Richard Levitte [Thu, 27 Jan 2005 01:47:31 +0000 (01:47 +0000)]
Get rid if the annoying warning
Richard Levitte [Thu, 27 Jan 2005 01:47:27 +0000 (01:47 +0000)]
Get rid if the annoying warning
Richard Levitte [Wed, 26 Jan 2005 23:51:20 +0000 (23:51 +0000)]
The mix of CFLAGS and LDFLAGS is a bit confusing in my opinion, and
Makefile.shared was a bit overcomplicated.
Make the shell variables LDFLAGS and SHAREDFLAGS in Makefile.shared
get the values of $(CFLAGS) or $(LDFLAGS) as appropriate depending on
the value the shell variables LDCMD and SHAREDCMD get. That leaves
much less chance of confusion, since those pairs of shell variables
always are defined together.
Dr. Stephen Henson [Wed, 26 Jan 2005 20:05:46 +0000 (20:05 +0000)]
make update
Dr. Stephen Henson [Wed, 26 Jan 2005 20:00:40 +0000 (20:00 +0000)]
FIPS algorithm blocking.
Non FIPS algorithms are not normally allowed in FIPS mode.
Any attempt to use them via high level functions will return an error.
The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.
There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.
For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().
For high level functions an override is performed by setting a flag in
the context.
Andy Polyakov [Wed, 26 Jan 2005 19:58:15 +0000 (19:58 +0000)]
Respect the fact that most interactive shells don't restore stty settings
and make it work in non-interactive mode...
Andy Polyakov [Wed, 26 Jan 2005 19:58:02 +0000 (19:58 +0000)]
Respect the fact that most interactive shells don't restore stty settings
and make it work in non-interactive mode...
Andy Polyakov [Tue, 25 Jan 2005 22:09:11 +0000 (22:09 +0000)]
Please BSD make...
Andy Polyakov [Tue, 25 Jan 2005 22:07:22 +0000 (22:07 +0000)]
FreeBSD 5 refuses to #include <malloc.h>. Fix compiler warning after
http://cvs.openssl.org/chngview?cn=12843.
Andy Polyakov [Mon, 24 Jan 2005 15:58:25 +0000 (15:58 +0000)]
./Configure to respect $thread_cflag variable.
Andy Polyakov [Mon, 24 Jan 2005 14:38:14 +0000 (14:38 +0000)]
Fold a bunch of linux and *BSD targets into [linux|BSD]-generic[32|64].
Idea is to provide unified "fall-down" case for all rare platforms out
there. ./config is free to enable some optimizations, such as endianness
specification, specific -mcpu flags...
Andy Polyakov [Mon, 24 Jan 2005 14:22:05 +0000 (14:22 +0000)]
Default to AES u32 being unsinged int and not long. This improves cache
locality on 64-bit platforms (and fixes IA64 assembler-empowered build:-).
The choice is guarded by newly introduced AES_LONG macro, which needs
to be defined only on 16-bit platforms which we don't support (not that
I know of). Meaning that one could as well skip long option altogether.
Andy Polyakov [Mon, 24 Jan 2005 14:14:53 +0000 (14:14 +0000)]
Improve ECB performance (48+14*rounds -> 18+13*rounds) and reserve for
hand-coded zero-copy AES_cbc_encrypt.
Andy Polyakov [Fri, 21 Jan 2005 10:32:57 +0000 (10:32 +0000)]
linux-arm target update.
PR: 991
Andy Polyakov [Thu, 20 Jan 2005 17:00:14 +0000 (17:00 +0000)]
linux-parisc update.
PR: 990
Submitted by: Mike Frysinger <vapier@gentoo.org>
Andy Polyakov [Thu, 20 Jan 2005 10:33:37 +0000 (10:33 +0000)]
Bug-fix in CBC encrypt tail processing and commentary section update.
