wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8714 commits 20 branches 302 tags 153 MiB
Commit graph

4273 commits

Author SHA1 Message Date
Dr. Stephen Henson
2e5e604b0c load cryptodev if HAVE_CRYPTODEV is set too 2010-03-01 00:30:11 +00:00
Ben Laurie
ed4cd027f3 Fix warnings. 2010-02-28 13:37:15 +00:00
Dr. Stephen Henson
582eb96d15 Revert CFB block length change. Despite what SP800-38a says the input to 
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
 2010-02-26 14:41:38 +00:00
Dr. Stephen Henson
2649ce1ebc Change versions for 0.9.8n-dev 2010-02-26 14:34:24 +00:00
Dr. Stephen Henson
7070cdba4e Prepare for 0.9.8m release 2010-02-25 17:18:23 +00:00
Richard Levitte
e885de28b1 Since crypto-lib.com is built to be executed in the crypto/ directory, 
there's no need to specify that directory in the include path.
 2010-02-24 01:20:04 +00:00
Bodo Möller
3e4da3f7cb Always check bn_wexpend() return values for failure (CVE-2009-3245). 
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
 2010-02-23 10:36:41 +00:00
Richard Levitte
defede6080 Include [.CRYPTO.<ARCH>] instead of just [.<ARCH>] 2010-02-23 07:50:54 +00:00
Richard Levitte
00d1ecb1da Add t1_reneg to the VMS build. 
Hack the symbols with long names.
 2010-02-22 07:05:24 +00:00
Bodo Möller
739e0e934a Fix X509_STORE locking 2010-02-19 18:25:39 +00:00
Dr. Stephen Henson
657b02d0cf PR: 2100 
Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.
 2010-02-17 14:32:01 +00:00
Dr. Stephen Henson
1b690c1a8b The "block length" for CFB mode was incorrectly coded as 1 all the time. It 
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
 2010-02-15 19:40:45 +00:00
Dr. Stephen Henson
2873a53f5f Correct ECB mode EVP_CIPHER definition: IV length is 0 2010-02-15 19:25:37 +00:00
Dr. Stephen Henson
04a781e844 PR: 2164 
Submitted by: "Noszticzius, Istvan" <inoszticzius@rightnow.com>

Don't clear the output buffer: ciphers should correctly the same input
and output buffers.
 2010-02-15 19:02:53 +00:00
Dr. Stephen Henson
0bbbadf3f5 Fix memory leak in ENGINE autoconfig code. Improve error logging. 2010-02-09 14:18:15 +00:00
Dr. Stephen Henson
4a9d335bb4 tolerate broken CMS/PKCS7 implementations using signature OID instead of digest 2010-02-02 14:19:54 +00:00
Dr. Stephen Henson
0369804ffa In engine_table_select() don't clear out entire error queue: just clear 
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
 2010-01-28 17:53:11 +00:00
Dr. Stephen Henson
b3fb2492d5 eliminate some warnings in fips build 2010-01-27 13:21:34 +00:00
Dr. Stephen Henson
93b810637b Bypass algorithm blocking with TLS MD5+SHA1 signature in FIPS mode by 
calling underlying method directly.
 2010-01-27 00:51:24 +00:00
Dr. Stephen Henson
9413788571 PR: 2138 
Submitted by: Kevin Regan <k.regan@f5.com>

Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.
 2010-01-26 18:08:42 +00:00
Dr. Stephen Henson
1b32943215 Update OID table too. 2010-01-25 16:08:52 +00:00
Dr. Stephen Henson
a231d99d4c PR: 2149 
Submitted by: Douglas Stebila <douglas@stebila.ca>

Fix wap OIDs.
 2010-01-25 16:08:01 +00:00
Dr. Stephen Henson
cf876a9893 change versions back to 0.9.8m-dev 2010-01-20 18:22:04 +00:00
Dr. Stephen Henson
8b8a2928af prepare for release 2010-01-20 17:26:02 +00:00
Andy Polyakov
b86ebb55ff rand_win.c: handel GetTickCount wrap-around [from HEAD]. 2010-01-19 21:45:45 +00:00
Andy Polyakov
66956eaba3 x86_64-xlate.pl: refine sign extension logic when handling lea [from HEAD]. 
PR: 2094,2095
 2010-01-19 21:45:16 +00:00
Andy Polyakov
2557c6a812 Valgrind fix to aes-x86_64.pl in 0.9.8. For reference, newer aes-x86_64.pl 
don't suffer from the problem after Win64 SEH support was added.
PR: 2075
Submitted by: Peter Klotz
 2010-01-17 19:43:49 +00:00
Dr. Stephen Henson
06e2670a57 Modify compression code so it avoids using ex_data free functions. This 
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
 2010-01-13 18:45:03 +00:00
Andy Polyakov
5b8246d6eb x86_64-xlate.pl: new gas requires sign extention in lea instruction 
[from HEAD].
PR: 2094,2095
 2010-01-07 11:22:25 +00:00
Dr. Stephen Henson
c22050be29 Traditional Yuletide commit ;-) 
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
 2009-12-25 14:11:18 +00:00
Bodo Möller
54ca55fd81 Constify crypto/cast. 2009-12-22 11:45:57 +00:00
Bodo Möller
d0e79d7e2c Constify crypto/cast. 2009-12-22 10:59:03 +00:00
Dr. Stephen Henson
c1003dfd15 Ooops, engage ENGINE initialisation code correctly in FIPS builds. 2009-12-17 16:38:18 +00:00
Dr. Stephen Henson
9e5dea0ffd PR: 2124 
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
 2009-12-09 13:41:50 +00:00
Dr. Stephen Henson
1ff44a99a4 PR: 2111 
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
 2009-12-02 15:27:19 +00:00
Dr. Stephen Henson
b172352b52 PR: 1432 
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org

