Commit graph

4252 commits

Author SHA1 Message Date
Ben Laurie
d886975835 Fix gcc 4.6 warnings. Check TLS server hello extension length. 2010-06-12 13:18:58 +00:00
Dr. Stephen Henson
22872a5363 Prepare for release. 2010-06-01 14:47:12 +00:00
Dr. Stephen Henson
82b6b541b1 Fix CVE-2010-0742 2010-06-01 14:39:57 +00:00
Dr. Stephen Henson
60a989a76e fix PR#2261 in a different way 2010-05-31 13:17:52 +00:00
Andy Polyakov
18394ed50f 098 aes-x86_64.pl module was erroneously enabled in Win64 build without
being adapted for Win64 ABI. Fix this.
2010-05-30 22:02:03 +00:00
Dr. Stephen Henson
356f164f52 PR: 2258
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Base64 BIO fixes:

Use OPENSSL_assert() instead of assert().
Use memmove() as buffers overlap.
Fix write retry logic.
2010-05-27 12:41:33 +00:00
Dr. Stephen Henson
203ef9988c PR: 2266
Submitted By: Jonathan Gray <jsg@goblin.cx>

Correct ioctl definitions.
2010-05-26 23:23:53 +00:00
Dr. Stephen Henson
59c4f46f0f PR: 2251
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Memleak, BIO chain leak and realloc checks in v3_pci.c
2010-05-22 00:31:18 +00:00
Dr. Stephen Henson
a7949b8da3 PR: 2253
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Check callback return value when outputting errors.
2010-05-15 00:36:40 +00:00
Andy Polyakov
b8febed96a Prevent ERR_print_errors_fp crash on Win32 [from HEAD]. 2010-04-20 20:28:30 +00:00
Andy Polyakov
c25e8ee9b3 md32_common.h: fix copy-n-paste typo. The typo was present in 098 only. 2010-03-29 11:23:11 +00:00
Dr. Stephen Henson
4525a048ec PR: 1696
Check return value if d2i_PBEPARAM().
2010-03-28 00:42:17 +00:00
Dr. Stephen Henson
17a79eec0c PR: 1763
Remove useless num = 0 assignment.

Remove redundant cases on sock_ctrl(): default case handles them.
2010-03-27 23:28:33 +00:00
Dr. Stephen Henson
1eda14b44f PR: 1813
Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com>

Fix memory leak when engine name cannot be loaded.
2010-03-27 18:28:24 +00:00
Richard Levitte
ab9c0ec9fc Have an underscore before <ARCH> to make sure any future architecture
name won't be mixed up with any crypto name.
2010-03-25 14:45:22 +00:00
Dr. Stephen Henson
ea5b3f5e62 PR: 2202 (partial)
Submitted by: Steven M. Schweda <sms@antinode.info>

Make some declarations conditional on FIPS/ENGINE.
Make pqueue_print non-VAX.
2010-03-25 12:17:17 +00:00
Dr. Stephen Henson
c3c658e1c0 updates for next version 2010-03-25 12:07:04 +00:00
Dr. Stephen Henson
4fae868811 prepare for release 2010-03-24 13:16:55 +00:00
Andy Polyakov
c3484e0268 rand_win.c: fix logical bug in readscreen [from HEAD]. 2010-03-22 22:44:48 +00:00
Andy Polyakov
6b0be9c73d bss_file.c: fix MSC 6.0 warning [from HEAD]. 2010-03-22 22:40:18 +00:00
Andy Polyakov
02312a91ca ppc.pl: assembler Y chokes on apostrophes in comment. 2010-03-22 20:58:43 +00:00
Andy Polyakov
f1502a491e Fix UPLINK typo [from HEAD]. 2010-03-15 22:27:32 +00:00
Dr. Stephen Henson
cc53036744 missing goto meant signature was never printed out 2010-03-12 12:07:16 +00:00
Dr. Stephen Henson
5e8e7054f7 The OID sanity check was incorrect. It should only disallow *leading* 0x80
values.
2010-03-07 16:40:31 +00:00
Dr. Stephen Henson
9a542ea01d don't add digest alias if signature algorithm is undefined 2010-03-06 20:52:33 +00:00
Dr. Stephen Henson
1939f83709 Fix memory leak: free up ENGINE functional reference if digest is not
found in an ENGINE.
2010-03-05 13:35:06 +00:00
Dr. Stephen Henson
7786ed6a64 don't mix definitions and code 2010-03-03 15:30:05 +00:00
Andy Polyakov
bdd08277b8 Fix s390x-specific HOST_l2c|c2l [from HEAD].
Submitted by: Andreas Krebbel
2010-03-02 16:26:13 +00:00
Dr. Stephen Henson
2bf4faa7e4 PR: 2178
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>

Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.
2010-03-01 23:54:19 +00:00
Dr. Stephen Henson
2e5e604b0c load cryptodev if HAVE_CRYPTODEV is set too 2010-03-01 00:30:11 +00:00
Ben Laurie
ed4cd027f3 Fix warnings. 2010-02-28 13:37:15 +00:00
Dr. Stephen Henson
582eb96d15 Revert CFB block length change. Despite what SP800-38a says the input to
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
2010-02-26 14:41:38 +00:00
Dr. Stephen Henson
2649ce1ebc Change versions for 0.9.8n-dev 2010-02-26 14:34:24 +00:00
Dr. Stephen Henson
7070cdba4e Prepare for 0.9.8m release 2010-02-25 17:18:23 +00:00
Richard Levitte
e885de28b1 Since crypto-lib.com is built to be executed in the crypto/ directory,
there's no need to specify that directory in the include path.
2010-02-24 01:20:04 +00:00
Bodo Möller
3e4da3f7cb Always check bn_wexpend() return values for failure (CVE-2009-3245).
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
2010-02-23 10:36:41 +00:00
Richard Levitte
defede6080 Include [.CRYPTO.<ARCH>] instead of just [.<ARCH>] 2010-02-23 07:50:54 +00:00
Richard Levitte
00d1ecb1da Add t1_reneg to the VMS build.
Hack the symbols with long names.
2010-02-22 07:05:24 +00:00
Bodo Möller
739e0e934a Fix X509_STORE locking 2010-02-19 18:25:39 +00:00
Dr. Stephen Henson
657b02d0cf PR: 2100
Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:01 +00:00
Dr. Stephen Henson
1b690c1a8b The "block length" for CFB mode was incorrectly coded as 1 all the time. It
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
2010-02-15 19:40:45 +00:00
Dr. Stephen Henson
2873a53f5f Correct ECB mode EVP_CIPHER definition: IV length is 0 2010-02-15 19:25:37 +00:00
Dr. Stephen Henson
04a781e844 PR: 2164
Submitted by: "Noszticzius, Istvan" <inoszticzius@rightnow.com>

Don't clear the output buffer: ciphers should correctly the same input
and output buffers.
2010-02-15 19:02:53 +00:00
Dr. Stephen Henson
0bbbadf3f5 Fix memory leak in ENGINE autoconfig code. Improve error logging. 2010-02-09 14:18:15 +00:00
Dr. Stephen Henson
4a9d335bb4 tolerate broken CMS/PKCS7 implementations using signature OID instead of digest 2010-02-02 14:19:54 +00:00
Dr. Stephen Henson
0369804ffa In engine_table_select() don't clear out entire error queue: just clear
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
2010-01-28 17:53:11 +00:00
Dr. Stephen Henson
b3fb2492d5 eliminate some warnings in fips build 2010-01-27 13:21:34 +00:00
Dr. Stephen Henson
93b810637b Bypass algorithm blocking with TLS MD5+SHA1 signature in FIPS mode by
calling underlying method directly.
2010-01-27 00:51:24 +00:00
Dr. Stephen Henson
9413788571 PR: 2138
Submitted by: Kevin Regan <k.regan@f5.com>

Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.
2010-01-26 18:08:42 +00:00
Dr. Stephen Henson
1b32943215 Update OID table too. 2010-01-25 16:08:52 +00:00
Dr. Stephen Henson
a231d99d4c PR: 2149
Submitted by: Douglas Stebila <douglas@stebila.ca>

Fix wap OIDs.
2010-01-25 16:08:01 +00:00
Dr. Stephen Henson
cf876a9893 change versions back to 0.9.8m-dev 2010-01-20 18:22:04 +00:00
Dr. Stephen Henson
8b8a2928af prepare for release 2010-01-20 17:26:02 +00:00
Andy Polyakov
b86ebb55ff rand_win.c: handel GetTickCount wrap-around [from HEAD]. 2010-01-19 21:45:45 +00:00
Andy Polyakov
66956eaba3 x86_64-xlate.pl: refine sign extension logic when handling lea [from HEAD].
PR: 2094,2095
2010-01-19 21:45:16 +00:00
Andy Polyakov
2557c6a812 Valgrind fix to aes-x86_64.pl in 0.9.8. For reference, newer aes-x86_64.pl
don't suffer from the problem after Win64 SEH support was added.
PR: 2075
Submitted by: Peter Klotz
2010-01-17 19:43:49 +00:00
Dr. Stephen Henson
06e2670a57 Modify compression code so it avoids using ex_data free functions. This
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
2010-01-13 18:45:03 +00:00
Andy Polyakov
5b8246d6eb x86_64-xlate.pl: new gas requires sign extention in lea instruction
[from HEAD].
PR: 2094,2095
2010-01-07 11:22:25 +00:00
Dr. Stephen Henson
c22050be29 Traditional Yuletide commit ;-)
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:11:18 +00:00
Bodo Möller
54ca55fd81 Constify crypto/cast. 2009-12-22 11:45:57 +00:00
Bodo Möller
d0e79d7e2c Constify crypto/cast. 2009-12-22 10:59:03 +00:00
Dr. Stephen Henson
c1003dfd15 Ooops, engage ENGINE initialisation code correctly in FIPS builds. 2009-12-17 16:38:18 +00:00
Dr. Stephen Henson
9e5dea0ffd PR: 2124
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
2009-12-09 13:41:50 +00:00
Dr. Stephen Henson
1ff44a99a4 PR: 2111
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
2009-12-02 15:27:19 +00:00
Dr. Stephen Henson
b172352b52 PR: 1432
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org

Truncate hash if it is too large: as required by FIPS 186-3.
2009-12-01 17:32:16 +00:00
Dr. Stephen Henson
637e0ba420 PR: 2094
Submitted by: Arkadiusz Miskiewicz <arekm@maven.pl>
Approved by: steve@openssl.org

Fix for out range of signed 32bit displacement error on newer binutils.
2009-11-13 14:14:46 +00:00
Richard Levitte
e333a8d673 Updated from 1.0.0-stable. 2009-11-12 16:59:18 +00:00
Dr. Stephen Henson
7e42945918 PR: 2091
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org

If an OID has no short name or long name return the numerical representation.
2009-11-10 01:00:37 +00:00
Dr. Stephen Henson
b61a87b26c check new_der for NULL too 2009-11-10 00:46:57 +00:00
Dr. Stephen Henson
2c6b141931 PR: 2090
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org

