openssl.git
9 years agoPR: 2714
Dr. Stephen Henson [Fri, 10 Feb 2012 19:44:00 +0000 (19:44 +0000)]
PR: 2714
Submitted by: Tomas Mraz <tmraz@redhat.com>

Make no-srp work.

9 years agoonly cleanup ctx if we need to, save ctx flags when we do
Dr. Stephen Henson [Fri, 10 Feb 2012 16:54:56 +0000 (16:54 +0000)]
only cleanup ctx if we need to, save ctx flags when we do

9 years agoadd fips hmac option and fips blocking overrides to command line utilities
Dr. Stephen Henson [Fri, 10 Feb 2012 16:46:19 +0000 (16:46 +0000)]
add fips hmac option and fips blocking overrides to command line utilities

9 years agoSubmitted by: Eric Rescorla <ekr@rtfm.com>
Dr. Stephen Henson [Fri, 10 Feb 2012 00:03:37 +0000 (00:03 +0000)]
Submitted by: Eric Rescorla <ekr@rtfm.com>

Fix encoding of use_srtp extension to be compliant with RFC5764

9 years agoModify client hello version when renegotiating to enhance interop with
Dr. Stephen Henson [Thu, 9 Feb 2012 15:41:44 +0000 (15:41 +0000)]
Modify client hello version when renegotiating to enhance interop with
some servers.

9 years agobn_nist.c: make new optimized code dependent on BN_LLONG [from HEAD].
Andy Polyakov [Thu, 2 Feb 2012 07:46:19 +0000 (07:46 +0000)]
bn_nist.c: make new optimized code dependent on BN_LLONG [from HEAD].

9 years agohpux-parisc2-*: engage assembler [from HEAD] and make it link.
Andy Polyakov [Thu, 2 Feb 2012 07:42:31 +0000 (07:42 +0000)]
hpux-parisc2-*: engage assembler [from HEAD] and make it link.

9 years agoghash-x86.pl: engage original MMX version in no-sse2 builds [from HEAD].
Andy Polyakov [Wed, 25 Jan 2012 17:56:25 +0000 (17:56 +0000)]
ghash-x86.pl: engage original MMX version in no-sse2 builds [from HEAD].

9 years agox86_64-xlate.pl: 1.0.1-specific typo.
Andy Polyakov [Wed, 25 Jan 2012 17:50:23 +0000 (17:50 +0000)]
x86_64-xlate.pl: 1.0.1-specific typo.

9 years agoonly include bn.h once
Dr. Stephen Henson [Tue, 24 Jan 2012 23:00:36 +0000 (23:00 +0000)]
only include bn.h once

9 years agoonly include evp.h once
Dr. Stephen Henson [Tue, 24 Jan 2012 22:59:46 +0000 (22:59 +0000)]
only include evp.h once

9 years agoonly include string.h once
Dr. Stephen Henson [Tue, 24 Jan 2012 22:58:46 +0000 (22:58 +0000)]
only include string.h once

9 years agoreturn error if md is NULL
Dr. Stephen Henson [Sun, 22 Jan 2012 13:12:50 +0000 (13:12 +0000)]
return error if md is NULL

9 years agocryptlib.c: make even non-Windows builds "strtoull-agnostic" [from HEAD].
Andy Polyakov [Sat, 21 Jan 2012 12:18:29 +0000 (12:18 +0000)]
cryptlib.c: make even non-Windows builds "strtoull-agnostic" [from HEAD].

9 years agox86_64-xlate.pl: proper solution for RT#2620 [from HEAD].
Andy Polyakov [Sat, 21 Jan 2012 11:35:20 +0000 (11:35 +0000)]
x86_64-xlate.pl: proper solution for RT#2620 [from HEAD].

