oweals/openssl.git
17 years agocheck if pointer is != NULL before dereferencing it (Coverity CID 40)
Nils Larsch [Mon, 2 Apr 2007 20:02:27 +0000 (20:02 +0000)]
check if pointer is != NULL before dereferencing it (Coverity CID 40)

17 years agoRC4_set_key for x86_64 and Core2 optimization.
Andy Polyakov [Mon, 2 Apr 2007 09:50:14 +0000 (09:50 +0000)]
RC4_set_key for x86_64 and Core2 optimization.
PR: 1447

17 years agoDon't die if the value is NULL (Coverity CID 98).
Ben Laurie [Sun, 1 Apr 2007 18:00:52 +0000 (18:00 +0000)]
Don't die if the value is NULL (Coverity CID 98).

17 years agoFix warning.
Ben Laurie [Sun, 1 Apr 2007 17:56:25 +0000 (17:56 +0000)]
Fix warning.

17 years agoUpdate x86cpuid.pl to correctly detect shared cache and to support new
Andy Polyakov [Sun, 1 Apr 2007 17:28:08 +0000 (17:28 +0000)]
Update x86cpuid.pl to correctly detect shared cache and to support new
RC4_set_key.

17 years agoReserve for assembler implementation of RC4_set_key and implement x86 one.
Andy Polyakov [Sun, 1 Apr 2007 17:01:12 +0000 (17:01 +0000)]
Reserve for assembler implementation of RC4_set_key and implement x86 one.

17 years agoApply a more modern way to get the definition of select(), except for VMS.
Richard Levitte [Thu, 29 Mar 2007 18:34:57 +0000 (18:34 +0000)]
Apply a more modern way to get the definition of select(), except for VMS.
Submitted by Corinna Vinschen <vinschen@redhat.com>

17 years agomake BN_FLG_CONSTTIME semantics more fool-proof
Bodo Möller [Wed, 28 Mar 2007 18:41:23 +0000 (18:41 +0000)]
make BN_FLG_CONSTTIME semantics more fool-proof

17 years agoChange to mitigate branch prediction attacks
Bodo Möller [Wed, 28 Mar 2007 00:15:28 +0000 (00:15 +0000)]
Change to mitigate branch prediction attacks

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller

17 years agoAllow shared builds for aix[64]-gcc targets.
Andy Polyakov [Sun, 25 Mar 2007 15:20:35 +0000 (15:20 +0000)]
Allow shared builds for aix[64]-gcc targets.

17 years agoaix[64]-cc config lines update.
Andy Polyakov [Sun, 25 Mar 2007 15:13:51 +0000 (15:13 +0000)]
aix[64]-cc config lines update.

17 years agoStage 1 GOST ciphersuite support.
Dr. Stephen Henson [Fri, 23 Mar 2007 17:04:05 +0000 (17:04 +0000)]
Stage 1 GOST ciphersuite support.

Submitted by: ran@cryptocom.ru
Reviewed by: steve@openssl.org

17 years agoSynchronise the VMS build with recent movements in the Unix build.
Richard Levitte [Fri, 23 Mar 2007 09:36:33 +0000 (09:36 +0000)]
Synchronise the VMS build with recent movements in the Unix build.

17 years agoFixes for aix-shared rules.
Andy Polyakov [Thu, 22 Mar 2007 08:46:33 +0000 (08:46 +0000)]
Fixes for aix-shared rules.

17 years agostricter session ID context matching
Bodo Möller [Wed, 21 Mar 2007 14:33:16 +0000 (14:33 +0000)]
stricter session ID context matching

17 years agoclarification regarding libdes files
Bodo Möller [Wed, 21 Mar 2007 10:58:45 +0000 (10:58 +0000)]
clarification regarding libdes files

17 years agolink warnings caused by nasm modules.
Andy Polyakov [Tue, 20 Mar 2007 09:37:06 +0000 (09:37 +0000)]
link warnings caused by nasm modules.

