Dr. Stephen Henson [Tue, 7 Nov 2006 13:44:03 +0000 (13:44 +0000)]
Fix link for ASN1_generate_nconf
Dr. Stephen Henson [Tue, 7 Nov 2006 13:17:02 +0000 (13:17 +0000)]
Typo.
Dr. Stephen Henson [Tue, 7 Nov 2006 13:13:14 +0000 (13:13 +0000)]
Add v3 ref to see also sections.
Dr. Stephen Henson [Tue, 7 Nov 2006 12:51:27 +0000 (12:51 +0000)]
Add documentetion for noCheck extension and add a few cross references to
the extension documentation.
Nils Larsch [Mon, 6 Nov 2006 20:10:44 +0000 (20:10 +0000)]
fix warning
Nils Larsch [Mon, 6 Nov 2006 19:53:39 +0000 (19:53 +0000)]
remove SSLEAY_MACROS code
Nils Larsch [Fri, 27 Oct 2006 21:58:09 +0000 (21:58 +0000)]
update md docs
Nils Larsch [Fri, 27 Oct 2006 21:25:53 +0000 (21:25 +0000)]
fix OPENSSL_NO_foo defines
Dr. Stephen Henson [Fri, 27 Oct 2006 11:43:27 +0000 (11:43 +0000)]
Initialize old_priv_encode, old_priv_decode.
Andy Polyakov [Thu, 26 Oct 2006 10:52:12 +0000 (10:52 +0000)]
Minor portability update to c_rehash.
Andy Polyakov [Tue, 24 Oct 2006 22:14:20 +0000 (22:14 +0000)]
Further mingw build procedure updates.
Andy Polyakov [Mon, 23 Oct 2006 11:54:18 +0000 (11:54 +0000)]
Harmonize dll naming in mingw builds.
Andy Polyakov [Mon, 23 Oct 2006 07:45:52 +0000 (07:45 +0000)]
Yet another mingw warning.
Andy Polyakov [Mon, 23 Oct 2006 07:44:51 +0000 (07:44 +0000)]
OPENSSL_ia32cap.pod update.
Andy Polyakov [Mon, 23 Oct 2006 07:41:05 +0000 (07:41 +0000)]
Fix mingw warnings.
Andy Polyakov [Mon, 23 Oct 2006 07:38:30 +0000 (07:38 +0000)]
Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even
recent mingw modifications.
Andy Polyakov [Mon, 23 Oct 2006 07:30:19 +0000 (07:30 +0000)]
Allow for mingw cross-compile configuration.
Andy Polyakov [Sat, 21 Oct 2006 16:28:03 +0000 (16:28 +0000)]
Make c_rehash more platform neutral and make it work in mixed environment,
such as MSYS with "native" Win32 perl.
Andy Polyakov [Sat, 21 Oct 2006 13:38:16 +0000 (13:38 +0000)]
Rudimentary support for cross-compiling.
Andy Polyakov [Fri, 20 Oct 2006 11:26:00 +0000 (11:26 +0000)]
Align data payload for better performance.
Andy Polyakov [Fri, 20 Oct 2006 11:23:35 +0000 (11:23 +0000)]
Avoid application relink on every make invocation.
Andy Polyakov [Thu, 19 Oct 2006 20:55:05 +0000 (20:55 +0000)]
Gcc over-optimizes PadLock AES CFB codepath, tell it not to.
Andy Polyakov [Wed, 18 Oct 2006 09:42:56 +0000 (09:42 +0000)]
Temporary fix for sha256 IA64 assembler.
Andy Polyakov [Wed, 18 Oct 2006 08:15:16 +0000 (08:15 +0000)]
Fix bug in big-endian path and optimize it for size.
Andy Polyakov [Tue, 17 Oct 2006 16:21:28 +0000 (16:21 +0000)]
Typo in perlasm/x86asm.pl.
Andy Polyakov [Tue, 17 Oct 2006 16:13:18 +0000 (16:13 +0000)]
Further synchronizations with md32_common.h update, consistent naming
for low-level SHA block routines.
Andy Polyakov [Tue, 17 Oct 2006 14:37:07 +0000 (14:37 +0000)]
bn/asm/ppc.pl to use ppc-xlate.pl.
Andy Polyakov [Tue, 17 Oct 2006 13:38:10 +0000 (13:38 +0000)]
Further synchronizations with md32_common.h update.
Andy Polyakov [Tue, 17 Oct 2006 07:04:48 +0000 (07:04 +0000)]
VIA-specific Montgomery multiplication routine.
