oweals/openssl.git
19 years agoPermit "monolithic" AES assembler implementations, i.e. such which would
Andy Polyakov [Sun, 9 Jan 2005 16:01:58 +0000 (16:01 +0000)]
Permit "monolithic" AES assembler implementations, i.e. such which would
replace *whole* aes_core.c, not only AES_[de|en]crypt routines.

19 years agoDJGPP update.
Andy Polyakov [Tue, 4 Jan 2005 10:28:38 +0000 (10:28 +0000)]
DJGPP update.
PR: 989
Submitted by: Doug Kaufman

19 years agoBorrow #include <string[s].h> from e_os.h.
Andy Polyakov [Fri, 31 Dec 2004 00:00:05 +0000 (00:00 +0000)]
Borrow #include <string[s].h> from e_os.h.

19 years agoMake whiny compilers stop complaining about missing prototype.
Andy Polyakov [Thu, 30 Dec 2004 23:40:31 +0000 (23:40 +0000)]
Make whiny compilers stop complaining about missing prototype.

19 years agoFix Win32 test-suit.
Andy Polyakov [Thu, 30 Dec 2004 22:55:28 +0000 (22:55 +0000)]
Fix Win32 test-suit.

19 years agoRemove naming conflict between variable and label.
Andy Polyakov [Thu, 30 Dec 2004 11:10:11 +0000 (11:10 +0000)]
Remove naming conflict between variable and label.

19 years agoCommentary update for AES IA-64 assembler module.
Andy Polyakov [Thu, 30 Dec 2004 10:55:02 +0000 (10:55 +0000)]
Commentary update for AES IA-64 assembler module.

19 years agoMinor AES x86 assembler tune-up.
Andy Polyakov [Thu, 30 Dec 2004 10:46:03 +0000 (10:46 +0000)]
Minor AES x86 assembler tune-up.

19 years agoAES-CFB[18] 2x optimization. Well, I bet nobody cares about AES-CFB1
Andy Polyakov [Thu, 30 Dec 2004 10:43:33 +0000 (10:43 +0000)]
AES-CFB[18] 2x optimization. Well, I bet nobody cares about AES-CFB1
performance, but anyway...

19 years agoPrompt for passphrases for PKCS12 input format
Dr. Stephen Henson [Wed, 29 Dec 2004 01:07:14 +0000 (01:07 +0000)]
Prompt for passphrases for PKCS12 input format

19 years agoOops-kind typos in aes-ia64.S...
Andy Polyakov [Tue, 28 Dec 2004 17:10:42 +0000 (17:10 +0000)]
Oops-kind typos in aes-ia64.S...

19 years agoiv needs to be const because it sometimes takes it's value from a
Richard Levitte [Tue, 28 Dec 2004 10:35:13 +0000 (10:35 +0000)]
iv needs to be const because it sometimes takes it's value from a
const.

19 years agoForgot to synchronise the VMS build scripts.
Richard Levitte [Tue, 28 Dec 2004 10:22:00 +0000 (10:22 +0000)]
Forgot to synchronise the VMS build scripts.

19 years agoAdd functionality needed to process proxy certificates.
Richard Levitte [Tue, 28 Dec 2004 00:21:35 +0000 (00:21 +0000)]
Add functionality needed to process proxy certificates.

19 years agoMinor cygwin update.
Andy Polyakov [Mon, 27 Dec 2004 21:27:46 +0000 (21:27 +0000)]
Minor cygwin update.
PR: 949

19 years agoAs new major IRIX release is highly unlikely to appear [and break following],
Andy Polyakov [Mon, 27 Dec 2004 14:59:36 +0000 (14:59 +0000)]
As new major IRIX release is highly unlikely to appear [and break following],
I change from -notall to -none synonym in irix rules to improve backward
compatibility with IRIX 5.x.
PR: 987

19 years agoRemove CPU detect for IRIX targets. Performance gain is less than 1%,
Andy Polyakov [Mon, 27 Dec 2004 14:57:54 +0000 (14:57 +0000)]
Remove CPU detect for IRIX targets. Performance gain is less than 1%,
it makes more sense to strive for broader binary compatibility...

