openssl.git
7 years agofix error discrepancy
Dr. Stephen Henson [Wed, 7 Dec 2011 12:28:40 +0000 (12:28 +0000)]
fix error discrepancy

7 years agoDocument RFC5114 "generation" options.
Dr. Stephen Henson [Wed, 7 Dec 2011 00:42:22 +0000 (00:42 +0000)]
Document RFC5114 "generation" options.

7 years agoInitial experimental support for X9.42 DH parameter format to handle
Dr. Stephen Henson [Wed, 7 Dec 2011 00:32:34 +0000 (00:32 +0000)]
Initial experimental support for X9.42 DH parameter format to handle
RFC5114 parameters and X9.42 DH public and private keys.

7 years agoThe default CN prompt message can be confusing when often the CN needs to
Dr. Stephen Henson [Tue, 6 Dec 2011 00:00:30 +0000 (00:00 +0000)]
The default CN prompt message can be confusing when often the CN needs to
 be the server FQDN: change it.
[Reported by PSW Group]

7 years agoResolve a stack set-up race condition (if the list of compression
Bodo Möller [Fri, 2 Dec 2011 12:52:00 +0000 (12:52 +0000)]
Resolve a stack set-up race condition (if the list of compression
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley

7 years agoFix ecdsatest.c.
Bodo Möller [Fri, 2 Dec 2011 12:41:17 +0000 (12:41 +0000)]
Fix ecdsatest.c.

Submitted by: Emilia Kasper

7 years agoUpdate HEAD CHANGES file.
Bodo Möller [Fri, 2 Dec 2011 12:28:20 +0000 (12:28 +0000)]
Update HEAD CHANGES file.

7 years agoFix BIO_f_buffer().
Bodo Möller [Fri, 2 Dec 2011 12:25:03 +0000 (12:25 +0000)]
Fix BIO_f_buffer().

Submitted by: Adam Langley
Reviewed by: Bodo Moeller

7 years agoUpdate DH_check() to peform sensible checks when q parameter is present.
Dr. Stephen Henson [Thu, 1 Dec 2011 17:27:36 +0000 (17:27 +0000)]
Update DH_check() to peform sensible checks when q parameter is present.

7 years agoCorrect some parameter values.
Dr. Stephen Henson [Thu, 1 Dec 2011 17:26:58 +0000 (17:26 +0000)]
Correct some parameter values.

7 years agobn/asm/mips.pl: fix typos.
Andy Polyakov [Thu, 1 Dec 2011 12:16:09 +0000 (12:16 +0000)]
bn/asm/mips.pl: fix typos.

7 years agoreturn error if counter exceeds limit and seed value supplied
Dr. Stephen Henson [Fri, 25 Nov 2011 16:03:42 +0000 (16:03 +0000)]
return error if counter exceeds limit and seed value supplied

7 years agocheck counter value against 4 * L, not 4096
Dr. Stephen Henson [Fri, 25 Nov 2011 15:01:23 +0000 (15:01 +0000)]
check counter value against 4 * L, not 4096

7 years agoPR: 1794
Dr. Stephen Henson [Fri, 25 Nov 2011 00:17:44 +0000 (00:17 +0000)]
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Make SRP conformant to rfc 5054.

Changes are:

- removal of the addition state after client hello
- removal of all pre-rfc srp alert ids
- sending a fatal alert when there is no srp extension but when the
server wants SRP
- removal of unnecessary code in the client.

7 years agoFix NPN implementation for renegotiation.
Bodo Möller [Thu, 24 Nov 2011 21:07:01 +0000 (21:07 +0000)]
Fix NPN implementation for renegotiation.
(Problem pointed out by Ben Murphy.)

