oweals/openssl.git
16 years agoUpdate from stable branch.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:45:25 +0000 (11:45 +0000)]
Update from stable branch.

16 years agoSync ordinals with stable branch.
Dr. Stephen Henson [Thu, 5 Jun 2008 11:10:49 +0000 (11:10 +0000)]
Sync ordinals with stable branch.

16 years agoLink in extra CryptoAPI related libraries if needed.
Dr. Stephen Henson [Thu, 5 Jun 2008 10:51:48 +0000 (10:51 +0000)]
Link in extra CryptoAPI related libraries if needed.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Wed, 4 Jun 2008 23:03:28 +0000 (23:03 +0000)]
Update from stable branch.

16 years agoRemove test fprintf.
Dr. Stephen Henson [Wed, 4 Jun 2008 22:39:05 +0000 (22:39 +0000)]
Remove test fprintf.

16 years agoCompilation option to use a specific ssl client auth engine automatically.
Dr. Stephen Henson [Wed, 4 Jun 2008 22:34:38 +0000 (22:34 +0000)]
Compilation option to use a specific ssl client auth engine automatically.

16 years agoUse an appropriate Window for selection dialog.
Dr. Stephen Henson [Wed, 4 Jun 2008 16:45:05 +0000 (16:45 +0000)]
Use an appropriate Window for selection dialog.

16 years agoAdd support for Windoes dialog box based certificate selection.
Dr. Stephen Henson [Wed, 4 Jun 2008 16:10:09 +0000 (16:10 +0000)]
Add support for Windoes dialog box based certificate selection.

16 years agoRemove old non-safestack code.
Dr. Stephen Henson [Wed, 4 Jun 2008 14:34:39 +0000 (14:34 +0000)]
Remove old non-safestack code.

16 years agoTidy up and add comments to selection code.
Dr. Stephen Henson [Wed, 4 Jun 2008 12:03:57 +0000 (12:03 +0000)]
Tidy up and add comments to selection code.

16 years agoMake DSO WIN32 compile again.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:53:14 +0000 (11:53 +0000)]
Make DSO WIN32 compile again.

16 years agoUpdate ordinals.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:52:36 +0000 (11:52 +0000)]
Update ordinals.

16 years agoRemove store from Windows build.
Dr. Stephen Henson [Wed, 4 Jun 2008 11:45:15 +0000 (11:45 +0000)]
Remove store from Windows build.

16 years agoMore type-checking.
Ben Laurie [Wed, 4 Jun 2008 11:01:43 +0000 (11:01 +0000)]
More type-checking.

16 years agoAvoid name clash.
Dr. Stephen Henson [Wed, 4 Jun 2008 10:57:38 +0000 (10:57 +0000)]
Avoid name clash.

16 years agoOnly include windows headers when under windows.
Ben Laurie [Wed, 4 Jun 2008 05:21:13 +0000 (05:21 +0000)]
Only include windows headers when under windows.

16 years agoAdd initial support for multiple SSL client certifcate selection in
Dr. Stephen Henson [Tue, 3 Jun 2008 23:54:31 +0000 (23:54 +0000)]
Add initial support for multiple SSL client certifcate selection in
CryptoAPI ENGINE.

16 years agoMatch empty CA list to anything for ssl client auth in CryptoAPI engine.
Dr. Stephen Henson [Tue, 3 Jun 2008 11:37:52 +0000 (11:37 +0000)]
Match empty CA list to anything for ssl client auth in CryptoAPI engine.

16 years agoAdd support for client cert engine setting in s_client app.
Dr. Stephen Henson [Tue, 3 Jun 2008 11:26:27 +0000 (11:26 +0000)]
Add support for client cert engine setting in s_client app.
Add appropriate #ifdefs round client cert functions in headers.

16 years agoAdd preliminary SSL client auth callback to CryptoAPI ENGINE.
Dr. Stephen Henson [Tue, 3 Jun 2008 10:27:39 +0000 (10:27 +0000)]
Add preliminary SSL client auth callback to CryptoAPI ENGINE.

