Richard Levitte [Sun, 20 Mar 2011 14:01:20 +0000 (14:01 +0000)]
* apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV
with turning trapping back on.
* test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV
here.
* test/clean-test.com: A new script for cleaning up.
Richard Levitte [Sun, 20 Mar 2011 13:15:41 +0000 (13:15 +0000)]
* apps/openssl.c: For VMS, take care of copying argv if needed much earlier,
directly in main(). 'if needed' also includes when argv is a 32 bit
pointer in an otherwise 64 bit environment.
* apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional
=ARGV, but only if it's supported. Fortunately, DCL is very helpful
telling us in this case.
Richard Levitte [Sat, 19 Mar 2011 10:44:41 +0000 (10:44 +0000)]
Keep file references in the VMS build files in the same order as they
are in the Unix Makefiles
Richard Levitte [Sat, 19 Mar 2011 09:45:45 +0000 (09:45 +0000)]
Change INSTALL.VMS to reflect the changes done on the build and
install scripts. This could need some more work.
Richard Levitte [Sat, 19 Mar 2011 09:44:53 +0000 (09:44 +0000)]
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>
Dr. Stephen Henson [Sun, 13 Mar 2011 18:20:14 +0000 (18:20 +0000)]
PR: 2469
Submitted by: Jim Studt <jim@studt.net>
Reviewed by: steve
Check mac is present before trying to retrieve mac iteration count.
Dr. Stephen Henson [Thu, 10 Mar 2011 18:27:56 +0000 (18:27 +0000)]
make no-dsa work again
Andy Polyakov [Fri, 4 Mar 2011 13:11:54 +0000 (13:11 +0000)]
s390x-mont.pl: optimize for z196.
Andy Polyakov [Sat, 12 Feb 2011 16:46:10 +0000 (16:46 +0000)]
dso_dlfcn.c: make it work on Tru64 4.0 [from HEAD].
PR: 2316
Bodo Möller [Tue, 8 Feb 2011 19:06:57 +0000 (19:06 +0000)]
Sync with 0.9.8 branch.
Bodo Möller [Tue, 8 Feb 2011 17:58:45 +0000 (17:58 +0000)]
start 1.0.0e-dev
Bodo Möller [Tue, 8 Feb 2011 17:10:53 +0000 (17:10 +0000)]
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
Bodo Möller [Tue, 8 Feb 2011 08:42:15 +0000 (08:42 +0000)]
Add complete information on 0.9.8 branch.
Bodo Möller [Thu, 3 Feb 2011 12:04:40 +0000 (12:04 +0000)]
Assorted bugfixes:
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check
Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
Bodo Möller [Thu, 3 Feb 2011 11:21:20 +0000 (11:21 +0000)]
fix omission
Dr. Stephen Henson [Tue, 1 Feb 2011 12:54:04 +0000 (12:54 +0000)]
Since FIPS 186-3 specifies we use the leftmost bits of the digest
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
Dr. Stephen Henson [Sun, 30 Jan 2011 01:05:38 +0000 (01:05 +0000)]
stop warnings about no previous prototype when compiling shared engines
Dr. Stephen Henson [Mon, 24 Jan 2011 16:20:15 +0000 (16:20 +0000)]
PR: 2433
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve
Constify ASN1_STRING_set_default_mask_asc().
Dr. Stephen Henson [Mon, 24 Jan 2011 15:08:01 +0000 (15:08 +0000)]
check EC public key isn't point at infinity
Dr. Stephen Henson [Mon, 24 Jan 2011 14:41:58 +0000 (14:41 +0000)]
PR: 1612
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve
Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
Dr. Stephen Henson [Thu, 13 Jan 2011 15:42:59 +0000 (15:42 +0000)]
stop warning with no-engine
Richard Levitte [Mon, 10 Jan 2011 21:00:25 +0000 (21:00 +0000)]
The previous change was incorrect in this branch...
Richard Levitte [Mon, 10 Jan 2011 20:55:24 +0000 (20:55 +0000)]
PR: 2425
Synchronise VMS build with Unixly build.
Richard Levitte [Thu, 6 Jan 2011 20:56:07 +0000 (20:56 +0000)]
PR: 2407
Fix fault include.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
Dr. Stephen Henson [Tue, 4 Jan 2011 19:33:22 +0000 (19:33 +0000)]
Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
alert.
Dr. Stephen Henson [Mon, 3 Jan 2011 12:53:33 +0000 (12:53 +0000)]
oops missed an assert
Dr. Stephen Henson [Mon, 3 Jan 2011 01:40:34 +0000 (01:40 +0000)]
PR: 2411
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Fix corner cases in RFC3779 code.
