Dr. Stephen Henson [Fri, 13 Apr 2007 01:06:41 +0000 (01:06 +0000)]
Update smime utility to support streaming for -encrypt and -sign -nodetach
options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.
These all process content on the fly without storing it all in memory.
Dr. Stephen Henson [Thu, 12 Apr 2007 13:02:31 +0000 (13:02 +0000)]
Copy update callback across when copying EVP_MD_CTX.
Remove unnecessary reference to EVP_MD_CTX in HMAC pkey method.
Dr. Stephen Henson [Wed, 11 Apr 2007 17:20:40 +0000 (17:20 +0000)]
New -mac and -macopt options to dgst utility. Reimplement -hmac option in
terms of new API.
Dr. Stephen Henson [Wed, 11 Apr 2007 12:33:28 +0000 (12:33 +0000)]
Update CHANGES.
Dr. Stephen Henson [Wed, 11 Apr 2007 12:33:06 +0000 (12:33 +0000)]
Experimental HMAC support via EVP_PKEY_METHOD.
Dr. Stephen Henson [Wed, 11 Apr 2007 12:26:53 +0000 (12:26 +0000)]
Constification.
Dr. Stephen Henson [Mon, 9 Apr 2007 11:45:54 +0000 (11:45 +0000)]
Don't ignore config_name parameter passed to OPENSSL_config(). Use
"openssl_conf" in config file if config_name variable is missing.
Dr. Stephen Henson [Sun, 8 Apr 2007 17:45:47 +0000 (17:45 +0000)]
Fix from stable branch.
Dr. Stephen Henson [Sun, 8 Apr 2007 16:53:50 +0000 (16:53 +0000)]
Fix digest signing so digest type is set after init.
Dr. Stephen Henson [Sun, 8 Apr 2007 13:03:26 +0000 (13:03 +0000)]
Preliminary support for signctx/verifyctx callbacks.
Dr. Stephen Henson [Sun, 8 Apr 2007 12:47:18 +0000 (12:47 +0000)]
New -sigopt option for dgst utility.
Ben Laurie [Sat, 7 Apr 2007 13:20:09 +0000 (13:20 +0000)]
Yet another resource leak. Coverity ID 123.
Ben Laurie [Thu, 5 Apr 2007 17:31:29 +0000 (17:31 +0000)]
If you're going to check for negative, use an signed integer! Coverity ID 122.
Ben Laurie [Thu, 5 Apr 2007 17:23:51 +0000 (17:23 +0000)]
Don't copy from a nonexistent next. Coverity ID 47.
Ben Laurie [Thu, 5 Apr 2007 17:09:43 +0000 (17:09 +0000)]
Fix duplicate error number.
Ben Laurie [Thu, 5 Apr 2007 17:03:09 +0000 (17:03 +0000)]
Errors should actually be errors.
Ben Laurie [Thu, 5 Apr 2007 16:58:39 +0000 (16:58 +0000)]
Don't dereference NULL argument. Coverity ID 52.
Ben Laurie [Thu, 5 Apr 2007 16:57:07 +0000 (16:57 +0000)]
Missing config file.
Ben Laurie [Thu, 5 Apr 2007 16:28:48 +0000 (16:28 +0000)]
Don't use a negative number as a length. Coverity ID 57.
Ben Laurie [Thu, 5 Apr 2007 15:45:58 +0000 (15:45 +0000)]
Avoid overrun. Coverity ID 60.
Ben Laurie [Thu, 5 Apr 2007 15:45:22 +0000 (15:45 +0000)]
Free memory. Coverity ID 62.
Nils Larsch [Wed, 4 Apr 2007 19:41:20 +0000 (19:41 +0000)]
check return value of ASN1_item_i2d(), Coverity ID 55
Ben Laurie [Wed, 4 Apr 2007 16:00:03 +0000 (16:00 +0000)]
Resource leak.
Ben Laurie [Wed, 4 Apr 2007 15:31:17 +0000 (15:31 +0000)]
Handle bad content type. Coverity ID 99.
Ben Laurie [Wed, 4 Apr 2007 15:13:31 +0000 (15:13 +0000)]
Fix buffer overrun. Coverity ID 106.
Ben Laurie [Wed, 4 Apr 2007 14:59:20 +0000 (14:59 +0000)]
Don't free a NULL. Coverity ID 112.