Truncate hash if it is too large: as required by FIPS 186-3.
 2009-12-01 17:32:16 +00:00
Dr. Stephen Henson
637e0ba420 PR: 2094 
Submitted by: Arkadiusz Miskiewicz <arekm@maven.pl>
Approved by: steve@openssl.org

Fix for out range of signed 32bit displacement error on newer binutils.
 2009-11-13 14:14:46 +00:00
Richard Levitte
e333a8d673 Updated from 1.0.0-stable. 2009-11-12 16:59:18 +00:00
Dr. Stephen Henson
7e42945918 PR: 2091 
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org

If an OID has no short name or long name return the numerical representation.
 2009-11-10 01:00:37 +00:00
Dr. Stephen Henson
b61a87b26c check new_der for NULL too 2009-11-10 00:46:57 +00:00
Dr. Stephen Henson
2c6b141931 PR: 2090 
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org

Improve error checking in asn1_gen.c
 2009-11-10 00:40:42 +00:00
Dr. Stephen Henson
381a9f04a0 Fix unitialized warnings 2009-10-04 16:53:18 +00:00
Dr. Stephen Henson
d7050b4424 Fix warnings about ignoring fgets return value 2009-10-04 16:43:39 +00:00
Dr. Stephen Henson
91ca332058 Prevent ignored return value warning 2009-10-04 14:04:36 +00:00
Dr. Stephen Henson
ff095a8ac8 Prevent aliasing warning 2009-10-04 14:02:35 +00:00
Dr. Stephen Henson
ae37f9f3a2 PR: 2062 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BN_rand error handling in bntest.c
 2009-10-01 00:22:23 +00:00
Dr. Stephen Henson
95d66bd867 PR: 2059 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct EVP_SealInit error handling in pem_seal.c
 2009-10-01 00:18:09 +00:00
Dr. Stephen Henson
6d73e9d8e8 PR: 2056 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_wirte error handling in asn1_par.c
 2009-10-01 00:12:49 +00:00
Dr. Stephen Henson
36a38a7a27 PR: 2063 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_write error handling in ocsp_prn.c
 2009-09-30 23:59:42 +00:00
Dr. Stephen Henson
2a4dc7e505 PR: 2057 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT
error handling in OCSP print routines.
 2009-09-30 23:56:29 +00:00
Ben Laurie
4e92353d23 Make it build, plus make depend. 2009-09-27 14:04:33 +00:00
Dr. Stephen Henson
0badc909ae PR: 2050 
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org

Fix handling of ENOTCONN and EMSGSIZE for dgram BIOs.
 2009-09-22 11:33:58 +00:00
Dr. Stephen Henson
3cc52ee97a Don't set non fips allow flags when calling RSA_new() and DSA_new(). 2009-09-22 11:28:05 +00:00
Dr. Stephen Henson
9e6c97703c Don't use __try+__except unless on VC++ 2009-09-20 12:38:46 +00:00
Dr. Stephen Henson
e1246e1ad7 Submitted by: Julia Lawall <julia@diku.dk> 
The functions ENGINE_ctrl(), OPENSSL_isservice(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
 2009-09-13 11:20:38 +00:00
Dr. Stephen Henson
cf51a0dccb Seed PRNG with DSA and ECDSA digests for additional protection against 
possible PRNG state duplication.
 2009-09-09 12:07:41 +00:00
Dr. Stephen Henson
48b30bf0e2 make update 2009-09-06 16:14:20 +00:00
Dr. Stephen Henson
17b08b6a64 PR: 1644 
Submitted by: steve@openssl.org

Fix to make DHparams_dup() et al work in C++.

For 0.9.8, we just change the macro to avoid making incompatible changes to
the API.
 2009-09-06 15:46:46 +00:00
Dr. Stephen Henson
197ab47bdd PR: 2028 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.
 2009-09-04 17:53:30 +00:00
Richard Levitte
2c83b24cad Remove tmdiff.h from EXHEADERS as it doesn't exist. 
Don't have separate installation directory variables for VAX and AXP.

