wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9398 commits 20 branches 302 tags 153 MiB
Commit graph

9398 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
79363339b7 algorithms field has changed in 1.0.0 and later: update 2010-02-28 00:24:24 +00:00
Dr. Stephen Henson
fbe2c6b33e Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and 
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."
 2010-02-27 23:04:10 +00:00
Dr. Stephen Henson
fc11f47229 Revert CFB block length change. Despite what SP800-38a says the input to 
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
 2010-02-26 14:41:48 +00:00
Dr. Stephen Henson
2b23d89d14 oops, use correct date 2010-02-26 12:14:30 +00:00
Dr. Stephen Henson
9cfa3cff54 update FAQ, NEWS 2010-02-25 18:21:20 +00:00
Dr. Stephen Henson
6507653e72 The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and 
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in
the verify application documentation.
 2010-02-23 14:09:22 +00:00
Bodo Möller
7fe747d1eb Always check bn_wexpend() return values for failure (CVE-2009-3245). 
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
 2010-02-23 10:36:30 +00:00
Bodo Möller
32567c9f3b Fix X509_STORE locking 2010-02-19 18:26:23 +00:00
Dr. Stephen Henson
4f3d52fedc clarify documentation 2010-02-18 12:41:50 +00:00
Dr. Stephen Henson
8321bab39c OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved 2010-02-17 19:43:46 +00:00
Dr. Stephen Henson
989238802a Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:38:10 +00:00
Dr. Stephen Henson
9051fc538f PR: 2100 
Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.
 2010-02-17 14:32:25 +00:00
Dr. Stephen Henson
03fd7f27db Submitted by: Dmitry Ivanov <vonami@gmail.com> 
Don't leave dangling pointers in GOST engine if calls fail.
 2010-02-16 14:30:19 +00:00
Dr. Stephen Henson
45d6a15ae9 PR: 2171 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.

Also can now use SSL2 compatible client hello because RFC5746 supports it.
 2010-02-16 14:20:40 +00:00
Dr. Stephen Henson
6c6ca18664 The "block length" for CFB mode was incorrectly coded as 1 all the time. It 
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
 2010-02-15 19:40:30 +00:00
Dr. Stephen Henson
97fe2b40c1 Correct ECB mode EVP_CIPHER definition: IV length is 0 2010-02-15 19:25:52 +00:00
Dr. Stephen Henson
f689ab5017 add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable 2010-02-15 19:17:55 +00:00
Dr. Stephen Henson
edb7cac271 PR: 2164 
Submitted by: "Noszticzius, Istvan" <inoszticzius@rightnow.com>

Don't clear the output buffer: ciphers should correctly the same input
and output buffers.
 2010-02-15 19:01:56 +00:00
Dr. Stephen Henson
81d87a2a28 update references to new RI RFC 2010-02-12 21:59:57 +00:00
Dr. Stephen Henson
7366f0b304 PR: 2170 
Submitted by: Magnus Lilja <lilja.magnus@gmail.com>

Make -c option in dgst work again.
 2010-02-12 17:07:24 +00:00
Dr. Stephen Henson
1d8fa09c80 Make assembly language versions of OPENSSL_cleanse() accept zero length 
parameter. Backport from HEAD, orginal by appro.
 2010-02-12 17:02:13 +00:00
Dr. Stephen Henson
e085e6c84c Fix memory leak in ENGINE autoconfig code. Improve error logging. 2010-02-09 14:17:57 +00:00
Dr. Stephen Henson
008fa4584d update year 2010-02-09 14:13:00 +00:00
Dr. Stephen Henson
c8c49133d9 oops, use new value for new flag 2010-02-07 13:54:54 +00:00
Dr. Stephen Henson
961f1dea06 make update 2010-02-07 13:47:08 +00:00
Dr. Stephen Henson
1700426256 Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy 
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
 2010-02-07 13:41:23 +00:00
Dr. Stephen Henson
aa7f5baad2 don't assume 0x is at start of string 2010-02-03 18:19:05 +00:00
Dr. Stephen Henson
45acdd6f6d tolerate broken CMS/PKCS7 implementations using signature OID instead of digest 2010-02-02 14:26:32 +00:00
Dr. Stephen Henson
8b354e776b PR: 2161 
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.

Make no-dsa, no-ecdsa and no-rsa compile again.
 2010-02-02 13:36:05 +00:00
Dr. Stephen Henson
868f5e44ca PR: 2160 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Make session tickets work with DTLS.
 2010-02-01 16:49:42 +00:00
Dr. Stephen Henson
4e5fdd11ea PR: 2159 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Typo in PR#1949 bug, oops!
 2010-02-01 12:44:11 +00:00
Richard Levitte
d552a3391a Typo. 2010-01-29 12:07:50 +00:00
Richard Levitte
d023b4e2dd The previous take went wrong, try again. 2010-01-29 12:02:54 +00:00
Richard Levitte
fa79cc9c23 Architecture specific header files need special handling. 2010-01-29 11:44:40 +00:00
Richard Levitte
06daa75fb9 If opensslconf.h and buildinf.h are to be in an architecture specific 
directory, place it in the same tree as the other architecture
specific things.
 2010-01-29 11:43:53 +00:00
Dr. Stephen Henson
ffa304c838 oops, revert more test code arghh! 2010-01-28 17:52:18 +00:00
Dr. Stephen Henson
df21765a3e In engine_table_select() don't clear out entire error queue: just clear 
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
 2010-01-28 17:50:23 +00:00
Dr. Stephen Henson
5a6ae115f8 reword RI description 2010-01-27 18:53:49 +00:00
Dr. Stephen Henson
5e5df40b9b update documentation to reflect new renegotiation options 2010-01-27 17:50:20 +00:00
Dr. Stephen Henson
6d4943e81f Some shells print out the directory name if CDPATH is set breaking the 
pod2man test. Use ./util instead to avoid this.
 2010-01-27 16:06:58 +00:00
Dr. Stephen Henson
57cffe901f typo 2010-01-27 14:05:15 +00:00
Dr. Stephen Henson
a758f61793 PR: 2157 
Submitted by: "Green, Paul" <Paul.Green@stratus.com>

Typo.
 2010-01-27 12:55:52 +00:00
Richard Levitte
b3b35df2a2 Cosmetic changes, including changing a confusing example. 2010-01-27 09:18:05 +00:00
Richard Levitte
5ad50246fc Apparently, test/testtsa.com was only half done 2010-01-27 01:19:12 +00:00
Richard Levitte
d89b895cfd size_t doesn't compare less than zero... 2010-01-27 01:18:26 +00:00
Dr. Stephen Henson
d793c292cb add CHANGES entry 2010-01-26 19:48:10 +00:00
Dr. Stephen Henson
57749b1b9f PR: 1949 
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
 2010-01-26 19:46:30 +00:00
Dr. Stephen Henson
1cdb7854a5 PR: 2138 
Submitted by: Kevin Regan <k.regan@f5.com>

Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.
 2010-01-26 18:07:41 +00:00
Dr. Stephen Henson
704d33b347 Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and 
later.
 2010-01-26 14:33:52 +00:00
Dr. Stephen Henson
b2a7515ee8 OPENSSL_isservice is now defined on all platforms not just WIN32 2010-01-26 13:58:49 +00:00