Commit graph

8312 commits

Author SHA1 Message Date
Dr. Stephen Henson
0cefa0f942 PR: 2229
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Don't drop DTLS connection if mac or decryption failed.
2010-04-14 00:09:39 +00:00
Dr. Stephen Henson
834c85ef0c PR: 2228
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS buffer record MAC failure bug.
2010-04-14 00:02:50 +00:00
Richard Levitte
0c8c8eab58 Third argument to dtls1_buffer_record is by reference 2010-04-13 08:42:01 +00:00
Dr. Stephen Henson
bc06baca76 Add SHA2 algorithms to SSL_library_init(). Although these aren't used
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
2010-04-07 13:19:48 +00:00
Dr. Stephen Henson
9eeb779e8f Remove obsolete PRNG note. Add comment about use of SHA256 et al. 2010-04-06 15:02:43 +00:00
Dr. Stephen Henson
fe171f9c3e PR: 2209
Submitted Daniel Mentz <danielml@sent.com>

Documentation typo.
2010-04-06 14:45:40 +00:00
Dr. Stephen Henson
5e613d5411 PR: 2218
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS replay bug.
2010-04-06 12:44:44 +00:00
Dr. Stephen Henson
56e930eb03 PR: 2219
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS buffering bug.
2010-04-06 12:39:57 +00:00
Dr. Stephen Henson
4a052f0bb9 PR: 2223
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS timeout bug
2010-04-06 12:29:08 +00:00
Dr. Stephen Henson
f34e79f27b make no-comp compile again 2010-03-30 17:31:58 +00:00
Dr. Stephen Henson
ef1fe9094c make FAQ, STATUS consistent with other branches 2010-03-30 00:58:23 +00:00
Andy Polyakov
c25e8ee9b3 md32_common.h: fix copy-n-paste typo. The typo was present in 098 only. 2010-03-29 11:23:11 +00:00
Dr. Stephen Henson
4525a048ec PR: 1696
Check return value if d2i_PBEPARAM().
2010-03-28 00:42:17 +00:00
Dr. Stephen Henson
f421a52f56 PR: 2083
Submitted by: Mike Frysinger <vapier@gentoo.org>

Add includes in synopsis, fix some indents. For some reason this never got
applied to the 0.9.8-stable branch.
2010-03-28 00:17:28 +00:00
Dr. Stephen Henson
17a79eec0c PR: 1763
Remove useless num = 0 assignment.

Remove redundant cases on sock_ctrl(): default case handles them.
2010-03-27 23:28:33 +00:00
Dr. Stephen Henson
1eda14b44f PR: 1813
Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com>

Fix memory leak when engine name cannot be loaded.
2010-03-27 18:28:24 +00:00
Richard Levitte
aa9b502619 We don't have a whirlpool test in this branch. 2010-03-25 20:36:48 +00:00
Richard Levitte
aaf45e6464 Have an underscore before <ARCH> to make sure any future architecture
name won't be mixed up with any crypto name.
Missed the other spot.
2010-03-25 16:25:42 +00:00
Richard Levitte
be83c31cdd Have an underscore before <ARCH> to make sure any future architecture
name won't be mixed up with any crypto name.
Missed one spot.
2010-03-25 16:18:51 +00:00
Richard Levitte
76a41eec2b Try to define the tests and their respective directories in a way that
preserves the order of the tests (to make it as easy as possible to
synchronise with future Unix builds)
2010-03-25 14:46:58 +00:00
Richard Levitte
ab9c0ec9fc Have an underscore before <ARCH> to make sure any future architecture
name won't be mixed up with any crypto name.
2010-03-25 14:45:22 +00:00
Dr. Stephen Henson
cf6a1dea19 PR: 2202 (partial)
Submitted by: Steven M. Schweda <sms@antinode.info>

VMS fixes:
	Reduce copying into .apps and .test in makevms.com
	Don't try to use blank CA certificate in CA.com
	Allow use of C files from original directories in maketests.com
2010-03-25 12:29:56 +00:00
Dr. Stephen Henson
ea5b3f5e62 PR: 2202 (partial)
Submitted by: Steven M. Schweda <sms@antinode.info>

