Dr. Stephen Henson [Wed, 3 Sep 2008 22:13:04 +0000 (22:13 +0000)]
If tickets disabled behave as if no ticket received to support
stateful resume.
Dr. Stephen Henson [Sun, 31 Aug 2008 11:15:35 +0000 (11:15 +0000)]
Fix flag clash... only used internally when policy checking is
enabled.
Bodo Möller [Thu, 14 Aug 2008 21:37:20 +0000 (21:37 +0000)]
Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.
Bodo Möller [Wed, 13 Aug 2008 19:44:44 +0000 (19:44 +0000)]
sanity check
PR: 1679
Dr. Stephen Henson [Tue, 5 Aug 2008 15:56:11 +0000 (15:56 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sat, 2 Aug 2008 11:17:04 +0000 (11:17 +0000)]
Fix from HEAD.
Lutz Jänicke [Fri, 1 Aug 2008 15:03:22 +0000 (15:03 +0000)]
Refer to SSL_pending from the man page for SSL_read
Dr. Stephen Henson [Wed, 30 Jul 2008 15:42:19 +0000 (15:42 +0000)]
Fix from HEAD.
Bodo Möller [Thu, 17 Jul 2008 22:11:24 +0000 (22:11 +0000)]
We should check the eight bytes starting at p[-9] for rollback attack
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.
PR: 1695
Andy Polyakov [Thu, 17 Jul 2008 11:59:07 +0000 (11:59 +0000)]
Harmonize darwin-i386-cc config line with HEAD.
Andy Polyakov [Thu, 17 Jul 2008 10:00:18 +0000 (10:00 +0000)]
darwin64-ppc-cc experimental line accidentally made it to stable:-(
PR: 1699
Andy Polyakov [Thu, 17 Jul 2008 09:51:34 +0000 (09:51 +0000)]
sha1-586.pl: update from HEAD.
PR: 1681
Bodo Möller [Wed, 16 Jul 2008 18:10:28 +0000 (18:10 +0000)]
Make sure not to read beyond end of buffer
Dr. Stephen Henson [Sun, 13 Jul 2008 22:38:52 +0000 (22:38 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sun, 13 Jul 2008 15:56:01 +0000 (15:56 +0000)]
Update from HEAD.
Dr. Stephen Henson [Sun, 13 Jul 2008 14:33:16 +0000 (14:33 +0000)]
Update from HEAD.
Dr. Stephen Henson [Thu, 26 Jun 2008 23:26:52 +0000 (23:26 +0000)]
Add support for Local Machine Keyset attribute in PKCS#12 files.
Dr. Stephen Henson [Thu, 26 Jun 2008 23:20:52 +0000 (23:20 +0000)]
Sync OIDs with HEAD so we don't need to rebuild OID database and change
all NIDs every time an OID is added to 0.9.8.
Dr. Stephen Henson [Wed, 25 Jun 2008 10:41:48 +0000 (10:41 +0000)]
Changes to allow capi ENGINE to compile with older headers on e.g. VC6.
Bodo Möller [Mon, 23 Jun 2008 20:46:28 +0000 (20:46 +0000)]
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
Dr. Stephen Henson [Sun, 22 Jun 2008 01:10:04 +0000 (01:10 +0000)]
Update ordinals.
Dr. Stephen Henson [Sat, 21 Jun 2008 23:28:02 +0000 (23:28 +0000)]
Make WIN32 build work with no-rc4
Dr. Stephen Henson [Wed, 18 Jun 2008 14:42:27 +0000 (14:42 +0000)]
Fix typo and filter on X509_PURPOSE_SSL_CLIENT when presenting certs.
Dr. Stephen Henson [Wed, 18 Jun 2008 12:05:23 +0000 (12:05 +0000)]
Add support for machine stores and handle provider type errors properly in keys.
Dr. Stephen Henson [Mon, 16 Jun 2008 16:56:43 +0000 (16:56 +0000)]
Make ssl code consistent with FIPS branch. The new code has no effect
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
Dr. Stephen Henson [Mon, 16 Jun 2008 15:22:49 +0000 (15:22 +0000)]
Add error code for FIPS library and make library numbers consistent.
