oweals/openssl.git
12 years agovpaes-x86.pl: revert previous commit and solve the problem through x86masm.pl [from...
Andy Polyakov [Thu, 15 Dec 2011 22:20:26 +0000 (22:20 +0000)]
vpaes-x86.pl: revert previous commit and solve the problem through x86masm.pl [from HEAD].
PR: 2657

12 years agoPR: 1794
Dr. Stephen Henson [Wed, 14 Dec 2011 22:18:03 +0000 (22:18 +0000)]
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Remove unnecessary code for srp and to add some comments to
s_client.

- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable

- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.

12 years agovpaes-x86.pl: portability fix.
Andy Polyakov [Wed, 14 Dec 2011 21:30:25 +0000 (21:30 +0000)]
vpaes-x86.pl: portability fix.
PR: 2657

12 years agoRemove redundant TLS exporter.
Ben Laurie [Tue, 13 Dec 2011 14:35:12 +0000 (14:35 +0000)]
Remove redundant TLS exporter.

12 years agoSSL export fixes (from Adam Langley).
Ben Laurie [Tue, 13 Dec 2011 14:25:11 +0000 (14:25 +0000)]
SSL export fixes (from Adam Langley).

12 years agomodexp512-x86_64.pl: Solaris portability fix [from HEAD].
Andy Polyakov [Mon, 12 Dec 2011 15:12:09 +0000 (15:12 +0000)]
modexp512-x86_64.pl: Solaris portability fix [from HEAD].
PR: 2656

12 years agodetect and use older PKITS data
Dr. Stephen Henson [Sun, 11 Dec 2011 16:39:56 +0000 (16:39 +0000)]
detect and use older PKITS data

12 years agotypo
Dr. Stephen Henson [Sat, 10 Dec 2011 01:37:55 +0000 (01:37 +0000)]
typo

12 years agoadd commented out option to allow use of older PKITS data
Dr. Stephen Henson [Sat, 10 Dec 2011 00:50:16 +0000 (00:50 +0000)]
add commented out option to allow use of older PKITS data

12 years agoremove old -attime code, new version includes all old functionality
Dr. Stephen Henson [Sat, 10 Dec 2011 00:42:48 +0000 (00:42 +0000)]
remove old -attime code, new version includes all old functionality

12 years agoimplement -attime option as a verify parameter then it works with all relevant applic...
Dr. Stephen Henson [Sat, 10 Dec 2011 00:37:42 +0000 (00:37 +0000)]
implement -attime option as a verify parameter then it works with all relevant applications

12 years agoFix warning.
Ben Laurie [Fri, 9 Dec 2011 20:15:48 +0000 (20:15 +0000)]
Fix warning.

12 years agoperlasm/x86gas.pl: give a hand old assemblers assembling loop instruction
Andy Polyakov [Fri, 9 Dec 2011 19:16:35 +0000 (19:16 +0000)]
perlasm/x86gas.pl: give a hand old assemblers assembling loop instruction
[from HEAD].

12 years agocryptlib.c: allow for OPENSSL_ia32cap=~0x????? syntax for environment value
Andy Polyakov [Fri, 9 Dec 2011 15:46:41 +0000 (15:46 +0000)]
cryptlib.c: allow for OPENSSL_ia32cap=~0x????? syntax for environment value
in question.

12 years agox86-mont.pl: fix bug in integer-only squaring path.
Andy Polyakov [Fri, 9 Dec 2011 14:26:28 +0000 (14:26 +0000)]
x86-mont.pl: fix bug in integer-only squaring path.
PR: 2648

12 years agoReplace expired test server and client certificates with new ones.
Dr. Stephen Henson [Thu, 8 Dec 2011 14:45:15 +0000 (14:45 +0000)]
Replace expired test server and client certificates with new ones.

12 years agofix error discrepancy
Dr. Stephen Henson [Wed, 7 Dec 2011 12:28:50 +0000 (12:28 +0000)]
fix error discrepancy

12 years agoThe default CN prompt message can be confusing when often the CN needs to
Dr. Stephen Henson [Tue, 6 Dec 2011 00:00:51 +0000 (00:00 +0000)]
The default CN prompt message can be confusing when often the CN needs to
 be the server FQDN: change it.
[Reported by PSW Group]

12 years agoFix exporter.
Ben Laurie [Fri, 2 Dec 2011 16:49:32 +0000 (16:49 +0000)]
Fix exporter.