Submitted by Zoltan Arpadffy <zoli@polarhome.com>
 2009-08-25 07:28:18 +00:00
Richard Levitte
c21a427a14 Make it possible to compile non-assembler routines on AXP as well. 
Submitted by Zoltan Arpadffy <arpadffy@polarhome.com>
 2009-08-25 07:22:07 +00:00
Dr. Stephen Henson
3af16cf694 Backport GeneralizedTime fractional seconds support from HEAD. 2009-08-10 15:15:27 +00:00
Dr. Stephen Henson
759b287f15 Add COMP error strings. 2009-08-09 14:51:56 +00:00
Dr. Stephen Henson
5fffb5b3d9 Backport modified version of MIME wrapper for PKCS#7. This ensures 
correct values for micalg among other things.
 2009-08-09 14:49:00 +00:00
Dr. Stephen Henson
059230b320 Reject leading 0x80 in OID subidentifiers. 2009-08-06 16:22:57 +00:00
Dr. Stephen Henson
b0080e3817 PR: 1992 
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

RAND_poll() and CreateToolhelp32Snapshot() stability for WIN32.
 2009-07-24 13:47:32 +00:00
Dr. Stephen Henson
ded8aff2c8 PR: 1990 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS socket timeout bug fix.
 2009-07-24 13:06:35 +00:00
Dr. Stephen Henson
32d4496c1e PR: 1989 
Submitted by: Viktor Szakáts <harbour.01@syenar.hu>
Approved by: steve@openssl.org

Too few arguments in definition of BIO_get_cont_int_port macro.
 2009-07-24 11:24:07 +00:00
Dr. Stephen Henson
8b634ba029 OSX DSO fix from HEAD. 2009-07-16 09:58:27 +00:00
Dr. Stephen Henson
526228b78e Update from 1.0.0-stable. 2009-07-15 11:03:08 +00:00
Dr. Stephen Henson
7852c6b075 Update from HEAD 2009-07-11 22:30:49 +00:00
Dr. Stephen Henson
2c5f3606d1 Remove MD2 from digest algorithm table. This follows the recommendation in 
several places that it is not used in new applications.
 2009-07-08 08:33:27 +00:00
Dr. Stephen Henson
f67f815624 Update from 1.0.0-stable. 2009-06-30 11:22:25 +00:00
Dr. Stephen Henson
5e4c2225ed Oops, moved too much. 2009-06-26 23:56:10 +00:00
Dr. Stephen Henson
167d2a1411 PR: 1961 
Submitted by: Martin Gerbershagen <martin.gerbershagen@nsn.com>
Approved by: steve@openssl.org

Avoid memory leak if RAND_bytes() fails.
 2009-06-26 22:52:18 +00:00
Dr. Stephen Henson
9aecc3e5ff Update from 1.0.0-stable. 2009-06-26 11:34:22 +00:00
Dr. Stephen Henson
b8a4a5bcba Fix from HEAD. 2009-06-25 17:12:26 +00:00
Dr. Stephen Henson
efaa569c3b PR: 1943 
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org

Rename uni2asc and asc2uni on Netware to avoid a name clash.
 2009-06-17 11:55:51 +00:00
Dr. Stephen Henson
15684f58c2 Update from 1.0.0-stable. 2009-06-17 11:49:18 +00:00
Dr. Stephen Henson
0e6c24ae4b Update from HEAD. 2009-06-17 11:26:39 +00:00
Dr. Stephen Henson
1e53b797f6 Don't check self-signed signature in X509_verify_cert(), the check just 
wastes processing time and doesn't add any security.
 2009-06-15 14:52:38 +00:00
Dr. Stephen Henson
1ddf691244 Update from 1.0.0-stable. 2009-06-05 15:05:10 +00:00
Dr. Stephen Henson
78074baadd Fix from 1.0.0-stable. 2009-06-05 11:53:49 +00:00
Dr. Stephen Henson
7457642b8c PR: 1937 
Submitted by: Mark Phalan <Mark.Phalan@Sun.COM>
Reviewed by: steve@openssl.org

Fix misuse of st_mode field in struct stat.
 2009-06-02 11:31:32 +00:00
Dr. Stephen Henson
c2f425a06a PR: 1944 
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve@openssl.org