Submitted by: Adam Langley

7 years agosync and update ordinals
Dr. Stephen Henson [Tue, 22 Nov 2011 14:46:09 +0000 (14:46 +0000)]
sync and update ordinals

7 years agoadd cryptlib.h to mkdef.pl
Dr. Stephen Henson [Tue, 22 Nov 2011 14:44:58 +0000 (14:44 +0000)]
add cryptlib.h to mkdef.pl

7 years agosync and update ordinals
Dr. Stephen Henson [Mon, 21 Nov 2011 22:57:41 +0000 (22:57 +0000)]
sync and update ordinals

7 years agoadd strp.h to mkdef.pl headers
Dr. Stephen Henson [Mon, 21 Nov 2011 22:55:23 +0000 (22:55 +0000)]
add strp.h to mkdef.pl headers

7 years agomove internal functions to ssl_locl.h
Dr. Stephen Henson [Mon, 21 Nov 2011 22:52:13 +0000 (22:52 +0000)]
move internal functions to ssl_locl.h

7 years agobcmp doesn't exist on all platforms, replace with memcmp
Dr. Stephen Henson [Mon, 21 Nov 2011 22:28:29 +0000 (22:28 +0000)]
bcmp doesn't exist on all platforms, replace with memcmp

8 years agobsaes-x86_64.pl: fix buffer overrun in tail processing.
Andy Polyakov [Wed, 16 Nov 2011 23:34:01 +0000 (23:34 +0000)]
bsaes-x86_64.pl: fix buffer overrun in tail processing.

8 years agoIn EC_KEY_set_public_key_affine_coordinates include explicit check to see passed...
Dr. Stephen Henson [Wed, 16 Nov 2011 13:28:35 +0000 (13:28 +0000)]
In EC_KEY_set_public_key_affine_coordinates include explicit check to see passed components do not exceed field order

8 years agoAdd TLS exporter.
Ben Laurie [Tue, 15 Nov 2011 23:50:52 +0000 (23:50 +0000)]
Add TLS exporter.

8 years agoAdd DTLS-SRTP.
Ben Laurie [Tue, 15 Nov 2011 22:59:20 +0000 (22:59 +0000)]
Add DTLS-SRTP.

8 years agoConfigure: reimplement commit#21695.
Andy Polyakov [Tue, 15 Nov 2011 12:32:18 +0000 (12:32 +0000)]
Configure: reimplement commit#21695.

8 years agoConfigure, e_aes.c: allow for XTS assembler implementation.
Andy Polyakov [Tue, 15 Nov 2011 12:18:40 +0000 (12:18 +0000)]
Configure, e_aes.c: allow for XTS assembler implementation.

8 years agoFix some warnings caused by __owur. Temporarily (I hope) remove the more
Ben Laurie [Mon, 14 Nov 2011 00:36:10 +0000 (00:36 +0000)]
Fix some warnings caused by __owur. Temporarily (I hope) remove the more
aspirational __owur annotations.

8 years agobsaes-x86_64.pl: add Win64 SEH and "hadrware" calls to aes-x86_64.pl.
Andy Polyakov [Sun, 13 Nov 2011 20:33:41 +0000 (20:33 +0000)]
bsaes-x86_64.pl: add Win64 SEH and "hadrware" calls to aes-x86_64.pl.

8 years agobn_nist.c: fix strict-aliasing compiler warning.
Andy Polyakov [Sun, 13 Nov 2011 17:31:03 +0000 (17:31 +0000)]
bn_nist.c: fix strict-aliasing compiler warning.

8 years agoAdd RFC5114 DH parameters to OpenSSL. Add test data to dhtest.
Dr. Stephen Henson [Sun, 13 Nov 2011 14:07:36 +0000 (14:07 +0000)]
Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest.

8 years agoPR: 1794
Dr. Stephen Henson [Sun, 13 Nov 2011 13:13:01 +0000 (13:13 +0000)]
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c

8 years agorc4test.c: commit#21684 broke x86_64 shared Linux build. This is temporary
Andy Polyakov [Sat, 12 Nov 2011 13:37:20 +0000 (13:37 +0000)]
rc4test.c: commit#21684 broke x86_64 shared Linux build. This is temporary
solution so that one can build rc4test...

