openssl.git
9 years agoMissing declarations, no assembler in PEDANTIC.
Ben Laurie [Sat, 1 May 2010 14:41:25 +0000 (14:41 +0000)]
Missing declarations, no assembler in PEDANTIC.

9 years agobss_file.c: refine UTF-8 logic on Windows.
Andy Polyakov [Wed, 28 Apr 2010 20:02:28 +0000 (20:02 +0000)]
bss_file.c: refine UTF-8 logic on Windows.

9 years agoAdd ghash-parisc.pl.
Andy Polyakov [Wed, 28 Apr 2010 18:51:45 +0000 (18:51 +0000)]
Add ghash-parisc.pl.

9 years agoTake gcm128.c and ghash assembler modules into the build loop.
Andy Polyakov [Thu, 22 Apr 2010 21:36:26 +0000 (21:36 +0000)]
Take gcm128.c and ghash assembler modules into the build loop.

9 years agobss_file.c: reserve for option to encode file name with UTF-8.
Andy Polyakov [Wed, 21 Apr 2010 20:38:21 +0000 (20:38 +0000)]
bss_file.c: reserve for option to encode file name with UTF-8.

9 years agomd5-ia64.S: fix assembler warning.
Andy Polyakov [Tue, 20 Apr 2010 20:40:46 +0000 (20:40 +0000)]
md5-ia64.S: fix assembler warning.

9 years agoPR: 2241
Dr. Stephen Henson [Tue, 20 Apr 2010 12:53:18 +0000 (12:53 +0000)]
PR: 2241
Submitted By: Artemy Lebedev <vagran.ast@gmail.com>

Typo.

9 years agonew function to diff tm structures
Dr. Stephen Henson [Thu, 15 Apr 2010 13:25:26 +0000 (13:25 +0000)]
new function to diff tm structures

9 years agooops revert patch not part of Configure diff
Dr. Stephen Henson [Thu, 15 Apr 2010 13:24:20 +0000 (13:24 +0000)]
oops revert patch not part of Configure diff

9 years agooops, commit Configure part of PR#2234
Dr. Stephen Henson [Thu, 15 Apr 2010 13:17:15 +0000 (13:17 +0000)]
oops, commit Configure part of PR#2234

9 years agoPR: 2234
Dr. Stephen Henson [Wed, 14 Apr 2010 23:07:12 +0000 (23:07 +0000)]
PR: 2234
Submitted By: Matthias Andree <matthias.andree@gmx.de>

Use correct path to openssl utility in c_rehash script.

9 years agoPR: 2235
Dr. Stephen Henson [Wed, 14 Apr 2010 23:04:12 +0000 (23:04 +0000)]
PR: 2235
Submitted By: Bruce Stephens <bruce.stephens@isode.com>

Make ts/Makefile consistent with other Makefiles.

9 years agox86_64cpuid.pl: ml64 is allergic to db on label line.
Andy Polyakov [Wed, 14 Apr 2010 19:24:48 +0000 (19:24 +0000)]
x86_64cpuid.pl: ml64 is allergic to db on label line.

9 years agogcm128.c and assembler modules: change argument order for gcm_ghash_4bit.
Andy Polyakov [Wed, 14 Apr 2010 19:04:51 +0000 (19:04 +0000)]
gcm128.c and assembler modules: change argument order for gcm_ghash_4bit.
ghash-x86*.pl: fix performance numbers for Core2, as it turned out
previous ones were "tainted" by variable clock frequency.

9 years agoupdate FAQ
Dr. Stephen Henson [Wed, 14 Apr 2010 13:21:21 +0000 (13:21 +0000)]
update FAQ

9 years ago[co]fb128.c: fix "n=0" bug.
Andy Polyakov [Wed, 14 Apr 2010 07:47:28 +0000 (07:47 +0000)]
[co]fb128.c: fix "n=0" bug.

9 years agofix signed/unsigned comparison warnings
Dr. Stephen Henson [Wed, 14 Apr 2010 00:41:14 +0000 (00:41 +0000)]
fix signed/unsigned comparison warnings

9 years agofix bug in ccgost CFB mode code
Dr. Stephen Henson [Wed, 14 Apr 2010 00:33:06 +0000 (00:33 +0000)]
fix bug in ccgost CFB mode code

9 years agocheck ASN1 type before using it
Dr. Stephen Henson [Wed, 14 Apr 2010 00:30:32 +0000 (00:30 +0000)]
check ASN1 type before using it

9 years agoPR: 2230
Dr. Stephen Henson [Wed, 14 Apr 2010 00:17:55 +0000 (00:17 +0000)]
PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix various DTLS fragment reassembly bugs.

