Dr. Stephen Henson [Mon, 21 Nov 2011 22:29:16 +0000 (22:29 +0000)]
bcmp doesn't exist on all platforms, replace with memcmp
Andy Polyakov [Wed, 16 Nov 2011 23:36:40 +0000 (23:36 +0000)]
bsaes-x86_64.pl: fix buffer overrun in tail processing [from HEAD].
Ben Laurie [Tue, 15 Nov 2011 23:51:22 +0000 (23:51 +0000)]
Add TLS exporter.
Ben Laurie [Tue, 15 Nov 2011 23:02:16 +0000 (23:02 +0000)]
Add DTLS-SRTP.
Andy Polyakov [Tue, 15 Nov 2011 13:55:52 +0000 (13:55 +0000)]
aes-armv4.pl: make it link.
Andy Polyakov [Tue, 15 Nov 2011 12:39:48 +0000 (12:39 +0000)]
e_rc4_hmac_md5.c: make it work on darwin64, which is configured with RC4_CHAR.
Andy Polyakov [Tue, 15 Nov 2011 12:20:55 +0000 (12:20 +0000)]
aes-s390x.pl: make it link.
Andy Polyakov [Tue, 15 Nov 2011 12:19:56 +0000 (12:19 +0000)]
Configure, e_aes.c: allow for XTS assembler implementation [from HEAD].
Andy Polyakov [Mon, 14 Nov 2011 21:17:08 +0000 (21:17 +0000)]
e_aes.c: jumbo update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:14:53 +0000 (21:14 +0000)]
ec_cvt.c: performance update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:13:35 +0000 (21:13 +0000)]
c_allc.c: add XTS ciphers [from HEAD].
Andy Polyakov [Mon, 14 Nov 2011 21:12:53 +0000 (21:12 +0000)]
config: platform and poratbility updates from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:12:05 +0000 (21:12 +0000)]
Configure, etc.: engage additional assembler modules.
Andy Polyakov [Mon, 14 Nov 2011 21:09:30 +0000 (21:09 +0000)]
speed.c: add ghash benchmark [from HEAD].
Andy Polyakov [Mon, 14 Nov 2011 21:06:50 +0000 (21:06 +0000)]
x86 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:05:42 +0000 (21:05 +0000)]
BN update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:01:21 +0000 (21:01 +0000)]
x86_64 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:58:01 +0000 (20:58 +0000)]
ARM assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:56:15 +0000 (20:56 +0000)]
Alpha assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:55:24 +0000 (20:55 +0000)]
MIPS assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:54:17 +0000 (20:54 +0000)]
PPC assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:50:15 +0000 (20:50 +0000)]
PA-RISC assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:48:35 +0000 (20:48 +0000)]
SPARCv9 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:47:22 +0000 (20:47 +0000)]
s390x assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:45:57 +0000 (20:45 +0000)]
IA64 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:44:20 +0000 (20:44 +0000)]
perlasm update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:42:22 +0000 (20:42 +0000)]
Mafiles updates to accomodate assembler update from HEAD.
Dr. Stephen Henson [Mon, 14 Nov 2011 14:16:09 +0000 (14:16 +0000)]
DH keys have an (until now) unused 'q' parameter. When creating from DSA copy
q across and if q present generate DH key in the correct range. (from HEAD)
Dr. Stephen Henson [Mon, 14 Nov 2011 14:15:29 +0000 (14:15 +0000)]
Call OPENSSL_init after we've checked to see if customisation is permissible.
Ben Laurie [Mon, 14 Nov 2011 02:42:26 +0000 (02:42 +0000)]
Ignorance.
Ben Laurie [Mon, 14 Nov 2011 02:25:04 +0000 (02:25 +0000)]
Next Protocol Negotiation.
Ben Laurie [Sun, 13 Nov 2011 21:55:42 +0000 (21:55 +0000)]
Add Next Protocol Negotiation.
Ben Laurie [Sun, 13 Nov 2011 20:23:34 +0000 (20:23 +0000)]
make depend.
Ben Laurie [Sun, 13 Nov 2011 20:19:21 +0000 (20:19 +0000)]
Fix one of the no-tlsext build errors (there are more).
Dr. Stephen Henson [Sun, 13 Nov 2011 13:13:14 +0000 (13:13 +0000)]
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
Andy Polyakov [Tue, 8 Nov 2011 21:28:14 +0000 (21:28 +0000)]
x86cpuid.pl: compensate for imaginary virtual machines [from HEAD].
