Dr. Stephen Henson [Wed, 4 Jun 2008 12:03:57 +0000 (12:03 +0000)]
Tidy up and add comments to selection code.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:53:14 +0000 (11:53 +0000)]
Make DSO WIN32 compile again.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:52:36 +0000 (11:52 +0000)]
Update ordinals.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:45:15 +0000 (11:45 +0000)]
Remove store from Windows build.
Ben Laurie [Wed, 4 Jun 2008 11:01:43 +0000 (11:01 +0000)]
More type-checking.
Dr. Stephen Henson [Wed, 4 Jun 2008 10:57:38 +0000 (10:57 +0000)]
Avoid name clash.
Ben Laurie [Wed, 4 Jun 2008 05:21:13 +0000 (05:21 +0000)]
Only include windows headers when under windows.
Dr. Stephen Henson [Tue, 3 Jun 2008 23:54:31 +0000 (23:54 +0000)]
Add initial support for multiple SSL client certifcate selection in
CryptoAPI ENGINE.
Dr. Stephen Henson [Tue, 3 Jun 2008 11:37:52 +0000 (11:37 +0000)]
Match empty CA list to anything for ssl client auth in CryptoAPI engine.
Dr. Stephen Henson [Tue, 3 Jun 2008 11:26:27 +0000 (11:26 +0000)]
Add support for client cert engine setting in s_client app.
Add appropriate #ifdefs round client cert functions in headers.
Dr. Stephen Henson [Tue, 3 Jun 2008 10:27:39 +0000 (10:27 +0000)]
Add preliminary SSL client auth callback to CryptoAPI ENGINE.
Dr. Stephen Henson [Tue, 3 Jun 2008 10:17:45 +0000 (10:17 +0000)]
Prevent signed/unsigned warning on VC++
Ben Laurie [Tue, 3 Jun 2008 02:48:34 +0000 (02:48 +0000)]
Memory saving patch.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:41:38 +0000 (23:41 +0000)]
Update year.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:10:34 +0000 (23:10 +0000)]
Windows batch file to rebuild error codes for CryptoAPI ENGINE.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:09:04 +0000 (23:09 +0000)]
#undef OCSP_RESPONSE: CryptoAPI uses this too.
Dr. Stephen Henson [Mon, 2 Jun 2008 14:29:32 +0000 (14:29 +0000)]
Fix indentation.
Dr. Stephen Henson [Mon, 2 Jun 2008 12:10:06 +0000 (12:10 +0000)]
Avoid case in ca.c fix.
Dr. Stephen Henson [Mon, 2 Jun 2008 10:42:57 +0000 (10:42 +0000)]
Revert, doesn't fix warning :-(
Dr. Stephen Henson [Mon, 2 Jun 2008 10:37:53 +0000 (10:37 +0000)]
Avoid cast with wrapper function.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:45:11 +0000 (23:45 +0000)]
Free old store name (if any).
Dr. Stephen Henson [Sun, 1 Jun 2008 23:42:49 +0000 (23:42 +0000)]
Add ctrl for alternative certificate store names.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:28:17 +0000 (23:28 +0000)]
Use keyspec for DSA too.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:24:53 +0000 (23:24 +0000)]
Get and note keyspec when signing.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:06:48 +0000 (23:06 +0000)]
Release engine reference when calling SSL_CTX_free().
Dr. Stephen Henson [Sun, 1 Jun 2008 22:45:08 +0000 (22:45 +0000)]
Allow ENGINE client cert callback to specify a set of other certs, for
the rest of the certificate chain. Currently unused.
Dr. Stephen Henson [Sun, 1 Jun 2008 22:34:40 +0000 (22:34 +0000)]
Update error codes.
Dr. Stephen Henson [Sun, 1 Jun 2008 22:33:24 +0000 (22:33 +0000)]
Add client cert engine to SSL routines.
