oweals/openssl.git
17 years agoSSL_kKRB5 ciphersuites shouldn't be preferred by default
Bodo Möller [Tue, 20 Feb 2007 16:39:58 +0000 (16:39 +0000)]
SSL_kKRB5 ciphersuites shouldn't be preferred by default

17 years agoImprove ciphersuite order stability when disabling ciphersuites.
Bodo Möller [Tue, 20 Feb 2007 16:36:58 +0000 (16:36 +0000)]
Improve ciphersuite order stability when disabling ciphersuites.
Change ssl_create_cipher_list() to prefer ephemeral ECDH over
ephemeral DH.

17 years agofix a typo in the new ciphersuite ordering code
Bodo Möller [Tue, 20 Feb 2007 13:25:36 +0000 (13:25 +0000)]
fix a typo in the new ciphersuite ordering code

17 years agoInclude "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
Bodo Möller [Mon, 19 Feb 2007 18:41:41 +0000 (18:41 +0000)]
Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.

Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".

17 years agofix warnings for CIPHER_DEBUG builds
Bodo Möller [Mon, 19 Feb 2007 16:59:13 +0000 (16:59 +0000)]
fix warnings for CIPHER_DEBUG builds

17 years agofix warnings/inconsistencies caused by the recent changes to the
Bodo Möller [Mon, 19 Feb 2007 14:53:18 +0000 (14:53 +0000)]
fix warnings/inconsistencies caused by the recent changes to the
ciphersuite selection code in HEAD

Submitted by: Victor Duchovni

17 years agofix incorrect strength bit values for certain Kerberos ciphersuites
Bodo Möller [Mon, 19 Feb 2007 14:49:12 +0000 (14:49 +0000)]
fix incorrect strength bit values for certain Kerberos ciphersuites

Submitted by: Victor Duchovni

17 years agoUpdates from 0.9.8-stable branch.
Dr. Stephen Henson [Sun, 18 Feb 2007 18:21:57 +0000 (18:21 +0000)]
Updates from 0.9.8-stable branch.

17 years agoReorganize the data used for SSL ciphersuite pattern matching.
Bodo Möller [Sat, 17 Feb 2007 06:45:38 +0000 (06:45 +0000)]
Reorganize the data used for SSL ciphersuite pattern matching.
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).

In some cases the ciphersuite list generated from a given string is
affected by this change.  I hope this is just in those cases where the
previous behaviour did not make sense.

17 years agoensure that the EVP_CIPHER_CTX object is initialized
Nils Larsch [Fri, 16 Feb 2007 20:34:15 +0000 (20:34 +0000)]
ensure that the EVP_CIPHER_CTX object is initialized

PR: 1490

17 years agoAdd STARTTLS support for IMAP and FTP.
Richard Levitte [Fri, 16 Feb 2007 18:12:16 +0000 (18:12 +0000)]
Add STARTTLS support for IMAP and FTP.
Submitted by Kees Cook <kees@outflux.net>

17 years ago- use OPENSSL_malloc() etc. in zlib
Nils Larsch [Wed, 14 Feb 2007 21:52:01 +0000 (21:52 +0000)]
- use OPENSSL_malloc() etc. in zlib
- move zlib_stateful_ex_idx initialization to COMP_zlib()

PR: 1468

17 years agoavoid shifting input
Nils Larsch [Sun, 11 Feb 2007 19:33:21 +0000 (19:33 +0000)]
avoid shifting input

17 years agouse user-supplied malloc functions for persistent kssl objects
Nils Larsch [Sat, 10 Feb 2007 10:42:48 +0000 (10:42 +0000)]
use user-supplied malloc functions for persistent kssl objects

PR: 1467
Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>

17 years agoremove unreachable code
Nils Larsch [Sat, 10 Feb 2007 09:45:07 +0000 (09:45 +0000)]
remove unreachable code

17 years agoPR: 1483
Dr. Stephen Henson [Fri, 9 Feb 2007 19:43:04 +0000 (19:43 +0000)]
PR: 1483

Add support for GOST 28147-89 in Gost ENGINE.

