Dr. Stephen Henson [Wed, 22 Oct 2008 18:48:50 +0000 (18:48 +0000)]
Sync OIDS with HEAD.
Lutz Jänicke [Wed, 22 Oct 2008 06:46:13 +0000 (06:46 +0000)]
Allow detection of input EOF in quiet mode by adding -no_ign_eof option
to s_client application.
PR: #1761
Submitted by: David Woodhouse <dwmw2@infradead.org>
Lutz Jänicke [Mon, 20 Oct 2008 12:53:33 +0000 (12:53 +0000)]
Add missing "-d" to option list of openssl version.
Submitted by: Alex Chen <alex_chen@filemaker.com>
Lutz Jänicke [Mon, 20 Oct 2008 12:40:20 +0000 (12:40 +0000)]
Armor pq_compat.h header file against multiple inclusion
Submitted by: Alex Chen <alex_chen@filemaker.com>
Ben Laurie [Mon, 20 Oct 2008 09:26:04 +0000 (09:26 +0000)]
Distinguish public/private data more clearly.
Ben Laurie [Sun, 19 Oct 2008 15:34:13 +0000 (15:34 +0000)]
Ignore executable.
Ben Laurie [Sun, 19 Oct 2008 15:33:32 +0000 (15:33 +0000)]
Add J-PAKE demo.
Ben Laurie [Sat, 18 Oct 2008 14:27:36 +0000 (14:27 +0000)]
Constification.
Ben Laurie [Tue, 14 Oct 2008 19:21:30 +0000 (19:21 +0000)]
Set the comparison function in v3_addr_canonize().
Ben Laurie [Tue, 14 Oct 2008 19:09:47 +0000 (19:09 +0000)]
Add XMPP STARTTLS support.
Ben Laurie [Tue, 14 Oct 2008 19:05:02 +0000 (19:05 +0000)]
Fix warnings.
Lutz Jänicke [Mon, 13 Oct 2008 06:43:06 +0000 (06:43 +0000)]
Firstly, the bitmap we use for replay protection was ending up with zero
length, so a _single_ pair of packets getting switched around would
cause one of them to be 'dropped'.
Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>
Lutz Jänicke [Fri, 10 Oct 2008 10:41:32 +0000 (10:41 +0000)]
When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().
The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>
Lutz Jänicke [Mon, 6 Oct 2008 10:35:29 +0000 (10:35 +0000)]
Fix incorrect command for assember file generation on IA64
Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>
Dr. Stephen Henson [Thu, 25 Sep 2008 16:38:07 +0000 (16:38 +0000)]
Check for errors in ASN1 sign and verify routines.
Andy Polyakov [Tue, 23 Sep 2008 17:34:08 +0000 (17:34 +0000)]
Fix EC_KEY_check_key [from HEAD].
Dr. Stephen Henson [Tue, 23 Sep 2008 11:21:17 +0000 (11:21 +0000)]
Typo.
Bodo Möller [Mon, 22 Sep 2008 21:22:51 +0000 (21:22 +0000)]
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.
Dr. Stephen Henson [Sun, 21 Sep 2008 11:40:36 +0000 (11:40 +0000)]
Fix warnings when more pedantic "debuge-steve32" target is used.
Dr. Stephen Henson [Sun, 21 Sep 2008 11:21:43 +0000 (11:21 +0000)]
Camellia low level API algorithm blocking.
Dr. Stephen Henson [Sun, 21 Sep 2008 10:24:08 +0000 (10:24 +0000)]
Make camellia work with updated EVP macros.
Dr. Stephen Henson [Thu, 18 Sep 2008 12:13:54 +0000 (12:13 +0000)]
Add do_fips.bat WIN32 build script. Update version in Configure.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:56:09 +0000 (11:56 +0000)]
Build montgomery ASM file on WIN32.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:45:30 +0000 (11:45 +0000)]
Merge FIPS changes to VC-32 build system.
