wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9384 commits 20 branches 302 tags 153 MiB
Commit graph

9384 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
91bad2b09e Prepare for 1.0.0 release - finally ;-) 2010-03-29 13:11:54 +00:00
Andy Polyakov
1244d5b713 ARMv4 assembler: [unconfirmed] fix for compilation failure [from HEAD]. 2010-03-29 09:59:58 +00:00
Andy Polyakov
c0ed5cd47b dso_dlfcn.c: fix compile failure on Tru64 [from HEAD]. 2010-03-29 09:50:33 +00:00
Dr. Stephen Henson
c8281fd38e PR: 1696 
Check return value if d2i_PBEPARAM().
 2010-03-28 00:42:29 +00:00
Dr. Stephen Henson
fe8e6bff9b PR: 1763 
Remove useless num = 0 assignment.

Remove redundant cases on sock_ctrl(): default case handles them.
 2010-03-27 23:28:23 +00:00
Dr. Stephen Henson
9caf25d144 PR: 1904 
Submitted by: David Woodhouse <dwmw2@infradead.org>

Pass passphrase minimum length down to UI.
 2010-03-27 19:27:51 +00:00
Dr. Stephen Henson
348620c7ac PR: 1813 
Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com>

Fix memory leak when engine name cannot be loaded.
 2010-03-27 18:28:13 +00:00
Dr. Stephen Henson
30fc2ab92b update FAQ 2010-03-25 12:07:45 +00:00
Bodo Möller
5b5464d525 Fix for "Record of death" vulnerability CVE-2010-0740. 
Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010).
 2010-03-25 11:22:42 +00:00
Dr. Stephen Henson
cd15a0528f initialise buf if wrong_info not used 2010-03-24 23:42:20 +00:00
Dr. Stephen Henson
7b52778eff PR: 1731 and maybe 2197 
Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.
 2010-03-24 23:16:49 +00:00
Andy Polyakov
162de2f2b5 rand_win.c: fix logical bug in readscreen [from HEAD]. 2010-03-22 22:44:35 +00:00
Andy Polyakov
f6e4af6fd7 bss_file.c: fix MSC 6.0 warning [from HEAD]. 2010-03-22 22:39:46 +00:00
Andy Polyakov
32b76dcdac e_capi.c: fix typo. 2010-03-15 22:29:20 +00:00
Andy Polyakov
bcfd252052 Fix UPLINK typo [from HEAD]. 2010-03-15 22:26:33 +00:00
Dr. Stephen Henson
32c452779e workaround for missing definition in some headers 2010-03-15 13:09:39 +00:00
Dr. Stephen Henson
118b90c59e PR: 2192 
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

The prompt_info and wrong_info parameters can be empty strings which
can produce confusing prompts. Treat empty string same as NULL.
 2010-03-12 12:48:46 +00:00
Dr. Stephen Henson
f6a61b140e missing goto meant signature was never printed out 2010-03-12 12:07:05 +00:00
Dr. Stephen Henson
75ece4b5cf don't leave bogus errors in the queue 2010-03-10 13:48:21 +00:00
Dr. Stephen Henson
724cca4178 make update 2010-03-09 17:23:51 +00:00
Dr. Stephen Henson
5b3fdb0181 PR: 2188 
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

Add "missing" functions to get and set prompt constructor.
 2010-03-09 17:18:17 +00:00
Dr. Stephen Henson
fcc3d0265d PR: 2186 
Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch@tecsys.com>

Detect aix64-gcc
 2010-03-09 17:08:39 +00:00
Dr. Stephen Henson
5356ea7cde reserve a few more bits for future cipher modes 2010-03-08 23:47:57 +00:00
Dr. Stephen Henson
06226df1a9 The OID sanity check was incorrect. It should only disallow *leading* 0x80 
values.
 2010-03-07 16:40:19 +00:00
Dr. Stephen Henson
bf638ef026 don't add digest alias if signature algorithm is undefined 2010-03-06 20:47:45 +00:00
Dr. Stephen Henson
07973d5db8 Fix memory leak: free up ENGINE functional reference if digest is not 
found in an ENGINE.
 2010-03-05 13:33:43 +00:00
Dr. Stephen Henson
3b3f71121b PR: 2183 
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
 2010-03-03 19:56:17 +00:00
Dr. Stephen Henson
47333a34d5 Submitted by: Tomas Hoger <thoger@redhat.com> 
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
 2010-03-03 15:41:00 +00:00
Dr. Stephen Henson
d92138f703 don't mix definitions and code 2010-03-03 15:30:26 +00:00
Andy Polyakov
b2bf335327 Fix s390x-specific HOST_l2c|c2l [from HEAD]. 
Submitted by: Andreas Krebbel
 2010-03-02 16:25:10 +00:00
Dr. Stephen Henson
33bec62a20 PR: 2178 
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>

Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.
 2010-03-01 23:54:34 +00:00
Dr. Stephen Henson
2e630b1847 use supplied ENGINE in genrsa 2010-03-01 14:22:02 +00:00
Dr. Stephen Henson
002d3fe863 use correct prototype as in HEAD 2010-03-01 03:01:56 +00:00
Dr. Stephen Henson
fb24311e7c 'typo' 2010-03-01 01:52:47 +00:00
Dr. Stephen Henson
90278430d9 make USE_CRYPTODEV_DIGESTS work 2010-03-01 01:19:36 +00:00
Ben Laurie
bcd9d12a8d Fix warning. 2010-02-28 13:38:16 +00:00
Dr. Stephen Henson
79363339b7 algorithms field has changed in 1.0.0 and later: update 2010-02-28 00:24:24 +00:00
Dr. Stephen Henson
fbe2c6b33e Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and 
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."
 2010-02-27 23:04:10 +00:00
Dr. Stephen Henson
fc11f47229 Revert CFB block length change. Despite what SP800-38a says the input to 
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
 2010-02-26 14:41:48 +00:00
Dr. Stephen Henson
2b23d89d14 oops, use correct date 2010-02-26 12:14:30 +00:00
Dr. Stephen Henson
9cfa3cff54 update FAQ, NEWS 2010-02-25 18:21:20 +00:00
Dr. Stephen Henson
6507653e72 The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and 
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in
the verify application documentation.
 2010-02-23 14:09:22 +00:00
Bodo Möller
7fe747d1eb Always check bn_wexpend() return values for failure (CVE-2009-3245). 
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
 2010-02-23 10:36:30 +00:00
Bodo Möller
32567c9f3b Fix X509_STORE locking 2010-02-19 18:26:23 +00:00
Dr. Stephen Henson
4f3d52fedc clarify documentation 2010-02-18 12:41:50 +00:00
Dr. Stephen Henson
8321bab39c OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved 2010-02-17 19:43:46 +00:00
Dr. Stephen Henson
989238802a Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:38:10 +00:00
Dr. Stephen Henson
9051fc538f PR: 2100 
Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.
 2010-02-17 14:32:25 +00:00
Dr. Stephen Henson
03fd7f27db Submitted by: Dmitry Ivanov <vonami@gmail.com> 
Don't leave dangling pointers in GOST engine if calls fail.
 2010-02-16 14:30:19 +00:00
Dr. Stephen Henson
45d6a15ae9 PR: 2171 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.

Also can now use SSL2 compatible client hello because RFC5746 supports it.
 2010-02-16 14:20:40 +00:00