Mark J. Cox
0d01d8a735
Prepare for 0.9.8h release
2008-05-28 07:37:14 +00:00
Mark J. Cox
2c0fa03dc6
Fix flaw if 'Server Key exchange message' is omitted from a TLS
...
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)
Reviewed by: openssl-security@openssl.org
Obtained from: mark@awe.com
2008-05-28 07:29:27 +00:00
Mark J. Cox
d3b3a6d389
Fix double-free in TLS server name extensions which could lead to a remote
...
crash found by Codenomicon TLS test suite (CVE-2008-0891)
Reviewed by: openssl-security@openssl.org
Obtained from: jorton@redhat.com
2008-05-28 07:26:33 +00:00
Bodo Möller
fc260b09a1
grammar
2008-05-27 18:43:30 +00:00
Bodo Möller
b3c79a8a27
year 2008
2008-05-27 18:41:02 +00:00
Lutz Jänicke
f0ecefc0c0
Add README about removed root CA certificates.
2008-05-26 06:23:55 +00:00
Lutz Jänicke
b0118409a9
Reword comment to be much shorter to stop other people from complaining
...
about "overcommenting"
2008-05-26 06:21:10 +00:00
Lutz Jänicke
5f23288692
Clear error queue when starting SSL_CTX_use_certificate_chain_file
...
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
2008-05-23 10:37:22 +00:00
Lutz Jänicke
45c58c7d10
Remove all root CA files (beyond test CAs including private key)
...
from the OpenSSL distribution.
2008-05-23 08:59:56 +00:00
Dr. Stephen Henson
112591be76
Fix off by one error ;-)
2008-05-20 18:48:22 +00:00
Dr. Stephen Henson
1b8daa3693
Typo.
2008-05-20 16:13:11 +00:00
Dr. Stephen Henson
1cdbc755ee
Update ordinals.
2008-05-20 12:12:22 +00:00
Dr. Stephen Henson
aa9c7e4b8c
Oops... PEM_write_bio_ASN1_stream() shouldn't be in 0.9.8 CMS backport.
2008-05-20 12:10:28 +00:00
Dr. Stephen Henson
6be69a168f
Remove deleted function definitions from header files
...
so Windows build picks it up.
Recognize new option in mk1mf.pl
2008-05-20 11:50:13 +00:00
Dr. Stephen Henson
eaf76feeb6
Remove old DES definition of deleted function too.
2008-05-20 11:23:49 +00:00
Lutz Jänicke
03e79ed05e
Correctly adjust location of comment
...
Submitted by: Ben Laurie <ben@links.org>
2008-05-20 08:10:51 +00:00
Ben Laurie
56bef2df4f
Fix warning.
2008-05-20 03:05:50 +00:00
Dr. Stephen Henson
10d3886c51
Fix two invalid memory reads in RSA OAEP mode.
...
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
2008-05-19 21:26:28 +00:00
Bodo Möller
f1c0cf5b70
Disable code that clearly doesn't currently serve any useful purpose.
...
(Buggy line reported by Matthias Koenig.)
2008-05-19 19:44:33 +00:00
Lutz Jänicke
2a7ac69ee4
Document "openssl s_server" -crl_check* options
...
Submitted by: Daniel Black <daniel.subs@internode.on.net>
2008-05-19 07:52:17 +00:00
Lutz Jänicke
d13ea8e184
Provide information about "openssl dgst" -hmac option.
2008-05-19 07:43:41 +00:00
Dr. Stephen Henson
1820b04bb2
Typo.
...
PR: 1672
2008-05-18 13:52:05 +00:00
Lutz Jänicke
439b7ef463
Another occurance of possible valgrind/purify "uninitialized memory"
...
complaint related to the PRNG: with PURIFY policy don't feed uninitialized
memory into the PRNG.
Submitted by: Bodo Moeller <bmoeller@openssl.org> :-)
2008-05-16 07:14:58 +00:00
Dr. Stephen Henson
a25fb95bd6
Always seed PRNG for new requests no matter what key type. RSA may need
...
the PRNG for blinding.
PR: 1666
2008-05-12 16:07:00 +00:00
Dr. Stephen Henson
6168067160
Fix from HEAD.
2008-05-09 23:17:10 +00:00
Bodo Möller
c3031a4610
Avoid BN_MONT_CTX incompatibility.
