Bodo Möller [Mon, 25 Apr 2005 23:06:15 +0000 (23:06 +0000)]
Remove some more entries that are false positives, or have been
resolved by recent commits.
Bodo Möller [Mon, 25 Apr 2005 22:55:24 +0000 (22:55 +0000)]
Sort out changes in FIPS and other changes, collected in separate files.
(Also remove another "make update".)
Bodo Möller [Mon, 25 Apr 2005 22:08:13 +0000 (22:08 +0000)]
remove some more false positives
Bodo Möller [Mon, 25 Apr 2005 22:02:34 +0000 (22:02 +0000)]
remove some more false positives
Bodo Möller [Mon, 25 Apr 2005 21:54:14 +0000 (21:54 +0000)]
remove some more changes that came from HEAD
Bodo Möller [Mon, 25 Apr 2005 21:53:08 +0000 (21:53 +0000)]
fix editing error, and remove a false positive
Bodo Möller [Mon, 25 Apr 2005 21:42:14 +0000 (21:42 +0000)]
update
Bodo Möller [Mon, 25 Apr 2005 21:36:56 +0000 (21:36 +0000)]
remove extra whitespace; fix link
Bodo Möller [Mon, 25 Apr 2005 21:32:52 +0000 (21:32 +0000)]
remove some false positives
Bodo Möller [Mon, 25 Apr 2005 21:25:48 +0000 (21:25 +0000)]
add recent changes; now this file is up-to-date
Bodo Möller [Mon, 25 Apr 2005 21:22:08 +0000 (21:22 +0000)]
bring up-to-date
Bodo Möller [Mon, 25 Apr 2005 21:06:05 +0000 (21:06 +0000)]
first step to melt down ChangeLog.0_9_7-stable_not-in-head :-)
Bodo Möller [Mon, 25 Apr 2005 21:01:31 +0000 (21:01 +0000)]
This is a collection of those CVS change log entries for the 0.9.7
branch (OpenSSL_0_9_7-stable) that do not appear similarly in
0.9.8-dev (CVS head).
Some obvious false positives have been eliminated: e.g., we do not
care about a simple "make update"; and we don't care about changes
identified to the 0.9.7 branch that were explicitly identified as
backports from head.
Eliminating all other entries (and finally this file), either as false
positives or as things that should go into 0.9.8, remains to be done.
Andy Polyakov [Sun, 24 Apr 2005 21:09:20 +0000 (21:09 +0000)]
Avoid L1 cache aliasing even between key and S-boxes.
Ben Laurie [Sun, 24 Apr 2005 12:02:49 +0000 (12:02 +0000)]
Flag changes in Configure and config, too.
Update dependencies.
Nils Larsch [Sun, 24 Apr 2005 09:17:48 +0000 (09:17 +0000)]
update
Dr. Stephen Henson [Sun, 24 Apr 2005 02:24:53 +0000 (02:24 +0000)]
Oops...
Dr. Stephen Henson [Sun, 24 Apr 2005 02:21:02 +0000 (02:21 +0000)]
Recognize zlib and krb5 options in mk1mf.pl
Nils Larsch [Sat, 23 Apr 2005 13:45:49 +0000 (13:45 +0000)]
make asn.1 field names const
Nils Larsch [Sat, 23 Apr 2005 10:11:16 +0000 (10:11 +0000)]
change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible
Ben Laurie [Sat, 23 Apr 2005 06:05:24 +0000 (06:05 +0000)]
Add debug target, remove cast, note possible bug.
Ben Laurie [Fri, 22 Apr 2005 23:57:46 +0000 (23:57 +0000)]
Add prototypes.
Nils Larsch [Fri, 22 Apr 2005 21:57:36 +0000 (21:57 +0000)]
more const
Nils Larsch [Fri, 22 Apr 2005 20:17:17 +0000 (20:17 +0000)]
make update
Nils Larsch [Fri, 22 Apr 2005 20:02:44 +0000 (20:02 +0000)]
- use BN_set_negative and BN_is_negative instead of BN_set_sign
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
Andy Polyakov [Fri, 22 Apr 2005 11:49:32 +0000 (11:49 +0000)]
Avoid aliasing between stack frames and S-boxes. Compress prefetch code.