Improve error checking in asn1_gen.c
2009-11-10 00:40:42 +00:00
Dr. Stephen Henson
381a9f04a0 Fix unitialized warnings 2009-10-04 16:53:18 +00:00
Dr. Stephen Henson
d7050b4424 Fix warnings about ignoring fgets return value 2009-10-04 16:43:39 +00:00
Dr. Stephen Henson
91ca332058 Prevent ignored return value warning 2009-10-04 14:04:36 +00:00
Dr. Stephen Henson
ff095a8ac8 Prevent aliasing warning 2009-10-04 14:02:35 +00:00
Dr. Stephen Henson
ae37f9f3a2 PR: 2062
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BN_rand error handling in bntest.c
2009-10-01 00:22:23 +00:00
Dr. Stephen Henson
95d66bd867 PR: 2059
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct EVP_SealInit error handling in pem_seal.c
2009-10-01 00:18:09 +00:00
Dr. Stephen Henson
6d73e9d8e8 PR: 2056
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_wirte error handling in asn1_par.c
2009-10-01 00:12:49 +00:00
Dr. Stephen Henson
36a38a7a27 PR: 2063
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_write error handling in ocsp_prn.c
2009-09-30 23:59:42 +00:00
Dr. Stephen Henson
2a4dc7e505 PR: 2057
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT
error handling in OCSP print routines.
2009-09-30 23:56:29 +00:00
Ben Laurie
4e92353d23 Make it build, plus make depend. 2009-09-27 14:04:33 +00:00
Dr. Stephen Henson
0badc909ae PR: 2050
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org

Fix handling of ENOTCONN and EMSGSIZE for dgram BIOs.
2009-09-22 11:33:58 +00:00
Dr. Stephen Henson
3cc52ee97a Don't set non fips allow flags when calling RSA_new() and DSA_new(). 2009-09-22 11:28:05 +00:00
Dr. Stephen Henson
9e6c97703c Don't use __try+__except unless on VC++ 2009-09-20 12:38:46 +00:00
Dr. Stephen Henson
e1246e1ad7 Submitted by: Julia Lawall <julia@diku.dk>
The functions ENGINE_ctrl(), OPENSSL_isservice(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:20:38 +00:00
Dr. Stephen Henson
cf51a0dccb Seed PRNG with DSA and ECDSA digests for additional protection against
possible PRNG state duplication.
2009-09-09 12:07:41 +00:00
Dr. Stephen Henson
48b30bf0e2 make update 2009-09-06 16:14:20 +00:00
Dr. Stephen Henson
17b08b6a64 PR: 1644
Submitted by: steve@openssl.org

Fix to make DHparams_dup() et al work in C++.

For 0.9.8, we just change the macro to avoid making incompatible changes to
the API.
2009-09-06 15:46:46 +00:00
Dr. Stephen Henson
197ab47bdd PR: 2028
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.
2009-09-04 17:53:30 +00:00
Richard Levitte
2c83b24cad Remove tmdiff.h from EXHEADERS as it doesn't exist.
Don't have separate installation directory variables for VAX and AXP.

Submitted by Zoltan Arpadffy <zoli@polarhome.com>
2009-08-25 07:28:18 +00:00
Richard Levitte
c21a427a14 Make it possible to compile non-assembler routines on AXP as well.
Submitted by Zoltan Arpadffy <arpadffy@polarhome.com>
2009-08-25 07:22:07 +00:00
Dr. Stephen Henson
3af16cf694 Backport GeneralizedTime fractional seconds support from HEAD. 2009-08-10 15:15:27 +00:00
Dr. Stephen Henson
759b287f15 Add COMP error strings. 2009-08-09 14:51:56 +00:00
Dr. Stephen Henson
5fffb5b3d9 Backport modified version of MIME wrapper for PKCS#7. This ensures
correct values for micalg among other things.
2009-08-09 14:49:00 +00:00
Dr. Stephen Henson
059230b320 Reject leading 0x80 in OID subidentifiers. 2009-08-06 16:22:57 +00:00
Dr. Stephen Henson
b0080e3817 PR: 1992
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

RAND_poll() and CreateToolhelp32Snapshot() stability for WIN32.
2009-07-24 13:47:32 +00:00
Dr. Stephen Henson
ded8aff2c8 PR: 1990
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS socket timeout bug fix.
2009-07-24 13:06:35 +00:00
Dr. Stephen Henson
32d4496c1e PR: 1989
Submitted by: Viktor Szakáts <harbour.01@syenar.hu>
Approved by: steve@openssl.org

