[openssl-commits] [openssl] master-pre-reformat create
Matt Caswell
matt at openssl.org
Mon Feb 9 13:14:09 UTC 2015
The annotated tag master-pre-reformat has been created
at e422e1a89576a7bef94ec5ec7db3e3c7dc77e009 (tag)
tagging 4b618848f9beb8271f24883694e097caa70013c0 (commit)
tagged by Matt Caswell
on Mon Feb 9 13:11:58 2015 +0000
- Log -----------------------------------------------------------------
Pre reformat of master
Reviewed-by: Richard Levitte <levitte at openssl.org>
Adam Langley (20):
Fix for EXP-RC2-CBC-MD5
Add volatile qualifications to two blocks of inline asm to stop GCC from eliminating them as dead code.
Ensure that x**0 mod 1 = 0.
Ensure that, when generating small primes, the result is actually of the requested size. Fixes OpenSSL #2701.
This change alters the processing of invalid, RSA pre-master secrets so that bad encryptions are treated like random session keys in constant time.
Don't SEGFAULT when trying to export a public DSA key as a private key.
Limit the number of empty records that will be processed consecutively in order to prevent ssl3_get_record from never returning.
Add secure DSA nonce flag.
Make `safe' (EC)DSA nonces the default.
Support ALPN.
Add tests for ALPN functionality.
Avoid double free when processing DTLS packets.
Fix memory leak from zero-length DTLS fragments.
Fix return code for truncated DTLS fragment.
Remove some duplicate DTLS code.
RT3065: ec_private_key_dont_crash
psk_client_callback, 128-byte id bug.
Don't set client_version to the ServerHello version.
Premaster secret handling fixes
Ensure that the session ID context of an SSL* is updated when its SSL_CTX is updated.
Adam Williamson (1):
RT3511: doc fix; req default serial is random
Alan Hryngle (1):
Return smaller of ret and f.
Alok Menghrajani (3):
Fixes a minor typo in the EVP docs.
Improves the proxy certificates howto doc.
Improves certificates HOWTO
Alon Bar-Lev (1):
RT1771: Add string.h include.
Andreas Westfeld (1):
Fix typo in ideatest.c
André Guerreiro (1):
Add documentation on -timeout option in the ocsp utility
Andy Polyakov (1908):
crypto/bn/asm/mips3.s is obsolete. I'm moving it to crypto/bn/asm/obsolete in order to replace it with a new version.
crypto/bn/asm/mips3.s is moved to crypto/bn/asm/obsolete/
MIPS III/IV assembler module is reimplemented.
Get rid of redundant multiplications in bn_div_words.
- performance retunes, v8plus bn_*_comba routines are reimplemented; - support for GNU assembler (read SPARC Linux);
GNU assembler (read SPARC Linux) support added.
Added support for SPARC Linux.
Minor MD5 tune-up for WIN32 on Intel.
SGI IRIX config updates.
SPARC Solaris config updates.
when invoking bn_*_comba[48] result->top wasn't always set correctly.
Bignum division tune-up. Idea is to move multiplications in front of loop body and replace 'em with addition/subtraction.
Extra i386+gcc bn_div.c tune-up featuring inline division and saving the remainder left in %edx. Here is the resulting performance improvement matrix (improvement as a result of this *and* previous tune-up committed two days ago). The results were obtained by profiling the "div" part of the crypto/bn/bnspeed.c.
Minor MIPS III/IV tune-up.
md32_common.h update and accompanying MD5 update.
RIPEMD160 shape-up. Major news are that it's operational on all platforms now and I'm putting it back to 'make test' later today.
RIPEMD160 shape-up Intel assembler companion. Cycle counter benchmarks went down from 1050 to 921 cycles on Pentium II. I haven't checked the figures on Pentium yet.
RIPEMD160 shape-up. Final touch.
SHA clean-up and (LP64) tune-up.
SHA clean-up Intel assembler companion.
Initial support for MacOS.
RC4 tune-up.
RC4 tune-up featuring 30-40% performance improvement on most RISC platforms. See crypto/rc4/rc4_enc.c for further details.
RC4 tune-up featuring 30-40% performance improvement on most RISC platforms. See crypto/rc4/rc4_enc.c for further details.
MacOS updates.
Initial support for MacOS is now available
Late break-in patch for MacOS support.
Even more late break-in MacOS tidbits...
Even more late break-in MacOS tidbits (last for today)...
Minor documentation update.
Makefile clean-ups, crypto/bn/asm/alpha.s compiles on Alpha Linux.
MacOS updates. Initial support for GUSI (MacOS socket implementation) is added.
Enhanced support for Alpha Linux. See CHANGES for details.
Alpha Linux update companion.
Metrowerks for Motorola tune-up.
Rhapsody 5.5 (a.k.a. MacOS X) compiler bug workaround. At the very least passes 'make test' now:-)
Further work on MacOS port. See INSTALL.MacOS for details.
Support for "multiply high" instruction, see BN_UMULT_HIGH comment in crypto/bn/bn_lcl.h for further details. It should be noted that for the moment of this writing the code was tested only on Alpha. If compiled with DEC C the C implementation exhibits 12% performance improvement over the crypto/bn/asm/alpha.s (on EV56 box running AlphaLinux). GNU C is (unfortunately) 8% behind the assembler implementation. But it's OpenVMS Alpha users who *may* benefit most as 'apps/openssl speed rsa' exhibits 6 (six) times performance improvement over the original VMS bignum implementation. Where "*may*" means "as soon as code is enabled though #define SIXTY_FOUR_BIT and crypto/bn/asm/vms.mar is skipped."
New xcbc_ok test vector is required after the parity bits in cbc2_key were fixed up. The catch is that in the DESX test the cbc2_key is used as whitening key where *all* 64 bits are significant.
Support for MacOS X (Rhapsody) is added. Also get rid of volatile qualifier in asm definitions as it prevents compiler from moving the instruction(s) during optimization pass.
HP-UX tune-up: new unified configs, HP C compiler bug workaround.
test_mont was exercising 100-bit multiplication modulus X*I-bit, where X is 5120 on 32-bit and 151552 on 64-bit architectures and I varies from 0 to 4. As result the test was *unreasonably* slow and virtually impossible to complete on 64-bit architectures (e.g. IRIX bc couldn't even swallow such long lines).
New NO_INLINE_ASM macro. Primary target for the moment is Solaris x86 which can't stand GNU C assembler templates.
Avoid GNU C assembler templates under Solaris x86.
Move CAST_S_tables to read-only segment.
Move initial key to read-only segment.
Move primes to read-only segment.
There're two (incompatible) ways to write multi-threaded programs under IRIX, one is to call sproc(2) when every thread does get own pid and POSIX threads when all the threads share same pid.
Linux is almost the only one where getpid() == thread-id. IRIX is another one, but only if you stick to sproc(2).
BN_div_recp fix. I've ran divtest for 10 mins and it didn't exhibit a single fault:-) Needless to mention that bnbug.c posted couple of days ago passes as well...
Statement that it fails only on 32-bit architectures isn't true.
MacOS tidbits. Add new files to the project, update config.
IRIX6* tests passed.
More tests passed.
MacOS pseudo-random entropy collector.
GCC 2.95.2 from IRIX 6.5 -mabi=64 compiler bug workaround:-(
MT-support for IRIX 6.x and Alpha-Linux
Compaq C warns that "the expression 'p=scan_esc(p)' modifies the variable 'p' more than once without an intervening sequence point. This behavior is undefined." What it essentially complains about is 'p=p+=1'. Now it's changed to 'p=p+1'...
The IRIX fix. Asm recap and corresponding declation.
Assembler support for IA-64. See the source code commentary for further details (performance numbers and accompanying discussions:-). Note that the code is not engaged in ./Configure yet. I'll add it later this week along with updates for .spec file.
Get rid of RAW dependency warnings.
Get rid of "possible WAW dependency" warnings.
This fixes "Spurious test failures on IRIX?" reported in April. Apparently I was wrong in conclusions about when addition starts overflowing in combaX routines.
Missing line 0.9.6b release and IA-64 patch advertisement:-)
Support for 64-bit Solaris build with GCC 3.0 and later. It should be explicitely noted that 64-bit SPARCv9 ABI is not officially supported by GCC 3.0 (support is scheduled for 3.1 release), but it appears to work, at the very least 'make test' passes...
Typo in stty command lines.
Support for Intel and HP-UXi assemblers.
Enhanced support for IA-64 Linux and HP-UX (as well as better support for HP-UX in common in ./config). Note that for the moment of this writing none of 64-bit platforms pass bntest. I'm committing this anyway as it's too frustrating to patch snapshots over and over while 0.9.6 is known to work.
Just a "get to know your system" bit.
linux64-sparcv9 support finally debugged and tested.
Workaround for GCC-ia64 compiler bug.
BN_sqr test failure entry.
IA-32 assembler modules (primarily DES) PIC-ification. Idea is to keep shared libraries shared.
DES PIC-ification. Windows companion.
x86_64 performance patch.
New DETECT_GNU_LD procedure.
Solaris shared build fix-ups. See RT#238,239 for details.
As you might have noticed I tried to change for . prefix, because it's the one to be used to denote local labels in single function scope. Problem is that SHA uses same label set across functions, therefore I have to switch back to $ prefix.
Ooops! No ROTATE on some platforms after x86_64 performance patch...
DES PIC-ification. "Cygwin" companion. Problem was that preprocessor macro is not expanded if prepended with a $-sign.
Always forget this one...
'a=b c=$a; echo $c' doesn't necessarily prints "b", '' vs. "", $s in Makefiles... I suppose it wasn't tested very much...
Make "perl des-586.pl a.out" work, see RT#402
Fix for RT#405, Solaris refuses to invoke preprocessor if egrep returns 1. Linux for example doesn't exhibit this behaviour, but I add "exit 0" to all potentially affected rules, just to be on the safe side.
Better wording?
Fix for "shift count too large" when compiling for hpux-parisc2 and irix-mips. The bug was introduced with accelerated support for x86_64. My fault! Fixed now.
FAQ addenum as discussed in RT#417.
UltraSPARC performance "tune-up."
I can't confirm the claim being removed and nobody seems to speak up for it.
It probably belongs in PROBLEMS, but it's more likely to be a FAQ.
My English is definitely not good as my assembly skills:-) And it looks like titles can't be multi-line...
I implemented this when troubleshooting performance problem on SPARC Solaris. As there is an apparent interest for optimization for footprint, I figured that this can eventually become useful.
Very old submission (from 2000) of UltraSPARC assembler DES implementation. It was not accepted because code is not PIC, too UltraSPARC-specific when it doesn't have to and 32-bit only. I'm committing the original version mostly for reference purposes. 64, PIC, blended CPU tune-up follows shortly. Obtained from: http://inet.uni2.dk/~svolaf/des.htm
UltraSPARC assembler DES implementation tune-up. The code can be compiled for any SPARC CPU (UltraSPARC performance is *not* affected), can be compiled for 64-bit ABI and is position-independent.
Complete integration of SPARC assembler DES implementation. Tested on Solaris only. I'll keep my eyes open for Linux and OpenBSD targets.
Support for Intel compiler. More details will be provided in closing note for RT#17 as snapshot becomes available for download.
HP/UX 11i make gets upset by this line containing nothing but a Tab
pa-risc2.s was not PIC, see RT#426. I strip call to fprintf as it's never called anyway (it's a debugging assertion). If pa-risc2W.s is PIC remains to be seen...
Support for ILP32 on HPUX-IA64.
Unified targets for ELF assembler modules. Tested on Linux, Solaris and FreeBSD. Goal is to extend support even to SCO5, UnixWare/OpenUnix...
Redundant now as it's moved to ./Makefile.org.
Oops! I've toasted Cygwin! Fixed now.
GAS can't stand stub, which is stb's synonym.
Another GAS fix-up and some commentary...
Fix a typo.
Finalizing asm support for UnixWare, SCO, OpenUnix... Note that I've replaced #if logic around bn_sub_part_words in bn_mul.c. I rely upon OPENSSL_BN_ASM_PART_WORDS being added by ./Configure script. Would it still work on non-Unix platforms?
At least OpenBSD implements PIC in the same way ELF does.
Avoid unnecessary pollution of object module name table. Cygwin shared build workaround (DJGPP swallows it too). One probably should do same as with ELF calling it COFF, but I'm very short in COFF platforms, so I just go for easy ad-hoc solution. I'll take care of merge to 0.9.7 later.
Just an extra comment.
OpenBSD FAQ update. Apparently gas from binutils-2.x makes it impossible to use gcc -fPIC ... on OpenBSD-i386. Alternative solution is provided.
Minor FAQ update
Fix for AIX shared build, see RT#463.
Caldera/SCO targets erroneously limit themselves to 386. See RT#464.
-lresolv is not present on SCO Unix, RT#460.
SCO target missed .so suffix.
Oops! Missed closing quote... Didn't have time to verify before a snapshot was cut...
This is an *initial* tune-up. This update puts Itanium2 back on par with Itanium. I mean if overall performance improvement over C version was X for Itanium, it's X even for Itanium2.
Suggestion was to change ${MACHINE} to i586 in lines in question. Well, "whatever" doesn't the same (avoids 386 being passed to ./Configure), consistent with other elder SCO targets and denotes that we probably shouldn't care much about every out-of-date platform.
The patch speaks for itself.
Workaround for lame compiler bug introduced in "CPU pack" for MSVC6SP5.
Provide "dummy" &main::picmeup even in Windows perlasm modules.
./config failed to correctly detect if gcc uses 64-bit ABI on HP-UX. PR: 772
hpux64-parisc2-gcc target added. Once it is verified, ./config should be modified to choose it instead of hpux64-parisc-gcc, which should then be removed. hpux64-parisc-cc is removed already now as redundant [in case you wonder, 64-bit HP-UX ABI *implies* PA-RISC2.0].
SHA-1 assembler tune-up for Intel P4
Get rid of bogus warning when compiling with Sun vendor compiler.
Fix declaration inconsistency in ecparam.c.
Even though C specification explicitly says that constant type "stretches" automatically to accomodate the value, some compilers fail to do so. Most notably 0x0123456789ABCDEF should come out as long long in 32-bit context, but HP compiler truncates it to 32-bit value. Which in turn breaks GF(2^m) arithmetics in hpux-parisc2-cc build. Therefore this fix...
CFB DES sync-up with FIPS branch.
#undef _POSIX_C_SOURCE in ui_openssl.c ruined IRIX builds. Comment on why _POSIX_C_SOURCE needed in first place.
HP/UX PA-RISC 2 targets update.
Typo in PA-RISC 2 rules in crypto/bn/Makefile.ssl
Typo in crypto/bn/asm/x86_64.c, bn_div_words(). PR: 821
IRIX 6.x shared build fix-up.
This is essentially Intel 32-bit compiler tune-up. To start with all available compiler versions generated bogus machine code trying to compile new crypto/des/cfb_enc.c. Secondly, 8th version defines __GNUC__ macro, but fails to compile *some* inline assembler correctly. Note that all versions of icc implement MSC-like _lrot[rl] intrinsic, which is used now instead of offensive asm. Finally, unnecessary linker dependencies are eliminated. Most notably dependency from libirc.a caused trouble at application start-up, if libcrypto.so is linked with -Bsymbolic (which it is).
Improved PowerPC support. Proper ./config support for ppc targets, especially for AIX. But most important BIGNUM assembler implementation submitted by IBM.
Oops! Typo in ./config...
Support for IA-32 SSE2 instruction set.
SSE2 accelerated bn_mul_add_words. Code is currently disabled till proper config and run-time support is added. PR: 788 Submitted by: <dean at arctic.org> Reviewed by: <appro>
SSE2 SHA512_Transform implementation. No, it's not used anywhere yet and is subject to change as C implementation is added...
SHA-224/-256/-384/-512 implementation. This is just sheer code commit. Makefile modifications, make test, etc. will appear later...
CHANGES to mention improved PowerPC platform support.
size_t-fication of message digest APIs. We should size_t-fy more APIs...
Make reservations for FIPS code in HEAD branch, so that the moment FIPS comes in we have required macros in place.
Final API adaptation. Final, "all openssl" performance numbers [not mixture of different implementations]. Real-life performance improvement is rated at 2-3x, not 6x as preliminary announced.
Stress collector/padding function.
SHA-256/-512 update. A bug fix, SHA-512 tune-up for AMD64, hook for SSE2 code, Makefile update.
While size_t-fying let's not forget to update documentation:-)
SHA-256/-512 test and benchmark.
Framework for glueing BIO layer and Win32 compiler run-time. Goal is to make it possible to produce for a unified binary build, which can be used with a variety of Win32 compilers.
Documentation note for Win32 glue between BIO layer and compiler run-time.
SHA-224 test vectors added.
Attempt to unify hpux-shared rules. More adjustments might be required after more tests...
Eliminate compiler warnings and throw in performance table.
Make sure we return 0 if test passed.
Unified hpux-shared rule. Verified with both 32- and 64-bit builds and both vendor and GNU compilers. ./engine shared build are still busted. I mean always were...
hpux-shared rules to cover even for GNU ld.
gcc -Wcast-qual clean-up.
Typo in linux-ppc64 target.
Kill unused macro and reimplement it for that single context it can actually be used, namely x86* platforms [because they don't bomb on unaligned access]. This resulted in 30-40% [depending on message length] improvement for SHA-256 compiled with gcc and running on P4. In the lack of assembler implementation I give the compiler all the help it can possibly get:-)
Final SHA-256/-512 touches. Extra md_len field in SHA[256|512]_CTX reserves for truncated hash function output mode and makes SHA224 thread-safe. Next stop is integration with EVP and we're done...
Typo in commentary section.
Make sha-256/-512 naming in speed.c consistent with their names as they will appear at EVP leyer.
objects.txt update for SHA-224/-256/-384/-512. SHA-224 ids still appear "draft," but we have to start somewhere...