Nils Larsch [Thu, 21 Apr 2005 09:43:09 +0000 (09:43 +0000)]
the pointer to the message digest is const
Richard Levitte [Thu, 21 Apr 2005 09:10:19 +0000 (09:10 +0000)]
Provide a default OPENSSL_ia32cap_loc for non-Intel platforms where
util/libeay.num is important when building shared libraries, like
VMS.
Dr. Stephen Henson [Thu, 21 Apr 2005 00:46:28 +0000 (00:46 +0000)]
Don't use standard kerberos library locations in MK1MF builds.
Fix typo in mk1mf.pl
Dr. Stephen Henson [Wed, 20 Apr 2005 21:48:48 +0000 (21:48 +0000)]
Make kerberos ciphersuite code compile again.
Avoid more shadow warnings.
Dr. Stephen Henson [Wed, 20 Apr 2005 21:48:06 +0000 (21:48 +0000)]
Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts.
Remove more bogus shadow warnings.
Dr. Stephen Henson [Wed, 20 Apr 2005 21:39:13 +0000 (21:39 +0000)]
Stop compiler warnings about deprecated lvalue casts.
Dr. Stephen Henson [Wed, 20 Apr 2005 21:34:29 +0000 (21:34 +0000)]
Stop bogus shadowing warning.
Dr. Stephen Henson [Wed, 20 Apr 2005 16:22:58 +0000 (16:22 +0000)]
Process MINFO file earlier in mk1mf.pl so it can modify variables like CFLAGS.
Process kerberos include and library options.
Dr. Stephen Henson [Wed, 20 Apr 2005 16:01:50 +0000 (16:01 +0000)]
Handle similar mk1mf.pl options with a hash table.
Richard Levitte [Wed, 20 Apr 2005 13:21:10 +0000 (13:21 +0000)]
signed vs. unsigned.
Richard Levitte [Wed, 20 Apr 2005 13:17:42 +0000 (13:17 +0000)]
Make sure id2_func is properly cast as well...
Richard Levitte [Wed, 20 Apr 2005 13:12:33 +0000 (13:12 +0000)]
signed vs. unsigned.
Richard Levitte [Wed, 20 Apr 2005 13:09:46 +0000 (13:09 +0000)]
Avoid compiler complaint about mismatched function signatures
(void * != char *)
Richard Levitte [Wed, 20 Apr 2005 12:55:15 +0000 (12:55 +0000)]
Resolve signed vs. unsigned.
Richard Levitte [Wed, 20 Apr 2005 12:53:50 +0000 (12:53 +0000)]
Type mismatch detected by DEC C compiler. void* != void**
Richard Levitte [Wed, 20 Apr 2005 10:02:16 +0000 (10:02 +0000)]
Avoid compiler complaint about mismatched function signatures
(void * != RSA *)
Dr. Stephen Henson [Tue, 19 Apr 2005 23:54:44 +0000 (23:54 +0000)]
Fix logic in mkdef.pl function is_valid.
Update symbols
Dr. Stephen Henson [Tue, 19 Apr 2005 18:57:17 +0000 (18:57 +0000)]
Stop perl warning.
Dr. Stephen Henson [Tue, 19 Apr 2005 13:24:44 +0000 (13:24 +0000)]
New "algorithm define" OPENSSL_NO_GMP. Update mkdef.pl and Configure script
to use it.
Dr. Stephen Henson [Tue, 19 Apr 2005 11:49:25 +0000 (11:49 +0000)]
Ignore TYPEDEF_OF in mkdef.pl
Dr. Stephen Henson [Tue, 19 Apr 2005 00:15:18 +0000 (00:15 +0000)]
Update year.
Dr. Stephen Henson [Tue, 19 Apr 2005 00:12:36 +0000 (00:12 +0000)]
Various Win32 and other fixes for warnings and compilation errors.
Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.
Andy Polyakov [Sun, 17 Apr 2005 21:05:57 +0000 (21:05 +0000)]
Throw in x86_64 AT&T to MASM assembler converter to facilitate development
of dual-ABI Unix/Win64 modules.
Dr. Stephen Henson [Sun, 17 Apr 2005 13:59:36 +0000 (13:59 +0000)]
Fix from stable branch.
Richard Levitte [Sun, 17 Apr 2005 09:07:37 +0000 (09:07 +0000)]
Synchronise with ec/Makefile.