12 years agoFix warnings.
Ben Laurie [Fri, 2 Dec 2011 14:39:41 +0000 (14:39 +0000)]
Fix warnings.

12 years agoResolve a stack set-up race condition (if the list of compression
Bodo Möller [Fri, 2 Dec 2011 12:51:41 +0000 (12:51 +0000)]
Resolve a stack set-up race condition (if the list of compression
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley

12 years agoFix ecdsatest.c.
Bodo Möller [Fri, 2 Dec 2011 12:40:42 +0000 (12:40 +0000)]
Fix ecdsatest.c.

Submitted by: Emilia Kasper

12 years agoFix BIO_f_buffer().
Bodo Möller [Fri, 2 Dec 2011 12:24:48 +0000 (12:24 +0000)]
Fix BIO_f_buffer().

Submitted by: Adam Langley
Reviewed by: Bodo Moeller

12 years agobn/asm/mips.pl: fix typos [from HEAD].
Andy Polyakov [Thu, 1 Dec 2011 12:17:20 +0000 (12:17 +0000)]
bn/asm/mips.pl: fix typos [from HEAD].

13 years agoPR: 1794
Dr. Stephen Henson [Fri, 25 Nov 2011 00:18:10 +0000 (00:18 +0000)]
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Make SRP conformant to rfc 5054.

Changes are:

- removal of the addition state after client hello
- removal of all pre-rfc srp alert ids
- sending a fatal alert when there is no srp extension but when the
server wants SRP
- removal of unnecessary code in the client.

13 years agoDon't send NPN during renegotiation.
Ben Laurie [Thu, 24 Nov 2011 18:22:06 +0000 (18:22 +0000)]
Don't send NPN during renegotiation.

13 years agoIndent.
Ben Laurie [Thu, 24 Nov 2011 16:51:15 +0000 (16:51 +0000)]
Indent.

13 years agoupdate ordinals
Dr. Stephen Henson [Tue, 22 Nov 2011 14:45:27 +0000 (14:45 +0000)]
update ordinals

13 years agoadd cryptlib.h to mkdef.pl
Dr. Stephen Henson [Tue, 22 Nov 2011 14:44:42 +0000 (14:44 +0000)]
add cryptlib.h to mkdef.pl

13 years agoWorkaround so "make depend" works for fips builds.
Dr. Stephen Henson [Tue, 22 Nov 2011 12:50:59 +0000 (12:50 +0000)]
Workaround so "make depend" works for fips builds.

13 years agoupdate ordinals
Dr. Stephen Henson [Mon, 21 Nov 2011 22:56:33 +0000 (22:56 +0000)]
update ordinals

13 years agoadd strp.h to mkdef.pl headers
Dr. Stephen Henson [Mon, 21 Nov 2011 22:55:12 +0000 (22:55 +0000)]
add strp.h to mkdef.pl headers

13 years agomove internal functions to ssl_locl.h
Dr. Stephen Henson [Mon, 21 Nov 2011 22:52:01 +0000 (22:52 +0000)]
move internal functions to ssl_locl.h

13 years agorecognise NEXTPROTONEG
Dr. Stephen Henson [Mon, 21 Nov 2011 22:35:35 +0000 (22:35 +0000)]
recognise NEXTPROTONEG

13 years agobcmp doesn't exist on all platforms, replace with memcmp
Dr. Stephen Henson [Mon, 21 Nov 2011 22:29:16 +0000 (22:29 +0000)]
bcmp doesn't exist on all platforms, replace with memcmp

13 years agobsaes-x86_64.pl: fix buffer overrun in tail processing [from HEAD].
Andy Polyakov [Wed, 16 Nov 2011 23:36:40 +0000 (23:36 +0000)]
bsaes-x86_64.pl: fix buffer overrun in tail processing [from HEAD].

13 years agoAdd TLS exporter.
Ben Laurie [Tue, 15 Nov 2011 23:51:22 +0000 (23:51 +0000)]
Add TLS exporter.