9 years agoPR: 2229
Dr. Stephen Henson [Wed, 14 Apr 2010 00:10:05 +0000 (00:10 +0000)]
PR: 2229
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Don't drop DTLS connection if mac or decryption failed.

9 years agoPR: 2228
Dr. Stephen Henson [Wed, 14 Apr 2010 00:03:27 +0000 (00:03 +0000)]
PR: 2228
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS buffer record MAC failure bug.

9 years agoaes-ppc.pl: 10% performance improvement on Power6.
Andy Polyakov [Sat, 10 Apr 2010 14:53:17 +0000 (14:53 +0000)]
aes-ppc.pl: 10% performance improvement on Power6.

9 years agoAESNI engine: update test_aesni.
Andy Polyakov [Sat, 10 Apr 2010 14:07:40 +0000 (14:07 +0000)]
AESNI engine: update test_aesni.

9 years agogcm128.c: commentary and formatting updates.
Andy Polyakov [Sat, 10 Apr 2010 14:02:26 +0000 (14:02 +0000)]
gcm128.c: commentary and formatting updates.

9 years agocts128.c: add support for NIST "Ciphertext Stealing" proposal.
Andy Polyakov [Sat, 10 Apr 2010 14:01:02 +0000 (14:01 +0000)]
cts128.c: add support for NIST "Ciphertext Stealing" proposal.

9 years agoAESNI engine: add counter mode.
Andy Polyakov [Sat, 10 Apr 2010 13:56:59 +0000 (13:56 +0000)]
AESNI engine: add counter mode.

9 years agoperlasm/x86*: add support to SSE>2 and pclmulqdq. x86_64-xlate.pl provides
Andy Polyakov [Sat, 10 Apr 2010 13:55:05 +0000 (13:55 +0000)]
perlasm/x86*: add support to SSE>2 and pclmulqdq. x86_64-xlate.pl provides
correct solution to problem addressed in committ #19244.

9 years agosha1-alpha.pl: addenum till commit #19547.
Andy Polyakov [Sat, 10 Apr 2010 13:51:20 +0000 (13:51 +0000)]
sha1-alpha.pl: addenum till commit #19547.

9 years agoctr129.c: fix typo, simplify ctr128_inc and fix "n=0" bug.
Andy Polyakov [Sat, 10 Apr 2010 13:46:53 +0000 (13:46 +0000)]
ctr129.c: fix typo, simplify ctr128_inc and fix "n=0" bug.

9 years agoAdd ghash-alpha.pl assembler module.
Andy Polyakov [Sat, 10 Apr 2010 13:44:20 +0000 (13:44 +0000)]
Add ghash-alpha.pl assembler module.

9 years agosha1-alpha.pl: engage it in build.
Andy Polyakov [Sat, 10 Apr 2010 13:43:26 +0000 (13:43 +0000)]
sha1-alpha.pl: engage it in build.

9 years agosparccpuid.S: some assembler is allergic to apostrophes in comments.
Andy Polyakov [Sat, 10 Apr 2010 13:36:34 +0000 (13:36 +0000)]
sparccpuid.S: some assembler is allergic to apostrophes in comments.

9 years agoalpha-mont.pl: comply with stack alignment requirements.
Andy Polyakov [Sat, 10 Apr 2010 13:33:04 +0000 (13:33 +0000)]
alpha-mont.pl: comply with stack alignment requirements.

9 years agomake GOST MAC work again
Dr. Stephen Henson [Thu, 8 Apr 2010 10:55:04 +0000 (10:55 +0000)]
make GOST MAC work again

9 years agoAdd SHA2 algorithms to SSL_library_init(). Although these aren't used
Dr. Stephen Henson [Wed, 7 Apr 2010 13:18:07 +0000 (13:18 +0000)]
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.

9 years agoRemove obsolete PRNG note. Add comment about use of SHA256 et al.
Dr. Stephen Henson [Tue, 6 Apr 2010 15:03:27 +0000 (15:03 +0000)]
Remove obsolete PRNG note. Add comment about use of SHA256 et al.

9 years agoPR: 2209
Dr. Stephen Henson [Tue, 6 Apr 2010 14:45:18 +0000 (14:45 +0000)]
PR: 2209
Submitted Daniel Mentz <danielml@sent.com>

Documentation typo.