Andy Polyakov [Sat, 16 Apr 2005 15:23:21 +0000 (15:23 +0000)]
Mitigate cache-timing attack in CBC mode. This is done by implementing
compressed tables (2x compression factor) and by pre-fetching them into
processor cache prior every CBC en-/decryption pass. One can argue why
just CBC? Well, it's commonly used mode in real-life applications and
API allows us to amortize the prefetch costs for larger data chunks...
Nils Larsch [Fri, 15 Apr 2005 18:29:33 +0000 (18:29 +0000)]
const fixes
Nils Larsch [Fri, 15 Apr 2005 16:01:35 +0000 (16:01 +0000)]
EVP_CIPHER_CTX_init is a void function + fix typo
PR: 1044 + 1045
Dr. Stephen Henson [Thu, 14 Apr 2005 22:58:44 +0000 (22:58 +0000)]
Check return values of <Digest>_Init functions in low level digest calls.
Andy Polyakov [Thu, 14 Apr 2005 07:47:10 +0000 (07:47 +0000)]
Prototype mnemonics in padlock_verify_context for better portability
[read support for Solaris assembler].
Andy Polyakov [Thu, 14 Apr 2005 07:41:29 +0000 (07:41 +0000)]
Fix for bug emerged in openvpn conext.
Andy Polyakov [Wed, 13 Apr 2005 23:54:28 +0000 (23:54 +0000)]
Final touch to mingw shared.
Andy Polyakov [Wed, 13 Apr 2005 21:46:30 +0000 (21:46 +0000)]
More cover-ups, removing OPENSSL_GLOBAL/EXTERNS. We can remove more...
Andy Polyakov [Wed, 13 Apr 2005 21:10:07 +0000 (21:10 +0000)]
Addenum to cvs.openssl.org/chngview?cn=13054.
Andy Polyakov [Wed, 13 Apr 2005 21:08:39 +0000 (21:08 +0000)]
Final(?) touches to mingw shared support.
Andy Polyakov [Wed, 13 Apr 2005 20:51:42 +0000 (20:51 +0000)]
Zap OPENSSL_EXTERN on symbols, which are not meant to be local to DLL.
Nils Larsch [Wed, 13 Apr 2005 19:09:43 +0000 (19:09 +0000)]
Makefile.ssl -> Makefile
Andy Polyakov [Wed, 13 Apr 2005 15:41:11 +0000 (15:41 +0000)]
Fix typos.
Andy Polyakov [Wed, 13 Apr 2005 08:46:35 +0000 (08:46 +0000)]
Introduce OPENSSL_NONPIC_relocated to denote relocated DLLs.
Andy Polyakov [Wed, 13 Apr 2005 07:22:41 +0000 (07:22 +0000)]
Parameterize do_solaris rules in Makefile.shared.
Andy Polyakov [Wed, 13 Apr 2005 06:55:42 +0000 (06:55 +0000)]
Minor cryptlib.c update: compiler warnings in OPENSSL_showfatal and
OPENSSL_stderr stub.
Dr. Stephen Henson [Tue, 12 Apr 2005 16:38:00 +0000 (16:38 +0000)]
Update FAQ.
Dr. Stephen Henson [Tue, 12 Apr 2005 16:36:36 +0000 (16:36 +0000)]
More overwritten stuff...
Dr. Stephen Henson [Tue, 12 Apr 2005 16:17:53 +0000 (16:17 +0000)]
Replace overwritten lines before error codes.
Dr. Stephen Henson [Tue, 12 Apr 2005 16:15:22 +0000 (16:15 +0000)]
Rebuild error codes.
Dr. Stephen Henson [Tue, 12 Apr 2005 13:31:14 +0000 (13:31 +0000)]
Include error library value in C error source files instead of fixing up
at runtime.
Nils Larsch [Mon, 11 Apr 2005 20:59:58 +0000 (20:59 +0000)]
include limits.h for UINT_MAX etc.
Richard Levitte [Mon, 11 Apr 2005 15:05:45 +0000 (15:05 +0000)]
Add a NEWS item for 0.9.7g.
Richard Levitte [Mon, 11 Apr 2005 14:17:07 +0000 (14:17 +0000)]
Add emacs cache files to .cvsignore.
Dr. Stephen Henson [Sun, 10 Apr 2005 23:41:09 +0000 (23:41 +0000)]
Move allow_proxy_certs declaration to start of function.