EVP bindings to new SHA algorithms.
Extend HMAC_MAX_MD_CBLOCK to accomodate SHA-512.
Mention new SHA algorithms in CHANGES. This completes the integration.
Working on HP-UX shared support...
32-bit PA-RISC requires -Bsymbolic when linking libcrypto.sl. Without this flag RAND_poll ends up in end-less loop calling RAND_add. But don't ask me why...
Minimal work-around for ./engine shared builds. "Minimal" means that I think that proper Makefile clean-up is required.
SHA fails to compile on x86_64 if compiled with custom flags, without recommended -DMD32_REG_T=int in particular. PR: 893 Submitted by: Michal Ludvig <michal-list at logix.cz>
New scalable bn_mul_add_words loop, which provides up to >20% overall performance improvement. Make module more gcc friendly and clarify copyright issues for division routine.
New SHA algorithms assembler implementation for IA-64. Note that despite module name both SHA-256 and SHA-512 are supported.
AES assembler implementation for IA-64. Note that there is no anchor from C code yet...
Minor (+12% on P4) performance tweak for sha512_block_sse2.
RC4 tune-up for AMD64. Performance improvement of 2.22x is measured for linux-x86_64 target.
Integration of RC4 AMD64 module.
IA-64 is intolerant to misaligned access. It was a problem on Win64 as we were mislead by _MSC_VER macro, which is defined by *all* Windows Microsoft compilers.
Add licensing terms.
Add anchors for AES, SHA-256/-512 assembler modules and SSE2 code pathes. I also used this opportunity to clean up some out-of-date targets and re-group targets by OS.
Type in Configure and TABLE update.
Anchor AES and SHA-256/-512 assembler from C.
Make rand_win.c UNICODE savvy.
All SIXTY_FOUR_BIT platforms (mind the difference between SIXTY_FOUR_BIT and SIXTY_FOUR_BIT_LONG) were failing to pass 'cd test; make test_bn'.
Run SHA-256/-512 tests through EVP...
EVP_Digest is size_t-fied, clean up test programs accordingly.
#include <limits.h> is required at least on HP-UX and IRIX. And what's with HP-UX offering 14 for NAME_MAX?
WinCE should always be compiled as UNICODE, even debugging version...
Adapt rc4-amd64.pl for Win64/AMD64 assembler.
Win64 placeholder targets. This is merely naming suggestion. As we know Win64 comes in two flavors, IA-64/Itanium and AMD64/Opteron. The suggestion is to refer to former as WIN64I and latter - WIN64A
VC-NT was taken away by mistake, putting it back...
Various IA-64 assembler fix-ups.
Build-n-link new IA-64 modules on Linux and HP-UX.
TABLE update.
Minor HP-UX make update. IA-64-based HP-UX favor .so extension for shared libraries. Old .sl extension works just fine, but it .so which is default.
Typos and due casts. As for the latter. It's "safe" to cast as below, because "wrong" casts will either be optimized away or never performed.
Some compilers are just too whiny. DEC C doesn't like long long...
Some compilers are just too whiny. Nothing makes Microsoft compiler stop complaining about loss of precision, but explicit cast.
Make SHA-256/-512 optional. Note that no-sha switches off *all* SHA.
'apps/openssl dgst -help' update and minor apps/speed.c update.
Minor 64-bit md32_common.h update and minor unsignification of digests.
Stricter boundary condition check in HMAC_Init_ex.
Make bio_ok.c 64-bit savvy.
Typos, typos...
Make bio_ok.c Microsoft compiler savvy.
Zero key-length for HMAC is apparently OK.
Add framework for yet another assembler module dubbed "cpuid." Idea is to have a placeholder to small routines, which can be written only in assembler. In IA-32 case this includes processor capability identification and access to Time-Stamp Counter. As discussed earlier OPENSSL_ia32cap is introduced to control recently added SSE2 code pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the code is operational on ELF platforms only. I haven't checked it yet, but I have all reasons to believe that Windows build should fail to link too. I'll be looking into it shortly...
This is so to say "damage control" for jumbo "cpuid" patch, see http://cvs.openssl.org/chngview?cn=12493. Now all platform should be operational, while SSE2 code pathes get engaged on ELF platforms only.
DLLEntryPoint is a collective name, not what linker looks for. However, if we explicitly intruct the linker to set entry point, then we become obliged to initialize run-time library. Instead we can pick name run-time will call and such name is DllMain. Note that this applies to both "native" Win32 environment and Cygwin:-)
Deprecate cpp and gaswin targets. New coff fills in for gaswin, but cpp is going out...
Clean-up GAS targets: get rid of "cpp" stuff and replace it with "purified" COFF and a.out targets [similar to ELF targets]. You might notice some rudementary support for shared mingw builds under cygwin. It works (it produces cryptoeay32.dll and ssleay32.dll with everything exported by name), but it's primarily for testing/debugging purposes, at least for now...
OpenBSD fix-up for new a.out targets. OpenBSD .s.o rule is busted...
Cygwin fix-up for shared build.
VIA C3 processor extends IA-32 instruction set with instuctions performing AES encryption in hardware, as well as one accessing hardware RNG. As you surely imagine this engine access this extended instruction set. Well, only AES for the moment, support for RNG is to be added later on... PR: 889 Submitted by: Michal Ludvig <michal at logix.cz>
Minor clean-up to make Microsoft compiler shut up.
Avoid a.out name table pollition.
If they ask for 386, keep it as 386 as possible...
Padlock engine update to fix a typo in MSC assembler and to address potential corruption problem if user manages to inter-leave aligined and misaligned requests [as well as some MSC-specific tweaks].
Make aes_ctr.c 64-bit savvy.
Minor VIA Padlock engine update: eliminate -Wunused warning when *not* compiling the engine and inline memcpy in performance critical pathes.
crypto/perlasm update primarily to unify Netware modules. Once it's verified x86*_nw.pl will be deleted. In addition this update implements initseg on several additional [in addition to ELF] platforms. Functions registered with initseg are supposed to be called prior main().
Fix compiler warnings in crypto/evp/bio_ok.c as pointed out by Geoff.
OPENSSL_ia32cap final touches. Note that OPENSSL_ia32cap is no longer a symbol, but a macro expanded as (*(OPENSSL_ia32cap_loc())). The latter is the only one to be exported to application.
Proper support for OpenBSD-i386 shared build, including assember modules! "Proper" means "compiles and passes test." Versioning is broken (I think).
TABLE OpenBSD-i386 update
x86 assembler updates: more instructions, new OPENSSL_instrument_halt [for DJGPP]...
Make VIA Padlock engine more platform friendly and eliminate compiler warning.
sha256_block advances the input pointer double as fast sometimes. Fix the bug and test that it's actually gone. PR: 950
SHA1 asm Pentium tune-up. Performance loss is not as bad anymore.
Fix Solaris 10_x86 shared build. -Bsymbolic is required to avoid "remaining relocations" in assembler modules. The latter seems to be new behaviour, elder as/ld managed to resolve this relocations as internal. It's possible to address this problem differently, but I settle for -Bsymbolic... PR: 546
As was shown by Marc Bevand reordering of couple of load operations results in even higher performance gain of 3.3x:-) At least on Opteron...
RC4 tune-up for Intel P4 core, both 32- and 64-bit ones. As it's apparently impossible to compose blended code with would perform satisfactory on all x86 and x86_64 cores, an extra RC4_CHAR code-path is introduced and P4 core is detected at run-time. This way we keep original performance on non-P4 implementations and turbo-charge P4 performance by factor of 2.8x (on 32-bit core).
linux-x86_64 didn't link after EM64T RC4 tune-up...
RC4 IA-64 assembler implementation.
Engage RC4 IA-64 assembler module.
Summarize recent RC4 tune-ups.
perlasm/x86[ms|nasm] update to accomodate updated RC4 assembler module.
Final touches to rc4/asm/rc4-596.pl, +52% better performance on AMD core.
sha1_block_asm_data_order can't hash if message crosses 2GB boundary.
Add 0.9.7 specific comments to RC4 assembler modules.
I've introduced a bug to i386 RC4 assembler, which would emerge with certain mix of calls to RC4 routine not covered by rc4test.c. It's fixed now. In addition this patch inadvertently fixes minor performance problem: in 0.9.7 context P4 was performing 12% slower than the original implementation...
Fix rc4-ia64.S to pass more exhaustive regression tests.
Extend RC4 test.
SHA1 assembler for IA-64.
Engage SHA1 IA64 assembler on IA64 platforms.
Solaris x86 perlasm update.
Refine PowerPC platform support.
AES x86 assembler implementation.
Eliminate copies of TeN and TdN, use those found in assembler module.
x86 perlasm update to accomodate aes-586.pl.
Engage AES x86 assembler module on ELF platforms.
Engage AES x86 assembler module for COFF and a.out targets.
Eliminate redundant memcpy of IV material. Performance improvement varies from platform to platform and can be as large as 20%.
Remove yet another redundant memcpy. Not at least performance critical, essentially cosmetic modification...
Remove CPU detect for IRIX targets. Performance gain is less than 1%, it makes more sense to strive for broader binary compatibility...
As new major IRIX release is highly unlikely to appear [and break following], I change from -notall to -none synonym in irix rules to improve backward compatibility with IRIX 5.x. PR: 987
Minor cygwin update. PR: 949
Oops-kind typos in aes-ia64.S...
AES-CFB[18] 2x optimization. Well, I bet nobody cares about AES-CFB1 performance, but anyway...
Minor AES x86 assembler tune-up.
Commentary update for AES IA-64 assembler module.
Remove naming conflict between variable and label.
Fix Win32 test-suit.
Make whiny compilers stop complaining about missing prototype.
Borrow #include <string[s].h> from e_os.h.
DJGPP update. PR: 989 Submitted by: Doug Kaufman
Permit "monolithic" AES assembler implementations, i.e. such which would replace *whole* aes_core.c, not only AES_[de|en]crypt routines.
DJGPP documentation note update.
FAQ update to mention no-sha0 as possible workaround for Tru64 compiler bug. Well, no-options seem to be busted in HEAD currently, which should/will be fixed one way or another (see PR#989 for a possible alternative).
O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris. PR: 998
Fix an "oops" typo! Well, it was a debugging left-over...
"Monolithic" x86 assembler replacement for aes_core.c. Up to +15% better performance on recent microarchitectures.
Rely on e_os.h to appropriately define str[n]casecmp in non-POSIX environments.
INSTALL.DJGPP sync. PR: 989
Don't zap AES CBC IV, when decrypting truncated content in place.
Reserve for AES CBC assembler implementation...
Fix a typo in a.out assembler modules.
Throw in AES CBC assembler, up to +40% on aes-128-cbc benchmark.
Bug-fix in CBC encrypt tail processing and commentary section update.
linux-parisc update. PR: 990 Submitted by: Mike Frysinger <vapier at gentoo.org>
linux-arm target update. PR: 991
Improve ECB performance (48+14*rounds -> 18+13*rounds) and reserve for hand-coded zero-copy AES_cbc_encrypt.
Default to AES u32 being unsinged int and not long. This improves cache locality on 64-bit platforms (and fixes IA64 assembler-empowered build:-). The choice is guarded by newly introduced AES_LONG macro, which needs to be defined only on 16-bit platforms which we don't support (not that I know of). Meaning that one could as well skip long option altogether.
Fold a bunch of linux and *BSD targets into [linux|BSD]-generic[32|64]. Idea is to provide unified "fall-down" case for all rare platforms out there. ./config is free to enable some optimizations, such as endianness specification, specific -mcpu flags...
./Configure to respect $thread_cflag variable.
FreeBSD 5 refuses to #include <malloc.h>. Fix compiler warning after http://cvs.openssl.org/chngview?cn=12843.
Please BSD make...
Respect the fact that most interactive shells don't restore stty settings and make it work in non-interactive mode...
Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms and SafeDllSearchMode in Windows.
Shut whiny make's up.
Drop redundant -lc from a number of rules in Makefile.shared. It's perfectly safe [compiler driver adds it] and in some situation even perfectly appropriate [mixing -pthread and -lc on FreeBSD can have lethal effect on apps/openssl]. I'd say we should get rid of more, but I remove those I can test myself...
Mention no-sse2 option in INSTALL note.
Make util/shlib_wrap.sh [Open]BSD-friendly.
Make Makefile.shared BSD make-friendly, remove more redundant -lc, set up OBJECT_MODE for AIX.
Reliable BSD-x86-elf detection in ./config.
This patch was "ignited" by OpenBSD 3>=4 support. They've switched to ELF and GNU binutils, but kept BSD make... And I took the opportunity to unify other targets to this common least denominator...
Remove unused assembler modules.
Avoid re-build avalanches with HP-UX make.
Cygwin to use DSO_FLFCN and mingw to use DSO_WIN32.
Make bn/asm/x86_64-gcc.c gcc4 savvy. +r is likely to be initially introduced for a reason [like bug in initial gcc port], but proposed =&r is treated correctly by senior 3.2, so we can assume it's safe now. PR: 1031
Some non-GNU compilers (such as Sun C) define __i386.
Solaris x86 linker erroneously pads .init segment with zeros instead of nops, which causes SEGV at startup. So I don't align anymore.
Extend Solaris x86 support to amd64.
+45% RC4 performance boost on Intel EM64T core. Unrolled loop providing further +35% will follow...
Harmonize cygwin/mingw and VC targets.
Implement OPENSSL_showfatal and make it Win32 GUI and service aware [meaning that it will detect in which context application is running and either write message to stderr, post a dialog or log an event].
Recognize MSYS/MINGW environment.
Minor cryptlib.c update: compiler warnings in OPENSSL_showfatal and OPENSSL_stderr stub.
Parameterize do_solaris rules in Makefile.shared.
Introduce OPENSSL_NONPIC_relocated to denote relocated DLLs.
Fix typos.
Zap OPENSSL_EXTERN on symbols, which are not meant to be local to DLL.
Final(?) touches to mingw shared support.
Addenum to http://cvs.openssl.org/chngview?cn=13054.
More cover-ups, removing OPENSSL_GLOBAL/EXTERNS. We can remove more...
Final touch to mingw shared.
Fix for bug emerged in openvpn conext.
Prototype mnemonics in padlock_verify_context for better portability [read support for Solaris assembler].
Mitigate cache-timing attack in CBC mode. This is done by implementing compressed tables (2x compression factor) and by pre-fetching them into processor cache prior every CBC en-/decryption pass. One can argue why just CBC? Well, it's commonly used mode in real-life applications and API allows us to amortize the prefetch costs for larger data chunks...
Throw in x86_64 AT&T to MASM assembler converter to facilitate development of dual-ABI Unix/Win64 modules.
Avoid aliasing between stack frames and S-boxes. Compress prefetch code.
Avoid L1 cache aliasing even between key and S-boxes.
Pointer to BN_MONT_CTX could be used uninitialized.
Fold rules in test/Makefiles [from stable].
Allow for ./config no-sha0 [from stable].
Cygwin/mingw sync with stable.
Remove false positives and resolve some of remaining ones.
x86_64 assembler translator update.
Rename amd64 modules to x86_64 and update RC4 implementation.
Cpuid modules updates.
Commentary update.
Cygwin doesn't expose Win32 [not "officially"].
Throw in md5-x86_64 assembler.
Engage md5-x86_64 assembler module.
Cvs missed adapted module itself, here it goes...
x86_64 assembler translator update.
Commentary update motivating code update in 0.9.7.
Fix constants. PR: 1059
x86_64 assembler translator update.
Eliminate "statement with no effect" warning when OPENSSL_assert macro is used with constant assertion.
Allow for 64-bit cache-line alignments in code segment.
Comply with optimization manual (no data should share cache-line with code).
Fool-proofing Makefiles
+20% performance improvement of P4-specific RC4_CHAR loop.
Consolidate BUILDENV [idea is to keep all variables in one place].
Simplify shared rules, link run-path into applications only.
Make Makefile.shared quiet again.
Further BUILDENV clean-up, 'make depend' is operational again.
Further BUILDENV refinement, further fool-proofing of Makefiles and [most importantly] put back dependencies accidentaly eliminated in check-in #13342.
Improve shell portability of new rules in Makefile.shared.
Move cryptlib.h prior bio.h. Actually it makes sense to include cryptlib.h first everywhere in crypto and skip stdio.h and string.h [because it includes them].
Disclaim 16-bit support.
OPENSSL_Applink update.
mdc2test is not built by default anymore.
Keep disclaming 16-bit support.
Engage Applink for VC builds.
Engage Applink in mingw. Note that application-side module is not compiled into *our* aplpications. That's because mingw is always consistent with itself. Having library-side code linked into .dll makes it possible to deploy the .dll with user-code compiled with another compiler [which is pretty much the whole point behind Applink].
Don't emit SSE2 instructions unless were asked to. PR: 1073
FAQ update to mention Applink.
FAQ to mention no-sse2.
Move _WIN32_WINNT definition from command line to e_os.h. The change is inspired by VC6 failure report. In addition abstain from taking screen snapshots when running in NT service context.
Default to no-sse2 on selected platforms.
Still SEGV trouble in .init segment under Solaris x86...
OPENSSL_NO_SHA512 to mask even SHA512_CTX declaration. This is done to make no-sha512 more effective on platforms, which don't support 64-bit integer type of *any* kind.
Be more consistent with OPENSSL_NO_SHA256.
Platform update from 8-stable.
Platform update from 8-stable.
Fix typo in ./config.
Missing sparcv8.o rule. PR: 1082
Mention more GCC bugs in ./PROBLEMS.
"Show" more respect to no-sha* config options. PR: 1086
PSS update [from 0.9.7].
Fix inconsistensy between 8 and HEAD.
./PROBLEMS to mention workarounds for ULTRIX build problems. PR: 1092
Unify BSDi target.