17 years agoTwo extra instructions in RC4 character loop give 80% performance
Andy Polyakov [Tue, 20 Mar 2007 09:13:07 +0000 (09:13 +0000)]
Two extra instructions in RC4 character loop give 80% performance
improvement on Core2. I still need to detect Core2 and choose this
path...

17 years agoRemove obsolete comment.
Andy Polyakov [Tue, 20 Mar 2007 09:07:19 +0000 (09:07 +0000)]
Remove obsolete comment.

17 years agoVarious PowerPC config updates.
Andy Polyakov [Tue, 20 Mar 2007 08:57:18 +0000 (08:57 +0000)]
Various PowerPC config updates.

17 years agonasm fixes.
Andy Polyakov [Tue, 20 Mar 2007 08:55:58 +0000 (08:55 +0000)]
nasm fixes.

17 years agosparcv9a-mont was modified to handle 32-bit aligned input, but check
Andy Polyakov [Tue, 20 Mar 2007 08:54:51 +0000 (08:54 +0000)]
sparcv9a-mont was modified to handle 32-bit aligned input, but check
for 64-bit alignment was not removed.

17 years agoWin32 fixes. Add GOST algorithm to mkdef, update ordinals. Signed/unsigned fixes.
Dr. Stephen Henson [Fri, 16 Mar 2007 22:20:55 +0000 (22:20 +0000)]
Win32 fixes. Add GOST algorithm to mkdef, update ordinals. Signed/unsigned fixes.

17 years agoFix from stable branch.
Dr. Stephen Henson [Mon, 5 Mar 2007 00:09:08 +0000 (00:09 +0000)]
Fix from stable branch.

17 years agosize_t -> int
Nils Larsch [Fri, 2 Mar 2007 19:56:29 +0000 (19:56 +0000)]
size_t -> int

17 years agoremove unused file
Nils Larsch [Fri, 2 Mar 2007 19:42:16 +0000 (19:42 +0000)]
remove unused file

17 years agoInitialize "buf" to 0 to make valgrind happy :-)
Lutz Jänicke [Fri, 2 Mar 2007 17:54:51 +0000 (17:54 +0000)]
Initialize "buf" to 0 to make valgrind happy :-)
Note: the RAND_bytes() manual page says:
 RAND_bytes() puts num cryptographically strong pseudo-random bytes into buf.
It does not talk about using the previous contents of buf so we are working
as documented.

17 years agoDo not use uninitialized memory to seed the PRNG as it may confuse
Lutz Jänicke [Fri, 2 Mar 2007 17:46:25 +0000 (17:46 +0000)]
Do not use uninitialized memory to seed the PRNG as it may confuse
code checking tools.
PR: 1499

17 years agoUpdate from stable branch.
Dr. Stephen Henson [Tue, 27 Feb 2007 18:43:42 +0000 (18:43 +0000)]
Update from stable branch.

17 years agosmall cosmetics: align title with the other similar manual page
Ralf S. Engelschall [Tue, 27 Feb 2007 07:41:54 +0000 (07:41 +0000)]
small cosmetics: align title with the other similar manual page

17 years agoallow EVP_PKEY_CTX_free(NULL)
Nils Larsch [Mon, 26 Feb 2007 18:32:53 +0000 (18:32 +0000)]
allow EVP_PKEY_CTX_free(NULL)

17 years agoremove dead code
Nils Larsch [Mon, 26 Feb 2007 18:21:19 +0000 (18:21 +0000)]
remove dead code

17 years agoinclude complete 0.9.7 history
Bodo Möller [Mon, 26 Feb 2007 10:49:59 +0000 (10:49 +0000)]
include complete 0.9.7 history
include release date of 0.9.8e

17 years agouse 2007 copyright for generated files
Bodo Möller [Mon, 26 Feb 2007 10:48:10 +0000 (10:48 +0000)]
use 2007 copyright for generated files

17 years agoUpdate FAQ,NEWS in HEAD.
Dr. Stephen Henson [Fri, 23 Feb 2007 13:16:38 +0000 (13:16 +0000)]
Update FAQ,NEWS in HEAD.

