openssl.git
12 years agoUpdate dependencies.
Dr. Stephen Henson [Thu, 30 Nov 2006 13:41:47 +0000 (13:41 +0000)]
Update dependencies.

12 years agoWin32 fixes from stable branch.
Dr. Stephen Henson [Thu, 30 Nov 2006 13:39:34 +0000 (13:39 +0000)]
Win32 fixes from stable branch.

12 years agoreplace macros with functions
Nils Larsch [Wed, 29 Nov 2006 20:54:57 +0000 (20:54 +0000)]
replace macros with functions

Submitted by: Tracy Camp <tracyx.e.camp@intel.com>

12 years agofix support for receiving fragmented handshake messages
Bodo Möller [Wed, 29 Nov 2006 14:45:50 +0000 (14:45 +0000)]
fix support for receiving fragmented handshake messages

12 years agoClarify HAL SPARC64 support situation in sparcv9a-mont.pl.
Andy Polyakov [Tue, 28 Nov 2006 11:07:36 +0000 (11:07 +0000)]
Clarify HAL SPARC64 support situation in sparcv9a-mont.pl.

12 years agoMinor optimizations based on intruction level profiler feedback.
Andy Polyakov [Tue, 28 Nov 2006 10:34:51 +0000 (10:34 +0000)]
Minor optimizations based on intruction level profiler feedback.

12 years agoModulo-schedule loops in sparcv9a-mont.pl. Overall improvement factor
Andy Polyakov [Tue, 28 Nov 2006 07:24:26 +0000 (07:24 +0000)]
Modulo-schedule loops in sparcv9a-mont.pl. Overall improvement factor
over 0.9.8 is up to 3x on USI&II cores and up to 80% - on USIII&IV.

12 years agoThis is "informational" commit. Its mere purpose is to expose "modulo
Andy Polyakov [Tue, 28 Nov 2006 07:20:36 +0000 (07:20 +0000)]
This is "informational" commit. Its mere purpose is to expose "modulo
factor" in inner loops.

12 years agoNon-SSE2 path to bn_mul_mont. But it's disabled, because it currently
Andy Polyakov [Mon, 27 Nov 2006 14:59:35 +0000 (14:59 +0000)]
Non-SSE2 path to bn_mul_mont. But it's disabled, because it currently
doesn't give performance improvement.

12 years agoAdd RFC 3779 support.
Ben Laurie [Mon, 27 Nov 2006 14:18:05 +0000 (14:18 +0000)]
Add RFC 3779 support.

12 years agosha512-ppc.pl mutli-thread safety fix.
Andy Polyakov [Mon, 27 Nov 2006 13:11:15 +0000 (13:11 +0000)]
sha512-ppc.pl mutli-thread safety fix.

12 years agoregister the engine as default engine in ENGINE_set_default()
Nils Larsch [Fri, 24 Nov 2006 18:37:43 +0000 (18:37 +0000)]
register the engine as default engine in ENGINE_set_default()

PR: 1431

12 years agoAdd .cvsignore
Dr. Stephen Henson [Tue, 21 Nov 2006 21:37:41 +0000 (21:37 +0000)]
Add .cvsignore

12 years agoUpdate from 0.9.8 stable. Eliminate duplicate error codes.
Dr. Stephen Henson [Tue, 21 Nov 2006 21:29:44 +0000 (21:29 +0000)]
Update from 0.9.8 stable. Eliminate duplicate error codes.

12 years agowording (can't really call shared libs experimental after several years in the major...
Ulf Möller [Tue, 21 Nov 2006 20:51:25 +0000 (20:51 +0000)]
wording (can't really call shared libs experimental after several years in the major Linux distributions)

12 years agoUpdate ordinals.
Dr. Stephen Henson [Thu, 16 Nov 2006 00:56:01 +0000 (00:56 +0000)]
Update ordinals.

12 years agoRemove illegal IMPLEMENT macros from header file.
Dr. Stephen Henson [Thu, 16 Nov 2006 00:55:33 +0000 (00:55 +0000)]
Remove illegal IMPLEMENT macros from header file.

12 years agoRemove redundant PREDECLARE statement.
Dr. Stephen Henson [Thu, 16 Nov 2006 00:52:49 +0000 (00:52 +0000)]
Remove redundant PREDECLARE statement.

12 years agoInitial, incomplete support for typesafe macros without using function
Dr. Stephen Henson [Thu, 16 Nov 2006 00:19:39 +0000 (00:19 +0000)]
Initial, incomplete support for typesafe macros without using function
casts.