New function, DSO_pathbyaddr, to find pathname for loaded shared object by an address within it. Tested on Linux, Solaris, IRIX, Tru64, Darwin, HP-UX, Win32, few BSD flavors...
Change mention of Makefile.ssl to Makefile.
FAQ to mention no-sha512 as option for compilers without support for 64-bit integer type.
Allow BIO_s_file to open and sequentially access files larger than 2GB on affected platforms. PR: 973
"Liberate" dtls from BN dependency. Fix bug in replay/update.
Allow for dso load by explicit path on HP-UX.
Eliminate gcc -pedantic warnings.
Handle wrap-arounds and revive missing assignment.
Solaris x86_64 /usr/ccs/bin/as support.
Refine ELF detection on BSD platforms.
Fix typo in ssl/d1_pkt.c.
Solaris-specific Makefile.shared update from 098.
TABLE was out-of-sync.
no-asm didn't prevent make from compiling assembler modules.
Jumbo Makfiles update.
HP-UX specific updates to Makefile.org and Makefile.shared.
Rename mips3.o to bn-mips3.o [it's better in long run] and adjust the rule to accomodate gcc4, which no longer support SGI as.
Typo in bn-mips3 rule.
Missed -c in IRIX rules.
Darwin specific update for Configure and Makefile.shared.
Replace emms with finit in x86cpuid.
Omit padding in RC4_KEY on IA-64. The idea behind padding was to reserve room for aligning of the key schedule itself [specific alignment is required for future performance improvements], but OpenSSH "abuses" our API by making copies and restoring RC4_KEY, thus ruining the alignment and making it impossible to recover the key schedule. PR: 1114
Minimum requirement for Solaris x86 was always Pentium. Reflect this in Configure line. TABLE update accomodates other recent ./Configure changes...
Minor (final?) Makefiles polish.
Unify some SCO targets.
Fix typos in apps/apps.c
Eliminate dependency on UNICODE macro.
Mention hpux64-ia64-cc blowfish failure in PROBLEMS.
A report suggests that there're nasm version, which defaults to 16-bit segmenting...
Replace _int64 with __int64, which is more widely accepted among Win32 compiler vendors.
AES_cbc_encrypt to allow end-user to retain small blocks performance by aligning the key schedule in a specific manner.
Typos in commentary section.
Pedantic polish to aes-586.pl:-)
Decimal printout of a BN is wrong on PPC, it's sparse with very few significant digits. As soon it verifies elsewhere it goes to 0.9.8 and 0.9.7.
More elegant solution to "sparse decimal printout on PPC" problem.
Trap condition should be 64-bit when it's due.
Fix bugs in bug-fix to x509/by_dir.c. PR: 1131
Pull up Win64 support from 0.9.8.
CHANGES and TABLE sync with 0.9.8.
Latest Intel compiler means every word in "if copying [with memcpy] takes place between objects that overlap, the behavior is undefined." It's hard to comprehend, but it reportedly manages to be case.
AES x86_64 assembler implementation.
complementary x86_64-xlate.pl update.
Commentary section update.
~15% better AES x86_64 assembler.
Fix unwind directives in IA-64 assembler modules. This helps symbolic debugging and doesn't affect functionality.
Unrolled RC4 IA-64 loop gives 40% improvement over current assembler implementation [as predicted].
This update implements following improvements.
Switch to new RC4 IA-64 module.
Retire original rc4-ia64.S.
MD5 IA-64 assembler implementation. Original copy for reference purposes.
This update gets endianness-neutrality right and adds second required entry point, md5_block_asm_data_order.
Engage MD5 assembler module.
Fix bug [SHA1 IA-64 being disabled] introduced with Stratus VOS update. PR: 1130
Perl stylistic/cosmetic update for aes-x86_64.pl.
Typo in version number.
Pedantic polish to rc4-ia64.pl.
Syncronize BSD-ia64 with other IA64-based platforms.
Pedantic polish to md5-ia64.S.
Pedantic polish to aes-ia64 and sha512-ia64.
SHA-256/-512 x86_64 assembler module.
Engage SHA-256/-512 x86_64 assembler module.
Eliminate gcc warning in dso_win32.c.
Pull up mkdef.pl from 0.9.8.
Unify VC-32.pl and VC-CE.pl scripts and update INSTALL.W32.
Commentary section update in sha512-x86_64.pl.
Fix #if _MSC_VER clause in aes_locl.h
Eliminate dependency on 3rd party wcedefs.mak.
Implement complementary LoadLibraryA shim under WCE.
Type in OSF1 platform name.
Eliminate bogus #if WCEPLATFORM!=MS_HPC_PRO [which by the way unconditionally invalidated the whole clause] and replace it with #if _WIN32_WCE>=210.
Stick to -DWCE_PLATFORM_$wceplatf, as that's what is apparently set by Visual Studio IDE.
Optimize for space on embedded WCE.
Keep disclaiming 16-bit support.
WCE-specific fix for cryptlib.c.
WCE-specific update for VC-32.pl.
Abstain from GUI calls in rand_win.c in NT service context.
PIC-ify SPARC assembler in alternative manner to eliminate dependency on OPENSSL_PIC macro.
WCE update, mostly typos.
3-4 times better RSA/DSA performance on WIN64A target. Well, on AMD64 CPU, EMT64T will hardly exhibit better performance...
Final(?) WinCE update.
Add support for more recent WCE SDK.
Suppress "deprecated" warnings introduced in VC8.
Fix Intel assembler warnings.
Mention wcecompat update INSTALL.WCE.
Fix typo in WCE section in VC-32.pl
Pedantic polish to WCE-specific #if clause in ectest.c
Eliminate reference to removed platform line.
bswapl usage should be masked by I386_ONLY. PR: 1195
Oops-type typo. PR: 1195
Missing space in VC-32.pl.
Another missing space in VC-32.pl [from 0.9.8].
Mention BN_sqr failure on x86 platforms in ./RPOBLEMS. PR: 1176 [and others]
Proper solution to nasm compilation problems in Borland context.
BC-32.pl updates.
Refine AIX support. PR: 1198
MD5 x86_64 assembler update.
Fix typo: "powepc" vs "powerpc." G-r-r-r-r. PR: 1198
IA-32 BN tune-up. Performance imrpovement varies with platform and keylength, this time larger improvement for shorter keys, and reaches 15%. Both SSE2 and IALU code pathes are improved.
"Overload" SunOS 4.x memcmp, which ruins ASN1_OBJECT table lookups. PR: 1196 Submitted by: Russel Ruby
Latest MSVCR80 doesn't tolerate unsupported signal numbers, throwing fatal exceptions.
Broaden compatibility among Windows SDK versions. Elder versions don't have ULONG_PTR, so we replace it with equally wide SIZE_T.
Fix SunOS 4 building issue. PR: 1196
Fix missing applink call.
Fix typo.
Add reference implementation for bn_[mul|sqr]_mont, new candidates for assembler implementation.
Reserve for SMALL_FOOTPRINT bn_asm.c. Currently OPENSSL_SMALL_FOOTPRINT is defined on Windows CE targets.
Fix typo in exptest.c.
Zap DES_UNROLL when SMALL_FOOTPRINT is in effect.
Fix typo in INSTALL.WCE.
Mention "no-dso doesn't remove -ldl" in PROBLEMS. PR: 1160
Leave the decision to call/implement bn_sqr_mont to assembler developer.
Refine logic in bn_mont.c and eliminate redundant BN_CTX pulls.
Throw in Montgomery multiplication assembler for x86_64.
x86_64-mont.pl readability improvement.
Throw in bn/asm/x86-mont.pl Montgomery multiplication "teaser".
Add timestamp to x86-mont.pl.
Broaden compatibility amount Win32 headers even further [some don't have SIZE_T].
Fix bug in SMALL_FOOTPRINT path and clarify comment.
Make sure x86-mont.pl returns zero even if compiled with no-sse2.
Flip saved argument block and tp [required for non-SSE2 path].
Yet another "teaser" Montgomery multiply module, for UltraSPARC. It's not integrated yet, but it's tested and benchmarked [see commentary section for further details].
util/pl/OS2-EMX.pl sync.
Add rudimentary aix64-gcc target.
Change bn_mul_mont declaration and BN_MONT_CTX. Update CHANGES.
Add support for 32-bit ABI to sparcv9a-mont.pl module.
Eliminate gcc warning in bn_mont.c.
bn_asm.c update.
Integrate sparcv9a-mont.pl into UltraSPARC builds.
Clarify binary compatibility with HAL/Fujitsu SPARC64 family.
Move DES_SPtrans to where it really belongs, dec_enc to be specific.
Eliminate ~3.5KB of duplicate code in des-586.pl and reserve for folded loop option, which can give further 3KB code reduction.
Fix typos in macos x targets.
Eliminate false preprocessor dependencies introduced with VOS support.
+20% SHA512 performance improvement on x86.
Fix install problems on MacOS X and HP-UX. PR: 1218,1185
Add -install_name in link_a.darwin rule. PR: 1218
Make pshufw optional and update performance table in sha512-sse2.pl [as per http://cvs.openssl.org/chngview?cn=14551].
Disable BIO_s_fd on CE and disable fd:N as password passing option on all _WIN32 [see commentary for clarification].
Reserve for OPENSSL_NO_POSIX_IO macro which is to eliminate references to open/read/write/close. First OPENSSL_NO_POSIX_IO target would be Windows CE.
Mask libcrypto references to stat with OPENSSL_NO_POSIX_IO.
Get rid of arcane reference to _fmode in apps/apps.h. Binary open is handles properly by bss_file.c, which renders _fmode redundant.
Make cygwin work in directories mounted with 'text' attribute.
Engage OPENSSL_NO_POSIX_IO on Windows CE.
Eliminate dependency on read/write/stat in apps under _WIN32.
Eliminate remaining calls to stat in apps/apps.c and unify WIN32_rename for all Windows targets.
Eliminate crypto/tmdiff.[ch].
Collect timing procedures in apps/apps.c. It's a bit cruel patch, as it temporarily[!] removes support for couple of esoteric platforms [well, Netware, vxWorks and VMS].
Fix newly introduced typos and warnings in ./apps.
x86_64-xlate.pl commentary section update.
The typos never stop. Fix one in apps/apps.c.
Keep removing references to tmdiff.
Revive app_tminterval for VMS.
Revive app_tminterval for vxworks.
Revive app_tminterval for Netware.
First draft for WCE PortSDK support. Once again! It's *draft* which requires more work, i.e. more modifications are due...
Eliminate VC compiler warning.
Address MASM-specific problems introduced with http://cvs.openssl.org/chngview?cn=14547.
Move declaration for optional bn_mul_mont to bn_lcl.h in order to hide it from mkdef.pl.
One of Win64 rules lacked bufferoverflowu.lib.
Improve cross-compiler portability of applink.c module and mention CRYPTO_malloc_init in FAQ.
Tidying up WinCE support.
Minor perlasm clean-up.
AIX -blibpath is not accumulative, one apparently has to specify even self-obvious /usr/lib:/lib. PR: 1239
Mention PROBLEMS in FAQ.
Avoid end-less loop when libcrypto.a is manually deleted, but 'make clean' was not executed. It doesn't excuse user from running 'make clean', it simply avoids process table exhaustion. PR: 1236 Submitted by: Michael Richardson
Throw in comment so that one doesn't get tempted to optimize it away.
Attempt to resolve sporadic SEGV crashes in bn_sub_words in OpenSSH. I'm baffled why it crashes and does it sporadically...
Apply "better safe than sorry" approach after addressing sporadic SEGV in bn_sub_words to the rest of the sparcv8plus.S.
Keep shutting up VC8. PR: 1243
Whirlpool hash implementation. The fact that subdirectory and .h file are called whrlpool is not a typo, but a way to keep the names shorter than 8 characters. Remaining TODO list comprises adding OID, EVP, corresponding flag to apps/openssl dgst, benchmark, engage assembler...
Add missing Makefile and fix couple of typos in commentary.
Remove development leftover from whrlpool/asm/wp-mmx.pl.
Add Whirlpool OID.
Fix typos in wp-mmx.pl.
Adapt Whirlpool API for EVP.
Add Whirlpool to EVP.
Mention Whirlpool in dgst -help.
Whirlpool for x86_64.
x86cpuid.pl update.
Couple other benchmark comparisons for wp-x86_64.pl.
Fix typos in wp-mmx.pl.
Support for indirect calls in x86 assembler modules.
Initial draft for AES for UltraSPARC assembler.
Revoke the option to share AES S-boxes between C and assembler. It wastes space, but gives total flexibility [back].
Engage AES for UltraSPARC in sparcv9 targets.
Minor aes-sparcv9.pl optimization.
Allow for bn(64,32) on LP64 platforms.
Switch 64-bit sparcv9 platforms from bn(64,64) to bn(64,32). This doesn't have impact on performance, because amount of multiplications does not increase with this switch, not on sparcv9 that is. On the contrary, it actually improves performance, because it spares a load of instructions used to chase carries. Not to mention that BN assembler modules can be shared more freely between 32- and 64-bit builts.
Add IALU-only bn_mul_mont for SPARCv9. See commentary section for details.
sparccpuid module update.
To exclude contention for shared FPU on T1, trade 3% of DES performance.
Eliminate warning induced by http://cvs.openssl.org/chngview?cn=14690 and keep disclaiming narrower than 32-bit support.
We all make typos:-) Fix just introduced ones in bn.h
Mention bn(64,64) to bn(64,32) switch on 64-bit SPARCv9 targets in CHANGES.
Allow for warning-free passing of -Wl options on config command line. One possible usage is to pass -Wl,-z,-noexecstack on Linux to ensure the stack is marked non-executable. Well, -Wa,--noexecstack works fine too...
Make room for Whirlpool assembler in Configure.
Engage Whirlpool assembler and mention Whirlpool in CHANGES.
Make framework for Whirlpool assembler flexible.
Unify sparcv9 assembler naming and build rules among 32- and 64-bit builds. Engage run-time switch between bn_mul_mont_fpu and bn_mul_mont_int.
Fix typos in osf1 shared rules. PR: 1248 Submitted by: Nikola Milutinovic
Make bio.h resistant to gnu-ish __attribute__ redefenitions. PR: 1252
Put back OPENSSL_SYS_MSDOS definition to revive DJGPP built. PR: 1247
Missing CFLAG in couple of depend: targets. PR: 1247 Submitted by: Doug Kaufman
Keep disclaiming 16-bit platform support. For now remove WIN16 references from .h files...
Typo in sparcv8cap.c.
Eliminate possible mapping leak.
As SPARCV9 CPU flavor is [expected to be] detected at run-time, we can afford to relax SPARCV9/8+ compiler command line and produce "unversal" binaries as we used to.
Lower PADLOCK_CHUNK till value, which doesn't affect the benchmark results. Well, it's even contrary, 512 was observed to *improve* performance by 5%. Excuse ourselves from treating C7 specially.
Minor sparcv9 clean-ups.
Fix CFB and OFB modes in eng_padlock.c. Engine was consistent with itself, but not interoperable with the rest of the world. test_padlock script is added mostly for reference.
Add DSO_global_lookup_func implementation. See commentary in dso_lib.c for further details.
Oops! Remove junk...
Fix mapping "leak" in newly introduced win32_globallookup.
util/mkerr.pl update to address various mkerr.pl problems [such as failure to handle multi-line comments and endless loop while parsing overloaded gnu-ish __attribute__].
"Relax" prototype and rename DSO_global_lookup_func to DSO_global_lookup.
Make b_sock.c IPv6 savvy.
Typo in win32_globallookup.
./util update, which covers various issues, but most importantly mkerr.pl and mkdef.pl spinning in endless loop.
Fix typo and purify logic in b_sock.c
Compile Windows with winsock2.h. But note that we still link with wsock32! This works because wsock32 commonly loads ws2_32 anyway and we [intend to] check upon presense of winsock2-specific API at run-time.
Refine login in b_sock.c.
SHA-1 for x86_64.
Yet another "teaser" Montgomery multiplication module, for PowerPC.
SHA1 for PowerPC.
Typo in linux-ppc line.
PPC assembler distiller update.
Minor PPC assembler updates.
Futher minor PPC assembler update.
Tiny up hpux targets.
Tune up AES CFB. Performance improvement varies from 10% to 50% from platform to platform. Its absolute value is within few percents marginal from that of ECB.
Minor sha1-ppc.pl update.
Add sha512-ppc.pl module.
Minor ppc-xlate.pl update.
Correct logical error in STRICT_ALIGNMENT check and remove copy of eay licence, as module is practically rewritten from scratch [well, even original submission was obviously "almost, but not quite, entirely unlike" any other eay *_cfb.c module, not to mention new functions].
Reimplement AES_ofb128_encrypt.
Sync aes.h with http://cvs.openssl.org/chngview?cn=15336.
Fix obvious typo.
Mitigate cache-collision timing attack on last round.
Mitigate the hazard of cache-collision timing attack on last round. Well, prefetch could have been moved closer to Td4 references. Something for later consideration...
Mitigate the hazard of cache-collision timing attack on last round. The only chance for T[ed]4 to get evicted in this module is when its cache "overlaps" with last 128 bits of key schedule.
Prepare playground for AES experimental code.
Typos(?) in HEAD/crypto/evp/p_lib.c.
Unsigned vs signed comparison warning.
Fix compiler warnings.
Add option for "compact" rounds to aes_x86core.c. "Compact" rounds are those referencing compact, 256-byte, S-boxes.
Reimplement outer rounds as "compact" in x86 assembler. This has rather strong impact on decrypt performance, 20-25%. One probably should consider switching between slower and faster routines depending on how much data we were asked to process.
Next generation aes-586.pl featuring AES_[en|de]crypt, accessing exclusively 256 byte S-box. AES_cbc_encrypt needs further work as it should also use slow routines when processing smaller amount of data.
perlasm/x86unix.pl update.