19 years agoRemove yet another redundant memcpy. Not at least performance critical,
Andy Polyakov [Sun, 26 Dec 2004 13:05:40 +0000 (13:05 +0000)]
Remove yet another redundant memcpy. Not at least performance critical,
essentially cosmetic modification...

19 years agoEliminate redundant memcpy of IV material. Performance improvement varies
Andy Polyakov [Sun, 26 Dec 2004 12:31:37 +0000 (12:31 +0000)]
Eliminate redundant memcpy of IV material. Performance improvement varies
from platform to platform and can be as large as 20%.

19 years agoEngage AES x86 assembler module for COFF and a.out targets.
Andy Polyakov [Sun, 26 Dec 2004 10:58:39 +0000 (10:58 +0000)]
Engage AES x86 assembler module for COFF and a.out targets.

19 years agoEngage AES x86 assembler module on ELF platforms.
Andy Polyakov [Thu, 23 Dec 2004 21:44:28 +0000 (21:44 +0000)]
Engage AES x86 assembler module on ELF platforms.

19 years agox86 perlasm update to accomodate aes-586.pl.
Andy Polyakov [Thu, 23 Dec 2004 21:43:25 +0000 (21:43 +0000)]
x86 perlasm update to accomodate aes-586.pl.

19 years agoEliminate copies of TeN and TdN, use those found in assembler module.
Andy Polyakov [Thu, 23 Dec 2004 21:40:23 +0000 (21:40 +0000)]
Eliminate copies of TeN and TdN, use those found in assembler module.

19 years agoAES x86 assembler implementation.
Andy Polyakov [Thu, 23 Dec 2004 21:32:34 +0000 (21:32 +0000)]
AES x86 assembler implementation.

19 years agoRefine PowerPC platform support.
Andy Polyakov [Mon, 20 Dec 2004 13:44:34 +0000 (13:44 +0000)]
Refine PowerPC platform support.

19 years agoRemove unused buffer 'buf'.
Dr. Stephen Henson [Mon, 20 Dec 2004 00:49:36 +0000 (00:49 +0000)]
Remove unused buffer 'buf'.

19 years agoDon't use multiple storage types.
Dr. Stephen Henson [Sun, 19 Dec 2004 01:21:18 +0000 (01:21 +0000)]
Don't use multiple storage types.

19 years agoFix typos in the ecparam doc.
Geoff Thorpe [Fri, 17 Dec 2004 05:42:00 +0000 (05:42 +0000)]
Fix typos in the ecparam doc.

Submitted by: Nils Larsch

19 years agomake update (oops, missed this file)
Richard Levitte [Mon, 13 Dec 2004 22:57:39 +0000 (22:57 +0000)]
make update (oops, missed this file)

19 years agoChange libeay.num so it's synchronised with additions in 0.9.7-stable.
Richard Levitte [Mon, 13 Dec 2004 22:57:08 +0000 (22:57 +0000)]
Change libeay.num so it's synchronised with additions in 0.9.7-stable.
make update

19 years agoFix s_client so it works without a certificate again.
Dr. Stephen Henson [Mon, 13 Dec 2004 18:02:23 +0000 (18:02 +0000)]
Fix s_client so it works without a certificate again.

19 years agoPropagate a few more variables to Makefile.shared when linking
Richard Levitte [Mon, 13 Dec 2004 17:28:44 +0000 (17:28 +0000)]
Propagate a few more variables to Makefile.shared when linking
programs.

19 years agoRemove duplicate lines.
Dr. Stephen Henson [Sun, 12 Dec 2004 13:15:49 +0000 (13:15 +0000)]
Remove duplicate lines.

19 years agoSolaris x86 perlasm update.
Andy Polyakov [Fri, 10 Dec 2004 11:24:42 +0000 (11:24 +0000)]
Solaris x86 perlasm update.

19 years agoEngage SHA1 IA64 assembler on IA64 platforms.
Andy Polyakov [Thu, 9 Dec 2004 15:39:55 +0000 (15:39 +0000)]
Engage SHA1 IA64 assembler on IA64 platforms.

19 years agoAutomatically mark the CRL cached encoding as invalid when some operations
Dr. Stephen Henson [Thu, 9 Dec 2004 13:35:06 +0000 (13:35 +0000)]
Automatically mark the CRL cached encoding as invalid when some operations
are performed.

