Commit graph

8192 commits

Author SHA1 Message Date
Dr. Stephen Henson
0330a13aea Initial DSA public key loading support in CryptoAPI ENGINE. 2008-05-30 15:05:39 +00:00
Dr. Stephen Henson
467325b81d Add support for ENGINE loaded keys in dsa app. 2008-05-30 15:04:58 +00:00
Dr. Stephen Henson
00f716bbe6 Add error codes for blob sanity checks, rebuild error table. 2008-05-30 11:58:50 +00:00
Dr. Stephen Henson
2f2f032497 Blob type and algorithm type sanity checks 2008-05-30 11:54:51 +00:00
Dr. Stephen Henson
feb200bbb3 Don't set extended type is mbstring flag set. 2008-05-30 10:57:13 +00:00
Dr. Stephen Henson
3894667036 Update default depflag. 2008-05-30 10:31:43 +00:00
Dr. Stephen Henson
203ac694e3 Load CryptoAPI engine if supported. 2008-05-29 23:47:40 +00:00
Dr. Stephen Henson
bb592c75e7 Update mkdef.pl to recognize CAPIENG 2008-05-29 23:15:41 +00:00
Dr. Stephen Henson
777d717c40 Make CryptoAPI engine look more like the others.... 2008-05-29 21:03:48 +00:00
Dr. Stephen Henson
143d84590f Make dynamic engine link work with capi. 2008-05-29 17:51:22 +00:00
Dr. Stephen Henson
a29669d78d Disable CryptoAPI engine compilation by default. 2008-05-29 17:20:42 +00:00
Dr. Stephen Henson
e5be1e1696 Create error codes, compile in source. 2008-05-29 17:13:15 +00:00
Dr. Stephen Henson
9e47c34729 CryptoAPI ENGINE... initial version, not compiled in yet. 2008-05-29 16:46:38 +00:00
Bodo Möller
cb896f8923 FAQ updates from HEAD 2008-05-28 22:30:39 +00:00
Bodo Möller
cec9bce126 fix whitespace 2008-05-28 22:22:50 +00:00
Mark J. Cox
3f79793b7e After tagging, bump ready for 0.9.8i development 2008-05-28 07:47:50 +00:00
Mark J. Cox
0d01d8a735 Prepare for 0.9.8h release 2008-05-28 07:37:14 +00:00
Mark J. Cox
2c0fa03dc6 Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com
2008-05-28 07:29:27 +00:00
Mark J. Cox
d3b3a6d389 Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com
2008-05-28 07:26:33 +00:00
Bodo Möller
fc260b09a1 grammar 2008-05-27 18:43:30 +00:00
Bodo Möller
b3c79a8a27 year 2008 2008-05-27 18:41:02 +00:00
Lutz Jänicke
f0ecefc0c0 Add README about removed root CA certificates. 2008-05-26 06:23:55 +00:00
Lutz Jänicke
b0118409a9 Reword comment to be much shorter to stop other people from complaining
about "overcommenting"
2008-05-26 06:21:10 +00:00
Lutz Jänicke
5f23288692 Clear error queue when starting SSL_CTX_use_certificate_chain_file
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
2008-05-23 10:37:22 +00:00
Lutz Jänicke
45c58c7d10 Remove all root CA files (beyond test CAs including private key)
from the OpenSSL distribution.
2008-05-23 08:59:56 +00:00
Dr. Stephen Henson
112591be76 Fix off by one error ;-) 2008-05-20 18:48:22 +00:00
Dr. Stephen Henson
1b8daa3693 Typo. 2008-05-20 16:13:11 +00:00
Dr. Stephen Henson
1cdbc755ee Update ordinals. 2008-05-20 12:12:22 +00:00
Dr. Stephen Henson
aa9c7e4b8c Oops... PEM_write_bio_ASN1_stream() shouldn't be in 0.9.8 CMS backport. 2008-05-20 12:10:28 +00:00
Dr. Stephen Henson
6be69a168f Remove deleted function definitions from header files
so Windows build picks it up.