12 years agoDon't assume requestorName is present for signed requests. ASN1 OCSP module
Dr. Stephen Henson [Mon, 13 Nov 2006 13:21:47 +0000 (13:21 +0000)]
Don't assume requestorName is present for signed requests. ASN1 OCSP module
fix: certs field is OPTIONAL.

12 years agoOCSP library tidy. Use extension to encode OCSP extensions instead of doing
Dr. Stephen Henson [Mon, 13 Nov 2006 13:18:28 +0000 (13:18 +0000)]
OCSP library tidy. Use extension to encode OCSP extensions instead of doing
it manually. Make OCSP_CERTID_dup() a real function instead of a macro.

12 years agoFix various warnings.
Ben Laurie [Wed, 8 Nov 2006 09:45:12 +0000 (09:45 +0000)]
Fix various warnings.

12 years agoMake TSA tests use the noprompt mode of utilities rather than piping
Dr. Stephen Henson [Tue, 7 Nov 2006 16:21:16 +0000 (16:21 +0000)]
Make TSA tests use the noprompt mode of utilities rather than piping
the result into interative utilities.

12 years agoAvoid shadow warning.
Dr. Stephen Henson [Tue, 7 Nov 2006 16:20:14 +0000 (16:20 +0000)]
Avoid shadow warning.

12 years agoDon't add the TS EKU by default in openssl.cnf because it then
Dr. Stephen Henson [Tue, 7 Nov 2006 14:27:55 +0000 (14:27 +0000)]
Don't add the TS EKU by default in openssl.cnf because it then
makes certificates genereated by ca, CA.pl etc useless for anything else.

12 years agoTypo.
Dr. Stephen Henson [Tue, 7 Nov 2006 13:46:37 +0000 (13:46 +0000)]
Typo.

12 years agoFix link for ASN1_generate_nconf
Dr. Stephen Henson [Tue, 7 Nov 2006 13:44:03 +0000 (13:44 +0000)]
Fix link for ASN1_generate_nconf

12 years agoTypo.
Dr. Stephen Henson [Tue, 7 Nov 2006 13:17:02 +0000 (13:17 +0000)]
Typo.

12 years agoAdd v3 ref to see also sections.
Dr. Stephen Henson [Tue, 7 Nov 2006 13:13:14 +0000 (13:13 +0000)]
Add v3 ref to see also sections.

12 years agoAdd documentetion for noCheck extension and add a few cross references to
Dr. Stephen Henson [Tue, 7 Nov 2006 12:51:27 +0000 (12:51 +0000)]
Add documentetion for noCheck extension and add a few cross references to
the extension documentation.

12 years agofix warning
Nils Larsch [Mon, 6 Nov 2006 20:10:44 +0000 (20:10 +0000)]
fix warning

12 years agoremove SSLEAY_MACROS code
Nils Larsch [Mon, 6 Nov 2006 19:53:39 +0000 (19:53 +0000)]
remove SSLEAY_MACROS code

12 years agoupdate md docs
Nils Larsch [Fri, 27 Oct 2006 21:58:09 +0000 (21:58 +0000)]
update md docs

12 years agofix OPENSSL_NO_foo defines
Nils Larsch [Fri, 27 Oct 2006 21:25:53 +0000 (21:25 +0000)]
fix OPENSSL_NO_foo defines

12 years agoInitialize old_priv_encode, old_priv_decode.
Dr. Stephen Henson [Fri, 27 Oct 2006 11:43:27 +0000 (11:43 +0000)]
Initialize old_priv_encode, old_priv_decode.

12 years agoMinor portability update to c_rehash.
Andy Polyakov [Thu, 26 Oct 2006 10:52:12 +0000 (10:52 +0000)]
Minor portability update to c_rehash.

12 years agoFurther mingw build procedure updates.
Andy Polyakov [Tue, 24 Oct 2006 22:14:20 +0000 (22:14 +0000)]
Further mingw build procedure updates.

12 years agoHarmonize dll naming in mingw builds.
Andy Polyakov [Mon, 23 Oct 2006 11:54:18 +0000 (11:54 +0000)]
Harmonize dll naming in mingw builds.

12 years agoYet another mingw warning.
Andy Polyakov [Mon, 23 Oct 2006 07:45:52 +0000 (07:45 +0000)]
Yet another mingw warning.

12 years agoOPENSSL_ia32cap.pod update.
Andy Polyakov [Mon, 23 Oct 2006 07:44:51 +0000 (07:44 +0000)]
OPENSSL_ia32cap.pod update.