PR: 2633
Andy Polyakov [Sat, 5 Nov 2011 10:44:25 +0000 (10:44 +0000)]
x86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs.
PR: 2633
Andy Polyakov [Sat, 5 Nov 2011 10:16:30 +0000 (10:16 +0000)]
ppc.pl: fix bug in bn_mul_comba4 [from HEAD].
PR: 2636
Submitted by: Charles Bryant
Richard Levitte [Sun, 30 Oct 2011 11:45:30 +0000 (11:45 +0000)]
Add missing algorithms to disable, and in particular, disable
EC_NISTP_64_GCC_128 by default, as GCC isn't currently supported on
VMS. Add CMAC to the modules to build, and synchronise with Unix.
Richard Levitte [Sun, 30 Oct 2011 11:40:56 +0000 (11:40 +0000)]
Teach mkshared.com to have a look for disabled algorithms in opensslconf.h
Dr. Stephen Henson [Thu, 27 Oct 2011 13:06:43 +0000 (13:06 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
Dr. Stephen Henson [Thu, 27 Oct 2011 13:01:20 +0000 (13:01 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix for ECC keys and DTLS.
Dr. Stephen Henson [Wed, 26 Oct 2011 16:43:23 +0000 (16:43 +0000)]
PR: 2632
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve
Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
Dr. Stephen Henson [Tue, 25 Oct 2011 12:52:47 +0000 (12:52 +0000)]
Use correct tag for SRP username.
Dr. Stephen Henson [Fri, 21 Oct 2011 13:04:27 +0000 (13:04 +0000)]
Update error codes for FIPS.
Add support for authentication in FIPS_mode_set().
Dr. Stephen Henson [Fri, 21 Oct 2011 12:53:07 +0000 (12:53 +0000)]
Recognise new ECC option (from HEAD).
Bodo Möller [Wed, 19 Oct 2011 15:24:44 +0000 (15:24 +0000)]
"make update"
Bodo Möller [Wed, 19 Oct 2011 14:58:59 +0000 (14:58 +0000)]
BN_BLINDING multi-threading fix.
Submitted by: Emilia Kasper (Google)
Bodo Möller [Wed, 19 Oct 2011 09:24:05 +0000 (09:24 +0000)]
Fix indentation
Bodo Möller [Wed, 19 Oct 2011 08:58:35 +0000 (08:58 +0000)]
Fix warnings.
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
Bodo Möller [Tue, 18 Oct 2011 19:43:54 +0000 (19:43 +0000)]
Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)
Submitted by: Google Inc.
Dr. Stephen Henson [Sat, 15 Oct 2011 13:22:26 +0000 (13:22 +0000)]
Recognise no-rsax option.
Andy Polyakov [Fri, 14 Oct 2011 09:34:14 +0000 (09:34 +0000)]
e_aes.c: fix bug in aesni_gcm_tls_cipher [in HEAD].
Andy Polyakov [Fri, 14 Oct 2011 09:21:03 +0000 (09:21 +0000)]
aesni-x86[_64].pl: pull from HEAD.
Bodo Möller [Thu, 13 Oct 2011 15:07:05 +0000 (15:07 +0000)]
use -no_ecdhe when using -no_dhe
Bodo Möller [Thu, 13 Oct 2011 13:42:29 +0000 (13:42 +0000)]
Make CTR mode behaviour consistent with other modes:
clear ctx->num in EVP_CipherInit_ex
Submitted by: Emilia Kasper
Bodo Möller [Thu, 13 Oct 2011 13:25:03 +0000 (13:25 +0000)]
Clarify warning
Bodo Möller [Thu, 13 Oct 2011 13:05:35 +0000 (13:05 +0000)]
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Submitted by: Bob Buckholz <bbuckholz@google.com>
Dr. Stephen Henson [Thu, 13 Oct 2011 11:43:44 +0000 (11:43 +0000)]
For now disable RSAX ENGINE for FIPS builds: it sets a non-FIPS RSA
method which stops FIPS mode working.
Dr. Stephen Henson [Wed, 12 Oct 2011 21:55:42 +0000 (21:55 +0000)]
increase test RSA key size to 1024 bits
Dr. Stephen Henson [Tue, 11 Oct 2011 18:16:02 +0000 (18:16 +0000)]
update pkey method initialisation and copy
Dr. Stephen Henson [Mon, 10 Oct 2011 22:33:50 +0000 (22:33 +0000)]
Backport ossl_ssize_t type from HEAD.
Dr. Stephen Henson [Mon, 10 Oct 2011 20:34:17 +0000 (20:34 +0000)]
def_rsa_finish not used anymore.