13 years agoAdd DTLS-SRTP.
Ben Laurie [Tue, 15 Nov 2011 23:02:16 +0000 (23:02 +0000)]
Add DTLS-SRTP.

13 years agoaes-armv4.pl: make it link.
Andy Polyakov [Tue, 15 Nov 2011 13:55:52 +0000 (13:55 +0000)]
aes-armv4.pl: make it link.

13 years agoe_rc4_hmac_md5.c: make it work on darwin64, which is configured with RC4_CHAR.
Andy Polyakov [Tue, 15 Nov 2011 12:39:48 +0000 (12:39 +0000)]
e_rc4_hmac_md5.c: make it work on darwin64, which is configured with RC4_CHAR.

13 years agoaes-s390x.pl: make it link.
Andy Polyakov [Tue, 15 Nov 2011 12:20:55 +0000 (12:20 +0000)]
aes-s390x.pl: make it link.

13 years agoConfigure, e_aes.c: allow for XTS assembler implementation [from HEAD].
Andy Polyakov [Tue, 15 Nov 2011 12:19:56 +0000 (12:19 +0000)]
Configure, e_aes.c: allow for XTS assembler implementation [from HEAD].

13 years agoe_aes.c: jumbo update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:17:08 +0000 (21:17 +0000)]
e_aes.c: jumbo update from HEAD.

13 years agoec_cvt.c: performance update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:14:53 +0000 (21:14 +0000)]
ec_cvt.c: performance update from HEAD.

13 years agoc_allc.c: add XTS ciphers [from HEAD].
Andy Polyakov [Mon, 14 Nov 2011 21:13:35 +0000 (21:13 +0000)]
c_allc.c: add XTS ciphers [from HEAD].

13 years agoconfig: platform and poratbility updates from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:12:53 +0000 (21:12 +0000)]
config: platform and poratbility updates from HEAD.

13 years agoConfigure, etc.: engage additional assembler modules.
Andy Polyakov [Mon, 14 Nov 2011 21:12:05 +0000 (21:12 +0000)]
Configure, etc.: engage additional assembler modules.

13 years agospeed.c: add ghash benchmark [from HEAD].
Andy Polyakov [Mon, 14 Nov 2011 21:09:30 +0000 (21:09 +0000)]
speed.c: add ghash benchmark [from HEAD].

13 years agox86 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:06:50 +0000 (21:06 +0000)]
x86 assembler pack update from HEAD.

13 years agoBN update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:05:42 +0000 (21:05 +0000)]
BN update from HEAD.

13 years agox86_64 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:01:21 +0000 (21:01 +0000)]
x86_64 assembler pack update from HEAD.

13 years agoARM assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:58:01 +0000 (20:58 +0000)]
ARM assembler pack update from HEAD.

13 years agoAlpha assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:56:15 +0000 (20:56 +0000)]
Alpha assembler pack update from HEAD.

13 years agoMIPS assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:55:24 +0000 (20:55 +0000)]
MIPS assembler pack update from HEAD.

13 years agoPPC assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:54:17 +0000 (20:54 +0000)]
PPC assembler pack update from HEAD.

13 years agoPA-RISC assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:50:15 +0000 (20:50 +0000)]
PA-RISC assembler pack update from HEAD.

13 years agoSPARCv9 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:48:35 +0000 (20:48 +0000)]
SPARCv9 assembler pack update from HEAD.

13 years agos390x assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:47:22 +0000 (20:47 +0000)]
s390x assembler pack update from HEAD.

13 years agoIA64 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:45:57 +0000 (20:45 +0000)]
IA64 assembler pack update from HEAD.

13 years agoperlasm update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:44:20 +0000 (20:44 +0000)]
perlasm update from HEAD.

13 years agoMafiles updates to accomodate assembler update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:42:22 +0000 (20:42 +0000)]
Mafiles updates to accomodate assembler update from HEAD.