8 years agoe_aes.c: additional sanity check in aes_xts_cipher.
Andy Polyakov [Sat, 12 Nov 2011 13:26:36 +0000 (13:26 +0000)]
e_aes.c: additional sanity check in aes_xts_cipher.

8 years agocryptlib.c, etc.: fix linker warnings in 64-bit Darwin build.
Andy Polyakov [Sat, 12 Nov 2011 13:10:00 +0000 (13:10 +0000)]
cryptlib.c, etc.: fix linker warnings in 64-bit Darwin build.

8 years agoConfigure, x86gas.pl: fix linker warnings in 32-bit Darwin build.
Andy Polyakov [Sat, 12 Nov 2011 12:16:11 +0000 (12:16 +0000)]
Configure, x86gas.pl: fix linker warnings in 32-bit Darwin build.

8 years agoengines/: get rid of cvs warnings on MacOS X, proper clean in ccgost.
Andy Polyakov [Sat, 12 Nov 2011 12:13:13 +0000 (12:13 +0000)]
engines/: get rid of cvs warnings on MacOS X, proper clean in ccgost.

8 years agoMakefile.org: proper libclean on MacOS X.
Andy Polyakov [Sat, 12 Nov 2011 11:57:54 +0000 (11:57 +0000)]
Makefile.org: proper libclean on MacOS X.

8 years agoportability fix for some perl versions
Dr. Stephen Henson [Fri, 11 Nov 2011 19:01:25 +0000 (19:01 +0000)]
portability fix for some perl versions

8 years agobsaes-x86_64.pl: add bsaes_xts_[en|de]crypt.
Andy Polyakov [Thu, 10 Nov 2011 22:41:31 +0000 (22:41 +0000)]
bsaes-x86_64.pl: add bsaes_xts_[en|de]crypt.

8 years agoarm_arch.h: allow to specify __ARM_ARCH__ elsewhere.
Andy Polyakov [Wed, 9 Nov 2011 20:08:44 +0000 (20:08 +0000)]
arm_arch.h: allow to specify __ARM_ARCH__ elsewhere.

8 years agox86cpuid.pl: compensate for imaginary virtual machines.
Andy Polyakov [Tue, 8 Nov 2011 21:27:44 +0000 (21:27 +0000)]
x86cpuid.pl: compensate for imaginary virtual machines.

8 years agoConfigure: harmonize darwin64-x86_64-cc line with assembler pack.
Andy Polyakov [Tue, 8 Nov 2011 18:32:07 +0000 (18:32 +0000)]
Configure: harmonize darwin64-x86_64-cc line with assembler pack.

8 years agoconfig: KERNEL_BITS envrionment variable to control choice between 32-
Andy Polyakov [Tue, 8 Nov 2011 14:40:33 +0000 (14:40 +0000)]
config: KERNEL_BITS envrionment variable to control choice between 32-
and 64-bit Solaris builds.

8 years agoconfig: KERNEL_BITS envrionment variable to control choice between 32- and
Andy Polyakov [Tue, 8 Nov 2011 13:31:28 +0000 (13:31 +0000)]
config: KERNEL_BITS envrionment variable to control choice between 32- and
64-bit darwin builds.

8 years agoConfigure: initial support for iOS.
Andy Polyakov [Tue, 8 Nov 2011 13:02:57 +0000 (13:02 +0000)]
Configure: initial support for iOS.

8 years agoConfigure: allow ./config to pass compiler flags with white spaces.
Andy Polyakov [Tue, 8 Nov 2011 12:45:00 +0000 (12:45 +0000)]
Configure: allow ./config to pass compiler flags with white spaces.

8 years agofips_canister.c: add cross-compiler support for iOS (it applies even to
Andy Polyakov [Tue, 8 Nov 2011 12:21:32 +0000 (12:21 +0000)]
fips_canister.c: add cross-compiler support for iOS (it applies even to
MacOS X, because it's easier to handle it this way).