Too few arguments in definition of BIO_get_cont_int_port macro.
2009-07-24 11:24:07 +00:00
Dr. Stephen Henson
8b634ba029 OSX DSO fix from HEAD. 2009-07-16 09:58:27 +00:00
Dr. Stephen Henson
526228b78e Update from 1.0.0-stable. 2009-07-15 11:03:08 +00:00
Dr. Stephen Henson
7852c6b075 Update from HEAD 2009-07-11 22:30:49 +00:00
Dr. Stephen Henson
2c5f3606d1 Remove MD2 from digest algorithm table. This follows the recommendation in
several places that it is not used in new applications.
2009-07-08 08:33:27 +00:00
Dr. Stephen Henson
f67f815624 Update from 1.0.0-stable. 2009-06-30 11:22:25 +00:00
Dr. Stephen Henson
5e4c2225ed Oops, moved too much. 2009-06-26 23:56:10 +00:00
Dr. Stephen Henson
167d2a1411 PR: 1961
Submitted by: Martin Gerbershagen <martin.gerbershagen@nsn.com>
Approved by: steve@openssl.org

Avoid memory leak if RAND_bytes() fails.
2009-06-26 22:52:18 +00:00
Dr. Stephen Henson
9aecc3e5ff Update from 1.0.0-stable. 2009-06-26 11:34:22 +00:00
Dr. Stephen Henson
b8a4a5bcba Fix from HEAD. 2009-06-25 17:12:26 +00:00
Dr. Stephen Henson
efaa569c3b PR: 1943
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org

Rename uni2asc and asc2uni on Netware to avoid a name clash.
2009-06-17 11:55:51 +00:00
Dr. Stephen Henson
15684f58c2 Update from 1.0.0-stable. 2009-06-17 11:49:18 +00:00
Dr. Stephen Henson
0e6c24ae4b Update from HEAD. 2009-06-17 11:26:39 +00:00
Dr. Stephen Henson
1e53b797f6 Don't check self-signed signature in X509_verify_cert(), the check just
wastes processing time and doesn't add any security.
2009-06-15 14:52:38 +00:00
Dr. Stephen Henson
1ddf691244 Update from 1.0.0-stable. 2009-06-05 15:05:10 +00:00
Dr. Stephen Henson
78074baadd Fix from 1.0.0-stable. 2009-06-05 11:53:49 +00:00
Dr. Stephen Henson
7457642b8c PR: 1937
Submitted by: Mark Phalan <Mark.Phalan@Sun.COM>
Reviewed by: steve@openssl.org

Fix misuse of st_mode field in struct stat.
2009-06-02 11:31:32 +00:00
Dr. Stephen Henson
c2f425a06a PR: 1944
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve@openssl.org

Fix gcc warning on mingw.
2009-06-01 12:18:21 +00:00
Dr. Stephen Henson
4930f8bbd9 Update from HEAD. 2009-06-01 12:14:53 +00:00
Dr. Stephen Henson
4730ea8a38 Fix from 1.0.0-stable branch. 2009-05-18 16:12:56 +00:00
Dr. Stephen Henson
b7d0d35a13 Modified PR#1929 update from 1.0.0-stable. 2009-05-17 16:42:14 +00:00
Richard Levitte
d7c86198d9 Stupid typo 2009-05-17 07:22:18 +00:00
Dr. Stephen Henson
6bf4ca0840 Update from 1.0.0-stable. 2009-05-16 16:18:45 +00:00
Dr. Stephen Henson
efa59b8d59 Updates from 1.0.0-stable. 2009-05-16 15:51:59 +00:00
Dr. Stephen Henson
e1a2bfaaa6 Update from HEAD. 2009-05-15 23:07:59 +00:00
Richard Levitte
48f48d96ce Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
2009-05-15 16:37:29 +00:00
Richard Levitte
3166d16f06 Add a comment about libeay.num and ssleay.num 2009-05-15 16:00:11 +00:00
Richard Levitte
3e9b2042d9 Update from HEAD 2009-05-05 08:48:02 +00:00
Richard Levitte
05ee0523c1 Update from HEAD 2009-04-28 13:11:05 +00:00
Dr. Stephen Henson
01cb2049e3 Update from 1.0.0-stable. 2009-04-22 17:37:47 +00:00
Dr. Stephen Henson
b00c36e366 PR: 1829
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timer bug fix from 1.0.0-stable with fixes.
2009-04-14 15:20:48 +00:00
Dr. Stephen Henson
18df6b30b1 Fix from 1.0.0-stable. 2009-04-08 15:58:26 +00:00
Dr. Stephen Henson
a78ded0b61 PR: 1700
Submitted by: "Robbins, Aharon" <aharon.robbins@intel.com>
Approved by: steve@openssl.org