Dr. Stephen Henson [Sun, 1 Jun 2008 21:18:47 +0000 (21:18 +0000)]
Update error codes, move typedef of SSL, SSL_CTX to ossl_typ.h
Dr. Stephen Henson [Sun, 1 Jun 2008 21:10:30 +0000 (21:10 +0000)]
Add support for ENGINE supplied SSL client auth.
Dr. Stephen Henson [Sun, 1 Jun 2008 11:07:34 +0000 (11:07 +0000)]
Update from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 23:48:02 +0000 (23:48 +0000)]
Update from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 23:21:40 +0000 (23:21 +0000)]
Update VC-32.pl and load CryptoAPI engine in the right place.
Dr. Stephen Henson [Sat, 31 May 2008 22:53:16 +0000 (22:53 +0000)]
More CryptoAPI engine code from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 22:50:00 +0000 (22:50 +0000)]
Add CryptoAPI error file too.
Dr. Stephen Henson [Sat, 31 May 2008 22:49:32 +0000 (22:49 +0000)]
Add CryptoAPI ENGINE from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 21:20:53 +0000 (21:20 +0000)]
Recognize LHASH_OF().
Dr. Stephen Henson [Sat, 31 May 2008 19:28:57 +0000 (19:28 +0000)]
Stop const mismatch warning.
Dr. Stephen Henson [Sat, 31 May 2008 19:17:25 +0000 (19:17 +0000)]
Stop warning about extra ';' outside of function.
Dr. Stephen Henson [Sat, 31 May 2008 18:55:23 +0000 (18:55 +0000)]
Stop const mismatch warning in VC++.
Bodo Möller [Sat, 31 May 2008 13:42:53 +0000 (13:42 +0000)]
Everyone's had a few years to port their favorite additions to 0.9.7
to HEAD (and the 0.9.8 branch). Remove the reminder.
Dr. Stephen Henson [Fri, 30 May 2008 10:57:49 +0000 (10:57 +0000)]
Fix from stable branch.
Bodo Möller [Wed, 28 May 2008 22:30:28 +0000 (22:30 +0000)]
sync with 0.9.8 branch
Bodo Möller [Wed, 28 May 2008 22:17:34 +0000 (22:17 +0000)]
From HEAD:
Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)
Reviewed by: openssl-security@openssl.org
Obtained from: mark@awe.com
Bodo Möller [Wed, 28 May 2008 22:15:48 +0000 (22:15 +0000)]
From HEAD:
Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)
Reviewed by: openssl-security@openssl.org
Obtained from: jorton@redhat.com
Bodo Möller [Tue, 27 May 2008 18:43:20 +0000 (18:43 +0000)]
grammar
Bodo Möller [Tue, 27 May 2008 18:41:09 +0000 (18:41 +0000)]
year 2008
Dr. Stephen Henson [Tue, 27 May 2008 11:44:03 +0000 (11:44 +0000)]
Avoid "duplicate const" warnings.
Dr. Stephen Henson [Tue, 27 May 2008 11:28:49 +0000 (11:28 +0000)]
Avoid warning about empty structures and always define CHECKED_PTR_OF
Dr. Stephen Henson [Mon, 26 May 2008 15:39:36 +0000 (15:39 +0000)]
C++ style comments fixed.
Ben Laurie [Mon, 26 May 2008 11:24:29 +0000 (11:24 +0000)]
LHASH revamp. make depend.
Lutz Jänicke [Mon, 26 May 2008 06:23:57 +0000 (06:23 +0000)]
Add README about removed root CA certificates.
Lutz Jänicke [Mon, 26 May 2008 06:21:13 +0000 (06:21 +0000)]
Reword comment to be much shorter to stop other people from complaining
about "overcommenting".
Lutz Jänicke [Fri, 23 May 2008 10:37:52 +0000 (10:37 +0000)]
Clear error queue when starting SSL_CTX_use_certificate_chain_file
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
Lutz Jänicke [Fri, 23 May 2008 08:59:23 +0000 (08:59 +0000)]
Remove all root CA files (beyond test CAs including private key)
from the OpenSSL distribution.
Dr. Stephen Henson [Tue, 20 May 2008 18:49:00 +0000 (18:49 +0000)]
Typo.