Fix gcc warning on mingw.
 2009-06-01 12:18:21 +00:00
Dr. Stephen Henson
4930f8bbd9 Update from HEAD. 2009-06-01 12:14:53 +00:00
Dr. Stephen Henson
4730ea8a38 Fix from 1.0.0-stable branch. 2009-05-18 16:12:56 +00:00
Dr. Stephen Henson
b7d0d35a13 Modified PR#1929 update from 1.0.0-stable. 2009-05-17 16:42:14 +00:00
Richard Levitte
d7c86198d9 Stupid typo 2009-05-17 07:22:18 +00:00
Dr. Stephen Henson
6bf4ca0840 Update from 1.0.0-stable. 2009-05-16 16:18:45 +00:00
Dr. Stephen Henson
efa59b8d59 Updates from 1.0.0-stable. 2009-05-16 15:51:59 +00:00
Dr. Stephen Henson
e1a2bfaaa6 Update from HEAD. 2009-05-15 23:07:59 +00:00
Richard Levitte
48f48d96ce Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda). 
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
 2009-05-15 16:37:29 +00:00
Richard Levitte
3166d16f06 Add a comment about libeay.num and ssleay.num 2009-05-15 16:00:11 +00:00
Richard Levitte
3e9b2042d9 Update from HEAD 2009-05-05 08:48:02 +00:00
Richard Levitte
05ee0523c1 Update from HEAD 2009-04-28 13:11:05 +00:00
Dr. Stephen Henson
01cb2049e3 Update from 1.0.0-stable. 2009-04-22 17:37:47 +00:00
Dr. Stephen Henson
b00c36e366 PR: 1829 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timer bug fix from 1.0.0-stable with fixes.
 2009-04-14 15:20:48 +00:00
Dr. Stephen Henson
18df6b30b1 Fix from 1.0.0-stable. 2009-04-08 15:58:26 +00:00
Dr. Stephen Henson
a78ded0b61 PR: 1700 
Submitted by: "Robbins, Aharon" <aharon.robbins@intel.com>
Approved by: steve@openssl.org

#undef X509_EXTENSIONS for WIN32 too.
 2009-04-03 16:54:04 +00:00
Dr. Stephen Henson
0a629ddbd6 Update from 1.0.0-stable 2009-04-03 16:28:20 +00:00
Dr. Stephen Henson
353cb367e4 PR: 1616 
Submitted by: Dequin_Eric@emc.com
Approved by: steve@openssl.org

Check tree->levels to ensure malloc worked.
 2009-04-03 11:36:49 +00:00
Dr. Stephen Henson
c342341ea1 Ooops, revert patch... due to non-portable gettimeofday call. 2009-04-02 22:19:07 +00:00
Dr. Stephen Henson
9d396bee8e PR: 1829 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timer bug fix.
 2009-04-02 22:16:02 +00:00
Dr. Stephen Henson
aca8bf43ce Submitted by: Ilya O. <vrghost@gmail.com> 
Approved by: steve@openssl.org

Add 2.5.4.* OIDs.
 2009-03-25 19:01:03 +00:00
Dr. Stephen Henson
7de0df694f Prepare for next version. 2009-03-25 13:02:49 +00:00
Dr. Stephen Henson
15d3cd4680 Aaargh.... wrong version number.... 2009-03-25 12:08:14 +00:00
Dr. Stephen Henson
e10051ef3f Prepare for 0.9.8k release. 2009-03-25 10:46:56 +00:00
Dr. Stephen Henson
c60dca1f95 PR: 1868 
Submitted by: Paolo Ganci <Paolo.Ganci@AdNovum.CH>
Approved by: steve@openssl.org

Don't set fields to NULL when freeing them up in ASN1 code. On some platforms
with sizeof(long) < sizeof(char *) this can cause a crash.
 2009-03-25 10:42:34 +00:00
Dr. Stephen Henson
188abf7e2a Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com> 
Approved by: steve@openssl.org

Check return code properly in CMS_SignerInfo_verify_content().
 2009-03-25 10:40:32 +00:00
Dr. Stephen Henson
f021b7cca6 Reject BMPStrings and UniversalStrings of invalid length. This prevents 
a crash in ASN1_STRING_print_ex() which assumes they are valid.
 2009-03-25 10:35:57 +00:00
Andy Polyakov
3f03b3569d des_enc.m4, SPARC DES assembler, update from HEAD: make it Purify-friendly. 
As side effect it introduces duplicate of 2KB DES_SPtrans table.
 2009-03-16 13:43:43 +00:00
Dr. Stephen Henson
07dd3bfcd4 Oops. 2009-03-15 14:03:29 +00:00
Dr. Stephen Henson
37afdc953e Don't force S/MIME signing purpose: allow it to be overridden by store 
settings.

