Commit graph

7830 commits

Author SHA1 Message Date
Dr. Stephen Henson
9e47c34729 CryptoAPI ENGINE... initial version, not compiled in yet. 2008-05-29 16:46:38 +00:00
Bodo Möller
cb896f8923 FAQ updates from HEAD 2008-05-28 22:30:39 +00:00
Bodo Möller
cec9bce126 fix whitespace 2008-05-28 22:22:50 +00:00
Mark J. Cox
3f79793b7e After tagging, bump ready for 0.9.8i development 2008-05-28 07:47:50 +00:00
Mark J. Cox
0d01d8a735 Prepare for 0.9.8h release 2008-05-28 07:37:14 +00:00
Mark J. Cox
2c0fa03dc6 Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com
2008-05-28 07:29:27 +00:00
Mark J. Cox
d3b3a6d389 Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com
2008-05-28 07:26:33 +00:00
Bodo Möller
fc260b09a1 grammar 2008-05-27 18:43:30 +00:00
Bodo Möller
b3c79a8a27 year 2008 2008-05-27 18:41:02 +00:00
Lutz Jänicke
f0ecefc0c0 Add README about removed root CA certificates. 2008-05-26 06:23:55 +00:00
Lutz Jänicke
b0118409a9 Reword comment to be much shorter to stop other people from complaining
about "overcommenting"
2008-05-26 06:21:10 +00:00
Lutz Jänicke
5f23288692 Clear error queue when starting SSL_CTX_use_certificate_chain_file
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
2008-05-23 10:37:22 +00:00
Lutz Jänicke
45c58c7d10 Remove all root CA files (beyond test CAs including private key)
from the OpenSSL distribution.
2008-05-23 08:59:56 +00:00
Dr. Stephen Henson
112591be76 Fix off by one error ;-) 2008-05-20 18:48:22 +00:00
Dr. Stephen Henson
1b8daa3693 Typo. 2008-05-20 16:13:11 +00:00
Dr. Stephen Henson
1cdbc755ee Update ordinals. 2008-05-20 12:12:22 +00:00
Dr. Stephen Henson
aa9c7e4b8c Oops... PEM_write_bio_ASN1_stream() shouldn't be in 0.9.8 CMS backport. 2008-05-20 12:10:28 +00:00
Dr. Stephen Henson
6be69a168f Remove deleted function definitions from header files
so Windows build picks it up.

Recognize new option in mk1mf.pl
2008-05-20 11:50:13 +00:00
Dr. Stephen Henson
eaf76feeb6 Remove old DES definition of deleted function too. 2008-05-20 11:23:49 +00:00
Lutz Jänicke
03e79ed05e Correctly adjust location of comment
Submitted by: Ben Laurie <ben@links.org>
2008-05-20 08:10:51 +00:00
Ben Laurie
56bef2df4f Fix warning. 2008-05-20 03:05:50 +00:00
Dr. Stephen Henson
10d3886c51 Fix two invalid memory reads in RSA OAEP mode.
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
2008-05-19 21:26:28 +00:00
Bodo Möller
f1c0cf5b70 Disable code that clearly doesn't currently serve any useful purpose.
(Buggy line reported by Matthias Koenig.)
2008-05-19 19:44:33 +00:00
Lutz Jänicke
2a7ac69ee4 Document "openssl s_server" -crl_check* options
Submitted by: Daniel Black <daniel.subs@internode.on.net>
2008-05-19 07:52:17 +00:00
Lutz Jänicke
d13ea8e184 Provide information about "openssl dgst" -hmac option. 2008-05-19 07:43:41 +00:00
Dr. Stephen Henson
1820b04bb2 Typo.
PR: 1672
2008-05-18 13:52:05 +00:00
Lutz Jänicke
439b7ef463 Another occurance of possible valgrind/purify "uninitialized memory"
complaint related to the PRNG: with PURIFY policy don't feed uninitialized
memory into the PRNG.

Submitted by: Bodo Moeller <bmoeller@openssl.org> :-)
2008-05-16 07:14:58 +00:00
Dr. Stephen Henson
a25fb95bd6 Always seed PRNG for new requests no matter what key type. RSA may need
the PRNG for blinding.

