Dr. Stephen Henson [Wed, 9 Sep 2009 16:32:19 +0000 (16:32 +0000)]
Add new option --strict-warnings to Configure script. This is used to add
in devteam warnings into other configurations.
Dr. Stephen Henson [Wed, 9 Sep 2009 12:14:36 +0000 (12:14 +0000)]
Seed PRNG with DSA and ECDSA digests for additional protection against
possible PRNG state duplication.
Dr. Stephen Henson [Mon, 7 Sep 2009 17:57:02 +0000 (17:57 +0000)]
PR: 2031
Submitted by: steve@openssl.org
Tolerate application/timestamp-response which some servers send out.
Dr. Stephen Henson [Sun, 6 Sep 2009 17:55:40 +0000 (17:55 +0000)]
Typo presumably...
Dr. Stephen Henson [Sun, 6 Sep 2009 15:55:54 +0000 (15:55 +0000)]
Make update, deleting bogus DTLS error code
Dr. Stephen Henson [Sun, 6 Sep 2009 15:49:12 +0000 (15:49 +0000)]
PR: 1644
Submitted by: steve@openssl.org
Fix to make DHparams_dup() et al work in C++.
For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.
Dr. Stephen Henson [Fri, 4 Sep 2009 17:42:06 +0000 (17:42 +0000)]
PR: 2028
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Fix DTLS cookie management bugs.
Dr. Stephen Henson [Fri, 4 Sep 2009 12:27:01 +0000 (12:27 +0000)]
Correction: salt is now default
Dr. Stephen Henson [Fri, 4 Sep 2009 11:31:19 +0000 (11:31 +0000)]
Oops, s can be NULL
Dr. Stephen Henson [Wed, 2 Sep 2009 15:57:12 +0000 (15:57 +0000)]
PR: 2020
Submitted by: Keith Beckman <kbeckman@mcg.edu>, Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org
Fix improperly capitalized references to WWW::Curl::Easy.
Dr. Stephen Henson [Wed, 2 Sep 2009 15:51:28 +0000 (15:51 +0000)]
PR: 2029
Submitted by: Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org
Fix so that the legacy digest EVP_dss1() still works.
Dr. Stephen Henson [Wed, 2 Sep 2009 13:55:22 +0000 (13:55 +0000)]
PR: 2013
Submitted by: steve@openssl.org
Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.
Add error checking to CRL generation in ca utility when nextUpdate is being
set.
Dr. Stephen Henson [Wed, 2 Sep 2009 13:20:22 +0000 (13:20 +0000)]
PR: 2009
Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov@opera.com>
Approved by: steve@openssl.org
Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although
the ticket mentions buffer overruns this isn't a security issue because
the SSL_SESSION structure is generated internally and it should never be
possible to supply its contents from an untrusted application (this would
among other things destroy session cache security).
Dr. Stephen Henson [Wed, 2 Sep 2009 12:53:32 +0000 (12:53 +0000)]
PR: 2022
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Fix DTLS record header length bug.
Dr. Stephen Henson [Wed, 2 Sep 2009 12:45:19 +0000 (12:45 +0000)]
Tidy up and fix verify callbacks to avoid structure dereference, use of
obsolete functions and enhance to handle new conditions such as policy
printing.
Dr. Stephen Henson [Mon, 31 Aug 2009 22:21:01 +0000 (22:21 +0000)]
Missing break.
Dr. Stephen Henson [Wed, 26 Aug 2009 15:13:43 +0000 (15:13 +0000)]
PR: 2005
Submitted by: steve@openssl.org
Some systems have broken IPv6 headers and/or implementations. If
OPENSSL_USE_IPV6 is set to 0 IPv6 is not used, if it is set to 1 it is used
and if undefined an attempt is made to detect at compile time by checking
if AF_INET6 is set and excluding known problem platforms.
Dr. Stephen Henson [Wed, 26 Aug 2009 11:51:23 +0000 (11:51 +0000)]
PR: 2006
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Do not use multiple DTLS records for a single user message
Dr. Stephen Henson [Wed, 26 Aug 2009 11:41:32 +0000 (11:41 +0000)]
PR: 2015
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Define LIBDIR properly.
Richard Levitte [Wed, 26 Aug 2009 11:21:50 +0000 (11:21 +0000)]
Moving up the inclusion of e_os.h was a bad idea.
Put it back where it was and place an inclusion of e_os2.h to get platform
macros defined...
Richard Levitte [Tue, 25 Aug 2009 07:30:02 +0000 (07:30 +0000)]
Make sure ENGINES can be separately compiled as well.
Make sure _XOPEN_SOURCE_EXTENDED is defined in opensslconf.h
Submitted by Zoltan Arpadffy <zoli@polarhome.com>
Richard Levitte [Tue, 25 Aug 2009 07:28:12 +0000 (07:28 +0000)]
Remove tmdiff.h from EXHEADERS as it doesn't exist.