Richard Levitte [Wed, 19 Jan 2005 17:03:07 +0000 (17:03 +0000)]
Apparently, at least with my VMS C environment, defining _XOPEN_SOURCE
gets _POSIX_C_SOURC and _ANSI_C_SOURCE defined, which stops u_int from
being defined, and that breaks havock into the rest of the standard
headers... *sigh*
Richard Levitte [Tue, 18 Jan 2005 16:46:02 +0000 (16:46 +0000)]
Small thing. It seems like we have to defined _XOPEN_SOURCE to get
isascii() on DEC/Compaq/HP C for VMS.
Andy Polyakov [Tue, 18 Jan 2005 01:04:41 +0000 (01:04 +0000)]
Throw in AES CBC assembler, up to +40% on aes-128-cbc benchmark.
Andy Polyakov [Tue, 18 Jan 2005 00:46:55 +0000 (00:46 +0000)]
Fix a typo in a.out assembler modules.
Andy Polyakov [Tue, 18 Jan 2005 00:43:32 +0000 (00:43 +0000)]
Reserve for AES CBC assembler implementation...
Andy Polyakov [Tue, 18 Jan 2005 00:26:52 +0000 (00:26 +0000)]
Don't zap AES CBC IV, when decrypting truncated content in place.
Andy Polyakov [Tue, 18 Jan 2005 00:24:55 +0000 (00:24 +0000)]
Don't zap AES CBC IV, when decrypting truncated content in place.
Richard Levitte [Mon, 17 Jan 2005 17:06:58 +0000 (17:06 +0000)]
Changes concering RFC 3820 (proxy certificates) integration:
- Enforce that there should be no policy settings when the language
is one of id-ppl-independent or id-ppl-inheritAll.
- Add functionality to ssltest.c so that it can process proxy rights
and check that they are set correctly. Rights consist of ASCII
letters, and the condition is a boolean expression that includes
letters, parenthesis, &, | and ^.
- Change the proxy certificate configurations so they get proxy
rights that are understood by ssltest.c.
- Add a script that tests proxy certificates with SSL operations.
Other changes:
- Change the copyright end year in mkerr.pl.
- make update.
Dr. Stephen Henson [Fri, 14 Jan 2005 17:53:16 +0000 (17:53 +0000)]
PKCS7_verify() performance optimization. When the content is large and a
memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots
of slow memory copies from the memory BIO by saving the content in a
temporary read only memory BIO.
Dr. Stephen Henson [Fri, 14 Jan 2005 17:52:24 +0000 (17:52 +0000)]
PKCS7_verify() performance optimization. When the content is large and a
memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots
of slow memory copies from the memory BIO by saving the content in a
temporary read only memory BIO.
Andy Polyakov [Fri, 14 Jan 2005 16:25:36 +0000 (16:25 +0000)]
INSTALL.DJGPP sync.
PR: 989
Andy Polyakov [Fri, 14 Jan 2005 16:24:45 +0000 (16:24 +0000)]
INSTALL.DJGPP update.
PR: 989
Andy Polyakov [Fri, 14 Jan 2005 16:22:02 +0000 (16:22 +0000)]
Rely on e_os.h to appropriately define str[n]casecmp in non-POSIX
environments.
Andy Polyakov [Fri, 14 Jan 2005 16:19:47 +0000 (16:19 +0000)]
O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris.
PR: 998
Richard Levitte [Fri, 14 Jan 2005 00:16:31 +0000 (00:16 +0000)]
make update
Andy Polyakov [Thu, 13 Jan 2005 15:46:09 +0000 (15:46 +0000)]
Rely on e_os.h to appropriately define str[n]casecmp in non-POSIX
environments.
Andy Polyakov [Thu, 13 Jan 2005 15:35:44 +0000 (15:35 +0000)]
"Monolithic" x86 assembler replacement for aes_core.c. Up to +15% better
performance on recent microarchitectures.
Andy Polyakov [Thu, 13 Jan 2005 15:25:30 +0000 (15:25 +0000)]
Fix an "oops" typo! Well, it was a debugging left-over...