PR: 1666
2008-05-12 16:07:00 +00:00
Dr. Stephen Henson
6168067160 Fix from HEAD. 2008-05-09 23:17:10 +00:00
Bodo Möller
c3031a4610 Avoid BN_MONT_CTX incompatibility. 2008-05-02 18:47:19 +00:00
Dr. Stephen Henson
1099a94063 Update from HEAD. 2008-05-01 23:31:03 +00:00
Bodo Möller
812d8a176c Unobtrusive backport of 32-bit x86 Montgomery improvements from 0.9.9-dev:
you need to use "enable-montasm" to see a difference.  (Huge speed
advantage, but BN_MONT_CTX is not binary compatible, so this can't be
enabled by default in the 0.9.8 branch.)

The CHANGES entry also covers the 64-bit x86 backport in November 2007
by appro.
2008-05-01 23:11:34 +00:00
Dr. Stephen Henson
db533c96e3 TLS ticket key setting callback: this allows and application to set
its own TLS ticket keys.
2008-04-30 16:11:33 +00:00
Dr. Stephen Henson
8831eb7624 Do not permit stateless session resumption is session IDs mismatch. 2008-04-29 17:22:01 +00:00
Dr. Stephen Henson
3c8f315021 Support ticket renewal in state machine (not used at present). 2008-04-29 16:41:53 +00:00
Dr. Stephen Henson
0f2e636602 Status strings for ticket states. 2008-04-29 16:38:26 +00:00
Geoff Thorpe
98bd148b1a Fix auto-discovery of ENGINEs, ported from HEAD.
NB, this fixes a regression relative to 0.9.7 and the documented behaviour,
but it would make sense for distro maintainers and others with an interest
in system behaviour to test with this change. The fix re-enables behaviour
that was broken and thus inherently disabled. In particular, if you
register an ENGINE implementation, and that ENGINE is able to successfully
self-initialise on the host, it will get used automatically (as claimed in
the documentation and as was the case for 0.9.7) - this was not the case
with 0.9.8 until now because of a bug.

PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe
2008-04-28 21:45:43 +00:00
Geoff Thorpe
292248b8c2 Update from HEAD. 2008-04-27 18:52:14 +00:00
Dr. Stephen Henson
d3eef3e5af Fix from HEAD. 2008-04-25 16:27:25 +00:00
Andy Polyakov
c5fbf8c1ba Compensate inline assembler in sha512.c for gcc 2.7.2 compiler bug [from HEAD].
PR: 1667
2008-04-24 10:00:40 +00:00
Andy Polyakov
1ed2d8f512 bn_nist.c update from HEAD.
PR: 1593
2008-04-18 15:51:31 +00:00
Dr. Stephen Henson
d140890259 Update from HEAD. 2008-04-18 11:19:56 +00:00
Lutz Jänicke
eb492df2bb Add missing 'extern "C" {' to some _err.h files in crypto/engines/
PR: 1609
2008-04-18 07:43:23 +00:00
Richard Levitte
2c16e78400 Synchronise with Unix 2008-04-18 06:07:43 +00:00
Lutz Jänicke
bf2b87aea3 Fix incorrect return value in apps/apps.c:parse_yesno()
PR: 1607
Submitted by: "Christophe Macé" <mace.christophe@gmail.com>
2008-04-17 14:15:29 +00:00
Lutz Jänicke
1dff425999 Correctly handle case of bad arguments supplied to rsautl
PR: 1659
2008-04-17 13:36:16 +00:00
Dr. Stephen Henson
501af5ba89 Update from HEAD. 2008-04-12 10:15:33 +00:00
Richard Levitte
31d6e7b7ba Provide other forms for symbols that are too long or that clash with others 2008-04-12 08:40:03 +00:00
Dr. Stephen Henson
b983322bfb Revert change from HEAD. 2008-04-11 23:23:57 +00:00
Dr. Stephen Henson
339654e163 Fix from HEAD. 2008-04-11 17:34:42 +00:00