wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8418 commits 20 branches 302 tags 153 MiB
Commit graph

8418 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andy Polyakov
bdd08277b8 Fix s390x-specific HOST_l2c|c2l [from HEAD]. 
Submitted by: Andreas Krebbel
 2010-03-02 16:26:13 +00:00
Dr. Stephen Henson
2bf4faa7e4 PR: 2178 
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>

Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.
 2010-03-01 23:54:19 +00:00
Dr. Stephen Henson
2e5e604b0c load cryptodev if HAVE_CRYPTODEV is set too 2010-03-01 00:30:11 +00:00
Ben Laurie
ed4cd027f3 Fix warnings. 2010-02-28 13:37:15 +00:00
Dr. Stephen Henson
bab19a2ac2 quote HOSTCC in case it isn't defined 2010-02-26 19:56:10 +00:00
Dr. Stephen Henson
582eb96d15 Revert CFB block length change. Despite what SP800-38a says the input to 
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
 2010-02-26 14:41:38 +00:00
Dr. Stephen Henson
2649ce1ebc Change versions for 0.9.8n-dev 2010-02-26 14:34:24 +00:00
Dr. Stephen Henson
7070cdba4e Prepare for 0.9.8m release 2010-02-25 17:18:23 +00:00
Richard Levitte
e885de28b1 Since crypto-lib.com is built to be executed in the crypto/ directory, 
there's no need to specify that directory in the include path.
 2010-02-24 01:20:04 +00:00
Dr. Stephen Henson
3038649ab2 The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and 
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in
the verify application documentation.
 2010-02-23 14:09:32 +00:00
Bodo Möller
3e4da3f7cb Always check bn_wexpend() return values for failure (CVE-2009-3245). 
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
 2010-02-23 10:36:41 +00:00
Richard Levitte
53b5d04715 Apply changes from the 1.0.0 branch. 2010-02-23 07:51:39 +00:00
Richard Levitte
defede6080 Include [.CRYPTO.<ARCH>] instead of just [.<ARCH>] 2010-02-23 07:50:54 +00:00
Richard Levitte
1472f1427e In some environments, we need to defined sslroot locally. 2010-02-22 07:05:50 +00:00
Richard Levitte
00d1ecb1da Add t1_reneg to the VMS build. 
Hack the symbols with long names.
 2010-02-22 07:05:24 +00:00
Bodo Möller
739e0e934a Fix X509_STORE locking 2010-02-19 18:25:39 +00:00
Dr. Stephen Henson
6ae9770d34 clarify documentation 2010-02-18 12:42:03 +00:00
Dr. Stephen Henson
bec7184768 OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved 2010-02-17 19:43:08 +00:00
Dr. Stephen Henson
442ac8d259 Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:37:47 +00:00
Dr. Stephen Henson
657b02d0cf PR: 2100 
Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.
 2010-02-17 14:32:01 +00:00
Dr. Stephen Henson
b50ef8b216 PR: 2171 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.

Also can now use SSL2 compatible client hello because RFC5746 supports it.
 2010-02-16 14:19:42 +00:00
Dr. Stephen Henson
1b690c1a8b The "block length" for CFB mode was incorrectly coded as 1 all the time. It 
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
 2010-02-15 19:40:45 +00:00
Dr. Stephen Henson
2873a53f5f Correct ECB mode EVP_CIPHER definition: IV length is 0 2010-02-15 19:25:37 +00:00
Dr. Stephen Henson
04a781e844 PR: 2164 
Submitted by: "Noszticzius, Istvan" <inoszticzius@rightnow.com>

Don't clear the output buffer: ciphers should correctly the same input
and output buffers.
 2010-02-15 19:02:53 +00:00
Dr. Stephen Henson
68be98d1a6 update references to new RI RFC 2010-02-12 22:02:07 +00:00
Dr. Stephen Henson
0bbbadf3f5 Fix memory leak in ENGINE autoconfig code. Improve error logging. 2010-02-09 14:18:15 +00:00
Dr. Stephen Henson
c0c1ce125a update year 2010-02-09 14:13:30 +00:00
Dr. Stephen Henson
105861186f Only use bufferoverflowu.lib when needed 2010-02-04 01:10:24 +00:00
Dr. Stephen Henson
4a9d335bb4 tolerate broken CMS/PKCS7 implementations using signature OID instead of digest 2010-02-02 14:19:54 +00:00
Dr. Stephen Henson
162f1e08f8 make no-rsa no-dsa compile again 2010-02-02 14:03:07 +00:00
Dr. Stephen Henson
0484ff5ec1 PR: 2160 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Make session tickets work with DTLS.
 2010-02-01 16:48:40 +00:00
Dr. Stephen Henson
4acc2fed6c PR: 2159 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Typo in PR#1949 bug, oops!
 2010-02-01 12:44:21 +00:00
Dr. Stephen Henson
0369804ffa In engine_table_select() don't clear out entire error queue: just clear 
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
 2010-01-28 17:53:11 +00:00
Dr. Stephen Henson
33d7b5ec07 reword RI description 2010-01-27 18:53:59 +00:00
Dr. Stephen Henson
4b38f35e72 update documentation to reflect new renegotiation options 2010-01-27 17:50:47 +00:00
Dr. Stephen Henson
82c2773423 Some shells print out the directory name if CDPATH is set breaking the 
pod2man test. Use ./util instead to avoid this.
 2010-01-27 16:06:36 +00:00
Dr. Stephen Henson
ded27f709c typo 2010-01-27 14:04:51 +00:00
Dr. Stephen Henson
30dc3e112b stop warnings in fips_test_suite application 2010-01-27 14:03:26 +00:00
Dr. Stephen Henson
371b262f96 stop missing prototype warnings 2010-01-27 13:32:31 +00:00
Dr. Stephen Henson
b3fb2492d5 eliminate some warnings in fips build 2010-01-27 13:21:34 +00:00
Dr. Stephen Henson
93b810637b Bypass algorithm blocking with TLS MD5+SHA1 signature in FIPS mode by 
calling underlying method directly.
 2010-01-27 00:51:24 +00:00
Dr. Stephen Henson
cc62974182 PR: 1949 
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
 2010-01-26 19:40:36 +00:00
Dr. Stephen Henson
9413788571 PR: 2138 
Submitted by: Kevin Regan <k.regan@f5.com>

Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.
 2010-01-26 18:08:42 +00:00
Dr. Stephen Henson
e8387db0c4 Fix VC++ warning (change had already been made to other branches). 2010-01-26 13:24:08 +00:00
Dr. Stephen Henson
81f28ca567 Typo 2010-01-26 12:29:32 +00:00
Dr. Stephen Henson
1b32943215 Update OID table too. 2010-01-25 16:08:52 +00:00
Dr. Stephen Henson
a231d99d4c PR: 2149 
Submitted by: Douglas Stebila <douglas@stebila.ca>

Fix wap OIDs.
 2010-01-25 16:08:01 +00:00
Dr. Stephen Henson
714044cc03 oops revert test code from previous commit 2010-01-24 13:52:38 +00:00
Dr. Stephen Henson
5598b99fb3 The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING 
ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.
 2010-01-24 13:50:57 +00:00
Dr. Stephen Henson
6899d9bbf6 If legacy renegotiation is not permitted then send a fatal alert if a patched 
server attempts to renegotiate with an unpatched client.
 2010-01-22 18:49:43 +00:00