19 years agoSHA1 assembler for IA-64.
Andy Polyakov [Thu, 9 Dec 2004 11:57:38 +0000 (11:57 +0000)]
SHA1 assembler for IA-64.

19 years agoExtend RC4 test.
Andy Polyakov [Tue, 7 Dec 2004 11:55:56 +0000 (11:55 +0000)]
Extend RC4 test.

19 years agoUpdate 'certs' directory. Move expired certificates to expired directory
Dr. Stephen Henson [Sun, 5 Dec 2004 19:48:02 +0000 (19:48 +0000)]
Update 'certs' directory. Move expired certificates to expired directory
and zero assurance demontrations CAs to 'demo'.

19 years agoUse X509_cmp_time() in -checkend option, to support GeneralizedTime.
Dr. Stephen Henson [Sun, 5 Dec 2004 18:26:19 +0000 (18:26 +0000)]
Use X509_cmp_time() in -checkend option, to support GeneralizedTime.

19 years agoRemaing bits of PR:620 relevant to 0.9.8.
Dr. Stephen Henson [Sun, 5 Dec 2004 01:50:56 +0000 (01:50 +0000)]
Remaing bits of PR:620 relevant to 0.9.8.

19 years agoAdd lots of checks for memory allocation failure, error codes to indicate
Dr. Stephen Henson [Sun, 5 Dec 2004 01:03:15 +0000 (01:03 +0000)]
Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.

PR:620

19 years agoUpdate year.
Dr. Stephen Henson [Sun, 5 Dec 2004 00:51:41 +0000 (00:51 +0000)]
Update year.

19 years agoIn by_file.c check last error for no start line, not first error.
Dr. Stephen Henson [Sat, 4 Dec 2004 21:25:51 +0000 (21:25 +0000)]
In by_file.c check last error for no start line, not first error.

19 years agoAdd -passin argument to dgst command.
Dr. Stephen Henson [Fri, 3 Dec 2004 12:26:56 +0000 (12:26 +0000)]
Add -passin argument to dgst command.

19 years agoV1 certificates that aren't self signed can't be accepted as CAs.
Dr. Stephen Henson [Fri, 3 Dec 2004 00:10:34 +0000 (00:10 +0000)]
V1 certificates that aren't self signed can't be accepted as CAs.

19 years agoFix rc4-ia64.S to pass more exhaustive regression tests.
Andy Polyakov [Thu, 2 Dec 2004 10:07:55 +0000 (10:07 +0000)]
Fix rc4-ia64.S to pass more exhaustive regression tests.

19 years agoAdd couple of OIDs. Resync NIDs for consistency with 0.9.7.
Dr. Stephen Henson [Wed, 1 Dec 2004 18:09:53 +0000 (18:09 +0000)]
Add couple of OIDs. Resync NIDs for consistency with 0.9.7.

19 years agoI've introduced a bug to i386 RC4 assembler, which would emerge with
Andy Polyakov [Wed, 1 Dec 2004 15:28:18 +0000 (15:28 +0000)]
I've introduced a bug to i386 RC4 assembler, which would emerge with
certain mix of calls to RC4 routine not covered by rc4test.c.
It's fixed now. In addition this patch inadvertently fixes minor
performance problem: in 0.9.7 context P4 was performing 12% slower
than the original implementation...

19 years agoPerform partial comparison of different character types in X509_NAME_cmp().
Dr. Stephen Henson [Wed, 1 Dec 2004 01:45:30 +0000 (01:45 +0000)]
Perform partial comparison of different character types in X509_NAME_cmp().

19 years agoAdd 0.9.7 specific comments to RC4 assembler modules.
Andy Polyakov [Tue, 30 Nov 2004 15:46:46 +0000 (15:46 +0000)]
Add 0.9.7 specific comments to RC4 assembler modules.