17 years agoAdd -hmac option to dgst from 0.9.7 stable branch.
Dr. Stephen Henson [Thu, 8 Feb 2007 19:07:43 +0000 (19:07 +0000)]
Add -hmac option to dgst from 0.9.7 stable branch.

17 years agoremove unused variable
Nils Larsch [Wed, 7 Feb 2007 20:49:58 +0000 (20:49 +0000)]
remove unused variable

17 years agoensure that a ec key is used
Nils Larsch [Wed, 7 Feb 2007 20:28:19 +0000 (20:28 +0000)]
ensure that a ec key is used

PR: 1476

17 years agoAfter objects have been freed, NULLify the pointers so there will be no double
Richard Levitte [Wed, 7 Feb 2007 01:42:46 +0000 (01:42 +0000)]
After objects have been freed, NULLify the pointers so there will be no double
free of those objects

17 years agofix typo
Nils Larsch [Tue, 6 Feb 2007 19:48:42 +0000 (19:48 +0000)]
fix typo

17 years agoadd note about 56 bit ciphers
Nils Larsch [Tue, 6 Feb 2007 19:41:01 +0000 (19:41 +0000)]
add note about 56 bit ciphers

PR: 1461

17 years agoUpdate from fips2 branch.
Dr. Stephen Henson [Sat, 3 Feb 2007 17:32:49 +0000 (17:32 +0000)]
Update from fips2 branch.

17 years agoadd support for DSA with SHA2
Nils Larsch [Sat, 3 Feb 2007 14:41:12 +0000 (14:41 +0000)]
add support for DSA with SHA2

17 years agofix documentation
Nils Larsch [Sat, 3 Feb 2007 10:28:08 +0000 (10:28 +0000)]
fix documentation

PR: 1466

17 years agofix potential memory leaks
Nils Larsch [Sat, 3 Feb 2007 09:55:42 +0000 (09:55 +0000)]
fix potential memory leaks

PR: 1462

17 years agoMinimize aes_core.c footprint when AES_[en|de]crypt is implemented in
Andy Polyakov [Thu, 25 Jan 2007 20:47:00 +0000 (20:47 +0000)]
Minimize aes_core.c footprint when AES_[en|de]crypt is implemented in
assembler.

17 years agoMinor touch to aes-armv4.pl.
Andy Polyakov [Thu, 25 Jan 2007 11:28:07 +0000 (11:28 +0000)]
Minor touch to aes-armv4.pl.

17 years agoAES for ARMv4.
Andy Polyakov [Thu, 25 Jan 2007 10:44:48 +0000 (10:44 +0000)]
AES for ARMv4.

17 years agoMinor optimization for sha1-armv4 module.
Andy Polyakov [Thu, 25 Jan 2007 10:44:18 +0000 (10:44 +0000)]
Minor optimization for sha1-armv4 module.

17 years agoUpdate from 0.9.7-stable.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:53:48 +0000 (17:53 +0000)]
Update from 0.9.7-stable.

17 years agoSHA1 for ARMv4 and Thumb.
Andy Polyakov [Mon, 22 Jan 2007 20:33:46 +0000 (20:33 +0000)]
SHA1 for ARMv4 and Thumb.

17 years agoConstify version strings is ssl lib.
Dr. Stephen Henson [Sun, 21 Jan 2007 16:06:05 +0000 (16:06 +0000)]
Constify version strings is ssl lib.

17 years agoConstify version strings and some structures.
Dr. Stephen Henson [Sun, 21 Jan 2007 13:07:17 +0000 (13:07 +0000)]
Constify version strings and some structures.

17 years agoAdd AOL an AOLTW root CAs to bundle.
Dr. Stephen Henson [Thu, 18 Jan 2007 21:24:44 +0000 (21:24 +0000)]
Add AOL an AOLTW root CAs to bundle.

