Richard Levitte
aaf45e6464
Have an underscore before <ARCH> to make sure any future architecture
...
name won't be mixed up with any crypto name.
Missed the other spot.
2010-03-25 16:25:42 +00:00
Richard Levitte
be83c31cdd
Have an underscore before <ARCH> to make sure any future architecture
...
name won't be mixed up with any crypto name.
Missed one spot.
2010-03-25 16:18:51 +00:00
Richard Levitte
76a41eec2b
Try to define the tests and their respective directories in a way that
...
preserves the order of the tests (to make it as easy as possible to
synchronise with future Unix builds)
2010-03-25 14:46:58 +00:00
Richard Levitte
ab9c0ec9fc
Have an underscore before <ARCH> to make sure any future architecture
...
name won't be mixed up with any crypto name.
2010-03-25 14:45:22 +00:00
Dr. Stephen Henson
cf6a1dea19
PR: 2202 (partial)
...
Submitted by: Steven M. Schweda <sms@antinode.info>
VMS fixes:
Reduce copying into .apps and .test in makevms.com
Don't try to use blank CA certificate in CA.com
Allow use of C files from original directories in maketests.com
2010-03-25 12:29:56 +00:00
Dr. Stephen Henson
ea5b3f5e62
PR: 2202 (partial)
...
Submitted by: Steven M. Schweda <sms@antinode.info>
Make some declarations conditional on FIPS/ENGINE.
Make pqueue_print non-VAX.
2010-03-25 12:17:17 +00:00
Dr. Stephen Henson
c3c658e1c0
updates for next version
2010-03-25 12:07:04 +00:00
Dr. Stephen Henson
5d013b6b32
initialise buf if wrong_info not used
2010-03-24 23:42:30 +00:00
Dr. Stephen Henson
ee91323f52
PR: 1731 and maybe 2197
...
Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.
2010-03-24 23:16:35 +00:00
Dr. Stephen Henson
4fae868811
prepare for release
2010-03-24 13:16:55 +00:00
Dr. Stephen Henson
354f92d66a
Submitted by: Bodo Moeller and Adam Langley (Google).
...
Fix for "Record of death" vulnerability CVE-2010-0740.
2010-03-24 13:16:42 +00:00
Andy Polyakov
c3484e0268
rand_win.c: fix logical bug in readscreen [from HEAD].
2010-03-22 22:44:48 +00:00
Andy Polyakov
6b0be9c73d
bss_file.c: fix MSC 6.0 warning [from HEAD].
2010-03-22 22:40:18 +00:00
Andy Polyakov
02312a91ca
ppc.pl: assembler Y chokes on apostrophes in comment.
2010-03-22 20:58:43 +00:00
Andy Polyakov
744f6b648e
e_capi.c: fix typo [from HEAD].
2010-03-15 22:30:09 +00:00
Andy Polyakov
f1502a491e
Fix UPLINK typo [from HEAD].
2010-03-15 22:27:32 +00:00
Dr. Stephen Henson
b70871b675
workaround for missing definition in some headers
2010-03-15 13:12:00 +00:00
Dr. Stephen Henson
9de450b545
PR: 2192
...
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>
The prompt_info and wrong_info parameters can be empty strings which
can produce confusing prompts. Treat empty string same as NULL.
2010-03-12 12:48:56 +00:00
Dr. Stephen Henson
cc53036744
missing goto meant signature was never printed out
2010-03-12 12:07:16 +00:00
Dr. Stephen Henson
4610d8dc00
don't leave bogus errors in the queue
2010-03-10 13:48:35 +00:00
Dr. Stephen Henson
5d7dfefe82
PR: 2186
...
Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch@tecsys.com>
Detect aix64-gcc
2010-03-09 17:08:24 +00:00
Dr. Stephen Henson
5e8e7054f7
The OID sanity check was incorrect. It should only disallow *leading* 0x80
...
values.
2010-03-07 16:40:31 +00:00
Dr. Stephen Henson
9a542ea01d
don't add digest alias if signature algorithm is undefined
2010-03-06 20:52:33 +00:00
Dr. Stephen Henson
1939f83709
Fix memory leak: free up ENGINE functional reference if digest is not
...
found in an ENGINE.
