Andy Polyakov [Thu, 22 Apr 2010 21:36:26 +0000 (21:36 +0000)]
Take gcm128.c and ghash assembler modules into the build loop.
Andy Polyakov [Wed, 21 Apr 2010 20:38:21 +0000 (20:38 +0000)]
bss_file.c: reserve for option to encode file name with UTF-8.
Andy Polyakov [Tue, 20 Apr 2010 20:40:46 +0000 (20:40 +0000)]
md5-ia64.S: fix assembler warning.
Dr. Stephen Henson [Tue, 20 Apr 2010 12:53:18 +0000 (12:53 +0000)]
PR: 2241
Submitted By: Artemy Lebedev <vagran.ast@gmail.com>
Typo.
Dr. Stephen Henson [Thu, 15 Apr 2010 13:25:26 +0000 (13:25 +0000)]
new function to diff tm structures
Dr. Stephen Henson [Thu, 15 Apr 2010 13:24:20 +0000 (13:24 +0000)]
oops revert patch not part of Configure diff
Dr. Stephen Henson [Thu, 15 Apr 2010 13:17:15 +0000 (13:17 +0000)]
oops, commit Configure part of PR#2234
Dr. Stephen Henson [Wed, 14 Apr 2010 23:07:12 +0000 (23:07 +0000)]
PR: 2234
Submitted By: Matthias Andree <matthias.andree@gmx.de>
Use correct path to openssl utility in c_rehash script.
Dr. Stephen Henson [Wed, 14 Apr 2010 23:04:12 +0000 (23:04 +0000)]
PR: 2235
Submitted By: Bruce Stephens <bruce.stephens@isode.com>
Make ts/Makefile consistent with other Makefiles.
Andy Polyakov [Wed, 14 Apr 2010 19:24:48 +0000 (19:24 +0000)]
x86_64cpuid.pl: ml64 is allergic to db on label line.
Andy Polyakov [Wed, 14 Apr 2010 19:04:51 +0000 (19:04 +0000)]
gcm128.c and assembler modules: change argument order for gcm_ghash_4bit.
ghash-x86*.pl: fix performance numbers for Core2, as it turned out
previous ones were "tainted" by variable clock frequency.
Dr. Stephen Henson [Wed, 14 Apr 2010 13:21:21 +0000 (13:21 +0000)]
update FAQ
Andy Polyakov [Wed, 14 Apr 2010 07:47:28 +0000 (07:47 +0000)]
[co]fb128.c: fix "n=0" bug.
Dr. Stephen Henson [Wed, 14 Apr 2010 00:41:14 +0000 (00:41 +0000)]
fix signed/unsigned comparison warnings
Dr. Stephen Henson [Wed, 14 Apr 2010 00:33:06 +0000 (00:33 +0000)]
fix bug in ccgost CFB mode code
Dr. Stephen Henson [Wed, 14 Apr 2010 00:30:32 +0000 (00:30 +0000)]
check ASN1 type before using it
Dr. Stephen Henson [Wed, 14 Apr 2010 00:17:55 +0000 (00:17 +0000)]
PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix various DTLS fragment reassembly bugs.
Dr. Stephen Henson [Wed, 14 Apr 2010 00:10:05 +0000 (00:10 +0000)]
PR: 2229
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Don't drop DTLS connection if mac or decryption failed.
Dr. Stephen Henson [Wed, 14 Apr 2010 00:03:27 +0000 (00:03 +0000)]
PR: 2228
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS buffer record MAC failure bug.
Andy Polyakov [Sat, 10 Apr 2010 14:53:17 +0000 (14:53 +0000)]
aes-ppc.pl: 10% performance improvement on Power6.
Andy Polyakov [Sat, 10 Apr 2010 14:07:40 +0000 (14:07 +0000)]
AESNI engine: update test_aesni.
Andy Polyakov [Sat, 10 Apr 2010 14:02:26 +0000 (14:02 +0000)]
gcm128.c: commentary and formatting updates.
Andy Polyakov [Sat, 10 Apr 2010 14:01:02 +0000 (14:01 +0000)]
cts128.c: add support for NIST "Ciphertext Stealing" proposal.
Andy Polyakov [Sat, 10 Apr 2010 13:56:59 +0000 (13:56 +0000)]
AESNI engine: add counter mode.