Don't have separate installation directory variables for VAX and AXP.
Submitted by Zoltan Arpadffy <zoli@polarhome.com>
Richard Levitte [Tue, 25 Aug 2009 07:25:55 +0000 (07:25 +0000)]
Define EXE_DIR earlier.
Make sure S_SOCKET also gets compiled with _POSIX_C_SOURCE defined.
Submitted by Zoltan Arpadffy <zoli@polarhome.com>
Richard Levitte [Tue, 25 Aug 2009 07:23:21 +0000 (07:23 +0000)]
Move up the inclusion of e_os.h so OPENSSL_SYS_VMS_DECC has a chance
to be properly defined.
Richard Levitte [Tue, 25 Aug 2009 07:22:08 +0000 (07:22 +0000)]
Make it possible to compile non-assembler routines on AXP as well.
Submitted by Zoltan Arpadffy <arpadffy@polarhome.com>
Richard Levitte [Tue, 25 Aug 2009 07:19:20 +0000 (07:19 +0000)]
Make engines compile on VMS for ia64 as well.
Parse file types in a more secure manner.
Submitted by sms@antinode.info (Steven M. Schweda)
Richard Levitte [Tue, 25 Aug 2009 07:17:13 +0000 (07:17 +0000)]
Correct some typos and missing things.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
Richard Levitte [Tue, 25 Aug 2009 07:10:09 +0000 (07:10 +0000)]
Include proper header files for time functions.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
Dr. Stephen Henson [Tue, 18 Aug 2009 11:14:12 +0000 (11:14 +0000)]
Stop unused variable warning on WIN32 et al.
Dr. Stephen Henson [Sat, 15 Aug 2009 10:51:37 +0000 (10:51 +0000)]
Use SHA1 and not deprecated MD5 in demos.
Dr. Stephen Henson [Wed, 12 Aug 2009 17:08:44 +0000 (17:08 +0000)]
Update default dependency flags.
Make error name discrepancies a fatal error.
Fix error codes.
make update
Dr. Stephen Henson [Wed, 12 Aug 2009 16:45:35 +0000 (16:45 +0000)]
Re-enable mdc2 default by default as the patent is now expired.
Dr. Stephen Henson [Wed, 12 Aug 2009 16:41:46 +0000 (16:41 +0000)]
Update README with bug report and contribution details.
Dr. Stephen Henson [Wed, 12 Aug 2009 13:21:26 +0000 (13:21 +0000)]
PR: 1997
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS timeout handling fix.
Dr. Stephen Henson [Mon, 10 Aug 2009 15:53:11 +0000 (15:53 +0000)]
Typo
Dr. Stephen Henson [Mon, 10 Aug 2009 15:30:29 +0000 (15:30 +0000)]
PR: 1999
Submitted by: "Bayram Kurumahmut" <kbayram@ubicom.com>
Approved by: steve@openssl.org
Don't use HAVE_FORK in apps/speed.c it can conflict with configured version.
Dr. Stephen Henson [Mon, 10 Aug 2009 14:57:11 +0000 (14:57 +0000)]
PR: 2004
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Approved by: steve@openssl.org
Handle fractional seconds properly in ASN1_GENERALIZEDTIME_print
Dr. Stephen Henson [Mon, 10 Aug 2009 14:42:05 +0000 (14:42 +0000)]
PR: 2003
Make it possible to install OpenSSL in directories with name other
than "lib" for example "lib64". Based on patch from Jeremy Utley.
Dr. Stephen Henson [Sun, 9 Aug 2009 14:58:05 +0000 (14:58 +0000)]
Add COMP error strings.
Dr. Stephen Henson [Thu, 6 Aug 2009 16:29:42 +0000 (16:29 +0000)]
Add missing CHANGES entry.
Dr. Stephen Henson [Wed, 5 Aug 2009 15:52:06 +0000 (15:52 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 5 Aug 2009 15:29:14 +0000 (15:29 +0000)]
PR: 2000
Submitted by: Vadim Zeitlin <vz-openssl@zeitlins.org>
Approved by: steve@openssl.org
Make no-comp compile without warnings.
Dr. Stephen Henson [Wed, 5 Aug 2009 15:04:16 +0000 (15:04 +0000)]
Update from HEAD.
Dr. Stephen Henson [Mon, 27 Jul 2009 21:21:25 +0000 (21:21 +0000)]
PR: 1996
Submitted by: steve@openssl.org
Change conflicting name "BLOCK" to "OPENSSL_BLOCK".
Dr. Stephen Henson [Mon, 27 Jul 2009 21:08:53 +0000 (21:08 +0000)]
Change STRING to OPENSSL_STRING etc as common words such
as "STRING" cause conflicts with other headers/libraries.
