oweals/openssl.git
17 years agoadd support for ecdsa-with-sha256 etc.
Nils Larsch [Wed, 20 Dec 2006 08:58:54 +0000 (08:58 +0000)]
add support for ecdsa-with-sha256 etc.

17 years agoremove trailing '\'
Nils Larsch [Tue, 19 Dec 2006 19:49:02 +0000 (19:49 +0000)]
remove trailing '\'

PR: 1438

17 years agoFix the BIT STRING encoding of EC points or parameter seeds
Bodo Möller [Tue, 19 Dec 2006 15:11:37 +0000 (15:11 +0000)]
Fix the BIT STRING encoding of EC points or parameter seeds
(need to prevent the removal of trailing zero bits).

17 years agofix order
Nils Larsch [Mon, 18 Dec 2006 22:20:27 +0000 (22:20 +0000)]
fix order

17 years agoproperly initialize SSL context, check return value
Nils Larsch [Wed, 13 Dec 2006 22:06:37 +0000 (22:06 +0000)]
properly initialize SSL context, check return value

17 years agouse const ASN1_TIME *
Nils Larsch [Mon, 11 Dec 2006 22:35:51 +0000 (22:35 +0000)]
use const ASN1_TIME *

17 years agoEliminate 64-bit alignment limitation in sparcv9a-mont.
Andy Polyakov [Fri, 8 Dec 2006 15:18:41 +0000 (15:18 +0000)]
Eliminate 64-bit alignment limitation in sparcv9a-mont.

17 years agoEngage alpha-mont module. Actually verified on Tru64 only.
Andy Polyakov [Fri, 8 Dec 2006 14:42:19 +0000 (14:42 +0000)]
Engage alpha-mont module. Actually verified on Tru64 only.

17 years agoalpha-mont.pl: gcc portability fix and make-rule.
Andy Polyakov [Fri, 8 Dec 2006 14:18:58 +0000 (14:18 +0000)]
alpha-mont.pl: gcc portability fix and make-rule.

17 years agoMinor, +10%, tune-up for x86_64-mont.pl.
Andy Polyakov [Fri, 8 Dec 2006 10:13:51 +0000 (10:13 +0000)]
Minor, +10%, tune-up for x86_64-mont.pl.

17 years agoMontgomery multiplication routine for Alpha.
Andy Polyakov [Fri, 8 Dec 2006 10:12:56 +0000 (10:12 +0000)]
Montgomery multiplication routine for Alpha.

17 years agoUpdate from 0.9.7-stable branch.
Dr. Stephen Henson [Thu, 7 Dec 2006 13:29:08 +0000 (13:29 +0000)]
Update from 0.9.7-stable branch.

17 years agoSync OID NIDs with OpenSSL 0.9.8.
Dr. Stephen Henson [Wed, 6 Dec 2006 13:44:21 +0000 (13:44 +0000)]
Sync OID NIDs with OpenSSL 0.9.8.

17 years agoFix change to OPENSSL_NO_RFC3779
Dr. Stephen Henson [Wed, 6 Dec 2006 13:36:48 +0000 (13:36 +0000)]
Fix change to OPENSSL_NO_RFC3779

17 years agofix documentation
Nils Larsch [Wed, 6 Dec 2006 09:10:59 +0000 (09:10 +0000)]
fix documentation

PR: 1343

17 years agoavoid duplicate entries in add_cert_dir()
Nils Larsch [Tue, 5 Dec 2006 21:21:37 +0000 (21:21 +0000)]
avoid duplicate entries in add_cert_dir()

PR: 1407
Submitted by: Tomas Mraz <tmraz@redhat.com>

17 years agoreturn 0 if 'noout' is used and no error has occurred
Nils Larsch [Tue, 5 Dec 2006 20:09:25 +0000 (20:09 +0000)]
return 0 if 'noout' is used and no error has occurred

PR: 1435
Submitted by: "Haridharan" <haridharan@gmail.com>

17 years agoallocate a new attributes entry in X509_REQ_add_extensions()
Nils Larsch [Mon, 4 Dec 2006 19:11:57 +0000 (19:11 +0000)]
allocate a new attributes entry in X509_REQ_add_extensions()
if it's NULL (in case of a malformed pkcs10 request)

PR: 1347
Submitted by: Remo Inverardi <invi@your.toilet.ch>

17 years agoadd "Certificate Issuer" and "Subject Directory Attributes" OIDs
Nils Larsch [Mon, 4 Dec 2006 18:51:06 +0000 (18:51 +0000)]
add "Certificate Issuer" and "Subject Directory Attributes" OIDs

PR: 1433

17 years agoEliminate redundant variable in Camellia CBC routine.
Andy Polyakov [Sat, 2 Dec 2006 11:52:50 +0000 (11:52 +0000)]
Eliminate redundant variable in Camellia CBC routine.