17 years agoFix incorrect substitution that happened during the recent ciphersuite
Bodo Möller [Thu, 22 Feb 2007 21:31:19 +0000 (21:31 +0000)]
Fix incorrect substitution that happened during the recent ciphersuite
selection remodeling

Submitted by: Victor Duchovni

17 years agoFix problem with multi line responses in -starttls by using a buffering
Lutz Jänicke [Thu, 22 Feb 2007 17:39:47 +0000 (17:39 +0000)]
Fix problem with multi line responses in -starttls by using a buffering
BIO and BIO_gets().

17 years agoExtend SMTP and IMAP protocol handling to perform the required
Lutz Jänicke [Wed, 21 Feb 2007 18:20:41 +0000 (18:20 +0000)]
Extend SMTP and IMAP protocol handling to perform the required
EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>

17 years agoAdd automatic detection for Linux on SuperH
Lutz Jänicke [Wed, 21 Feb 2007 18:10:20 +0000 (18:10 +0000)]
Add automatic detection for Linux on SuperH
PR: 1152
Submitted by: Mike Frysinger <vapier@gentoo.org>

17 years agoAdd support for m68k linux
Lutz Jänicke [Wed, 21 Feb 2007 17:58:54 +0000 (17:58 +0000)]
Add support for m68k linux
PR: 1277
Submitted by: Mike Frysinger <vapier@gentoo.org>

17 years agoFix incorrect handling of special characters
Lutz Jänicke [Wed, 21 Feb 2007 17:44:53 +0000 (17:44 +0000)]
Fix incorrect handling of special characters
PR: 1459
Submitted by: tnitschke@innominate.com
Reviewed by: steve@openssl.org

17 years agoUpdate from 0.9.7-stable.
Dr. Stephen Henson [Wed, 21 Feb 2007 13:49:35 +0000 (13:49 +0000)]
Update from 0.9.7-stable.

17 years agoprefer SHA1 over MD5 (this affects the Kerberos ciphersuites)
Bodo Möller [Wed, 21 Feb 2007 09:33:14 +0000 (09:33 +0000)]
prefer SHA1 over MD5 (this affects the Kerberos ciphersuites)

17 years agodelete obsolete comment
Bodo Möller [Wed, 21 Feb 2007 09:32:17 +0000 (09:32 +0000)]
delete obsolete comment

17 years agoSSL_kKRB5 ciphersuites shouldn't be preferred by default
Bodo Möller [Tue, 20 Feb 2007 16:39:58 +0000 (16:39 +0000)]
SSL_kKRB5 ciphersuites shouldn't be preferred by default

17 years agoImprove ciphersuite order stability when disabling ciphersuites.
Bodo Möller [Tue, 20 Feb 2007 16:36:58 +0000 (16:36 +0000)]
Improve ciphersuite order stability when disabling ciphersuites.
Change ssl_create_cipher_list() to prefer ephemeral ECDH over
ephemeral DH.

17 years agofix a typo in the new ciphersuite ordering code
Bodo Möller [Tue, 20 Feb 2007 13:25:36 +0000 (13:25 +0000)]
fix a typo in the new ciphersuite ordering code

17 years agoInclude "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
Bodo Möller [Mon, 19 Feb 2007 18:41:41 +0000 (18:41 +0000)]
Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.

Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".