Dr. Stephen Henson [Tue, 20 May 2008 16:13:57 +0000 (16:13 +0000)]
Typo.
Dr. Stephen Henson [Tue, 20 May 2008 12:23:38 +0000 (12:23 +0000)]
Update ordinals.
Dr. Stephen Henson [Tue, 20 May 2008 11:52:57 +0000 (11:52 +0000)]
Update from stable branch.
Dr. Stephen Henson [Tue, 20 May 2008 11:30:27 +0000 (11:30 +0000)]
Fix from stable branch.
Lutz Jänicke [Tue, 20 May 2008 08:10:48 +0000 (08:10 +0000)]
Correctly adjust location of comment
Submitted by: Ben Laurie <ben@links.org>
Dr. Stephen Henson [Mon, 19 May 2008 21:33:55 +0000 (21:33 +0000)]
Fix two invalid memory reads in RSA OAEP mode.
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
Bodo Möller [Mon, 19 May 2008 20:45:25 +0000 (20:45 +0000)]
Change use of CRYPTO_THREADID so that we always use both the ulong and
ptr members.
(So if the id_callback is bogus, we still have &errno.)
Bodo Möller [Mon, 19 May 2008 19:44:45 +0000 (19:44 +0000)]
Disable code that clearly doesn't currently serve any useful purpose.
(Buggy line reported by Matthias Koenig.)
Lutz Jänicke [Mon, 19 May 2008 07:52:15 +0000 (07:52 +0000)]
Document "openssl s_server" -crl_check* options
Submitted by: Daniel Black <daniel.subs@internode.on.net>
Lutz Jänicke [Mon, 19 May 2008 07:43:34 +0000 (07:43 +0000)]
Provide information about "openssl dgst" -hmac option.
Lutz Jänicke [Mon, 19 May 2008 06:21:05 +0000 (06:21 +0000)]
Typo. (From 0.9.8-stable/S. Henson)
PR: 1672
Lutz Jänicke [Fri, 16 May 2008 07:14:26 +0000 (07:14 +0000)]
Another occurance of possible valgrind/purify "uninitialized memory"
complaint related to the PRNG: with PURIFY policy don't feed uninitialized
memory into the PRNG.
Submitted by: Bodo Moeller <bmoeller@openssl.org> :-)
Dr. Stephen Henson [Mon, 12 May 2008 16:24:31 +0000 (16:24 +0000)]
Fix from stable branch.
Dr. Stephen Henson [Fri, 9 May 2008 23:16:24 +0000 (23:16 +0000)]
Add missing cast.
Andy Polyakov [Sat, 3 May 2008 18:34:59 +0000 (18:34 +0000)]
Depict future Win64/x64 development.
Bodo Möller [Fri, 2 May 2008 18:47:48 +0000 (18:47 +0000)]
Clarifying comment.
Dr. Stephen Henson [Fri, 2 May 2008 17:27:01 +0000 (17:27 +0000)]
New function CMS_add1_crl().
Dr. Stephen Henson [Fri, 2 May 2008 11:24:40 +0000 (11:24 +0000)]
Indicate support for digest init ctrl.
Dr. Stephen Henson [Thu, 1 May 2008 23:35:36 +0000 (23:35 +0000)]
Typo.
Dr. Stephen Henson [Thu, 1 May 2008 23:30:06 +0000 (23:30 +0000)]
Use "cont" consistently in cms-examples.pl
Add a -certsout option to output any certificates in a message.
Add test for example 4.11
Bodo Möller [Thu, 1 May 2008 18:48:20 +0000 (18:48 +0000)]
Montgomery-related minor cleanups/documentation
Dr. Stephen Henson [Wed, 30 Apr 2008 16:14:02 +0000 (16:14 +0000)]
Update from stable branch.
Dr. Stephen Henson [Tue, 29 Apr 2008 17:22:35 +0000 (17:22 +0000)]
Update from stable branch.
Dr. Stephen Henson [Tue, 29 Apr 2008 16:46:46 +0000 (16:46 +0000)]
Oops!