Dr. Stephen Henson [Thu, 18 Sep 2008 11:20:08 +0000 (11:20 +0000)]
Add extra utilities from FIPS branch.
Dr. Stephen Henson [Wed, 17 Sep 2008 17:21:31 +0000 (17:21 +0000)]
Add FIPS changes to mk1mf.pl
Dr. Stephen Henson [Wed, 17 Sep 2008 17:12:53 +0000 (17:12 +0000)]
Update defs.
Dr. Stephen Henson [Wed, 17 Sep 2008 17:11:09 +0000 (17:11 +0000)]
Make update: delete duplicate error code.
Dr. Stephen Henson [Wed, 17 Sep 2008 16:58:01 +0000 (16:58 +0000)]
Update some util files to recognize new FIPS directories.
Dr. Stephen Henson [Wed, 17 Sep 2008 16:27:50 +0000 (16:27 +0000)]
Add missing files.
Dr. Stephen Henson [Wed, 17 Sep 2008 15:56:42 +0000 (15:56 +0000)]
Updates to build system from FIPS branch. Make fipscanisterbuild work and
build FIPS test programs.
Dr. Stephen Henson [Wed, 17 Sep 2008 15:53:59 +0000 (15:53 +0000)]
Add RSA update from FIPS branch that got omitted....
Dr. Stephen Henson [Wed, 17 Sep 2008 15:07:41 +0000 (15:07 +0000)]
Don't change NUM_LOCKS value for non-FIPS builds.
Dr. Stephen Henson [Tue, 16 Sep 2008 22:54:30 +0000 (22:54 +0000)]
Add missing files.
Dr. Stephen Henson [Tue, 16 Sep 2008 22:48:18 +0000 (22:48 +0000)]
Add missing files.
Dr. Stephen Henson [Tue, 16 Sep 2008 21:44:57 +0000 (21:44 +0000)]
Merge changes to build system from fips branch.
Dr. Stephen Henson [Tue, 16 Sep 2008 15:14:55 +0000 (15:14 +0000)]
FIPS merge of test changes: make sure key sizes are 1024 bits.
Dr. Stephen Henson [Tue, 16 Sep 2008 15:11:50 +0000 (15:11 +0000)]
FIPS merge "crypto" functions.
Dr. Stephen Henson [Tue, 16 Sep 2008 14:55:26 +0000 (14:55 +0000)]
Merge public key FIPS code, RSA, DSA, DH.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:52:33 +0000 (11:52 +0000)]
Add missing file.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:50:05 +0000 (11:50 +0000)]
RAND library FIPS merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:37:03 +0000 (11:37 +0000)]
conf/hmac FIPS merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:26:29 +0000 (11:26 +0000)]
ERR library FIPS merge. Reorganise functions and add FIPS error
definitions.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:17:48 +0000 (11:17 +0000)]
FIPS des library merge.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:08:24 +0000 (11:08 +0000)]
Part FIPS bn merge: move functiosn to bn_opt.c to reduce dependencies.
Dr. Stephen Henson [Tue, 16 Sep 2008 11:02:19 +0000 (11:02 +0000)]
Add missing RC4 algorithm block source file.
Dr. Stephen Henson [Tue, 16 Sep 2008 10:47:28 +0000 (10:47 +0000)]
Merge FIPS low level algorithm blocking code. Give hard errors if non-FIPS
algorithms are use in FIPS mode using low level API. No effect in non-FIPS
mode.
Dr. Stephen Henson [Tue, 16 Sep 2008 10:12:23 +0000 (10:12 +0000)]
Merge fips directory from FIPS branch.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:32:23 +0000 (22:32 +0000)]
Oops, restore change that got reverted accidentally.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:24:39 +0000 (22:24 +0000)]
Merge apps changes from FIPS branch.
Dr. Stephen Henson [Mon, 15 Sep 2008 22:21:42 +0000 (22:21 +0000)]
Merge EVP changes in from FIPS branch.
