oweals/openssl.git
15 years agoUpdate from 1.0.0-stable.
Dr. Stephen Henson [Tue, 30 Jun 2009 11:22:25 +0000 (11:22 +0000)]
Update from 1.0.0-stable.

15 years agoPR: 1942
Dr. Stephen Henson [Sun, 28 Jun 2009 16:23:05 +0000 (16:23 +0000)]
PR: 1942
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Replace ad-hoc chain builder with X509_verify_cert().

15 years agoOops, moved too much.
Dr. Stephen Henson [Fri, 26 Jun 2009 23:56:10 +0000 (23:56 +0000)]
Oops, moved too much.

15 years agoPR: 1961
Dr. Stephen Henson [Fri, 26 Jun 2009 22:52:18 +0000 (22:52 +0000)]
PR: 1961
Submitted by: Martin Gerbershagen <martin.gerbershagen@nsn.com>
Approved by: steve@openssl.org

Avoid memory leak if RAND_bytes() fails.

15 years agoPR: 1949
Dr. Stephen Henson [Fri, 26 Jun 2009 15:02:01 +0000 (15:02 +0000)]
PR: 1949
Submitted by: David.Smith@cern.ch
Approved by: steve@openssl.org

When checking whether to flush the output BIO use BIO_CTRL_WPENDING instead
of BIO_CTRL_INFO. In most cases this will have no effect since the following
BIOs wont buffer. In the case of a following buffering BIO this will check
for any pending data in the whole chain and not just the single BIO.

See:
https://issues.apache.org/bugzilla/show_bug.cgi?id=46952
for a detailed analysis of this issue.

15 years agoUpdate from 1.0.0-stable.
Dr. Stephen Henson [Fri, 26 Jun 2009 11:34:22 +0000 (11:34 +0000)]
Update from 1.0.0-stable.

15 years agoFix from HEAD.
Dr. Stephen Henson [Thu, 25 Jun 2009 17:12:26 +0000 (17:12 +0000)]
Fix from HEAD.

15 years agoOoops, apply PR #1946 to 0.9.8 too.
Dr. Stephen Henson [Mon, 22 Jun 2009 10:32:27 +0000 (10:32 +0000)]
Ooops, apply PR #1946 to 0.9.8 too.

15 years agoFix broken config entries.
Dr. Stephen Henson [Wed, 17 Jun 2009 12:11:53 +0000 (12:11 +0000)]
Fix broken config entries.

15 years agoCorrect CHANGES entry.
Dr. Stephen Henson [Wed, 17 Jun 2009 11:58:17 +0000 (11:58 +0000)]
Correct CHANGES entry.

15 years agoPR: 1943
Dr. Stephen Henson [Wed, 17 Jun 2009 11:55:51 +0000 (11:55 +0000)]
PR: 1943
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org

Rename uni2asc and asc2uni on Netware to avoid a name clash.

15 years agoUpdate from 1.0.0-stable.
Dr. Stephen Henson [Wed, 17 Jun 2009 11:49:18 +0000 (11:49 +0000)]
Update from 1.0.0-stable.

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Wed, 17 Jun 2009 11:26:39 +0000 (11:26 +0000)]
Update from HEAD.

15 years agoPR: 1957
Dr. Stephen Henson [Tue, 16 Jun 2009 16:50:08 +0000 (16:50 +0000)]
PR: 1957
Submitted by: Mark Ashley <mark@ibiblio.org>
Reviewed by: steve@openssl.org

Quote FIPSLD_CC and CC in Makefiles.

15 years agoDon't check self-signed signature in X509_verify_cert(), the check just
Dr. Stephen Henson [Mon, 15 Jun 2009 14:52:38 +0000 (14:52 +0000)]
Don't check self-signed signature in X509_verify_cert(), the check just
wastes processing time and doesn't add any security.

15 years agoUpdate from 1.0.0-stable.
Dr. Stephen Henson [Fri, 5 Jun 2009 15:05:10 +0000 (15:05 +0000)]
Update from 1.0.0-stable.

15 years agoFix from 1.0.0-stable.
Dr. Stephen Henson [Fri, 5 Jun 2009 11:53:49 +0000 (11:53 +0000)]
Fix from 1.0.0-stable.

15 years agoPR: 1937
Dr. Stephen Henson [Tue, 2 Jun 2009 11:31:32 +0000 (11:31 +0000)]
PR: 1937
Submitted by: Mark Phalan <Mark.Phalan@Sun.COM>
Reviewed by: steve@openssl.org

Fix misuse of st_mode field in struct stat.