Andy Polyakov [Tue, 17 Oct 2006 07:00:23 +0000 (07:00 +0000)]
Synchronize SHA1 assembler with md32_common.h update.
Andy Polyakov [Tue, 17 Oct 2006 06:43:11 +0000 (06:43 +0000)]
Support for .asciz directive in perlasm modules.
Andy Polyakov [Tue, 17 Oct 2006 06:41:27 +0000 (06:41 +0000)]
Linking errors on IA64 and typo in aes-ia64.S.
Andy Polyakov [Wed, 11 Oct 2006 11:55:11 +0000 (11:55 +0000)]
Re-implement md32_common.h [make it simpler!] and eliminate code rendered
redundant as result.
Dr. Stephen Henson [Thu, 5 Oct 2006 21:59:50 +0000 (21:59 +0000)]
Typo.
Nils Larsch [Wed, 4 Oct 2006 19:37:17 +0000 (19:37 +0000)]
return an error if the supplied precomputed values lead to an invalid signature
Bodo Möller [Wed, 4 Oct 2006 06:14:36 +0000 (06:14 +0000)]
ASN1_item_verify needs to initialize ctx before any "goto err" can
happen; the new code for the OID cross reference table failed to do so.
Dr. Stephen Henson [Tue, 3 Oct 2006 02:47:59 +0000 (02:47 +0000)]
Place standard CRL behaviour in default X509_CRL_METHOD new functions to
create, free and set default CRL method.
Mark J. Cox [Fri, 29 Sep 2006 08:21:41 +0000 (08:21 +0000)]
Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan
Bodo Möller [Thu, 28 Sep 2006 13:50:41 +0000 (13:50 +0000)]
All 0.9.8d patches have been applied to HEAD now, so we no longer need
the redundant entries under the 0.9.9 heading.
Bodo Möller [Thu, 28 Sep 2006 13:45:34 +0000 (13:45 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Bodo Möller [Thu, 28 Sep 2006 13:35:01 +0000 (13:35 +0000)]
include 0.9.8d and 0.9.7l information
Mark J. Cox [Thu, 28 Sep 2006 13:20:44 +0000 (13:20 +0000)]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Mark J. Cox [Thu, 28 Sep 2006 13:18:43 +0000 (13:18 +0000)]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
Richard Levitte [Thu, 28 Sep 2006 12:22:58 +0000 (12:22 +0000)]
Fixes for the following claims:
1) Certificate Message with no certs
OpenSSL implementation sends the Certificate message during SSL
handshake, however as per the specification, these have been omitted.
-- RFC 2712 --
CertificateRequest, and the ServerKeyExchange shown in Figure 1
will be omitted since authentication and the establishment of a
master secret will be done using the client's Kerberos credentials
for the TLS server. The client's certificate will be omitted for
the same reason.
-- RFC 2712 --
3) Pre-master secret Protocol version
The pre-master secret generated by OpenSSL does not have the correct
client version.
RFC 2712 says, if the Kerberos option is selected, the pre-master
secret structure is the same as that used in the RSA case.
TLS specification defines pre-master secret as:
struct {
ProtocolVersion client_version;
opaque random[46];
} PreMasterSecret;
where client_version is the latest protocol version supported by the
client
The pre-master secret generated by OpenSSL does not have the correct
client version. The implementation does not update the first 2 bytes
of random secret for Kerberos Cipher suites. At the server-end, the
client version from the pre-master secret is not validated.
PR: 1336
Dr. Stephen Henson [Tue, 26 Sep 2006 13:25:19 +0000 (13:25 +0000)]
Initialize new callbacks and make sure hent is always initialized.
Richard Levitte [Mon, 25 Sep 2006 08:35:35 +0000 (08:35 +0000)]
Complete the change for VMS.
Dr. Stephen Henson [Sat, 23 Sep 2006 17:29:49 +0000 (17:29 +0000)]
Submitted by: Brad Spencer <spencer@jacknife.org>
Reviewed by: steve
Dr. Stephen Henson [Fri, 22 Sep 2006 17:14:22 +0000 (17:14 +0000)]
Buffer size handling fix for enc.
PR:1374
Dr. Stephen Henson [Fri, 22 Sep 2006 17:06:09 +0000 (17:06 +0000)]
Using correct lock for X509_REQ.
PR:1348
Dr. Stephen Henson [Fri, 22 Sep 2006 13:37:15 +0000 (13:37 +0000)]
Update length if copying MSB set in asn1_string_canon().