Engage assembler in solaris64-x86_64-cc.
Real Bourne shell doesn't interpret ==, but =.
Switch to compact S-box when generating AES key schedule.
Switch to compact S-box when generating AES key schedule.
Agressively prefetch S-box in SSE codepatch, relax alignment requirement, check for SSE bit instead of MMX, as pshufw was introduces in PIII, minor optimization, typos...
Revised AES_cbc_encrypt in x86 assembler module.
+20% tune-up for Power5.
Fix bug in x86unix.pl introduced in latest update. PR: 1380
Fix bug in aes-586.pl.
Rewrite sha1-586.pl.
Improve 386 portability of aes-586.pl.
Remove x86ms.pl and reimplement x86*.pl.
As x86ms.pl is out, remove do_masm.bat and mention to it in INSTALL.W32.
Race condition in ms/uplink.c. PR: 1382
Build error on non-unix. PR: 1390
Re-implement md32_common.h [make it simpler!] and eliminate code rendered redundant as result.
Linking errors on IA64 and typo in aes-ia64.S.
Support for .asciz directive in perlasm modules.
Synchronize SHA1 assembler with md32_common.h update.
VIA-specific Montgomery multiplication routine.
Further synchronizations with md32_common.h update.
bn/asm/ppc.pl to use ppc-xlate.pl.
Further synchronizations with md32_common.h update, consistent naming for low-level SHA block routines.
Typo in perlasm/x86asm.pl.
Fix bug in big-endian path and optimize it for size.
Temporary fix for sha256 IA64 assembler.
Gcc over-optimizes PadLock AES CFB codepath, tell it not to.
Avoid application relink on every make invocation.
Align data payload for better performance.
Rudimentary support for cross-compiling.
Make c_rehash more platform neutral and make it work in mixed environment, such as MSYS with "native" Win32 perl.
Allow for mingw cross-compile configuration.
Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even recent mingw modifications.
Fix mingw warnings.
OPENSSL_ia32cap.pod update.
Yet another mingw warning.
Harmonize dll naming in mingw builds.
Further mingw build procedure updates.
Minor portability update to c_rehash.
sha512-ppc.pl mutli-thread safety fix.
Non-SSE2 path to bn_mul_mont. But it's disabled, because it currently doesn't give performance improvement.
This is "informational" commit. Its mere purpose is to expose "modulo factor" in inner loops.
Modulo-schedule loops in sparcv9a-mont.pl. Overall improvement factor over 0.9.8 is up to 3x on USI&II cores and up to 80% - on USIII&IV.
Minor optimizations based on intruction level profiler feedback.
Clarify HAL SPARC64 support situation in sparcv9a-mont.pl.
Camellia portability fixes.
Fix bugs in Camellia CBC routine.
Improve Camellia code readability.
Eliminate redundant variable in Camellia CBC routine.
Montgomery multiplication routine for Alpha.
Minor, +10%, tune-up for x86_64-mont.pl.
alpha-mont.pl: gcc portability fix and make-rule.
Engage alpha-mont module. Actually verified on Tru64 only.
Eliminate 64-bit alignment limitation in sparcv9a-mont.
x86-mont.pl sse2 tune-up and integer-only squaring procedure.
Make sha.h more "portable."
Oops! New prototype code creeped through...
Fix for "strange errors" exposed by ccgost engine. The fix is two extra insructions in sqradd loop at line #503.
Minor performance improvements to x86-mont.pl.
Move eng_padlock.c to ./engines.
Allow opensslwrap.sh to access engines from build tree.
Minor clean-up in crypto/engine.
Minor clean-up in crypto/bn/asm.
Montgomery multiplication for MIPS III/IV. Not engaged.
#include <stddef.h> in digest headers.
opensslwrap.sh to respect $OPENSSL_ENGINES.
Montgomery multiplication for ARMv4.
Make armv4t-mont module backward binary compatible with armv4 and rename it accordingly.
SHA1 for ARMv4 and Thumb.
Minor optimization for sha1-armv4 module.
AES for ARMv4.
Minor touch to aes-armv4.pl.
Minimize aes_core.c footprint when AES_[en|de]crypt is implemented in assembler.
sparcv9a-mont was modified to handle 32-bit aligned input, but check for 64-bit alignment was not removed.
nasm fixes.
Various PowerPC config updates.
Remove obsolete comment.
Two extra instructions in RC4 character loop give 80% performance improvement on Core2. I still need to detect Core2 and choose this path...
link warnings caused by nasm modules.
Fixes for aix-shared rules.
aix[64]-cc config lines update.
Allow shared builds for aix[64]-gcc targets.
Reserve for assembler implementation of RC4_set_key and implement x86 one.
Update x86cpuid.pl to correctly detect shared cache and to support new RC4_set_key.
RC4_set_key for x86_64 and Core2 optimization. PR: 1447
Reimplement rc4-586.pl, relicense rc4-x86_64.pl.
s390x assembler pack.
Engage s390x assembler modules.
s390x optimizations.
Bug in apps/dgst.c.
Typo in s390x_asm.
Typo in commit #16187.
rll does not seem to be available on legacy s390.
Revert irrelevant changes from commit #16191.
Fix s390x bugs and correct performance coefficients.
Fine reading of manual suggests that km can return non-normal completion code.
Fix bug introduced in cn#16195.
SHA for sparcv9.
Engage SHA for sparcv9.
Detect UltraSPARC T1 in ./config.
Commentary updates to SHA for sparcv9.
Mention Core2 in sha1-x86_64.
Make sha*-ia64 modules alignment neutral.
As all assembler modules are alignment neutral, allow C to pass unaligned content.
x86_64 assembler updates.
Profiling revealed that OPENSSL_cleanse consumes *more* CPU time than sha1_block_data_order when hashing short messages. Move OPENSSL_cleanse to "cpuid" assembler module and gain 2x.
Add alphacpuid.s
Fix linking error after adding alphacpuid.s.
Throw in ppccpuid module.
Initial draft of AES for PPC.
sparccpuid.s update.
ppc-xlate.pl update.
x86cpuid fixes. PR: 1526
Typo in x509_txt.c.
--enable-auto-image-base in cygwin build. PR: 1517 Submitted by: vinschen at redhat.com
Typo in aes-ppc.pl.
Padlock engine fails to compile with -O0 -fPIC.
OPENSSL_IMPLEMENT_GLOBAL caused more grief than it's worth (it's used twice in legacy code). I'd rather just remove it along with legacy interface, but it's probably not as appropriate as I'd like. Reimplement the macro.
SHA256 for ARMv4.
AES_set_[en|de]crypt_key for s390x.
s390x gas can't handle .align 128.
AES_set_[en|de]crypt_key for ARMv4.
Eliminate conditional final subtraction in Montgomery multiplication.
Commentary updates and minor optimization for bn_mont.c.
Privatize BN_*_no_branch.
Eliminate conditional final subtraction in Montgomery assembler modules.
SPARC Solaris and Linux assemblers treat .align directive differently. PR: 1547
Make some shortcuts in sparcv9cap.c. Trouble is that di_walk_node result is inconsistent among CPU generations.
Typo in Linux part of sparcv9cap.c PR: 1532
bn_asm for s390x.
Optimize OPENSSL_cleanse.
CHANGES update from 098-stable.
Typo in x86_64-mont.pl. PR: 1549
Flush output in x86_64cpuid.pl.
Latest bn_mont.c modification broke ECDSA test. I've got math wrong, which is fixed now.
Fix build problem on Tru64.
Typo in str_lib.c PR: 1177
bn_mul_recursive doesn't handle all cases correctly, which results in BN_mul failures at certain key-length mixes. PR: 1427
EVP_*_cfb1 was broken. PR: 1318
Add _x86_64_AES_[en|de]crypt_compact.
Various minor updates to AES assembler modules.
gas -g doesn't tolerate unpadded .bytes in code segment.
shlib_wrap.sh update.
_x86_64_AES_[en|de]crypt_compact: size optimization and aggressive T[ed]4 prefetch.
Minor optimization in AES_set_encryption_key for x86_64.
Lppc_AES_[en|de]crypt_compact: size optimization.
Complete synchronization of aes-x86_64 with aes-586.
x86*cpuid update.
md32_common.h update.
Allow for option to skip hardware support.
Configure update from 098.
x86 perlasm updates.
ia64cpuid update.
AES for IA64 update.
Respect ISO aliasing rules. PR: 1296
Make ppccpuid AIX friendly.
As for inline vs. __inline. The original code implies that most compilers understand inline, while WIN32 ones insist on __inline. Well, there are other compilers that insist on __inline. At the same time it turned out that most compilers understand both __inline and inline. I could find only one that doesn't understand __inline, Sun C. In other words it seems that __inline as preferred choice provides better coverage...
Make preprocessor logic more fail-safe.
Buglet fixes and minor optimization in aes-x86_86 assembler.
Typo in ppccpuid.pl.
Proper support for shared build under MacOS X.
MacOS X update.
Typos in ./config. PR: 1563
Workaround MSVC6 compiler bug.
Make x86_64 modules work under Win64/x64.
IRIX and Tru64 platform updates.
shlib_wrap update, IRIX section.
shlib_wrap commentary update.
Make room for Camellia assembler.
Make naming more consistent.
Improve cache locality in linux64-sparcv9.
aes_ige suffered SIGBUS on RISC platforms.
Add darwin64-x86_64-cc target.
Unify RC4 settings among darwin platforms.
Compress and more aggressively constify ec_curve.c [the latter is achieved by minimizing link relocations].
Offer darwin64-x86_64-cc as option.
Constify seed and md2.
Add sha512_block implementation optimized for small register bank. On x86 it gives same performance, while code size shrinks >10 times.
SHA256/512 for x86.
SHA512 for ARMv4.
Commentary updates.
More Intel cc fix-ups.
Engage new x86 assembler modules.
Remove sha512-sse2.pl.
Make bn2dec work on "SIXTY_FOUR_BIT" platforms. PR: 1456
BSD run-time linkers apparently demand RPATH on .so objects. PR: 1381
Minor fix in link_[oa].hpux.
It's inappropraite to override application signal, nor is it appropriate to shut down Winsock unless we know it won't be used [and we never do]. PR: 1439
Minor sha[256|512]-586 performance tweaks.
Remove pq_compat.h.
Mention SHA2 in openssl.pod. PR: 1575
Mention aes in enc.pod. PR: 1529
Remove excessive whitespaces from bio.h
Minimize stack utilization in probable_prime.
Eliminate redundant make rule.
Wire DES weak_keys to read-only segment.
Constify obj_dat.[ch], as well as minimize linker relocations.
Wire RC4 key_table to read-only segment.
Minor formatting fixes in crypto/sha/asm.
Addenum to "Constify obj_dat.[ch]."
Fix indentation in d1_both.c.
Clarify commentary in sha512-sparcv9.pl.
Make sha512-armv4.pl byte-order neutral.
10% performance tweak in 64-bit mode.
ARMv4 assembler pack.
Minor ARMv4 update.
Move -march=armv4t to ./config.
Yet another ARM update. It appears to be more appropriate to make developers responsible for -march choice.
Switch to RFC-compliant version encoding in DTLS.
DTLS RFC4347 requires client to use rame random field in reply to HelloVerifyRequest.
DTLS RFC4347 says HelloVerifyRequest resets Finished MAC.
Make ChangeCipherSpec compliant with DTLS RFC4347.
Basic idea behind explicit IV is to make it unpredictable for attacker. Until now it was xor between CBC residue and 1st block from last datagram, or in other words still predictable.
Oops! This was erroneously left out commit #16632.
Switch to bn-s390x (it's faster on keys longer than 512 bits) and mention s390x assembler pack in CHANAGES.
Prohibit RC4 in DTLS.
Make it possible to link VC static lib with either /MT or /MD application. PR: 1230
Addendum to commit #16651.
size_t-fy crypto/buffer.
Addendum to commit #16654.
Make DTLS1 record layer MAC calculation RFC compliant.
Respect cookie length set by app_gen_cookie_cb.
Synchronize CHANGES between 0.9.8 and HEAD.
DTLS fixes from 0.9.8-stable.
Fix warnings in d1_both.c [from 0.9.8-stable].
Bunch of constifications.
Make ssl compile [from 098-stable, bug is masked by default].
Don't let DTLS ChangeCipherSpec increment handshake sequence number. PR: 1587
Commit #16325 fixed one thing but broke DH with certain moduli.
Combat [bogus] relocations in some assember modules.
Synchronize x86nasm.pl with x86unix.pl.
Structure symbol decorations, optimize label handling...
Some assembler are allergic to lea reg,BYTE PTR[...].
gmp engine was non-operational.
x86 perlasm overhaul.
Disable support for Metrowerks assembler. Assembler itself is broken, specifically it incorrectly encodes EA offsets between 128 and 255.
Mac OS X x86 assembler support.
Engage x86 assembler in Mac OS X build.
Source readability fix, which incidentally works around XLC compiler bug.
ppc-xlate.pl update.
New Montgomery multiplication module, ppc64-mont.pl. Reference, non-optimized implementation. This is essentially informational commit.
This is also informational commit exposing loop modulo scheduling "factor."
Final (for this commit series) optimized version and with commentary section.
perlasm/x86*.pl updates.
NASM has recently changed name of win32 pre-compiled binary. PR: 1627
x86gas.pl update.
Last dso_dlfcn.c check-in said "Use Dl_info only on systems where it is known to exist. It does not exist on AIX 4.3.3, AIX 5.1, SCO 5, or Cygwin" and disabled it on banch of systems it's known to exists, such as FreeBSD, Solaris, 64-bit HP-UX, MacOS X. Get it straight.
Make AES_T[ed] private to aes-586 module.
Make aes-x86_64 work with debug Win64 build.
engine/ccgost Win32 portability fixes.
Compensate for BSDi shell bug.
Cygwin compatibility fix to apps/ocsp.c.
Fix unsigned/signed warnings in ssl.
Automate assembler support in mk1mf even further.
Unify x86 perlasm make rules.
rc4-x86_64 portability fix.
Make all x86_64 modules independent on current working directory.
Allow to specify filename on sha1-ia64.pl command line.
Automate assembler support for Win64 targets (more work is needed).
Unify ppc assembler make rules.
crypto/rc5/Makefile was erroneously omitted from last perlasm unification. Also remove obsolete and now misleading comments.
rc5/asm/rc5-586.pl was erroneously omitted from last perlasm unification.
ppc64-mont optimization.
Micro-profiling assisted "optimization" for Power6. Essentially it's so to say educational commit. Reordering instructions doesn't improve performance much, rather exhibits Power6 limitations.
Ad-hockery for Platform SDK ml64.
Support for NASM>=2 in Win64/x64 build.
Make x86_64-mont.pl work with debug Win64 build.
Fix fast reduction on NIST curves (as well BN_NIST_ADD_ONE macro). PR: 1593
Do BN_nist_mod_384 by the book, as cheating doesn't work. Other functions will be revised too. PR: 1593
Clarifying comment.
Fix remaining BN_nist_mod_*. PR: 1593
Resolve __DECC warning and keep disclaiming support for 16-bit platforms.
Takanori Yanagisawa has shown how to correctly use pre-computed values. So in a sense this commit reverts few latest ones fixing bugs in original code and improving it, most notably adding 64-bit support [though not in BN_nist_mod_224 yet]. PR: 1593
Compensate inline assembler in sha512.c for gcc 2.7.2 compiler bug. PR: 1667
Add 64-bit support to BN_nist_mod_244 and engage BN_nist_mod_* on 64-bit platforms.
Depict future Win64/x64 development.
Reaffirm that NASM is the only supported assembler for Win32 build.
x86nasm.pl update: use pre-defined macros and allow for /safeseh link.
x86masm.pl cosmetics.
des-596.pl update: short-circuit reference to DES_SPtrans.
x86_64cpuid.pl cosmetics: harmonize $dir treatment with other modules.
x86masm.pl: harmonize functions' alignment.
Remove junk argument to function_begin in sha/asm/*-586.pl. PR: 1681
mem_dbg.c: avoid compiler warnings. PR: 1693 Submitted by: Stefan Neis
x86_64-xlate.pl: implement indirect jump/calls, support for Win64 SEH.
perlasm update: implement dataseg directive.
Split ms/uplink.pl to corresponding platform versions.
sha1-armv4-large.pl performance improvement. On PXA255 it gives +10% on 8KB block, +60% on 1KB, +160% on 256B...
sha1-armv4-large cosmetics.
AIX build updates.
DTLS didn't handle alerts correctly. PR: 1632
dtls1_write_bytes consumers expect amount of bytes written per call, not overall. PR: 1604
Winsock handles SO_RCVTIMEO in unique manner... PR: 1648
Fix yesterday typos in bss_dgram.c.
Fix EC_KEY_check_key.
Remove redundant BN_ucmp, fix boundary condition in BN_nist_mod_224 and reimplement BN_nist_mod_521.
Optimize bn_correct_top.
Fix argument order in BN_nnmod call and implement rigorous boundary condition check.
x86_64-xlate.pl update: refine SEH support.
Camellia update. Quoting camellia.c:
Harmonize Camellia API with version 1.x.
Fix crash in BN_rshift. PR: 1663
Minor clean-up in bn_lib.c: constification and optimization.
ec2_mult.c readability update.
Fix typo in ./config.
.cvsignore update: ignore all flavors of shared objects.
randfile.c: .rnd can become orphaned on VMS.
size_t-fy AES, Camellia and RC4.
size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require underlying cipher to be size_t-fied, it allows for size_t, signed and unsigned long. It maintains source and even binary compatibility.
Fix warnings after commit#17578.
Fix SHA512 and optimize BN for mingw64.
Fix bss_log.c on Windows.