17 years agoImprove Camellia code readability.
Andy Polyakov [Sat, 2 Dec 2006 11:12:13 +0000 (11:12 +0000)]
Improve Camellia code readability.

17 years agoFix bugs in Camellia CBC routine.
Andy Polyakov [Sat, 2 Dec 2006 10:56:45 +0000 (10:56 +0000)]
Fix bugs in Camellia CBC routine.

17 years agoCamellia portability fixes.
Andy Polyakov [Sat, 2 Dec 2006 10:38:40 +0000 (10:38 +0000)]
Camellia portability fixes.

Submitted by: Masashi Fujita, NTT

17 years agoadd support for whirlpool in apps/speed
Nils Larsch [Fri, 1 Dec 2006 21:42:55 +0000 (21:42 +0000)]
add support for whirlpool in apps/speed

PR: 1338
Submitted by: justin@soze.net

17 years agoFix default dependency flags.
Dr. Stephen Henson [Thu, 30 Nov 2006 13:55:30 +0000 (13:55 +0000)]
Fix default dependency flags.

17 years agoImport ordinals from 0.9.8 and update.
Dr. Stephen Henson [Thu, 30 Nov 2006 13:47:22 +0000 (13:47 +0000)]
Import ordinals from 0.9.8 and update.

17 years agoUpdate dependencies.
Dr. Stephen Henson [Thu, 30 Nov 2006 13:41:47 +0000 (13:41 +0000)]
Update dependencies.

17 years agoWin32 fixes from stable branch.
Dr. Stephen Henson [Thu, 30 Nov 2006 13:39:34 +0000 (13:39 +0000)]
Win32 fixes from stable branch.

18 years agoreplace macros with functions
Nils Larsch [Wed, 29 Nov 2006 20:54:57 +0000 (20:54 +0000)]
replace macros with functions

Submitted by: Tracy Camp <tracyx.e.camp@intel.com>

18 years agofix support for receiving fragmented handshake messages
Bodo Möller [Wed, 29 Nov 2006 14:45:50 +0000 (14:45 +0000)]
fix support for receiving fragmented handshake messages

18 years agoClarify HAL SPARC64 support situation in sparcv9a-mont.pl.
Andy Polyakov [Tue, 28 Nov 2006 11:07:36 +0000 (11:07 +0000)]
Clarify HAL SPARC64 support situation in sparcv9a-mont.pl.

18 years agoMinor optimizations based on intruction level profiler feedback.
Andy Polyakov [Tue, 28 Nov 2006 10:34:51 +0000 (10:34 +0000)]
Minor optimizations based on intruction level profiler feedback.

18 years agoModulo-schedule loops in sparcv9a-mont.pl. Overall improvement factor
Andy Polyakov [Tue, 28 Nov 2006 07:24:26 +0000 (07:24 +0000)]
Modulo-schedule loops in sparcv9a-mont.pl. Overall improvement factor
over 0.9.8 is up to 3x on USI&II cores and up to 80% - on USIII&IV.

18 years agoThis is "informational" commit. Its mere purpose is to expose "modulo
Andy Polyakov [Tue, 28 Nov 2006 07:20:36 +0000 (07:20 +0000)]
This is "informational" commit. Its mere purpose is to expose "modulo
factor" in inner loops.

18 years agoNon-SSE2 path to bn_mul_mont. But it's disabled, because it currently
Andy Polyakov [Mon, 27 Nov 2006 14:59:35 +0000 (14:59 +0000)]
Non-SSE2 path to bn_mul_mont. But it's disabled, because it currently
doesn't give performance improvement.

18 years agoAdd RFC 3779 support.
Ben Laurie [Mon, 27 Nov 2006 14:18:05 +0000 (14:18 +0000)]
Add RFC 3779 support.

18 years agosha512-ppc.pl mutli-thread safety fix.
Andy Polyakov [Mon, 27 Nov 2006 13:11:15 +0000 (13:11 +0000)]
sha512-ppc.pl mutli-thread safety fix.