Ben Laurie [Wed, 4 Apr 2007 14:38:59 +0000 (14:38 +0000)]
Missing return on error. Coverity ID 115.
Ben Laurie [Wed, 4 Apr 2007 14:35:56 +0000 (14:35 +0000)]
Return an error if the serial number is badly formed. (Coverity ID 116).
Ben Laurie [Wed, 4 Apr 2007 13:41:33 +0000 (13:41 +0000)]
Die if serial number is invalid.
Ben Laurie [Wed, 4 Apr 2007 13:21:15 +0000 (13:21 +0000)]
Make sure we detect corruption.
Nils Larsch [Mon, 2 Apr 2007 20:29:40 +0000 (20:29 +0000)]
check correct pointer before freeing it (Coverity CID 79,86)
Nils Larsch [Mon, 2 Apr 2007 20:02:27 +0000 (20:02 +0000)]
check if pointer is != NULL before dereferencing it (Coverity CID 40)
Andy Polyakov [Mon, 2 Apr 2007 09:50:14 +0000 (09:50 +0000)]
RC4_set_key for x86_64 and Core2 optimization.
PR: 1447
Ben Laurie [Sun, 1 Apr 2007 18:00:52 +0000 (18:00 +0000)]
Don't die if the value is NULL (Coverity CID 98).
Ben Laurie [Sun, 1 Apr 2007 17:56:25 +0000 (17:56 +0000)]
Fix warning.
Andy Polyakov [Sun, 1 Apr 2007 17:28:08 +0000 (17:28 +0000)]
Update x86cpuid.pl to correctly detect shared cache and to support new
RC4_set_key.
Andy Polyakov [Sun, 1 Apr 2007 17:01:12 +0000 (17:01 +0000)]
Reserve for assembler implementation of RC4_set_key and implement x86 one.
Richard Levitte [Thu, 29 Mar 2007 18:34:57 +0000 (18:34 +0000)]
Apply a more modern way to get the definition of select(), except for VMS.
Submitted by Corinna Vinschen <vinschen@redhat.com>
Bodo Möller [Wed, 28 Mar 2007 18:41:23 +0000 (18:41 +0000)]
make BN_FLG_CONSTTIME semantics more fool-proof
Bodo Möller [Wed, 28 Mar 2007 00:15:28 +0000 (00:15 +0000)]
Change to mitigate branch prediction attacks
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
Andy Polyakov [Sun, 25 Mar 2007 15:20:35 +0000 (15:20 +0000)]
Allow shared builds for aix[64]-gcc targets.
Andy Polyakov [Sun, 25 Mar 2007 15:13:51 +0000 (15:13 +0000)]
aix[64]-cc config lines update.
Dr. Stephen Henson [Fri, 23 Mar 2007 17:04:05 +0000 (17:04 +0000)]
Stage 1 GOST ciphersuite support.
Submitted by: ran@cryptocom.ru
Reviewed by: steve@openssl.org
Richard Levitte [Fri, 23 Mar 2007 09:36:33 +0000 (09:36 +0000)]
Synchronise the VMS build with recent movements in the Unix build.
Andy Polyakov [Thu, 22 Mar 2007 08:46:33 +0000 (08:46 +0000)]
Fixes for aix-shared rules.
Bodo Möller [Wed, 21 Mar 2007 14:33:16 +0000 (14:33 +0000)]
stricter session ID context matching
Bodo Möller [Wed, 21 Mar 2007 10:58:45 +0000 (10:58 +0000)]
clarification regarding libdes files
Andy Polyakov [Tue, 20 Mar 2007 09:37:06 +0000 (09:37 +0000)]
link warnings caused by nasm modules.
Andy Polyakov [Tue, 20 Mar 2007 09:13:07 +0000 (09:13 +0000)]
Two extra instructions in RC4 character loop give 80% performance
improvement on Core2. I still need to detect Core2 and choose this
path...
Andy Polyakov [Tue, 20 Mar 2007 09:07:19 +0000 (09:07 +0000)]
Remove obsolete comment.
Andy Polyakov [Tue, 20 Mar 2007 08:57:18 +0000 (08:57 +0000)]
Various PowerPC config updates.
Andy Polyakov [Tue, 20 Mar 2007 08:55:58 +0000 (08:55 +0000)]
nasm fixes.