Dr. Stephen Henson [Sat, 9 Apr 2005 23:55:55 +0000 (23:55 +0000)]
Make kerberos ciphersuite code work with newer header files
Richard Levitte [Sat, 9 Apr 2005 16:07:12 +0000 (16:07 +0000)]
Added restrictions on the use of proxy certificates, as they may pose
a security threat on unexpecting applications. Document and test.
Nils Larsch [Fri, 8 Apr 2005 22:52:42 +0000 (22:52 +0000)]
add support for DER encoded private keys to SSL_CTX_use_PrivateKey_file()
and SSL_use_PrivateKey_file()
PR: 1035
Submitted by: Walter Goulet
Reviewed by: Nils Larsch
Nils Larsch [Fri, 8 Apr 2005 22:49:57 +0000 (22:49 +0000)]
improve docu of SSL_CTX_use_PrivateKey()
Nils Larsch [Thu, 7 Apr 2005 23:19:17 +0000 (23:19 +0000)]
get rid of very buggy and very imcomplete DH cert support
Reviewed by: Bodo Moeller
Nils Larsch [Thu, 7 Apr 2005 22:53:35 +0000 (22:53 +0000)]
make sure error queue is totally emptied
PR: 359
Nils Larsch [Thu, 7 Apr 2005 22:48:33 +0000 (22:48 +0000)]
const fixes
Andy Polyakov [Thu, 7 Apr 2005 20:24:29 +0000 (20:24 +0000)]
Recognize MSYS/MINGW environment.
Andy Polyakov [Thu, 7 Apr 2005 18:39:45 +0000 (18:39 +0000)]
Implement OPENSSL_showfatal and make it Win32 GUI and service aware
[meaning that it will detect in which context application is running
and either write message to stderr, post a dialog or log an event].
Andy Polyakov [Thu, 7 Apr 2005 15:51:55 +0000 (15:51 +0000)]
Harmonize cygwin/mingw and VC targets.
Andy Polyakov [Wed, 6 Apr 2005 09:45:42 +0000 (09:45 +0000)]
+45% RC4 performance boost on Intel EM64T core. Unrolled loop providing
further +35% will follow...
Submitted by: Zou Nanhai
Nils Larsch [Tue, 5 Apr 2005 19:11:19 +0000 (19:11 +0000)]
some const fixes
Nils Larsch [Tue, 5 Apr 2005 18:17:13 +0000 (18:17 +0000)]
update progs.pl to reflect changes in progs.h
Nils Larsch [Tue, 5 Apr 2005 11:17:03 +0000 (11:17 +0000)]
fix example in docu
PR: 800
Nils Larsch [Tue, 5 Apr 2005 10:29:43 +0000 (10:29 +0000)]
some const fixes and cleanup
Nils Larsch [Mon, 4 Apr 2005 18:15:59 +0000 (18:15 +0000)]
remove unused recp method
Andy Polyakov [Mon, 4 Apr 2005 17:10:53 +0000 (17:10 +0000)]
Extend Solaris x86 support to amd64.
Andy Polyakov [Mon, 4 Apr 2005 17:07:16 +0000 (17:07 +0000)]
Solaris x86 linker erroneously pads .init segment with zeros instead of
nops, which causes SEGV at startup. So I don't align anymore.
Andy Polyakov [Mon, 4 Apr 2005 17:05:06 +0000 (17:05 +0000)]
Some non-GNU compilers (such as Sun C) define __i386.
Bodo Möller [Sun, 3 Apr 2005 23:53:48 +0000 (23:53 +0000)]
HISTORY section: point out change of default digest
Andy Polyakov [Sun, 3 Apr 2005 18:53:29 +0000 (18:53 +0000)]
Make bn/asm/x86_64-gcc.c gcc4 savvy. +r is likely to be initially
introduced for a reason [like bug in initial gcc port], but proposed
=&r is treated correctly by senior 3.2, so we can assume it's safe now.
PR: 1031
Ben Laurie [Sun, 3 Apr 2005 16:38:22 +0000 (16:38 +0000)]
If input is bad, we still need to clear the buffer.
Nils Larsch [Sat, 2 Apr 2005 09:29:15 +0000 (09:29 +0000)]
use SHA-1 as the default digest for the apps/openssl commands
Dr. Stephen Henson [Fri, 1 Apr 2005 21:56:15 +0000 (21:56 +0000)]
Typo