2010-03-05 13:35:06 +00:00
Dr. Stephen Henson
b7c114f044
PR: 2183
...
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
2010-03-03 19:56:00 +00:00
Dr. Stephen Henson
ede1351997
Submitted by: Tomas Hoger <thoger@redhat.com>
...
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
2010-03-03 15:34:11 +00:00
Dr. Stephen Henson
7786ed6a64
don't mix definitions and code
2010-03-03 15:30:05 +00:00
Andy Polyakov
bdd08277b8
Fix s390x-specific HOST_l2c|c2l [from HEAD].
...
Submitted by: Andreas Krebbel
2010-03-02 16:26:13 +00:00
Dr. Stephen Henson
2bf4faa7e4
PR: 2178
...
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>
Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.
2010-03-01 23:54:19 +00:00
Dr. Stephen Henson
2e5e604b0c
load cryptodev if HAVE_CRYPTODEV is set too
2010-03-01 00:30:11 +00:00
Ben Laurie
ed4cd027f3
Fix warnings.
2010-02-28 13:37:15 +00:00
Dr. Stephen Henson
bab19a2ac2
quote HOSTCC in case it isn't defined
2010-02-26 19:56:10 +00:00
Dr. Stephen Henson
582eb96d15
Revert CFB block length change. Despite what SP800-38a says the input to
...
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
2010-02-26 14:41:38 +00:00
Dr. Stephen Henson
2649ce1ebc
Change versions for 0.9.8n-dev
2010-02-26 14:34:24 +00:00
Dr. Stephen Henson
7070cdba4e
Prepare for 0.9.8m release
2010-02-25 17:18:23 +00:00
Richard Levitte
e885de28b1
Since crypto-lib.com is built to be executed in the crypto/ directory,
...
there's no need to specify that directory in the include path.
2010-02-24 01:20:04 +00:00
Dr. Stephen Henson
3038649ab2
The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and
...
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in
the verify application documentation.
2010-02-23 14:09:32 +00:00
Bodo Möller
3e4da3f7cb
Always check bn_wexpend() return values for failure (CVE-2009-3245).
...
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)
Submitted by: Neel Mehta
2010-02-23 10:36:41 +00:00
Richard Levitte
53b5d04715
Apply changes from the 1.0.0 branch.
2010-02-23 07:51:39 +00:00
Richard Levitte
defede6080
Include [.CRYPTO.<ARCH>] instead of just [.<ARCH>]
2010-02-23 07:50:54 +00:00
Richard Levitte
1472f1427e
In some environments, we need to defined sslroot locally.
2010-02-22 07:05:50 +00:00
Richard Levitte
00d1ecb1da
Add t1_reneg to the VMS build.
...
Hack the symbols with long names.
2010-02-22 07:05:24 +00:00
Bodo Möller
739e0e934a
Fix X509_STORE locking
2010-02-19 18:25:39 +00:00
Dr. Stephen Henson
6ae9770d34
clarify documentation
2010-02-18 12:42:03 +00:00
Dr. Stephen Henson
bec7184768
OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved
2010-02-17 19:43:08 +00:00
Dr. Stephen Henson
442ac8d259
Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
...
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
2010-02-17 18:37:47 +00:00
Dr. Stephen Henson
657b02d0cf
PR: 2100
...
Submitted by: James Baker <jbaker@tableausoftware.com> et al.
Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:01 +00:00
Dr. Stephen Henson
b50ef8b216
PR: 2171
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.
Also can now use SSL2 compatible client hello because RFC5746 supports it.
2010-02-16 14:19:42 +00:00
Dr. Stephen Henson
1b690c1a8b
The "block length" for CFB mode was incorrectly coded as 1 all the time. It
...
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
2010-02-15 19:40:45 +00:00
Dr. Stephen Henson
2873a53f5f
Correct ECB mode EVP_CIPHER definition: IV length is 0
2010-02-15 19:25:37 +00:00