Dr. Stephen Henson
0330a13aea
Initial DSA public key loading support in CryptoAPI ENGINE.
2008-05-30 15:05:39 +00:00
Dr. Stephen Henson
467325b81d
Add support for ENGINE loaded keys in dsa app.
2008-05-30 15:04:58 +00:00
Dr. Stephen Henson
00f716bbe6
Add error codes for blob sanity checks, rebuild error table.
2008-05-30 11:58:50 +00:00
Dr. Stephen Henson
2f2f032497
Blob type and algorithm type sanity checks
2008-05-30 11:54:51 +00:00
Dr. Stephen Henson
feb200bbb3
Don't set extended type is mbstring flag set.
2008-05-30 10:57:13 +00:00
Dr. Stephen Henson
3894667036
Update default depflag.
2008-05-30 10:31:43 +00:00
Dr. Stephen Henson
203ac694e3
Load CryptoAPI engine if supported.
2008-05-29 23:47:40 +00:00
Dr. Stephen Henson
bb592c75e7
Update mkdef.pl to recognize CAPIENG
2008-05-29 23:15:41 +00:00
Dr. Stephen Henson
777d717c40
Make CryptoAPI engine look more like the others....
2008-05-29 21:03:48 +00:00
Dr. Stephen Henson
143d84590f
Make dynamic engine link work with capi.
2008-05-29 17:51:22 +00:00
Dr. Stephen Henson
a29669d78d
Disable CryptoAPI engine compilation by default.
2008-05-29 17:20:42 +00:00
Dr. Stephen Henson
e5be1e1696
Create error codes, compile in source.
2008-05-29 17:13:15 +00:00
Dr. Stephen Henson
9e47c34729
CryptoAPI ENGINE... initial version, not compiled in yet.
2008-05-29 16:46:38 +00:00
Bodo Möller
cb896f8923
FAQ updates from HEAD
2008-05-28 22:30:39 +00:00
Bodo Möller
cec9bce126
fix whitespace
2008-05-28 22:22:50 +00:00
Mark J. Cox
3f79793b7e
After tagging, bump ready for 0.9.8i development
2008-05-28 07:47:50 +00:00
Mark J. Cox
0d01d8a735
Prepare for 0.9.8h release
2008-05-28 07:37:14 +00:00
Mark J. Cox
2c0fa03dc6
Fix flaw if 'Server Key exchange message' is omitted from a TLS
...
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)
Reviewed by: openssl-security@openssl.org
Obtained from: mark@awe.com
2008-05-28 07:29:27 +00:00
Mark J. Cox
d3b3a6d389
Fix double-free in TLS server name extensions which could lead to a remote
...
crash found by Codenomicon TLS test suite (CVE-2008-0891)
Reviewed by: openssl-security@openssl.org
Obtained from: jorton@redhat.com
2008-05-28 07:26:33 +00:00
Bodo Möller
fc260b09a1
grammar
2008-05-27 18:43:30 +00:00
Bodo Möller
b3c79a8a27
year 2008
2008-05-27 18:41:02 +00:00
Lutz Jänicke
f0ecefc0c0
Add README about removed root CA certificates.
2008-05-26 06:23:55 +00:00
Lutz Jänicke
b0118409a9
Reword comment to be much shorter to stop other people from complaining
...
about "overcommenting"
2008-05-26 06:21:10 +00:00
Lutz Jänicke
5f23288692
Clear error queue when starting SSL_CTX_use_certificate_chain_file
...
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
2008-05-23 10:37:22 +00:00
Lutz Jänicke
45c58c7d10
Remove all root CA files (beyond test CAs including private key)
...
from the OpenSSL distribution.
2008-05-23 08:59:56 +00:00
Dr. Stephen Henson
112591be76
Fix off by one error ;-)
2008-05-20 18:48:22 +00:00
Dr. Stephen Henson
1b8daa3693
Typo.
2008-05-20 16:13:11 +00:00
Dr. Stephen Henson
1cdbc755ee
Update ordinals.
2008-05-20 12:12:22 +00:00
Dr. Stephen Henson
aa9c7e4b8c
Oops... PEM_write_bio_ASN1_stream() shouldn't be in 0.9.8 CMS backport.