Andy Polyakov [Thu, 13 Jan 2005 15:20:42 +0000 (15:20 +0000)]
O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris.
PR: 998
Richard Levitte [Wed, 12 Jan 2005 16:40:48 +0000 (16:40 +0000)]
Small typo, `mask' got the same value ORed to it twice instead of
`mask' and `emask' getting that operation done once each.
Patch supplied by Nils Larsch <nils.larsch@cybertrust.com>
Richard Levitte [Wed, 12 Jan 2005 09:53:20 +0000 (09:53 +0000)]
Correct a faulty address assignment, and add a length check (not
really needed now, but may be needed in the future, who knows?).
Richard Levitte [Wed, 12 Jan 2005 09:51:31 +0000 (09:51 +0000)]
Correct a faulty address assignment, and add a length check (not
really needed now, but may be needed in the future, who knows?).
Richard Levitte [Tue, 11 Jan 2005 18:25:28 +0000 (18:25 +0000)]
Use EXIT() instead of exit().
Richard Levitte [Tue, 11 Jan 2005 16:54:35 +0000 (16:54 +0000)]
Clear signed vs. unsigned conflicts.
Change the fingerprint accordingly.
Richard Levitte [Tue, 11 Jan 2005 06:53:30 +0000 (06:53 +0000)]
Remove VMS_strcasecmp() from apps.c, it's not used any more. And
besides, the implementation is bogus.
Andy Polyakov [Sun, 9 Jan 2005 20:43:49 +0000 (20:43 +0000)]
FAQ update to mention no-sha0 as possible workaround for Tru64 compiler bug.
Andy Polyakov [Sun, 9 Jan 2005 20:42:33 +0000 (20:42 +0000)]
FAQ update to mention no-sha0 as possible workaround for Tru64 compiler bug.
Well, no-options seem to be busted in HEAD currently, which should/will be
fixed one way or another (see PR#989 for a possible alternative).
Andy Polyakov [Sun, 9 Jan 2005 20:14:04 +0000 (20:14 +0000)]
DJGPP documentation note update.
Andy Polyakov [Sun, 9 Jan 2005 20:13:11 +0000 (20:13 +0000)]
DJGPP documentation note update.
Andy Polyakov [Sun, 9 Jan 2005 17:58:18 +0000 (17:58 +0000)]
Allow for ./config no-sha0.
PR: 993
Andy Polyakov [Sun, 9 Jan 2005 16:01:58 +0000 (16:01 +0000)]
Permit "monolithic" AES assembler implementations, i.e. such which would
replace *whole* aes_core.c, not only AES_[de|en]crypt routines.
Andy Polyakov [Tue, 4 Jan 2005 10:28:38 +0000 (10:28 +0000)]
DJGPP update.
PR: 989
Submitted by: Doug Kaufman
Andy Polyakov [Tue, 4 Jan 2005 10:21:55 +0000 (10:21 +0000)]
DJGPP update.
PR: 989
Submitted by: Doug Kaufman
Dr. Stephen Henson [Mon, 3 Jan 2005 17:46:45 +0000 (17:46 +0000)]
RSA KAT.
Andy Polyakov [Fri, 31 Dec 2004 00:01:23 +0000 (00:01 +0000)]
Borrow #include <string[s].h> from e_os.h.
Andy Polyakov [Fri, 31 Dec 2004 00:00:05 +0000 (00:00 +0000)]
Borrow #include <string[s].h> from e_os.h.
Andy Polyakov [Thu, 30 Dec 2004 23:40:31 +0000 (23:40 +0000)]
Make whiny compilers stop complaining about missing prototype.
Andy Polyakov [Thu, 30 Dec 2004 23:39:06 +0000 (23:39 +0000)]
Make whiny compilers stop complaining about missing prototype.