19 years agoMention that the keys likely to have signed the distribution are now
Mark J. Cox [Tue, 30 Nov 2004 14:34:16 +0000 (14:34 +0000)]
Mention that the keys likely to have signed the distribution are now
listed on the web site for easy finding and downloading

19 years agoSplit X509_check_ca() into a small self and an internal function
Richard Levitte [Tue, 30 Nov 2004 12:18:55 +0000 (12:18 +0000)]
Split X509_check_ca() into a small self and an internal function
check_ca(), to resolve constness issue.  check_ca() is called from the
purpose checkers instead of X509_check_ca(), since the stuff done by
the latter (except for calling check_ca()) is also done by
X509_check_purpose().

19 years agosha1_block_asm_data_order can't hash if message crosses 2GB boundary.
Andy Polyakov [Mon, 29 Nov 2004 21:19:56 +0000 (21:19 +0000)]
sha1_block_asm_data_order can't hash if message crosses 2GB boundary.

19 years agoFinal touches to rc4/asm/rc4-596.pl, +52% better performance on AMD core.
Andy Polyakov [Mon, 29 Nov 2004 21:12:58 +0000 (21:12 +0000)]
Final touches to rc4/asm/rc4-596.pl, +52% better performance on AMD core.

19 years agoDocument the change.
Richard Levitte [Mon, 29 Nov 2004 11:57:00 +0000 (11:57 +0000)]
Document the change.

19 years agoMake an explicit check during certificate validation to see that the
Richard Levitte [Mon, 29 Nov 2004 11:28:08 +0000 (11:28 +0000)]
Make an explicit check during certificate validation to see that the
CA setting in each certificate on the chain is correct.  As a side-
effect always do the following basic checks on extensions, not just
when there's an associated purpose to the check:
- if there is an unhandled critical extension (unless the user has
  chosen to ignore this fault)
- if the path length has been exceeded (if one is set at all)
- that certain extensions fit the associated purpose (if one has been
  given)

20 years agoperlasm/x86[ms|nasm] update to accomodate updated RC4 assembler module.
Andy Polyakov [Sat, 27 Nov 2004 15:14:58 +0000 (15:14 +0000)]
perlasm/x86[ms|nasm] update to accomodate updated RC4 assembler module.

20 years agoSummarize recent RC4 tune-ups.
Andy Polyakov [Fri, 26 Nov 2004 15:26:09 +0000 (15:26 +0000)]
Summarize recent RC4 tune-ups.

20 years agoEngage RC4 IA-64 assembler module.
Andy Polyakov [Fri, 26 Nov 2004 15:12:17 +0000 (15:12 +0000)]
Engage RC4 IA-64 assembler module.

20 years agoRC4 IA-64 assembler implementation.
Andy Polyakov [Fri, 26 Nov 2004 15:07:50 +0000 (15:07 +0000)]
RC4 IA-64 assembler implementation.

20 years agoTypo.
Dr. Stephen Henson [Fri, 26 Nov 2004 01:04:55 +0000 (01:04 +0000)]
Typo.

20 years agoAdd errstr manual page
Dr. Stephen Henson [Thu, 25 Nov 2004 18:21:26 +0000 (18:21 +0000)]
Add errstr manual page

20 years agoAllow alternative manual sections to be embedded in .pod file comments.
Dr. Stephen Henson [Thu, 25 Nov 2004 17:47:31 +0000 (17:47 +0000)]
Allow alternative manual sections to be embedded in .pod file comments.

20 years agoUpdate docs
Dr. Stephen Henson [Thu, 25 Nov 2004 14:14:25 +0000 (14:14 +0000)]
Update docs

20 years agoUpdate docs.
Dr. Stephen Henson [Thu, 25 Nov 2004 14:11:25 +0000 (14:11 +0000)]
Update docs.

20 years agoCheck return code of EVP_CipherInit() in PKCS#12 code.
Dr. Stephen Henson [Wed, 24 Nov 2004 01:21:03 +0000 (01:21 +0000)]
Check return code of EVP_CipherInit() in PKCS#12 code.

20 years agoTypo.
Dr. Stephen Henson [Tue, 23 Nov 2004 21:40:10 +0000 (21:40 +0000)]
Typo.

20 years agoFix memory leak.
Dr. Stephen Henson [Tue, 23 Nov 2004 21:22:21 +0000 (21:22 +0000)]
Fix memory leak.