Ben Laurie [Sun, 26 Jul 2009 12:26:38 +0000 (12:26 +0000)]
Fix warnings.
Dr. Stephen Henson [Fri, 24 Jul 2009 13:47:52 +0000 (13:47 +0000)]
Update from 0.9.8-stable.
Dr. Stephen Henson [Fri, 24 Jul 2009 13:43:23 +0000 (13:43 +0000)]
Remove MD2 test from WIN32 tests.
Dr. Stephen Henson [Fri, 24 Jul 2009 13:36:36 +0000 (13:36 +0000)]
Fix typo.
Dr. Stephen Henson [Fri, 24 Jul 2009 13:29:45 +0000 (13:29 +0000)]
Update TABLE.
Dr. Stephen Henson [Fri, 24 Jul 2009 13:29:13 +0000 (13:29 +0000)]
Add new debug targets.
Dr. Stephen Henson [Fri, 24 Jul 2009 13:07:08 +0000 (13:07 +0000)]
PR: 1990
Update from 0.9.8-stable.
Dr. Stephen Henson [Fri, 24 Jul 2009 13:02:55 +0000 (13:02 +0000)]
Doc update from HEAD.
Dr. Stephen Henson [Fri, 24 Jul 2009 11:52:32 +0000 (11:52 +0000)]
PR: 1993
Fix from 0.9.8-stable.
Dr. Stephen Henson [Fri, 24 Jul 2009 11:34:41 +0000 (11:34 +0000)]
Fix from 0.9.8-stable
Dr. Stephen Henson [Fri, 24 Jul 2009 11:24:45 +0000 (11:24 +0000)]
Update from 0.9.8-stable.
Dr. Stephen Henson [Fri, 24 Jul 2009 11:15:55 +0000 (11:15 +0000)]
Update from 0.9.8-stable
Dr. Stephen Henson [Fri, 24 Jul 2009 11:10:57 +0000 (11:10 +0000)]
Update from 0.9.8-stable.
Dr. Stephen Henson [Thu, 16 Jul 2009 09:54:49 +0000 (09:54 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 15 Jul 2009 17:59:17 +0000 (17:59 +0000)]
Call CMS tests with "make test"
Dr. Stephen Henson [Wed, 15 Jul 2009 17:58:57 +0000 (17:58 +0000)]
Handle OSX ".dynlib" DSO extension.
Dr. Stephen Henson [Wed, 15 Jul 2009 12:08:35 +0000 (12:08 +0000)]
Update for next beta.
Dr. Stephen Henson [Wed, 15 Jul 2009 11:37:45 +0000 (11:37 +0000)]
Preparation for beta3 release.
Dr. Stephen Henson [Wed, 15 Jul 2009 11:32:58 +0000 (11:32 +0000)]
Fix error codes and indentation.
Dr. Stephen Henson [Wed, 15 Jul 2009 11:01:40 +0000 (11:01 +0000)]
PR: 1980
Submitted by: Victor Wagner <vitus@wagner.pp.ru>
Approved by: steve@openssl.org
Fix memory leaks.
Dr. Stephen Henson [Tue, 14 Jul 2009 15:28:44 +0000 (15:28 +0000)]
Stop warning of signed/unsigned compare.
Dr. Stephen Henson [Tue, 14 Jul 2009 15:14:39 +0000 (15:14 +0000)]
Oops, use right function name...
Dr. Stephen Henson [Mon, 13 Jul 2009 11:57:15 +0000 (11:57 +0000)]
Document MD2 deprecation.
Dr. Stephen Henson [Mon, 13 Jul 2009 11:44:04 +0000 (11:44 +0000)]
PR: 1984
Submitted by: Michael TÃ\83¼xen <Michael.Tuexen@lurchi.franken.de>
Approved by: steve@openssl.org
Don't concatenate reads in DTLS.
Dr. Stephen Henson [Mon, 13 Jul 2009 11:40:46 +0000 (11:40 +0000)]
Update from HEAD.
Dr. Stephen Henson [Sat, 11 Jul 2009 22:36:27 +0000 (22:36 +0000)]
Fix from 0.9.8-stable.
Dr. Stephen Henson [Sat, 11 Jul 2009 22:30:02 +0000 (22:30 +0000)]
Update from HEAD.
Dr. Stephen Henson [Sat, 11 Jul 2009 21:42:47 +0000 (21:42 +0000)]
PR: 1985
Submitted by: Artem Chuprina <ran@cryptocom.ru>
Approved by: steve@openssl.org
Initialise flags.
Dr. Stephen Henson [Wed, 8 Jul 2009 09:13:24 +0000 (09:13 +0000)]
Make update.