17 years agoMake armv4t-mont module backward binary compatible with armv4 and rename it
Andy Polyakov [Wed, 17 Jan 2007 20:12:41 +0000 (20:12 +0000)]
Make armv4t-mont module backward binary compatible with armv4 and rename it
accordingly.

17 years agoUpdate to new home page
Lutz Jänicke [Fri, 12 Jan 2007 18:47:13 +0000 (18:47 +0000)]
Update to new home page

17 years agoMontgomery multiplication for ARMv4.
Andy Polyakov [Thu, 11 Jan 2007 21:43:25 +0000 (21:43 +0000)]
Montgomery multiplication for ARMv4.

17 years agoremove undefined constant
Nils Larsch [Wed, 3 Jan 2007 20:00:32 +0000 (20:00 +0000)]
remove undefined constant

17 years agoopensslwrap.sh to respect $OPENSSL_ENGINES.
Andy Polyakov [Fri, 29 Dec 2006 15:00:36 +0000 (15:00 +0000)]
opensslwrap.sh to respect $OPENSSL_ENGINES.

17 years ago#include <stddef.h> in digest headers.
Andy Polyakov [Fri, 29 Dec 2006 14:51:42 +0000 (14:51 +0000)]
#include <stddef.h> in digest headers.

Submitted by: Kurt Roeckx <kurt@roeckx.be>

17 years agoMontgomery multiplication for MIPS III/IV. Not engaged.
Andy Polyakov [Fri, 29 Dec 2006 11:09:33 +0000 (11:09 +0000)]
Montgomery multiplication for MIPS III/IV. Not engaged.

17 years agoMinor clean-up in crypto/bn/asm.
Andy Polyakov [Fri, 29 Dec 2006 11:05:20 +0000 (11:05 +0000)]
Minor clean-up in crypto/bn/asm.

17 years agoMinor clean-up in crypto/engine.
Andy Polyakov [Fri, 29 Dec 2006 10:55:43 +0000 (10:55 +0000)]
Minor clean-up in crypto/engine.

17 years agoAllow opensslwrap.sh to access engines from build tree.
Andy Polyakov [Fri, 29 Dec 2006 10:53:09 +0000 (10:53 +0000)]
Allow opensslwrap.sh to access engines from build tree.

17 years agoMove eng_padlock.c to ./engines.
Andy Polyakov [Fri, 29 Dec 2006 10:42:24 +0000 (10:42 +0000)]
Move eng_padlock.c to ./engines.

Submitted by: Michal Ludvig <michal@logix.cz>

17 years agoMinor performance improvements to x86-mont.pl.
Andy Polyakov [Thu, 28 Dec 2006 12:43:16 +0000 (12:43 +0000)]
Minor performance improvements to x86-mont.pl.

17 years agoFix for "strange errors" exposed by ccgost engine. The fix is
Andy Polyakov [Wed, 27 Dec 2006 10:59:51 +0000 (10:59 +0000)]
Fix for "strange errors" exposed by ccgost engine. The fix is
two extra insructions in sqradd loop at line #503.

17 years agofix return value of get_cert_chain()
Nils Larsch [Wed, 27 Dec 2006 09:40:52 +0000 (09:40 +0000)]
fix return value of get_cert_chain()

PR: 1441

17 years agoSynchronise a bit more with Unixly build
Richard Levitte [Tue, 26 Dec 2006 21:20:15 +0000 (21:20 +0000)]
Synchronise a bit more with Unixly build

17 years agoNeeded definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will see
Richard Levitte [Mon, 25 Dec 2006 10:54:14 +0000 (10:54 +0000)]
Needed definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will see
the declarations of fd_set, select() and so on.

17 years agoReplace strdup() with BUF_strdup().
Richard Levitte [Mon, 25 Dec 2006 09:43:46 +0000 (09:43 +0000)]
Replace strdup() with BUF_strdup().