18 years agoregister the engine as default engine in ENGINE_set_default()
Nils Larsch [Fri, 24 Nov 2006 18:37:43 +0000 (18:37 +0000)]
register the engine as default engine in ENGINE_set_default()

PR: 1431

18 years agoAdd .cvsignore
Dr. Stephen Henson [Tue, 21 Nov 2006 21:37:41 +0000 (21:37 +0000)]
Add .cvsignore

18 years agoUpdate from 0.9.8 stable. Eliminate duplicate error codes.
Dr. Stephen Henson [Tue, 21 Nov 2006 21:29:44 +0000 (21:29 +0000)]
Update from 0.9.8 stable. Eliminate duplicate error codes.

18 years agowording (can't really call shared libs experimental after several years in the major...
Ulf Möller [Tue, 21 Nov 2006 20:51:25 +0000 (20:51 +0000)]
wording (can't really call shared libs experimental after several years in the major Linux distributions)

18 years agoUpdate ordinals.
Dr. Stephen Henson [Thu, 16 Nov 2006 00:56:01 +0000 (00:56 +0000)]
Update ordinals.

18 years agoRemove illegal IMPLEMENT macros from header file.
Dr. Stephen Henson [Thu, 16 Nov 2006 00:55:33 +0000 (00:55 +0000)]
Remove illegal IMPLEMENT macros from header file.

18 years agoRemove redundant PREDECLARE statement.
Dr. Stephen Henson [Thu, 16 Nov 2006 00:52:49 +0000 (00:52 +0000)]
Remove redundant PREDECLARE statement.

18 years agoInitial, incomplete support for typesafe macros without using function
Dr. Stephen Henson [Thu, 16 Nov 2006 00:19:39 +0000 (00:19 +0000)]
Initial, incomplete support for typesafe macros without using function
casts.

18 years agoDon't assume requestorName is present for signed requests. ASN1 OCSP module
Dr. Stephen Henson [Mon, 13 Nov 2006 13:21:47 +0000 (13:21 +0000)]
Don't assume requestorName is present for signed requests. ASN1 OCSP module
fix: certs field is OPTIONAL.

18 years agoOCSP library tidy. Use extension to encode OCSP extensions instead of doing
Dr. Stephen Henson [Mon, 13 Nov 2006 13:18:28 +0000 (13:18 +0000)]
OCSP library tidy. Use extension to encode OCSP extensions instead of doing
it manually. Make OCSP_CERTID_dup() a real function instead of a macro.

18 years agoFix various warnings.
Ben Laurie [Wed, 8 Nov 2006 09:45:12 +0000 (09:45 +0000)]
Fix various warnings.

18 years agoMake TSA tests use the noprompt mode of utilities rather than piping
Dr. Stephen Henson [Tue, 7 Nov 2006 16:21:16 +0000 (16:21 +0000)]
Make TSA tests use the noprompt mode of utilities rather than piping
the result into interative utilities.

18 years agoAvoid shadow warning.
Dr. Stephen Henson [Tue, 7 Nov 2006 16:20:14 +0000 (16:20 +0000)]
Avoid shadow warning.

18 years agoDon't add the TS EKU by default in openssl.cnf because it then
Dr. Stephen Henson [Tue, 7 Nov 2006 14:27:55 +0000 (14:27 +0000)]
Don't add the TS EKU by default in openssl.cnf because it then
makes certificates genereated by ca, CA.pl etc useless for anything else.

18 years agoTypo.
Dr. Stephen Henson [Tue, 7 Nov 2006 13:46:37 +0000 (13:46 +0000)]
Typo.

18 years agoFix link for ASN1_generate_nconf
Dr. Stephen Henson [Tue, 7 Nov 2006 13:44:03 +0000 (13:44 +0000)]
Fix link for ASN1_generate_nconf

18 years agoTypo.
Dr. Stephen Henson [Tue, 7 Nov 2006 13:17:02 +0000 (13:17 +0000)]
Typo.

18 years agoAdd v3 ref to see also sections.
Dr. Stephen Henson [Tue, 7 Nov 2006 13:13:14 +0000 (13:13 +0000)]
Add v3 ref to see also sections.

18 years agoAdd documentetion for noCheck extension and add a few cross references to
Dr. Stephen Henson [Tue, 7 Nov 2006 12:51:27 +0000 (12:51 +0000)]
Add documentetion for noCheck extension and add a few cross references to
the extension documentation.