Dr. Stephen Henson [Mon, 15 Sep 2008 21:42:28 +0000 (21:42 +0000)]
Port X931 key generation routines from FIPS branch. Don't include deprecated
versions as they weren't in 0.9.8 before now anyway.
Bodo Möller [Mon, 15 Sep 2008 20:39:32 +0000 (20:39 +0000)]
Fix intendation
Bodo Möller [Mon, 15 Sep 2008 20:34:13 +0000 (20:34 +0000)]
Now that we're changing the 0.9.8i CHANGES anyway, reorder them
according to the usual convention (reverse chronological order)
Dr. Stephen Henson [Mon, 15 Sep 2008 20:28:58 +0000 (20:28 +0000)]
Add missing CHANGES entry.
Bodo Möller [Mon, 15 Sep 2008 20:27:47 +0000 (20:27 +0000)]
update
Dr. Stephen Henson [Mon, 15 Sep 2008 20:16:04 +0000 (20:16 +0000)]
pkcs12 FIPS changes.
Dr. Stephen Henson [Mon, 15 Sep 2008 19:56:12 +0000 (19:56 +0000)]
Merge minor FIPS branch changes: buffer, objects, pem, x509.
Dr. Stephen Henson [Mon, 15 Sep 2008 15:30:20 +0000 (15:30 +0000)]
Prepare for next version...
Dr. Stephen Henson [Mon, 15 Sep 2008 14:26:34 +0000 (14:26 +0000)]
Oops... use correct version number this time....
Dr. Stephen Henson [Mon, 15 Sep 2008 12:19:09 +0000 (12:19 +0000)]
Prepare for next version....
Dr. Stephen Henson [Mon, 15 Sep 2008 10:28:13 +0000 (10:28 +0000)]
Begin release of OpenSSL 0.9.8i.
Andy Polyakov [Mon, 15 Sep 2008 07:19:41 +0000 (07:19 +0000)]
Compilation warning fix [from HEAD, "must have, as our Windows build does
not tolerate warnings].
Andy Polyakov [Mon, 15 Sep 2008 05:45:36 +0000 (05:45 +0000)]
Fix yesterday typos in bss_dgram.c [from HEAD].
Bodo Möller [Sun, 14 Sep 2008 19:50:53 +0000 (19:50 +0000)]
update comment
Andy Polyakov [Sun, 14 Sep 2008 19:23:46 +0000 (19:23 +0000)]
Winsock handles SO_RCVTIMEO in unique manner... [from HEAD].
PR: 1648
Bodo Möller [Sun, 14 Sep 2008 18:16:09 +0000 (18:16 +0000)]
oops
Andy Polyakov [Sun, 14 Sep 2008 17:57:03 +0000 (17:57 +0000)]
dtls1_write_bytes consumers expect amount of bytes written per call, not
overall [from HEAD].
PR: 1604
Dr. Stephen Henson [Sun, 14 Sep 2008 16:43:37 +0000 (16:43 +0000)]
Fix error code discrepancy.
Make update.
Dr. Stephen Henson [Sun, 14 Sep 2008 15:46:36 +0000 (15:46 +0000)]
Stop warnings about value not used.
Bodo Möller [Sun, 14 Sep 2008 14:02:01 +0000 (14:02 +0000)]
Fix SSL state transitions.
Submitted by: Nagendra Modadugu
Bodo Möller [Sun, 14 Sep 2008 13:51:49 +0000 (13:51 +0000)]
Really get rid of unsafe double-checked locking.
Also, "CHANGES" clean-ups.
Bodo Möller [Sun, 14 Sep 2008 13:42:40 +0000 (13:42 +0000)]
Some precautions to avoid potential security-relevant problems.
Andy Polyakov [Sat, 13 Sep 2008 18:25:36 +0000 (18:25 +0000)]
DTLS didn't handle alerts correctly [from HEAD].