Andy Polyakov [Thu, 30 Dec 2004 22:57:19 +0000 (22:57 +0000)]
AES CBC and CFB performance tune-up from HEAD.
Andy Polyakov [Thu, 30 Dec 2004 22:55:28 +0000 (22:55 +0000)]
Fix Win32 test-suit.
Andy Polyakov [Thu, 30 Dec 2004 22:53:57 +0000 (22:53 +0000)]
Fix Win32 test-suit.
Andy Polyakov [Thu, 30 Dec 2004 11:10:11 +0000 (11:10 +0000)]
Remove naming conflict between variable and label.
Andy Polyakov [Thu, 30 Dec 2004 11:08:27 +0000 (11:08 +0000)]
Remove naming conflict between variable and label.
Andy Polyakov [Thu, 30 Dec 2004 10:55:02 +0000 (10:55 +0000)]
Commentary update for AES IA-64 assembler module.
Andy Polyakov [Thu, 30 Dec 2004 10:46:03 +0000 (10:46 +0000)]
Minor AES x86 assembler tune-up.
Andy Polyakov [Thu, 30 Dec 2004 10:43:33 +0000 (10:43 +0000)]
AES-CFB[18] 2x optimization. Well, I bet nobody cares about AES-CFB1
performance, but anyway...
Dr. Stephen Henson [Wed, 29 Dec 2004 01:07:14 +0000 (01:07 +0000)]
Prompt for passphrases for PKCS12 input format
Dr. Stephen Henson [Wed, 29 Dec 2004 01:05:35 +0000 (01:05 +0000)]
Prompt for passphrases with PKCS12 input format.
Andy Polyakov [Tue, 28 Dec 2004 17:10:42 +0000 (17:10 +0000)]
Oops-kind typos in aes-ia64.S...
Richard Levitte [Tue, 28 Dec 2004 10:35:13 +0000 (10:35 +0000)]
iv needs to be const because it sometimes takes it's value from a
const.
Richard Levitte [Tue, 28 Dec 2004 10:22:00 +0000 (10:22 +0000)]
Forgot to synchronise the VMS build scripts.
Richard Levitte [Tue, 28 Dec 2004 00:21:35 +0000 (00:21 +0000)]
Add functionality needed to process proxy certificates.
Andy Polyakov [Mon, 27 Dec 2004 23:48:33 +0000 (23:48 +0000)]
Cosmetic mingw update.
PR: 924
Andy Polyakov [Mon, 27 Dec 2004 21:27:46 +0000 (21:27 +0000)]
Minor cygwin update.
PR: 949
Andy Polyakov [Mon, 27 Dec 2004 21:26:10 +0000 (21:26 +0000)]
Minor cygwin update.
PR: 949
Andy Polyakov [Mon, 27 Dec 2004 14:59:36 +0000 (14:59 +0000)]
As new major IRIX release is highly unlikely to appear [and break following],
I change from -notall to -none synonym in irix rules to improve backward
compatibility with IRIX 5.x.
PR: 987
Andy Polyakov [Mon, 27 Dec 2004 14:57:54 +0000 (14:57 +0000)]
Remove CPU detect for IRIX targets. Performance gain is less than 1%,
it makes more sense to strive for broader binary compatibility...
Andy Polyakov [Mon, 27 Dec 2004 14:55:19 +0000 (14:55 +0000)]
Remove CPU detect for IRIX targets. Performance gain is less than 1%, it
doesn't pay off...
Andy Polyakov [Mon, 27 Dec 2004 14:51:20 +0000 (14:51 +0000)]
As new major IRIX release is highly unlikely to appear [and break following],
I change from -notall to -none synonym in do_irix-shared to improve backward
compatibility with IRIX 5.x.
PR: 987
Andy Polyakov [Sun, 26 Dec 2004 13:05:40 +0000 (13:05 +0000)]
Remove yet another redundant memcpy. Not at least performance critical,
essentially cosmetic modification...