12 years agoFix mingw warnings.
Andy Polyakov [Mon, 23 Oct 2006 07:41:05 +0000 (07:41 +0000)]
Fix mingw warnings.

12 years agoSwitch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even
Andy Polyakov [Mon, 23 Oct 2006 07:38:30 +0000 (07:38 +0000)]
Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even
recent mingw modifications.

12 years agoAllow for mingw cross-compile configuration.
Andy Polyakov [Mon, 23 Oct 2006 07:30:19 +0000 (07:30 +0000)]
Allow for mingw cross-compile configuration.

12 years agoMake c_rehash more platform neutral and make it work in mixed environment,
Andy Polyakov [Sat, 21 Oct 2006 16:28:03 +0000 (16:28 +0000)]
Make c_rehash more platform neutral and make it work in mixed environment,
such as MSYS with "native" Win32 perl.

12 years agoRudimentary support for cross-compiling.
Andy Polyakov [Sat, 21 Oct 2006 13:38:16 +0000 (13:38 +0000)]
Rudimentary support for cross-compiling.

12 years agoAlign data payload for better performance.
Andy Polyakov [Fri, 20 Oct 2006 11:26:00 +0000 (11:26 +0000)]
Align data payload for better performance.

12 years agoAvoid application relink on every make invocation.
Andy Polyakov [Fri, 20 Oct 2006 11:23:35 +0000 (11:23 +0000)]
Avoid application relink on every make invocation.

12 years agoGcc over-optimizes PadLock AES CFB codepath, tell it not to.
Andy Polyakov [Thu, 19 Oct 2006 20:55:05 +0000 (20:55 +0000)]
Gcc over-optimizes PadLock AES CFB codepath, tell it not to.

12 years agoTemporary fix for sha256 IA64 assembler.
Andy Polyakov [Wed, 18 Oct 2006 09:42:56 +0000 (09:42 +0000)]
Temporary fix for sha256 IA64 assembler.

12 years agoFix bug in big-endian path and optimize it for size.
Andy Polyakov [Wed, 18 Oct 2006 08:15:16 +0000 (08:15 +0000)]
Fix bug in big-endian path and optimize it for size.

12 years agoTypo in perlasm/x86asm.pl.
Andy Polyakov [Tue, 17 Oct 2006 16:21:28 +0000 (16:21 +0000)]
Typo in perlasm/x86asm.pl.

12 years agoFurther synchronizations with md32_common.h update, consistent naming
Andy Polyakov [Tue, 17 Oct 2006 16:13:18 +0000 (16:13 +0000)]
Further synchronizations with md32_common.h update, consistent naming
for low-level SHA block routines.

12 years agobn/asm/ppc.pl to use ppc-xlate.pl.
Andy Polyakov [Tue, 17 Oct 2006 14:37:07 +0000 (14:37 +0000)]
bn/asm/ppc.pl to use ppc-xlate.pl.

12 years agoFurther synchronizations with md32_common.h update.
Andy Polyakov [Tue, 17 Oct 2006 13:38:10 +0000 (13:38 +0000)]
Further synchronizations with md32_common.h update.

12 years agoVIA-specific Montgomery multiplication routine.
Andy Polyakov [Tue, 17 Oct 2006 07:04:48 +0000 (07:04 +0000)]
VIA-specific Montgomery multiplication routine.

12 years agoSynchronize SHA1 assembler with md32_common.h update.
Andy Polyakov [Tue, 17 Oct 2006 07:00:23 +0000 (07:00 +0000)]
Synchronize SHA1 assembler with md32_common.h update.

12 years agoSupport for .asciz directive in perlasm modules.
Andy Polyakov [Tue, 17 Oct 2006 06:43:11 +0000 (06:43 +0000)]
Support for .asciz directive in perlasm modules.

12 years agoLinking errors on IA64 and typo in aes-ia64.S.
Andy Polyakov [Tue, 17 Oct 2006 06:41:27 +0000 (06:41 +0000)]
Linking errors on IA64 and typo in aes-ia64.S.

12 years agoRe-implement md32_common.h [make it simpler!] and eliminate code rendered
Andy Polyakov [Wed, 11 Oct 2006 11:55:11 +0000 (11:55 +0000)]
Re-implement md32_common.h [make it simpler!] and eliminate code rendered
redundant as result.

12 years agoTypo.
Dr. Stephen Henson [Thu, 5 Oct 2006 21:59:50 +0000 (21:59 +0000)]
Typo.