Dr. Stephen Henson [Sun, 15 Jun 2008 16:52:37 +0000 (16:52 +0000)]
Sync ordinals with FIPS branch. FIPS specific functions currently are place
holders to keep ordinals consistent.
Dr. Stephen Henson [Mon, 9 Jun 2008 16:50:48 +0000 (16:50 +0000)]
Add acknowledgement.
Ben Laurie [Sat, 7 Jun 2008 17:22:37 +0000 (17:22 +0000)]
OPENSSL_isservice() is defined on all platforms.
Dr. Stephen Henson [Fri, 6 Jun 2008 20:48:57 +0000 (20:48 +0000)]
Update from head.
Dr. Stephen Henson [Fri, 6 Jun 2008 15:54:00 +0000 (15:54 +0000)]
Update ordinals.
Dr. Stephen Henson [Fri, 6 Jun 2008 15:52:32 +0000 (15:52 +0000)]
Update CryptoAPI ENGINE from head. Export OPENSSL_isservice().
Dr. Stephen Henson [Thu, 5 Jun 2008 16:56:00 +0000 (16:56 +0000)]
Make headers work with older versions of Window platform SDK.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:32:05 +0000 (15:32 +0000)]
Update CHANGES.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:13:03 +0000 (15:13 +0000)]
If auto load ENGINE lookup fails retry adding builtin ENGINEs.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:09:40 +0000 (15:09 +0000)]
Configure options of form -Dfoo=bar should get added to CFLAGS in mk1mf.pl
Dr. Stephen Henson [Thu, 5 Jun 2008 11:44:53 +0000 (11:44 +0000)]
Don't show choice dialog if only one cert.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:38:03 +0000 (11:38 +0000)]
Search $OPTIONS for -DOPENSSL_CAPIENG_DIALOG because $cflags is
no complete at this point.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:23:35 +0000 (11:23 +0000)]
include engine.h if needed.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:57:21 +0000 (10:57 +0000)]
Update ordinals.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:56:51 +0000 (10:56 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 23:00:59 +0000 (23:00 +0000)]
Remove some unneeded columns from dialog.
Dr. Stephen Henson [Wed, 4 Jun 2008 22:39:29 +0000 (22:39 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 20:11:17 +0000 (20:11 +0000)]
Oops... missed this part of backport.
Dr. Stephen Henson [Wed, 4 Jun 2008 19:52:36 +0000 (19:52 +0000)]
Backport s_client changes.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:49:44 +0000 (18:49 +0000)]
Update CryptoAPI ENGINE from HEAD.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:35:27 +0000 (18:35 +0000)]
Backport more ENGINE SSL client auth code to 0.9.8.
Dr. Stephen Henson [Wed, 4 Jun 2008 18:01:40 +0000 (18:01 +0000)]
Backport ssl client auth ENGINE support to 0.9.8.
Bodo Möller [Sat, 31 May 2008 13:42:52 +0000 (13:42 +0000)]
Everyone's had a few years to port their favorite additions to 0.9.7
to HEAD (and the 0.9.8 branch). Remove the reminder.
Dr. Stephen Henson [Fri, 30 May 2008 17:44:36 +0000 (17:44 +0000)]
DSA method slightly more tested and fixed ;-)
Dr. Stephen Henson [Fri, 30 May 2008 17:07:18 +0000 (17:07 +0000)]
Update error codes.
Dr. Stephen Henson [Fri, 30 May 2008 17:03:16 +0000 (17:03 +0000)]
Untested initial CryptoAPI dsa signing code.
Dr. Stephen Henson [Fri, 30 May 2008 16:31:51 +0000 (16:31 +0000)]
Some DSA method structures and placeholders, not complete yet.
Dr. Stephen Henson [Fri, 30 May 2008 16:14:34 +0000 (16:14 +0000)]
Delete unused functions.