Dr. Stephen Henson [Thu, 21 Sep 2006 16:19:10 +0000 (16:19 +0000)]
Updated file.
Dr. Stephen Henson [Thu, 21 Sep 2006 13:24:46 +0000 (13:24 +0000)]
Add missing prototype. Fix various warnings (C++ comments, ; outside function).
Dr. Stephen Henson [Thu, 21 Sep 2006 13:11:24 +0000 (13:11 +0000)]
Make int_rsa_sign function match prototype.
PR: 1383
Dr. Stephen Henson [Thu, 21 Sep 2006 13:07:57 +0000 (13:07 +0000)]
Compile in gost engine.
Dr. Stephen Henson [Thu, 21 Sep 2006 13:04:43 +0000 (13:04 +0000)]
Updated version of gost engine.
Dr. Stephen Henson [Thu, 21 Sep 2006 12:48:56 +0000 (12:48 +0000)]
Do CRL method init after other operations.
Dr. Stephen Henson [Thu, 21 Sep 2006 12:42:15 +0000 (12:42 +0000)]
Tidy up CRL handling by checking for critical extensions when it is
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.
Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
Andy Polyakov [Mon, 18 Sep 2006 19:50:54 +0000 (19:50 +0000)]
Build error on non-unix.
PR: 1390
Andy Polyakov [Mon, 18 Sep 2006 19:41:37 +0000 (19:41 +0000)]
Race condition in ms/uplink.c.
PR: 1382
Andy Polyakov [Mon, 18 Sep 2006 19:20:43 +0000 (19:20 +0000)]
As x86ms.pl is out, remove do_masm.bat and mention to it in INSTALL.W32.
Andy Polyakov [Mon, 18 Sep 2006 19:17:09 +0000 (19:17 +0000)]
Remove x86ms.pl and reimplement x86*.pl.
Andy Polyakov [Mon, 18 Sep 2006 19:13:15 +0000 (19:13 +0000)]
Improve 386 portability of aes-586.pl.
Bodo Möller [Mon, 18 Sep 2006 14:00:49 +0000 (14:00 +0000)]
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
[Problem pointed out by Adam Young <adamy (at) acm.org>]
Dr. Stephen Henson [Sun, 17 Sep 2006 17:16:28 +0000 (17:16 +0000)]
Overhaul of by_dir code to handle dynamic loading of CRLs.
Dr. Stephen Henson [Sun, 17 Sep 2006 13:00:18 +0000 (13:00 +0000)]
GOST public key algorithm ENGINE donated to the OpenSSL by Cryptocom.
Very early version, doesn't do much yet, not even added to the build system.
Dr. Stephen Henson [Thu, 14 Sep 2006 17:25:02 +0000 (17:25 +0000)]
Support for AKID in CRLs and partial support for IDP. Overhaul of CRL
handling to support this.
Dr. Stephen Henson [Wed, 13 Sep 2006 03:28:42 +0000 (03:28 +0000)]
Update docs.
Bodo Möller [Tue, 12 Sep 2006 14:42:19 +0000 (14:42 +0000)]
Update
Dr. Stephen Henson [Mon, 11 Sep 2006 13:00:52 +0000 (13:00 +0000)]
Fixes for new CRL/cert callbacks. Update CRL processing code to use new
callbacks.
Bodo Möller [Mon, 11 Sep 2006 09:49:03 +0000 (09:49 +0000)]
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
ciphersuite as well
Dr. Stephen Henson [Sun, 10 Sep 2006 12:38:37 +0000 (12:38 +0000)]
Add verify callback functions to lookup a STACK of matching certs or CRLs
based on subject name.
New thread safe functions to retrieve matching STACK from X509_STORE.
Cache some IDP components.
Bodo Möller [Fri, 8 Sep 2006 06:00:40 +0000 (06:00 +0000)]
Make sure the int_rsa_verify() prototype matches the implementation
(m_len currently is 'unsigned int', not 'size_t')
Submitted by: Gisle Vanem
Dr. Stephen Henson [Wed, 6 Sep 2006 11:59:04 +0000 (11:59 +0000)]
Additional detail.
Bodo Möller [Wed, 6 Sep 2006 11:54:19 +0000 (11:54 +0000)]
update information on "current version" ...
Dr. Stephen Henson [Wed, 6 Sep 2006 11:53:50 +0000 (11:53 +0000)]
Add an FAQ.