Minor perlasm updates.
Add initial support for mingw64. PR: 1693 Submitted by: Alon Bar-Lev
Revert commit #17603, it should have been part of #17617.
x86_64-xlate.pl to support MacOS X and mingw64.
x86_64 assembler pack to comply with updated styling x86_64-xlate.pl rules.
Update make rules for x86_64 assembler pack.
Configure update: clean-ups and most notably engage x86_64 assembler on MacOS X.
x86_64-xlate.pl update, engage x86_64 assembler in mingw64.
Add Camellia assembler x86 and x86_64 modules.
no-asm didn't exclude Camellia assembler.
Bring C bn_mul_mont template closer to assembler.
SEED to support OPENSSL_SMALL_FOOTPRINT: ~2x size decrease on x86.
128-bit block cipher modes consolidation. As consolidated functions rely on indirect call to block functions, they are not as fast as non-consolidated routines. However, performance loss(*) is within measurement error and consolidation advantages are considered to outweigh it.
SEGV in AES_cbc_encrypt in aes-x86_64 assembler module. PR: 1801 Submitted by: Huang Ying
perlasm/x86* update: support for 3 and 4 argument instructions.
x86_64-xlate.pl: fix masm hexadecimal constants.
x86_64 assembler pack: add support for Win64 SEH.
cmll-x86_64.pl: bug fix and size optimization of Win64 SEH section.
make depend to work with cross-gcc, compensate for msys glitch. PR: 1753 Submitted by: Alon Bar-Lev
This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another .DLL, in particular static build. The issue has been discussed in RT#1230 and later on openssl-dev, and mutually exclusive approaches were suggested. This completes compromise solution suggested in RT#1230. PR: 1230
Incidentally http://cvs.openssl.org/chngview?cn=17710 also made it possible to build the library without -D_CRT_NONSTDC_NO_DEPRECATE. This commit expands it even to apps catalog and actually omits the macro in question from Configure.
Optimize #undef DES_UNROLL for size.
cmll-x86_64.pl: Win64 SEH section to handle pushf/popf in CBC routine.
Optimize CAST for size on 64-bit platforms. For reference, CAST_LONG being unsigned long must be attributed to 16-bit support. As we don't support 16-bit platoforms anymore, there is no reason to waste twice required space on CAST S-boxes (16KB vs. 8KB) or key schedule.
crypto/modes: make modes.h selfsufficient and rename block_f to block128_t.
Engage crypto/modes.
Patch the omission from prvious commit #17716.
Windows-specific addenum to "engage crypto/modes" commit #17716.
Revisit RT#1801 and complete fix.
cmll-x86_64.pl: fix bug in cbc tail processing and comply with Win64 ABI spec.
Add modes/cts128.c, Ciphertext Stealing implementation.
x86_64-xlate.pl: support for binary constants, such as 0b1010101.
Fix "possible loss of data" Win64 compiler warnings.
bn_lib.c: [re-]fix Win64 compiler warning.
Styling update to makefiles: $() to denote make substitutions and $${} - shell ones.
Styling update to makefiles: eliminate redundant pipes.
Makefile.shared: improve portability of commit#17753.
Add UltraSPARC VIS-powered SHA1 block procedure.
Reserve for "multilib" suffix, the one allowing to perform multi-ABI installations. It's not enabled in Makefiles yet.
s390x assembler pack update.
sha1-sparcv9a.pl: fix bug in commentary section.
linux-s390x failed link after assembler pack update.
s390x-mont.pl: optimize prologue.
RC4 for s390x.
rc4-s390x.pl: allow for older assembler and optimize character loop.
Make SPARC assembler Pirify-friendly (Purify can't cope with certain PIC constructs).
Excuse myself from integrating sha1-sparcv9a.pl into build system, but make it Purify-friendly...
Make SPARC assembler modules *really* Purify-friendly.
aes-390x.pl: commentary update.
Camellia update: make it respect NO_[INLINE_]ASM and typo in assembler.
Expand OPENSS_ia32cap to 64 bits.
Handle push/pop %rbx in epi/prologue (this is Win64 SEH thing).
AESNI perlasm update.
Addenum to commit#18074: Expand OPENSSL_ia32cap to 64 bits.
Engage nasm optimizations in Win64 build.
Improve readability of bio/b_sock.c
Minor shaX-s390x.pl update.
e_padlock: add support for x86_64 gcc.
Intel AES-NI engine.
aesni-x86.pl: fix typos.
aesni-x86.pl: fix another typo and add test script.
Update test/test_padlock script.
v3_alt.c: otherName parsing fix.
AES-NI engine jumbo update.
aesni-x86_64.pl: resolve LNK1223 error.
eng_aesni.c: fix assembler declarations.
ec_mult.c: fix C4334 win64 compiler warning.
cryptlib.c: eliminate dependency on _strtoui64, older Windows CRT don't have it.
Engage cmll-x86_64.pl in Win64 build and make it compile correctly.
eng_aesni.c: win32 fix.
Make CAPI engine UNICODE aware (it didn't work on Win64).
Make it possible to compile CAPI engine under mingw64.
Avoid double dialogs in OpenSSLDie on Windows.
libeay.num: add ENGINE_load_aesni.
cryptlib.c: refine logic in OpenSSLDie (addenum to commit#18118).
e_padlock.c: fix typo (missing #endif) and switch to __builtin_alloca (with introduction of 64-bit support alloca must be declared and there is no standard way of doing that, switching to __bultin_alloca is considered appropriate because code explicitly targets gcc anyway).
x86_64-xlate.pl: small commentary update.
x86_64cpuid.pl: refine shared cache detection logic.
x86cpuid.pl: sync OPENSSL_ia32_cpuid with x86_64cpuid.pl.
x86[_64]cpuid.pl: further refine shared cache detection.
sha1-x86* assembler update: F_40_59 and Atom-specific optimizations.
cmll-x86_64.pl: small buglet in CBC subroutine. PR: 2035
Combat gcc 4.4.1 aliasing rules.
aesni-x86.pl: eliminate development comments.
b_sock.c: fix compiler warning.
bss_dgram.c: more elegant solution to PR#2069. Use socklen_t heuristic from b_sock.c, don't assume that caller always passes pointer to buffer large enough to hold sockaddr_storage. PR: 2069
x86masm.pl: eliminate linker "multiple sections found with different attributes" warning.
x86_64-xlate.pl: new gas requires sign extention in lea instruction. This resolves md5-x86_64.pl and sha1-x86_64.pl bugs, but without modifying the code. PR: 2094,2095
sha512.c: there apparently is ILP32 PowerPC platform, where it is safe to inline 64-bit assembler instructions. Normally it's inappropriate, because signalling doesn't preserve upper halves of general purpose registers. Meaning that it's only safe if signals are blocked for the time "wide" code executes. PR: 1998
SHA1 assembler show off: minor performance updates and new modules for forgotten CPUs.
Add sha512-parisc.pl.
OPENSSL_ia32cap.pod update.
util/pl/VC-32.pl: bufferoverflowu.lib only when actually needed and eliminate duplicate code. PR: 2086
cms-test.pl: use EXE_EXT. PR: 2107
bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER. PR: 2110
ppc64-mont.pl: adapt for 32-bit and engage for all builds.
ppccap.c: tidy up. ppc64-mont.pl: missing predicate in commentary.
Switch to new uplink assembler.
Throw in more PA-RISC assembler.
Update sha512-parisc.pl and add make rules.
PA-RISC assembler: missing symbol and typos.
Deploy multilib config-line parameter. It was added in February to allow for kind of installation suggested in ticket #2003 from August. What it effectively does now, is arrange pre-configured default $libdir value. Note that it also fixes ENGINESDIR, i.e. harmonizes it with install path.
ppccap.c: fix compiler warning and perform sanity check outside signal masking. ppc64-mont.pl: clarify comment and fix spelling.
Adapt mingw config for newer mingw environment. Note modified conditional compilation in e_capi.c. PR: 2113
b_sock.c: correct indirect calls on WinSock platforms. PR: 2130 Submitted by: Eugeny Gostyukhin
Add Montgomery multiplication module for IA-64.
ppc64-mont.pl: commentary update.
Fix compilation on older Linux. Linux didn't always have sockaddr_storage, not to mention that first sockaddr_storage had __ss_family, not ss_family. In other words it makes more sense to avoid sockaddr_storage...
sendto is reportedly picky about destination socket address length. PR: 2114 Submitted by: Robin Seggelmann
http://cvs.openssl.org/chngview?cn=19053 made me wonder if bind() and connect() are as finicky as sendto() when it comes to socket address length. As it turned out they are, therefore the fix. Note that you can't reproduce the problem on Linux, it was failing on Solaris, FreeBSD, most likely on more...
ia64-mont.pl: addp4 is not needed when referring to stack (this is 32-bit HP-UX thing).
ia64-mont.pl: add shorter vector support ("shorter" refers to 512 bits and less).
bn_lcl.h: add MIPS III-specific BN_UMULT_LOHI as alternative to porting crypto/bn/asm/mips3.s from IRIX. Performance improvement is not as impressive as with complete assembler, but still... it's almost 2.5x [on R5000].
Minor updates to ppccap.c and ppccpuid.pl.
apps/speed.c: limit loop counters to 2^31 in order to avoid overflows in performance calculations. For the moment there is only one code fast enough to suffer from this: Intel AES-NI engine. PR: 2096
s390x assembler update: add support for run-time facility detection.
rand_win.c: handle GetTickCount wrap-around.
x86_64-xlate.pl: refine sign extension logic when handling lea. PR: 2094,2095
Enable PA-RISC assembler in Configure (feedback from PA-RISC 2.0 is still needed).
rand_win.c: fix time limit logic.
OPENSSL_cleanse to accept zero length parameter [matching C implementation].
pariscid.pl: OPENSSL_cleanse to compile on PA-RISC 2.0W and to accept zero length parameter.
ia64cpuid.S: OPENSSL_cleanse to accept zero length parameter.
parisc-mont.pl: PA-RISC 2.0 code path optimization based on intruction- level profiling data resulted in almost 50% performance improvement. PA-RISC 1.1 is also reordered in same manner, mostly to be consistent, as no gain was observed, not on PA-7100LC.
Add assigned OIDs, as well as "anonymous" ones for AES counter mode.
Add AES counter mode to EVP.
Reserve for option to implement AES counter in assembler.
Fix s390x-specific HOST_l2c|c2l.
ppccap.c: portability fix.
Initial version of Galois Counter Mode implementation. Interface is still subject to change...
gcm128.c: add option for streamed GHASH, simple benchmark, minor naming change.
Add GHASH x86 assembler.
Add GHASH x86_64 assembler.
ghash-ia64.pl: new file, GHASH for Itanium. ghash-x86_64.pl: minimize stack frame usage. ghash-x86.pl: modulo-scheduling MMX loop in respect to input vector results in up to 10% performance improvement.
Fix UPLINK typo.
e_capi.c: fix typo.
GHASH assembler: new ghash-sparcv9.pl module and saner descriptions.
bss_file.c: fix MSC 6.0 warning.
rand_win.c: fix logical bug in readscreen.
dso_dlfcn.c: fix compile failure on Tru64.
ARMv4 assembler: fix compilation failure. Fix is actually unconfirmed, but I can't think of any other cause for failure
cryptlib.c: allow application to override OPENSSL_isservice. PR: 2194
alpha-mont.pl: comply with stack alignment requirements.
sparccpuid.S: some assembler is allergic to apostrophes in comments.
sha1-alpha.pl: engage it in build.
Add ghash-alpha.pl assembler module.
ctr129.c: fix typo, simplify ctr128_inc and fix "n=0" bug.
sha1-alpha.pl: addenum till commit #19547.
perlasm/x86*: add support to SSE>2 and pclmulqdq. x86_64-xlate.pl provides correct solution to problem addressed in committ #19244.
AESNI engine: add counter mode.
cts128.c: add support for NIST "Ciphertext Stealing" proposal.
gcm128.c: commentary and formatting updates.
AESNI engine: update test_aesni.
aes-ppc.pl: 10% performance improvement on Power6.
[co]fb128.c: fix "n=0" bug.
gcm128.c and assembler modules: change argument order for gcm_ghash_4bit. ghash-x86*.pl: fix performance numbers for Core2, as it turned out previous ones were "tainted" by variable clock frequency.
x86_64cpuid.pl: ml64 is allergic to db on label line.
md5-ia64.S: fix assembler warning.
bss_file.c: reserve for option to encode file name with UTF-8.
Take gcm128.c and ghash assembler modules into the build loop.
Add ghash-parisc.pl.
bss_file.c: refine UTF-8 logic on Windows.
Add ghash-armv4.pl.
"Jumbo" update for crypto/modes: - introduce common modes_lcl.h; - ctr128.c: implement additional CRYPTO_ctr128_encrypt_ctr32 interface; - gcm128.c: add omitted ARM initialization, remove ctx.ctr;
Revert previous Linux-specific/centric commit#19629. If it really has to be done, it's definitely not the way to do it. So far answer to the question was to ./config -Wa,--noexecstack (adopted by RedHat).
x86_64-xlate.pl: refine some regexp's and add support for OWORD/QWORD PTR.
x86asm.pl: consistency imrovements.
GCM "jumbo" update: - gcm128.c: support for Intel PCLMULQDQ, readability improvements; - asm/ghash-x86.pl: splitted vanilla, MMX, PCLMULQDQ subroutines; - asm/ghash-x86_64.pl: add PCLMULQDQ implementations.
ghash-x86[_64].pl: add due credit.
rc4-x86_64.pl: "Westmere" optimization.
gcm128.c: commentary update.
ghash-x86.pl: MMX optimization (+20-40%) and commentary update.
gcm128.c: P.-M. Hager has tipped about possibility to fold reductions in gcm_ghash_4bit. Taking the idea a step further I've added extra 256+16 bytes of per-key storage, so that one can speak about 3rd variant in addition to "256B" and "4KB": "528B" one. Commonly it should be ~50% faster than "256B" implementation or ~25% slower than "4KB" one.
Configure: update mingw config-lines.
x86_64-xlate.pl: refine mingw support and regexps, update commentary.
VC-32.pl: unconditionally generate symbols.pdb.
x86 perlasm: add support for 16-bit values.
ghash-x86.pl: "528B" variant of gcm_ghash_4bit_mmx gives 20-40% improvement.
ghash-x86.pl: commentary updates.
ghash-x86_64.pl: "528B" variant delivers further >30% improvement.
VC-32.pl: fix /Fd name generation. PR: 2284
SPARCv9 assembler pack: refine CPU detection on Linux, fix for "unaligned opcodes detected in executable segment" error.
crypto/sparc*: eliminate _sparcv9_rdwrasi.
ghash-sparcv9.pl: fix Makefile rule and add performance data for T1.
ghash-armv4.pl: excuse myself from implementing "528B" flavour.
sparcv9cap.c: reiterate CPU detection logic.
PROBLEMS: MacOS X is not necessarily a problem anymore.
rand_nw.c: compensate for gcc bug (using %edx instead of %eax at -O3). PR: 2296
crypto/*/Makefile: unify "catch-all" assembler make rules and harmonize ARM assembler modules.
armv4-mont.pl: addenum to previous commit#19749.
Harmonize s390x assembler modules with "catch-all" rules from commit#19749.
Rework framework for assembler support for AES counter mode and add AES_ctr32_encrypt to aes-s390x.pl.
gcm128.c: API modification and readability improvements, add ghash benchmark to apps/speed.c.
INSTALL.W32: mention _OPENSSL_isservice(). PR: 2194
Configure: fix aes_ctr.o regexp.
ARM assembler pack: reschedule instructions for dual-issue pipeline. Modest improvement coefficients mean that code already had some parallelism and there was not very much room for improvement. Special thanks to Ted Krovetz for benchmarking the code with such patience.
sha1-armv4-large.pl: add performance data for Cortex A8 core.
aes-s390x.pl: revisit buffer allocation and add performance data.
Makefile.shared: update link_o.dawrin rule. PR: 2306
Makefile.shared: debugging line slipped through in previous commit.
Configure: suppress $multilib with non-system $prefix. PR: 2307
Makefile.shared: link_o.darwin comment update.
aesni-x86[_64].pl: fine-tune, add CCM subroutine, add performance data.
perlasm/x86asm.pl: move aesni and pclmulqdq opcodes to aesni-x86.pl and ghash-x86.pl.
aesni-x86_64.pl: fix typos.
perlasm/x86_64-xlate.pl: extend SSE>2 to ml64.
aes-x86_64.pl: remove redundant instructions.
eng_aesni.c: switch to CRYPTO_ctr128_encrypt_ctr32.
modes/Makefile: update clean rule.
ghash-ia64.pl: excuse myself from implementing "528B" variant.
rc4-s390x.pl: harmonize build rule with other similar rules.
sha1-alpha.pl: commentary update.
ms/: update do_win64*.bat and remove redundant mingw32.bat.
Replace alphacpuid.s with alphacpuid.pl to ensure it makes to release tar-balls. PR: 2309
aes-x86_64.pl: commit#19797 was overzealous, partially reverse.
alphacpuid.pl: fix brown-bag bug.
md32_common.h: modify MD32_REG_T pre-processing logic [triggered by clang].
gcm128.c: add CRYPTO_gcm128_[en|de]crypt_ctr32.
rc5_locl.h: make inline assembler clang-friendly.
sha1-armv4-large.pl: reschedule instructions for dual-issue pipeline.
crypto/modes/Makefile: fix typo in ghash-parisc.s rule.
Makefile.share: fix brown-bag typo in link_o.darwin.
gcm128.c: fix typo in CRYPTO_gcm128_encrypt_ctr32 name.
engine/Makefile: harmonize engine install rule for .dylib extension on MacOS X. PR: 2319
util/cygwin.sh: maintainer's update.
sparcv9cap.c: disengange Solaris-specific CPU detection routine in favour of unified procedure relying on SIGILL. PR: 2321
ghash-ia64.pl: 50% performance improvement of gcm_ghash_4bit.
modes/asm/ghash-*.pl: switch to [more reproducible] performance results collected with 'apps/openssl speed ghash'.