2008-05-20 12:10:28 +00:00
Dr. Stephen Henson
6be69a168f
Remove deleted function definitions from header files
...
so Windows build picks it up.
Recognize new option in mk1mf.pl
2008-05-20 11:50:13 +00:00
Dr. Stephen Henson
eaf76feeb6
Remove old DES definition of deleted function too.
2008-05-20 11:23:49 +00:00
Lutz Jänicke
03e79ed05e
Correctly adjust location of comment
...
Submitted by: Ben Laurie <ben@links.org>
2008-05-20 08:10:51 +00:00
Ben Laurie
56bef2df4f
Fix warning.
2008-05-20 03:05:50 +00:00
Dr. Stephen Henson
10d3886c51
Fix two invalid memory reads in RSA OAEP mode.
...
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
2008-05-19 21:26:28 +00:00
Bodo Möller
f1c0cf5b70
Disable code that clearly doesn't currently serve any useful purpose.
...
(Buggy line reported by Matthias Koenig.)
2008-05-19 19:44:33 +00:00
Lutz Jänicke
2a7ac69ee4
Document "openssl s_server" -crl_check* options
...
Submitted by: Daniel Black <daniel.subs@internode.on.net>
2008-05-19 07:52:17 +00:00
Lutz Jänicke
d13ea8e184
Provide information about "openssl dgst" -hmac option.
2008-05-19 07:43:41 +00:00
Dr. Stephen Henson
1820b04bb2
Typo.
...
PR: 1672
2008-05-18 13:52:05 +00:00
Lutz Jänicke
439b7ef463
Another occurance of possible valgrind/purify "uninitialized memory"
...
complaint related to the PRNG: with PURIFY policy don't feed uninitialized
memory into the PRNG.
Submitted by: Bodo Moeller <bmoeller@openssl.org> :-)
2008-05-16 07:14:58 +00:00
Dr. Stephen Henson
a25fb95bd6
Always seed PRNG for new requests no matter what key type. RSA may need
...
the PRNG for blinding.
PR: 1666
2008-05-12 16:07:00 +00:00
Dr. Stephen Henson
6168067160
Fix from HEAD.
2008-05-09 23:17:10 +00:00
Bodo Möller
c3031a4610
Avoid BN_MONT_CTX incompatibility.
2008-05-02 18:47:19 +00:00
Dr. Stephen Henson
1099a94063
Update from HEAD.
2008-05-01 23:31:03 +00:00
Bodo Möller
812d8a176c
Unobtrusive backport of 32-bit x86 Montgomery improvements from 0.9.9-dev:
...
you need to use "enable-montasm" to see a difference. (Huge speed
advantage, but BN_MONT_CTX is not binary compatible, so this can't be
enabled by default in the 0.9.8 branch.)
The CHANGES entry also covers the 64-bit x86 backport in November 2007
by appro.
2008-05-01 23:11:34 +00:00
Dr. Stephen Henson
db533c96e3
TLS ticket key setting callback: this allows and application to set
...
its own TLS ticket keys.
2008-04-30 16:11:33 +00:00
Dr. Stephen Henson
8831eb7624
Do not permit stateless session resumption is session IDs mismatch.
2008-04-29 17:22:01 +00:00
Dr. Stephen Henson
3c8f315021
Support ticket renewal in state machine (not used at present).
2008-04-29 16:41:53 +00:00
Dr. Stephen Henson
0f2e636602
Status strings for ticket states.
2008-04-29 16:38:26 +00:00
Geoff Thorpe
98bd148b1a
Fix auto-discovery of ENGINEs, ported from HEAD.
...
NB, this fixes a regression relative to 0.9.7 and the documented behaviour,
but it would make sense for distro maintainers and others with an interest
in system behaviour to test with this change. The fix re-enables behaviour
that was broken and thus inherently disabled. In particular, if you
register an ENGINE implementation, and that ENGINE is able to successfully
self-initialise on the host, it will get used automatically (as claimed in
the documentation and as was the case for 0.9.7) - this was not the case
with 0.9.8 until now because of a bug.
PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe
2008-04-28 21:45:43 +00:00
Geoff Thorpe
292248b8c2
Update from HEAD.
2008-04-27 18:52:14 +00:00