Dr. Stephen Henson [Mon, 10 Oct 2011 14:09:05 +0000 (14:09 +0000)]
fix leak properly this time...
Dr. Stephen Henson [Mon, 10 Oct 2011 12:56:11 +0000 (12:56 +0000)]
add GCM ciphers in SSL_library_init
Dr. Stephen Henson [Mon, 10 Oct 2011 12:40:13 +0000 (12:40 +0000)]
disable GCM if not available
Dr. Stephen Henson [Mon, 10 Oct 2011 00:27:52 +0000 (00:27 +0000)]
Add some entries for 1.0.1 in NEWS.
Dr. Stephen Henson [Mon, 10 Oct 2011 00:23:14 +0000 (00:23 +0000)]
sync NEWS with 1.0.0 branch
Dr. Stephen Henson [Sun, 9 Oct 2011 23:28:25 +0000 (23:28 +0000)]
Don't disable TLS v1.2 by default any more.
Dr. Stephen Henson [Sun, 9 Oct 2011 23:14:20 +0000 (23:14 +0000)]
Update ordinals.
Dr. Stephen Henson [Sun, 9 Oct 2011 23:13:50 +0000 (23:13 +0000)]
Backport PSS signature support from HEAD.
Dr. Stephen Henson [Sun, 9 Oct 2011 23:11:09 +0000 (23:11 +0000)]
fix CHANGES entry
Dr. Stephen Henson [Sun, 9 Oct 2011 23:09:22 +0000 (23:09 +0000)]
fix memory leaks
Dr. Stephen Henson [Sun, 9 Oct 2011 16:04:17 +0000 (16:04 +0000)]
Fix memory leak. From HEAD.
Dr. Stephen Henson [Sun, 9 Oct 2011 15:28:52 +0000 (15:28 +0000)]
Update ordinals.
Dr. Stephen Henson [Sun, 9 Oct 2011 15:28:02 +0000 (15:28 +0000)]
Backport of password based CMS support from HEAD.
Dr. Stephen Henson [Sun, 9 Oct 2011 00:56:43 +0000 (00:56 +0000)]
PR: 2482
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
Dr. Stephen Henson [Fri, 7 Oct 2011 15:07:36 +0000 (15:07 +0000)]
use client version when eliminating TLS v1.2 ciphersuites in client hello
Dr. Stephen Henson [Thu, 6 Oct 2011 20:45:08 +0000 (20:45 +0000)]
? crypto/aes/aes-armv4.S
? crypto/aes/aesni-sha1-x86_64.s
? crypto/aes/aesni-x86_64.s
? crypto/aes/foo.pl
? crypto/aes/vpaes-x86_64.s
? crypto/bn/.bn_lib.c.swp
? crypto/bn/armv4-gf2m.S
? crypto/bn/diffs
? crypto/bn/modexp512-x86_64.s
? crypto/bn/x86_64-gf2m.s
? crypto/bn/x86_64-mont5.s
? crypto/ec/bc.txt
? crypto/ec/diffs
? crypto/modes/a.out
? crypto/modes/diffs
? crypto/modes/ghash-armv4.S
? crypto/modes/ghash-x86_64.s
? crypto/modes/op.h
? crypto/modes/tst.c
? crypto/modes/x.h
? crypto/objects/.obj_xref.txt.swp
? crypto/rand/diffs
? crypto/sha/sha-512
? crypto/sha/sha1-armv4-large.S
? crypto/sha/sha256-armv4.S
? crypto/sha/sha512-armv4.S
Index: crypto/objects/obj_xref.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v
retrieving revision 1.9
diff -u -r1.9 obj_xref.c
--- crypto/objects/obj_xref.c 5 Nov 2008 18:38:58 -0000 1.9
+++ crypto/objects/obj_xref.c 6 Oct 2011 20:30:21 -0000
@@ -110,8 +110,10 @@
#endif
if (rv == NULL)
return 0;
- *pdig_nid = rv->hash_id;
- *ppkey_nid = rv->pkey_id;
+ if (pdig_nid)
+ *pdig_nid = rv->hash_id;
+ if (ppkey_nid)
+ *ppkey_nid = rv->pkey_id;
return 1;
}
@@ -144,7 +146,8 @@
#endif
if (rv == NULL)
return 0;
- *psignid = (*rv)->sign_id;
+ if (psignid)
+ *psignid = (*rv)->sign_id;
return 1;
}
Index: crypto/x509/x509type.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v
retrieving revision 1.10
diff -u -r1.10 x509type.c
--- crypto/x509/x509type.c 26 Oct 2007 12:06:33 -0000 1.10