Add ghash-s390x.pl.
crypto/bn/asm/s390x.S: drop redundant instructions.
crypto/ppc[cpuid|cap]: call CPU detection once and detect AltiVec.
Configure: remove redundant -DMD32_REG_T=int.
sha1-armv4-large.pl: more readable input pickup.
Alpha assembler pack: adapt for Linux. PR: 2335
VC-32.pl: default to nasm if neither nasm or nasmw is is found at the moment. PR: 2338
s390x assembler pack: extend OPENSSL_s390xcap_P to 128 bits.
ghash-s390x.pl: reschedule instructions for better performance.
sha1-mips.pl, mips-mont.pl: unify MIPS assembler modules in respect to ABI and binutils.
Add unified mips.pl, which will replace mips3.s.
MIPS assembler pack: enable it in Configure, add SHA2 module, fix make rules, update commentary...
sha512-mips.pl: add missing byte swap for little-endians.
x86_64-xlate.pl: fix LNK4078 and LNK4210 link warnings. PR 2356
sha512-mips.pl: fix "little-endian" typos.
Add aes-mips.pl assembler module.
sha512-mips.pl: add missing 64-bit byte swap.
Configure: update mips[32|64]_asm lines.
s390x.S: fix typo in bn_mul_words. PR: 2380
INSTALL.W32: document trouble with symlinks under MSYS. PR: 2377
s390x assembler pack: adapt for -m31 build, see commentary in Configure for more details.
TABLE update.
Configure: make -mno-cygwin optional on mingw platforms. PR: 2381
bss_file.c: refine UTF8 logic. PR: 2382
apps/x590.c: harmonize usage of STDout and out_err. PR: 2323
e_capi.c: change from ANSI to TCHAR domain. This makes it compilable on Windows CE/Mobile, yet keeps it normal Windows loop. PR: 2350
e_capi.c: rearrange #include-s to improve portability. PR: 2394
gcm128.c: fix bug in OPENSSL_SMALL_FOOTPRINT decrypt. PR: 2432 Submitted by: Michael Heyman
gcm128.c: allow multiple calls to CRYPTO_gcm128_aad.
gcm128.c: add boundary condition checks.
ccm128.c: initial draft.
ccm128.c: initialize ctx->block (what I was smoking?).
xts128.c: initial draft.
x86gas.pl: make data_short work on legacy systems.
gcm128.c: make it work with no-sse2.
Configure: engage assembler in Android target.
dso_dlfcn.c: make it work on Tru64 4.0. PR: 2316
s390x assembler pack: tune-up and support for new z196 hardware.
xts128.c: minor optimization.
ghash-x86.pl: optimize for Sandy Bridge.
ia64-mont.pl: optimize short-key performance.
gcm128.c: tidy up, minor optimization, rearrange gcm128_context.
ARM assembler pack: profiler-assisted optimizations and NEON support.
ARM assembler pack: add missing arm_arch.h.
gcm128.c: fix shadow warnings.
ccm128.c: minor optimization and bugfix in CRYPTO_ccm128_[en|de]crypt.
Multiple assembler packs: add experimental memory bus instrumentation.
ccm128.c: fix STRICT_ALIGNMENT another bug in CRYPTO_ccm128_decrypt.
perlasm/x86[nm]asm.pl: make OPENSSL_instrument_bus[2] compile.
ccm128.c: fix Win32 compiler warning.
perlasm/x86gas.pl: make OPENSSL_instrument_bus[2] compile.
xts128.c: minor optimization and clarified prototype.
xts128.c: fix bug introduced in commit#20704. Bug affected encryption of vectors whose lenght was not multiples of 16 bytes.
ccm128.c: add CRYPTO_ccm128_[en|de]crypt_ccm64 and minor optimization.
gcm128.c: minor optimization.
bn_gf2m.c: optimized BN_GF2m_mod_inv delivers sometimes 2x of ECDSA sign. Exact improvement coefficients vary from one benchmark and platform to another, e.g. it performs 70%-33% better on ARM, hereafter less for longer keys, and 100%-90% better on x86_64.
xts128.c: minor optimizaton.
ARM assembler pack. Add bn_GF2m_mul_2x2 implementation (see source code for details and performance data).
ARM assembler pack: engage newly introduced armv4-gf2m module.
x86 assembler pack: add bn_GF2m_mul_2x2 implementations (see x86-gf2m.pl for details and performance data).
IA-64 assembler pack: fix typos and make it work on HP-UX.
Optimized bn_nist.c. Performance improvement varies from one benchmark and platform to another. It was measured to deliver 20-30% better performance on x86 platforms and 30-40% on x86_64, on nistp384 benchmark.
fips_canister.c: initial support for cross-compiling. "Initial" refers to the two-entry list of verified platforms in #ifndef FIPS_REF_POINT_IS_SAFE_TO_CROSS_COMPILE pre-processor section.
fips_canister.c: fix typo.
fips_canister.c: pick more neutral macro name.
bn_nist.c: fix shadowing warnings.
x86_64-xlate.pl: allow "base-less" effective address, add palignr, move pclmulqdq.
x86_64 assembler pack: add x86_64-gf2m module.
x86gas.pl: add palignr and move pclmulqdq.
cms-test.pl: make it work with not-so-latest perl.
ppc-xlate.pl: get linux64 declaration right.
x86[_64]cpuid.pl: handle new extensions.
e_padlock.c: make it compile on MacOS X.
x86_64cpuid.pl: allow shared build to work without -Bsymbolic. PR: 2466
x86_64-xlate.pl: add inter-register movq and make x86_64-gfm.s compile on Solaris, MacOS X, elderly gas...
x86gas.pl: don't omit .comm OPENSSL_ia32cap_P on MacOS X.
aesni-x86_64.pl: make it compile on MacOS X.
ec_cvt.c: avoid EC_GFp_nist_method on platforms with bn_mul_mont [see commentary for details].
ec_cvt.c: ARM comparison results were wrong, clarify the background.
ppccap.c: addenum to recent EC optimizations.
x86_64-gf2m.pl: add Win64 SEH.
aesni-x86[_64].pl: optimize for Sandy Bridge and add XTS mode.
spacrv9cap.c: addenum to recent EC optimizations.
rc4-586.pl: 50% improvement on Core2 and 80% on Westmere.
e_padlock.c: last x86_64 commit didn't work with some optimizers.
rc4-586.pl: optimize unused code path.
e_padlock.c: fix typo.
x86_64cpuid.pl: get AVX masking right.
rc4-586.pl: optimize even further...
rc4-x86_64.pl: major optimization for contemporary Intel CPUs.
PPC assembler pack: adhere closer to ABI specs, add PowerOpen traceback data.
x86[_64]cpuid.pl: harmonize usage of reserved bits #20 and #30.
rc4-x86_64.pl: RC4_options fix-up.
rc4-x86_64.pl: fix due credit.
aes-ppc.pl: handle unaligned data on page boundaries.
sha1-586|x86_64.pl: add SSSE3 and AVX code paths.
x86cpuid.pl: last commit broke platforms with perl with 64-bit integer.
sha1-586|x86_64.pl: minor portability fix.
Various mingw64 fixes.
aesni-x86[_64].pl: relax alignment requirement.
e_aes.c: integrate AESNI directly into EVP.
e_aes.c: fix aes_cfb1_cipher.
e_aes.c: fix typo.
x86[_64]cpuid.pl: add function accessing rdrand instruction.
x86_64cpuid.pl: fix typo.
e_aes.c: move AES-NI run-time switch and implement the switch for remaining modes.
rc4_skey.c: remove dead/redundant code (it's never compiled) and misleading/obsolete comment.
Minor x86_64 perlasm update.
rc4-x86_64.pl: commentary update.
s390x assembler pack: add s390x-gf2m.pl and harmonize AES_xts_[en|de]crypt.
Configure: clean up linux32-s390x line.
crypto/bn/Makefile: fix typo.
md5-x86_86.pl: remove redundant instructions.
rc4-586.pl: add Atom performance results.
crypto/sha/asm/sha[1|512]-mips.pl: minor updates.
crypto/whrlpool/wp_block.c: harmonize OPENSSL_ia32cap_P.
crypto/aes/Makefile: make it work on IRIX.
x86_64-xlate.pl: masm-specific update.
sha1-x86_64.pl: fix win64-specific typos and add masm support.
s390x-gf2m.pl: commentary update (final performance numbers turned to be higher).
sha1-x86_64.pl: nasm 2.07 screws up labels if AVX path is compiled.
x86_64-xlate.pl: sha1 and md5 warnings made it to nasm 2.09, extend gnu assembler workaround to all assemblers.
x86_64-mont.pl: add squaring procedure and improve RSA sign performance by up to 38% (4096-bit benchmark on Core2).
evp.h: add flag to distinguish AEAD ciphers and pair of control codes...
ssl/t1_enc.c: initial support for AEAD ciphers.
ssl/ssl_ciph.c: allow to switch to predefined "composite" cipher/mac combos that can be implemented as AEAD ciphers.
perlasm/cbc.pl: fix tail processing bug. PR: 2557
config: detect if assembler supports --noexecstack and pass it down.
ms/uplink.c: fix Visual Studio 2010 warning.
fips/Makefile: HP-UX-specific update.
ARM assembler pack: add platform run-time detection.
sha512-sparcv9.pl: minor optimization of sha256.
Add RSAX builtin engine. It optimizes RSA1024 sign benchmark.
aes-ppc.pl: minor optimization favoring embedded processors (performance of "big" processors is unaffected).
fips_canister.c: add support for embedded ppc linux.
util/incore: make transition smoother.
util/incore: fix brown-bag bug.
cryptlib.c: OPENSSL_ia32cap environment variable to interpret ~ as cpuid mask.
aes/asm/aesni-*.pl: fix CCM and further optimize it. modes/ccm128.c: minor branch optimization.
x86_64-mont.pl: futher optimization resulting in up to 48% improvement (4096-bit RSA sign benchmark on Core2) in comparison to initial version from 2005.
Add provisory support for RDRAND instruction.
alphacpuid.pl: fix alignment bug. alpha-mont.pl: fix typo. PR: 2577
This commit completes recent modular exponentiation optimizations on x86_64 platform. It targets specifically RSA1024 sign (using ideas from http://eprint.iacr.org/2011/239) and adds more than 10% on most platforms. Overall performance improvement relative to 1.0.0 is ~40% in average, with best result of 54% on Westmere. Incidentally ~40% is average improvement even for longer key lengths.
x86_64-xlate.pl: fix movzw.
SPARC assembler pack: fix FIPS linking errors.
armv4-mont.pl: profiler-assisted optimization gives 8%-14% improvement (more for longer keys) on RSA/DSA.
eng_rdrand.c: make it link in './config 386' case.
x86_64-mont5.pl: add missing Win64 support.
bn_div.c: remove duplicate code by merging BN_div and BN_div_no_branch.
Makefile.org: get commit#21249 right.
modexp512-x86_64.pl: make it work with ml64.
eng_rsax.c: improve portability.
Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.
util/incore: fix typo.
bn_exp.c: improve portability.
crypto/bn/bn_gf2m.c: make it work with BN_DEBUG.
config: don't add -Wa options with no-asm.
Padlock engine: make it independent of inline assembler.
engines/asm/e_padlock-x86_64.pl: name it right and fix small bug.
Add so called Vector Permutation AES x86[_64] assembler, see http://crypto.stanford.edu/vpaes/ for background information. It's not integrated into build system yet.
vpaes-x86[_64]*.pl: fix typo.
Allow for dynamic base in Win64 FIPS module.
Integrate Vector Permutation AES into build system.
sha512-x86_64.pl: +15% better performance on Westmere and incidentally Atom. Other Intel processors +5%, Opteron -2%.
sha256-586.pl: minor optimization, +0-2% on all CPUs, +7% on Westmere.
Make latest assembler additions (vpaes and e_padlock) work in Windows build.
Add bit-sliced AES x86_64 assembler, see http://homes.esat.kuleuven.be/~ekasper/#software for background information. It's not integrated into build system yet.
bsaes-x86_64.pl: add due credit.
e_padlock-x86.pl: make it work on VIA C3 (which doesn't support SSE2).
e_padlock-x86.pl: previous C3-specific fix was incomplete.
e_padlock-x86*.pl: Nano-related update.
e_padlock-x86_64.pl: fix typo.
e_padlock: add CTR mode.
e_padlock-x86[_64].pl: SHA fixes, comply with specification and fix bug.
e_padlock-x86_64.pl: brown-bag bug in stack pointer handling.
e_padlock-x86[_64].pl: protection against prefetch errata.
Remove eng_aesni.c as AES-NI support is integrated directly at EVP.
aesni-x86[_64].pl: fix bug in CCM code.
e_aes.c: fix bug in aesni_gcm_tls_cipher.
Add android-x86.
Engage bsaes-x86_64.pl, bit-sliced AES.
bn_shift.c: minimize reallocations, which allows BN_FLG_STATIC_DATA to be shifted in specific cases.
bn_mont.c: simplify BN_from_montgomery_word.
x86_64-mont.pl: minor optimization.
bn_exp.c: further optimizations using more ideas from http://eprint.iacr.org/2011/239.
bn_mont.c: get corner cases right in updated BN_from_montgomery_word.
c_allc.c: add aes-xts to loop.
[bs|vp]aes-x86[_64].pl: typos and clarifications.
bsaes-x86_64.pl: make it work with ml64.
x86_64-xlate.pl: make vpaes-x86_64.pl and rc4-md5-x86_64 work with ml64, fix bug in .crt section alignment. PR: 2620, 2624
evp/e_aes.c: fold AES-NI modes that heavily rely on indirect calls (trade 2% small-block performance), engage bit-sliced AES in GCM.
engines/.cvsignore: stop whining about e_padlock-*.s.
fips_enc.c: assign minimal block size to bad_cipher [to avoid arithmetic exceptions in TLS layer].
fips/*: extend fipsro segmenting to all _MSC_VER builds (including WinCE).
fipssyms.h: assign alias to newly introduced bn_gather5.
arm_arch.h: add missing pre-defined macro, __ARM_ARCH_5TEJ__.
fips_canister.c: more cross-compiler platfroms verified.
Remove superseded MIPS assembler modules.
vxworks-mips: unify and add assembler.
Drain unused MacOS directory.
sha1-mips.pl: fix typo.
fips/fips_[canister|premain].c: make it work with VC6 and add sentinels even to code segments.
armcap.c: auto-setup processor capability vector.
fips.c: x86[_64] capability masking.
fips.c: remove preprocessor artefact.
mk1mk.pl: cleanup engines' handling and make fips build work on WIN64I.
x86gas.pl: relax .init segment alignment.
config: in cross-compile case interrogate cross-compiler, not host, work around sub-shell limitation.
fips_canister.c: harmonize fingerprinting for all Windows, CE or not.
cryptlib.c: remove stdio dependency in Windows fipscanister.lib.
e_aes.c: prevent potential DoS in aes_gcm_tls_cipher.
e_aes.c: fold even aesni_ccm_cipher.
bsaes-x86_64.pl: add decryption procedure (with unoptimized reference InvMixColumns).
bsaes-x86_64.pl: optimize InvMixColumns.
bn_exp.c: fix corner case in new constant-time code.
bsaes-x86_64.pl: add CBC decrypt and engage it in e_aes.c.
ppc.pl: fix bug in bn_mul_comba4. PR: 2636 Submitted by: Charles Bryant
x86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs. PR: 2633
armv4cpuid.S, armv4-gf2m.pl: make newest code compilable by older assembler.
e_aes.c: fold aesni_xts_cipher and [most importantly] fix aes_xts_cipher's return value after custom flag was rightly reverted.
fipsld, incore: switch to new cross-compile support.
fips_premain.c: fix warning about _exit on MacOS X.
fips_canister.c: add cross-compiler support for iOS (it applies even to MacOS X, because it's easier to handle it this way).
Configure: allow ./config to pass compiler flags with white spaces.
Configure: initial support for iOS.
config: KERNEL_BITS envrionment variable to control choice between 32- and 64-bit darwin builds.
config: KERNEL_BITS envrionment variable to control choice between 32- and 64-bit Solaris builds.
Configure: harmonize darwin64-x86_64-cc line with assembler pack.
x86cpuid.pl: compensate for imaginary virtual machines.
arm_arch.h: allow to specify __ARM_ARCH__ elsewhere.
bsaes-x86_64.pl: add bsaes_xts_[en|de]crypt.
Makefile.org: proper libclean on MacOS X.
engines/: get rid of cvs warnings on MacOS X, proper clean in ccgost.
Configure, x86gas.pl: fix linker warnings in 32-bit Darwin build.
cryptlib.c, etc.: fix linker warnings in 64-bit Darwin build.
e_aes.c: additional sanity check in aes_xts_cipher.
rc4test.c: commit#21684 broke x86_64 shared Linux build. This is temporary solution so that one can build rc4test...
bn_nist.c: fix strict-aliasing compiler warning.
bsaes-x86_64.pl: add Win64 SEH and "hadrware" calls to aes-x86_64.pl.
Configure, e_aes.c: allow for XTS assembler implementation.
