Dr. Stephen Henson [Wed, 6 Apr 2011 18:06:54 +0000 (18:06 +0000)]
check buffer is larger enough before overwriting
Dr. Stephen Henson [Sun, 3 Apr 2011 17:14:48 +0000 (17:14 +0000)]
PR: 2462
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS Retransmission Buffer Bug
Dr. Stephen Henson [Sun, 3 Apr 2011 16:25:54 +0000 (16:25 +0000)]
PR: 2458
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Don't change state when answering DTLS ClientHello.
Dr. Stephen Henson [Sun, 3 Apr 2011 15:48:32 +0000 (15:48 +0000)]
PR: 2457
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS fragment reassembly bug.
Richard Levitte [Fri, 25 Mar 2011 16:21:08 +0000 (16:21 +0000)]
Corrections to the VMS build system.
Submitted by Steven M. Schweda <sms@antinode.info>
Dr. Stephen Henson [Fri, 25 Mar 2011 15:07:18 +0000 (15:07 +0000)]
make some non-VMS builds work again
Richard Levitte [Fri, 25 Mar 2011 09:39:46 +0000 (09:39 +0000)]
For VMS, implement the possibility to choose 64-bit pointers with
different options:
"64" The build system will choose /POINTER_SIZE=64=ARGV if
the compiler supports it, otherwise /POINTER_SIZE=64.
"64=" The build system will force /POINTER_SIZE=64.
"64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.
Richard Levitte [Wed, 23 Mar 2011 00:06:04 +0000 (00:06 +0000)]
make update (1.0.1-stable)
This meant a slight renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable. However, since there's been no release on
this branch yet, it should be harmless.
Richard Levitte [Tue, 22 Mar 2011 23:54:15 +0000 (23:54 +0000)]
* util/mkdef.pl: Add crypto/o_str.h and crypto/o_time.h. Maybe some
more need to be added...
Richard Levitte [Sun, 20 Mar 2011 17:34:06 +0000 (17:34 +0000)]
* apps/makeapps.com: Add srp.
Richard Levitte [Sun, 20 Mar 2011 14:01:49 +0000 (14:01 +0000)]
* apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV
with turning trapping back on.
* test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV
here.
* test/clean-test.com: A new script for cleaning up.
Richard Levitte [Sun, 20 Mar 2011 14:01:18 +0000 (14:01 +0000)]
file clean_test.com was added on branch OpenSSL_1_0_1-stable on 2011-03-20 14:01:48 +0000
Richard Levitte [Sun, 20 Mar 2011 13:15:37 +0000 (13:15 +0000)]
* apps/openssl.c: For VMS, take care of copying argv if needed much earlier,
directly in main(). 'if needed' also includes when argv is a 32 bit
pointer in an otherwise 64 bit environment.
* apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional
=ARGV, but only if it's supported. Fortunately, DCL is very helpful
telling us in this case.
Richard Levitte [Sat, 19 Mar 2011 11:03:41 +0000 (11:03 +0000)]
A few more long symbols needing shortening.
Richard Levitte [Sat, 19 Mar 2011 10:46:21 +0000 (10:46 +0000)]
Keep file references in the VMS build files in the same order as they
are in the Unix Makefiles, and add SRP tests.
Richard Levitte [Sat, 19 Mar 2011 09:55:35 +0000 (09:55 +0000)]
SRP was introduced, add it for OpenVMS.
Richard Levitte [Sat, 19 Mar 2011 09:54:47 +0000 (09:54 +0000)]
A few more symbols that need shorter versions on OpenVMS.
Richard Levitte [Sat, 19 Mar 2011 09:48:15 +0000 (09:48 +0000)]
Change INSTALL.VMS to reflect the changes done on the build and
install scripts. This could need some more work.
Richard Levitte [Sat, 19 Mar 2011 09:47:47 +0000 (09:47 +0000)]
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>
Richard Levitte [Sat, 19 Mar 2011 09:44:39 +0000 (09:44 +0000)]
file install-ssl.com was added on branch OpenSSL_1_0_1-stable on 2011-03-19 09:47:33 +0000
Richard Levitte [Sat, 19 Mar 2011 09:44:30 +0000 (09:44 +0000)]
file vms_rms.h was added on branch OpenSSL_1_0_1-stable on 2011-03-19 09:47:25 +0000
Richard Levitte [Sat, 19 Mar 2011 09:44:29 +0000 (09:44 +0000)]
file install-crypto.com was added on branch OpenSSL_1_0_1-stable on 2011-03-19 09:47:25 +0000
Richard Levitte [Sat, 19 Mar 2011 09:44:27 +0000 (09:44 +0000)]
file vms_decc_init.c was added on branch OpenSSL_1_0_1-stable on 2011-03-19 09:47:21 +0000
Richard Levitte [Sat, 19 Mar 2011 09:44:26 +0000 (09:44 +0000)]
file install-apps.com was added on branch OpenSSL_1_0_1-stable on 2011-03-19 09:47:21 +0000
Richard Levitte [Sat, 19 Mar 2011 09:44:25 +0000 (09:44 +0000)]
file openssl_undo.com was added on branch OpenSSL_1_0_1-stable on 2011-03-19 09:47:19 +0000
Richard Levitte [Sat, 19 Mar 2011 09:44:24 +0000 (09:44 +0000)]
file openssl_startup.com was added on branch OpenSSL_1_0_1-stable on 2011-03-19 09:47:19 +0000
Richard Levitte [Sat, 19 Mar 2011 09:44:23 +0000 (09:44 +0000)]
file install-vms.com was added on branch OpenSSL_1_0_1-stable on 2011-03-19 09:47:19 +0000
Dr. Stephen Henson [Wed, 16 Mar 2011 16:55:12 +0000 (16:55 +0000)]
Fix SRP error codes (from HEAD).
