Dr. Stephen Henson [Sun, 8 Apr 2007 13:03:26 +0000 (13:03 +0000)]
Preliminary support for signctx/verifyctx callbacks.
Dr. Stephen Henson [Sun, 8 Apr 2007 12:47:18 +0000 (12:47 +0000)]
New -sigopt option for dgst utility.
Ben Laurie [Sat, 7 Apr 2007 13:20:09 +0000 (13:20 +0000)]
Yet another resource leak. Coverity ID 123.
Ben Laurie [Thu, 5 Apr 2007 17:31:29 +0000 (17:31 +0000)]
If you're going to check for negative, use an signed integer! Coverity ID 122.
Ben Laurie [Thu, 5 Apr 2007 17:23:51 +0000 (17:23 +0000)]
Don't copy from a nonexistent next. Coverity ID 47.
Ben Laurie [Thu, 5 Apr 2007 17:09:43 +0000 (17:09 +0000)]
Fix duplicate error number.
Ben Laurie [Thu, 5 Apr 2007 17:03:09 +0000 (17:03 +0000)]
Errors should actually be errors.
Ben Laurie [Thu, 5 Apr 2007 16:58:39 +0000 (16:58 +0000)]
Don't dereference NULL argument. Coverity ID 52.
Ben Laurie [Thu, 5 Apr 2007 16:57:07 +0000 (16:57 +0000)]
Missing config file.
Ben Laurie [Thu, 5 Apr 2007 16:28:48 +0000 (16:28 +0000)]
Don't use a negative number as a length. Coverity ID 57.
Ben Laurie [Thu, 5 Apr 2007 15:45:58 +0000 (15:45 +0000)]
Avoid overrun. Coverity ID 60.
Ben Laurie [Thu, 5 Apr 2007 15:45:22 +0000 (15:45 +0000)]
Free memory. Coverity ID 62.
Nils Larsch [Wed, 4 Apr 2007 19:41:20 +0000 (19:41 +0000)]
check return value of ASN1_item_i2d(), Coverity ID 55
Ben Laurie [Wed, 4 Apr 2007 16:00:03 +0000 (16:00 +0000)]
Resource leak.
Ben Laurie [Wed, 4 Apr 2007 15:31:17 +0000 (15:31 +0000)]
Handle bad content type. Coverity ID 99.
Ben Laurie [Wed, 4 Apr 2007 15:13:31 +0000 (15:13 +0000)]
Fix buffer overrun. Coverity ID 106.
Ben Laurie [Wed, 4 Apr 2007 14:59:20 +0000 (14:59 +0000)]
Don't free a NULL. Coverity ID 112.
Ben Laurie [Wed, 4 Apr 2007 14:38:59 +0000 (14:38 +0000)]
Missing return on error. Coverity ID 115.
Ben Laurie [Wed, 4 Apr 2007 14:35:56 +0000 (14:35 +0000)]
Return an error if the serial number is badly formed. (Coverity ID 116).
Ben Laurie [Wed, 4 Apr 2007 13:41:33 +0000 (13:41 +0000)]
Die if serial number is invalid.
Ben Laurie [Wed, 4 Apr 2007 13:21:15 +0000 (13:21 +0000)]
Make sure we detect corruption.
Nils Larsch [Mon, 2 Apr 2007 20:29:40 +0000 (20:29 +0000)]
check correct pointer before freeing it (Coverity CID 79,86)
Nils Larsch [Mon, 2 Apr 2007 20:02:27 +0000 (20:02 +0000)]
check if pointer is != NULL before dereferencing it (Coverity CID 40)
Andy Polyakov [Mon, 2 Apr 2007 09:50:14 +0000 (09:50 +0000)]
RC4_set_key for x86_64 and Core2 optimization.
PR: 1447
Ben Laurie [Sun, 1 Apr 2007 18:00:52 +0000 (18:00 +0000)]
Don't die if the value is NULL (Coverity CID 98).
Ben Laurie [Sun, 1 Apr 2007 17:56:25 +0000 (17:56 +0000)]
Fix warning.
Andy Polyakov [Sun, 1 Apr 2007 17:28:08 +0000 (17:28 +0000)]
Update x86cpuid.pl to correctly detect shared cache and to support new
RC4_set_key.