16 years agoPrevent signed/unsigned warning on VC++
Dr. Stephen Henson [Tue, 3 Jun 2008 10:17:45 +0000 (10:17 +0000)]
Prevent signed/unsigned warning on VC++

16 years agoMemory saving patch.
Ben Laurie [Tue, 3 Jun 2008 02:48:34 +0000 (02:48 +0000)]
Memory saving patch.

16 years agoUpdate year.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:41:38 +0000 (23:41 +0000)]
Update year.

16 years agoWindows batch file to rebuild error codes for CryptoAPI ENGINE.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:10:34 +0000 (23:10 +0000)]
Windows batch file to rebuild error codes for CryptoAPI ENGINE.

16 years ago#undef OCSP_RESPONSE: CryptoAPI uses this too.
Dr. Stephen Henson [Mon, 2 Jun 2008 23:09:04 +0000 (23:09 +0000)]
#undef OCSP_RESPONSE: CryptoAPI uses this too.

16 years agoFix indentation.
Dr. Stephen Henson [Mon, 2 Jun 2008 14:29:32 +0000 (14:29 +0000)]
Fix indentation.

16 years agoAvoid case in ca.c fix.
Dr. Stephen Henson [Mon, 2 Jun 2008 12:10:06 +0000 (12:10 +0000)]
Avoid case in ca.c fix.

16 years agoRevert, doesn't fix warning :-(
Dr. Stephen Henson [Mon, 2 Jun 2008 10:42:57 +0000 (10:42 +0000)]
Revert, doesn't fix warning :-(

16 years agoAvoid cast with wrapper function.
Dr. Stephen Henson [Mon, 2 Jun 2008 10:37:53 +0000 (10:37 +0000)]
Avoid cast with wrapper function.

16 years agoFree old store name (if any).
Dr. Stephen Henson [Sun, 1 Jun 2008 23:45:11 +0000 (23:45 +0000)]
Free old store name (if any).

16 years agoAdd ctrl for alternative certificate store names.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:42:49 +0000 (23:42 +0000)]
Add ctrl for alternative certificate store names.

16 years agoUse keyspec for DSA too.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:28:17 +0000 (23:28 +0000)]
Use keyspec for DSA too.

16 years agoGet and note keyspec when signing.
Dr. Stephen Henson [Sun, 1 Jun 2008 23:24:53 +0000 (23:24 +0000)]
Get and note keyspec when signing.

16 years agoRelease engine reference when calling SSL_CTX_free().
Dr. Stephen Henson [Sun, 1 Jun 2008 23:06:48 +0000 (23:06 +0000)]
Release engine reference when calling SSL_CTX_free().

16 years agoAllow ENGINE client cert callback to specify a set of other certs, for
Dr. Stephen Henson [Sun, 1 Jun 2008 22:45:08 +0000 (22:45 +0000)]
Allow ENGINE client cert callback to specify a set of other certs, for
the rest of the certificate chain. Currently unused.

16 years agoUpdate error codes.
Dr. Stephen Henson [Sun, 1 Jun 2008 22:34:40 +0000 (22:34 +0000)]
Update error codes.

16 years agoAdd client cert engine to SSL routines.
Dr. Stephen Henson [Sun, 1 Jun 2008 22:33:24 +0000 (22:33 +0000)]
Add client cert engine to SSL routines.

16 years agoUpdate error codes, move typedef of SSL, SSL_CTX to ossl_typ.h
Dr. Stephen Henson [Sun, 1 Jun 2008 21:18:47 +0000 (21:18 +0000)]
Update error codes, move typedef of SSL, SSL_CTX to ossl_typ.h

16 years agoAdd support for ENGINE supplied SSL client auth.
Dr. Stephen Henson [Sun, 1 Jun 2008 21:10:30 +0000 (21:10 +0000)]
Add support for ENGINE supplied SSL client auth.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Sun, 1 Jun 2008 11:07:34 +0000 (11:07 +0000)]
Update from stable branch.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 23:48:02 +0000 (23:48 +0000)]
Update from stable branch.

16 years agoUpdate VC-32.pl and load CryptoAPI engine in the right place.
Dr. Stephen Henson [Sat, 31 May 2008 23:21:40 +0000 (23:21 +0000)]
Update VC-32.pl and load CryptoAPI engine in the right place.

16 years agoMore CryptoAPI engine code from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 22:53:16 +0000 (22:53 +0000)]
More CryptoAPI engine code from stable branch.

