Bodo Möller [Tue, 19 Dec 2006 15:11:37 +0000 (15:11 +0000)]
Fix the BIT STRING encoding of EC points or parameter seeds
(need to prevent the removal of trailing zero bits).
Nils Larsch [Mon, 18 Dec 2006 22:20:27 +0000 (22:20 +0000)]
fix order
Nils Larsch [Wed, 13 Dec 2006 22:06:37 +0000 (22:06 +0000)]
properly initialize SSL context, check return value
Nils Larsch [Mon, 11 Dec 2006 22:35:51 +0000 (22:35 +0000)]
use const ASN1_TIME *
Andy Polyakov [Fri, 8 Dec 2006 15:18:41 +0000 (15:18 +0000)]
Eliminate 64-bit alignment limitation in sparcv9a-mont.
Andy Polyakov [Fri, 8 Dec 2006 14:42:19 +0000 (14:42 +0000)]
Engage alpha-mont module. Actually verified on Tru64 only.
Andy Polyakov [Fri, 8 Dec 2006 14:18:58 +0000 (14:18 +0000)]
alpha-mont.pl: gcc portability fix and make-rule.
Andy Polyakov [Fri, 8 Dec 2006 10:13:51 +0000 (10:13 +0000)]
Minor, +10%, tune-up for x86_64-mont.pl.
Andy Polyakov [Fri, 8 Dec 2006 10:12:56 +0000 (10:12 +0000)]
Montgomery multiplication routine for Alpha.
Dr. Stephen Henson [Thu, 7 Dec 2006 13:29:08 +0000 (13:29 +0000)]
Update from 0.9.7-stable branch.
Dr. Stephen Henson [Wed, 6 Dec 2006 13:44:21 +0000 (13:44 +0000)]
Sync OID NIDs with OpenSSL 0.9.8.
Dr. Stephen Henson [Wed, 6 Dec 2006 13:36:48 +0000 (13:36 +0000)]
Fix change to OPENSSL_NO_RFC3779
Nils Larsch [Wed, 6 Dec 2006 09:10:59 +0000 (09:10 +0000)]
fix documentation
PR: 1343
Nils Larsch [Tue, 5 Dec 2006 21:21:37 +0000 (21:21 +0000)]
avoid duplicate entries in add_cert_dir()
PR: 1407
Submitted by: Tomas Mraz <tmraz@redhat.com>
Nils Larsch [Tue, 5 Dec 2006 20:09:25 +0000 (20:09 +0000)]
return 0 if 'noout' is used and no error has occurred
PR: 1435
Submitted by: "Haridharan" <haridharan@gmail.com>
Nils Larsch [Mon, 4 Dec 2006 19:11:57 +0000 (19:11 +0000)]
allocate a new attributes entry in X509_REQ_add_extensions()
if it's NULL (in case of a malformed pkcs10 request)
PR: 1347
Submitted by: Remo Inverardi <invi@your.toilet.ch>
Nils Larsch [Mon, 4 Dec 2006 18:51:06 +0000 (18:51 +0000)]
add "Certificate Issuer" and "Subject Directory Attributes" OIDs
PR: 1433
Andy Polyakov [Sat, 2 Dec 2006 11:52:50 +0000 (11:52 +0000)]
Eliminate redundant variable in Camellia CBC routine.
Andy Polyakov [Sat, 2 Dec 2006 11:12:13 +0000 (11:12 +0000)]
Improve Camellia code readability.
Andy Polyakov [Sat, 2 Dec 2006 10:56:45 +0000 (10:56 +0000)]
Fix bugs in Camellia CBC routine.
Andy Polyakov [Sat, 2 Dec 2006 10:38:40 +0000 (10:38 +0000)]
Camellia portability fixes.
Submitted by: Masashi Fujita, NTT
Nils Larsch [Fri, 1 Dec 2006 21:42:55 +0000 (21:42 +0000)]
add support for whirlpool in apps/speed
PR: 1338
Submitted by: justin@soze.net
Dr. Stephen Henson [Thu, 30 Nov 2006 13:55:30 +0000 (13:55 +0000)]
Fix default dependency flags.
Dr. Stephen Henson [Thu, 30 Nov 2006 13:47:22 +0000 (13:47 +0000)]
Import ordinals from 0.9.8 and update.
Dr. Stephen Henson [Thu, 30 Nov 2006 13:41:47 +0000 (13:41 +0000)]
Update dependencies.