Dr. Stephen Henson [Mon, 3 Jan 2011 01:27:00 +0000 (01:27 +0000)]
Fix escaping code for string printing. If *any* escaping is enabled we
must escape the escape character itself (backslash).
Dr. Stephen Henson [Mon, 3 Jan 2011 01:22:09 +0000 (01:22 +0000)]
PR: 2410
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Use OPENSSL_assert() instead of assert().
Dr. Stephen Henson [Mon, 3 Jan 2011 01:07:03 +0000 (01:07 +0000)]
PR: 2413
Submitted by: Michael Bergandi <mbergandi@gmail.com>
Reviewed by: steve
Fix typo in crypto/bio/bss_dgram.c
Dr. Stephen Henson [Mon, 3 Jan 2011 00:44:14 +0000 (00:44 +0000)]
use fips-dev not dev-fips
Dr. Stephen Henson [Mon, 3 Jan 2011 00:26:05 +0000 (00:26 +0000)]
PR: 2416
Submitted by: Mark Phalan <mark.phalan@oracle.com>
Reviewed by: steve
Use L suffix in version number.
Richard Levitte [Tue, 14 Dec 2010 21:44:36 +0000 (21:44 +0000)]
Part of the IF structure didn't get pasted here...
PR: 2393
Richard Levitte [Tue, 14 Dec 2010 19:18:52 +0000 (19:18 +0000)]
First attempt at adding the possibility to set the pointer size for the builds on VMS.
PR: 2393
Andy Polyakov [Sat, 11 Dec 2010 14:53:58 +0000 (14:53 +0000)]
bss_file.c: refine UTF8 logic [from HEAD].
PR: 2382
Dr. Stephen Henson [Fri, 3 Dec 2010 19:31:06 +0000 (19:31 +0000)]
ignore leading null fields
Dr. Stephen Henson [Thu, 2 Dec 2010 19:37:46 +0000 (19:37 +0000)]
update for next release
Dr. Stephen Henson [Thu, 2 Dec 2010 18:29:04 +0000 (18:29 +0000)]
prepare for release
Dr. Stephen Henson [Thu, 2 Dec 2010 18:26:12 +0000 (18:26 +0000)]
make update
Dr. Stephen Henson [Thu, 2 Dec 2010 18:24:55 +0000 (18:24 +0000)]
fix for CVE-2010-4180
Dr. Stephen Henson [Thu, 2 Dec 2010 17:59:36 +0000 (17:59 +0000)]
PR: 2386
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve
Correct SKM_ASN1_SET_OF_d2i macro.
Dr. Stephen Henson [Thu, 2 Dec 2010 13:45:15 +0000 (13:45 +0000)]
fix doc typos
Dr. Stephen Henson [Thu, 2 Dec 2010 00:10:27 +0000 (00:10 +0000)]
use consistent FAQ between version
Andy Polyakov [Tue, 30 Nov 2010 22:19:26 +0000 (22:19 +0000)]
Configure: make -mno-cygwin optional on mingw platforms [from HEAD].
PR: 2381
Dr. Stephen Henson [Tue, 30 Nov 2010 19:37:33 +0000 (19:37 +0000)]
PR: 2385
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve
Zero key->pkey.ptr after it is freed so the structure can be reused.
Dr. Stephen Henson [Tue, 30 Nov 2010 13:42:15 +0000 (13:42 +0000)]
update NEWS
Richard Levitte [Mon, 29 Nov 2010 22:27:21 +0000 (22:27 +0000)]
Better method for creating SSLROOT:.
Make sure to include the path to evptest.txt.
Dr. Stephen Henson [Mon, 29 Nov 2010 18:21:43 +0000 (18:21 +0000)]
add CVE to J-PAKE issue
Dr. Stephen Henson [Mon, 29 Nov 2010 16:53:54 +0000 (16:53 +0000)]
update NEWS
Dr. Stephen Henson [Sat, 27 Nov 2010 17:34:57 +0000 (17:34 +0000)]
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
EVP_MD_CTX was much larger: it isn't needed anymore.
Dr. Stephen Henson [Thu, 25 Nov 2010 12:28:28 +0000 (12:28 +0000)]
PR: 2240
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve
As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.
Ben Laurie [Wed, 24 Nov 2010 15:07:56 +0000 (15:07 +0000)]
Document change.
Ben Laurie [Wed, 24 Nov 2010 13:48:12 +0000 (13:48 +0000)]
J-PAKE was not correctly checking values, which could lead to attacks.