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Tue, 2 Jun 2009 11:23:51 +0000 (11:23 +0000)]
Update from HEAD.

15 years agoPR: 1939
Dr. Stephen Henson [Tue, 2 Jun 2009 11:19:54 +0000 (11:19 +0000)]
PR: 1939
Submitted by: Sean Boudreau <seanb@qnx.com>
Reviewed by: steve@openssl.org

Better QNX6 support.

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Tue, 2 Jun 2009 11:06:54 +0000 (11:06 +0000)]
Update from HEAD.

15 years agoUpdate changelog to show fix for PR1679 as per Tomas Hoger's testing:
Mark J. Cox [Tue, 2 Jun 2009 09:20:52 +0000 (09:20 +0000)]
Update changelog to show fix for PR1679 as per Tomas Hoger's testing:
http://thread.gmane.org/gmane.comp.security.oss.general/1769/focus=1814

15 years agoPR: 1944
Dr. Stephen Henson [Mon, 1 Jun 2009 12:18:21 +0000 (12:18 +0000)]
PR: 1944
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve@openssl.org

Fix gcc warning on mingw.

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Mon, 1 Jun 2009 12:14:53 +0000 (12:14 +0000)]
Update from HEAD.

15 years agoUse correct values for lookup method.
Dr. Stephen Henson [Fri, 29 May 2009 14:01:35 +0000 (14:01 +0000)]
Use correct values for lookup method.

15 years agoOops, forgot #endif...
Dr. Stephen Henson [Fri, 29 May 2009 12:09:07 +0000 (12:09 +0000)]
Oops, forgot #endif...

15 years agoUpdate from 1.0.0-stable.
Dr. Stephen Henson [Fri, 29 May 2009 12:00:22 +0000 (12:00 +0000)]
Update from 1.0.0-stable.

15 years agoUpdate ordinals.
Dr. Stephen Henson [Thu, 28 May 2009 20:47:59 +0000 (20:47 +0000)]
Update ordinals.

15 years agoAdd the corresponding CVE names to the CHANGES entry for 0.9.8 branch
Mark J. Cox [Tue, 26 May 2009 08:21:56 +0000 (08:21 +0000)]
Add the corresponding CVE names to the CHANGES entry for 0.9.8 branch

15 years agoAdd CHANGES entries for security relate issues PR#1923, PR#1930 and PR#1931.
Dr. Stephen Henson [Mon, 18 May 2009 17:34:16 +0000 (17:34 +0000)]
Add CHANGES entries for security relate issues PR#1923, PR#1930 and PR#1931.

15 years ago0.9.8 version of PR#1931 fix.
Dr. Stephen Henson [Mon, 18 May 2009 16:22:43 +0000 (16:22 +0000)]
0.9.8 version of PR#1931 fix.

15 years agoFix from 1.0.0-stable branch.
Dr. Stephen Henson [Mon, 18 May 2009 16:12:56 +0000 (16:12 +0000)]
Fix from 1.0.0-stable branch.

15 years agoFormatting fix.
Dr. Stephen Henson [Sun, 17 May 2009 16:48:19 +0000 (16:48 +0000)]
Formatting fix.

15 years agoModified PR#1929 update from 1.0.0-stable.
Dr. Stephen Henson [Sun, 17 May 2009 16:42:14 +0000 (16:42 +0000)]
Modified PR#1929 update from 1.0.0-stable.

15 years agoReverted fix to PR#1931.. breaks compilation in 0.9.8.
Dr. Stephen Henson [Sun, 17 May 2009 16:28:13 +0000 (16:28 +0000)]
Reverted fix to PR#1931.. breaks compilation in 0.9.8.

15 years agoUpdate from 1.0.0-stable
Dr. Stephen Henson [Sun, 17 May 2009 14:48:57 +0000 (14:48 +0000)]
Update from 1.0.0-stable

15 years agoStupid typo
Richard Levitte [Sun, 17 May 2009 07:22:18 +0000 (07:22 +0000)]
Stupid typo

15 years agoFix from 1.0.0-stable.
Dr. Stephen Henson [Sat, 16 May 2009 16:23:35 +0000 (16:23 +0000)]
Fix from 1.0.0-stable.

15 years agoUpdate from 1.0.0-stable.
Dr. Stephen Henson [Sat, 16 May 2009 16:18:45 +0000 (16:18 +0000)]
Update from 1.0.0-stable.