Ben Laurie [Wed, 16 Mar 2011 11:26:40 +0000 (11:26 +0000)]
Add SRP.
Dr. Stephen Henson [Sun, 13 Mar 2011 18:20:23 +0000 (18:20 +0000)]
PR: 2469
Submitted by: Jim Studt <jim@studt.net>
Reviewed by: steve
Check mac is present before trying to retrieve mac iteration count.
Dr. Stephen Henson [Sat, 12 Mar 2011 17:05:58 +0000 (17:05 +0000)]
Remove redundant check to stop compiler warning.
Ben Laurie [Sat, 12 Mar 2011 12:18:34 +0000 (12:18 +0000)]
Fix warning.
Dr. Stephen Henson [Thu, 10 Mar 2011 18:27:13 +0000 (18:27 +0000)]
make no-dsa work again
Andy Polyakov [Fri, 4 Mar 2011 13:13:04 +0000 (13:13 +0000)]
s390x-mont.pl: optimize for z196.
Andy Polyakov [Sat, 12 Feb 2011 16:47:12 +0000 (16:47 +0000)]
dso_dlfcn.c: make it work on Tru64 4.0 [from HEAD].
Bodo Möller [Tue, 8 Feb 2011 19:08:32 +0000 (19:08 +0000)]
Sync with 1.0.0 branch.
(CVE-2011-0014 OCSP stapling fix has been applied to the 1.0.1 branch as well.)
Bodo Möller [Tue, 8 Feb 2011 17:48:41 +0000 (17:48 +0000)]
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
Bodo Möller [Tue, 8 Feb 2011 08:48:34 +0000 (08:48 +0000)]
Synchronize with 1.0.0 branch
Dr. Stephen Henson [Thu, 3 Feb 2011 14:58:02 +0000 (14:58 +0000)]
add -stripcr option to copy.pl from 0.9.8
Bodo Möller [Thu, 3 Feb 2011 12:03:57 +0000 (12:03 +0000)]
Assorted bugfixes:
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check
Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
Bodo Möller [Thu, 3 Feb 2011 11:19:52 +0000 (11:19 +0000)]
fix omission
Bodo Möller [Thu, 3 Feb 2011 10:42:00 +0000 (10:42 +0000)]
CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)
Dr. Stephen Henson [Tue, 1 Feb 2011 12:53:47 +0000 (12:53 +0000)]
Since FIPS 186-3 specifies we use the leftmost bits of the digest
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
Dr. Stephen Henson [Sun, 30 Jan 2011 01:55:29 +0000 (01:55 +0000)]
stop warnings about no previous prototype when compiling shared engines
Dr. Stephen Henson [Wed, 26 Jan 2011 14:55:23 +0000 (14:55 +0000)]
FIPS mode changes to make RNG compile (this will need updating later as we
need a whole new PRNG for FIPS).
1. avoid use of ERR_peek().
2. If compiling with FIPS use small FIPS EVP and disable ENGINE
Dr. Stephen Henson [Wed, 26 Jan 2011 12:25:51 +0000 (12:25 +0000)]
FIPS_allow_md5() no longer exists and is no longer required
Richard Levitte [Wed, 26 Jan 2011 06:32:22 +0000 (06:32 +0000)]
Add rsa_crpt
Dr. Stephen Henson [Tue, 25 Jan 2011 17:43:20 +0000 (17:43 +0000)]
Move RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate
crypto and ENGINE dependencies in RSA library.
Dr. Stephen Henson [Tue, 25 Jan 2011 17:10:42 +0000 (17:10 +0000)]
Move BN_options function to bn_print.c to remove dependency for BIO printf
routines from bn_lib.c
Dr. Stephen Henson [Tue, 25 Jan 2011 16:55:27 +0000 (16:55 +0000)]
Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of
DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().