Dr. Stephen Henson [Fri, 30 May 2008 15:28:40 +0000 (15:28 +0000)]
Get BIO_snprintf() argument order right....
Dr. Stephen Henson [Fri, 30 May 2008 15:24:19 +0000 (15:24 +0000)]
Add new error codes, log unknown magic or algorithm IDs.
Dr. Stephen Henson [Fri, 30 May 2008 15:05:39 +0000 (15:05 +0000)]
Initial DSA public key loading support in CryptoAPI ENGINE.
Dr. Stephen Henson [Fri, 30 May 2008 15:04:58 +0000 (15:04 +0000)]
Add support for ENGINE loaded keys in dsa app.
Dr. Stephen Henson [Fri, 30 May 2008 11:58:50 +0000 (11:58 +0000)]
Add error codes for blob sanity checks, rebuild error table.
Dr. Stephen Henson [Fri, 30 May 2008 11:54:51 +0000 (11:54 +0000)]
Blob type and algorithm type sanity checks
Dr. Stephen Henson [Fri, 30 May 2008 10:57:13 +0000 (10:57 +0000)]
Don't set extended type is mbstring flag set.
Dr. Stephen Henson [Fri, 30 May 2008 10:31:43 +0000 (10:31 +0000)]
Update default depflag.
Dr. Stephen Henson [Thu, 29 May 2008 23:47:40 +0000 (23:47 +0000)]
Load CryptoAPI engine if supported.
Dr. Stephen Henson [Thu, 29 May 2008 23:15:41 +0000 (23:15 +0000)]
Update mkdef.pl to recognize CAPIENG
Dr. Stephen Henson [Thu, 29 May 2008 21:03:48 +0000 (21:03 +0000)]
Make CryptoAPI engine look more like the others....
Dr. Stephen Henson [Thu, 29 May 2008 17:51:22 +0000 (17:51 +0000)]
Make dynamic engine link work with capi.
Dr. Stephen Henson [Thu, 29 May 2008 17:20:42 +0000 (17:20 +0000)]
Disable CryptoAPI engine compilation by default.
Dr. Stephen Henson [Thu, 29 May 2008 17:13:15 +0000 (17:13 +0000)]
Create error codes, compile in source.
Dr. Stephen Henson [Thu, 29 May 2008 16:46:38 +0000 (16:46 +0000)]
CryptoAPI ENGINE... initial version, not compiled in yet.
Bodo Möller [Wed, 28 May 2008 22:30:39 +0000 (22:30 +0000)]
FAQ updates from HEAD
Bodo Möller [Wed, 28 May 2008 22:22:50 +0000 (22:22 +0000)]
fix whitespace
Mark J. Cox [Wed, 28 May 2008 07:47:50 +0000 (07:47 +0000)]
After tagging, bump ready for 0.9.8i development
Mark J. Cox [Wed, 28 May 2008 07:37:14 +0000 (07:37 +0000)]
Prepare for 0.9.8h release
Mark J. Cox [Wed, 28 May 2008 07:29:27 +0000 (07:29 +0000)]
Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)
Reviewed by: openssl-security@openssl.org
Obtained from: mark@awe.com
Mark J. Cox [Wed, 28 May 2008 07:26:33 +0000 (07:26 +0000)]
Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)
Reviewed by: openssl-security@openssl.org
Obtained from: jorton@redhat.com
Bodo Möller [Tue, 27 May 2008 18:43:30 +0000 (18:43 +0000)]
grammar
Bodo Möller [Tue, 27 May 2008 18:41:02 +0000 (18:41 +0000)]
year 2008
Lutz Jänicke [Mon, 26 May 2008 06:23:55 +0000 (06:23 +0000)]
Add README about removed root CA certificates.