15 years agoUpdates from 1.0.0-stable.
Dr. Stephen Henson [Sat, 16 May 2009 15:51:59 +0000 (15:51 +0000)]
Updates from 1.0.0-stable.

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Fri, 15 May 2009 23:07:59 +0000 (23:07 +0000)]
Update from HEAD.

15 years agoFunctional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
Richard Levitte [Fri, 15 May 2009 16:37:29 +0000 (16:37 +0000)]
Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)

15 years agomake update
Richard Levitte [Fri, 15 May 2009 16:15:03 +0000 (16:15 +0000)]
make update

15 years agomake update
Richard Levitte [Fri, 15 May 2009 16:05:43 +0000 (16:05 +0000)]
make update

15 years agoHave mkdef.pl also handle VAX and Non-VAX differences for VMS
Richard Levitte [Fri, 15 May 2009 16:01:45 +0000 (16:01 +0000)]
Have mkdef.pl also handle VAX and Non-VAX differences for VMS

15 years agoAdd a comment about libeay.num and ssleay.num
Richard Levitte [Fri, 15 May 2009 16:00:11 +0000 (16:00 +0000)]
Add a comment about libeay.num and ssleay.num

15 years agoUpdate from 1.0.0-stable.
Dr. Stephen Henson [Wed, 13 May 2009 11:52:29 +0000 (11:52 +0000)]
Update from 1.0.0-stable.

15 years agoe_capi.c: update from HEAD.
Andy Polyakov [Tue, 5 May 2009 19:18:26 +0000 (19:18 +0000)]
e_capi.c: update from HEAD.

15 years agoUpdate from HEAD
Richard Levitte [Tue, 5 May 2009 08:48:02 +0000 (08:48 +0000)]
Update from HEAD

15 years agoUpdate from 1.0.0-stable.
Dr. Stephen Henson [Tue, 28 Apr 2009 22:02:16 +0000 (22:02 +0000)]
Update from 1.0.0-stable.

15 years agoUpdate from HEAD
Richard Levitte [Tue, 28 Apr 2009 13:11:05 +0000 (13:11 +0000)]
Update from HEAD

15 years agoFix to escape backslashes in prefix
Dr. Stephen Henson [Sun, 26 Apr 2009 15:51:44 +0000 (15:51 +0000)]
Fix to escape backslashes in prefix

15 years agoUpdate from 1.0.0-stable.
Dr. Stephen Henson [Wed, 22 Apr 2009 17:37:47 +0000 (17:37 +0000)]
Update from 1.0.0-stable.

15 years agoPR: 1751
Dr. Stephen Henson [Sun, 19 Apr 2009 18:08:12 +0000 (18:08 +0000)]
PR: 1751
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.

15 years agoUpdate .cvsignore
Dr. Stephen Henson [Sun, 19 Apr 2009 15:17:49 +0000 (15:17 +0000)]
Update .cvsignore

15 years agoTypo.
Dr. Stephen Henson [Sun, 19 Apr 2009 15:16:21 +0000 (15:16 +0000)]
Typo.

15 years agoPQGVer support.
Dr. Stephen Henson [Sun, 19 Apr 2009 14:04:55 +0000 (14:04 +0000)]
PQGVer support.

15 years agoMinor format change to match expected PQGVer format.
Dr. Stephen Henson [Sun, 19 Apr 2009 13:44:43 +0000 (13:44 +0000)]
Minor format change to match expected PQGVer format.

15 years agoAdd DES3 CFB1 mode tests.
Dr. Stephen Henson [Sat, 18 Apr 2009 22:41:46 +0000 (22:41 +0000)]
Add DES3 CFB1 mode tests.

15 years agoFixes to make DES3 cfb1 work.
Dr. Stephen Henson [Sat, 18 Apr 2009 22:41:17 +0000 (22:41 +0000)]
Fixes to make DES3 cfb1 work.

15 years agoUpdate from 1.0.0-stable.
Dr. Stephen Henson [Thu, 16 Apr 2009 16:43:18 +0000 (16:43 +0000)]
Update from 1.0.0-stable.

15 years agoPR: 1829
Dr. Stephen Henson [Tue, 14 Apr 2009 15:20:48 +0000 (15:20 +0000)]
PR: 1829
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timer bug fix from 1.0.0-stable with fixes.

15 years agoPR: 1647
Dr. Stephen Henson [Tue, 14 Apr 2009 14:28:33 +0000 (14:28 +0000)]
PR: 1647
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Renogotiation bug fix.