#undef X509_EXTENSIONS for WIN32 too.
2009-04-03 16:54:04 +00:00
Dr. Stephen Henson
0a629ddbd6 Update from 1.0.0-stable 2009-04-03 16:28:20 +00:00
Dr. Stephen Henson
353cb367e4 PR: 1616
Submitted by: Dequin_Eric@emc.com
Approved by: steve@openssl.org

Check tree->levels to ensure malloc worked.
2009-04-03 11:36:49 +00:00
Dr. Stephen Henson
c342341ea1 Ooops, revert patch... due to non-portable gettimeofday call. 2009-04-02 22:19:07 +00:00
Dr. Stephen Henson
9d396bee8e PR: 1829
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timer bug fix.
2009-04-02 22:16:02 +00:00
Dr. Stephen Henson
aca8bf43ce Submitted by: Ilya O. <vrghost@gmail.com>
Approved by: steve@openssl.org

Add 2.5.4.* OIDs.
2009-03-25 19:01:03 +00:00
Dr. Stephen Henson
7de0df694f Prepare for next version. 2009-03-25 13:02:49 +00:00
Dr. Stephen Henson
15d3cd4680 Aaargh.... wrong version number.... 2009-03-25 12:08:14 +00:00
Dr. Stephen Henson
e10051ef3f Prepare for 0.9.8k release. 2009-03-25 10:46:56 +00:00
Dr. Stephen Henson
c60dca1f95 PR: 1868
Submitted by: Paolo Ganci <Paolo.Ganci@AdNovum.CH>
Approved by: steve@openssl.org

Don't set fields to NULL when freeing them up in ASN1 code. On some platforms
with sizeof(long) < sizeof(char *) this can cause a crash.
2009-03-25 10:42:34 +00:00
Dr. Stephen Henson
188abf7e2a Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Approved by: steve@openssl.org

Check return code properly in CMS_SignerInfo_verify_content().
2009-03-25 10:40:32 +00:00
Dr. Stephen Henson
f021b7cca6 Reject BMPStrings and UniversalStrings of invalid length. This prevents
a crash in ASN1_STRING_print_ex() which assumes they are valid.
2009-03-25 10:35:57 +00:00
Andy Polyakov
3f03b3569d des_enc.m4, SPARC DES assembler, update from HEAD: make it Purify-friendly.
As side effect it introduces duplicate of 2KB DES_SPtrans table.
2009-03-16 13:43:43 +00:00
Dr. Stephen Henson
07dd3bfcd4 Oops. 2009-03-15 14:03:29 +00:00
Dr. Stephen Henson
37afdc953e Don't force S/MIME signing purpose: allow it to be overridden by store
settings.

Don't set default values in X509_VERIFY_PARAM_new(): it stops parameters
being inherited properly.
2009-03-15 13:36:01 +00:00
Dr. Stephen Henson
044855e146 Permit nested ASN1 string encoding but with a maximum depth to avoid
stack overflow.
2009-03-14 18:33:25 +00:00
Dr. Stephen Henson
12379c82ba Update from HEAD. 2009-03-14 12:40:46 +00:00
Dr. Stephen Henson
be98d6b9ad PR: 1863
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Reviewed by: steve@openssl.org