12 years agoreturn an error if the supplied precomputed values lead to an invalid signature
Nils Larsch [Wed, 4 Oct 2006 19:37:17 +0000 (19:37 +0000)]
return an error if the supplied precomputed values lead to an invalid signature

12 years agoASN1_item_verify needs to initialize ctx before any "goto err" can
Bodo Möller [Wed, 4 Oct 2006 06:14:36 +0000 (06:14 +0000)]
ASN1_item_verify needs to initialize ctx before any "goto err" can
happen; the new code for the OID cross reference table failed to do so.

12 years agoPlace standard CRL behaviour in default X509_CRL_METHOD new functions to
Dr. Stephen Henson [Tue, 3 Oct 2006 02:47:59 +0000 (02:47 +0000)]
Place standard CRL behaviour in default X509_CRL_METHOD new functions to
create, free and set default CRL method.

12 years agoInitialise ctx to NULL to avoid uninitialized free, noticed by
Mark J. Cox [Fri, 29 Sep 2006 08:21:41 +0000 (08:21 +0000)]
Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan

12 years agoAll 0.9.8d patches have been applied to HEAD now, so we no longer need
Bodo Möller [Thu, 28 Sep 2006 13:50:41 +0000 (13:50 +0000)]
All 0.9.8d patches have been applied to HEAD now, so we no longer need
the redundant entries under the 0.9.9 heading.

12 years agoIntroduce limits to prevent malicious keys being able to
Bodo Möller [Thu, 28 Sep 2006 13:45:34 +0000 (13:45 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

12 years agoinclude 0.9.8d and 0.9.7l information
Bodo Möller [Thu, 28 Sep 2006 13:35:01 +0000 (13:35 +0000)]
include 0.9.8d and 0.9.7l information

12 years agoFix ASN.1 parsing of certain invalid structures that can result
Mark J. Cox [Thu, 28 Sep 2006 13:20:44 +0000 (13:20 +0000)]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

12 years agoFix buffer overflow in SSL_get_shared_ciphers() function.
Mark J. Cox [Thu, 28 Sep 2006 13:18:43 +0000 (13:18 +0000)]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

12 years agoFixes for the following claims:
Richard Levitte [Thu, 28 Sep 2006 12:22:58 +0000 (12:22 +0000)]
Fixes for the following claims:

  1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336

12 years agoInitialize new callbacks and make sure hent is always initialized.
Dr. Stephen Henson [Tue, 26 Sep 2006 13:25:19 +0000 (13:25 +0000)]
Initialize new callbacks and make sure hent is always initialized.

12 years agoComplete the change for VMS.
Richard Levitte [Mon, 25 Sep 2006 08:35:35 +0000 (08:35 +0000)]
Complete the change for VMS.

12 years agoSubmitted by: Brad Spencer <spencer@jacknife.org>
Dr. Stephen Henson [Sat, 23 Sep 2006 17:29:49 +0000 (17:29 +0000)]
Submitted by: Brad Spencer <spencer@jacknife.org>
Reviewed by: steve

12 years agoBuffer size handling fix for enc.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:14:22 +0000 (17:14 +0000)]
Buffer size handling fix for enc.

PR:1374

12 years agoUsing correct lock for X509_REQ.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:06:09 +0000 (17:06 +0000)]
Using correct lock for X509_REQ.

PR:1348

13 years agoUpdate length if copying MSB set in asn1_string_canon().
Dr. Stephen Henson [Fri, 22 Sep 2006 13:37:15 +0000 (13:37 +0000)]
Update length if copying MSB set in asn1_string_canon().

13 years agoUpdated file.
Dr. Stephen Henson [Thu, 21 Sep 2006 16:19:10 +0000 (16:19 +0000)]
Updated file.

13 years agoAdd missing prototype. Fix various warnings (C++ comments, ; outside function).
Dr. Stephen Henson [Thu, 21 Sep 2006 13:24:46 +0000 (13:24 +0000)]
Add missing prototype. Fix various warnings (C++ comments, ; outside function).

13 years agoMake int_rsa_sign function match prototype.
Dr. Stephen Henson [Thu, 21 Sep 2006 13:11:24 +0000 (13:11 +0000)]
Make int_rsa_sign function match prototype.

PR: 1383

13 years agoCompile in gost engine.
Dr. Stephen Henson [Thu, 21 Sep 2006 13:07:57 +0000 (13:07 +0000)]
Compile in gost engine.

13 years agoUpdated version of gost engine.
Dr. Stephen Henson [Thu, 21 Sep 2006 13:04:43 +0000 (13:04 +0000)]
Updated version of gost engine.

