Dr. Stephen Henson [Wed, 25 Jun 2008 10:43:07 +0000 (10:43 +0000)]
Update from stable branch.
Bodo Möller [Mon, 23 Jun 2008 20:46:24 +0000 (20:46 +0000)]
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
Dr. Stephen Henson [Sun, 22 Jun 2008 01:09:14 +0000 (01:09 +0000)]
Update ordinals.
Dr. Stephen Henson [Sat, 21 Jun 2008 23:28:55 +0000 (23:28 +0000)]
Fix from stable branch.
Dr. Stephen Henson [Wed, 18 Jun 2008 15:08:41 +0000 (15:08 +0000)]
Update from stable branch.
Dr. Stephen Henson [Wed, 18 Jun 2008 12:06:10 +0000 (12:06 +0000)]
Update from stable branch.
Dr. Stephen Henson [Mon, 16 Jun 2008 15:51:48 +0000 (15:51 +0000)]
Update from stable branch.
Dr. Stephen Henson [Mon, 9 Jun 2008 16:48:42 +0000 (16:48 +0000)]
Add acknowledgement.
Dr. Stephen Henson [Fri, 6 Jun 2008 15:57:16 +0000 (15:57 +0000)]
Sync ordinals.
Dr. Stephen Henson [Fri, 6 Jun 2008 11:26:07 +0000 (11:26 +0000)]
Fix memory leak. The canonical X509_NAME_ENTRY STACK is reallocated rather
than referencing existing X509_NAME_ENTRY structures so needs to be
completely freed.
Dr. Stephen Henson [Thu, 5 Jun 2008 23:42:04 +0000 (23:42 +0000)]
Remove uidlg library from VC-32.pl, it is now bound at runtime.
Dr. Stephen Henson [Thu, 5 Jun 2008 23:19:56 +0000 (23:19 +0000)]
Don't change _WIN32_WINNT and detect GetConsoleWindow() and
CryptUIDlgSelectCertificateFromStore() at runtime. Add callback function
for selection mechanism.
Dr. Stephen Henson [Thu, 5 Jun 2008 17:04:16 +0000 (17:04 +0000)]
Update from stable branch.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:34:24 +0000 (15:34 +0000)]
Update CHANGES.
Dr. Stephen Henson [Thu, 5 Jun 2008 15:13:45 +0000 (15:13 +0000)]
Update from stable branch.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:45:25 +0000 (11:45 +0000)]
Update from stable branch.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:10:49 +0000 (11:10 +0000)]
Sync ordinals with stable branch.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:51:48 +0000 (10:51 +0000)]
Link in extra CryptoAPI related libraries if needed.
Dr. Stephen Henson [Wed, 4 Jun 2008 23:03:28 +0000 (23:03 +0000)]
Update from stable branch.
Dr. Stephen Henson [Wed, 4 Jun 2008 22:39:05 +0000 (22:39 +0000)]
Remove test fprintf.
Dr. Stephen Henson [Wed, 4 Jun 2008 22:34:38 +0000 (22:34 +0000)]
Compilation option to use a specific ssl client auth engine automatically.
Dr. Stephen Henson [Wed, 4 Jun 2008 16:45:05 +0000 (16:45 +0000)]
Use an appropriate Window for selection dialog.
Dr. Stephen Henson [Wed, 4 Jun 2008 16:10:09 +0000 (16:10 +0000)]
Add support for Windoes dialog box based certificate selection.
Dr. Stephen Henson [Wed, 4 Jun 2008 14:34:39 +0000 (14:34 +0000)]
Remove old non-safestack code.
Dr. Stephen Henson [Wed, 4 Jun 2008 12:03:57 +0000 (12:03 +0000)]
Tidy up and add comments to selection code.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:53:14 +0000 (11:53 +0000)]
Make DSO WIN32 compile again.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:52:36 +0000 (11:52 +0000)]
Update ordinals.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:45:15 +0000 (11:45 +0000)]
Remove store from Windows build.
Ben Laurie [Wed, 4 Jun 2008 11:01:43 +0000 (11:01 +0000)]
More type-checking.
Dr. Stephen Henson [Wed, 4 Jun 2008 10:57:38 +0000 (10:57 +0000)]
Avoid name clash.
Ben Laurie [Wed, 4 Jun 2008 05:21:13 +0000 (05:21 +0000)]
Only include windows headers when under windows.
Dr. Stephen Henson [Tue, 3 Jun 2008 23:54:31 +0000 (23:54 +0000)]
Add initial support for multiple SSL client certifcate selection in
CryptoAPI ENGINE.
Dr. Stephen Henson [Tue, 3 Jun 2008 11:37:52 +0000 (11:37 +0000)]
Match empty CA list to anything for ssl client auth in CryptoAPI engine.
Dr. Stephen Henson [Tue, 3 Jun 2008 11:26:27 +0000 (11:26 +0000)]
Add support for client cert engine setting in s_client app.
Add appropriate #ifdefs round client cert functions in headers.