17 years agoSynchronise with Unixly build, again ;-)
Richard Levitte [Sun, 24 Dec 2006 20:25:51 +0000 (20:25 +0000)]
Synchronise with Unixly build, again ;-)

17 years agoAdd bit I missed from PKCS#7 streaming encoder.
Dr. Stephen Henson [Sun, 24 Dec 2006 16:46:47 +0000 (16:46 +0000)]
Add bit I missed from PKCS#7 streaming encoder.

17 years agoExperimental streaming PKCS#7 support.
Dr. Stephen Henson [Sun, 24 Dec 2006 16:22:56 +0000 (16:22 +0000)]
Experimental streaming PKCS#7 support.

I thought it was about time I dusted this off. This stuff had been sitting on
my hard drive for *ages* (2003 in fact). Hasn't been tested well and may not
work properly.

Nothing uses it at present which is just as well.

Think of this as a traditional Christmas present which looks far more
impressive in the adverts and on the box, some of the bits are missing and
falls to bits if you play with it too much.

17 years agoSynchronise with Unixly build
Richard Levitte [Sun, 24 Dec 2006 09:27:23 +0000 (09:27 +0000)]
Synchronise with Unixly build

17 years agoOops! New prototype code creeped through...
Andy Polyakov [Fri, 22 Dec 2006 15:47:01 +0000 (15:47 +0000)]
Oops! New prototype code creeped through...

17 years agoMake sha.h more "portable."
Andy Polyakov [Fri, 22 Dec 2006 15:42:06 +0000 (15:42 +0000)]
Make sha.h more "portable."

17 years agox86-mont.pl sse2 tune-up and integer-only squaring procedure.
Andy Polyakov [Fri, 22 Dec 2006 15:28:07 +0000 (15:28 +0000)]
x86-mont.pl sse2 tune-up and integer-only squaring procedure.

17 years agouse OPENSSL_NO_DYNAMIC_ENGINE macro, disable debug messages
Nils Larsch [Fri, 22 Dec 2006 09:21:29 +0000 (09:21 +0000)]
use OPENSSL_NO_DYNAMIC_ENGINE macro, disable debug messages

PR: 1440
Submitted by: Victor B. Wagner" <vitus@cryptocom.ru>

17 years agofix typos
Nils Larsch [Thu, 21 Dec 2006 21:13:27 +0000 (21:13 +0000)]
fix typos

PR: 1354, 1355, 1398, 1408

17 years agoupdate pkcs12 help message + manpage
Nils Larsch [Thu, 21 Dec 2006 20:36:15 +0000 (20:36 +0000)]
update pkcs12 help message + manpage

PR: 1443
Submitted by: Artem Chuprina <ran@cryptocom.ru>

17 years agofix order
Nils Larsch [Thu, 21 Dec 2006 19:50:48 +0000 (19:50 +0000)]
fix order

PR: 1442

17 years agoupdate
Nils Larsch [Thu, 21 Dec 2006 19:48:47 +0000 (19:48 +0000)]
update

17 years agoadd support for ecdsa-with-sha256 etc.
Nils Larsch [Wed, 20 Dec 2006 08:58:54 +0000 (08:58 +0000)]
add support for ecdsa-with-sha256 etc.

17 years agoremove trailing '\'
Nils Larsch [Tue, 19 Dec 2006 19:49:02 +0000 (19:49 +0000)]
remove trailing '\'

PR: 1438

17 years agoFix the BIT STRING encoding of EC points or parameter seeds
Bodo Möller [Tue, 19 Dec 2006 15:11:37 +0000 (15:11 +0000)]
Fix the BIT STRING encoding of EC points or parameter seeds
(need to prevent the removal of trailing zero bits).