16 years agoAdd CryptoAPI error file too.
Dr. Stephen Henson [Sat, 31 May 2008 22:50:00 +0000 (22:50 +0000)]
Add CryptoAPI error file too.

16 years agoAdd CryptoAPI ENGINE from stable branch.
Dr. Stephen Henson [Sat, 31 May 2008 22:49:32 +0000 (22:49 +0000)]
Add CryptoAPI ENGINE from stable branch.

16 years agoRecognize LHASH_OF().
Dr. Stephen Henson [Sat, 31 May 2008 21:20:53 +0000 (21:20 +0000)]
Recognize LHASH_OF().

16 years agoStop const mismatch warning.
Dr. Stephen Henson [Sat, 31 May 2008 19:28:57 +0000 (19:28 +0000)]
Stop const mismatch warning.

16 years agoStop warning about extra ';' outside of function.
Dr. Stephen Henson [Sat, 31 May 2008 19:17:25 +0000 (19:17 +0000)]
Stop warning about extra ';' outside of function.

16 years agoStop const mismatch warning in VC++.
Dr. Stephen Henson [Sat, 31 May 2008 18:55:23 +0000 (18:55 +0000)]
Stop const mismatch warning in VC++.

16 years agoEveryone's had a few years to port their favorite additions to 0.9.7
Bodo Möller [Sat, 31 May 2008 13:42:53 +0000 (13:42 +0000)]
Everyone's had a few years to port their favorite additions to 0.9.7
to HEAD (and the 0.9.8 branch).  Remove the reminder.

16 years agoFix from stable branch.
Dr. Stephen Henson [Fri, 30 May 2008 10:57:49 +0000 (10:57 +0000)]
Fix from stable branch.

16 years agosync with 0.9.8 branch
Bodo Möller [Wed, 28 May 2008 22:30:28 +0000 (22:30 +0000)]
sync with 0.9.8 branch

16 years agoFrom HEAD:
Bodo Möller [Wed, 28 May 2008 22:17:34 +0000 (22:17 +0000)]
From HEAD:

Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com

16 years agoFrom HEAD:
Bodo Möller [Wed, 28 May 2008 22:15:48 +0000 (22:15 +0000)]
From HEAD:

Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com

16 years agogrammar
Bodo Möller [Tue, 27 May 2008 18:43:20 +0000 (18:43 +0000)]
grammar

16 years agoyear 2008
Bodo Möller [Tue, 27 May 2008 18:41:09 +0000 (18:41 +0000)]
year 2008

16 years agoAvoid "duplicate const" warnings.
Dr. Stephen Henson [Tue, 27 May 2008 11:44:03 +0000 (11:44 +0000)]
Avoid "duplicate const" warnings.

16 years agoAvoid warning about empty structures and always define CHECKED_PTR_OF
Dr. Stephen Henson [Tue, 27 May 2008 11:28:49 +0000 (11:28 +0000)]
Avoid warning about empty structures and always define CHECKED_PTR_OF

16 years agoC++ style comments fixed.
Dr. Stephen Henson [Mon, 26 May 2008 15:39:36 +0000 (15:39 +0000)]
C++ style comments fixed.

16 years agoLHASH revamp. make depend.
Ben Laurie [Mon, 26 May 2008 11:24:29 +0000 (11:24 +0000)]
LHASH revamp. make depend.

16 years agoAdd README about removed root CA certificates.
Lutz Jänicke [Mon, 26 May 2008 06:23:57 +0000 (06:23 +0000)]
Add README about removed root CA certificates.

16 years agoReword comment to be much shorter to stop other people from complaining
Lutz Jänicke [Mon, 26 May 2008 06:21:13 +0000 (06:21 +0000)]
Reword comment to be much shorter to stop other people from complaining
about "overcommenting".

16 years agoClear error queue when starting SSL_CTX_use_certificate_chain_file
Lutz Jänicke [Fri, 23 May 2008 10:37:52 +0000 (10:37 +0000)]
Clear error queue when starting SSL_CTX_use_certificate_chain_file
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>

16 years agoRemove all root CA files (beyond test CAs including private key)
Lutz Jänicke [Fri, 23 May 2008 08:59:23 +0000 (08:59 +0000)]
Remove all root CA files (beyond test CAs including private key)
from the OpenSSL distribution.