Andy Polyakov [Sat, 10 Apr 2010 13:55:05 +0000 (13:55 +0000)]
perlasm/x86*: add support to SSE>2 and pclmulqdq. x86_64-xlate.pl provides
correct solution to problem addressed in committ #19244.
Andy Polyakov [Sat, 10 Apr 2010 13:51:20 +0000 (13:51 +0000)]
sha1-alpha.pl: addenum till commit #19547.
Andy Polyakov [Sat, 10 Apr 2010 13:46:53 +0000 (13:46 +0000)]
ctr129.c: fix typo, simplify ctr128_inc and fix "n=0" bug.
Andy Polyakov [Sat, 10 Apr 2010 13:44:20 +0000 (13:44 +0000)]
Add ghash-alpha.pl assembler module.
Andy Polyakov [Sat, 10 Apr 2010 13:43:26 +0000 (13:43 +0000)]
sha1-alpha.pl: engage it in build.
Andy Polyakov [Sat, 10 Apr 2010 13:36:34 +0000 (13:36 +0000)]
sparccpuid.S: some assembler is allergic to apostrophes in comments.
Andy Polyakov [Sat, 10 Apr 2010 13:33:04 +0000 (13:33 +0000)]
alpha-mont.pl: comply with stack alignment requirements.
Dr. Stephen Henson [Thu, 8 Apr 2010 10:55:04 +0000 (10:55 +0000)]
make GOST MAC work again
Dr. Stephen Henson [Wed, 7 Apr 2010 13:18:07 +0000 (13:18 +0000)]
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.
Update docs.
Dr. Stephen Henson [Tue, 6 Apr 2010 15:03:27 +0000 (15:03 +0000)]
Remove obsolete PRNG note. Add comment about use of SHA256 et al.
Dr. Stephen Henson [Tue, 6 Apr 2010 14:45:18 +0000 (14:45 +0000)]
PR: 2209
Submitted Daniel Mentz <danielml@sent.com>
Documentation typo.
Dr. Stephen Henson [Tue, 6 Apr 2010 12:45:04 +0000 (12:45 +0000)]
PR: 2218
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS replay bug.
Dr. Stephen Henson [Tue, 6 Apr 2010 12:40:19 +0000 (12:40 +0000)]
PR: 2219
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS buffering bug.
Dr. Stephen Henson [Tue, 6 Apr 2010 12:29:31 +0000 (12:29 +0000)]
PR: 2223
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS timeout bug
Dr. Stephen Henson [Tue, 6 Apr 2010 11:18:59 +0000 (11:18 +0000)]
PR: 2220
Fixes to make OpenSSL compile with no-rc4
Dr. Stephen Henson [Wed, 31 Mar 2010 11:50:30 +0000 (11:50 +0000)]
fix FAQ (again)
Dr. Stephen Henson [Tue, 30 Mar 2010 16:43:51 +0000 (16:43 +0000)]
update FAQ
Dr. Stephen Henson [Tue, 30 Mar 2010 16:36:59 +0000 (16:36 +0000)]
fix FAQ
Dr. Stephen Henson [Tue, 30 Mar 2010 16:35:41 +0000 (16:35 +0000)]
update FAQ
Dr. Stephen Henson [Tue, 30 Mar 2010 16:24:53 +0000 (16:24 +0000)]
update FAQ
Dr. Stephen Henson [Tue, 30 Mar 2010 00:49:36 +0000 (00:49 +0000)]
update HEAD FAQ
Andy Polyakov [Mon, 29 Mar 2010 10:06:01 +0000 (10:06 +0000)]
cryptlib.c: allow application to override OPENSSL_isservice.
PR: 2194
Andy Polyakov [Mon, 29 Mar 2010 09:55:19 +0000 (09:55 +0000)]
ARMv4 assembler: fix compilation failure. Fix is actually unconfirmed, but
I can't think of any other cause for failure
Andy Polyakov [Mon, 29 Mar 2010 09:50:02 +0000 (09:50 +0000)]
dso_dlfcn.c: fix compile failure on Tru64.
Dr. Stephen Henson [Sun, 28 Mar 2010 00:42:38 +0000 (00:42 +0000)]
PR: 1696
Check return value if d2i_PBEPARAM().
Dr. Stephen Henson [Sat, 27 Mar 2010 23:28:09 +0000 (23:28 +0000)]
PR: 1763
Remove useless num = 0 assignment.