17 years agofix warnings for CIPHER_DEBUG builds
Bodo Möller [Mon, 19 Feb 2007 16:59:13 +0000 (16:59 +0000)]
fix warnings for CIPHER_DEBUG builds

17 years agofix warnings/inconsistencies caused by the recent changes to the
Bodo Möller [Mon, 19 Feb 2007 14:53:18 +0000 (14:53 +0000)]
fix warnings/inconsistencies caused by the recent changes to the
ciphersuite selection code in HEAD

Submitted by: Victor Duchovni

17 years agofix incorrect strength bit values for certain Kerberos ciphersuites
Bodo Möller [Mon, 19 Feb 2007 14:49:12 +0000 (14:49 +0000)]
fix incorrect strength bit values for certain Kerberos ciphersuites

Submitted by: Victor Duchovni

17 years agoUpdates from 0.9.8-stable branch.
Dr. Stephen Henson [Sun, 18 Feb 2007 18:21:57 +0000 (18:21 +0000)]
Updates from 0.9.8-stable branch.

17 years agoReorganize the data used for SSL ciphersuite pattern matching.
Bodo Möller [Sat, 17 Feb 2007 06:45:38 +0000 (06:45 +0000)]
Reorganize the data used for SSL ciphersuite pattern matching.
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).

In some cases the ciphersuite list generated from a given string is
affected by this change.  I hope this is just in those cases where the
previous behaviour did not make sense.

17 years agoensure that the EVP_CIPHER_CTX object is initialized
Nils Larsch [Fri, 16 Feb 2007 20:34:15 +0000 (20:34 +0000)]
ensure that the EVP_CIPHER_CTX object is initialized

PR: 1490

17 years agoAdd STARTTLS support for IMAP and FTP.
Richard Levitte [Fri, 16 Feb 2007 18:12:16 +0000 (18:12 +0000)]
Add STARTTLS support for IMAP and FTP.
Submitted by Kees Cook <kees@outflux.net>

17 years ago- use OPENSSL_malloc() etc. in zlib
Nils Larsch [Wed, 14 Feb 2007 21:52:01 +0000 (21:52 +0000)]
- use OPENSSL_malloc() etc. in zlib
- move zlib_stateful_ex_idx initialization to COMP_zlib()

PR: 1468

17 years agoavoid shifting input
Nils Larsch [Sun, 11 Feb 2007 19:33:21 +0000 (19:33 +0000)]
avoid shifting input

17 years agouse user-supplied malloc functions for persistent kssl objects
Nils Larsch [Sat, 10 Feb 2007 10:42:48 +0000 (10:42 +0000)]
use user-supplied malloc functions for persistent kssl objects

PR: 1467
Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>

17 years agoremove unreachable code
Nils Larsch [Sat, 10 Feb 2007 09:45:07 +0000 (09:45 +0000)]
remove unreachable code

17 years agoPR: 1483
Dr. Stephen Henson [Fri, 9 Feb 2007 19:43:04 +0000 (19:43 +0000)]
PR: 1483

Add support for GOST 28147-89 in Gost ENGINE.

17 years agoAdd -hmac option to dgst from 0.9.7 stable branch.
Dr. Stephen Henson [Thu, 8 Feb 2007 19:07:43 +0000 (19:07 +0000)]
Add -hmac option to dgst from 0.9.7 stable branch.

17 years agoremove unused variable
Nils Larsch [Wed, 7 Feb 2007 20:49:58 +0000 (20:49 +0000)]
remove unused variable

17 years agoensure that a ec key is used
Nils Larsch [Wed, 7 Feb 2007 20:28:19 +0000 (20:28 +0000)]
ensure that a ec key is used

PR: 1476

17 years agoAfter objects have been freed, NULLify the pointers so there will be no double
Richard Levitte [Wed, 7 Feb 2007 01:42:46 +0000 (01:42 +0000)]
After objects have been freed, NULLify the pointers so there will be no double
free of those objects

17 years agofix typo
Nils Larsch [Tue, 6 Feb 2007 19:48:42 +0000 (19:48 +0000)]
fix typo

17 years agoadd note about 56 bit ciphers
Nils Larsch [Tue, 6 Feb 2007 19:41:01 +0000 (19:41 +0000)]
add note about 56 bit ciphers

PR: 1461

17 years agoUpdate from fips2 branch.
Dr. Stephen Henson [Sat, 3 Feb 2007 17:32:49 +0000 (17:32 +0000)]
Update from fips2 branch.