16 years agoTypo.
Dr. Stephen Henson [Tue, 20 May 2008 18:49:00 +0000 (18:49 +0000)]
Typo.

16 years agoTypo.
Dr. Stephen Henson [Tue, 20 May 2008 16:13:57 +0000 (16:13 +0000)]
Typo.

16 years agoUpdate ordinals.
Dr. Stephen Henson [Tue, 20 May 2008 12:23:38 +0000 (12:23 +0000)]
Update ordinals.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Tue, 20 May 2008 11:52:57 +0000 (11:52 +0000)]
Update from stable branch.

16 years agoFix from stable branch.
Dr. Stephen Henson [Tue, 20 May 2008 11:30:27 +0000 (11:30 +0000)]
Fix from stable branch.

16 years agoCorrectly adjust location of comment
Lutz Jänicke [Tue, 20 May 2008 08:10:48 +0000 (08:10 +0000)]
Correctly adjust location of comment

Submitted by: Ben Laurie <ben@links.org>

16 years agoFix two invalid memory reads in RSA OAEP mode.
Dr. Stephen Henson [Mon, 19 May 2008 21:33:55 +0000 (21:33 +0000)]
Fix two invalid memory reads in RSA OAEP mode.
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve

16 years agoChange use of CRYPTO_THREADID so that we always use both the ulong and
Bodo Möller [Mon, 19 May 2008 20:45:25 +0000 (20:45 +0000)]
Change use of CRYPTO_THREADID so that we always use both the ulong and
ptr members.

(So if the id_callback is bogus, we still have &errno.)

16 years agoDisable code that clearly doesn't currently serve any useful purpose.
Bodo Möller [Mon, 19 May 2008 19:44:45 +0000 (19:44 +0000)]
Disable code that clearly doesn't currently serve any useful purpose.
(Buggy line reported by Matthias Koenig.)

16 years agoDocument "openssl s_server" -crl_check* options
Lutz Jänicke [Mon, 19 May 2008 07:52:15 +0000 (07:52 +0000)]
Document "openssl s_server" -crl_check* options

Submitted by: Daniel Black <daniel.subs@internode.on.net>

16 years agoProvide information about "openssl dgst" -hmac option.
Lutz Jänicke [Mon, 19 May 2008 07:43:34 +0000 (07:43 +0000)]
Provide information about "openssl dgst" -hmac option.

16 years agoTypo. (From 0.9.8-stable/S. Henson)
Lutz Jänicke [Mon, 19 May 2008 06:21:05 +0000 (06:21 +0000)]
Typo. (From 0.9.8-stable/S. Henson)
PR: 1672

16 years agoAnother occurance of possible valgrind/purify "uninitialized memory"
Lutz Jänicke [Fri, 16 May 2008 07:14:26 +0000 (07:14 +0000)]
Another occurance of possible valgrind/purify "uninitialized memory"
complaint related to the PRNG: with PURIFY policy don't feed uninitialized
memory into the PRNG.

Submitted by: Bodo Moeller <bmoeller@openssl.org> :-)

16 years agoFix from stable branch.
Dr. Stephen Henson [Mon, 12 May 2008 16:24:31 +0000 (16:24 +0000)]
Fix from stable branch.

16 years agoAdd missing cast.
Dr. Stephen Henson [Fri, 9 May 2008 23:16:24 +0000 (23:16 +0000)]
Add missing cast.

16 years agoDepict future Win64/x64 development.
Andy Polyakov [Sat, 3 May 2008 18:34:59 +0000 (18:34 +0000)]
Depict future Win64/x64 development.

16 years agoClarifying comment.
Bodo Möller [Fri, 2 May 2008 18:47:48 +0000 (18:47 +0000)]
Clarifying comment.

16 years agoNew function CMS_add1_crl().
Dr. Stephen Henson [Fri, 2 May 2008 17:27:01 +0000 (17:27 +0000)]
New function CMS_add1_crl().

16 years agoIndicate support for digest init ctrl.
Dr. Stephen Henson [Fri, 2 May 2008 11:24:40 +0000 (11:24 +0000)]
Indicate support for digest init ctrl.