Dr. Stephen Henson [Tue, 3 Jun 2008 10:27:39 +0000 (10:27 +0000)]
Add preliminary SSL client auth callback to CryptoAPI ENGINE.
Dr. Stephen Henson [Tue, 3 Jun 2008 10:17:45 +0000 (10:17 +0000)]
Prevent signed/unsigned warning on VC++
Ben Laurie [Tue, 3 Jun 2008 02:48:34 +0000 (02:48 +0000)]
Memory saving patch.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:41:38 +0000 (23:41 +0000)]
Update year.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:10:34 +0000 (23:10 +0000)]
Windows batch file to rebuild error codes for CryptoAPI ENGINE.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:09:04 +0000 (23:09 +0000)]
#undef OCSP_RESPONSE: CryptoAPI uses this too.
Dr. Stephen Henson [Mon, 2 Jun 2008 14:29:32 +0000 (14:29 +0000)]
Fix indentation.
Dr. Stephen Henson [Mon, 2 Jun 2008 12:10:06 +0000 (12:10 +0000)]
Avoid case in ca.c fix.
Dr. Stephen Henson [Mon, 2 Jun 2008 10:42:57 +0000 (10:42 +0000)]
Revert, doesn't fix warning :-(
Dr. Stephen Henson [Mon, 2 Jun 2008 10:37:53 +0000 (10:37 +0000)]
Avoid cast with wrapper function.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:45:11 +0000 (23:45 +0000)]
Free old store name (if any).
Dr. Stephen Henson [Sun, 1 Jun 2008 23:42:49 +0000 (23:42 +0000)]
Add ctrl for alternative certificate store names.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:28:17 +0000 (23:28 +0000)]
Use keyspec for DSA too.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:24:53 +0000 (23:24 +0000)]
Get and note keyspec when signing.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:06:48 +0000 (23:06 +0000)]
Release engine reference when calling SSL_CTX_free().
Dr. Stephen Henson [Sun, 1 Jun 2008 22:45:08 +0000 (22:45 +0000)]
Allow ENGINE client cert callback to specify a set of other certs, for
the rest of the certificate chain. Currently unused.
Dr. Stephen Henson [Sun, 1 Jun 2008 22:34:40 +0000 (22:34 +0000)]
Update error codes.
Dr. Stephen Henson [Sun, 1 Jun 2008 22:33:24 +0000 (22:33 +0000)]
Add client cert engine to SSL routines.
Dr. Stephen Henson [Sun, 1 Jun 2008 21:18:47 +0000 (21:18 +0000)]
Update error codes, move typedef of SSL, SSL_CTX to ossl_typ.h
Dr. Stephen Henson [Sun, 1 Jun 2008 21:10:30 +0000 (21:10 +0000)]
Add support for ENGINE supplied SSL client auth.
Dr. Stephen Henson [Sun, 1 Jun 2008 11:07:34 +0000 (11:07 +0000)]
Update from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 23:48:02 +0000 (23:48 +0000)]
Update from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 23:21:40 +0000 (23:21 +0000)]
Update VC-32.pl and load CryptoAPI engine in the right place.
Dr. Stephen Henson [Sat, 31 May 2008 22:53:16 +0000 (22:53 +0000)]
More CryptoAPI engine code from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 22:50:00 +0000 (22:50 +0000)]
Add CryptoAPI error file too.
Dr. Stephen Henson [Sat, 31 May 2008 22:49:32 +0000 (22:49 +0000)]
Add CryptoAPI ENGINE from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 21:20:53 +0000 (21:20 +0000)]
Recognize LHASH_OF().
Dr. Stephen Henson [Sat, 31 May 2008 19:28:57 +0000 (19:28 +0000)]
Stop const mismatch warning.
Dr. Stephen Henson [Sat, 31 May 2008 19:17:25 +0000 (19:17 +0000)]
Stop warning about extra ';' outside of function.
Dr. Stephen Henson [Sat, 31 May 2008 18:55:23 +0000 (18:55 +0000)]
Stop const mismatch warning in VC++.
Bodo Möller [Sat, 31 May 2008 13:42:53 +0000 (13:42 +0000)]
Everyone's had a few years to port their favorite additions to 0.9.7
to HEAD (and the 0.9.8 branch). Remove the reminder.
Dr. Stephen Henson [Fri, 30 May 2008 10:57:49 +0000 (10:57 +0000)]
Fix from stable branch.
Bodo Möller [Wed, 28 May 2008 22:30:28 +0000 (22:30 +0000)]
sync with 0.9.8 branch
Bodo Möller [Wed, 28 May 2008 22:17:34 +0000 (22:17 +0000)]
From HEAD:
Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)
Reviewed by: openssl-security@openssl.org
Obtained from: mark@awe.com
Bodo Möller [Wed, 28 May 2008 22:15:48 +0000 (22:15 +0000)]
From HEAD:
Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)
Reviewed by: openssl-security@openssl.org
Obtained from: jorton@redhat.com
Bodo Möller [Tue, 27 May 2008 18:43:20 +0000 (18:43 +0000)]
grammar
Bodo Möller [Tue, 27 May 2008 18:41:09 +0000 (18:41 +0000)]
year 2008
Dr. Stephen Henson [Tue, 27 May 2008 11:44:03 +0000 (11:44 +0000)]
Avoid "duplicate const" warnings.