17 years agoadd support for DSA with SHA2
Nils Larsch [Sat, 3 Feb 2007 14:41:12 +0000 (14:41 +0000)]
add support for DSA with SHA2

17 years agofix documentation
Nils Larsch [Sat, 3 Feb 2007 10:28:08 +0000 (10:28 +0000)]
fix documentation

PR: 1466

17 years agofix potential memory leaks
Nils Larsch [Sat, 3 Feb 2007 09:55:42 +0000 (09:55 +0000)]
fix potential memory leaks

PR: 1462

17 years agoMinimize aes_core.c footprint when AES_[en|de]crypt is implemented in
Andy Polyakov [Thu, 25 Jan 2007 20:47:00 +0000 (20:47 +0000)]
Minimize aes_core.c footprint when AES_[en|de]crypt is implemented in
assembler.

17 years agoMinor touch to aes-armv4.pl.
Andy Polyakov [Thu, 25 Jan 2007 11:28:07 +0000 (11:28 +0000)]
Minor touch to aes-armv4.pl.

17 years agoAES for ARMv4.
Andy Polyakov [Thu, 25 Jan 2007 10:44:48 +0000 (10:44 +0000)]
AES for ARMv4.

17 years agoMinor optimization for sha1-armv4 module.
Andy Polyakov [Thu, 25 Jan 2007 10:44:18 +0000 (10:44 +0000)]
Minor optimization for sha1-armv4 module.

17 years agoUpdate from 0.9.7-stable.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:53:48 +0000 (17:53 +0000)]
Update from 0.9.7-stable.

17 years agoSHA1 for ARMv4 and Thumb.
Andy Polyakov [Mon, 22 Jan 2007 20:33:46 +0000 (20:33 +0000)]
SHA1 for ARMv4 and Thumb.

17 years agoConstify version strings is ssl lib.
Dr. Stephen Henson [Sun, 21 Jan 2007 16:06:05 +0000 (16:06 +0000)]
Constify version strings is ssl lib.

17 years agoConstify version strings and some structures.
Dr. Stephen Henson [Sun, 21 Jan 2007 13:07:17 +0000 (13:07 +0000)]
Constify version strings and some structures.

17 years agoAdd AOL an AOLTW root CAs to bundle.
Dr. Stephen Henson [Thu, 18 Jan 2007 21:24:44 +0000 (21:24 +0000)]
Add AOL an AOLTW root CAs to bundle.

17 years agoMake armv4t-mont module backward binary compatible with armv4 and rename it
Andy Polyakov [Wed, 17 Jan 2007 20:12:41 +0000 (20:12 +0000)]
Make armv4t-mont module backward binary compatible with armv4 and rename it
accordingly.

17 years agoUpdate to new home page
Lutz Jänicke [Fri, 12 Jan 2007 18:47:13 +0000 (18:47 +0000)]
Update to new home page

17 years agoMontgomery multiplication for ARMv4.
Andy Polyakov [Thu, 11 Jan 2007 21:43:25 +0000 (21:43 +0000)]
Montgomery multiplication for ARMv4.

17 years agoremove undefined constant
Nils Larsch [Wed, 3 Jan 2007 20:00:32 +0000 (20:00 +0000)]
remove undefined constant

17 years agoopensslwrap.sh to respect $OPENSSL_ENGINES.
Andy Polyakov [Fri, 29 Dec 2006 15:00:36 +0000 (15:00 +0000)]
opensslwrap.sh to respect $OPENSSL_ENGINES.

17 years ago#include <stddef.h> in digest headers.
Andy Polyakov [Fri, 29 Dec 2006 14:51:42 +0000 (14:51 +0000)]
#include <stddef.h> in digest headers.