20 years agolinux-x86_64 didn't link after EM64T RC4 tune-up...
Andy Polyakov [Tue, 23 Nov 2004 09:06:12 +0000 (09:06 +0000)]
linux-x86_64 didn't link after EM64T RC4 tune-up...

20 years agoRC4 tune-up for Intel P4 core, both 32- and 64-bit ones. As it's
Andy Polyakov [Sun, 21 Nov 2004 10:36:25 +0000 (10:36 +0000)]
RC4 tune-up for Intel P4 core, both 32- and 64-bit ones. As it's
apparently impossible to compose blended code with would perform
satisfactory on all x86 and x86_64 cores, an extra RC4_CHAR
code-path is introduced and P4 core is detected at run-time. This
way we keep original performance on non-P4 implementations and
turbo-charge P4 performance by factor of 2.8x (on 32-bit core).

20 years agoIn "req" exit immediately if configuration file is needed and it can't
Dr. Stephen Henson [Wed, 17 Nov 2004 18:36:13 +0000 (18:36 +0000)]
In "req" exit immediately if configuration file is needed and it can't
be loaded instead of giving the misleading:

"unable to find 'distinguised_name' in config"

error message.

20 years agoUpdate X509v3 doc.
Dr. Stephen Henson [Wed, 17 Nov 2004 00:55:43 +0000 (00:55 +0000)]
Update X509v3 doc.

20 years agoUpdate X509v3 docs.
Dr. Stephen Henson [Tue, 16 Nov 2004 17:45:13 +0000 (17:45 +0000)]
Update X509v3 docs.

20 years agoPR: 910
Dr. Stephen Henson [Tue, 16 Nov 2004 17:30:59 +0000 (17:30 +0000)]
PR: 910

Add command line options -certform, -keyform and -pass to s_client and
s_server. This supports the use of alternative passphrase sources, key formats
and keys handled by an ENGINE.

Update docs.

20 years agoInitial pod documentation of X509V3 config file format.
Dr. Stephen Henson [Tue, 16 Nov 2004 14:09:12 +0000 (14:09 +0000)]
Initial pod documentation of X509V3 config file format.

20 years agoPR: 940
Dr. Stephen Henson [Sun, 14 Nov 2004 15:40:00 +0000 (15:40 +0000)]
PR: 940

Typo: use prompt_info, not cb_data->prompt_info.

20 years agoPR: 923
Dr. Stephen Henson [Sun, 14 Nov 2004 15:11:37 +0000 (15:11 +0000)]
PR: 923

Typo.

20 years agoPR: 938
Dr. Stephen Henson [Sun, 14 Nov 2004 13:55:16 +0000 (13:55 +0000)]
PR: 938

Typo.

20 years agoZap obsolete der_chop script.
Dr. Stephen Henson [Sun, 14 Nov 2004 00:08:36 +0000 (00:08 +0000)]
Zap obsolete der_chop script.

20 years agoPR: 969
Dr. Stephen Henson [Sat, 13 Nov 2004 13:38:34 +0000 (13:38 +0000)]
PR: 969
Submitted by: David Holmes <davidh@3blackdogs.com>

20 years agoFix x509.c so it creates serial number file again if no
Dr. Stephen Henson [Sat, 13 Nov 2004 13:26:06 +0000 (13:26 +0000)]
Fix x509.c so it creates serial number file again if no
serial number is supplied on command line.

20 years agoCut'n'paste mistake. All tested OK now...
Richard Levitte [Thu, 11 Nov 2004 19:36:08 +0000 (19:36 +0000)]
Cut'n'paste mistake.  All tested OK now...

20 years agoWhoops, syntactic mistake...
Richard Levitte [Thu, 11 Nov 2004 18:58:01 +0000 (18:58 +0000)]
Whoops, syntactic mistake...

20 years agoSome find it confusing that environment variables are set when shared
Richard Levitte [Thu, 11 Nov 2004 18:18:43 +0000 (18:18 +0000)]
Some find it confusing that environment variables are set when shared
libraries aren't built or used.  I can see the point, so I'm
reorganising a little for clarity.

20 years agoUse the default_md config file value when signing CRLs.
Dr. Stephen Henson [Thu, 11 Nov 2004 13:47:06 +0000 (13:47 +0000)]
Use the default_md config file value when signing CRLs.