9 years agochange version to beta3-dev
Dr. Stephen Henson [Thu, 19 Jan 2012 17:14:17 +0000 (17:14 +0000)]
change version to beta3-dev

9 years agoupdate files for beta2 release OpenSSL_1_0_1-beta2
Dr. Stephen Henson [Thu, 19 Jan 2012 15:46:43 +0000 (15:46 +0000)]
update files for beta2 release

9 years agoprepare for beta2
Dr. Stephen Henson [Thu, 19 Jan 2012 15:37:57 +0000 (15:37 +0000)]
prepare for beta2

9 years agoFix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Dr. Stephen Henson [Wed, 18 Jan 2012 18:14:56 +0000 (18:14 +0000)]
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)

9 years agoundef some symbols that cause problems with make depend for fips builds
Dr. Stephen Henson [Wed, 18 Jan 2012 01:40:36 +0000 (01:40 +0000)]
undef some symbols that cause problems with make depend for fips builds

9 years agofix CHANGES entry
Dr. Stephen Henson [Tue, 17 Jan 2012 14:19:09 +0000 (14:19 +0000)]
fix CHANGES entry

9 years ago1.0.1-specific OPNESSL vs. OPENSSL typo.
Andy Polyakov [Sun, 15 Jan 2012 13:42:50 +0000 (13:42 +0000)]
1.0.1-specific OPNESSL vs. OPENSSL typo.
PR: 2613
Submitted by: Leena Heino

9 years agoFix OPNESSL vs. OPENSSL typos [from HEAD].
Andy Polyakov [Sun, 15 Jan 2012 13:40:21 +0000 (13:40 +0000)]
Fix OPNESSL vs. OPENSSL typos [from HEAD].
PR: 2613
Submitted by: Leena Heino

9 years agofix warning
Dr. Stephen Henson [Sun, 15 Jan 2012 13:30:52 +0000 (13:30 +0000)]
fix warning

9 years agoSanitize usage of <ctype.h> functions. It's important that characters
Andy Polyakov [Thu, 12 Jan 2012 16:28:03 +0000 (16:28 +0000)]
Sanitize usage of <ctype.h> functions. It's important that characters
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682

9 years agosparcv9cap.c: omit unused variable.
Andy Polyakov [Thu, 12 Jan 2012 14:19:52 +0000 (14:19 +0000)]
sparcv9cap.c: omit unused variable.

9 years agodoc/apps: formatting fixes [from HEAD].
Andy Polyakov [Wed, 11 Jan 2012 21:58:42 +0000 (21:58 +0000)]
doc/apps: formatting fixes [from HEAD].
PR: 2683
Submitted by: Annie Yousar

9 years agospeed.c: typo in pkey_print_message [from HEAD].
Andy Polyakov [Wed, 11 Jan 2012 21:49:16 +0000 (21:49 +0000)]
speed.c: typo in pkey_print_message [from HEAD].
PR: 2681
Submitted by: Annie Yousar

9 years agoecdsa.pod: typo.
Andy Polyakov [Wed, 11 Jan 2012 21:41:50 +0000 (21:41 +0000)]
ecdsa.pod: typo.
PR: 2678
Submitted by: Annie Yousar

9 years agoasn1/t_x509.c: fix serial number print, harmonize with a_int.c [from HEAD].
Andy Polyakov [Wed, 11 Jan 2012 21:12:47 +0000 (21:12 +0000)]
asn1/t_x509.c: fix serial number print, harmonize with a_int.c [from HEAD].
PR: 2675
Submitted by: Annie Yousar

9 years agoaes-sparcv9.pl: clean up regexp [from HEAD].
Andy Polyakov [Wed, 11 Jan 2012 15:32:08 +0000 (15:32 +0000)]
aes-sparcv9.pl: clean up regexp [from HEAD].
PR: 2685

9 years agoPR: 2652
Dr. Stephen Henson [Thu, 5 Jan 2012 14:30:08 +0000 (14:30 +0000)]
PR: 2652
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

OpenVMS fixes.

9 years agoUpdate for 0.9.8s and 1.0.0f.
Bodo Möller [Thu, 5 Jan 2012 13:46:27 +0000 (13:46 +0000)]
Update for 0.9.8s and 1.0.0f.

(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in the 1.0.1 branch, the actual code is here already.)

9 years agoFix for builds without DTLS support.
Bodo Möller [Thu, 5 Jan 2012 10:22:39 +0000 (10:22 +0000)]
Fix for builds without DTLS support.

Submitted by: Brian Carlstrom

9 years agoPR: 2671
Dr. Stephen Henson [Thu, 5 Jan 2012 00:28:29 +0000 (00:28 +0000)]
PR: 2671
Submitted by: steve

Update maximum message size for certifiate verify messages to support
4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.

9 years agoSubmitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Dr. Stephen Henson [Thu, 5 Jan 2012 00:23:31 +0000 (00:23 +0000)]
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send fatal alert if heartbeat extension has an illegal value.