13 years agoDo CRL method init after other operations.
Dr. Stephen Henson [Thu, 21 Sep 2006 12:48:56 +0000 (12:48 +0000)]
Do CRL method init after other operations.

13 years agoTidy up CRL handling by checking for critical extensions when it is
Dr. Stephen Henson [Thu, 21 Sep 2006 12:42:15 +0000 (12:42 +0000)]
Tidy up CRL handling by checking for critical extensions when it is
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.

Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.

13 years agoBuild error on non-unix.
Andy Polyakov [Mon, 18 Sep 2006 19:50:54 +0000 (19:50 +0000)]
Build error on non-unix.
PR: 1390

13 years agoRace condition in ms/uplink.c.
Andy Polyakov [Mon, 18 Sep 2006 19:41:37 +0000 (19:41 +0000)]
Race condition in ms/uplink.c.
PR: 1382

13 years agoAs x86ms.pl is out, remove do_masm.bat and mention to it in INSTALL.W32.
Andy Polyakov [Mon, 18 Sep 2006 19:20:43 +0000 (19:20 +0000)]
As x86ms.pl is out, remove do_masm.bat and mention to it in INSTALL.W32.

13 years agoRemove x86ms.pl and reimplement x86*.pl.
Andy Polyakov [Mon, 18 Sep 2006 19:17:09 +0000 (19:17 +0000)]
Remove x86ms.pl and reimplement x86*.pl.

13 years agoImprove 386 portability of aes-586.pl.
Andy Polyakov [Mon, 18 Sep 2006 19:13:15 +0000 (19:13 +0000)]
Improve 386 portability of aes-586.pl.

13 years agoEnsure that the addition mods[i]+delta cannot overflow in probable_prime().
Bodo Möller [Mon, 18 Sep 2006 14:00:49 +0000 (14:00 +0000)]
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().

[Problem pointed out by Adam Young <adamy (at) acm.org>]

13 years agoOverhaul of by_dir code to handle dynamic loading of CRLs.
Dr. Stephen Henson [Sun, 17 Sep 2006 17:16:28 +0000 (17:16 +0000)]
Overhaul of by_dir code to handle dynamic loading of CRLs.

13 years agoGOST public key algorithm ENGINE donated to the OpenSSL by Cryptocom.
Dr. Stephen Henson [Sun, 17 Sep 2006 13:00:18 +0000 (13:00 +0000)]
GOST public key algorithm ENGINE donated to the OpenSSL by Cryptocom.

Very early version, doesn't do much yet, not even added to the build system.

13 years agoSupport for AKID in CRLs and partial support for IDP. Overhaul of CRL
Dr. Stephen Henson [Thu, 14 Sep 2006 17:25:02 +0000 (17:25 +0000)]
Support for AKID in CRLs and partial support for IDP. Overhaul of CRL
handling to support this.

13 years agoUpdate docs.
Dr. Stephen Henson [Wed, 13 Sep 2006 03:28:42 +0000 (03:28 +0000)]
Update docs.

13 years agoUpdate
Bodo Möller [Tue, 12 Sep 2006 14:42:19 +0000 (14:42 +0000)]
Update

13 years agoFixes for new CRL/cert callbacks. Update CRL processing code to use new
Dr. Stephen Henson [Mon, 11 Sep 2006 13:00:52 +0000 (13:00 +0000)]
Fixes for new CRL/cert callbacks. Update CRL processing code to use new
callbacks.

13 years agoensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
Bodo Möller [Mon, 11 Sep 2006 09:49:03 +0000 (09:49 +0000)]
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
ciphersuite as well

13 years agoAdd verify callback functions to lookup a STACK of matching certs or CRLs
Dr. Stephen Henson [Sun, 10 Sep 2006 12:38:37 +0000 (12:38 +0000)]
Add verify callback functions to lookup a STACK of matching certs or CRLs
based on subject name.

New thread safe functions to retrieve matching STACK from X509_STORE.

Cache some IDP components.

13 years agoMake sure the int_rsa_verify() prototype matches the implementation
Bodo Möller [Fri, 8 Sep 2006 06:00:40 +0000 (06:00 +0000)]
Make sure the int_rsa_verify() prototype matches the implementation
(m_len currently is 'unsigned int', not 'size_t')

Submitted by: Gisle Vanem

13 years agoAdditional detail.
Dr. Stephen Henson [Wed, 6 Sep 2006 11:59:04 +0000 (11:59 +0000)]
Additional detail.

13 years agoupdate information on "current version" ...
Bodo Möller [Wed, 6 Sep 2006 11:54:19 +0000 (11:54 +0000)]
update information on "current version" ...