Andy Polyakov [Sun, 1 Apr 2007 17:01:12 +0000 (17:01 +0000)]
Reserve for assembler implementation of RC4_set_key and implement x86 one.
Richard Levitte [Thu, 29 Mar 2007 18:34:57 +0000 (18:34 +0000)]
Apply a more modern way to get the definition of select(), except for VMS.
Submitted by Corinna Vinschen <vinschen@redhat.com>
Bodo Möller [Wed, 28 Mar 2007 18:41:23 +0000 (18:41 +0000)]
make BN_FLG_CONSTTIME semantics more fool-proof
Bodo Möller [Wed, 28 Mar 2007 00:15:28 +0000 (00:15 +0000)]
Change to mitigate branch prediction attacks
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
Andy Polyakov [Sun, 25 Mar 2007 15:20:35 +0000 (15:20 +0000)]
Allow shared builds for aix[64]-gcc targets.
Andy Polyakov [Sun, 25 Mar 2007 15:13:51 +0000 (15:13 +0000)]
aix[64]-cc config lines update.
Dr. Stephen Henson [Fri, 23 Mar 2007 17:04:05 +0000 (17:04 +0000)]
Stage 1 GOST ciphersuite support.
Submitted by: ran@cryptocom.ru
Reviewed by: steve@openssl.org
Richard Levitte [Fri, 23 Mar 2007 09:36:33 +0000 (09:36 +0000)]
Synchronise the VMS build with recent movements in the Unix build.
Andy Polyakov [Thu, 22 Mar 2007 08:46:33 +0000 (08:46 +0000)]
Fixes for aix-shared rules.
Bodo Möller [Wed, 21 Mar 2007 14:33:16 +0000 (14:33 +0000)]
stricter session ID context matching
Bodo Möller [Wed, 21 Mar 2007 10:58:45 +0000 (10:58 +0000)]
clarification regarding libdes files
Andy Polyakov [Tue, 20 Mar 2007 09:37:06 +0000 (09:37 +0000)]
link warnings caused by nasm modules.
Andy Polyakov [Tue, 20 Mar 2007 09:13:07 +0000 (09:13 +0000)]
Two extra instructions in RC4 character loop give 80% performance
improvement on Core2. I still need to detect Core2 and choose this
path...
Andy Polyakov [Tue, 20 Mar 2007 09:07:19 +0000 (09:07 +0000)]
Remove obsolete comment.
Andy Polyakov [Tue, 20 Mar 2007 08:57:18 +0000 (08:57 +0000)]
Various PowerPC config updates.
Andy Polyakov [Tue, 20 Mar 2007 08:55:58 +0000 (08:55 +0000)]
nasm fixes.
Andy Polyakov [Tue, 20 Mar 2007 08:54:51 +0000 (08:54 +0000)]
sparcv9a-mont was modified to handle 32-bit aligned input, but check
for 64-bit alignment was not removed.
Dr. Stephen Henson [Fri, 16 Mar 2007 22:20:55 +0000 (22:20 +0000)]
Win32 fixes. Add GOST algorithm to mkdef, update ordinals. Signed/unsigned fixes.
Dr. Stephen Henson [Mon, 5 Mar 2007 00:09:08 +0000 (00:09 +0000)]
Fix from stable branch.
Nils Larsch [Fri, 2 Mar 2007 19:56:29 +0000 (19:56 +0000)]
size_t -> int
Nils Larsch [Fri, 2 Mar 2007 19:42:16 +0000 (19:42 +0000)]
remove unused file
Lutz Jänicke [Fri, 2 Mar 2007 17:54:51 +0000 (17:54 +0000)]
Initialize "buf" to 0 to make valgrind happy :-)
Note: the RAND_bytes() manual page says:
RAND_bytes() puts num cryptographically strong pseudo-random bytes into buf.
It does not talk about using the previous contents of buf so we are working
as documented.
Lutz Jänicke [Fri, 2 Mar 2007 17:46:25 +0000 (17:46 +0000)]
Do not use uninitialized memory to seed the PRNG as it may confuse
code checking tools.
PR: 1499
Dr. Stephen Henson [Tue, 27 Feb 2007 18:43:42 +0000 (18:43 +0000)]
Update from stable branch.