9 years agodisable heartbeats if tlsext disabled
Dr. Stephen Henson [Thu, 5 Jan 2012 00:07:34 +0000 (00:07 +0000)]
disable heartbeats if tlsext disabled

9 years agoupdate CHANGES
Dr. Stephen Henson [Wed, 4 Jan 2012 23:53:52 +0000 (23:53 +0000)]
update CHANGES

9 years agoSubmitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen...
Dr. Stephen Henson [Wed, 4 Jan 2012 23:52:05 +0000 (23:52 +0000)]
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.

9 years agoClear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
Dr. Stephen Henson [Wed, 4 Jan 2012 23:13:29 +0000 (23:13 +0000)]
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)

9 years agofix CHANGES
Dr. Stephen Henson [Wed, 4 Jan 2012 23:11:43 +0000 (23:11 +0000)]
fix CHANGES

9 years agoOnly allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
Dr. Stephen Henson [Wed, 4 Jan 2012 23:07:54 +0000 (23:07 +0000)]
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)

9 years agoCheck GOST parameters are not NULL (CVE-2012-0027)
Dr. Stephen Henson [Wed, 4 Jan 2012 23:03:20 +0000 (23:03 +0000)]
Check GOST parameters are not NULL (CVE-2012-0027)

9 years agoPrevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
Dr. Stephen Henson [Wed, 4 Jan 2012 23:01:19 +0000 (23:01 +0000)]
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)

9 years agofix warnings
Dr. Stephen Henson [Wed, 4 Jan 2012 14:46:04 +0000 (14:46 +0000)]
fix warnings

9 years agoSubmitted by: Adam Langley <agl@chromium.org>
Dr. Stephen Henson [Wed, 4 Jan 2012 14:25:28 +0000 (14:25 +0000)]
Submitted by: Adam Langley <agl@chromium.org>
Reviewed by: steve

Fix memory leaks.

9 years agoonly send heartbeat extension from server if client sent one
Dr. Stephen Henson [Tue, 3 Jan 2012 22:03:07 +0000 (22:03 +0000)]
only send heartbeat extension from server if client sent one

9 years agoprepare for 1.0.1-beta1 OpenSSL_1_0_1-beta1
Dr. Stephen Henson [Tue, 3 Jan 2012 13:30:28 +0000 (13:30 +0000)]
prepare for 1.0.1-beta1

9 years agoOpenSSL 1.0.1 is now in beta.
Dr. Stephen Henson [Mon, 2 Jan 2012 18:28:28 +0000 (18:28 +0000)]
OpenSSL 1.0.1 is now in beta.

9 years agoincomplete provisional OAEP CMS decrypt support
Dr. Stephen Henson [Mon, 2 Jan 2012 18:16:40 +0000 (18:16 +0000)]
incomplete provisional OAEP CMS decrypt support

9 years agomake update
Dr. Stephen Henson [Mon, 2 Jan 2012 16:41:11 +0000 (16:41 +0000)]
make update

9 years agoupdate NEWS
Dr. Stephen Henson [Mon, 2 Jan 2012 16:31:46 +0000 (16:31 +0000)]
update NEWS

9 years agorecognise HEARTBEATS in mkdef.pl script
Dr. Stephen Henson [Sat, 31 Dec 2011 23:49:45 +0000 (23:49 +0000)]
recognise HEARTBEATS in mkdef.pl script

9 years agoupdate CHANGES
Dr. Stephen Henson [Sat, 31 Dec 2011 23:07:28 +0000 (23:07 +0000)]
update CHANGES

9 years agoPR: 2658
Dr. Stephen Henson [Sat, 31 Dec 2011 23:00:36 +0000 (23:00 +0000)]
PR: 2658
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.

9 years agomake error code checking strict
Dr. Stephen Henson [Tue, 27 Dec 2011 15:17:50 +0000 (15:17 +0000)]
make error code checking strict

9 years agomake update
Dr. Stephen Henson [Tue, 27 Dec 2011 14:38:27 +0000 (14:38 +0000)]
make update

9 years agofix error code
Dr. Stephen Henson [Tue, 27 Dec 2011 14:37:43 +0000 (14:37 +0000)]
fix error code

9 years agofix deprecated statement
Dr. Stephen Henson [Tue, 27 Dec 2011 14:36:57 +0000 (14:36 +0000)]
fix deprecated statement

9 years agoupdate default depflags
Dr. Stephen Henson [Tue, 27 Dec 2011 14:28:25 +0000 (14:28 +0000)]
update default depflags

9 years agoPR: 1794
Dr. Stephen Henson [Tue, 27 Dec 2011 14:23:22 +0000 (14:23 +0000)]
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.

- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup

9 years agoPR: 2326
Dr. Stephen Henson [Mon, 26 Dec 2011 19:38:09 +0000 (19:38 +0000)]
PR: 2326
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve

Fix incorrect comma expressions and goto f_err as alert has been set.

9 years agorecognise no-sctp
Dr. Stephen Henson [Sun, 25 Dec 2011 14:59:40 +0000 (14:59 +0000)]
recognise no-sctp

9 years agoupdate ordinals
Dr. Stephen Henson [Sun, 25 Dec 2011 14:48:44 +0000 (14:48 +0000)]
update ordinals

9 years agorecognise SCTP in mkdef.pl script
Dr. Stephen Henson [Sun, 25 Dec 2011 14:47:46 +0000 (14:47 +0000)]
recognise SCTP in mkdef.pl script

9 years agoPR: 2535
Dr. Stephen Henson [Sun, 25 Dec 2011 14:45:40 +0000 (14:45 +0000)]
PR: 2535
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Add SCTP support for DTLS (RFC 6083).

9 years agotypo
Dr. Stephen Henson [Fri, 23 Dec 2011 15:03:16 +0000 (15:03 +0000)]
typo

9 years agodelete unimplemented function from header file, update ordinals
Dr. Stephen Henson [Fri, 23 Dec 2011 14:10:35 +0000 (14:10 +0000)]
delete unimplemented function from header file, update ordinals

9 years agoupdate ordinals
Dr. Stephen Henson [Thu, 22 Dec 2011 16:10:04 +0000 (16:10 +0000)]
update ordinals

9 years agoremove prototype for deleted SRP function
Dr. Stephen Henson [Thu, 22 Dec 2011 16:01:23 +0000 (16:01 +0000)]
remove prototype for deleted SRP function

9 years agoNew ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
Dr. Stephen Henson [Thu, 22 Dec 2011 15:01:16 +0000 (15:01 +0000)]
New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
New function to retrieve compression method from SSL_SESSION structure.

Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.

9 years agoFix DTLS.
Ben Laurie [Tue, 20 Dec 2011 15:05:03 +0000 (15:05 +0000)]
Fix DTLS.

9 years agoPR: 2563
Dr. Stephen Henson [Mon, 19 Dec 2011 17:02:35 +0000 (17:02 +0000)]
PR: 2563
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve

Improved PRNG seeding for VOS.

9 years agoupdate CHANGES.
Andy Polyakov [Mon, 19 Dec 2011 14:49:05 +0000 (14:49 +0000)]
update CHANGES.

9 years agoupdate CHANGES
Dr. Stephen Henson [Mon, 19 Dec 2011 14:40:02 +0000 (14:40 +0000)]
update CHANGES

9 years agoapps/speed.c: fix typo in last commit.
Andy Polyakov [Mon, 19 Dec 2011 14:33:37 +0000 (14:33 +0000)]
apps/speed.c: fix typo in last commit.

9 years agoapps/speed.c: Cygwin alarm() fails sometimes.
Andy Polyakov [Thu, 15 Dec 2011 22:30:11 +0000 (22:30 +0000)]
apps/speed.c: Cygwin alarm() fails sometimes.
PR: 2655

9 years agovpaes-x86.pl: revert previous commit and solve the problem through x86masm.pl [from...
Andy Polyakov [Thu, 15 Dec 2011 22:20:26 +0000 (22:20 +0000)]
vpaes-x86.pl: revert previous commit and solve the problem through x86masm.pl [from HEAD].
PR: 2657

9 years agoPR: 1794
Dr. Stephen Henson [Wed, 14 Dec 2011 22:18:03 +0000 (22:18 +0000)]
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Remove unnecessary code for srp and to add some comments to
s_client.

- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable

- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.

9 years agovpaes-x86.pl: portability fix.
Andy Polyakov [Wed, 14 Dec 2011 21:30:25 +0000 (21:30 +0000)]
vpaes-x86.pl: portability fix.
PR: 2657

9 years agoRemove redundant TLS exporter.
Ben Laurie [Tue, 13 Dec 2011 14:35:12 +0000 (14:35 +0000)]
Remove redundant TLS exporter.