PR:662

20 years agoDon't return an error with crl -noout.
Dr. Stephen Henson [Thu, 11 Nov 2004 02:13:08 +0000 (02:13 +0000)]
Don't return an error with crl -noout.

PR:917
Sumbmitted by: Michael Konietzka <konietzka@schlund.de>

20 years agoAs was shown by Marc Bevand reordering of couple of load operations
Andy Polyakov [Tue, 9 Nov 2004 17:23:26 +0000 (17:23 +0000)]
As was shown by Marc Bevand reordering of couple of load operations
results in even higher performance gain of 3.3x:-) At least on
Opteron...

20 years agoMake sure LD_PRELOAD is only set when we build shared libraries (and
Richard Levitte [Fri, 5 Nov 2004 09:12:10 +0000 (09:12 +0000)]
Make sure LD_PRELOAD is only set when we build shared libraries (and
therefore link with them).  Add LD_PRELOAD setting code where it was
still missing.

PR: 966

20 years agoDon't use $(EXHEADER) directly in for loops, as most shells will break
Richard Levitte [Tue, 2 Nov 2004 23:55:01 +0000 (23:55 +0000)]
Don't use $(EXHEADER) directly in for loops, as most shells will break
if $(EXHEADER) is empty.

Notified by many, solution suggested by Carson Gaspar <carson@taltos.org>

20 years agoBecause -rpath/-R may have been used, our settings of LD_LIBRARY_PATH
Richard Levitte [Tue, 2 Nov 2004 01:13:04 +0000 (01:13 +0000)]
Because -rpath/-R may have been used, our settings of LD_LIBRARY_PATH
and friends may be entirely useless.  In such a case, LD_PRELOAD is
the answer, at least on platforms using LD_LIBRARY_PATH.  There might
be other variables to set on other platforms, please fill us in...

For now, we only do this with the tests, so they won't fail for silly
reasons like getting dynamically linked to older installed libraries
rather than the newly built ones...

PR: 960

20 years agoMake sure memmove() is defined, even on SunOS 4.1.4.
Richard Levitte [Mon, 1 Nov 2004 07:58:38 +0000 (07:58 +0000)]
Make sure memmove() is defined, even on SunOS 4.1.4.
PR: 963

20 years agoUpdate NEWS
Dr. Stephen Henson [Mon, 25 Oct 2004 17:11:19 +0000 (17:11 +0000)]
Update NEWS

20 years agoUpdate FAQ.
Dr. Stephen Henson [Mon, 25 Oct 2004 12:36:33 +0000 (12:36 +0000)]
Update FAQ.

20 years agoFix race condition when SSL ciphers are initialized.
Dr. Stephen Henson [Mon, 25 Oct 2004 11:14:16 +0000 (11:14 +0000)]
Fix race condition when SSL ciphers are initialized.

20 years agoUpdate ECDSA and ECDH for OPENSSL_NO_ENGINE.
Geoff Thorpe [Thu, 21 Oct 2004 00:06:14 +0000 (00:06 +0000)]
Update ECDSA and ECDH for OPENSSL_NO_ENGINE.

Reported by: Maxim Masiutin
Submitted by: Nils Larsch

20 years agoBecause libraries on Windows lack useful version information, the zlib
Richard Levitte [Thu, 14 Oct 2004 05:48:59 +0000 (05:48 +0000)]
Because libraries on Windows lack useful version information, the zlib
guys had to change the name to differentiate with older versions when
a backward incompatibility came up.  Of course, we need to adapt.
This change simply tries to load the library through the newer name
(ZLIB1) first, and if that fails, it tries the good old ZLIB.

20 years agoOops!
Dr. Stephen Henson [Mon, 4 Oct 2004 17:28:31 +0000 (17:28 +0000)]
Oops!

20 years agoFix race condition when CRL checking is enabled.
Dr. Stephen Henson [Mon, 4 Oct 2004 16:30:12 +0000 (16:30 +0000)]
Fix race condition when CRL checking is enabled.

20 years agoUpdate debug-steve
Dr. Stephen Henson [Fri, 1 Oct 2004 11:35:38 +0000 (11:35 +0000)]
Update debug-steve