+++ crypto/x509/x509type.c 6 Oct 2011 20:36:04 -0000
@@ -100,20 +100,26 @@
break;
}
- i=X509_get_signature_type(x);
- switch (i)
+ i=OBJ_obj2nid(x->sig_alg->algorithm);
+ if (i && OBJ_find_sigid_algs(i, NULL, &i))
{
- case EVP_PKEY_RSA:
- ret|=EVP_PKS_RSA;
- break;
- case EVP_PKEY_DSA:
- ret|=EVP_PKS_DSA;
- break;
- case EVP_PKEY_EC:
- ret|=EVP_PKS_EC;
- break;
- default:
- break;
+
+ switch (i)
+ {
+ case NID_rsaEncryption:
+ case NID_rsa:
+ ret|=EVP_PKS_RSA;
+ break;
+ case NID_dsa:
+ case NID_dsa_2:
+ ret|=EVP_PKS_DSA;
+ break;
+ case NID_X9_62_id_ecPublicKey:
+ ret|=EVP_PKS_EC;
+ break;
+ default:
+ break;
+ }
}
if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
Dr. Stephen Henson [Mon, 26 Sep 2011 17:04:41 +0000 (17:04 +0000)]
fix signed/unsigned warning
Dr. Stephen Henson [Sat, 24 Sep 2011 23:06:35 +0000 (23:06 +0000)]
make sure eivlen is initialised
Dr. Stephen Henson [Fri, 23 Sep 2011 21:48:50 +0000 (21:48 +0000)]
use keyformat for -x509toreq, don't hard code PEM
Dr. Stephen Henson [Fri, 23 Sep 2011 13:39:35 +0000 (13:39 +0000)]
PR: 2606
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve
Handle timezones correctly in UTCTime.
Dr. Stephen Henson [Fri, 23 Sep 2011 13:35:05 +0000 (13:35 +0000)]
PR: 2602
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS bug which prevents manual MTU setting
Dr. Stephen Henson [Fri, 23 Sep 2011 13:12:41 +0000 (13:12 +0000)]
PR: 2347
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve
Fix usage message.
Dr. Stephen Henson [Fri, 16 Sep 2011 23:15:22 +0000 (23:15 +0000)]
make depend
Dr. Stephen Henson [Fri, 16 Sep 2011 23:12:34 +0000 (23:12 +0000)]
Improved error checking for DRBG calls.
New functionality to allow default DRBG type to be set during compilation or during runtime.
Dr. Stephen Henson [Fri, 16 Sep 2011 23:08:57 +0000 (23:08 +0000)]
Improved error checking for DRBG calls.
New functionality to allow default DRBG type to be set during compilation
or during runtime.
Dr. Stephen Henson [Fri, 16 Sep 2011 23:04:07 +0000 (23:04 +0000)]
Typo.
Dr. Stephen Henson [Sat, 10 Sep 2011 21:18:37 +0000 (21:18 +0000)]
Fix warnings (from HEAD).
Dr. Stephen Henson [Tue, 6 Sep 2011 15:14:41 +0000 (15:14 +0000)]
Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
produce an error (CVE-2011-3207)
Andy Polyakov [Mon, 5 Sep 2011 16:33:48 +0000 (16:33 +0000)]
config: don't add -Wa options with no-asm [from HEAD].
Bodo Möller [Mon, 5 Sep 2011 13:43:53 +0000 (13:43 +0000)]
oops
Bodo Möller [Mon, 5 Sep 2011 13:36:55 +0000 (13:36 +0000)]
Fix session handling.
Bodo Möller [Mon, 5 Sep 2011 13:31:07 +0000 (13:31 +0000)]
Fix d2i_SSL_SESSION.
Bodo Möller [Mon, 5 Sep 2011 10:25:27 +0000 (10:25 +0000)]
(EC)DH memory handling fixes.
Submitted by: Adam Langley
Bodo Möller [Mon, 5 Sep 2011 09:57:15 +0000 (09:57 +0000)]
Fix memory leak on bad inputs.
Bodo Möller [Mon, 5 Sep 2011 09:44:54 +0000 (09:44 +0000)]
make update
Bodo Möller [Mon, 5 Sep 2011 09:43:56 +0000 (09:43 +0000)]
Fix expected DEFFLAG for default config.
Bodo Möller [Mon, 5 Sep 2011 09:42:55 +0000 (09:42 +0000)]
Fix error codes.