Recognize new option in mk1mf.pl
2008-05-20 11:50:13 +00:00
Dr. Stephen Henson
eaf76feeb6 Remove old DES definition of deleted function too. 2008-05-20 11:23:49 +00:00
Lutz Jänicke
03e79ed05e Correctly adjust location of comment
Submitted by: Ben Laurie <ben@links.org>
2008-05-20 08:10:51 +00:00
Ben Laurie
56bef2df4f Fix warning. 2008-05-20 03:05:50 +00:00
Dr. Stephen Henson
10d3886c51 Fix two invalid memory reads in RSA OAEP mode.
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
2008-05-19 21:26:28 +00:00
Bodo Möller
f1c0cf5b70 Disable code that clearly doesn't currently serve any useful purpose.
(Buggy line reported by Matthias Koenig.)
2008-05-19 19:44:33 +00:00
Lutz Jänicke
2a7ac69ee4 Document "openssl s_server" -crl_check* options
Submitted by: Daniel Black <daniel.subs@internode.on.net>
2008-05-19 07:52:17 +00:00
Lutz Jänicke
d13ea8e184 Provide information about "openssl dgst" -hmac option. 2008-05-19 07:43:41 +00:00
Dr. Stephen Henson
1820b04bb2 Typo.
PR: 1672
2008-05-18 13:52:05 +00:00
Lutz Jänicke
439b7ef463 Another occurance of possible valgrind/purify "uninitialized memory"
complaint related to the PRNG: with PURIFY policy don't feed uninitialized
memory into the PRNG.

Submitted by: Bodo Moeller <bmoeller@openssl.org> :-)
2008-05-16 07:14:58 +00:00
Dr. Stephen Henson
a25fb95bd6 Always seed PRNG for new requests no matter what key type. RSA may need
the PRNG for blinding.

PR: 1666
2008-05-12 16:07:00 +00:00
Dr. Stephen Henson
6168067160 Fix from HEAD. 2008-05-09 23:17:10 +00:00
Bodo Möller
c3031a4610 Avoid BN_MONT_CTX incompatibility. 2008-05-02 18:47:19 +00:00
Dr. Stephen Henson
1099a94063 Update from HEAD. 2008-05-01 23:31:03 +00:00
Bodo Möller
812d8a176c Unobtrusive backport of 32-bit x86 Montgomery improvements from 0.9.9-dev:
you need to use "enable-montasm" to see a difference.  (Huge speed
advantage, but BN_MONT_CTX is not binary compatible, so this can't be
enabled by default in the 0.9.8 branch.)

The CHANGES entry also covers the 64-bit x86 backport in November 2007
by appro.
2008-05-01 23:11:34 +00:00
Dr. Stephen Henson
db533c96e3 TLS ticket key setting callback: this allows and application to set
its own TLS ticket keys.
2008-04-30 16:11:33 +00:00
Dr. Stephen Henson
8831eb7624 Do not permit stateless session resumption is session IDs mismatch. 2008-04-29 17:22:01 +00:00
Dr. Stephen Henson
3c8f315021 Support ticket renewal in state machine (not used at present). 2008-04-29 16:41:53 +00:00
Dr. Stephen Henson
0f2e636602 Status strings for ticket states. 2008-04-29 16:38:26 +00:00
Geoff Thorpe
98bd148b1a Fix auto-discovery of ENGINEs, ported from HEAD.
NB, this fixes a regression relative to 0.9.7 and the documented behaviour,
but it would make sense for distro maintainers and others with an interest
in system behaviour to test with this change. The fix re-enables behaviour
that was broken and thus inherently disabled. In particular, if you
register an ENGINE implementation, and that ENGINE is able to successfully
self-initialise on the host, it will get used automatically (as claimed in
the documentation and as was the case for 0.9.7) - this was not the case
with 0.9.8 until now because of a bug.

PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe
2008-04-28 21:45:43 +00:00
Geoff Thorpe
292248b8c2 Update from HEAD. 2008-04-27 18:52:14 +00:00