9 years agoPR: 2218
Dr. Stephen Henson [Tue, 6 Apr 2010 12:45:04 +0000 (12:45 +0000)]
PR: 2218
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS replay bug.

9 years agoPR: 2219
Dr. Stephen Henson [Tue, 6 Apr 2010 12:40:19 +0000 (12:40 +0000)]
PR: 2219
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS buffering bug.

9 years agoPR: 2223
Dr. Stephen Henson [Tue, 6 Apr 2010 12:29:31 +0000 (12:29 +0000)]
PR: 2223
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS timeout bug

9 years agoPR: 2220
Dr. Stephen Henson [Tue, 6 Apr 2010 11:18:59 +0000 (11:18 +0000)]
PR: 2220

Fixes to make OpenSSL compile with no-rc4

9 years agofix FAQ (again)
Dr. Stephen Henson [Wed, 31 Mar 2010 11:50:30 +0000 (11:50 +0000)]
fix FAQ (again)

9 years agoupdate FAQ
Dr. Stephen Henson [Tue, 30 Mar 2010 16:43:51 +0000 (16:43 +0000)]
update FAQ

9 years agofix FAQ
Dr. Stephen Henson [Tue, 30 Mar 2010 16:36:59 +0000 (16:36 +0000)]
fix FAQ

9 years agoupdate FAQ
Dr. Stephen Henson [Tue, 30 Mar 2010 16:35:41 +0000 (16:35 +0000)]
update FAQ

9 years agoupdate FAQ
Dr. Stephen Henson [Tue, 30 Mar 2010 16:24:53 +0000 (16:24 +0000)]
update FAQ

9 years agoupdate HEAD FAQ
Dr. Stephen Henson [Tue, 30 Mar 2010 00:49:36 +0000 (00:49 +0000)]
update HEAD FAQ

9 years agocryptlib.c: allow application to override OPENSSL_isservice.
Andy Polyakov [Mon, 29 Mar 2010 10:06:01 +0000 (10:06 +0000)]
cryptlib.c: allow application to override OPENSSL_isservice.
PR: 2194

9 years agoARMv4 assembler: fix compilation failure. Fix is actually unconfirmed, but
Andy Polyakov [Mon, 29 Mar 2010 09:55:19 +0000 (09:55 +0000)]
ARMv4 assembler: fix compilation failure. Fix is actually unconfirmed, but
I can't think of any other cause for failure

9 years agodso_dlfcn.c: fix compile failure on Tru64.
Andy Polyakov [Mon, 29 Mar 2010 09:50:02 +0000 (09:50 +0000)]
dso_dlfcn.c: fix compile failure on Tru64.

9 years agoPR: 1696
Dr. Stephen Henson [Sun, 28 Mar 2010 00:42:38 +0000 (00:42 +0000)]
PR: 1696

Check return value if d2i_PBEPARAM().

9 years agoPR: 1763
Dr. Stephen Henson [Sat, 27 Mar 2010 23:28:09 +0000 (23:28 +0000)]
PR: 1763

Remove useless num = 0 assignment.

Remove redundant cases on sock_ctrl(): default case handles them.

9 years agosync ordinals with 1.0.0
Dr. Stephen Henson [Sat, 27 Mar 2010 19:32:11 +0000 (19:32 +0000)]
sync ordinals with 1.0.0

9 years agoPR: 1904
Dr. Stephen Henson [Sat, 27 Mar 2010 19:31:55 +0000 (19:31 +0000)]
PR: 1904
Submitted by: David Woodhouse <dwmw2@infradead.org>

Pass passphrase minimum length down to UI.

9 years agoPR: 1813
Dr. Stephen Henson [Sat, 27 Mar 2010 18:28:02 +0000 (18:28 +0000)]
PR: 1813
Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com>

Fix memory leak when engine name cannot be loaded.

9 years agoupdate FAQ
Dr. Stephen Henson [Thu, 25 Mar 2010 12:08:19 +0000 (12:08 +0000)]
update FAQ

9 years agoFix for "Record of death" vulnerability CVE-2010-0740.
Bodo Möller [Thu, 25 Mar 2010 11:25:30 +0000 (11:25 +0000)]
Fix for "Record of death" vulnerability CVE-2010-0740.

Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010),
and further harmonize this version of CHANGES with the versions in the current branches.

9 years agoinitialise buf if wrong_info not used
Dr. Stephen Henson [Wed, 24 Mar 2010 23:42:05 +0000 (23:42 +0000)]
initialise buf if wrong_info not used

9 years agoPR: 1731 and maybe 2197
Dr. Stephen Henson [Wed, 24 Mar 2010 23:17:15 +0000 (23:17 +0000)]
PR: 1731 and maybe 2197

Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.