Dr. Stephen Henson [Thu, 30 Nov 2006 13:39:34 +0000 (13:39 +0000)]
Win32 fixes from stable branch.
Nils Larsch [Wed, 29 Nov 2006 20:54:57 +0000 (20:54 +0000)]
replace macros with functions
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
Bodo Möller [Wed, 29 Nov 2006 14:45:50 +0000 (14:45 +0000)]
fix support for receiving fragmented handshake messages
Andy Polyakov [Tue, 28 Nov 2006 11:07:36 +0000 (11:07 +0000)]
Clarify HAL SPARC64 support situation in sparcv9a-mont.pl.
Andy Polyakov [Tue, 28 Nov 2006 10:34:51 +0000 (10:34 +0000)]
Minor optimizations based on intruction level profiler feedback.
Andy Polyakov [Tue, 28 Nov 2006 07:24:26 +0000 (07:24 +0000)]
Modulo-schedule loops in sparcv9a-mont.pl. Overall improvement factor
over 0.9.8 is up to 3x on USI&II cores and up to 80% - on USIII&IV.
Andy Polyakov [Tue, 28 Nov 2006 07:20:36 +0000 (07:20 +0000)]
This is "informational" commit. Its mere purpose is to expose "modulo
factor" in inner loops.
Andy Polyakov [Mon, 27 Nov 2006 14:59:35 +0000 (14:59 +0000)]
Non-SSE2 path to bn_mul_mont. But it's disabled, because it currently
doesn't give performance improvement.
Ben Laurie [Mon, 27 Nov 2006 14:18:05 +0000 (14:18 +0000)]
Add RFC 3779 support.
Andy Polyakov [Mon, 27 Nov 2006 13:11:15 +0000 (13:11 +0000)]
sha512-ppc.pl mutli-thread safety fix.
Nils Larsch [Fri, 24 Nov 2006 18:37:43 +0000 (18:37 +0000)]
register the engine as default engine in ENGINE_set_default()
PR: 1431
Dr. Stephen Henson [Tue, 21 Nov 2006 21:37:41 +0000 (21:37 +0000)]
Add .cvsignore
Dr. Stephen Henson [Tue, 21 Nov 2006 21:29:44 +0000 (21:29 +0000)]
Update from 0.9.8 stable. Eliminate duplicate error codes.
Ulf Möller [Tue, 21 Nov 2006 20:51:25 +0000 (20:51 +0000)]
wording (can't really call shared libs experimental after several years in the major Linux distributions)
Dr. Stephen Henson [Thu, 16 Nov 2006 00:56:01 +0000 (00:56 +0000)]
Update ordinals.
Dr. Stephen Henson [Thu, 16 Nov 2006 00:55:33 +0000 (00:55 +0000)]
Remove illegal IMPLEMENT macros from header file.
Dr. Stephen Henson [Thu, 16 Nov 2006 00:52:49 +0000 (00:52 +0000)]
Remove redundant PREDECLARE statement.
Dr. Stephen Henson [Thu, 16 Nov 2006 00:19:39 +0000 (00:19 +0000)]
Initial, incomplete support for typesafe macros without using function
casts.
Dr. Stephen Henson [Mon, 13 Nov 2006 13:21:47 +0000 (13:21 +0000)]
Don't assume requestorName is present for signed requests. ASN1 OCSP module
fix: certs field is OPTIONAL.
Dr. Stephen Henson [Mon, 13 Nov 2006 13:18:28 +0000 (13:18 +0000)]
OCSP library tidy. Use extension to encode OCSP extensions instead of doing
it manually. Make OCSP_CERTID_dup() a real function instead of a macro.
Ben Laurie [Wed, 8 Nov 2006 09:45:12 +0000 (09:45 +0000)]
Fix various warnings.
Dr. Stephen Henson [Tue, 7 Nov 2006 16:21:16 +0000 (16:21 +0000)]
Make TSA tests use the noprompt mode of utilities rather than piping
the result into interative utilities.
Dr. Stephen Henson [Tue, 7 Nov 2006 16:20:14 +0000 (16:20 +0000)]
Avoid shadow warning.
Dr. Stephen Henson [Tue, 7 Nov 2006 14:27:55 +0000 (14:27 +0000)]
Don't add the TS EKU by default in openssl.cnf because it then
makes certificates genereated by ca, CA.pl etc useless for anything else.
Dr. Stephen Henson [Tue, 7 Nov 2006 13:46:37 +0000 (13:46 +0000)]
Typo.