Andy Polyakov [Tue, 23 Nov 2010 23:01:01 +0000 (23:01 +0000)]
INSTALL.W32: document trouble with symlinks under MSYS [from HEAD].
PR: 2377
Richard Levitte [Tue, 23 Nov 2010 02:12:11 +0000 (02:12 +0000)]
Implement bc test strategy as submitted by Steven M. Schweda <sms@antinode.info>.
Make sure we move to '__here' before trying to use it to build local sslroot:
Richard Levitte [Tue, 23 Nov 2010 01:06:10 +0000 (01:06 +0000)]
Print openssl version information at the end of the tests
Richard Levitte [Tue, 23 Nov 2010 01:05:29 +0000 (01:05 +0000)]
Give the architecture dependent directory higher priority
Richard Levitte [Tue, 23 Nov 2010 01:04:04 +0000 (01:04 +0000)]
Don't define an empty CFLAGS, it's much more honest not to defined it at all.
Make sure to remove any [.CRYTO]BUILDINF.H so it doesn't get used instead of
[.CRYPTO._''ARCH'BUILDINF.H
Richard Levitte [Mon, 22 Nov 2010 23:42:51 +0000 (23:42 +0000)]
* tests.com: Add the symbol openssl_conf, so the openssl application
stops complaining about a missing configuration file. Define the logical
name PERL_ENV_TABLES with values to Perl considers the DCL symbol table
as part of the environment (see 'man perlvms' for details), so cms-test.pl
can get the value of EXE_DIR from tests.com, among others.
* cms-test.pl: Make changes to have it work on VMS as well. Upper or mixed
case options need to be quoted and the openssl command needs a VMS-specific
treatment. It all should work properly on Unix, I hope it does on Windows
as well...
Andy Polyakov [Mon, 22 Nov 2010 21:57:07 +0000 (21:57 +0000)]
s390x.S: fix typo in bn_mul_words [from HEAD].
PR: 2380
Dr. Stephen Henson [Fri, 19 Nov 2010 00:11:27 +0000 (00:11 +0000)]
PR: 2376
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve
Cleanup alloca use, fix Win32 target for OpenWatcom.
Dr. Stephen Henson [Thu, 18 Nov 2010 22:59:42 +0000 (22:59 +0000)]
PR: 2375
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve
cleanup/fix e_aep.c for OpenWatcom
Dr. Stephen Henson [Thu, 18 Nov 2010 22:56:42 +0000 (22:56 +0000)]
PR: 2374
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve
Don't compile capi ENGINE on mingw32
Richard Levitte [Thu, 18 Nov 2010 22:47:01 +0000 (22:47 +0000)]
Tell the user what test is being performed.
Richard Levitte [Thu, 18 Nov 2010 22:45:38 +0000 (22:45 +0000)]
Make sure the source directory for ASN1TEST is defined.
Richard Levitte [Thu, 18 Nov 2010 22:30:55 +0000 (22:30 +0000)]
We expect these scripts not to bail on error, so make sure that's what happens.
Richard Levitte [Thu, 18 Nov 2010 22:24:09 +0000 (22:24 +0000)]
Synchronise with Unix tests
Richard Levitte [Thu, 18 Nov 2010 19:59:06 +0000 (19:59 +0000)]
We redid the structure on architecture dependent source files, but
apparently forgot to adapt the copying to the installation directory.
Dr. Stephen Henson [Thu, 18 Nov 2010 17:26:19 +0000 (17:26 +0000)]
add ACKNOWLEDGEMENTS file to 1.0.0 branch
Dr. Stephen Henson [Thu, 18 Nov 2010 17:04:46 +0000 (17:04 +0000)]
compile cts128.c on VMS
Dr. Stephen Henson [Thu, 18 Nov 2010 13:22:26 +0000 (13:22 +0000)]
fix no SIGALRM case in speed.c
Dr. Stephen Henson [Thu, 18 Nov 2010 12:28:57 +0000 (12:28 +0000)]
PR: 2372
Submitted by: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Reviewed by: steve
Fix OpenBSD compilation failure.
Dr. Stephen Henson [Tue, 16 Nov 2010 22:41:07 +0000 (22:41 +0000)]
Don't assume a decode error if session tlsext_ecpointformatlist is not NULL:
it can be legitimately set elsewhere.
Dr. Stephen Henson [Tue, 16 Nov 2010 16:33:35 +0000 (16:33 +0000)]
update for next version
Dr. Stephen Henson [Tue, 16 Nov 2010 13:35:09 +0000 (13:35 +0000)]
prepare for release
Dr. Stephen Henson [Tue, 16 Nov 2010 13:26:24 +0000 (13:26 +0000)]
fix CVE-2010-3864
Dr. Stephen Henson [Tue, 16 Nov 2010 12:11:15 +0000 (12:11 +0000)]
If EVP_PKEY structure contains an ENGINE the key is ENGINE specific and
we should use its method instead of any generic one.