Don't set default values in X509_VERIFY_PARAM_new(): it stops parameters
being inherited properly.
 2009-03-15 13:36:01 +00:00
Dr. Stephen Henson
044855e146 Permit nested ASN1 string encoding but with a maximum depth to avoid 
stack overflow.
 2009-03-14 18:33:25 +00:00
Dr. Stephen Henson
12379c82ba Update from HEAD. 2009-03-14 12:40:46 +00:00
Dr. Stephen Henson
be98d6b9ad PR: 1863 
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Reviewed by: steve@openssl.org

Check return value, use OPENSSL_assert and unsigned int.
 2009-03-14 12:26:03 +00:00
Dr. Stephen Henson
6fe9c925d2 PR: 1856 
Check return value of PKCS12_add_safes()
 2009-03-09 13:07:16 +00:00
Dr. Stephen Henson
0d658ddf25 PR: 1858 
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Make OPENSSL_NO_SOCK work.
 2009-03-09 12:09:03 +00:00
Dr. Stephen Henson
cefa7ce284 PR: 1857 
Submitted by: Jurko Gospodnetić <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Make OPENSSL_NO_FP_API work again.
 2009-03-09 12:06:23 +00:00
Dr. Stephen Henson
ee4041b8bd PR: 1841 
Submitted by: Martin Kaiser <lists@kaiser.cx>
Reviewed by: steve@openssl.org

Remove unused code.
 2009-03-08 23:05:34 +00:00
Ben Laurie
a17f351b56 Fix display of all 0 IPv6 address (from Rob Austein). 2009-03-08 10:48:03 +00:00
Dr. Stephen Henson
4fcf8d8b07 Submitted by: Jeremy Shapiro <jnshapir@us.ibm.com> 
Reviewed by: steve@openssl.org

Improve efficientcy of mem_gets().
 2009-03-07 16:58:43 +00:00
Ben Laurie
1eee8a4226 Use the correct length (reported by Quanhong Wang). 2009-03-03 15:06:49 +00:00
Ben Laurie
e26ad0c4fd Fix FIPS typo. 2009-02-18 10:27:23 +00:00
Dr. Stephen Henson
6e7559ac7f Update from HEAD. 2009-02-16 23:24:06 +00:00
Richard Levitte
9feda63955 Data not initialised. 
Notified by Gerardo Ganis <gerardo.ganis@cern.ch>
 2009-02-16 15:17:26 +00:00
Ben Laurie
1ed81ff731 Use shared dev team flags, fix resulting warning. 2009-02-16 08:44:23 +00:00
Dr. Stephen Henson
9a6401acdf PR: 1422 
Fix return value of X509_NAME_cmp() so it works with qsort/bsearch again.
 2009-02-15 12:10:39 +00:00
Dr. Stephen Henson
f908ca4db4 PR: 1840 
Submitted by: Martin Kaiser <lists@kaiser.cx>
Approved by: steve@openssl.org