PR: 1632
Dr. Stephen Henson [Fri, 12 Sep 2008 17:44:26 +0000 (17:44 +0000)]
file rc4_fblk.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 11:02:19 +0000
Andy Polyakov [Fri, 12 Sep 2008 14:47:02 +0000 (14:47 +0000)]
AIX build updates [from HEAD].
Ben Laurie [Fri, 12 Sep 2008 13:29:59 +0000 (13:29 +0000)]
Allow soft-loading engines.
Ben Laurie [Fri, 12 Sep 2008 13:26:07 +0000 (13:26 +0000)]
Don't hide commands.
Dr. Stephen Henson [Wed, 3 Sep 2008 22:13:04 +0000 (22:13 +0000)]
If tickets disabled behave as if no ticket received to support
stateful resume.
Dr. Stephen Henson [Sun, 31 Aug 2008 11:15:35 +0000 (11:15 +0000)]
Fix flag clash... only used internally when policy checking is
enabled.
Bodo Möller [Thu, 14 Aug 2008 21:37:20 +0000 (21:37 +0000)]
Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.
Bodo Möller [Wed, 13 Aug 2008 19:44:44 +0000 (19:44 +0000)]
sanity check
PR: 1679
Dr. Stephen Henson [Tue, 5 Aug 2008 15:56:11 +0000 (15:56 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sat, 2 Aug 2008 11:17:04 +0000 (11:17 +0000)]
Fix from HEAD.
Lutz Jänicke [Fri, 1 Aug 2008 15:03:22 +0000 (15:03 +0000)]
Refer to SSL_pending from the man page for SSL_read
Dr. Stephen Henson [Wed, 30 Jul 2008 15:42:19 +0000 (15:42 +0000)]
Fix from HEAD.
Bodo Möller [Thu, 17 Jul 2008 22:11:24 +0000 (22:11 +0000)]
We should check the eight bytes starting at p[-9] for rollback attack
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.
PR: 1695
Andy Polyakov [Thu, 17 Jul 2008 11:59:07 +0000 (11:59 +0000)]
Harmonize darwin-i386-cc config line with HEAD.
Andy Polyakov [Thu, 17 Jul 2008 10:00:18 +0000 (10:00 +0000)]
darwin64-ppc-cc experimental line accidentally made it to stable:-(
PR: 1699
Andy Polyakov [Thu, 17 Jul 2008 09:51:34 +0000 (09:51 +0000)]
sha1-586.pl: update from HEAD.
PR: 1681
Bodo Möller [Wed, 16 Jul 2008 18:10:28 +0000 (18:10 +0000)]
Make sure not to read beyond end of buffer
Dr. Stephen Henson [Sun, 13 Jul 2008 22:38:52 +0000 (22:38 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sun, 13 Jul 2008 15:56:01 +0000 (15:56 +0000)]
Update from HEAD.
Dr. Stephen Henson [Sun, 13 Jul 2008 14:33:16 +0000 (14:33 +0000)]
Update from HEAD.
Dr. Stephen Henson [Thu, 26 Jun 2008 23:26:52 +0000 (23:26 +0000)]
Add support for Local Machine Keyset attribute in PKCS#12 files.
Dr. Stephen Henson [Thu, 26 Jun 2008 23:20:52 +0000 (23:20 +0000)]
Sync OIDs with HEAD so we don't need to rebuild OID database and change
all NIDs every time an OID is added to 0.9.8.
Dr. Stephen Henson [Wed, 25 Jun 2008 10:41:48 +0000 (10:41 +0000)]
Changes to allow capi ENGINE to compile with older headers on e.g. VC6.
Bodo Möller [Mon, 23 Jun 2008 20:46:28 +0000 (20:46 +0000)]
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
Dr. Stephen Henson [Sun, 22 Jun 2008 01:10:04 +0000 (01:10 +0000)]
Update ordinals.
Dr. Stephen Henson [Sat, 21 Jun 2008 23:28:02 +0000 (23:28 +0000)]
Make WIN32 build work with no-rc4