9 years agorand_win.c: fix logical bug in readscreen.
Andy Polyakov [Mon, 22 Mar 2010 22:44:22 +0000 (22:44 +0000)]
rand_win.c: fix logical bug in readscreen.

9 years agobss_file.c: fix MSC 6.0 warning.
Andy Polyakov [Mon, 22 Mar 2010 22:38:56 +0000 (22:38 +0000)]
bss_file.c: fix MSC 6.0 warning.

9 years agoGHASH assembler: new ghash-sparcv9.pl module and saner descriptions.
Andy Polyakov [Mon, 22 Mar 2010 17:24:18 +0000 (17:24 +0000)]
GHASH assembler: new ghash-sparcv9.pl module and saner descriptions.

9 years agoe_capi.c: fix typo.
Andy Polyakov [Mon, 15 Mar 2010 22:28:48 +0000 (22:28 +0000)]
e_capi.c: fix typo.

9 years agoFix UPLINK typo.
Andy Polyakov [Mon, 15 Mar 2010 22:25:57 +0000 (22:25 +0000)]
Fix UPLINK typo.

9 years agoghash-ia64.pl: new file, GHASH for Itanium.
Andy Polyakov [Mon, 15 Mar 2010 19:07:52 +0000 (19:07 +0000)]
ghash-ia64.pl: new file, GHASH for Itanium.
ghash-x86_64.pl: minimize stack frame usage.
ghash-x86.pl: modulo-scheduling MMX loop in respect to input vector
results in up to 10% performance improvement.

9 years agoworkaround for missing definition in some headers
Dr. Stephen Henson [Mon, 15 Mar 2010 13:10:08 +0000 (13:10 +0000)]
workaround for missing definition in some headers

9 years agoprint signature parameters with CRLs too
Dr. Stephen Henson [Sun, 14 Mar 2010 13:10:48 +0000 (13:10 +0000)]
print signature parameters with CRLs too

9 years agofree up sigopts STACK
Dr. Stephen Henson [Sun, 14 Mar 2010 13:09:00 +0000 (13:09 +0000)]
free up sigopts STACK

9 years agoclear bogus errors in ca utility
Dr. Stephen Henson [Sun, 14 Mar 2010 13:07:48 +0000 (13:07 +0000)]
clear bogus errors in ca utility

9 years agoupdate CHANGES
Dr. Stephen Henson [Sun, 14 Mar 2010 12:55:15 +0000 (12:55 +0000)]
update CHANGES

9 years agoadd -sigopt option to ca utility
Dr. Stephen Henson [Sun, 14 Mar 2010 12:54:45 +0000 (12:54 +0000)]
add -sigopt option to ca utility

9 years agoadd X509_CRL_sign_ctx function
Dr. Stephen Henson [Sun, 14 Mar 2010 12:52:38 +0000 (12:52 +0000)]
add X509_CRL_sign_ctx function

9 years agonew sigopt and PSS support for req and x509 utilities
Dr. Stephen Henson [Fri, 12 Mar 2010 14:41:00 +0000 (14:41 +0000)]
new sigopt and PSS support for req and x509 utilities

9 years agoPR: 2192
Dr. Stephen Henson [Fri, 12 Mar 2010 12:48:32 +0000 (12:48 +0000)]
PR: 2192
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

The prompt_info and wrong_info parameters can be empty strings which
can produce confusing prompts. Treat empty string same as NULL.

9 years agomissing goto meant signature was never printed out
Dr. Stephen Henson [Fri, 12 Mar 2010 12:06:48 +0000 (12:06 +0000)]
missing goto meant signature was never printed out

9 years agoThis entry was in 0.9.8m changelog but missing from here, since it's
Mark J. Cox [Fri, 12 Mar 2010 08:36:44 +0000 (08:36 +0000)]
This entry was in 0.9.8m changelog but missing from here, since it's
security relevent we'd better list it.

9 years agoSubmitted by: Martin Kaiser
Dr. Stephen Henson [Thu, 11 Mar 2010 23:11:36 +0000 (23:11 +0000)]
Submitted by: Martin Kaiser

Reject PSS signatures with unsupported trailer value.

9 years agoalg2 can be NULL
Dr. Stephen Henson [Thu, 11 Mar 2010 19:27:03 +0000 (19:27 +0000)]
alg2 can be NULL

9 years agoAdd GHASH x86_64 assembler.
Andy Polyakov [Thu, 11 Mar 2010 16:19:46 +0000 (16:19 +0000)]
Add GHASH x86_64 assembler.