Dr. Stephen Henson [Mon, 15 Nov 2010 14:44:50 +0000 (14:44 +0000)]
make update
Dr. Stephen Henson [Sun, 14 Nov 2010 13:50:29 +0000 (13:50 +0000)]
Get correct GOST private key instead of just assuming the last one is
correct: this isn't always true if we have more than one certificate.
Dr. Stephen Henson [Thu, 11 Nov 2010 15:30:33 +0000 (15:30 +0000)]
update NEWS file
Dr. Stephen Henson [Thu, 11 Nov 2010 15:23:19 +0000 (15:23 +0000)]
Submitted By: Bogdan Harjoc <harjoc@gmail.com>
Add missing debug WIN64 targets.
Dr. Stephen Henson [Thu, 11 Nov 2010 14:42:19 +0000 (14:42 +0000)]
PR: 2366
Submitted by: Damien Miller <djm@mindrot.org>
Reviewed by: steve
Stop pkeyutl crashing if some arguments are missing. Also make str2fmt
tolerate NULL parameter.
Dr. Stephen Henson [Tue, 2 Nov 2010 15:57:40 +0000 (15:57 +0000)]
Submitted by: Jonathan Dixon <joth@chromium.org>
Reviewed by: steve
If store is NULL set flags correctly.
Dr. Stephen Henson [Mon, 11 Oct 2010 23:24:51 +0000 (23:24 +0000)]
PR: 2295
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
Andy Polyakov [Sun, 10 Oct 2010 21:14:17 +0000 (21:14 +0000)]
x86_64-xlate.pl: fix LNK4078 and LNK4210 link warnings [from HEAD].
PR: 2356
Dr. Stephen Henson [Sun, 10 Oct 2010 12:33:10 +0000 (12:33 +0000)]
PR: 2314
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve
Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
Dr. Stephen Henson [Wed, 6 Oct 2010 18:01:23 +0000 (18:01 +0000)]
We can't always read 6 bytes in an OCSP response: fix so error statuses
are read correctly for non-blocking I/O.
Dr. Stephen Henson [Mon, 4 Oct 2010 13:28:35 +0000 (13:28 +0000)]
Minor documentation fixes, PR#2345
Dr. Stephen Henson [Mon, 4 Oct 2010 13:24:15 +0000 (13:24 +0000)]
Minor documentation fixes, PR#2344
Dr. Stephen Henson [Sun, 3 Oct 2010 18:57:01 +0000 (18:57 +0000)]
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
Andy Polyakov [Mon, 13 Sep 2010 20:32:31 +0000 (20:32 +0000)]
Alpha assembler pack: adapt for Linux [from HEAD].
PR: 2335
Andy Polyakov [Mon, 13 Sep 2010 16:28:34 +0000 (16:28 +0000)]
VC-32.pl: default to nasm if neither nasm or nasmw is is found at the moment [from HEAD].
PR: 2338
Andy Polyakov [Fri, 10 Sep 2010 14:55:24 +0000 (14:55 +0000)]
crypto/bn/asm/s390x.S: drop redundant instructions [from HEAD].
Andy Polyakov [Sun, 5 Sep 2010 19:48:01 +0000 (19:48 +0000)]
sparcv9cap.c: disengange Solaris-specific CPU detection routine in favour
of unified procedure relying on SIGILL [from HEAD].
PR: 2321
Ben Laurie [Sun, 5 Sep 2010 13:47:44 +0000 (13:47 +0000)]
Oops. Make depend on a standard configuration.
Ben Laurie [Sun, 5 Sep 2010 13:07:40 +0000 (13:07 +0000)]
Make depend.
Dr. Stephen Henson [Thu, 2 Sep 2010 17:23:36 +0000 (17:23 +0000)]
make no-gost work on Windows
Dr. Stephen Henson [Mon, 30 Aug 2010 23:59:04 +0000 (23:59 +0000)]
fix bug in AES_unwrap()
Bodo Möller [Thu, 26 Aug 2010 12:10:44 +0000 (12:10 +0000)]
ECC library bugfixes.
Submitted by: Emilia Kasper (Google)
Bodo Möller [Thu, 26 Aug 2010 11:19:45 +0000 (11:19 +0000)]
Harmonize with OpenSSL_0_9_8-stable version of CHANGES.