Dr. Stephen Henson [Tue, 7 Nov 2006 13:44:03 +0000 (13:44 +0000)]
Fix link for ASN1_generate_nconf
Dr. Stephen Henson [Tue, 7 Nov 2006 13:17:02 +0000 (13:17 +0000)]
Typo.
Dr. Stephen Henson [Tue, 7 Nov 2006 13:13:14 +0000 (13:13 +0000)]
Add v3 ref to see also sections.
Dr. Stephen Henson [Tue, 7 Nov 2006 12:51:27 +0000 (12:51 +0000)]
Add documentetion for noCheck extension and add a few cross references to
the extension documentation.
Nils Larsch [Mon, 6 Nov 2006 20:10:44 +0000 (20:10 +0000)]
fix warning
Nils Larsch [Mon, 6 Nov 2006 19:53:39 +0000 (19:53 +0000)]
remove SSLEAY_MACROS code
Nils Larsch [Fri, 27 Oct 2006 21:58:09 +0000 (21:58 +0000)]
update md docs
Nils Larsch [Fri, 27 Oct 2006 21:25:53 +0000 (21:25 +0000)]
fix OPENSSL_NO_foo defines
Dr. Stephen Henson [Fri, 27 Oct 2006 11:43:27 +0000 (11:43 +0000)]
Initialize old_priv_encode, old_priv_decode.
Andy Polyakov [Thu, 26 Oct 2006 10:52:12 +0000 (10:52 +0000)]
Minor portability update to c_rehash.
Andy Polyakov [Tue, 24 Oct 2006 22:14:20 +0000 (22:14 +0000)]
Further mingw build procedure updates.
Andy Polyakov [Mon, 23 Oct 2006 11:54:18 +0000 (11:54 +0000)]
Harmonize dll naming in mingw builds.
Andy Polyakov [Mon, 23 Oct 2006 07:45:52 +0000 (07:45 +0000)]
Yet another mingw warning.
Andy Polyakov [Mon, 23 Oct 2006 07:44:51 +0000 (07:44 +0000)]
OPENSSL_ia32cap.pod update.
Andy Polyakov [Mon, 23 Oct 2006 07:41:05 +0000 (07:41 +0000)]
Fix mingw warnings.
Andy Polyakov [Mon, 23 Oct 2006 07:38:30 +0000 (07:38 +0000)]
Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even
recent mingw modifications.
Andy Polyakov [Mon, 23 Oct 2006 07:30:19 +0000 (07:30 +0000)]
Allow for mingw cross-compile configuration.
Andy Polyakov [Sat, 21 Oct 2006 16:28:03 +0000 (16:28 +0000)]
Make c_rehash more platform neutral and make it work in mixed environment,
such as MSYS with "native" Win32 perl.
Andy Polyakov [Sat, 21 Oct 2006 13:38:16 +0000 (13:38 +0000)]
Rudimentary support for cross-compiling.
Andy Polyakov [Fri, 20 Oct 2006 11:26:00 +0000 (11:26 +0000)]
Align data payload for better performance.
Andy Polyakov [Fri, 20 Oct 2006 11:23:35 +0000 (11:23 +0000)]
Avoid application relink on every make invocation.
Andy Polyakov [Thu, 19 Oct 2006 20:55:05 +0000 (20:55 +0000)]
Gcc over-optimizes PadLock AES CFB codepath, tell it not to.
Andy Polyakov [Wed, 18 Oct 2006 09:42:56 +0000 (09:42 +0000)]
Temporary fix for sha256 IA64 assembler.
Andy Polyakov [Wed, 18 Oct 2006 08:15:16 +0000 (08:15 +0000)]
Fix bug in big-endian path and optimize it for size.
Andy Polyakov [Tue, 17 Oct 2006 16:21:28 +0000 (16:21 +0000)]
Typo in perlasm/x86asm.pl.
Andy Polyakov [Tue, 17 Oct 2006 16:13:18 +0000 (16:13 +0000)]
Further synchronizations with md32_common.h update, consistent naming
for low-level SHA block routines.
Andy Polyakov [Tue, 17 Oct 2006 14:37:07 +0000 (14:37 +0000)]
bn/asm/ppc.pl to use ppc-xlate.pl.
Andy Polyakov [Tue, 17 Oct 2006 13:38:10 +0000 (13:38 +0000)]
Further synchronizations with md32_common.h update.
Andy Polyakov [Tue, 17 Oct 2006 07:04:48 +0000 (07:04 +0000)]
VIA-specific Montgomery multiplication routine.