Make some declarations conditional on FIPS/ENGINE.
Make pqueue_print non-VAX.
2010-03-25 12:17:17 +00:00
Dr. Stephen Henson
c3c658e1c0 updates for next version 2010-03-25 12:07:04 +00:00
Dr. Stephen Henson
5d013b6b32 initialise buf if wrong_info not used 2010-03-24 23:42:30 +00:00
Dr. Stephen Henson
ee91323f52 PR: 1731 and maybe 2197
Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.
2010-03-24 23:16:35 +00:00
Dr. Stephen Henson
4fae868811 prepare for release 2010-03-24 13:16:55 +00:00
Dr. Stephen Henson
354f92d66a Submitted by: Bodo Moeller and Adam Langley (Google).
Fix for "Record of death" vulnerability CVE-2010-0740.
2010-03-24 13:16:42 +00:00
Andy Polyakov
c3484e0268 rand_win.c: fix logical bug in readscreen [from HEAD]. 2010-03-22 22:44:48 +00:00
Andy Polyakov
6b0be9c73d bss_file.c: fix MSC 6.0 warning [from HEAD]. 2010-03-22 22:40:18 +00:00
Andy Polyakov
02312a91ca ppc.pl: assembler Y chokes on apostrophes in comment. 2010-03-22 20:58:43 +00:00
Andy Polyakov
744f6b648e e_capi.c: fix typo [from HEAD]. 2010-03-15 22:30:09 +00:00
Andy Polyakov
f1502a491e Fix UPLINK typo [from HEAD]. 2010-03-15 22:27:32 +00:00
Dr. Stephen Henson
b70871b675 workaround for missing definition in some headers 2010-03-15 13:12:00 +00:00
Dr. Stephen Henson
9de450b545 PR: 2192
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

The prompt_info and wrong_info parameters can be empty strings which
can produce confusing prompts. Treat empty string same as NULL.
2010-03-12 12:48:56 +00:00
Dr. Stephen Henson
cc53036744 missing goto meant signature was never printed out 2010-03-12 12:07:16 +00:00
Dr. Stephen Henson
4610d8dc00 don't leave bogus errors in the queue 2010-03-10 13:48:35 +00:00
Dr. Stephen Henson
5d7dfefe82 PR: 2186
Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch@tecsys.com>

Detect aix64-gcc
2010-03-09 17:08:24 +00:00
Dr. Stephen Henson
5e8e7054f7 The OID sanity check was incorrect. It should only disallow *leading* 0x80
values.
2010-03-07 16:40:31 +00:00
Dr. Stephen Henson
9a542ea01d don't add digest alias if signature algorithm is undefined 2010-03-06 20:52:33 +00:00
Dr. Stephen Henson
1939f83709 Fix memory leak: free up ENGINE functional reference if digest is not
found in an ENGINE.
2010-03-05 13:35:06 +00:00
Dr. Stephen Henson
b7c114f044 PR: 2183
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
2010-03-03 19:56:00 +00:00
Dr. Stephen Henson
ede1351997 Submitted by: Tomas Hoger <thoger@redhat.com>
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
2010-03-03 15:34:11 +00:00
Dr. Stephen Henson
7786ed6a64 don't mix definitions and code 2010-03-03 15:30:05 +00:00
Andy Polyakov
bdd08277b8 Fix s390x-specific HOST_l2c|c2l [from HEAD].
Submitted by: Andreas Krebbel
2010-03-02 16:26:13 +00:00
Dr. Stephen Henson
2bf4faa7e4 PR: 2178
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>

Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.
2010-03-01 23:54:19 +00:00
Dr. Stephen Henson
2e5e604b0c load cryptodev if HAVE_CRYPTODEV is set too 2010-03-01 00:30:11 +00:00
Ben Laurie
ed4cd027f3 Fix warnings. 2010-02-28 13:37:15 +00:00
Dr. Stephen Henson
bab19a2ac2 quote HOSTCC in case it isn't defined 2010-02-26 19:56:10 +00:00
Dr. Stephen Henson
582eb96d15 Revert CFB block length change. Despite what SP800-38a says the input to
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
2010-02-26 14:41:38 +00:00