Ben Laurie
ed4cd027f3
Fix warnings.
2010-02-28 13:37:15 +00:00
Dr. Stephen Henson
bab19a2ac2
quote HOSTCC in case it isn't defined
2010-02-26 19:56:10 +00:00
Dr. Stephen Henson
582eb96d15
Revert CFB block length change. Despite what SP800-38a says the input to
...
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
2010-02-26 14:41:38 +00:00
Dr. Stephen Henson
2649ce1ebc
Change versions for 0.9.8n-dev
2010-02-26 14:34:24 +00:00
Dr. Stephen Henson
7070cdba4e
Prepare for 0.9.8m release
2010-02-25 17:18:23 +00:00
Richard Levitte
e885de28b1
Since crypto-lib.com is built to be executed in the crypto/ directory,
...
there's no need to specify that directory in the include path.
2010-02-24 01:20:04 +00:00
Dr. Stephen Henson
3038649ab2
The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and
...
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in
the verify application documentation.
2010-02-23 14:09:32 +00:00
Bodo Möller
3e4da3f7cb
Always check bn_wexpend() return values for failure (CVE-2009-3245).
...
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)
Submitted by: Neel Mehta
2010-02-23 10:36:41 +00:00
Richard Levitte
53b5d04715
Apply changes from the 1.0.0 branch.
2010-02-23 07:51:39 +00:00
Richard Levitte
defede6080
Include [.CRYPTO.<ARCH>] instead of just [.<ARCH>]
2010-02-23 07:50:54 +00:00
Richard Levitte
1472f1427e
In some environments, we need to defined sslroot locally.
2010-02-22 07:05:50 +00:00
Richard Levitte
00d1ecb1da
Add t1_reneg to the VMS build.
...
Hack the symbols with long names.
2010-02-22 07:05:24 +00:00
Bodo Möller
739e0e934a
Fix X509_STORE locking
2010-02-19 18:25:39 +00:00
Dr. Stephen Henson
6ae9770d34
clarify documentation
2010-02-18 12:42:03 +00:00
Dr. Stephen Henson
bec7184768
OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved
2010-02-17 19:43:08 +00:00
Dr. Stephen Henson
442ac8d259
Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
...
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
2010-02-17 18:37:47 +00:00
Dr. Stephen Henson
657b02d0cf
PR: 2100
...
Submitted by: James Baker <jbaker@tableausoftware.com> et al.
Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:01 +00:00
Dr. Stephen Henson
b50ef8b216
PR: 2171
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.
Also can now use SSL2 compatible client hello because RFC5746 supports it.
2010-02-16 14:19:42 +00:00
Dr. Stephen Henson
1b690c1a8b
The "block length" for CFB mode was incorrectly coded as 1 all the time. It
...
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
2010-02-15 19:40:45 +00:00
Dr. Stephen Henson
2873a53f5f
Correct ECB mode EVP_CIPHER definition: IV length is 0
2010-02-15 19:25:37 +00:00
Dr. Stephen Henson
04a781e844
PR: 2164
...
Submitted by: "Noszticzius, Istvan" <inoszticzius@rightnow.com>
Don't clear the output buffer: ciphers should correctly the same input
and output buffers.
2010-02-15 19:02:53 +00:00
Dr. Stephen Henson
68be98d1a6
update references to new RI RFC
2010-02-12 22:02:07 +00:00
Dr. Stephen Henson
0bbbadf3f5
Fix memory leak in ENGINE autoconfig code. Improve error logging.
2010-02-09 14:18:15 +00:00
Dr. Stephen Henson
c0c1ce125a
update year
2010-02-09 14:13:30 +00:00
Dr. Stephen Henson
105861186f
Only use bufferoverflowu.lib when needed
2010-02-04 01:10:24 +00:00
Dr. Stephen Henson
4a9d335bb4
tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
2010-02-02 14:19:54 +00:00
Dr. Stephen Henson
162f1e08f8
make no-rsa no-dsa compile again
2010-02-02 14:03:07 +00:00
Dr. Stephen Henson
0484ff5ec1
PR: 2160
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Make session tickets work with DTLS.
2010-02-01 16:48:40 +00:00
Dr. Stephen Henson
4acc2fed6c
PR: 2159
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Typo in PR#1949 bug, oops!
2010-02-01 12:44:21 +00:00
Dr. Stephen Henson
0369804ffa
In engine_table_select() don't clear out entire error queue: just clear
...
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
2010-01-28 17:53:11 +00:00
Dr. Stephen Henson
33d7b5ec07
reword RI description
2010-01-27 18:53:59 +00:00
Dr. Stephen Henson
4b38f35e72
update documentation to reflect new renegotiation options
2010-01-27 17:50:47 +00:00
Dr. Stephen Henson
82c2773423
Some shells print out the directory name if CDPATH is set breaking the
...
pod2man test. Use ./util instead to avoid this.
2010-01-27 16:06:36 +00:00
Dr. Stephen Henson
ded27f709c
typo
2010-01-27 14:04:51 +00:00
Dr. Stephen Henson
30dc3e112b
stop warnings in fips_test_suite application
2010-01-27 14:03:26 +00:00
Dr. Stephen Henson
371b262f96
stop missing prototype warnings
2010-01-27 13:32:31 +00:00
Dr. Stephen Henson
b3fb2492d5
eliminate some warnings in fips build
2010-01-27 13:21:34 +00:00
Dr. Stephen Henson
93b810637b
Bypass algorithm blocking with TLS MD5+SHA1 signature in FIPS mode by
...
calling underlying method directly.
2010-01-27 00:51:24 +00:00
Dr. Stephen Henson
cc62974182
PR: 1949
...
Submitted by: steve@openssl.org
More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
2010-01-26 19:40:36 +00:00
Dr. Stephen Henson
9413788571
PR: 2138
...
Submitted by: Kevin Regan <k.regan@f5.com>
Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.
2010-01-26 18:08:42 +00:00
Dr. Stephen Henson
e8387db0c4
Fix VC++ warning (change had already been made to other branches).
2010-01-26 13:24:08 +00:00
Dr. Stephen Henson
81f28ca567
Typo
2010-01-26 12:29:32 +00:00
Dr. Stephen Henson
1b32943215
Update OID table too.
2010-01-25 16:08:52 +00:00
Dr. Stephen Henson
a231d99d4c
PR: 2149
...
Submitted by: Douglas Stebila <douglas@stebila.ca>
Fix wap OIDs.
2010-01-25 16:08:01 +00:00
Dr. Stephen Henson
714044cc03
oops revert test code from previous commit
2010-01-24 13:52:38 +00:00
Dr. Stephen Henson
5598b99fb3
The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING
...
ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.
2010-01-24 13:50:57 +00:00
Dr. Stephen Henson
6899d9bbf6
If legacy renegotiation is not permitted then send a fatal alert if a patched
...
server attempts to renegotiate with an unpatched client.
2010-01-22 18:49:43 +00:00
Dr. Stephen Henson
cf876a9893
change versions back to 0.9.8m-dev
2010-01-20 18:22:04 +00:00
Dr. Stephen Henson
8b8a2928af
prepare for release
2010-01-20 17:26:02 +00:00
Dr. Stephen Henson
031774468c
update TABLE
2010-01-20 17:16:52 +00:00