18 years agofix warning
Nils Larsch [Mon, 6 Nov 2006 20:10:44 +0000 (20:10 +0000)]
fix warning

18 years agoremove SSLEAY_MACROS code
Nils Larsch [Mon, 6 Nov 2006 19:53:39 +0000 (19:53 +0000)]
remove SSLEAY_MACROS code

18 years agoupdate md docs
Nils Larsch [Fri, 27 Oct 2006 21:58:09 +0000 (21:58 +0000)]
update md docs

18 years agofix OPENSSL_NO_foo defines
Nils Larsch [Fri, 27 Oct 2006 21:25:53 +0000 (21:25 +0000)]
fix OPENSSL_NO_foo defines

18 years agoInitialize old_priv_encode, old_priv_decode.
Dr. Stephen Henson [Fri, 27 Oct 2006 11:43:27 +0000 (11:43 +0000)]
Initialize old_priv_encode, old_priv_decode.

18 years agoMinor portability update to c_rehash.
Andy Polyakov [Thu, 26 Oct 2006 10:52:12 +0000 (10:52 +0000)]
Minor portability update to c_rehash.

18 years agoFurther mingw build procedure updates.
Andy Polyakov [Tue, 24 Oct 2006 22:14:20 +0000 (22:14 +0000)]
Further mingw build procedure updates.

18 years agoHarmonize dll naming in mingw builds.
Andy Polyakov [Mon, 23 Oct 2006 11:54:18 +0000 (11:54 +0000)]
Harmonize dll naming in mingw builds.

18 years agoYet another mingw warning.
Andy Polyakov [Mon, 23 Oct 2006 07:45:52 +0000 (07:45 +0000)]
Yet another mingw warning.

18 years agoOPENSSL_ia32cap.pod update.
Andy Polyakov [Mon, 23 Oct 2006 07:44:51 +0000 (07:44 +0000)]
OPENSSL_ia32cap.pod update.

18 years agoFix mingw warnings.
Andy Polyakov [Mon, 23 Oct 2006 07:41:05 +0000 (07:41 +0000)]
Fix mingw warnings.

18 years agoSwitch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even
Andy Polyakov [Mon, 23 Oct 2006 07:38:30 +0000 (07:38 +0000)]
Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even
recent mingw modifications.

18 years agoAllow for mingw cross-compile configuration.
Andy Polyakov [Mon, 23 Oct 2006 07:30:19 +0000 (07:30 +0000)]
Allow for mingw cross-compile configuration.

18 years agoMake c_rehash more platform neutral and make it work in mixed environment,
Andy Polyakov [Sat, 21 Oct 2006 16:28:03 +0000 (16:28 +0000)]
Make c_rehash more platform neutral and make it work in mixed environment,
such as MSYS with "native" Win32 perl.

18 years agoRudimentary support for cross-compiling.
Andy Polyakov [Sat, 21 Oct 2006 13:38:16 +0000 (13:38 +0000)]
Rudimentary support for cross-compiling.

18 years agoAlign data payload for better performance.
Andy Polyakov [Fri, 20 Oct 2006 11:26:00 +0000 (11:26 +0000)]
Align data payload for better performance.

18 years agoAvoid application relink on every make invocation.
Andy Polyakov [Fri, 20 Oct 2006 11:23:35 +0000 (11:23 +0000)]
Avoid application relink on every make invocation.

18 years agoGcc over-optimizes PadLock AES CFB codepath, tell it not to.
Andy Polyakov [Thu, 19 Oct 2006 20:55:05 +0000 (20:55 +0000)]
Gcc over-optimizes PadLock AES CFB codepath, tell it not to.

18 years agoTemporary fix for sha256 IA64 assembler.
Andy Polyakov [Wed, 18 Oct 2006 09:42:56 +0000 (09:42 +0000)]
Temporary fix for sha256 IA64 assembler.

18 years agoFix bug in big-endian path and optimize it for size.
Andy Polyakov [Wed, 18 Oct 2006 08:15:16 +0000 (08:15 +0000)]
Fix bug in big-endian path and optimize it for size.

18 years agoTypo in perlasm/x86asm.pl.
Andy Polyakov [Tue, 17 Oct 2006 16:21:28 +0000 (16:21 +0000)]
Typo in perlasm/x86asm.pl.

18 years agoFurther synchronizations with md32_common.h update, consistent naming
Andy Polyakov [Tue, 17 Oct 2006 16:13:18 +0000 (16:13 +0000)]
Further synchronizations with md32_common.h update, consistent naming
for low-level SHA block routines.

18 years agobn/asm/ppc.pl to use ppc-xlate.pl.
Andy Polyakov [Tue, 17 Oct 2006 14:37:07 +0000 (14:37 +0000)]
bn/asm/ppc.pl to use ppc-xlate.pl.

18 years agoFurther synchronizations with md32_common.h update.
Andy Polyakov [Tue, 17 Oct 2006 13:38:10 +0000 (13:38 +0000)]
Further synchronizations with md32_common.h update.