Ralf S. Engelschall [Tue, 27 Feb 2007 07:41:54 +0000 (07:41 +0000)]
small cosmetics: align title with the other similar manual page
Nils Larsch [Mon, 26 Feb 2007 18:32:53 +0000 (18:32 +0000)]
allow EVP_PKEY_CTX_free(NULL)
Nils Larsch [Mon, 26 Feb 2007 18:21:19 +0000 (18:21 +0000)]
remove dead code
Bodo Möller [Mon, 26 Feb 2007 10:49:59 +0000 (10:49 +0000)]
include complete 0.9.7 history
include release date of 0.9.8e
Bodo Möller [Mon, 26 Feb 2007 10:48:10 +0000 (10:48 +0000)]
use 2007 copyright for generated files
Dr. Stephen Henson [Fri, 23 Feb 2007 13:16:38 +0000 (13:16 +0000)]
Update FAQ,NEWS in HEAD.
Bodo Möller [Thu, 22 Feb 2007 21:31:19 +0000 (21:31 +0000)]
Fix incorrect substitution that happened during the recent ciphersuite
selection remodeling
Submitted by: Victor Duchovni
Lutz Jänicke [Thu, 22 Feb 2007 17:39:47 +0000 (17:39 +0000)]
Fix problem with multi line responses in -starttls by using a buffering
BIO and BIO_gets().
Lutz Jänicke [Wed, 21 Feb 2007 18:20:41 +0000 (18:20 +0000)]
Extend SMTP and IMAP protocol handling to perform the required
EHLO or CAPABILITY handshake before sending STARTTLS
Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
Lutz Jänicke [Wed, 21 Feb 2007 18:10:20 +0000 (18:10 +0000)]
Add automatic detection for Linux on SuperH
PR: 1152
Submitted by: Mike Frysinger <vapier@gentoo.org>
Lutz Jänicke [Wed, 21 Feb 2007 17:58:54 +0000 (17:58 +0000)]
Add support for m68k linux
PR: 1277
Submitted by: Mike Frysinger <vapier@gentoo.org>
Lutz Jänicke [Wed, 21 Feb 2007 17:44:53 +0000 (17:44 +0000)]
Fix incorrect handling of special characters
PR: 1459
Submitted by: tnitschke@innominate.com
Reviewed by: steve@openssl.org
Dr. Stephen Henson [Wed, 21 Feb 2007 13:49:35 +0000 (13:49 +0000)]
Update from 0.9.7-stable.
Bodo Möller [Wed, 21 Feb 2007 09:33:14 +0000 (09:33 +0000)]
prefer SHA1 over MD5 (this affects the Kerberos ciphersuites)
Bodo Möller [Wed, 21 Feb 2007 09:32:17 +0000 (09:32 +0000)]
delete obsolete comment
Bodo Möller [Tue, 20 Feb 2007 16:39:58 +0000 (16:39 +0000)]
SSL_kKRB5 ciphersuites shouldn't be preferred by default
Bodo Möller [Tue, 20 Feb 2007 16:36:58 +0000 (16:36 +0000)]
Improve ciphersuite order stability when disabling ciphersuites.
Change ssl_create_cipher_list() to prefer ephemeral ECDH over
ephemeral DH.
Bodo Möller [Tue, 20 Feb 2007 13:25:36 +0000 (13:25 +0000)]
fix a typo in the new ciphersuite ordering code
Bodo Möller [Mon, 19 Feb 2007 18:41:41 +0000 (18:41 +0000)]
Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.
Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".
Bodo Möller [Mon, 19 Feb 2007 16:59:13 +0000 (16:59 +0000)]
fix warnings for CIPHER_DEBUG builds
Bodo Möller [Mon, 19 Feb 2007 14:53:18 +0000 (14:53 +0000)]
fix warnings/inconsistencies caused by the recent changes to the
ciphersuite selection code in HEAD
Submitted by: Victor Duchovni
Bodo Möller [Mon, 19 Feb 2007 14:49:12 +0000 (14:49 +0000)]
fix incorrect strength bit values for certain Kerberos ciphersuites
Submitted by: Victor Duchovni
Dr. Stephen Henson [Sun, 18 Feb 2007 18:21:57 +0000 (18:21 +0000)]
Updates from 0.9.8-stable branch.