Lutz Jänicke [Mon, 26 May 2008 06:21:10 +0000 (06:21 +0000)]
Reword comment to be much shorter to stop other people from complaining
about "overcommenting"
Lutz Jänicke [Fri, 23 May 2008 10:37:22 +0000 (10:37 +0000)]
Clear error queue when starting SSL_CTX_use_certificate_chain_file
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
Lutz Jänicke [Fri, 23 May 2008 08:59:56 +0000 (08:59 +0000)]
Remove all root CA files (beyond test CAs including private key)
from the OpenSSL distribution.
Dr. Stephen Henson [Tue, 20 May 2008 18:48:22 +0000 (18:48 +0000)]
Fix off by one error ;-)
Dr. Stephen Henson [Tue, 20 May 2008 16:13:11 +0000 (16:13 +0000)]
Typo.
Dr. Stephen Henson [Tue, 20 May 2008 12:12:22 +0000 (12:12 +0000)]
Update ordinals.
Dr. Stephen Henson [Tue, 20 May 2008 12:10:28 +0000 (12:10 +0000)]
Oops... PEM_write_bio_ASN1_stream() shouldn't be in 0.9.8 CMS backport.
Dr. Stephen Henson [Tue, 20 May 2008 11:50:13 +0000 (11:50 +0000)]
Remove deleted function definitions from header files
so Windows build picks it up.
Recognize new option in mk1mf.pl
Dr. Stephen Henson [Tue, 20 May 2008 11:23:49 +0000 (11:23 +0000)]
Remove old DES definition of deleted function too.
Lutz Jänicke [Tue, 20 May 2008 08:10:51 +0000 (08:10 +0000)]
Correctly adjust location of comment
Submitted by: Ben Laurie <ben@links.org>
Ben Laurie [Tue, 20 May 2008 03:05:50 +0000 (03:05 +0000)]
Fix warning.
Dr. Stephen Henson [Mon, 19 May 2008 21:26:28 +0000 (21:26 +0000)]
Fix two invalid memory reads in RSA OAEP mode.
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
Bodo Möller [Mon, 19 May 2008 19:44:33 +0000 (19:44 +0000)]
Disable code that clearly doesn't currently serve any useful purpose.
(Buggy line reported by Matthias Koenig.)
Lutz Jänicke [Mon, 19 May 2008 07:52:17 +0000 (07:52 +0000)]
Document "openssl s_server" -crl_check* options
Submitted by: Daniel Black <daniel.subs@internode.on.net>
Lutz Jänicke [Mon, 19 May 2008 07:43:41 +0000 (07:43 +0000)]
Provide information about "openssl dgst" -hmac option.
Dr. Stephen Henson [Sun, 18 May 2008 13:52:05 +0000 (13:52 +0000)]
Typo.
PR: 1672
Lutz Jänicke [Fri, 16 May 2008 07:14:58 +0000 (07:14 +0000)]
Another occurance of possible valgrind/purify "uninitialized memory"
complaint related to the PRNG: with PURIFY policy don't feed uninitialized
memory into the PRNG.
Submitted by: Bodo Moeller <bmoeller@openssl.org> :-)
Dr. Stephen Henson [Mon, 12 May 2008 16:07:00 +0000 (16:07 +0000)]
Always seed PRNG for new requests no matter what key type. RSA may need
the PRNG for blinding.
PR: 1666
Dr. Stephen Henson [Fri, 9 May 2008 23:17:10 +0000 (23:17 +0000)]
Fix from HEAD.
Bodo Möller [Fri, 2 May 2008 18:47:19 +0000 (18:47 +0000)]
Avoid BN_MONT_CTX incompatibility.
Dr. Stephen Henson [Thu, 1 May 2008 23:31:03 +0000 (23:31 +0000)]
Update from HEAD.
Bodo Möller [Thu, 1 May 2008 23:11:34 +0000 (23:11 +0000)]
Unobtrusive backport of 32-bit x86 Montgomery improvements from 0.9.9-dev:
you need to use "enable-montasm" to see a difference. (Huge speed
advantage, but BN_MONT_CTX is not binary compatible, so this can't be
enabled by default in the 0.9.8 branch.)
The CHANGES entry also covers the 64-bit x86 backport in November 2007
by appro.