Configure: reimplement commit#21695.
bsaes-x86_64.pl: fix buffer overrun in tail processing.
bn/asm/mips.pl: fix typos.
x86-mont.pl: fix bug in integer-only squaring path. PR: 2648
perlasm/x86gas.pl: give a hand old assemblers assembling loop instruction.
modexp512-x86_64.pl: Solaris protability fix.
vpaes-x86.pl: portability fix. PR: 2657
vpaes-x86.pl: revert previous commit and solve the problem through x86masm.pl. PR: 2657
apps/speed.c: Cygwin alarm() fails sometimes. PR: 2655
apps/speed.c: fix typo in last commit.
update CHANGES.
bn_nist.c: harmonize buf in BN_nist_mod_256 with other mod functions.
cmac.c: optimize make_kn and move zero_iv to const segment.
aes-sparcv9.pl: clean up regexp PR: 2685
asn1/t_x509.c: fix serial number print, harmonize with a_int.c. PR: 2675 Submitted by: Annie Yousar
ecdsa.pod: typo. PR: 2678 Submitted by: Annie Yousar
speed.c: typo in pkey_print_message. PR: 2681 Submitted by: Annie Yousar
doc/apps: formatting fixes. PR: 2683 Submitted by: Annie Yousar
ec_pmeth.c: fix typo in commentary. PR: 2677 Submitted by: Annue Yousar
Sanitize usage of <ctype.h> functions. It's important that characters are passed zero-extended, not sign-extended. PR: 2682
aes-ppc.pl, sha512-ppc.pl: comply even with Embedded ABI specification (most restrictive about r2 and r13 usage).
sha512-sparcv9.pl: work around V8+ warning.
cryptlib.c: make even non-Windows builds "strtoull-agnostic".
Fix OPNESSL vs. OPENSSL typos. PR: 2613 Submitted by: Leena Heino
cryptlib.c: sscanf warning.
x86_64-xlate.pl: proper solution for RT#2620.
ghash-x86.pl: engage original MMX version in no-sse2 builds.
hpux-parisc2-*: engage assembler.
bn_nist.c: make new optimized code dependent on BN_LLONG.
apps/s_cb.c: recognized latest TLS version.
seed.c: incredibly enough seed.c can fail to compile on Solaris with certain flags, because SS is defined after inclusion of <stdlib.h>, in <sys/regset.h>
Configure: I remove adding of -D_XPG4_2 -D__EXTENSIONS__ in sctp builds for following reasons:
x86cpuid.pl: fix processor capability detection on pre-586.
Add bit-sliced AES for ARM NEON. This initial version is effectively reference implementation, it does not interface to OpenSSL yet.
bsaes-armv7.pl: change preferred contact.
Configure: make no-whirlpool work.
x86_64-xlate.pl: remove old kludge. PR: 2435,2440
ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER.
ghash-x86.pl: omit unreferenced rem_8bit from no-sse2 build.
bsaes-armv7.pl: optmize Sbox and key conversion.
bsaes-x86_64.pl: optimize key conversion.
vpaes-x86_64.pl: out-of-date Apple assembler fails to calculate distance between local labels. PR: 2762
eng_all.c: revert previous "disable Padlock" commit, which was unjustified.
e_padlock-x86[_64].pl: better understanding of prefetch errata and proper workaround.
ans1/tasn_prn.c: avoid bool in variable names. PR: 2776
perlasm/x86masm.pl: fix last fix.
sha512-armv4.pl: optimize NEON code path by utilizing vbsl, bitwise select.
modes/gcm128.c: fix self-test.
bn/bn_gf2m.c: make new BN_GF2m_mod_inv work with BN_DEBUG_RAND.
util/cygwin.sh update. PR: 2761 Submitted by: Corinna Vinschen
vpaes-x86[_64].pl: handle zero length in vpaes_cbc_encrypt. PR: 2775
modes_lcl.h: make it work on i386. PR: 2780
CHANGES: harmonize with 1.0.0 and 1.0.1.
ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444).
aes-s390x.pl: make it more foolproof [inspired by 1.0.1].
aes-armv4.pl: make it more foolproof [inspired by aes-s390x.pl in 1.0.1].
aes-s390x.pl: fix crash in AES_set_decrypt_key in linux32-s390x build.
ghash-s390x.pl: fix typo [that can induce SEGV in 31-bit build].
e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag countermeasure.
s3_srvr.c: fix typo. PR: 2538
Minor compatibility fixes. PR: 2790 Submitted by: Alexei Khlebnikov
OPENSSL_NO_SOCK fixes. PR: 2791 Submitted by: Ben Noordhuis
C64x+ assembler pack. linux-c64xplus build is *not* tested nor can it be tested, because kernel is not in shape to handle it *yet*. The code is committed mostly to stimulate the kernel development.
e_rc4_hmac_md5.c: oops, can't use rc4_hmac_md5_cipher on legacy Intel CPUs.
e_rc4_hmac_md5.c: harmonize zero-length fragment handling with e_aes_cbc_hmac_sha1.c (mostly for aesthetic reasons).
Makefile.org: clear yet another environment variable. PR: 2793
e_rc4_hmac_md5.c: last commit was inappropriate for non-x86[_64] platforms. PR: 2792
objxref.pl: improve portability.
s23_clnt.c: ensure interoperability by maitaining client "version capability" vector contiguous. PR: 2802
CHANGES: fix typos and clarify.
CHANGES: clarify.
ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA, why slower algorithm are affected more... PR: 2794 Submitted by: Ashley Lai
perlasm: fix symptom-less bugs, missing semicolons and 'my' declarations.
ppccap.c: assume no features under 32-bit AIX kernel.
s2_clnt.c: compensate for compiler bug.
sha256-586.pl optimization.
sha256-586.pl: tune away regression on Nehalem core and incidentally improve performance on Atom and P4.
aesni-x86_64.pl: make it possibel to use in Linux kernel.
sha512-x86_64.pl: >5% better performance.
sha256-586.pl: full unroll to deliver additional ~16%, add Sandy Bridge- specific code path.
Revert random changes from commit#22606.
b_sock.c: make getsockopt work in cases when optlen is 64-bit value.
bss_dgram.c: make getsockopt work in cases when optlen is 64-bit value.
bss_dgram.c: add BIO_CTRL_DGRAM_SET_DONT_FRAG.
x86[_64] assembly pack: update benchmark results.
sha256-586.pl: squeeze some more, most notably ~10% on Nehalem.
sha256-586.pl: add AVX and XOP code paths.
sha256t.c: make sure unrolled loop is tested.
sha256-586.pl: fix linking error.
sha512-x86_64.pl: fix typo.
sha512-x86_64.pl: add SIMD code paths.
sha512-x86_64.pl: fix typo.
x86_64 assembly pack: make it possible to compile with Perl located on path with spaces.
sha256-586.pl: fix typos.
bss_dgram.c: fix typos in Windows code.
crypto/bn/*.h: move PTR_SIZE_INT to private header.
bn_nist.c: compensate for VC bug [with optimization off!].
x86gas.pl: treat OPENSSL_ia32cap_P accordingly to .hidden status.
sha1-586.pl: let masm compile AVX code.
sha512-586.pl: optimize SSE2 code path, +5-7% on most CPUs, +13% on AMD K8.
wp-mmx.pl: ~10% performance improvement.
rc5.h: stop wasting space on 64-bit platforms [breaks binary compatibility!].
sha1-s390x.pl: lingering comment update.
sha256-armv4.pl: 4% performance improvement.
sha512-ia64.pl: 15-20% performance improvement.
sha512-s390x.pl: lingering comment update.
wp-x86_64.pl: ~10% performance improvement.
test_aesni: harmonize with AES-NI support at EVP layer.
mk1mf.pl: replace chop to make it work in mixture of perls for Windows.
sha1-[586|x86_64].pl: shave off one instruction from body_40_59, it's 2% less instructions in SIMD code paths, so 2% improvement in average:-)
sha512-x86_64.pl: minimum gas requirement for AMD XOP.
sha512-x86_64.pl: revert previous change and solve the problem through perlasm/x86_64-xlate.pl instead.
gcm128.c: fix AAD-only case with AAD length not divisible by 16.
./Configure: libcrypto.a can grow to many GB because of ar bug.
gosthash.c: use memmove in circle_xor8, as input pointers can be equal.
bss_dgram.c: fix compilation failure and warning on Windows with contemporary SDK.
MIPS assembly pack: assign default value to $flavour.
Configure: add mips-mont to MIPS32 builds.
sha1-armv4-large.pl: comply with ABI.
Add linux-x32 target.
Harmonize CHANGES in HEAD.
TABLE update addendum to commit#22775.
x86cpuid.pl: hide symbols [backport from x86_64].
bn_lcl.h: gcc removed support for "h" constraint, which broke inline assembler.
sha512-armv4.pl: optimize for Snapdragon S4.
bsaes-armv7.pl: minor performance squeeze on Snapdragon S4.
bsaes-armv7.pl: even closer shave.
bsaes-armv7.pl: closest shave. While 0.3 cpb improvement on S4 appears insignificant, it's actually 4 cycles less for 14 instructions sequence!
e_aes.c: uninitialized variable in aes_ccm_init_key.
sha512-sparcv9.pl: fix binutils compilation error.
aes-mips.pl: interleave load and integer instructions for better performance.
MIPS assembly pack: add MIPS[32|64]R2 code.
Configure: add MIPS targets.
MIPS assembly pack: add support for SmartMIPS ASE.
Configure: allow for compiler options starting with double dash.
config: detect linux-mips* targets.
sparcv9cap.c: add SPARC-T4 feature detection.
Add md5-sparcv9.pl.
md5-sparcv9.pl: more accurate performance result.
sparc_arch.h: add assembler helpers (and make it work on Solaris).
md5-sparcv9.pl: add hardware SPARC T4 support.
sha[1|512]-sparcv9.pl: add hardware SPARC T4 support.
Add SPARC T4 AES support.
aest4-sparcv9.pl: split it to AES-specific and reusable part.
Add SPARC T4 Camellia support.
perlasm/sparcv9_modes.pl: "cooperative" optimizations based on suggestions from David Miller.
[aes|cmll]t4-sparcv9.pl: addendum to previous sparcv9_modes.pl commit.
[md5|sha1|sha512]-sparcv9.pl: "cooperative" optimizations based on suggestions from David Miller.
md5-sparcv9.pl: avoid %asi modifications, improve short input performance by 30-20%.
sparcv9_modes.pl: membars are reported as must-have.
aix[64]-cc: get MT support right (gcc targets are not affected).
Add VIS3 Montgomery multiplication.
Add VIS3-capable sparcv9-gf2m module.
linux-pcc: make it more robust and recognize KERNEL_BITS variable.
ghash-sparcv9.pl: add VIS3 code path.
perlasm/sparcv9_modes.pl: fix typo in IV save code and switch to less aggressive ASI.
[aes|cmll]t4-sparcv9.pl: unify argument handling.
SPARCv9 assembly pack: harmonize ABI handling (so that it's handled in one place at a time, by pre-processor in .S case and perl - in .s).
test_t4: cover even Camellia.
util/pl/VC-32.pl: make fipscanister.lib universally usable.
util/fipslink.pl: allow for single-step link.
e_os.h: skip redundant headers in fipscanister build.
util/fipslink.pl: fix typo.
util/fipslink.pl: further adjustments.
e_os.h: keep stdin redifinitions to "normal" Windows.
mk1mf.pl: correct flags.
ghash-sparcv9.pl: 22% improvement on T4.
e_camillia.c: remove copy-n-paste artifact, EVP_CIPH_FLAG_FIPS, and leave comment about CTR mode.
cbc128.c: fix strict aliasing warning.
crypto/modes: even more strict aliasing fixes [and fix bug in cbc128.c from previous cbc128.c commit].
bn_word.c: fix overflow bug in BN_add_word.
ppccap.c: restrict features on AIX 5.
ppccap.c: fix typo.
aes-586.pl: Atom-specific optimization, +44/29%, minor improvement on others. vpaes-x86.pl: minor performance squeeze.
aes-x86_64.pl: Atom-specific optimizations, +10%. vpaes-x86_64.pl: minor performance squeeze.
Support for SPARC T4 MONT[MUL|SQR] instructions.
perlasm/sparcv9_modes.pl: addendum to commit#22966.
Extend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability.
cryptlib.c: revert typo.
x86_64-gcc.c: resore early clobber constraint.
AES for SPARC T4: add XTS, reorder subroutines to improve TLB locality.
Update support for Intel compiler: add linux-x86_64-icc and fix problems.
C64x+ assembly pack: improve EABI support.
aes-s390x.pl: harmonize software-only code path [and minor optimization].
aesni-x86_64.pl: CTR face lift, +25% on Bulldozer.
cryptlib.c: fix logical error.
ghash-sparcv9.pl: shave off one more xmulx, improve T3 performance by 7%.
aes-s390x.pl: fix XTS bugs in z196-specific code path.
fips/fipsld: improve cross-compile support.
d1_lib.c,bss_dgram.c: eliminate dependency on _ftime.
VC-32.pl: fix typo.
util/pl/VC-32.pl: refresh, switch to ws2, add crypt32, fix typo (based on suggestions from Pierre Delaage).
util/pl/VC-32.pl fix typo.
dso/dso_win32.c: fix compiler warning.
engine/cchost: fix bugs.
engines/e_capi.c: fix typo.
engines/cchost/gost_crypt.c: fix typo.
gost_crypt.c: more intuitive ceiling.
.gitignore adjustments
sha512-ppc.pl: add PPC32 code, >2x improvement on in-order cores.
engines/ccgost: add test case.
gost_crypt.c: add assertions.
More .gitignore adjustments.
Improve WINCE support.
gost2814789t.c: portability fixes.
sha512-ppc.pl: minimize stack frame.
bn/asm/mips.pl: hardwire local call to bn_div_words.
Configure: update linux-mips* lines.
TABLE update.
x86_64 assembly pack: make Windows build more robust.
x86_64 assembly pack: keep making Windows build more robust.
ssl/s3_cbc.c: uint64_t portability fix.
ssl/s3_cbc.c: md_state alignment portability fix.
s3/s3_cbc.c: allow for compilations with NO_SHA256|512. (cherry picked from commit d5371324d978e4096bf99b9d0fe71b2cb65d9dc8)
ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.
e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues.
e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret. (cherry picked from commit 529d27ea472fc2c7ba9190a15a58cb84012d4ec6)
ssl/*: revert "remove SSL_RECORD->orig_len" and merge "fix IV".
e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line.
s3_cbc.c: fix warning [in Windows build].
s3_cbc.c: get rid of expensive divisions.
s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal.
sparccpuid.S: work around emulator bug on T1.
bn_nist.c: work around clang 3.0 bug.
sha512-x86_64.pl: add AVX2 code path.
[aesni-]sha1-x86_64.pl: code refresh.
ghash-x86[_64].pl: code refresh.
sha1-586.pl: code refresh.
sha256-586.pl: code refresh.
x86_64-gf2m.pl: add missing Windows build fix for #2963.
x86_64-gf2m.pl: fix typo.
x86cpuid.pl: make it work with older CPUs.
ghash-x86_64.pl: fix length handling bug.
evptests.txt: additional GCM test vectors.
e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms.
ghash-x86_64.pl: minor optimization.
aesni-x86_64.pl: optimize CTR even further.
ghash-x86_64.pl: add AVX code path.
aesni-x86_64.pl: optimize CTR even further.
aesni-x86_64.pl: fix typo and optimize small block performance.
Add AES-NI GCM stitch.
des_enc.m4: add missing #include.
Add support for SPARC T4 DES opcode.
evptests.txt: add XTS test vectors
dest4-sparcv9.pl: add clarification comment.
gcm128.c: fix linking problems in 32-bit Windows build.
e_aes.c: reserve for future extensions.
aesni-x86_64.pl: optimize CBC decrypt.
cryptlib.c: fix typo in OPENSSL_showfatal.
crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on ARMv7.
Fix Windows linking error in GOST test case.
bsaes-armv7.pl: take it into build loop.
bsaes-armv7.pl: add bsaes_cbc_encrypt and bsaes_ctr32_encrypt_blocks.
aesni-x86_64.pl: minor CTR performance improvement.
x86_64-xlate.pl: minor size/performance improvement.
Add AES-SHA256 stitch.
vpaes-x86[_64].pl: minor Atom-specific optimization.
sha512-x86_64.pl: +16% optimization for Atom.
aesni-sha1-x86_64.pl: Atom-specific optimization.
aesni-x86_64.pl: optimize XTS.
crypto/bn/bn_exp.c: SPARC portability fix.
x86cpuid.pl: fix extended feature flags detection.
ghash-x86_64.pl: add Haswell performance data.
sha[256|512]-586.pl: add more SIMD code paths.
sha512-x86_64.pl: upcoming-Atom-specific optimization.
sha1-x86_64.pl: add AVX2+BMI code path.
aesni-sha256-x86_64.pl: harmonize with latest sha512-x86_64.pl.
aesni-sha1-x86_64.pl: update performance data.
PA-RISC assembler pack: switch to bve in 64-bit builds.
Optimize SPARC T4 MONTMUL support.
SPARC T4 DES support: fix typo.
aesni-sha256-x86_64.pl: fix typo in Windows SEH.
x86_64-xlate.pl: Windows fixes.
bn/bn_exp.c: Solaris-specific fix, T4 MONTMUL relies on alloca.
config: fix executable format detection on latest FreeBSD.
bn/bn_exp.c: harmonize.
bn/asm/x86_86-mont.pl: optimize reduction for Intel Core family.
Add RSAZ assembly modules.
Take RSAZ modules into build loop, add glue and engage.
Remove RSAX engine, superseded by RSAZ module.
sha512-586.pl: fix typo.
bn/asm/rsaz-avx2.pl: Windows-specific fix.
crypto/sha/asm/sha*-x86_64.pl: comply with Win64 ABI.
crypto/bn/asm/rsax-x86_64.pl: make it work on Darwin.
crypto/evp/e_aes.c: fix logical pre-processor bug and formatting.
crypto/bn/asm/x86_64-mont.pl: minor optimization.
crypto/modes/asm/aesni-gcm-x86_64.pl: minor optimization.
bsaes-armv7.pl: remove byte order dependency and minor optimization.
bsaes-armv7.pl: remove partial register operations in CTR subroutine.