15 years agoFix from 1.0.0-stable.
Dr. Stephen Henson [Wed, 8 Apr 2009 15:58:26 +0000 (15:58 +0000)]
Fix from 1.0.0-stable.

15 years agoSubmitted by: Darryl Miles <darryl-mailinglists@netbauds.net>
Dr. Stephen Henson [Tue, 7 Apr 2009 16:28:30 +0000 (16:28 +0000)]
Submitted by:  Darryl Miles <darryl-mailinglists@netbauds.net>
Approved by: steve@openssl.org

Handle non-blocking I/O properly in SSL_shutdown() call.

15 years agoPR: 1795
Dr. Stephen Henson [Tue, 7 Apr 2009 12:10:12 +0000 (12:10 +0000)]
PR: 1795
Submitted by: Peter Edwards <peter.edwards@vordel.com>
Approved by: steve@openssl.org

Avoid race condition by sorting cipher list straight away.

15 years agoPR: 1700
Dr. Stephen Henson [Fri, 3 Apr 2009 16:54:04 +0000 (16:54 +0000)]
PR: 1700
Submitted by: "Robbins, Aharon" <aharon.robbins@intel.com>
Approved by: steve@openssl.org

#undef X509_EXTENSIONS for WIN32 too.

15 years agoUpdate from 1.0.0-stable
Dr. Stephen Henson [Fri, 3 Apr 2009 16:28:20 +0000 (16:28 +0000)]
Update from 1.0.0-stable

15 years agoPR: 1616
Dr. Stephen Henson [Fri, 3 Apr 2009 11:36:49 +0000 (11:36 +0000)]
PR: 1616
Submitted by: Dequin_Eric@emc.com
Approved by: steve@openssl.org

Check tree->levels to ensure malloc worked.

15 years agoPR: 1827
Dr. Stephen Henson [Thu, 2 Apr 2009 22:34:59 +0000 (22:34 +0000)]
PR: 1827
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix application data in handshake bug.

15 years agoPR: 1828
Dr. Stephen Henson [Thu, 2 Apr 2009 22:32:16 +0000 (22:32 +0000)]
PR: 1828
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS retransmission bug.

15 years agoPR: 1826
Dr. Stephen Henson [Thu, 2 Apr 2009 22:28:35 +0000 (22:28 +0000)]
PR: 1826
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Client random bug fix.

15 years agoOoops, revert patch... due to non-portable gettimeofday call.
Dr. Stephen Henson [Thu, 2 Apr 2009 22:19:07 +0000 (22:19 +0000)]
Ooops, revert patch... due to non-portable gettimeofday call.

15 years agoPR: 1829
Dr. Stephen Henson [Thu, 2 Apr 2009 22:16:02 +0000 (22:16 +0000)]
PR: 1829
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timer bug fix.

15 years agoPR: 1838
Dr. Stephen Henson [Thu, 2 Apr 2009 22:12:13 +0000 (22:12 +0000)]
PR: 1838
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS fragment bug.

15 years agoTypo.
Dr. Stephen Henson [Wed, 25 Mar 2009 22:22:42 +0000 (22:22 +0000)]
Typo.

15 years agoSubmitted by: Ilya O. <vrghost@gmail.com>
Dr. Stephen Henson [Wed, 25 Mar 2009 19:01:03 +0000 (19:01 +0000)]
Submitted by: Ilya O. <vrghost@gmail.com>
Approved by: steve@openssl.org

Add 2.5.4.* OIDs.

15 years agoPrepare for next version.
Dr. Stephen Henson [Wed, 25 Mar 2009 13:02:49 +0000 (13:02 +0000)]
Prepare for next version.

15 years agoAaargh.... wrong version number....
Dr. Stephen Henson [Wed, 25 Mar 2009 12:08:14 +0000 (12:08 +0000)]
Aaargh.... wrong version number....

15 years agoMake update.
Dr. Stephen Henson [Wed, 25 Mar 2009 10:59:22 +0000 (10:59 +0000)]
Make update.

15 years agoPrepare for 0.9.8k release.
Dr. Stephen Henson [Wed, 25 Mar 2009 10:46:56 +0000 (10:46 +0000)]
Prepare for 0.9.8k release.

15 years agoPR: 1868
Dr. Stephen Henson [Wed, 25 Mar 2009 10:42:34 +0000 (10:42 +0000)]
PR: 1868
Submitted by: Paolo Ganci <Paolo.Ganci@AdNovum.CH>
Approved by: steve@openssl.org

Don't set fields to NULL when freeing them up in ASN1 code. On some platforms
with sizeof(long) < sizeof(char *) this can cause a crash.