Handle NULL passing in parameter and BN_CTX_new() error correctly.
 2009-02-14 22:19:31 +00:00
Dr. Stephen Henson
72f6453c48 PR: 1835 
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
 2009-02-14 21:50:14 +00:00
Dr. Stephen Henson
73cb37295d Update from HEAD. 2009-01-28 12:55:36 +00:00
Dr. Stephen Henson
1f35508ae6 Support NumericString for name components. 2009-01-28 12:35:10 +00:00
Richard Levitte
3e2a74c294 Add missing modules 2009-01-28 07:54:16 +00:00
Richard Levitte
ab31dbc482 Another symbol that's longer than 31 characters. 2009-01-17 12:33:43 +00:00
Richard Levitte
36e9d3ee91 A forgotten module... 2009-01-17 12:33:11 +00:00
Dr. Stephen Henson
5f3ad8f82c Update from HEAD. 2009-01-14 10:46:00 +00:00
Dr. Stephen Henson
d34353cc91 Prepare for next version. 2009-01-07 23:38:34 +00:00
Dr. Stephen Henson
6287fa5396 Prepare for 0.9.8j release. 2009-01-07 10:50:54 +00:00
Dr. Stephen Henson
a00c3c4019 Properly check EVP_VerifyFinal() and similar return values 
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
 2009-01-07 10:48:23 +00:00
Dr. Stephen Henson
92308905dd make update. 2009-01-05 12:47:11 +00:00
Andy Polyakov
e607e731eb Synchronize with bn_nist.c from HEAD. 2008-12-30 13:41:08 +00:00
Andy Polyakov
f17c45611e Backport http://cvs.openssl.org/chngview?cn=17710 from HEAD. 
PR: 1230
 2008-12-30 13:30:57 +00:00
Andy Polyakov
a51c8c64e0 Backport aes-x86_64.pl update from HEAD. 2008-12-27 13:34:30 +00:00
Richard Levitte
7f065cfdbd In BIO_write(), update the write statistics, not the read statistics. 
PR: 1803
 2008-12-25 22:24:21 +00:00
Richard Levitte
667fbc0847 Further synchronisation with Unix 2008-12-25 22:04:45 +00:00
Richard Levitte
6ba7bd5697 Synchronise with Unixly build. 2008-12-22 09:30:09 +00:00
Dr. Stephen Henson
2cad035c01 Make no-engine work again... 2008-12-20 17:04:09 +00:00
Andy Polyakov
2a76c68842 Backport aes-x86_64.pl update from HEAD and revisit same code in aes-586.pl. 
PR: 1801
 2008-12-17 14:14:51 +00:00
Ben Laurie
1b00f4bc37 Missing return values (Coverity ID 204). 2008-12-13 17:00:53 +00:00
Dr. Stephen Henson
fe43caa4a4 Fix from HEAD. 2008-12-08 19:13:57 +00:00
Dr. Stephen Henson
792e614144 Fix from HEAD. 2008-12-07 23:59:13 +00:00
Ben Laurie
f092a073a7 Fix warnings. 2008-12-02 18:14:44 +00:00
Bodo Möller
505ed2b076 Implement Configure option pattern "experimental-foo" 
(specifically, "experimental-jpake").
 2008-12-02 01:21:06 +00:00
Dr. Stephen Henson
cef3e62d2b Don't clobber passed GENERAL_NAME on error. 2008-11-30 16:07:11 +00:00
Dr. Stephen Henson
516f76fd2c Move new function CRYPTO_strdup to mem_dbg.c because mem.c is excluded in 
a fips build.
 2008-11-24 17:02:49 +00:00
Dr. Stephen Henson
5a02ac6e5b Revert OPENSSL_EXPERIMENTAL patch. 
Change it so JPAKE uses the standard OPENSSL_NO_JPAKE instead.
 2008-11-24 16:14:15 +00:00
Dr. Stephen Henson
14d4074ee1 Update from HEAD. 2008-11-21 18:18:28 +00:00
Dr. Stephen Henson
d9f16c405c Commit default dependencies. 2008-11-19 16:03:51 +00:00
Dr. Stephen Henson
5aa032033e Remove jpake.h dependencies from default build. 2008-11-19 00:40:59 +00:00
Dr. Stephen Henson
c0ce8fe755 Update .cvsignore 2008-11-15 17:47:31 +00:00
Dr. Stephen Henson
55eff40084 Stop warnings. 2008-11-15 17:46:41 +00:00
Bodo Möller
fe46b0de29 make update 2008-11-14 00:17:43 +00:00
Dr. Stephen Henson
a581439bb1 Fixes for "make depend". Features which need a #define to be set to 
enable them, like FIPS and JPAKE need to have these set when building
dependencies.
 2008-11-13 15:08:33 +00:00
Ben Laurie
a43337e8c4 Not an error to include jpake.h when disabled. 2008-11-13 11:35:23 +00:00
Ben Laurie
33c51ec143 J-PAKE is not RSA. 2008-11-13 09:50:24 +00:00
Dr. Stephen Henson
a1bb2d6c2f Update mk1mf.pl for new JPAKE options. Update jpaketest.c for WIN32. 2008-11-12 18:27:17 +00:00
Dr. Stephen Henson
81dde5e8fe Add support for experimental code, not compiled in by default and 
with OPENSSL_EXPERIMENTAL_FOO around it. Make JPAKE experimental.
 2008-11-12 16:54:35 +00:00
Dr. Stephen Henson
b84e441861 Don't attempt to enter FIPS mode in autoconfig module if already in FIPS mode. 2008-11-11 12:52:14 +00:00
Dr. Stephen Henson
08e012bbec Update from HEAD. 2008-11-11 12:42:32 +00:00
Dr. Stephen Henson
b46acc392b Avoid conflict with some version of Windows platform SDK. 2008-11-11 12:22:17 +00:00
Dr. Stephen Henson
2c17b493b1 Make -DKSSL_DEBUG work again. 2008-11-10 18:55:07 +00:00
Dr. Stephen Henson
3795297af8 Change old obsolete email address... 2008-11-05 18:36:57 +00:00
Dr. Stephen Henson
33fd33d423 Fix from HEAD. 2008-11-05 18:29:49 +00:00
Dr. Stephen Henson
582ef3dbdb Fix from HEAD. 2008-10-31 12:09:18 +00:00
Andy Polyakov
6a933782fa randfile.c: .rnd can become orphaned on VMS [from HEAD]. 
Submitted by: David North
 2008-10-28 16:30:09 +00:00
Andy Polyakov
8d64abacc6 Fix crash in BN_rshift [from HEAD]. 
PR: 1663
 2008-10-28 13:47:38 +00:00
Dr. Stephen Henson
9af6802943 Win32 fixes, add new directory to WIN32 build system. 2008-10-27 12:30:33 +00:00
Dr. Stephen Henson
c10f53a897 Fixes from HEAD. 2008-10-27 12:04:04 +00:00
Ben Laurie
2124e869a8 Add JPAKE. 2008-10-26 18:42:05 +00:00
Dr. Stephen Henson
ff09931e22 Sync OIDS with HEAD. 2008-10-22 18:48:50 +00:00
Lutz Jänicke
312539ae9f Armor pq_compat.h header file against multiple inclusion 