Dr. Stephen Henson [Tue, 27 May 2008 11:28:49 +0000 (11:28 +0000)]
Avoid warning about empty structures and always define CHECKED_PTR_OF
Dr. Stephen Henson [Mon, 26 May 2008 15:39:36 +0000 (15:39 +0000)]
C++ style comments fixed.
Ben Laurie [Mon, 26 May 2008 11:24:29 +0000 (11:24 +0000)]
LHASH revamp. make depend.
Lutz Jänicke [Mon, 26 May 2008 06:23:57 +0000 (06:23 +0000)]
Add README about removed root CA certificates.
Lutz Jänicke [Mon, 26 May 2008 06:21:13 +0000 (06:21 +0000)]
Reword comment to be much shorter to stop other people from complaining
about "overcommenting".
Lutz Jänicke [Fri, 23 May 2008 10:37:52 +0000 (10:37 +0000)]
Clear error queue when starting SSL_CTX_use_certificate_chain_file
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
Lutz Jänicke [Fri, 23 May 2008 08:59:23 +0000 (08:59 +0000)]
Remove all root CA files (beyond test CAs including private key)
from the OpenSSL distribution.
Dr. Stephen Henson [Tue, 20 May 2008 18:49:00 +0000 (18:49 +0000)]
Typo.
Dr. Stephen Henson [Tue, 20 May 2008 16:13:57 +0000 (16:13 +0000)]
Typo.
Dr. Stephen Henson [Tue, 20 May 2008 12:23:38 +0000 (12:23 +0000)]
Update ordinals.
Dr. Stephen Henson [Tue, 20 May 2008 11:52:57 +0000 (11:52 +0000)]
Update from stable branch.
Dr. Stephen Henson [Tue, 20 May 2008 11:30:27 +0000 (11:30 +0000)]
Fix from stable branch.
Lutz Jänicke [Tue, 20 May 2008 08:10:48 +0000 (08:10 +0000)]
Correctly adjust location of comment
Submitted by: Ben Laurie <ben@links.org>
Dr. Stephen Henson [Mon, 19 May 2008 21:33:55 +0000 (21:33 +0000)]
Fix two invalid memory reads in RSA OAEP mode.
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
Bodo Möller [Mon, 19 May 2008 20:45:25 +0000 (20:45 +0000)]
Change use of CRYPTO_THREADID so that we always use both the ulong and
ptr members.
(So if the id_callback is bogus, we still have &errno.)
Bodo Möller [Mon, 19 May 2008 19:44:45 +0000 (19:44 +0000)]
Disable code that clearly doesn't currently serve any useful purpose.
(Buggy line reported by Matthias Koenig.)
Lutz Jänicke [Mon, 19 May 2008 07:52:15 +0000 (07:52 +0000)]
Document "openssl s_server" -crl_check* options
Submitted by: Daniel Black <daniel.subs@internode.on.net>
Lutz Jänicke [Mon, 19 May 2008 07:43:34 +0000 (07:43 +0000)]
Provide information about "openssl dgst" -hmac option.
Lutz Jänicke [Mon, 19 May 2008 06:21:05 +0000 (06:21 +0000)]
Typo. (From 0.9.8-stable/S. Henson)
PR: 1672
Lutz Jänicke [Fri, 16 May 2008 07:14:26 +0000 (07:14 +0000)]
Another occurance of possible valgrind/purify "uninitialized memory"
complaint related to the PRNG: with PURIFY policy don't feed uninitialized
memory into the PRNG.
Submitted by: Bodo Moeller <bmoeller@openssl.org> :-)
Dr. Stephen Henson [Mon, 12 May 2008 16:24:31 +0000 (16:24 +0000)]
Fix from stable branch.
Dr. Stephen Henson [Fri, 9 May 2008 23:16:24 +0000 (23:16 +0000)]
Add missing cast.
Andy Polyakov [Sat, 3 May 2008 18:34:59 +0000 (18:34 +0000)]
Depict future Win64/x64 development.
Bodo Möller [Fri, 2 May 2008 18:47:48 +0000 (18:47 +0000)]
Clarifying comment.
Dr. Stephen Henson [Fri, 2 May 2008 17:27:01 +0000 (17:27 +0000)]
New function CMS_add1_crl().
Dr. Stephen Henson [Fri, 2 May 2008 11:24:40 +0000 (11:24 +0000)]
Indicate support for digest init ctrl.
Dr. Stephen Henson [Thu, 1 May 2008 23:35:36 +0000 (23:35 +0000)]
Typo.
Dr. Stephen Henson [Thu, 1 May 2008 23:30:06 +0000 (23:30 +0000)]
Use "cont" consistently in cms-examples.pl
Add a -certsout option to output any certificates in a message.
Add test for example 4.11