2008-05-02 18:47:19 +00:00
Dr. Stephen Henson
1099a94063
Update from HEAD.
2008-05-01 23:31:03 +00:00
Bodo Möller
812d8a176c
Unobtrusive backport of 32-bit x86 Montgomery improvements from 0.9.9-dev:
...
you need to use "enable-montasm" to see a difference. (Huge speed
advantage, but BN_MONT_CTX is not binary compatible, so this can't be
enabled by default in the 0.9.8 branch.)
The CHANGES entry also covers the 64-bit x86 backport in November 2007
by appro.
2008-05-01 23:11:34 +00:00
Dr. Stephen Henson
db533c96e3
TLS ticket key setting callback: this allows and application to set
...
its own TLS ticket keys.
2008-04-30 16:11:33 +00:00
Dr. Stephen Henson
8831eb7624
Do not permit stateless session resumption is session IDs mismatch.
2008-04-29 17:22:01 +00:00
Dr. Stephen Henson
3c8f315021
Support ticket renewal in state machine (not used at present).
2008-04-29 16:41:53 +00:00
Dr. Stephen Henson
0f2e636602
Status strings for ticket states.
2008-04-29 16:38:26 +00:00
Geoff Thorpe
98bd148b1a
Fix auto-discovery of ENGINEs, ported from HEAD.
...
NB, this fixes a regression relative to 0.9.7 and the documented behaviour,
but it would make sense for distro maintainers and others with an interest
in system behaviour to test with this change. The fix re-enables behaviour
that was broken and thus inherently disabled. In particular, if you
register an ENGINE implementation, and that ENGINE is able to successfully
self-initialise on the host, it will get used automatically (as claimed in
the documentation and as was the case for 0.9.7) - this was not the case
with 0.9.8 until now because of a bug.
PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe
2008-04-28 21:45:43 +00:00
Geoff Thorpe
292248b8c2
Update from HEAD.
2008-04-27 18:52:14 +00:00
Dr. Stephen Henson
d3eef3e5af
Fix from HEAD.
2008-04-25 16:27:25 +00:00
Andy Polyakov
c5fbf8c1ba
Compensate inline assembler in sha512.c for gcc 2.7.2 compiler bug [from HEAD].
...
PR: 1667
2008-04-24 10:00:40 +00:00
Andy Polyakov
1ed2d8f512
bn_nist.c update from HEAD.
...
PR: 1593
2008-04-18 15:51:31 +00:00
Dr. Stephen Henson
d140890259
Update from HEAD.
2008-04-18 11:19:56 +00:00
Lutz Jänicke
eb492df2bb
Add missing 'extern "C" {' to some _err.h files in crypto/engines/
...
PR: 1609
2008-04-18 07:43:23 +00:00
Richard Levitte
2c16e78400
Synchronise with Unix
2008-04-18 06:07:43 +00:00
Lutz Jänicke
bf2b87aea3
Fix incorrect return value in apps/apps.c:parse_yesno()
...
PR: 1607
Submitted by: "Christophe Macé" <mace.christophe@gmail.com>
2008-04-17 14:15:29 +00:00
Lutz Jänicke
1dff425999
Correctly handle case of bad arguments supplied to rsautl
...
PR: 1659
2008-04-17 13:36:16 +00:00
Dr. Stephen Henson
501af5ba89
Update from HEAD.
2008-04-12 10:15:33 +00:00
Richard Levitte
31d6e7b7ba
Provide other forms for symbols that are too long or that clash with others
2008-04-12 08:40:03 +00:00
Dr. Stephen Henson
b983322bfb
Revert change from HEAD.
2008-04-11 23:23:57 +00:00
Dr. Stephen Henson
339654e163
Fix from HEAD.
2008-04-11 17:34:42 +00:00
Richard Levitte
5ca48cc853
Synchronise with Unix build
2008-04-11 01:53:19 +00:00
Dr. Stephen Henson
79996e3335
Update from HEAD.
2008-04-09 22:12:10 +00:00
Dr. Stephen Henson
173acc185c
Fix from HEAD.
2008-04-07 11:01:43 +00:00
Lutz Jänicke
a985ecdd17
Fix URI of OpenSSL Request Tracker information
...
PR: 1661
2008-04-07 06:35:42 +00:00