18 years agoVIA-specific Montgomery multiplication routine.
Andy Polyakov [Tue, 17 Oct 2006 07:04:48 +0000 (07:04 +0000)]
VIA-specific Montgomery multiplication routine.

18 years agoSynchronize SHA1 assembler with md32_common.h update.
Andy Polyakov [Tue, 17 Oct 2006 07:00:23 +0000 (07:00 +0000)]
Synchronize SHA1 assembler with md32_common.h update.

18 years agoSupport for .asciz directive in perlasm modules.
Andy Polyakov [Tue, 17 Oct 2006 06:43:11 +0000 (06:43 +0000)]
Support for .asciz directive in perlasm modules.

18 years agoLinking errors on IA64 and typo in aes-ia64.S.
Andy Polyakov [Tue, 17 Oct 2006 06:41:27 +0000 (06:41 +0000)]
Linking errors on IA64 and typo in aes-ia64.S.

18 years agoRe-implement md32_common.h [make it simpler!] and eliminate code rendered
Andy Polyakov [Wed, 11 Oct 2006 11:55:11 +0000 (11:55 +0000)]
Re-implement md32_common.h [make it simpler!] and eliminate code rendered
redundant as result.

18 years agoTypo.
Dr. Stephen Henson [Thu, 5 Oct 2006 21:59:50 +0000 (21:59 +0000)]
Typo.

18 years agoreturn an error if the supplied precomputed values lead to an invalid signature
Nils Larsch [Wed, 4 Oct 2006 19:37:17 +0000 (19:37 +0000)]
return an error if the supplied precomputed values lead to an invalid signature

18 years agoASN1_item_verify needs to initialize ctx before any "goto err" can
Bodo Möller [Wed, 4 Oct 2006 06:14:36 +0000 (06:14 +0000)]
ASN1_item_verify needs to initialize ctx before any "goto err" can
happen; the new code for the OID cross reference table failed to do so.

18 years agoPlace standard CRL behaviour in default X509_CRL_METHOD new functions to
Dr. Stephen Henson [Tue, 3 Oct 2006 02:47:59 +0000 (02:47 +0000)]
Place standard CRL behaviour in default X509_CRL_METHOD new functions to
create, free and set default CRL method.

18 years agoInitialise ctx to NULL to avoid uninitialized free, noticed by
Mark J. Cox [Fri, 29 Sep 2006 08:21:41 +0000 (08:21 +0000)]
Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan

18 years agoAll 0.9.8d patches have been applied to HEAD now, so we no longer need
Bodo Möller [Thu, 28 Sep 2006 13:50:41 +0000 (13:50 +0000)]
All 0.9.8d patches have been applied to HEAD now, so we no longer need
the redundant entries under the 0.9.9 heading.

18 years agoIntroduce limits to prevent malicious keys being able to
Bodo Möller [Thu, 28 Sep 2006 13:45:34 +0000 (13:45 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

18 years agoinclude 0.9.8d and 0.9.7l information
Bodo Möller [Thu, 28 Sep 2006 13:35:01 +0000 (13:35 +0000)]
include 0.9.8d and 0.9.7l information

18 years agoFix ASN.1 parsing of certain invalid structures that can result
Mark J. Cox [Thu, 28 Sep 2006 13:20:44 +0000 (13:20 +0000)]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

18 years agoFix buffer overflow in SSL_get_shared_ciphers() function.
Mark J. Cox [Thu, 28 Sep 2006 13:18:43 +0000 (13:18 +0000)]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

18 years agoFixes for the following claims:
Richard Levitte [Thu, 28 Sep 2006 12:22:58 +0000 (12:22 +0000)]
Fixes for the following claims:

  1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336

18 years agoInitialize new callbacks and make sure hent is always initialized.
Dr. Stephen Henson [Tue, 26 Sep 2006 13:25:19 +0000 (13:25 +0000)]
Initialize new callbacks and make sure hent is always initialized.

18 years agoComplete the change for VMS.
Richard Levitte [Mon, 25 Sep 2006 08:35:35 +0000 (08:35 +0000)]
Complete the change for VMS.

18 years agoSubmitted by: Brad Spencer <spencer@jacknife.org>
Dr. Stephen Henson [Sat, 23 Sep 2006 17:29:49 +0000 (17:29 +0000)]
Submitted by: Brad Spencer <spencer@jacknife.org>
Reviewed by: steve

18 years agoBuffer size handling fix for enc.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:14:22 +0000 (17:14 +0000)]
Buffer size handling fix for enc.

PR:1374