17 years agofix order
Nils Larsch [Mon, 18 Dec 2006 22:20:27 +0000 (22:20 +0000)]
fix order

17 years agoproperly initialize SSL context, check return value
Nils Larsch [Wed, 13 Dec 2006 22:06:37 +0000 (22:06 +0000)]
properly initialize SSL context, check return value

17 years agouse const ASN1_TIME *
Nils Larsch [Mon, 11 Dec 2006 22:35:51 +0000 (22:35 +0000)]
use const ASN1_TIME *

17 years agoEliminate 64-bit alignment limitation in sparcv9a-mont.
Andy Polyakov [Fri, 8 Dec 2006 15:18:41 +0000 (15:18 +0000)]
Eliminate 64-bit alignment limitation in sparcv9a-mont.

17 years agoEngage alpha-mont module. Actually verified on Tru64 only.
Andy Polyakov [Fri, 8 Dec 2006 14:42:19 +0000 (14:42 +0000)]
Engage alpha-mont module. Actually verified on Tru64 only.

17 years agoalpha-mont.pl: gcc portability fix and make-rule.
Andy Polyakov [Fri, 8 Dec 2006 14:18:58 +0000 (14:18 +0000)]
alpha-mont.pl: gcc portability fix and make-rule.

17 years agoMinor, +10%, tune-up for x86_64-mont.pl.
Andy Polyakov [Fri, 8 Dec 2006 10:13:51 +0000 (10:13 +0000)]
Minor, +10%, tune-up for x86_64-mont.pl.

17 years agoMontgomery multiplication routine for Alpha.
Andy Polyakov [Fri, 8 Dec 2006 10:12:56 +0000 (10:12 +0000)]
Montgomery multiplication routine for Alpha.

17 years agoUpdate from 0.9.7-stable branch.
Dr. Stephen Henson [Thu, 7 Dec 2006 13:29:08 +0000 (13:29 +0000)]
Update from 0.9.7-stable branch.

17 years agoSync OID NIDs with OpenSSL 0.9.8.
Dr. Stephen Henson [Wed, 6 Dec 2006 13:44:21 +0000 (13:44 +0000)]
Sync OID NIDs with OpenSSL 0.9.8.

17 years agoFix change to OPENSSL_NO_RFC3779
Dr. Stephen Henson [Wed, 6 Dec 2006 13:36:48 +0000 (13:36 +0000)]
Fix change to OPENSSL_NO_RFC3779

17 years agofix documentation
Nils Larsch [Wed, 6 Dec 2006 09:10:59 +0000 (09:10 +0000)]
fix documentation

PR: 1343

17 years agoavoid duplicate entries in add_cert_dir()
Nils Larsch [Tue, 5 Dec 2006 21:21:37 +0000 (21:21 +0000)]
avoid duplicate entries in add_cert_dir()

PR: 1407
Submitted by: Tomas Mraz <tmraz@redhat.com>

17 years agoreturn 0 if 'noout' is used and no error has occurred
Nils Larsch [Tue, 5 Dec 2006 20:09:25 +0000 (20:09 +0000)]
return 0 if 'noout' is used and no error has occurred

PR: 1435
Submitted by: "Haridharan" <haridharan@gmail.com>

17 years agoallocate a new attributes entry in X509_REQ_add_extensions()
Nils Larsch [Mon, 4 Dec 2006 19:11:57 +0000 (19:11 +0000)]
allocate a new attributes entry in X509_REQ_add_extensions()
if it's NULL (in case of a malformed pkcs10 request)

PR: 1347
Submitted by: Remo Inverardi <invi@your.toilet.ch>

17 years agoadd "Certificate Issuer" and "Subject Directory Attributes" OIDs
Nils Larsch [Mon, 4 Dec 2006 18:51:06 +0000 (18:51 +0000)]
add "Certificate Issuer" and "Subject Directory Attributes" OIDs

PR: 1433

17 years agoEliminate redundant variable in Camellia CBC routine.
Andy Polyakov [Sat, 2 Dec 2006 11:52:50 +0000 (11:52 +0000)]
Eliminate redundant variable in Camellia CBC routine.