Submitted by: Alex Chen <alex_chen@filemaker.com>
 2008-10-20 12:40:20 +00:00
Ben Laurie
b76306c983 Constification. 2008-10-18 14:27:36 +00:00
Ben Laurie
cdffc716c9 Set the comparison function in v3_addr_canonize(). 2008-10-14 19:21:30 +00:00
Lutz Jänicke
cfe04f607d Fix incorrect command for assember file generation on IA64 
Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>
 2008-10-06 10:35:29 +00:00
Dr. Stephen Henson
c0e9f540e0 Check for errors in ASN1 sign and verify routines. 2008-09-25 16:38:07 +00:00
Andy Polyakov
7c97aacbe8 Fix EC_KEY_check_key [from HEAD]. 2008-09-23 17:34:08 +00:00
Dr. Stephen Henson
155ad6d219 Fix warnings when more pedantic "debuge-steve32" target is used. 2008-09-21 11:40:36 +00:00
Dr. Stephen Henson
138f20433e Camellia low level API algorithm blocking. 2008-09-21 11:21:43 +00:00
Dr. Stephen Henson
7747c67861 Make camellia work with updated EVP macros. 2008-09-21 10:24:08 +00:00
Dr. Stephen Henson
e852835da6 Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
52702f6f92 Updates to build system from FIPS branch. Make fipscanisterbuild work and 
build FIPS test programs.
 2008-09-17 15:56:42 +00:00
Dr. Stephen Henson
05794d983f Add RSA update from FIPS branch that got omitted.... 2008-09-17 15:53:59 +00:00
Dr. Stephen Henson
364f36f851 Don't change NUM_LOCKS value for non-FIPS builds. 2008-09-17 15:07:41 +00:00
Dr. Stephen Henson
9b809d6278 Add missing files. 2008-09-16 22:54:30 +00:00
Dr. Stephen Henson
bbefea3387 Add missing files. 2008-09-16 22:48:18 +00:00
Dr. Stephen Henson
d83dde6180 Merge changes to build system from fips branch. 2008-09-16 21:44:57 +00:00
Dr. Stephen Henson
8067d34b3a FIPS merge "crypto" functions. 2008-09-16 15:11:50 +00:00
Dr. Stephen Henson
e3f2860e73 Merge public key FIPS code, RSA, DSA, DH. 2008-09-16 14:55:26 +00:00
Dr. Stephen Henson
92eb44d238 Add missing file. 2008-09-16 11:52:33 +00:00
Dr. Stephen Henson
f4179bead4 RAND library FIPS merge. 2008-09-16 11:50:05 +00:00
Dr. Stephen Henson
fced277486 conf/hmac FIPS merge. 2008-09-16 11:37:03 +00:00
Dr. Stephen Henson
3d1be455ce ERR library FIPS merge. Reorganise functions and add FIPS error 
definitions.
 2008-09-16 11:26:29 +00:00
Dr. Stephen Henson
dee4d129cb FIPS des library merge. 2008-09-16 11:17:48 +00:00
Dr. Stephen Henson
0067bd77a8 Part FIPS bn merge: move functiosn to bn_opt.c to reduce dependencies. 2008-09-16 11:08:24 +00:00
Dr. Stephen Henson
d98904e5a7 Add missing RC4 algorithm block source file. 2008-09-16 11:02:19 +00:00
Dr. Stephen Henson
96a259e81e Merge FIPS low level algorithm blocking code. Give hard errors if non-FIPS 
algorithms are use in FIPS mode using low level API. No effect in non-FIPS
mode.
 2008-09-16 10:47:28 +00:00
Dr. Stephen Henson
f947b818bf Oops, restore change that got reverted accidentally. 2008-09-15 22:32:23 +00:00
Dr. Stephen Henson
a2dc9b6be2 Merge EVP changes in from FIPS branch. 2008-09-15 22:21:42 +00:00
Dr. Stephen Henson
16349eeceb Port X931 key generation routines from FIPS branch. Don't include deprecated 
versions as they weren't in 0.9.8 before now anyway.
 2008-09-15 21:42:28 +00:00
Bodo Möller
aecf1c1f96 Fix intendation 2008-09-15 20:39:32 +00:00
Dr. Stephen Henson
5d582fd516 pkcs12 FIPS changes. 2008-09-15 20:16:04 +00:00
Dr. Stephen Henson
8ec86dcf04 Merge minor FIPS branch changes: buffer, objects, pem, x509. 2008-09-15 19:56:12 +00:00
Dr. Stephen Henson
6d3b70c8da Prepare for next version... 2008-09-15 15:30:20 +00:00
Dr. Stephen Henson
0a4fda742b Oops... use correct version number this time.... 2008-09-15 14:26:34 +00:00
Dr. Stephen Henson
3745e57bf9 Prepare for next version.... 2008-09-15 12:19:09 +00:00
Dr. Stephen Henson
b7e7aa00de Begin release of OpenSSL 0.9.8i. 2008-09-15 10:28:13 +00:00
Andy Polyakov
1098fd48ce Compilation warning fix [from HEAD, "must have, as our Windows build does 
not tolerate warnings].
 2008-09-15 07:19:41 +00:00
Andy Polyakov
393906d9be Fix yesterday typos in bss_dgram.c [from HEAD]. 2008-09-15 05:45:36 +00:00
Andy Polyakov
cfb95ba9f6 Winsock handles SO_RCVTIMEO in unique manner... [from HEAD]. 
PR: 1648
 2008-09-14 19:23:46 +00:00
Dr. Stephen Henson
1af12ff1d1 Fix error code discrepancy. 
Make update.
 2008-09-14 16:43:37 +00:00
Dr. Stephen Henson
bd72b8eca6 Stop warnings about value not used. 2008-09-14 15:46:36 +00:00
Bodo Möller
669b912dea Really get rid of unsafe double-checked locking. 
Also, "CHANGES" clean-ups.
 2008-09-14 13:51:49 +00:00
Bodo Möller
36a4a67b2b Some precautions to avoid potential security-relevant problems. 2008-09-14 13:42:40 +00:00
Ben Laurie
b7c8b4fc95 Allow soft-loading engines. 2008-09-12 13:29:59 +00:00
Dr. Stephen Henson
fd43ae3fe4 Fix flag clash... only used internally when policy checking is 
enabled.
 2008-08-31 11:15:35 +00:00
Bodo Möller
cdd0f3b328 Don't use assertions to check application-provided arguments; 
and don't unnecessarily fail on input size 0.
 2008-08-14 21:37:20 +00:00
Dr. Stephen Henson
405f382144 Fix from HEAD. 2008-08-05 15:56:11 +00:00
Dr. Stephen Henson
a750273546 Fix from HEAD. 2008-08-02 11:17:04 +00:00
Dr. Stephen Henson
4231b356aa Fix from HEAD. 2008-07-30 15:42:19 +00:00
Bodo Möller
df1f7b4b02 We should check the eight bytes starting at p[-9] for rollback attack 
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.