8 years agofips_premain.c: fix warning about _exit on MacOS X.
Andy Polyakov [Tue, 8 Nov 2011 12:15:04 +0000 (12:15 +0000)]
fips_premain.c: fix warning about _exit on MacOS X.

8 years agofipsld, incore: switch to new cross-compile support.
Andy Polyakov [Sun, 6 Nov 2011 23:22:58 +0000 (23:22 +0000)]
fipsld, incore: switch to new cross-compile support.

8 years agoe_aes.c: fold aesni_xts_cipher and [most importantly] fix aes_xts_cipher's
Andy Polyakov [Sun, 6 Nov 2011 19:48:39 +0000 (19:48 +0000)]
e_aes.c: fold aesni_xts_cipher and [most importantly] fix aes_xts_cipher's
return value after custom flag was rightly reverted.

8 years agocheck for unset entropy and nonce callbacks
Dr. Stephen Henson [Sun, 6 Nov 2011 13:08:41 +0000 (13:08 +0000)]
check for unset entropy and nonce callbacks

8 years agoUpdate fips_test_suite to take multiple command line options and
Dr. Stephen Henson [Sun, 6 Nov 2011 12:53:13 +0000 (12:53 +0000)]
Update fips_test_suite to take multiple command line options and
an induced error checking function.

8 years agotypo
Dr. Stephen Henson [Sat, 5 Nov 2011 18:25:40 +0000 (18:25 +0000)]
typo

8 years agomake post failure simulation reversible in all cases
Dr. Stephen Henson [Sat, 5 Nov 2011 18:14:42 +0000 (18:14 +0000)]
make post failure simulation reversible in all cases

8 years agotypo: use key for POST callback
Dr. Stephen Henson [Sat, 5 Nov 2011 18:11:05 +0000 (18:11 +0000)]
typo: use key for POST callback

8 years agofix set but unused warnings
Dr. Stephen Henson [Sat, 5 Nov 2011 18:04:31 +0000 (18:04 +0000)]
fix set but unused warnings

8 years agoarmv4cpuid.S, armv4-gf2m.pl: make newest code compilable by older assembler.
Andy Polyakov [Sat, 5 Nov 2011 13:07:18 +0000 (13:07 +0000)]
armv4cpuid.S, armv4-gf2m.pl: make newest code compilable by older assembler.

8 years agox86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs.
Andy Polyakov [Sat, 5 Nov 2011 10:44:12 +0000 (10:44 +0000)]
x86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs.
PR: 2633

8 years agoppc.pl: fix bug in bn_mul_comba4.
Andy Polyakov [Sat, 5 Nov 2011 10:16:04 +0000 (10:16 +0000)]
ppc.pl: fix bug in bn_mul_comba4.
PR: 2636
Submitted by: Charles Bryant

8 years agoAdd single call public key sign and verify functions.
Dr. Stephen Henson [Sat, 5 Nov 2011 01:34:36 +0000 (01:34 +0000)]
Add single call public key sign and verify functions.

8 years agoAdd support for memory leak checking in fips_algvs.
Dr. Stephen Henson [Wed, 2 Nov 2011 19:17:30 +0000 (19:17 +0000)]
Add support for memory leak checking in fips_algvs.

Fix many memory leaks in algorithm test utilities.

8 years agoRemove duplicate test from health check.
Dr. Stephen Henson [Wed, 2 Nov 2011 16:58:17 +0000 (16:58 +0000)]
Remove duplicate test from health check.
Fix memory leaks by uninstantiating DRBG before reinitialising it.

8 years agoPrint out an error for "make test" in FIPS builds. (from FIPS stable)
Dr. Stephen Henson [Wed, 2 Nov 2011 00:58:17 +0000 (00:58 +0000)]
Print out an error for "make test" in FIPS builds. (from FIPS stable)

8 years agoAdd fips_algvs utility (from FIPS 2.0 stable branch).
Dr. Stephen Henson [Wed, 2 Nov 2011 00:57:22 +0000 (00:57 +0000)]
Add fips_algvs utility (from FIPS 2.0 stable branch).