Andy Polyakov [Tue, 20 Mar 2007 08:54:51 +0000 (08:54 +0000)]
sparcv9a-mont was modified to handle 32-bit aligned input, but check
for 64-bit alignment was not removed.
Dr. Stephen Henson [Fri, 16 Mar 2007 22:20:55 +0000 (22:20 +0000)]
Win32 fixes. Add GOST algorithm to mkdef, update ordinals. Signed/unsigned fixes.
Dr. Stephen Henson [Mon, 5 Mar 2007 00:09:08 +0000 (00:09 +0000)]
Fix from stable branch.
Nils Larsch [Fri, 2 Mar 2007 19:56:29 +0000 (19:56 +0000)]
size_t -> int
Nils Larsch [Fri, 2 Mar 2007 19:42:16 +0000 (19:42 +0000)]
remove unused file
Lutz Jänicke [Fri, 2 Mar 2007 17:54:51 +0000 (17:54 +0000)]
Initialize "buf" to 0 to make valgrind happy :-)
Note: the RAND_bytes() manual page says:
RAND_bytes() puts num cryptographically strong pseudo-random bytes into buf.
It does not talk about using the previous contents of buf so we are working
as documented.
Lutz Jänicke [Fri, 2 Mar 2007 17:46:25 +0000 (17:46 +0000)]
Do not use uninitialized memory to seed the PRNG as it may confuse
code checking tools.
PR: 1499
Dr. Stephen Henson [Tue, 27 Feb 2007 18:43:42 +0000 (18:43 +0000)]
Update from stable branch.
Ralf S. Engelschall [Tue, 27 Feb 2007 07:41:54 +0000 (07:41 +0000)]
small cosmetics: align title with the other similar manual page
Nils Larsch [Mon, 26 Feb 2007 18:32:53 +0000 (18:32 +0000)]
allow EVP_PKEY_CTX_free(NULL)
Nils Larsch [Mon, 26 Feb 2007 18:21:19 +0000 (18:21 +0000)]
remove dead code
Bodo Möller [Mon, 26 Feb 2007 10:49:59 +0000 (10:49 +0000)]
include complete 0.9.7 history
include release date of 0.9.8e
Bodo Möller [Mon, 26 Feb 2007 10:48:10 +0000 (10:48 +0000)]
use 2007 copyright for generated files
Dr. Stephen Henson [Fri, 23 Feb 2007 13:16:38 +0000 (13:16 +0000)]
Update FAQ,NEWS in HEAD.
Bodo Möller [Thu, 22 Feb 2007 21:31:19 +0000 (21:31 +0000)]
Fix incorrect substitution that happened during the recent ciphersuite
selection remodeling
Submitted by: Victor Duchovni
Lutz Jänicke [Thu, 22 Feb 2007 17:39:47 +0000 (17:39 +0000)]
Fix problem with multi line responses in -starttls by using a buffering
BIO and BIO_gets().
Lutz Jänicke [Wed, 21 Feb 2007 18:20:41 +0000 (18:20 +0000)]
Extend SMTP and IMAP protocol handling to perform the required
EHLO or CAPABILITY handshake before sending STARTTLS
Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
Lutz Jänicke [Wed, 21 Feb 2007 18:10:20 +0000 (18:10 +0000)]
Add automatic detection for Linux on SuperH
PR: 1152
Submitted by: Mike Frysinger <vapier@gentoo.org>
Lutz Jänicke [Wed, 21 Feb 2007 17:58:54 +0000 (17:58 +0000)]
Add support for m68k linux
PR: 1277
Submitted by: Mike Frysinger <vapier@gentoo.org>
Lutz Jänicke [Wed, 21 Feb 2007 17:44:53 +0000 (17:44 +0000)]
Fix incorrect handling of special characters
PR: 1459
Submitted by: tnitschke@innominate.com
Reviewed by: steve@openssl.org
Dr. Stephen Henson [Wed, 21 Feb 2007 13:49:35 +0000 (13:49 +0000)]
Update from 0.9.7-stable.
Bodo Möller [Wed, 21 Feb 2007 09:33:14 +0000 (09:33 +0000)]
prefer SHA1 over MD5 (this affects the Kerberos ciphersuites)
Bodo Möller [Wed, 21 Feb 2007 09:32:17 +0000 (09:32 +0000)]
delete obsolete comment
Bodo Möller [Tue, 20 Feb 2007 16:39:58 +0000 (16:39 +0000)]
SSL_kKRB5 ciphersuites shouldn't be preferred by default
Bodo Möller [Tue, 20 Feb 2007 16:36:58 +0000 (16:36 +0000)]
Improve ciphersuite order stability when disabling ciphersuites.