PR: 1695
 2008-07-17 22:11:24 +00:00
Andy Polyakov
3a72137211 darwin64-ppc-cc experimental line accidentally made it to stable:-( 
PR: 1699
 2008-07-17 10:00:18 +00:00
Andy Polyakov
e5d289cc03 sha1-586.pl: update from HEAD. 
PR: 1681
 2008-07-17 09:51:34 +00:00
Bodo Möller
0ff3766b0e Make sure not to read beyond end of buffer 2008-07-16 18:10:28 +00:00
Dr. Stephen Henson
3562202306 Fix from HEAD. 2008-07-13 22:38:52 +00:00
Dr. Stephen Henson
2bf4b96aef Update from HEAD. 2008-07-13 15:56:01 +00:00
Dr. Stephen Henson
811e08a2c5 Update from HEAD. 2008-07-13 14:33:16 +00:00
Dr. Stephen Henson
dd6e90465d Add support for Local Machine Keyset attribute in PKCS#12 files. 2008-06-26 23:26:52 +00:00
Dr. Stephen Henson
a86c626802 Sync OIDs with HEAD so we don't need to rebuild OID database and change 
all NIDs every time an OID is added to 0.9.8.
 2008-06-26 23:20:52 +00:00
Bodo Möller
4afcee8b4b avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr() 
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
 2008-06-23 20:46:28 +00:00
Dr. Stephen Henson
e0f6c15418 Make WIN32 build work with no-rc4 2008-06-21 23:28:02 +00:00
Dr. Stephen Henson
14748adb09 Make ssl code consistent with FIPS branch. The new code has no effect 
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
 2008-06-16 16:56:43 +00:00
Dr. Stephen Henson
ff2ab9e6bb Add error code for FIPS library and make library numbers consistent. 2008-06-16 15:22:49 +00:00
Ben Laurie
f113bb9f4e OPENSSL_isservice() is defined on all platforms. 2008-06-07 17:22:37 +00:00
Dr. Stephen Henson
3dc466424e Update CryptoAPI ENGINE from head. Export OPENSSL_isservice(). 2008-06-06 15:52:32 +00:00
Dr. Stephen Henson
aa03989791 Backport ssl client auth ENGINE support to 0.9.8. 2008-06-04 18:01:40 +00:00
Dr. Stephen Henson
feb200bbb3 Don't set extended type is mbstring flag set. 2008-05-30 10:57:13 +00:00
Dr. Stephen Henson
203ac694e3 Load CryptoAPI engine if supported. 2008-05-29 23:47:40 +00:00
Mark J. Cox
3f79793b7e After tagging, bump ready for 0.9.8i development 2008-05-28 07:47:50 +00:00
Mark J. Cox
0d01d8a735 Prepare for 0.9.8h release 2008-05-28 07:37:14 +00:00