Andy Polyakov [Sun, 26 Dec 2004 12:31:37 +0000 (12:31 +0000)]
Eliminate redundant memcpy of IV material. Performance improvement varies
from platform to platform and can be as large as 20%.
Andy Polyakov [Sun, 26 Dec 2004 10:58:39 +0000 (10:58 +0000)]
Engage AES x86 assembler module for COFF and a.out targets.
Andy Polyakov [Thu, 23 Dec 2004 21:44:28 +0000 (21:44 +0000)]
Engage AES x86 assembler module on ELF platforms.
Andy Polyakov [Thu, 23 Dec 2004 21:43:25 +0000 (21:43 +0000)]
x86 perlasm update to accomodate aes-586.pl.
Andy Polyakov [Thu, 23 Dec 2004 21:40:23 +0000 (21:40 +0000)]
Eliminate copies of TeN and TdN, use those found in assembler module.
Andy Polyakov [Thu, 23 Dec 2004 21:32:34 +0000 (21:32 +0000)]
AES x86 assembler implementation.
Andy Polyakov [Mon, 20 Dec 2004 13:44:34 +0000 (13:44 +0000)]
Refine PowerPC platform support.
Andy Polyakov [Mon, 20 Dec 2004 13:21:25 +0000 (13:21 +0000)]
Summarize recent backports in CHANGES.
Andy Polyakov [Mon, 20 Dec 2004 13:20:22 +0000 (13:20 +0000)]
Improved PowerPC platform support.
Andy Polyakov [Mon, 20 Dec 2004 13:18:56 +0000 (13:18 +0000)]
When re-linking files, really relink them. In other words, emulate ln -f.
Andy Polyakov [Mon, 20 Dec 2004 13:15:51 +0000 (13:15 +0000)]
Backport of PPC BN module from HEAD.
Andy Polyakov [Mon, 20 Dec 2004 13:13:14 +0000 (13:13 +0000)]
Backport of cvs.openssl.org/chngview?cn=12323, as well as eliminate
message size limitations on 64-bit platforms.
Andy Polyakov [Mon, 20 Dec 2004 13:10:27 +0000 (13:10 +0000)]
Backport of cvs.openssl.org/chngview?cn=12449, essentially
a bug-fix for Win64/ia64.
Dr. Stephen Henson [Mon, 20 Dec 2004 00:49:36 +0000 (00:49 +0000)]
Remove unused buffer 'buf'.
Dr. Stephen Henson [Sun, 19 Dec 2004 01:21:18 +0000 (01:21 +0000)]
Don't use multiple storage types.
Geoff Thorpe [Fri, 17 Dec 2004 05:42:00 +0000 (05:42 +0000)]
Fix typos in the ecparam doc.
Submitted by: Nils Larsch
Richard Levitte [Mon, 13 Dec 2004 22:57:39 +0000 (22:57 +0000)]
make update (oops, missed this file)
Richard Levitte [Mon, 13 Dec 2004 22:57:08 +0000 (22:57 +0000)]
Change libeay.num so it's synchronised with additions in 0.9.7-stable.
make update
Richard Levitte [Mon, 13 Dec 2004 22:48:01 +0000 (22:48 +0000)]
make update
Dr. Stephen Henson [Mon, 13 Dec 2004 18:02:23 +0000 (18:02 +0000)]
Fix s_client so it works without a certificate again.
Richard Levitte [Mon, 13 Dec 2004 17:28:44 +0000 (17:28 +0000)]
Propagate a few more variables to Makefile.shared when linking
programs.
Dr. Stephen Henson [Sun, 12 Dec 2004 13:18:23 +0000 (13:18 +0000)]
Remove duplicate lines.
Dr. Stephen Henson [Sun, 12 Dec 2004 13:15:49 +0000 (13:15 +0000)]
Remove duplicate lines.
Andy Polyakov [Fri, 10 Dec 2004 16:30:34 +0000 (16:30 +0000)]
Adapt FIPS sub-tree for mingw.