13 years agoDH keys have an (until now) unused 'q' parameter. When creating from DSA copy
Dr. Stephen Henson [Mon, 14 Nov 2011 14:16:09 +0000 (14:16 +0000)]
DH keys have an (until now) unused 'q' parameter. When creating from DSA copy
q across and if q present generate DH key in the correct range. (from HEAD)

13 years agoCall OPENSSL_init after we've checked to see if customisation is permissible.
Dr. Stephen Henson [Mon, 14 Nov 2011 14:15:29 +0000 (14:15 +0000)]
Call OPENSSL_init after we've checked to see if customisation is permissible.

13 years agoIgnorance.
Ben Laurie [Mon, 14 Nov 2011 02:42:26 +0000 (02:42 +0000)]
Ignorance.

13 years agoNext Protocol Negotiation.
Ben Laurie [Mon, 14 Nov 2011 02:25:04 +0000 (02:25 +0000)]
Next Protocol Negotiation.

13 years agoAdd Next Protocol Negotiation.
Ben Laurie [Sun, 13 Nov 2011 21:55:42 +0000 (21:55 +0000)]
Add Next Protocol Negotiation.

13 years agomake depend.
Ben Laurie [Sun, 13 Nov 2011 20:23:34 +0000 (20:23 +0000)]
make depend.

13 years agoFix one of the no-tlsext build errors (there are more).
Ben Laurie [Sun, 13 Nov 2011 20:19:21 +0000 (20:19 +0000)]
Fix one of the no-tlsext build errors (there are more).

13 years agoPR: 1794
Dr. Stephen Henson [Sun, 13 Nov 2011 13:13:14 +0000 (13:13 +0000)]
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c

13 years agox86cpuid.pl: compensate for imaginary virtual machines [from HEAD].
Andy Polyakov [Tue, 8 Nov 2011 21:28:14 +0000 (21:28 +0000)]
x86cpuid.pl: compensate for imaginary virtual machines [from HEAD].
PR: 2633

13 years agox86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs.
Andy Polyakov [Sat, 5 Nov 2011 10:44:25 +0000 (10:44 +0000)]
x86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs.
PR: 2633

13 years agoppc.pl: fix bug in bn_mul_comba4 [from HEAD].
Andy Polyakov [Sat, 5 Nov 2011 10:16:30 +0000 (10:16 +0000)]
ppc.pl: fix bug in bn_mul_comba4 [from HEAD].
PR: 2636
Submitted by: Charles Bryant

13 years agoAdd missing algorithms to disable, and in particular, disable
Richard Levitte [Sun, 30 Oct 2011 11:45:30 +0000 (11:45 +0000)]
Add missing algorithms to disable, and in particular, disable
EC_NISTP_64_GCC_128 by default, as GCC isn't currently supported on
VMS.  Add CMAC to the modules to build, and synchronise with Unix.

13 years agoTeach mkshared.com to have a look for disabled algorithms in opensslconf.h
Richard Levitte [Sun, 30 Oct 2011 11:40:56 +0000 (11:40 +0000)]
Teach mkshared.com to have a look for disabled algorithms in opensslconf.h

13 years agoPR: 2628
Dr. Stephen Henson [Thu, 27 Oct 2011 13:06:43 +0000 (13:06 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.

13 years agoPR: 2628
Dr. Stephen Henson [Thu, 27 Oct 2011 13:01:20 +0000 (13:01 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix for ECC keys and DTLS.

13 years agoPR: 2632
Dr. Stephen Henson [Wed, 26 Oct 2011 16:43:23 +0000 (16:43 +0000)]
PR: 2632
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.

13 years agoUse correct tag for SRP username.
Dr. Stephen Henson [Tue, 25 Oct 2011 12:52:47 +0000 (12:52 +0000)]
Use correct tag for SRP username.

13 years agoUpdate error codes for FIPS.
Dr. Stephen Henson [Fri, 21 Oct 2011 13:04:27 +0000 (13:04 +0000)]
Update error codes for FIPS.
Add support for authentication in FIPS_mode_set().

13 years agoRecognise new ECC option (from HEAD).
Dr. Stephen Henson [Fri, 21 Oct 2011 12:53:07 +0000 (12:53 +0000)]
Recognise new ECC option (from HEAD).