8 years agoTypo...
Richard Levitte [Sun, 30 Oct 2011 14:43:53 +0000 (14:43 +0000)]
Typo...

8 years agobsaes-x86_64.pl: add CBC decrypt and engage it in e_aes.c.
Andy Polyakov [Sun, 30 Oct 2011 12:15:56 +0000 (12:15 +0000)]
bsaes-x86_64.pl: add CBC decrypt and engage it in e_aes.c.

8 years agoAdd missing algorithms to disable, and in particular, disable
Richard Levitte [Sun, 30 Oct 2011 11:46:07 +0000 (11:46 +0000)]
Add missing algorithms to disable, and in particular, disable
EC_NISTP_64_GCC_128 by default, as GCC isn't currently supported on
VMS.  Synchronise with Unix.

8 years agoTeach mkshared.com to have a look for disabled algorithms in opensslconf.h
Richard Levitte [Sun, 30 Oct 2011 11:40:54 +0000 (11:40 +0000)]
Teach mkshared.com to have a look for disabled algorithms in opensslconf.h

8 years agobn_exp.c: fix corner case in new constant-time code.
Andy Polyakov [Sat, 29 Oct 2011 19:25:13 +0000 (19:25 +0000)]
bn_exp.c: fix corner case in new constant-time code.

Submitted by: Emilia Kasper

8 years agobsaes-x86_64.pl: optimize InvMixColumns.
Andy Polyakov [Sat, 29 Oct 2011 11:56:21 +0000 (11:56 +0000)]
bsaes-x86_64.pl: optimize InvMixColumns.

8 years agobsaes-x86_64.pl: add decryption procedure (with unoptimized reference
Andy Polyakov [Sat, 29 Oct 2011 11:47:20 +0000 (11:47 +0000)]
bsaes-x86_64.pl: add decryption procedure (with unoptimized reference
InvMixColumns).

8 years agoPR: 2628
Dr. Stephen Henson [Thu, 27 Oct 2011 13:06:52 +0000 (13:06 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.

8 years agoPR: 2628
Dr. Stephen Henson [Thu, 27 Oct 2011 13:01:33 +0000 (13:01 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix for ECC keys and DTLS.

8 years agoPR: 2632
Dr. Stephen Henson [Wed, 26 Oct 2011 16:43:34 +0000 (16:43 +0000)]
PR: 2632
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.

8 years agoUse correct tag for SRP username.
Dr. Stephen Henson [Tue, 25 Oct 2011 12:51:22 +0000 (12:51 +0000)]
Use correct tag for SRP username.

8 years agotypo
Dr. Stephen Henson [Mon, 24 Oct 2011 13:23:51 +0000 (13:23 +0000)]
typo

8 years agoe_aes.c: fold even aesni_ccm_cipher.
Andy Polyakov [Mon, 24 Oct 2011 06:00:06 +0000 (06:00 +0000)]
e_aes.c: fold even aesni_ccm_cipher.

8 years agoe_aes.c: prevent potential DoS in aes_gcm_tls_cipher.
Andy Polyakov [Sun, 23 Oct 2011 22:58:40 +0000 (22:58 +0000)]
e_aes.c: prevent potential DoS in aes_gcm_tls_cipher.

8 years agocryptlib.c: remove stdio dependency in Windows fipscanister.lib.
Andy Polyakov [Sun, 23 Oct 2011 19:41:00 +0000 (19:41 +0000)]
cryptlib.c: remove stdio dependency in Windows fipscanister.lib.

8 years agoNo need for custom flag in XTS mode: block length is 1.
Dr. Stephen Henson [Sun, 23 Oct 2011 17:06:28 +0000 (17:06 +0000)]
No need for custom flag in XTS mode: block length is 1.

8 years agofips_canister.c: harmonize fingerprinting for all Windows, CE or not.
Andy Polyakov [Sun, 23 Oct 2011 15:17:30 +0000 (15:17 +0000)]
fips_canister.c: harmonize fingerprinting for all Windows, CE or not.