Check return value, use OPENSSL_assert and unsigned int.
2009-03-14 12:26:03 +00:00
Dr. Stephen Henson
6fe9c925d2 PR: 1856
Check return value of PKCS12_add_safes()
2009-03-09 13:07:16 +00:00
Dr. Stephen Henson
0d658ddf25 PR: 1858
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Make OPENSSL_NO_SOCK work.
2009-03-09 12:09:03 +00:00
Dr. Stephen Henson
cefa7ce284 PR: 1857
Submitted by: Jurko Gospodnetić <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Make OPENSSL_NO_FP_API work again.
2009-03-09 12:06:23 +00:00
Dr. Stephen Henson
ee4041b8bd PR: 1841
Submitted by: Martin Kaiser <lists@kaiser.cx>
Reviewed by: steve@openssl.org

Remove unused code.
2009-03-08 23:05:34 +00:00
Ben Laurie
a17f351b56 Fix display of all 0 IPv6 address (from Rob Austein). 2009-03-08 10:48:03 +00:00
Dr. Stephen Henson
4fcf8d8b07 Submitted by: Jeremy Shapiro <jnshapir@us.ibm.com>
Reviewed by: steve@openssl.org

Improve efficientcy of mem_gets().
2009-03-07 16:58:43 +00:00
Ben Laurie
1eee8a4226 Use the correct length (reported by Quanhong Wang). 2009-03-03 15:06:49 +00:00
Ben Laurie
e26ad0c4fd Fix FIPS typo. 2009-02-18 10:27:23 +00:00
Dr. Stephen Henson
6e7559ac7f Update from HEAD. 2009-02-16 23:24:06 +00:00
Richard Levitte
9feda63955 Data not initialised.
Notified by Gerardo Ganis <gerardo.ganis@cern.ch>
2009-02-16 15:17:26 +00:00
Ben Laurie
1ed81ff731 Use shared dev team flags, fix resulting warning. 2009-02-16 08:44:23 +00:00
Dr. Stephen Henson
9a6401acdf PR: 1422
Fix return value of X509_NAME_cmp() so it works with qsort/bsearch again.
2009-02-15 12:10:39 +00:00
Dr. Stephen Henson
f908ca4db4 PR: 1840
Submitted by: Martin Kaiser <lists@kaiser.cx>
Approved by: steve@openssl.org