13 years ago"make update"
Bodo Möller [Wed, 19 Oct 2011 15:24:44 +0000 (15:24 +0000)]
"make update"

13 years agoBN_BLINDING multi-threading fix.
Bodo Möller [Wed, 19 Oct 2011 14:58:59 +0000 (14:58 +0000)]
BN_BLINDING multi-threading fix.

Submitted by: Emilia Kasper (Google)

13 years agoFix indentation
Bodo Möller [Wed, 19 Oct 2011 09:24:05 +0000 (09:24 +0000)]
Fix indentation

13 years agoFix warnings.
Bodo Möller [Wed, 19 Oct 2011 08:58:35 +0000 (08:58 +0000)]
Fix warnings.
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.

13 years agoImprove optional 64-bit NIST-P224 implementation, and add NIST-P256 and
Bodo Möller [Tue, 18 Oct 2011 19:43:54 +0000 (19:43 +0000)]
Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.

13 years agoRecognise no-rsax option.
Dr. Stephen Henson [Sat, 15 Oct 2011 13:22:26 +0000 (13:22 +0000)]
Recognise no-rsax option.

13 years agoe_aes.c: fix bug in aesni_gcm_tls_cipher [in HEAD].
Andy Polyakov [Fri, 14 Oct 2011 09:34:14 +0000 (09:34 +0000)]
e_aes.c: fix bug in aesni_gcm_tls_cipher [in HEAD].

13 years agoaesni-x86[_64].pl: pull from HEAD.
Andy Polyakov [Fri, 14 Oct 2011 09:21:03 +0000 (09:21 +0000)]
aesni-x86[_64].pl: pull from HEAD.

13 years agouse -no_ecdhe when using -no_dhe
Bodo Möller [Thu, 13 Oct 2011 15:07:05 +0000 (15:07 +0000)]
use -no_ecdhe when using -no_dhe

13 years agoMake CTR mode behaviour consistent with other modes:
Bodo Möller [Thu, 13 Oct 2011 13:42:29 +0000 (13:42 +0000)]
Make CTR mode behaviour consistent with other modes:
clear ctx->num in EVP_CipherInit_ex

Submitted by: Emilia Kasper

13 years agoClarify warning
Bodo Möller [Thu, 13 Oct 2011 13:25:03 +0000 (13:25 +0000)]
Clarify warning

13 years agoIn ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Bodo Möller [Thu, 13 Oct 2011 13:05:35 +0000 (13:05 +0000)]
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.

Submitted by: Bob Buckholz <bbuckholz@google.com>

13 years agoFor now disable RSAX ENGINE for FIPS builds: it sets a non-FIPS RSA
Dr. Stephen Henson [Thu, 13 Oct 2011 11:43:44 +0000 (11:43 +0000)]
For now disable RSAX ENGINE for FIPS builds: it sets a non-FIPS RSA
method which stops FIPS mode working.

13 years agoincrease test RSA key size to 1024 bits
Dr. Stephen Henson [Wed, 12 Oct 2011 21:55:42 +0000 (21:55 +0000)]
increase test RSA key size to 1024 bits

13 years agoupdate pkey method initialisation and copy
Dr. Stephen Henson [Tue, 11 Oct 2011 18:16:02 +0000 (18:16 +0000)]
update pkey method initialisation and copy

13 years agoBackport ossl_ssize_t type from HEAD.
Dr. Stephen Henson [Mon, 10 Oct 2011 22:33:50 +0000 (22:33 +0000)]
Backport ossl_ssize_t type from HEAD.

13 years agodef_rsa_finish not used anymore.
Dr. Stephen Henson [Mon, 10 Oct 2011 20:34:17 +0000 (20:34 +0000)]
def_rsa_finish not used anymore.

13 years agofix leak properly this time...
Dr. Stephen Henson [Mon, 10 Oct 2011 14:09:05 +0000 (14:09 +0000)]
fix leak properly this time...

13 years agoadd GCM ciphers in SSL_library_init
Dr. Stephen Henson [Mon, 10 Oct 2011 12:56:11 +0000 (12:56 +0000)]
add GCM ciphers in SSL_library_init

13 years agodisable GCM if not available
Dr. Stephen Henson [Mon, 10 Oct 2011 12:40:13 +0000 (12:40 +0000)]
disable GCM if not available