8 years agoconfig: in cross-compile case interrogate cross-compiler, not host, work
Andy Polyakov [Sun, 23 Oct 2011 15:12:37 +0000 (15:12 +0000)]
config: in cross-compile case interrogate cross-compiler, not host, work
around sub-shell limitation.

8 years agoCheck for selftest failure in various places.
Dr. Stephen Henson [Sat, 22 Oct 2011 17:24:27 +0000 (17:24 +0000)]
Check for selftest failure in various places.

8 years agox86gas.pl: relax .init segment alignment.
Andy Polyakov [Sat, 22 Oct 2011 10:49:52 +0000 (10:49 +0000)]
x86gas.pl: relax .init segment alignment.

8 years agomk1mk.pl: cleanup engines' handling and make fips build work on WIN64I.
Andy Polyakov [Fri, 21 Oct 2011 19:34:48 +0000 (19:34 +0000)]
mk1mk.pl: cleanup engines' handling and make fips build work on WIN64I.

8 years agoUpdate error codes.
Dr. Stephen Henson [Fri, 21 Oct 2011 11:46:16 +0000 (11:46 +0000)]
Update error codes.

8 years agofips.c: remove preprocessor artefact.
Andy Polyakov [Fri, 21 Oct 2011 06:03:45 +0000 (06:03 +0000)]
fips.c: remove preprocessor artefact.

8 years agofix (?) AVX clearing
Dr. Stephen Henson [Fri, 21 Oct 2011 01:57:37 +0000 (01:57 +0000)]
fix (?) AVX clearing

8 years agoCheck for uninitialised DRBG_CTX and don't free up default DRBG_CTX.
Dr. Stephen Henson [Fri, 21 Oct 2011 00:12:53 +0000 (00:12 +0000)]
Check for uninitialised DRBG_CTX and don't free up default DRBG_CTX.

8 years agofips.c: x86[_64] capability masking.
Andy Polyakov [Thu, 20 Oct 2011 21:03:09 +0000 (21:03 +0000)]
fips.c: x86[_64] capability masking.

8 years agoarmcap.c: auto-setup processor capability vector.
Andy Polyakov [Thu, 20 Oct 2011 20:52:26 +0000 (20:52 +0000)]
armcap.c: auto-setup processor capability vector.

8 years agoFix error codes.
Dr. Stephen Henson [Thu, 20 Oct 2011 13:56:01 +0000 (13:56 +0000)]
Fix error codes.

8 years agofips/fips_[canister|premain].c: make it work with VC6 and add sentinels
Andy Polyakov [Thu, 20 Oct 2011 12:09:13 +0000 (12:09 +0000)]
fips/fips_[canister|premain].c: make it work with VC6 and add sentinels
even to code segments.

8 years agosha1-mips.pl: fix typo.
Andy Polyakov [Thu, 20 Oct 2011 08:39:29 +0000 (08:39 +0000)]
sha1-mips.pl: fix typo.

8 years agoDrain unused MacOS directory.
Andy Polyakov [Thu, 20 Oct 2011 08:28:06 +0000 (08:28 +0000)]
Drain unused MacOS directory.

8 years agoAdd "nopass" for empty password too.
Dr. Stephen Henson [Wed, 19 Oct 2011 23:23:35 +0000 (23:23 +0000)]
Add "nopass" for empty password too.

8 years agoadd authentication parameter to FIPS_module_mode_set
Dr. Stephen Henson [Wed, 19 Oct 2011 22:34:53 +0000 (22:34 +0000)]
add authentication parameter to FIPS_module_mode_set

8 years agovxworks-mips: unify and add assembler.
Andy Polyakov [Wed, 19 Oct 2011 21:49:20 +0000 (21:49 +0000)]
vxworks-mips: unify and add assembler.

8 years agoRemove superseded MIPS assembler modules.
Andy Polyakov [Wed, 19 Oct 2011 21:42:21 +0000 (21:42 +0000)]
Remove superseded MIPS assembler modules.