Dr. Stephen Henson [Tue, 29 Apr 2008 16:44:51 +0000 (16:44 +0000)]
Update from stable branch.
Dr. Stephen Henson [Tue, 29 Apr 2008 16:39:03 +0000 (16:39 +0000)]
Update from stable branch.
Geoff Thorpe [Mon, 28 Apr 2008 21:39:09 +0000 (21:39 +0000)]
Fix auto-discovery of ENGINEs. See the CHANGES entry for details (and/or
ticket #1668).
PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe
Geoff Thorpe [Sun, 27 Apr 2008 18:41:23 +0000 (18:41 +0000)]
Paul Sheer optimised the OpenSSL to/from libGMP conversions for the case
where they both use the same limb size. I've tweaked his patch slightly, so
blame me if it breaks.
Submitted by: Paul Sheer
Reviewed by: Geoff Thorpe
Dr. Stephen Henson [Fri, 25 Apr 2008 16:27:04 +0000 (16:27 +0000)]
Don't send zero length session ID if stateless session resupmtion is
successful. Check be seeing if there is a cache hit.
Dr. Stephen Henson [Fri, 25 Apr 2008 11:33:32 +0000 (11:33 +0000)]
Disable debugging fprintf.
Andy Polyakov [Thu, 24 Apr 2008 10:04:26 +0000 (10:04 +0000)]
Add 64-bit support to BN_nist_mod_244 and engage BN_nist_mod_* on 64-bit
platforms.
Andy Polyakov [Thu, 24 Apr 2008 09:59:45 +0000 (09:59 +0000)]
Compensate inline assembler in sha512.c for gcc 2.7.2 compiler bug.
PR: 1667
Andy Polyakov [Wed, 23 Apr 2008 08:10:25 +0000 (08:10 +0000)]
Takanori Yanagisawa has shown how to correctly use pre-computed values.
So in a sense this commit reverts few latest ones fixing bugs in original
code and improving it, most notably adding 64-bit support [though not in
BN_nist_mod_224 yet].
PR: 1593
Andy Polyakov [Fri, 18 Apr 2008 15:47:30 +0000 (15:47 +0000)]
Resolve __DECC warning and keep disclaiming support for 16-bit platforms.
Andy Polyakov [Fri, 18 Apr 2008 15:40:57 +0000 (15:40 +0000)]
Fix remaining BN_nist_mod_*.
PR: 1593
Dr. Stephen Henson [Fri, 18 Apr 2008 11:18:20 +0000 (11:18 +0000)]
Make certs argument work in CMS_sign() add test case.
PR:1664
Lutz Jänicke [Fri, 18 Apr 2008 07:43:26 +0000 (07:43 +0000)]
Add missing 'extern "C" {' to some _err.h files in crypto/engines/
PR: 1609
Lutz Jänicke [Fri, 18 Apr 2008 06:35:55 +0000 (06:35 +0000)]
Another minor update from the mingw development
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>
Richard Levitte [Fri, 18 Apr 2008 06:04:03 +0000 (06:04 +0000)]
Synchronise with Unix.
Lutz Jänicke [Thu, 17 Apr 2008 14:15:27 +0000 (14:15 +0000)]
Fix incorrect return value in apps/apps.c:parse_yesno()
PR: 1607
Submitted by: "Christophe Macé" <mace.christophe@gmail.com>
Lutz Jänicke [Thu, 17 Apr 2008 13:36:13 +0000 (13:36 +0000)]
Correctly handle case of bad arguments supplied to rsautl
PR: 1659
Lutz Jänicke [Thu, 17 Apr 2008 10:19:16 +0000 (10:19 +0000)]
Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
Richard Levitte [Sat, 12 Apr 2008 08:41:05 +0000 (08:41 +0000)]
Further synchronisation with Unix build. I hadn't noticed pq_compat.h
was gone...
Richard Levitte [Sat, 12 Apr 2008 08:40:01 +0000 (08:40 +0000)]
Provide other forms for symbols that are too long or that clash with others