Remove redundant cases on sock_ctrl(): default case handles them.
Dr. Stephen Henson [Sat, 27 Mar 2010 19:32:11 +0000 (19:32 +0000)]
sync ordinals with 1.0.0
Dr. Stephen Henson [Sat, 27 Mar 2010 19:31:55 +0000 (19:31 +0000)]
PR: 1904
Submitted by: David Woodhouse <dwmw2@infradead.org>
Pass passphrase minimum length down to UI.
Dr. Stephen Henson [Sat, 27 Mar 2010 18:28:02 +0000 (18:28 +0000)]
PR: 1813
Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Fix memory leak when engine name cannot be loaded.
Dr. Stephen Henson [Thu, 25 Mar 2010 12:08:19 +0000 (12:08 +0000)]
update FAQ
Bodo Möller [Thu, 25 Mar 2010 11:25:30 +0000 (11:25 +0000)]
Fix for "Record of death" vulnerability CVE-2010-0740.
Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010),
and further harmonize this version of CHANGES with the versions in the current branches.
Dr. Stephen Henson [Wed, 24 Mar 2010 23:42:05 +0000 (23:42 +0000)]
initialise buf if wrong_info not used
Dr. Stephen Henson [Wed, 24 Mar 2010 23:17:15 +0000 (23:17 +0000)]
PR: 1731 and maybe 2197
Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.
Andy Polyakov [Mon, 22 Mar 2010 22:44:22 +0000 (22:44 +0000)]
rand_win.c: fix logical bug in readscreen.
Andy Polyakov [Mon, 22 Mar 2010 22:38:56 +0000 (22:38 +0000)]
bss_file.c: fix MSC 6.0 warning.
Andy Polyakov [Mon, 22 Mar 2010 17:24:18 +0000 (17:24 +0000)]
GHASH assembler: new ghash-sparcv9.pl module and saner descriptions.
Andy Polyakov [Mon, 15 Mar 2010 22:28:48 +0000 (22:28 +0000)]
e_capi.c: fix typo.
Andy Polyakov [Mon, 15 Mar 2010 22:25:57 +0000 (22:25 +0000)]
Fix UPLINK typo.
Andy Polyakov [Mon, 15 Mar 2010 19:07:52 +0000 (19:07 +0000)]
ghash-ia64.pl: new file, GHASH for Itanium.
ghash-x86_64.pl: minimize stack frame usage.
ghash-x86.pl: modulo-scheduling MMX loop in respect to input vector
results in up to 10% performance improvement.
Dr. Stephen Henson [Mon, 15 Mar 2010 13:10:08 +0000 (13:10 +0000)]
workaround for missing definition in some headers
Dr. Stephen Henson [Sun, 14 Mar 2010 13:10:48 +0000 (13:10 +0000)]
print signature parameters with CRLs too
Dr. Stephen Henson [Sun, 14 Mar 2010 13:09:00 +0000 (13:09 +0000)]
free up sigopts STACK
Dr. Stephen Henson [Sun, 14 Mar 2010 13:07:48 +0000 (13:07 +0000)]
clear bogus errors in ca utility
Dr. Stephen Henson [Sun, 14 Mar 2010 12:55:15 +0000 (12:55 +0000)]
update CHANGES
Dr. Stephen Henson [Sun, 14 Mar 2010 12:54:45 +0000 (12:54 +0000)]
add -sigopt option to ca utility
Dr. Stephen Henson [Sun, 14 Mar 2010 12:52:38 +0000 (12:52 +0000)]
add X509_CRL_sign_ctx function
Dr. Stephen Henson [Fri, 12 Mar 2010 14:41:00 +0000 (14:41 +0000)]
new sigopt and PSS support for req and x509 utilities
Dr. Stephen Henson [Fri, 12 Mar 2010 12:48:32 +0000 (12:48 +0000)]
PR: 2192
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>
The prompt_info and wrong_info parameters can be empty strings which
can produce confusing prompts. Treat empty string same as NULL.
Dr. Stephen Henson [Fri, 12 Mar 2010 12:06:48 +0000 (12:06 +0000)]
missing goto meant signature was never printed out
Mark J. Cox [Fri, 12 Mar 2010 08:36:44 +0000 (08:36 +0000)]
This entry was in 0.9.8m changelog but missing from here, since it's
security relevent we'd better list it.