Bodo Möller [Sat, 17 Feb 2007 06:45:38 +0000 (06:45 +0000)]
Reorganize the data used for SSL ciphersuite pattern matching.
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).
In some cases the ciphersuite list generated from a given string is
affected by this change. I hope this is just in those cases where the
previous behaviour did not make sense.
Nils Larsch [Fri, 16 Feb 2007 20:34:15 +0000 (20:34 +0000)]
ensure that the EVP_CIPHER_CTX object is initialized
PR: 1490
Richard Levitte [Fri, 16 Feb 2007 18:12:16 +0000 (18:12 +0000)]
Add STARTTLS support for IMAP and FTP.
Submitted by Kees Cook <kees@outflux.net>
Nils Larsch [Wed, 14 Feb 2007 21:52:01 +0000 (21:52 +0000)]
- use OPENSSL_malloc() etc. in zlib
- move zlib_stateful_ex_idx initialization to COMP_zlib()
PR: 1468
Nils Larsch [Sun, 11 Feb 2007 19:33:21 +0000 (19:33 +0000)]
avoid shifting input
Nils Larsch [Sat, 10 Feb 2007 10:42:48 +0000 (10:42 +0000)]
use user-supplied malloc functions for persistent kssl objects
PR: 1467
Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>
Nils Larsch [Sat, 10 Feb 2007 09:45:07 +0000 (09:45 +0000)]
remove unreachable code
Dr. Stephen Henson [Fri, 9 Feb 2007 19:43:04 +0000 (19:43 +0000)]
PR: 1483
Add support for GOST 28147-89 in Gost ENGINE.
Dr. Stephen Henson [Thu, 8 Feb 2007 19:07:43 +0000 (19:07 +0000)]
Add -hmac option to dgst from 0.9.7 stable branch.
Nils Larsch [Wed, 7 Feb 2007 20:49:58 +0000 (20:49 +0000)]
remove unused variable
Nils Larsch [Wed, 7 Feb 2007 20:28:19 +0000 (20:28 +0000)]
ensure that a ec key is used
PR: 1476
Richard Levitte [Wed, 7 Feb 2007 01:42:46 +0000 (01:42 +0000)]
After objects have been freed, NULLify the pointers so there will be no double
free of those objects
Nils Larsch [Tue, 6 Feb 2007 19:48:42 +0000 (19:48 +0000)]
fix typo
Nils Larsch [Tue, 6 Feb 2007 19:41:01 +0000 (19:41 +0000)]
add note about 56 bit ciphers
PR: 1461
Dr. Stephen Henson [Sat, 3 Feb 2007 17:32:49 +0000 (17:32 +0000)]
Update from fips2 branch.
Nils Larsch [Sat, 3 Feb 2007 14:41:12 +0000 (14:41 +0000)]
add support for DSA with SHA2
Nils Larsch [Sat, 3 Feb 2007 10:28:08 +0000 (10:28 +0000)]
fix documentation
PR: 1466
Nils Larsch [Sat, 3 Feb 2007 09:55:42 +0000 (09:55 +0000)]
fix potential memory leaks
PR: 1462
Andy Polyakov [Thu, 25 Jan 2007 20:47:00 +0000 (20:47 +0000)]
Minimize aes_core.c footprint when AES_[en|de]crypt is implemented in
assembler.
Andy Polyakov [Thu, 25 Jan 2007 11:28:07 +0000 (11:28 +0000)]
Minor touch to aes-armv4.pl.
Andy Polyakov [Thu, 25 Jan 2007 10:44:48 +0000 (10:44 +0000)]
AES for ARMv4.
Andy Polyakov [Thu, 25 Jan 2007 10:44:18 +0000 (10:44 +0000)]
Minor optimization for sha1-armv4 module.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:53:48 +0000 (17:53 +0000)]
Update from 0.9.7-stable.
Andy Polyakov [Mon, 22 Jan 2007 20:33:46 +0000 (20:33 +0000)]
SHA1 for ARMv4 and Thumb.
Dr. Stephen Henson [Sun, 21 Jan 2007 16:06:05 +0000 (16:06 +0000)]
Constify version strings is ssl lib.
Dr. Stephen Henson [Sun, 21 Jan 2007 13:07:17 +0000 (13:07 +0000)]
Constify version strings and some structures.