9 years agoSSL export fixes (from Adam Langley).
Ben Laurie [Tue, 13 Dec 2011 14:25:11 +0000 (14:25 +0000)]
SSL export fixes (from Adam Langley).

9 years agomodexp512-x86_64.pl: Solaris portability fix [from HEAD].
Andy Polyakov [Mon, 12 Dec 2011 15:12:09 +0000 (15:12 +0000)]
modexp512-x86_64.pl: Solaris portability fix [from HEAD].
PR: 2656

9 years agodetect and use older PKITS data
Dr. Stephen Henson [Sun, 11 Dec 2011 16:39:56 +0000 (16:39 +0000)]
detect and use older PKITS data

9 years agotypo
Dr. Stephen Henson [Sat, 10 Dec 2011 01:37:55 +0000 (01:37 +0000)]
typo

9 years agoadd commented out option to allow use of older PKITS data
Dr. Stephen Henson [Sat, 10 Dec 2011 00:50:16 +0000 (00:50 +0000)]
add commented out option to allow use of older PKITS data

9 years agoremove old -attime code, new version includes all old functionality
Dr. Stephen Henson [Sat, 10 Dec 2011 00:42:48 +0000 (00:42 +0000)]
remove old -attime code, new version includes all old functionality

9 years agoimplement -attime option as a verify parameter then it works with all relevant applic...
Dr. Stephen Henson [Sat, 10 Dec 2011 00:37:42 +0000 (00:37 +0000)]
implement -attime option as a verify parameter then it works with all relevant applications

9 years agoFix warning.
Ben Laurie [Fri, 9 Dec 2011 20:15:48 +0000 (20:15 +0000)]
Fix warning.

9 years agoperlasm/x86gas.pl: give a hand old assemblers assembling loop instruction
Andy Polyakov [Fri, 9 Dec 2011 19:16:35 +0000 (19:16 +0000)]
perlasm/x86gas.pl: give a hand old assemblers assembling loop instruction
[from HEAD].

9 years agocryptlib.c: allow for OPENSSL_ia32cap=~0x????? syntax for environment value
Andy Polyakov [Fri, 9 Dec 2011 15:46:41 +0000 (15:46 +0000)]
cryptlib.c: allow for OPENSSL_ia32cap=~0x????? syntax for environment value
in question.

9 years agox86-mont.pl: fix bug in integer-only squaring path.
Andy Polyakov [Fri, 9 Dec 2011 14:26:28 +0000 (14:26 +0000)]
x86-mont.pl: fix bug in integer-only squaring path.
PR: 2648

9 years agoReplace expired test server and client certificates with new ones.
Dr. Stephen Henson [Thu, 8 Dec 2011 14:45:15 +0000 (14:45 +0000)]
Replace expired test server and client certificates with new ones.

9 years agofix error discrepancy
Dr. Stephen Henson [Wed, 7 Dec 2011 12:28:50 +0000 (12:28 +0000)]
fix error discrepancy

9 years agoThe default CN prompt message can be confusing when often the CN needs to
Dr. Stephen Henson [Tue, 6 Dec 2011 00:00:51 +0000 (00:00 +0000)]
The default CN prompt message can be confusing when often the CN needs to
 be the server FQDN: change it.
[Reported by PSW Group]

9 years agoFix exporter.
Ben Laurie [Fri, 2 Dec 2011 16:49:32 +0000 (16:49 +0000)]
Fix exporter.

9 years agoFix warnings.
Ben Laurie [Fri, 2 Dec 2011 14:39:41 +0000 (14:39 +0000)]
Fix warnings.

9 years agoResolve a stack set-up race condition (if the list of compression
Bodo Möller [Fri, 2 Dec 2011 12:51:41 +0000 (12:51 +0000)]
Resolve a stack set-up race condition (if the list of compression
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley

9 years agoFix ecdsatest.c.
Bodo Möller [Fri, 2 Dec 2011 12:40:42 +0000 (12:40 +0000)]
Fix ecdsatest.c.

Submitted by: Emilia Kasper

9 years agoFix BIO_f_buffer().
Bodo Möller [Fri, 2 Dec 2011 12:24:48 +0000 (12:24 +0000)]
Fix BIO_f_buffer().

Submitted by: Adam Langley
Reviewed by: Bodo Moeller