Dr. Stephen Henson [Tue, 25 Jan 2011 16:02:27 +0000 (16:02 +0000)]
recalculate DSA signature if r or s is zero (FIPS 186-3 requirement)
Dr. Stephen Henson [Mon, 24 Jan 2011 16:20:05 +0000 (16:20 +0000)]
PR: 2433
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve
Constify ASN1_STRING_set_default_mask_asc().
Dr. Stephen Henson [Mon, 24 Jan 2011 16:09:57 +0000 (16:09 +0000)]
New function EC_KEY_set_affine_coordinates() this performs all the
NIST PKV tests.
Dr. Stephen Henson [Mon, 24 Jan 2011 15:07:47 +0000 (15:07 +0000)]
check EC public key isn't point at infinity
Dr. Stephen Henson [Mon, 24 Jan 2011 14:41:49 +0000 (14:41 +0000)]
PR: 1612
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve
Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
Dr. Stephen Henson [Wed, 19 Jan 2011 14:46:42 +0000 (14:46 +0000)]
Add additional parameter to dsa_builtin_paramgen to output the generated
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.
The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
Dr. Stephen Henson [Fri, 14 Jan 2011 15:13:59 +0000 (15:13 +0000)]
add va_list version of ERR_add_error_data
Dr. Stephen Henson [Thu, 13 Jan 2011 15:42:47 +0000 (15:42 +0000)]
stop warning with no-engine
Richard Levitte [Mon, 10 Jan 2011 20:55:27 +0000 (20:55 +0000)]
PR: 2425
Synchronise VMS build with Unixly build.
Dr. Stephen Henson [Sun, 9 Jan 2011 13:30:58 +0000 (13:30 +0000)]
add buf_str.c file
Dr. Stephen Henson [Sun, 9 Jan 2011 13:30:34 +0000 (13:30 +0000)]
move some string utilities to buf_str.c to reduce some dependencies (from 0.9.8 branch).
Dr. Stephen Henson [Sun, 9 Jan 2011 13:22:47 +0000 (13:22 +0000)]
add X9.31 prime generation routines from 0.9.8 branch
Richard Levitte [Thu, 6 Jan 2011 20:56:04 +0000 (20:56 +0000)]
PR: 2407
Fix fault include.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
Dr. Stephen Henson [Tue, 4 Jan 2011 19:39:42 +0000 (19:39 +0000)]
Don't use decryption_failed alert for TLS v1.1 or later.
Dr. Stephen Henson [Tue, 4 Jan 2011 19:33:30 +0000 (19:33 +0000)]
Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
alert.
Dr. Stephen Henson [Mon, 3 Jan 2011 12:52:11 +0000 (12:52 +0000)]
oops missed an assert
Dr. Stephen Henson [Mon, 3 Jan 2011 01:40:45 +0000 (01:40 +0000)]
PR: 2411
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Fix corner cases in RFC3779 code.
Dr. Stephen Henson [Mon, 3 Jan 2011 01:30:58 +0000 (01:30 +0000)]
Fix escaping code for string printing. If *any* escaping is enabled we
must escape the escape character itself (backslash).
Dr. Stephen Henson [Mon, 3 Jan 2011 01:22:27 +0000 (01:22 +0000)]
PR: 2410
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Use OPENSSL_assert() instead of assert().
Dr. Stephen Henson [Mon, 3 Jan 2011 01:07:20 +0000 (01:07 +0000)]
PR: 2413
Submitted by: Michael Bergandi <mbergandi@gmail.com>
Reviewed by: steve
Fix typo in crypto/bio/bss_dgram.c
Dr. Stephen Henson [Mon, 3 Jan 2011 00:26:21 +0000 (00:26 +0000)]
PR: 2416
Submitted by: Mark Phalan <mark.phalan@oracle.com>
Reviewed by: steve
Use L suffix in version number.
Richard Levitte [Tue, 14 Dec 2010 21:44:33 +0000 (21:44 +0000)]
Part of the IF structure didn't get pasted here...
PR: 2393
Richard Levitte [Tue, 14 Dec 2010 19:18:58 +0000 (19:18 +0000)]
First attempt at adding the possibility to set the pointer size for the builds on VMS.
PR: 2393
Andy Polyakov [Sat, 11 Dec 2010 14:54:48 +0000 (14:54 +0000)]
bss_file.c: refine UTF8 logic [from HEAD].
PR: 2382
Dr. Stephen Henson [Fri, 3 Dec 2010 19:31:23 +0000 (19:31 +0000)]
ignore leading null fields
Dr. Stephen Henson [Thu, 2 Dec 2010 19:56:03 +0000 (19:56 +0000)]
update FAQ
Dr. Stephen Henson [Thu, 2 Dec 2010 18:02:14 +0000 (18:02 +0000)]
PR: 2386
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve
Correct SKM_ASN1_SET_OF_d2i macro.