Dr. Stephen Henson [Thu, 11 Mar 2010 23:11:36 +0000 (23:11 +0000)]
Submitted by: Martin Kaiser
Reject PSS signatures with unsupported trailer value.
Dr. Stephen Henson [Thu, 11 Mar 2010 19:27:03 +0000 (19:27 +0000)]
alg2 can be NULL
Andy Polyakov [Thu, 11 Mar 2010 16:19:46 +0000 (16:19 +0000)]
Add GHASH x86_64 assembler.
Dr. Stephen Henson [Thu, 11 Mar 2010 14:19:46 +0000 (14:19 +0000)]
typo
Dr. Stephen Henson [Thu, 11 Mar 2010 14:06:46 +0000 (14:06 +0000)]
RSA PSS ASN1 signing method
Dr. Stephen Henson [Thu, 11 Mar 2010 14:04:54 +0000 (14:04 +0000)]
typo
Dr. Stephen Henson [Thu, 11 Mar 2010 13:55:18 +0000 (13:55 +0000)]
ctrl operations to retrieve RSA algorithm settings
Dr. Stephen Henson [Thu, 11 Mar 2010 13:45:42 +0000 (13:45 +0000)]
Add support for new PSS functions in RSA EVP_PKEY_METHOD
Dr. Stephen Henson [Thu, 11 Mar 2010 13:40:42 +0000 (13:40 +0000)]
Extend PSS padding code to support different digests for MGF1 and message.
Dr. Stephen Henson [Thu, 11 Mar 2010 13:32:38 +0000 (13:32 +0000)]
Algorithm specific ASN1 signing functions.
Dr. Stephen Henson [Thu, 11 Mar 2010 13:29:39 +0000 (13:29 +0000)]
update cms code to use X509_ALGOR_set_md instead of internal function
Dr. Stephen Henson [Thu, 11 Mar 2010 13:27:05 +0000 (13:27 +0000)]
New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier)
from a digest algorithm.
Dr. Stephen Henson [Wed, 10 Mar 2010 13:48:09 +0000 (13:48 +0000)]
don't leave bogus errors in the queue
Andy Polyakov [Tue, 9 Mar 2010 23:03:33 +0000 (23:03 +0000)]
Add GHASH x86 assembler.
Dr. Stephen Henson [Tue, 9 Mar 2010 17:24:33 +0000 (17:24 +0000)]
PR: 2188
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>
Add "missing" functions to get and set prompt constructor.
Dr. Stephen Henson [Tue, 9 Mar 2010 17:08:48 +0000 (17:08 +0000)]
PR: 2186
Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch@tecsys.com>
Detect aix64-gcc
Dr. Stephen Henson [Mon, 8 Mar 2010 23:48:21 +0000 (23:48 +0000)]
reserve a few more bits for future cipher modes
Andy Polyakov [Mon, 8 Mar 2010 22:44:37 +0000 (22:44 +0000)]
gcm128.c: add option for streamed GHASH, simple benchmark, minor naming
change.
Dr. Stephen Henson [Mon, 8 Mar 2010 18:10:35 +0000 (18:10 +0000)]
RSA PSS verification support including certificates and certificate
requests. Add new ASN1 signature initialisation function to handle this
case.
Dr. Stephen Henson [Mon, 8 Mar 2010 18:07:05 +0000 (18:07 +0000)]
correct error code
Dr. Stephen Henson [Sun, 7 Mar 2010 17:02:47 +0000 (17:02 +0000)]
print outermost signature algorithm parameters too
Dr. Stephen Henson [Sun, 7 Mar 2010 16:41:54 +0000 (16:41 +0000)]
oops
Dr. Stephen Henson [Sun, 7 Mar 2010 16:40:05 +0000 (16:40 +0000)]
The OID sanity check was incorrect. It should only disallow *leading* 0x80
values.
Dr. Stephen Henson [Sun, 7 Mar 2010 15:54:26 +0000 (15:54 +0000)]
although AES is a variable length cipher, AES EVP methods have a fixed key length
Dr. Stephen Henson [Sun, 7 Mar 2010 15:52:41 +0000 (15:52 +0000)]
oops, make EVP ctr mode work again
Dr. Stephen Henson [Sun, 7 Mar 2010 15:37:37 +0000 (15:37 +0000)]
typo