Handle NULL passing in parameter and BN_CTX_new() error correctly.
2009-02-14 22:19:31 +00:00
Dr. Stephen Henson
72f6453c48 PR: 1835
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
2009-02-14 21:50:14 +00:00
Dr. Stephen Henson
73cb37295d Update from HEAD. 2009-01-28 12:55:36 +00:00
Dr. Stephen Henson
1f35508ae6 Support NumericString for name components. 2009-01-28 12:35:10 +00:00
Richard Levitte
3e2a74c294 Add missing modules 2009-01-28 07:54:16 +00:00
Richard Levitte
ab31dbc482 Another symbol that's longer than 31 characters. 2009-01-17 12:33:43 +00:00
Richard Levitte
36e9d3ee91 A forgotten module... 2009-01-17 12:33:11 +00:00
Dr. Stephen Henson
5f3ad8f82c Update from HEAD. 2009-01-14 10:46:00 +00:00
Dr. Stephen Henson
d34353cc91 Prepare for next version. 2009-01-07 23:38:34 +00:00
Dr. Stephen Henson
6287fa5396 Prepare for 0.9.8j release. 2009-01-07 10:50:54 +00:00
Dr. Stephen Henson
a00c3c4019 Properly check EVP_VerifyFinal() and similar return values
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
2009-01-07 10:48:23 +00:00
Dr. Stephen Henson
92308905dd make update. 2009-01-05 12:47:11 +00:00
Andy Polyakov
e607e731eb Synchronize with bn_nist.c from HEAD. 2008-12-30 13:41:08 +00:00
Andy Polyakov
f17c45611e Backport http://cvs.openssl.org/chngview?cn=17710 from HEAD.
PR: 1230
2008-12-30 13:30:57 +00:00
Andy Polyakov
a51c8c64e0 Backport aes-x86_64.pl update from HEAD. 2008-12-27 13:34:30 +00:00
Richard Levitte
7f065cfdbd In BIO_write(), update the write statistics, not the read statistics.
PR: 1803
2008-12-25 22:24:21 +00:00
Richard Levitte
667fbc0847 Further synchronisation with Unix 2008-12-25 22:04:45 +00:00
Richard Levitte
6ba7bd5697 Synchronise with Unixly build. 2008-12-22 09:30:09 +00:00
Dr. Stephen Henson
2cad035c01 Make no-engine work again... 2008-12-20 17:04:09 +00:00
Andy Polyakov
2a76c68842 Backport aes-x86_64.pl update from HEAD and revisit same code in aes-586.pl.
PR: 1801
2008-12-17 14:14:51 +00:00
Ben Laurie
1b00f4bc37 Missing return values (Coverity ID 204). 2008-12-13 17:00:53 +00:00
Dr. Stephen Henson
fe43caa4a4 Fix from HEAD. 2008-12-08 19:13:57 +00:00
Dr. Stephen Henson
792e614144 Fix from HEAD. 2008-12-07 23:59:13 +00:00
Ben Laurie
f092a073a7 Fix warnings. 2008-12-02 18:14:44 +00:00
Bodo Möller
505ed2b076 Implement Configure option pattern "experimental-foo"
(specifically, "experimental-jpake").
2008-12-02 01:21:06 +00:00
Dr. Stephen Henson
cef3e62d2b Don't clobber passed GENERAL_NAME on error. 2008-11-30 16:07:11 +00:00
Dr. Stephen Henson
516f76fd2c Move new function CRYPTO_strdup to mem_dbg.c because mem.c is excluded in
a fips build.
2008-11-24 17:02:49 +00:00
Dr. Stephen Henson
5a02ac6e5b Revert OPENSSL_EXPERIMENTAL patch.
Change it so JPAKE uses the standard OPENSSL_NO_JPAKE instead.
2008-11-24 16:14:15 +00:00
Dr. Stephen Henson
14d4074ee1 Update from HEAD. 2008-11-21 18:18:28 +00:00
Dr. Stephen Henson
d9f16c405c Commit default dependencies. 2008-11-19 16:03:51 +00:00
Dr. Stephen Henson
5aa032033e Remove jpake.h dependencies from default build. 2008-11-19 00:40:59 +00:00
Dr. Stephen Henson
c0ce8fe755 Update .cvsignore 2008-11-15 17:47:31 +00:00
Dr. Stephen Henson
55eff40084 Stop warnings. 2008-11-15 17:46:41 +00:00
Bodo Möller
fe46b0de29 make update 2008-11-14 00:17:43 +00:00
Dr. Stephen Henson
a581439bb1 Fixes for "make depend". Features which need a #define to be set to
enable them, like FIPS and JPAKE need to have these set when building
dependencies.
2008-11-13 15:08:33 +00:00
Ben Laurie
a43337e8c4 Not an error to include jpake.h when disabled. 2008-11-13 11:35:23 +00:00
Ben Laurie
33c51ec143 J-PAKE is not RSA. 2008-11-13 09:50:24 +00:00
Dr. Stephen Henson
a1bb2d6c2f Update mk1mf.pl for new JPAKE options. Update jpaketest.c for WIN32. 2008-11-12 18:27:17 +00:00
Dr. Stephen Henson
81dde5e8fe Add support for experimental code, not compiled in by default and
with OPENSSL_EXPERIMENTAL_FOO around it. Make JPAKE experimental.
2008-11-12 16:54:35 +00:00
Dr. Stephen Henson
b84e441861 Don't attempt to enter FIPS mode in autoconfig module if already in FIPS mode. 2008-11-11 12:52:14 +00:00
Dr. Stephen Henson
08e012bbec Update from HEAD. 2008-11-11 12:42:32 +00:00
Dr. Stephen Henson
b46acc392b Avoid conflict with some version of Windows platform SDK. 2008-11-11 12:22:17 +00:00