9 years agotypo
Dr. Stephen Henson [Thu, 11 Mar 2010 14:19:46 +0000 (14:19 +0000)]
typo

9 years agoRSA PSS ASN1 signing method
Dr. Stephen Henson [Thu, 11 Mar 2010 14:06:46 +0000 (14:06 +0000)]
RSA PSS ASN1 signing method

9 years agotypo
Dr. Stephen Henson [Thu, 11 Mar 2010 14:04:54 +0000 (14:04 +0000)]
typo

9 years agoctrl operations to retrieve RSA algorithm settings
Dr. Stephen Henson [Thu, 11 Mar 2010 13:55:18 +0000 (13:55 +0000)]
ctrl operations to retrieve RSA algorithm settings

9 years agoAdd support for new PSS functions in RSA EVP_PKEY_METHOD
Dr. Stephen Henson [Thu, 11 Mar 2010 13:45:42 +0000 (13:45 +0000)]
Add support for new PSS functions in RSA EVP_PKEY_METHOD

9 years agoExtend PSS padding code to support different digests for MGF1 and message.
Dr. Stephen Henson [Thu, 11 Mar 2010 13:40:42 +0000 (13:40 +0000)]
Extend PSS padding code to support different digests for MGF1 and message.

9 years agoAlgorithm specific ASN1 signing functions.
Dr. Stephen Henson [Thu, 11 Mar 2010 13:32:38 +0000 (13:32 +0000)]
Algorithm specific ASN1 signing functions.

9 years agoupdate cms code to use X509_ALGOR_set_md instead of internal function
Dr. Stephen Henson [Thu, 11 Mar 2010 13:29:39 +0000 (13:29 +0000)]
update cms code to use X509_ALGOR_set_md instead of internal function

9 years agoNew function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier)
Dr. Stephen Henson [Thu, 11 Mar 2010 13:27:05 +0000 (13:27 +0000)]
New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier)
from a digest algorithm.

9 years agodon't leave bogus errors in the queue
Dr. Stephen Henson [Wed, 10 Mar 2010 13:48:09 +0000 (13:48 +0000)]
don't leave bogus errors in the queue

9 years agoAdd GHASH x86 assembler.
Andy Polyakov [Tue, 9 Mar 2010 23:03:33 +0000 (23:03 +0000)]
Add GHASH x86 assembler.

9 years agoPR: 2188
Dr. Stephen Henson [Tue, 9 Mar 2010 17:24:33 +0000 (17:24 +0000)]
PR: 2188
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

Add "missing" functions to get and set prompt constructor.

9 years agoPR: 2186
Dr. Stephen Henson [Tue, 9 Mar 2010 17:08:48 +0000 (17:08 +0000)]
PR: 2186
Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch@tecsys.com>

Detect aix64-gcc

9 years agoreserve a few more bits for future cipher modes
Dr. Stephen Henson [Mon, 8 Mar 2010 23:48:21 +0000 (23:48 +0000)]
reserve a few more bits for future cipher modes

9 years agogcm128.c: add option for streamed GHASH, simple benchmark, minor naming
Andy Polyakov [Mon, 8 Mar 2010 22:44:37 +0000 (22:44 +0000)]
gcm128.c: add option for streamed GHASH, simple benchmark, minor naming
change.

9 years agoRSA PSS verification support including certificates and certificate
Dr. Stephen Henson [Mon, 8 Mar 2010 18:10:35 +0000 (18:10 +0000)]
RSA PSS verification support including certificates and certificate
requests. Add new ASN1 signature initialisation function to handle this
case.

9 years agocorrect error code
Dr. Stephen Henson [Mon, 8 Mar 2010 18:07:05 +0000 (18:07 +0000)]
correct error code

9 years agoprint outermost signature algorithm parameters too
Dr. Stephen Henson [Sun, 7 Mar 2010 17:02:47 +0000 (17:02 +0000)]
print outermost signature algorithm parameters too

9 years agooops
Dr. Stephen Henson [Sun, 7 Mar 2010 16:41:54 +0000 (16:41 +0000)]
oops

9 years agoThe OID sanity check was incorrect. It should only disallow *leading* 0x80
Dr. Stephen Henson [Sun, 7 Mar 2010 16:40:05 +0000 (16:40 +0000)]
The OID sanity check was incorrect. It should only disallow *leading* 0x80
values.