [Fri, 26 Feb 2010 19:56:10 +0000 (19:56 +0000)]
quote HOSTCC in case it isn't defined
Dr. Stephen Henson [Fri, 26 Feb 2010 14:41:38 +0000 (14:41 +0000)]
Revert CFB block length change. Despite what SP800-38a says the input to
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
Dr. Stephen Henson [Fri, 26 Feb 2010 14:34:24 +0000 (14:34 +0000)]
Change versions for 0.9.8n-dev
Dr. Stephen Henson [Thu, 25 Feb 2010 17:18:23 +0000 (17:18 +0000)]
Prepare for 0.9.8m release
Richard Levitte [Wed, 24 Feb 2010 01:20:04 +0000 (01:20 +0000)]
Since crypto-lib.com is built to be executed in the crypto/ directory,
there's no need to specify that directory in the include path.