Bodo Möller [Wed, 6 Sep 2006 06:43:11 +0000 (06:43 +0000)]
Remove non-functional part of recent patch, after discussion with
Colin Percival (this would have caused more problems than solved,
and isn't really necessary anyway)
Bodo Möller [Wed, 6 Sep 2006 06:42:11 +0000 (06:42 +0000)]
Make consistent with 0.9.8-branch version of this file
Bodo Möller [Wed, 6 Sep 2006 06:34:52 +0000 (06:34 +0000)]
Every change so far that is in the 0.9.8 branch is (or should be) in HEAD
Mark J. Cox [Tue, 5 Sep 2006 08:58:03 +0000 (08:58 +0000)]
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
Andy Polyakov [Thu, 31 Aug 2006 21:27:30 +0000 (21:27 +0000)]
Rewrite sha1-586.pl.
Andy Polyakov [Thu, 31 Aug 2006 21:15:38 +0000 (21:15 +0000)]
Fix bug in aes-586.pl.
Andy Polyakov [Thu, 31 Aug 2006 21:12:17 +0000 (21:12 +0000)]
Fix bug in x86unix.pl introduced in latest update.
PR: 1380
Dr. Stephen Henson [Thu, 31 Aug 2006 21:01:15 +0000 (21:01 +0000)]
Kill more C++ comments.
Dr. Stephen Henson [Thu, 31 Aug 2006 20:56:20 +0000 (20:56 +0000)]
Fix C++ style comments, change assert to OPENSSL_assert, stop warning with
pedantic mode.
Dr. Stephen Henson [Thu, 31 Aug 2006 20:10:37 +0000 (20:10 +0000)]
Fix leak
Ben Laurie [Thu, 31 Aug 2006 14:04:04 +0000 (14:04 +0000)]
Forward port of IGE mode.
Ben Laurie [Mon, 28 Aug 2006 17:01:04 +0000 (17:01 +0000)]
Make things static that should be. Declare stuff in headers that should be.
Fix warnings.
Richard Levitte [Sun, 20 Aug 2006 05:54:35 +0000 (05:54 +0000)]
According to documentation, including time.h declares select() on
OpenVMS, and possibly more.
Ref: http://h71000.www7.hp.com/doc/82final/6529/6529pro_019.html#r_select
Richard Levitte [Sun, 20 Aug 2006 05:18:12 +0000 (05:18 +0000)]
Correct warnings about signedness.
Ulf Möller [Sun, 13 Aug 2006 09:03:38 +0000 (09:03 +0000)]
Use gmtime on cygwin
Submitted by: Corinna Vinschen
Andy Polyakov [Wed, 9 Aug 2006 15:40:30 +0000 (15:40 +0000)]
+20% tune-up for Power5.
Andy Polyakov [Mon, 7 Aug 2006 09:05:52 +0000 (09:05 +0000)]
Revised AES_cbc_encrypt in x86 assembler module.
Ulf Möller [Sat, 5 Aug 2006 20:45:06 +0000 (20:45 +0000)]
Correct punctuation.
PR: 1367
Andy Polyakov [Wed, 2 Aug 2006 22:38:16 +0000 (22:38 +0000)]
Agressively prefetch S-box in SSE codepatch, relax alignment requirement,
check for SSE bit instead of MMX, as pshufw was introduces in PIII, minor
optimization, typos...
Andy Polyakov [Wed, 2 Aug 2006 07:46:56 +0000 (07:46 +0000)]
Switch to compact S-box when generating AES key schedule.
Andy Polyakov [Tue, 1 Aug 2006 22:10:39 +0000 (22:10 +0000)]
Switch to compact S-box when generating AES key schedule.
Andy Polyakov [Tue, 1 Aug 2006 16:12:10 +0000 (16:12 +0000)]
Real Bourne shell doesn't interpret ==, but =.
Andy Polyakov [Mon, 31 Jul 2006 22:28:40 +0000 (22:28 +0000)]
Engage assembler in solaris64-x86_64-cc.
Andy Polyakov [Mon, 31 Jul 2006 22:26:40 +0000 (22:26 +0000)]
perlasm/x86unix.pl update.
Andy Polyakov [Mon, 31 Jul 2006 20:03:56 +0000 (20:03 +0000)]
Next generation aes-586.pl featuring AES_[en|de]crypt, accessing exclusively
256 byte S-box. AES_cbc_encrypt needs further work as it should also use
slow routines when processing smaller amount of data.