17 years agoImprove Camellia code readability.
Andy Polyakov [Sat, 2 Dec 2006 11:12:13 +0000 (11:12 +0000)]
Improve Camellia code readability.

17 years agoFix bugs in Camellia CBC routine.
Andy Polyakov [Sat, 2 Dec 2006 10:56:45 +0000 (10:56 +0000)]
Fix bugs in Camellia CBC routine.

17 years agoCamellia portability fixes.
Andy Polyakov [Sat, 2 Dec 2006 10:38:40 +0000 (10:38 +0000)]
Camellia portability fixes.

Submitted by: Masashi Fujita, NTT

17 years agoadd support for whirlpool in apps/speed
Nils Larsch [Fri, 1 Dec 2006 21:42:55 +0000 (21:42 +0000)]
add support for whirlpool in apps/speed

PR: 1338
Submitted by: justin@soze.net

17 years agoFix default dependency flags.
Dr. Stephen Henson [Thu, 30 Nov 2006 13:55:30 +0000 (13:55 +0000)]
Fix default dependency flags.

17 years agoImport ordinals from 0.9.8 and update.
Dr. Stephen Henson [Thu, 30 Nov 2006 13:47:22 +0000 (13:47 +0000)]
Import ordinals from 0.9.8 and update.

17 years agoUpdate dependencies.
Dr. Stephen Henson [Thu, 30 Nov 2006 13:41:47 +0000 (13:41 +0000)]
Update dependencies.

17 years agoWin32 fixes from stable branch.
Dr. Stephen Henson [Thu, 30 Nov 2006 13:39:34 +0000 (13:39 +0000)]
Win32 fixes from stable branch.

17 years agoreplace macros with functions
Nils Larsch [Wed, 29 Nov 2006 20:54:57 +0000 (20:54 +0000)]
replace macros with functions

Submitted by: Tracy Camp <tracyx.e.camp@intel.com>

17 years agofix support for receiving fragmented handshake messages
Bodo Möller [Wed, 29 Nov 2006 14:45:50 +0000 (14:45 +0000)]
fix support for receiving fragmented handshake messages

17 years agoClarify HAL SPARC64 support situation in sparcv9a-mont.pl.
Andy Polyakov [Tue, 28 Nov 2006 11:07:36 +0000 (11:07 +0000)]
Clarify HAL SPARC64 support situation in sparcv9a-mont.pl.

17 years agoMinor optimizations based on intruction level profiler feedback.
Andy Polyakov [Tue, 28 Nov 2006 10:34:51 +0000 (10:34 +0000)]
Minor optimizations based on intruction level profiler feedback.

17 years agoModulo-schedule loops in sparcv9a-mont.pl. Overall improvement factor
Andy Polyakov [Tue, 28 Nov 2006 07:24:26 +0000 (07:24 +0000)]
Modulo-schedule loops in sparcv9a-mont.pl. Overall improvement factor
over 0.9.8 is up to 3x on USI&II cores and up to 80% - on USIII&IV.

17 years agoThis is "informational" commit. Its mere purpose is to expose "modulo
Andy Polyakov [Tue, 28 Nov 2006 07:20:36 +0000 (07:20 +0000)]
This is "informational" commit. Its mere purpose is to expose "modulo
factor" in inner loops.

17 years agoNon-SSE2 path to bn_mul_mont. But it's disabled, because it currently
Andy Polyakov [Mon, 27 Nov 2006 14:59:35 +0000 (14:59 +0000)]
Non-SSE2 path to bn_mul_mont. But it's disabled, because it currently
doesn't give performance improvement.

17 years agoAdd RFC 3779 support.
Ben Laurie [Mon, 27 Nov 2006 14:18:05 +0000 (14:18 +0000)]
Add RFC 3779 support.