Andy Polyakov [Tue, 17 Oct 2006 07:00:23 +0000 (07:00 +0000)]
Synchronize SHA1 assembler with md32_common.h update.
Andy Polyakov [Tue, 17 Oct 2006 06:43:11 +0000 (06:43 +0000)]
Support for .asciz directive in perlasm modules.
Andy Polyakov [Tue, 17 Oct 2006 06:41:27 +0000 (06:41 +0000)]
Linking errors on IA64 and typo in aes-ia64.S.
Andy Polyakov [Wed, 11 Oct 2006 11:55:11 +0000 (11:55 +0000)]
Re-implement md32_common.h [make it simpler!] and eliminate code rendered
redundant as result.
Dr. Stephen Henson [Thu, 5 Oct 2006 21:59:50 +0000 (21:59 +0000)]
Typo.
Nils Larsch [Wed, 4 Oct 2006 19:37:17 +0000 (19:37 +0000)]
return an error if the supplied precomputed values lead to an invalid signature
Bodo Möller [Wed, 4 Oct 2006 06:14:36 +0000 (06:14 +0000)]
ASN1_item_verify needs to initialize ctx before any "goto err" can
happen; the new code for the OID cross reference table failed to do so.
Dr. Stephen Henson [Tue, 3 Oct 2006 02:47:59 +0000 (02:47 +0000)]
Place standard CRL behaviour in default X509_CRL_METHOD new functions to
create, free and set default CRL method.
Mark J. Cox [Fri, 29 Sep 2006 08:21:41 +0000 (08:21 +0000)]
Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan
Bodo Möller [Thu, 28 Sep 2006 13:50:41 +0000 (13:50 +0000)]
All 0.9.8d patches have been applied to HEAD now, so we no longer need
the redundant entries under the 0.9.9 heading.
Bodo Möller [Thu, 28 Sep 2006 13:45:34 +0000 (13:45 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Bodo Möller [Thu, 28 Sep 2006 13:35:01 +0000 (13:35 +0000)]
include 0.9.8d and 0.9.7l information
Mark J. Cox [Thu, 28 Sep 2006 13:20:44 +0000 (13:20 +0000)]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Mark J. Cox [Thu, 28 Sep 2006 13:18:43 +0000 (13:18 +0000)]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
Richard Levitte [Thu, 28 Sep 2006 12:22:58 +0000 (12:22 +0000)]
Fixes for the following claims:
1) Certificate Message with no certs
OpenSSL implementation sends the Certificate message during SSL
handshake, however as per the specification, these have been omitted.
-- RFC 2712 --
CertificateRequest, and the ServerKeyExchange shown in Figure 1
will be omitted since authentication and the establishment of a
master secret will be done using the client's Kerberos credentials
for the TLS server. The client's certificate will be omitted for
the same reason.
-- RFC 2712 --
3) Pre-master secret Protocol version
The pre-master secret generated by OpenSSL does not have the correct
client version.
RFC 2712 says, if the Kerberos option is selected, the pre-master
secret structure is the same as that used in the RSA case.
TLS specification defines pre-master secret as:
struct {
ProtocolVersion client_version;
opaque random[46];
} PreMasterSecret;
where client_version is the latest protocol version supported by the
client
The pre-master secret generated by OpenSSL does not have the correct
client version. The implementation does not update the first 2 bytes
of random secret for Kerberos Cipher suites. At the server-end, the
client version from the pre-master secret is not validated.
PR: 1336
Dr. Stephen Henson [Tue, 26 Sep 2006 13:25:19 +0000 (13:25 +0000)]
Initialize new callbacks and make sure hent is always initialized.
Richard Levitte [Mon, 25 Sep 2006 08:35:35 +0000 (08:35 +0000)]
Complete the change for VMS.
Dr. Stephen Henson [Sat, 23 Sep 2006 17:29:49 +0000 (17:29 +0000)]
Submitted by: Brad Spencer <spencer@jacknife.org>
Reviewed by: steve
Dr. Stephen Henson [Fri, 22 Sep 2006 17:14:22 +0000 (17:14 +0000)]
Buffer size handling fix for enc.
PR:1374
Dr. Stephen Henson [Fri, 22 Sep 2006 17:06:09 +0000 (17:06 +0000)]
Using correct lock for X509_REQ.
PR:1348
Dr. Stephen Henson [Fri, 22 Sep 2006 13:37:15 +0000 (13:37 +0000)]
Update length if copying MSB set in asn1_string_canon().