16 years agoTypo.
Dr. Stephen Henson [Thu, 1 May 2008 23:35:36 +0000 (23:35 +0000)]
Typo.

16 years agoUse "cont" consistently in cms-examples.pl
Dr. Stephen Henson [Thu, 1 May 2008 23:30:06 +0000 (23:30 +0000)]
Use "cont" consistently in cms-examples.pl

Add a -certsout option to output any certificates in a message.

Add test for example 4.11

16 years agoMontgomery-related minor cleanups/documentation
Bodo Möller [Thu, 1 May 2008 18:48:20 +0000 (18:48 +0000)]
Montgomery-related minor cleanups/documentation

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Wed, 30 Apr 2008 16:14:02 +0000 (16:14 +0000)]
Update from stable branch.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Tue, 29 Apr 2008 17:22:35 +0000 (17:22 +0000)]
Update from stable branch.

16 years agoOops!
Dr. Stephen Henson [Tue, 29 Apr 2008 16:46:46 +0000 (16:46 +0000)]
Oops!

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Tue, 29 Apr 2008 16:44:51 +0000 (16:44 +0000)]
Update from stable branch.

16 years agoUpdate from stable branch.
Dr. Stephen Henson [Tue, 29 Apr 2008 16:39:03 +0000 (16:39 +0000)]
Update from stable branch.

16 years agoFix auto-discovery of ENGINEs. See the CHANGES entry for details (and/or
Geoff Thorpe [Mon, 28 Apr 2008 21:39:09 +0000 (21:39 +0000)]
Fix auto-discovery of ENGINEs. See the CHANGES entry for details (and/or
ticket #1668).

PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe

16 years agoPaul Sheer optimised the OpenSSL to/from libGMP conversions for the case
Geoff Thorpe [Sun, 27 Apr 2008 18:41:23 +0000 (18:41 +0000)]
Paul Sheer optimised the OpenSSL to/from libGMP conversions for the case
where they both use the same limb size. I've tweaked his patch slightly, so
blame me if it breaks.

Submitted by: Paul Sheer
Reviewed by: Geoff Thorpe

16 years agoDon't send zero length session ID if stateless session resupmtion is
Dr. Stephen Henson [Fri, 25 Apr 2008 16:27:04 +0000 (16:27 +0000)]
Don't send zero length session ID if stateless session resupmtion is
successful. Check be seeing if there is a cache hit.

16 years agoDisable debugging fprintf.
Dr. Stephen Henson [Fri, 25 Apr 2008 11:33:32 +0000 (11:33 +0000)]
Disable debugging fprintf.

16 years agoAdd 64-bit support to BN_nist_mod_244 and engage BN_nist_mod_* on 64-bit
Andy Polyakov [Thu, 24 Apr 2008 10:04:26 +0000 (10:04 +0000)]
Add 64-bit support to BN_nist_mod_244 and engage BN_nist_mod_* on 64-bit
platforms.

16 years agoCompensate inline assembler in sha512.c for gcc 2.7.2 compiler bug.
Andy Polyakov [Thu, 24 Apr 2008 09:59:45 +0000 (09:59 +0000)]
Compensate inline assembler in sha512.c for gcc 2.7.2 compiler bug.
PR: 1667

16 years agoTakanori Yanagisawa has shown how to correctly use pre-computed values.
Andy Polyakov [Wed, 23 Apr 2008 08:10:25 +0000 (08:10 +0000)]
Takanori Yanagisawa has shown how to correctly use pre-computed values.
So in a sense this commit reverts few latest ones fixing bugs in original
code and improving it, most notably adding 64-bit support [though not in
BN_nist_mod_224 yet].
PR: 1593

16 years agoResolve __DECC warning and keep disclaiming support for 16-bit platforms.
Andy Polyakov [Fri, 18 Apr 2008 15:47:30 +0000 (15:47 +0000)]
Resolve __DECC warning and keep disclaiming support for 16-bit platforms.

16 years agoFix remaining BN_nist_mod_*.
Andy Polyakov [Fri, 18 Apr 2008 15:40:57 +0000 (15:40 +0000)]
Fix remaining BN_nist_mod_*.
PR: 1593