Change ssl_create_cipher_list() to prefer ephemeral ECDH over
ephemeral DH.
Bodo Möller [Tue, 20 Feb 2007 13:25:36 +0000 (13:25 +0000)]
fix a typo in the new ciphersuite ordering code
Bodo Möller [Mon, 19 Feb 2007 18:41:41 +0000 (18:41 +0000)]
Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.
Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".
Bodo Möller [Mon, 19 Feb 2007 16:59:13 +0000 (16:59 +0000)]
fix warnings for CIPHER_DEBUG builds
Bodo Möller [Mon, 19 Feb 2007 14:53:18 +0000 (14:53 +0000)]
fix warnings/inconsistencies caused by the recent changes to the
ciphersuite selection code in HEAD
Submitted by: Victor Duchovni
Bodo Möller [Mon, 19 Feb 2007 14:49:12 +0000 (14:49 +0000)]
fix incorrect strength bit values for certain Kerberos ciphersuites
Submitted by: Victor Duchovni
Dr. Stephen Henson [Sun, 18 Feb 2007 18:21:57 +0000 (18:21 +0000)]
Updates from 0.9.8-stable branch.
Bodo Möller [Sat, 17 Feb 2007 06:45:38 +0000 (06:45 +0000)]
Reorganize the data used for SSL ciphersuite pattern matching.
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).
In some cases the ciphersuite list generated from a given string is
affected by this change. I hope this is just in those cases where the
previous behaviour did not make sense.
Nils Larsch [Fri, 16 Feb 2007 20:34:15 +0000 (20:34 +0000)]
ensure that the EVP_CIPHER_CTX object is initialized
PR: 1490
Richard Levitte [Fri, 16 Feb 2007 18:12:16 +0000 (18:12 +0000)]
Add STARTTLS support for IMAP and FTP.
Submitted by Kees Cook <kees@outflux.net>
Nils Larsch [Wed, 14 Feb 2007 21:52:01 +0000 (21:52 +0000)]
- use OPENSSL_malloc() etc. in zlib
- move zlib_stateful_ex_idx initialization to COMP_zlib()
PR: 1468
Nils Larsch [Sun, 11 Feb 2007 19:33:21 +0000 (19:33 +0000)]
avoid shifting input
Nils Larsch [Sat, 10 Feb 2007 10:42:48 +0000 (10:42 +0000)]
use user-supplied malloc functions for persistent kssl objects
PR: 1467
Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>
Nils Larsch [Sat, 10 Feb 2007 09:45:07 +0000 (09:45 +0000)]
remove unreachable code
Dr. Stephen Henson [Fri, 9 Feb 2007 19:43:04 +0000 (19:43 +0000)]
PR: 1483
Add support for GOST 28147-89 in Gost ENGINE.
Dr. Stephen Henson [Thu, 8 Feb 2007 19:07:43 +0000 (19:07 +0000)]
Add -hmac option to dgst from 0.9.7 stable branch.
Nils Larsch [Wed, 7 Feb 2007 20:49:58 +0000 (20:49 +0000)]
remove unused variable
Nils Larsch [Wed, 7 Feb 2007 20:28:19 +0000 (20:28 +0000)]
ensure that a ec key is used
PR: 1476
Richard Levitte [Wed, 7 Feb 2007 01:42:46 +0000 (01:42 +0000)]
After objects have been freed, NULLify the pointers so there will be no double
free of those objects
Nils Larsch [Tue, 6 Feb 2007 19:48:42 +0000 (19:48 +0000)]
fix typo
Nils Larsch [Tue, 6 Feb 2007 19:41:01 +0000 (19:41 +0000)]
add note about 56 bit ciphers
PR: 1461
Dr. Stephen Henson [Sat, 3 Feb 2007 17:32:49 +0000 (17:32 +0000)]
Update from fips2 branch.
Nils Larsch [Sat, 3 Feb 2007 14:41:12 +0000 (14:41 +0000)]
add support for DSA with SHA2
Nils Larsch [Sat, 3 Feb 2007 10:28:08 +0000 (10:28 +0000)]
fix documentation
PR: 1466