Submitted by: Kurt Roeckx <kurt@roeckx.be>

17 years agoMontgomery multiplication for MIPS III/IV. Not engaged.
Andy Polyakov [Fri, 29 Dec 2006 11:09:33 +0000 (11:09 +0000)]
Montgomery multiplication for MIPS III/IV. Not engaged.

17 years agoMinor clean-up in crypto/bn/asm.
Andy Polyakov [Fri, 29 Dec 2006 11:05:20 +0000 (11:05 +0000)]
Minor clean-up in crypto/bn/asm.

17 years agoMinor clean-up in crypto/engine.
Andy Polyakov [Fri, 29 Dec 2006 10:55:43 +0000 (10:55 +0000)]
Minor clean-up in crypto/engine.

17 years agoAllow opensslwrap.sh to access engines from build tree.
Andy Polyakov [Fri, 29 Dec 2006 10:53:09 +0000 (10:53 +0000)]
Allow opensslwrap.sh to access engines from build tree.

17 years agoMove eng_padlock.c to ./engines.
Andy Polyakov [Fri, 29 Dec 2006 10:42:24 +0000 (10:42 +0000)]
Move eng_padlock.c to ./engines.

Submitted by: Michal Ludvig <michal@logix.cz>

17 years agoMinor performance improvements to x86-mont.pl.
Andy Polyakov [Thu, 28 Dec 2006 12:43:16 +0000 (12:43 +0000)]
Minor performance improvements to x86-mont.pl.

17 years agoFix for "strange errors" exposed by ccgost engine. The fix is
Andy Polyakov [Wed, 27 Dec 2006 10:59:51 +0000 (10:59 +0000)]
Fix for "strange errors" exposed by ccgost engine. The fix is
two extra insructions in sqradd loop at line #503.

17 years agofix return value of get_cert_chain()
Nils Larsch [Wed, 27 Dec 2006 09:40:52 +0000 (09:40 +0000)]
fix return value of get_cert_chain()

PR: 1441

17 years agoSynchronise a bit more with Unixly build
Richard Levitte [Tue, 26 Dec 2006 21:20:15 +0000 (21:20 +0000)]
Synchronise a bit more with Unixly build

17 years agoNeeded definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will see
Richard Levitte [Mon, 25 Dec 2006 10:54:14 +0000 (10:54 +0000)]
Needed definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will see
the declarations of fd_set, select() and so on.

17 years agoReplace strdup() with BUF_strdup().
Richard Levitte [Mon, 25 Dec 2006 09:43:46 +0000 (09:43 +0000)]
Replace strdup() with BUF_strdup().

17 years agoSynchronise with Unixly build, again ;-)
Richard Levitte [Sun, 24 Dec 2006 20:25:51 +0000 (20:25 +0000)]
Synchronise with Unixly build, again ;-)

17 years agoAdd bit I missed from PKCS#7 streaming encoder.
Dr. Stephen Henson [Sun, 24 Dec 2006 16:46:47 +0000 (16:46 +0000)]
Add bit I missed from PKCS#7 streaming encoder.

17 years agoExperimental streaming PKCS#7 support.
Dr. Stephen Henson [Sun, 24 Dec 2006 16:22:56 +0000 (16:22 +0000)]
Experimental streaming PKCS#7 support.

I thought it was about time I dusted this off. This stuff had been sitting on
my hard drive for *ages* (2003 in fact). Hasn't been tested well and may not
work properly.

Nothing uses it at present which is just as well.

Think of this as a traditional Christmas present which looks far more
impressive in the adverts and on the box, some of the bits are missing and
falls to bits if you play with it too much.

17 years agoSynchronise with Unixly build
Richard Levitte [Sun, 24 Dec 2006 09:27:23 +0000 (09:27 +0000)]
Synchronise with Unixly build