Dr. Stephen Henson [Thu, 2 Dec 2010 13:45:25 +0000 (13:45 +0000)]
fix doc typos
Dr. Stephen Henson [Thu, 2 Dec 2010 00:11:21 +0000 (00:11 +0000)]
use consistent FAQ between version
Andy Polyakov [Tue, 30 Nov 2010 22:18:46 +0000 (22:18 +0000)]
Configure: make -mno-cygwin optional on mingw platforms [from HEAD].
PR: 2381
Dr. Stephen Henson [Tue, 30 Nov 2010 19:45:31 +0000 (19:45 +0000)]
PR: 2385
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve
Zero key->pkey.ptr after it is freed so the structure can be reused.
Richard Levitte [Mon, 29 Nov 2010 22:27:18 +0000 (22:27 +0000)]
Better method for creating SSLROOT:.
Make sure to include the path to evptest.txt.
Dr. Stephen Henson [Mon, 29 Nov 2010 18:33:28 +0000 (18:33 +0000)]
apply J-PKAKE fix to HEAD (original by Ben)
Dr. Stephen Henson [Sat, 27 Nov 2010 17:35:56 +0000 (17:35 +0000)]
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
EVP_MD_CTX was much larger: it isn't needed anymore.
Dr. Stephen Henson [Thu, 25 Nov 2010 12:27:39 +0000 (12:27 +0000)]
PR: 2240
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve
As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.
Dr. Stephen Henson [Thu, 25 Nov 2010 11:51:46 +0000 (11:51 +0000)]
using_ecc doesn't just apply to TLSv1
Dr. Stephen Henson [Wed, 24 Nov 2010 16:07:45 +0000 (16:07 +0000)]
add "missing" functions to copy EVP_PKEY_METHOD and examine info
Dr. Stephen Henson [Wed, 24 Nov 2010 13:17:48 +0000 (13:17 +0000)]
use generalised mac API for SSL key generation
Dr. Stephen Henson [Wed, 24 Nov 2010 13:14:03 +0000 (13:14 +0000)]
constify EVP_PKEY_new_mac_key()
Andy Polyakov [Tue, 23 Nov 2010 23:01:22 +0000 (23:01 +0000)]
INSTALL.W32: document trouble with symlinks under MSYS [from HEAD].
PR: 2377
Richard Levitte [Tue, 23 Nov 2010 02:12:14 +0000 (02:12 +0000)]
Implement bc test strategy as submitted by Steven M. Schweda <sms@antinode.info>.
Make sure we move to '__here' before trying to use it to build local sslroot:
Richard Levitte [Tue, 23 Nov 2010 01:06:13 +0000 (01:06 +0000)]
Print openssl version information at the end of the tests
Richard Levitte [Tue, 23 Nov 2010 01:05:32 +0000 (01:05 +0000)]
Give the architecture dependent directory higher priority
Richard Levitte [Tue, 23 Nov 2010 01:04:07 +0000 (01:04 +0000)]
Don't define an empty CFLAGS, it's much more honest not to defined it at all.
Make sure to remove any [.CRYTO]BUILDINF.H so it doesn't get used instead of
[.CRYPTO._''ARCH'BUILDINF.H
Richard Levitte [Mon, 22 Nov 2010 23:42:48 +0000 (23:42 +0000)]
* tests.com: Add the symbol openssl_conf, so the openssl application
stops complaining about a missing configuration file. Define the logical
name PERL_ENV_TABLES with values to Perl considers the DCL symbol table
as part of the environment (see 'man perlvms' for details), so cms-test.pl
can get the value of EXE_DIR from tests.com, among others.
* cms-test.pl: Make changes to have it work on VMS as well. Upper or mixed
case options need to be quoted and the openssl command needs a VMS-specific
treatment. It all should work properly on Unix, I hope it does on Windows
as well...
Andy Polyakov [Mon, 22 Nov 2010 21:57:29 +0000 (21:57 +0000)]
s390x.S: fix typo in bn_mul_words [from HEAD].
PR: 2380
Dr. Stephen Henson [Fri, 19 Nov 2010 00:11:44 +0000 (00:11 +0000)]
PR: 2376
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve
Cleanup alloca use, fix Win32 target for OpenWatcom.
Dr. Stephen Henson [Thu, 18 Nov 2010 22:59:53 +0000 (22:59 +0000)]
PR: 2375
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve
cleanup/fix e_aep.c for OpenWatcom
Dr. Stephen Henson [Thu, 18 Nov 2010 22:56:53 +0000 (22:56 +0000)]
PR: 2374
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve
Don't compile capi ENGINE on mingw32
Richard Levitte [Thu, 18 Nov 2010 22:46:55 +0000 (22:46 +0000)]
Tell the user what test is being performed.