15 years agoSubmitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Dr. Stephen Henson [Wed, 25 Mar 2009 10:40:32 +0000 (10:40 +0000)]
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Approved by: steve@openssl.org

Check return code properly in CMS_SignerInfo_verify_content().

15 years agoReject BMPStrings and UniversalStrings of invalid length. This prevents
Dr. Stephen Henson [Wed, 25 Mar 2009 10:35:57 +0000 (10:35 +0000)]
Reject BMPStrings and UniversalStrings of invalid length. This prevents
a crash in ASN1_STRING_print_ex() which assumes they are valid.

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Mon, 23 Mar 2009 21:11:50 +0000 (21:11 +0000)]
Update from HEAD.

15 years agodes_enc.m4, SPARC DES assembler, update from HEAD: make it Purify-friendly.
Andy Polyakov [Mon, 16 Mar 2009 13:43:43 +0000 (13:43 +0000)]
des_enc.m4, SPARC DES assembler, update from HEAD: make it Purify-friendly.
As side effect it introduces duplicate of 2KB DES_SPtrans table.

15 years agoOops.
Dr. Stephen Henson [Sun, 15 Mar 2009 14:03:29 +0000 (14:03 +0000)]
Oops.

15 years agoDon't force S/MIME signing purpose: allow it to be overridden by store
Dr. Stephen Henson [Sun, 15 Mar 2009 13:36:01 +0000 (13:36 +0000)]
Don't force S/MIME signing purpose: allow it to be overridden by store
settings.

Don't set default values in X509_VERIFY_PARAM_new(): it stops parameters
being inherited properly.

15 years agoPermit nested ASN1 string encoding but with a maximum depth to avoid
Dr. Stephen Henson [Sat, 14 Mar 2009 18:33:25 +0000 (18:33 +0000)]
Permit nested ASN1 string encoding but with a maximum depth to avoid
stack overflow.

15 years agoUpdate from HEAD.
Dr. Stephen Henson [Sat, 14 Mar 2009 12:40:46 +0000 (12:40 +0000)]
Update from HEAD.

15 years agoPR: 1863
Dr. Stephen Henson [Sat, 14 Mar 2009 12:26:03 +0000 (12:26 +0000)]
PR: 1863
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Reviewed by: steve@openssl.org

Check return value, use OPENSSL_assert and unsigned int.

15 years agoPR: 1846
Dr. Stephen Henson [Sat, 14 Mar 2009 12:07:42 +0000 (12:07 +0000)]
PR: 1846
Submitted by: Andrea Schoenberg <asg@ftpproxy.org>
Reviewed by: steve@openssl.org

Fix for HP Nonstop(Tandem) systems.

15 years agoFix from HEAD.
Dr. Stephen Henson [Thu, 12 Mar 2009 17:31:18 +0000 (17:31 +0000)]
Fix from HEAD.

15 years agoUpdate from head.
Dr. Stephen Henson [Thu, 12 Mar 2009 17:13:44 +0000 (17:13 +0000)]
Update from head.

15 years agoPR: 1861
Dr. Stephen Henson [Thu, 12 Mar 2009 17:09:46 +0000 (17:09 +0000)]
PR: 1861

l must be > 0 or array will be accessed out of bounds.

15 years agoPR: 1856
Dr. Stephen Henson [Mon, 9 Mar 2009 13:07:16 +0000 (13:07 +0000)]
PR: 1856

Check return value of PKCS12_add_safes()

15 years agoPR: 1859
Dr. Stephen Henson [Mon, 9 Mar 2009 12:17:56 +0000 (12:17 +0000)]
PR: 1859
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Don't affect echo on/off state for calling scripts.

15 years agoPR: 1860
Dr. Stephen Henson [Mon, 9 Mar 2009 12:14:08 +0000 (12:14 +0000)]
PR: 1860
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openss.org

Make Windows build more silent.

15 years agoPR: 1858
Dr. Stephen Henson [Mon, 9 Mar 2009 12:09:03 +0000 (12:09 +0000)]
PR: 1858
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Make OPENSSL_NO_SOCK work.

15 years agoPR: 1857
Dr. Stephen Henson [Mon, 9 Mar 2009 12:06:23 +0000 (12:06 +0000)]
PR: 1857
Submitted by: Jurko GospodnetiÄ\87 <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Make OPENSSL_NO_FP_API work again.