Dr. Stephen Henson [Wed, 8 Jul 2009 08:50:53 +0000 (08:50 +0000)]
Delete MD2 from algorithm tables and default compilation.
Dr. Stephen Henson [Sat, 4 Jul 2009 12:05:14 +0000 (12:05 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sat, 4 Jul 2009 11:44:01 +0000 (11:44 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 1 Jul 2009 15:46:43 +0000 (15:46 +0000)]
PR: 1976
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org
Cleanup some compile time warnings/magic numbers.
Dr. Stephen Henson [Wed, 1 Jul 2009 15:42:38 +0000 (15:42 +0000)]
PR: 1974(partial)
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org
Cryptodev digest support.
Dr. Stephen Henson [Wed, 1 Jul 2009 15:36:55 +0000 (15:36 +0000)]
192, 256 bit AES and RC4 support for cryptodev.
Dr. Stephen Henson [Wed, 1 Jul 2009 15:25:17 +0000 (15:25 +0000)]
PR: 1974(partial)
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org
Fix up RSA API compliance for rsa_nocrt_mod_exp method.
Dr. Stephen Henson [Wed, 1 Jul 2009 14:55:59 +0000 (14:55 +0000)]
PR: 1974 (partial)
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org
If -DHAVE_CRYPTODEV is set enable cryptodev support
Dr. Stephen Henson [Wed, 1 Jul 2009 11:43:57 +0000 (11:43 +0000)]
PR: 1972
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org
Add support for building with the uClinux-dist.
Dr. Stephen Henson [Wed, 1 Jul 2009 11:39:59 +0000 (11:39 +0000)]
PR: 1970
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Reviewed by: steve@openssl.org
Fix unused variable "words" and uninitialised data "b".
Dr. Stephen Henson [Wed, 1 Jul 2009 11:35:46 +0000 (11:35 +0000)]
PR: 1965
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org
Make sure defines to remove SHA are correct.
Dr. Stephen Henson [Wed, 1 Jul 2009 11:29:01 +0000 (11:29 +0000)]
PR: 1962
Submitted by: Daniel Mentz <daniel.m@sent.com>
Reviewed by: steve@openssl.org
Fix "for dtls1_get_record() returns a bad record in one edge case" bug.
Dr. Stephen Henson [Wed, 1 Jul 2009 11:23:07 +0000 (11:23 +0000)]
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Reviewed by: steve@openssl.org
EVP_CTRL_PBE_PRF_NID suppot for Gost engine.
Dr. Stephen Henson [Tue, 30 Jun 2009 22:26:28 +0000 (22:26 +0000)]
Update from 0.9.8-stable.
Dr. Stephen Henson [Tue, 30 Jun 2009 20:55:55 +0000 (20:55 +0000)]
Typo.
Dr. Stephen Henson [Tue, 30 Jun 2009 16:10:24 +0000 (16:10 +0000)]
Update from HEAD.
Dr. Stephen Henson [Tue, 30 Jun 2009 15:21:48 +0000 (15:21 +0000)]
PR: 1969
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org
Don't use repeating key when testing algs.
Dr. Stephen Henson [Tue, 30 Jun 2009 15:10:54 +0000 (15:10 +0000)]
PR: 1967
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org
Don't go past end of params array.
Dr. Stephen Henson [Tue, 30 Jun 2009 15:08:38 +0000 (15:08 +0000)]
PR: 1966
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Reviewed by: steve@openssl.org
Make no-ocsp work properly.
Dr. Stephen Henson [Tue, 30 Jun 2009 14:59:59 +0000 (14:59 +0000)]
PR: 1963
Submitted by: David McCullough <david_mccullough@securecomputing.com>
Approved by: steve@openssl.org
Make build fail if makedepend not present.
Dr. Stephen Henson [Tue, 30 Jun 2009 11:57:24 +0000 (11:57 +0000)]
Add "missing" functions for setting all verify parameters for SSL_CTX and SSL
structures.
Dr. Stephen Henson [Tue, 30 Jun 2009 11:41:35 +0000 (11:41 +0000)]
Redundant check: s->param is always non-NULL, it is set in SSL_new().
Dr. Stephen Henson [Tue, 30 Jun 2009 11:21:00 +0000 (11:21 +0000)]
Inherit parameters properly in SSL contexts: any parameters set should
replace those in the current list.
Dr. Stephen Henson [Mon, 29 Jun 2009 16:09:58 +0000 (16:09 +0000)]
Update from HEAD.
Dr. Stephen Henson [Sun, 28 Jun 2009 16:24:11 +0000 (16:24 +0000)]
Update from 0.9.8-stable.
Dr. Stephen Henson [Fri, 26 Jun 2009 23:14:11 +0000 (23:14 +0000)]
Fix from 0.9.8-stable