Add support for Cygwin-x86_64.
crypto/armcap.c: fix typo in rdtsc subroutine.
aes-armv4.pl, bsaes-armv7.pl: add Linux kernel and Thumb2 support.
aes/asm/*-armv*.pl: compensate for inconsistencies in tool-chains.
evp/e_aes_cbc_hmac_sha256.c: enable is on all AES-NI platforms, not only on AVX.
x86_64 assembly pack: add multi-block AES-NI, SHA1 and SHA256.
Configire: take multi-block modules into build loop.
evp/e_aes_cbc_hmac_sha*.c: multi-block glue code.
x86_64-xlate.pl: fix jrcxz in nasm case.
rsaz-x86_64.pl: add MULX/ADCX/ADOX code path.
bn/asm/x86_64-mont*.pl: add MULX/ADCX/ADOX code path.
perlasm/sparcv9_modes.pl: make it work even with seasoned perl.
evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms.
aes/asm/bsaes-*.pl: improve decrypt performance.
sha/asm/sha*-mb-x86_64.pl: commentary update.
evp/evp.h: add multi-block contstants and parameter type.
evp/e_aes_cbc_hmac_sha*.c: harmonize names, fix bugs.
ssl/s3_pkt.c: add initial multi-block encrypt.
Configure: recognize experimental-multiblock.
bn/bn_exp.c: prefer MULX/AD*X over AVX2.
bn/asm/rsax-avx2.pl: minor optimization [for Decoded ICache].
aes/asm/bsaes-x86_64.pl: fix Windows-specific bug in XTS.
evp/e_aes_cbc_hmac_sha*.c: limit multi-block fragmentation to 1KB.
MIPS assembly pack: get rid of deprecated instructions.
Initial aarch64 bits.
bn/asm/*x86_64*.pl: correct assembler requirement for ad*x.
PPC assembly pack: add .size directives.
PPC assembly pack: make new .size directives profiler-friendly.
bn/asm/x86_64-mont.pl: minor optimization [for Decoded ICache].
engines/e_aep.c: make it BN_ULONG-size and endian "neutral".
sha/asm/sha1-ppc.pl: add little-endian support.
perlasm/ppc-xlate.pl: add .quad directive sha/asm/sha512-ppc.pl: add little-endian support.
aes/asm/aes-ppc.pl: add little-endian support.
perlas/ppc-xlate.pl: fix typo.
sha/asm/sha512-ppc.pl: fix typo.
modes/asm/ghash-alpha.pl: make it work with older assembler.
engines/ccgost/gost89.h: make word32 defintion unconditional.
modes/asm/ghash-alpha.pl: make it work with older assembler for real.
Makfile.org: make FIPS build work with BSD make.
Make Makefiles OSF-make-friendly.
modes/asm/ghash-alpha.pl: fix typo.
srp/srp_grps.h: make it Compaq C-friendly.
Configure: add linux-ppc64le target.
Add Vector Permutation AES for PPC.
Take vpaes-ppc module into loop.
ppc64-mont.pl: eliminate dependency on GPRs' upper halves.
vpaes-ppc.pl: fix bug in IV handling and comply with ABI.
bn/asm/rsaz-x86_64.pl: fix prototype.
crypto/bn/rsaz*: fix licensing note.
crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64.
bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
Configure: remove vpaes-ppc from aix targets.
aes/asm/vpaes-ppc.pl: comply with ABI.
perlasm/ppc-xlate.pl: improve linux64le support.
perlasm/ppc-xlate.pl: add support for AltiVec/VMX and VSX.
bn/asm/armv4-mont.pl: add NEON code path.
bn/asm/x86_64-mont5.pl: add MULX/AD*X code path.
x86_64-xlate.pl: minor update.
PPC assembly pack: improve AIX support (enable vpaes-ppc).
sha512.c: fullfull implicit API contract in SHA512_Transform.
PPC assembly pack update addendum.
evp/e_[aes|camellia].c: fix typo in CBC subroutine.
sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes. (and ensure stack alignment in the process)
ARM assembly pack: make it work with older toolchain.
FAQ: why SIGILL?
sparcv9cap.c: omit random detection.
aesni-sha1-x86_64.pl: add stiched decrypt procedure, but keep it disabled, too little gain... Add some Atom-specific optimization.
ssl/t1_enc.c: optimize PRF (suggested by Intel).
aesni-sha1-x86_64.pl: refine Atom-specific optimization. (and update performance data, and fix typo)
sha/asm/sha256-armv4.pl: add NEON code path. (and shave off cycle even from integer-only code)
aes/asm/vpaes-ppc.pl: add little-endian support.
PPC assembly pack: relax 64-bit requirement for little-endian support.
bn/asm/x86_64-mont5.pl: fix compilation error on Solaris.
crypto/sha/asm/sha1-x86_64.pl update:
crypto/aes/asm/aesni-x86[_64].pl update, up to 14% improvement on Atom Silvermont. On other CPUs one can observe 1% loss on some algorithms.
modes/asm/ghash-s390x.pl: +15% performance improvement on z10.
s3_pkt.c: move ssl3_release_write_buffer to ssl3_write_bytes.
[aesni|sha*]-mb-x86_64.pl: add data prefetching.
evp/e_aes_cbc_hmac_sha*.c: additional CTRL to query buffer requirements.
ssl/s3_pkt.c: move multi-block processing to ssl3_write_bytes.
e_aes_cbc_hmac_sha[1|256].c: fix compiler warning.
ghash-x86[_64].pl: ~15% improvement on Atom Silvermont (other processors unaffected).
evp/e_aes_cbc_hmac_sha*.c: improve cache locality.
aes/asm/aesni-x86_64.pl: further optimization for Atom Silvermont.
x86[_64]cpuid.pl: add low-level RDSEED.
ssl/s3_pkt.c: detect RAND_bytes error in multi-block.
aes/asm/aesni-x86[_64].pl: minor Atom-specific performance tweak.
config: recognize ARMv8/AArch64 target.
x509/by_dir.c: fix run-away pointer (and potential SEGV) when adding duplicates in add_cert_dir.
BC-32.pl: refresh Borland C support.
ms/do_win64a.bat: forward to NUL, not NUL:.
aes/asm/vpaes-ppc.pl: fix traceback info.
ssl/t1_enc.c: check EVP_MD_CTX_copy return value.
Configure: blended processor target in solaris-x86-cc.
sha/asm/sha512-x86_64.pl: fix compilation error on Solaris.
sha/asm/sha256-586.pl: don't try to compile SIMD with no-sse2.
des/asm/des-586.pl: shortcut reference to DES_SPtrans.
rc4/asm/rc4-586.pl: allow for 386-only build.
perlasm/x86gas.pl: limit special OPENSSL_ia32cap_P treatment to ELF.
perlasm/x86asm.pl: recognize elf-1 denoting old ELF platforms.
Configure: mark unixware target as elf-1.
Makefile.org: fix syntax error on Solaris.
bss_dgram.c,d1_lib.c: make it compile with mingw.
test/Makefile: allow emulated test (e.g. under wine).
dh_check.c: check BN_CTX_get's return value.
SPARC T4 assembly pack: treat zero input length in CBC.
engines/ccgost/gosthash.c: simplify and avoid SEGV.
vpaes-[x86_64|ppc].pl: fix typo, which for some reason triggers rkhunter.
crypto/modes/gcm128.c: more strict aliasing fixes.
aes/asm/bsaes-x86_64.pl: Atom-specific optimization.
bn/asm/armv4-gf2m.pl, modes/asm/ghash-armv4.pl: faster multiplication algorithm suggested in following paper:
crypto/armcap.c: detect ARMv8 capabilities [in 32-bit build].
sha/asm/sha1-armv4-large.pl: add NEON and ARMv8 code paths. sha/asm/sha256-armv4.pl: add ARMv8 code path.
C64x+ assembly pack: make it work with older toolchain.
C64x+ assembply pack: add RC4 module.
md5/asm/md5-[586|x86_64].pl: +15% on Atom.
Add "teaser" AES module for PowerISA 2.07.
Add "teaser" AES module for ARMv8.
aesv8-armx.pl: optimize by adding 128-bit code paths.
aesv8-armx.pl: fix typo.
vpaes-ppc.pl: comply with ABI.
aesp8-ppc.pl: add optimized CBC decrypt.
aesp8-ppc.pl: optimize CBC decrypt even further.
aesv8-armx.pl: add CTR implementation.
Add linux-aarch64 taget.
Add SHA for ARMv8.
linux-aarch64: engage SHA modules.
Engage ARMv8 AES support.
sha[1|256]-armv4: harmonize with arm_arch.h.
armv4cpuid.S: switch to CNTVCT tick counter.
Engage POWER8 AES support.
evp/e_aes.c: populate HWAES_* to remaning modes.
evp/e_aes.c: add erroneously omitted break;
aesp8-ppc.pl: fix typos.
aesv8-armx.pl update:
Add GHASH for ARMv8 Crypto Extension.
Engage GHASH for ARMv8.
sha[1|512]-armv8.pl: get instruction endianness right.
ARM assembly pack: get ARMv7 instruction endianness right.
aesni-mb-x86_64.pl: add Win64 SEH.
Add support for Intel SHA extension.
ghash-x86_64.pl: optimize for upcoming Atom.
Enable multi-block support by default.
Facilitate back-porting of AESNI and SHA modules. Fix SEH and stack handling in Win64 build.
sha1-x86_64.pl: add missing rex prefix in shaext.
aesni-sha256-x86_64.pl: add missing rex in shaext.
evp/e_aes_cbc_sha[1|256].c: fix -DPEDANTIC build.
aesp8-ppc.pl: add CTR mode.
aesni-sha[1|256]-x86_64.pl: fix logical error and MacOS X build.
ARMv8 assembly pack: add Cortex performance numbers.
aesv8-armx.pl: inclrease interleave factor.
x86_64 assembly pack: allow clang to compile AVX code.
x86_64 assembly pack: addendum to last clang commit.
aesv8-armx.pl: rigid input verification in key setup.
aesp8-ppc.pl: rigid input verification in key setup.
bn_exp.c: move check for AD*X to rsaz-avx2.pl.
bn/asm/rsaz-avx2.pl: fix occasional failures.
x86_64 assembly pack: refine clang detection.
sha512-x86_64.pl: fix linking problem under Windows.
Add SHA256/512 for PowerISA 2.07.
Engage SHA256/512 for PowerISA 2.07.
perlasm/ppc-xlate.pl update.
bn_exp.c: fix x86_64-specific crash with one-word modulus.
e_os.h: limit _MSC_VER trickery to older compilers.
apps/speed.c: add multi-block benchmark.
s3_pkt.c: fix typo.
sha512-x86_64.pl: fix typo.
sha[1|512]-x86_64.pl: fix logical errors with $shaext=0.
apps/speed.c: fix compiler warnings in multiblock_speed().
Please Clang's sanitizer.
Please Clang's sanitizer, addendum.
x86_64 assembly pack: improve masm support.
Add GHASH for PowerISA 2.07.
Engage GHASH for PowerISA 2.07.
Revert "Engage GHASH for PowerISA 2.07."
Revert "Add GHASH for PowerISA 2.07."
Add GHASH for PowerISA 2.0.7.
Engage GHASH for PowerISA 2.0.7.
sha1-ppc.pl: shave off one cycle from BODY_20_39 and improve performance by 10% on POWER[78].
CHANGES: mention new platforms.
sha1-mb-x86_64.pl: fix typo.
crypto/evp/e_aes_cbc_hmac_sha[1|256].c: fix compiler warnings.
sha1-mb-x86_64.pl: add commentary.
bn/asm/rsaz-*.pl: allow spaces in Perl path name.
apps/speed.c: add -misalign command-line argument.
x86[_64] assembly pack: add Silvermont performance data.
md5-x86_64.pl: work around warning.
Configure: add configuration for crypto/ec/asm extensions.
perlasm/x86_64-xlate.pl: handle inter-bank movd.
Reserve option to use BN_mod_exp_mont_consttime in ECDSA.
Add ECP_NISTZ256 by Shay Gueron, Intel Corp.
Configure: engage ECP_NISTZ256.
crypto/bn/asm/x86_64-mont*.pl: add missing clang detection.
Harmonize Tru64 and Linux make rules.
crypto/ecp_nistz256.c: harmonize error codes.
crypto/rsa/rsa_chk.c: harmonize error codes.
CHANGES: mention ECP_NISTZ256.
e_os.h: allow inline functions to be compiled by legacy compilers.
crypto/bn/bn_nist.c: work around MSC ARM compiler bug.
crypto/bn/bn_nist.c: bring original failing code back for reference.
e_os.h: refine inline override logic (to address warnings in debug build).
crypto/cast/asm/cast-586.pl: +5% on PIII and remove obsolete readme.
aesni-x86_64.pl: make ECB subroutine Windows ABI compliant.
Add missing credit.
Configure: add ios64 target.
ecp_nistz256 update.
md32_common.h: address compiler warning in HOST_c2l.
ec/asm/ecp_nistz256-x86_64.pl: fix inconsistency in path handling.
armv4cpuid.S: fix compilation error in pre-ARMv7 build.
ecp_nistz256-x86_64.pl: fix occasional failures.
Remove inconsistency in ARM support. This facilitates "universal" builds, ones that target multiple architectures, e.g. ARMv5 through ARMv7. See commentary in Configure for details.
CHANGES: mention "universal" ARM support.
Revert "CHANGES: mention "universal" ARM support."
CHANGES: mention "universal" ARM support.
Fix irix-cc build.
Fix for CVE-2014-3570 (with minor bn_asm.c revamp).
Add Broadwell performance results.
Annie Yousar (1):
RT2679: Fix error if keysize too short
Ard Biesheuvel (1):
Added support for ARM/NEON based bit sliced AES in XTS mode
Ben Laurie (617):
Add strictness, fix variable substition bugs.
Autodetect FreeBSD 3.
Typo.
Fix option listing.
Require Perl 5.
This is not a bug in NT Perl, its a bug in Configure.
Deal with generated files.
Make Configure work again after eliminating files.
Add prototypes. Make Montgomery stuff explicitly for that purpose.
Fix incorrect DER encoding of SETs and all knock-ons from that.
Fix pem/err ordering.
Fix name delete problem.
Document recent changes.
Fix tests for ssleay -> openssl.
Don't confuse matters by using the wrong library.
Fix reference counting.
Pass on BIO_CTRL_FLUSH. Submitted by: Arne Ansper <arne at ats.cyber.ee>
Remove the bugfix that was really a bug. Submitted by: Arne Ansper <arne at ats.cyber.ee>
Only free if it ain't NULL.
Free the right thing.
Make the world a safer place (if people object to this kind of change, speak up soon - I intend to do a lot of it!).
Fix export tests.
Fix numeric -newkey args. Contributed by: Bodo Moeller <3moeller at informatik.uni-hamburg.de>
Send the right CAs to the client.
Fix DH key generation. Contributed by: Anonymous <nobody at replay.com>
Accept NULL in *_free.
Get rid of redundant files.
Sort openssl functions by name.
Fix comment.
Add prototype, fix parameter passing bug.
More prototypes.
More prototypes.
More prototypes.
More prototypes.
More prototypes.
More prototypes.
Generate an error on an invalid directory.
Remove pointless MD5 hash. Contributed by: Anonymous <nobody at replay.com>
Oops. Missing NULL frees.
Correct Linux 1 recognition. Contributed by: Ulf Möller <ulf at fitug.de>
Fix major cockup with short keys in CAST-128.
Dispose of generated programs.
Ignore auto-generated programs.
Spelling mistake.
Finally lay dependencies to rest (I hope!).
This time, get it right.
Correct bracketing error.
Minor constification.
Make sure people know when they need to rebuild the Makefile.
Reduce header dependencies.
Declare correctly on FreeBSD.
Update dependencies.
Oops. One header too many.
Update dependencies.
Add dependencies.
Update dependencies.
Break circular dependency between pem and err.
More pissing about to get pem.h to behave properly.
Squeeze a bit more speed out of MD5 assembler.
Yet more pissing about to get PEM built at the right moment.
Clear error we don't care about.
Typo in arguments.
Diagnose errors.
Process extensions when they are there.
Slightly improved diagnostics.
Minor tweaks to keep Perl 5.001 happy.
More exactitude with function arguments.
Update dependencies.
Tidy up asm stuff.
Actually use BN when selected!
Some cleanup.
Whoops, missed one.
In the absence of feedback either way, commit the fix that looks right for wrong keylength with export null ciphers.
Add support for 3DES CBCM mode.
Fix ghastly DES declarations, and all consequential warnings.
Update dependencies.
Finally(?) fix DES stuff.
Add OAEP.
Fix case of new functions in error files.
Generate errors when public/private key check is done.
Fix a warning.
Fix warning.
Add support for new TLS export ciphersuites.
Undo a couple of kludges.
More stuff for new TLS ciphersuites.
Add syslogging BIO.
Fix more warnings.
Add reliable BIO.
Code for reliable BIO.
Fix clearly untested "clever" hack.
Perhaps if I do a tiny bit of docco, others may follow?
Update dependencies.
Experiment with doxygen documentation.
doxygen configuration file.
More truth in declarations.
Add functions to add certs to stacks, used for CA file/path stuff in servers.
Supper's cooking.
Permit null ciphers.
Fix export ciphersuites, again.
Put the dependencies back.
Fix names of cert stack functions.
Disable new TLS1 ciphersuites.
Fix a typo.
Always make links.
Linux MIPS support.
Fix DWP when only given three parameters.
Fix perl assembler.
Don't make links on Windoze.
Don't make links in INSTALL doc - also, work first time!
Make links no longer needed.
test.
Correct English.
Go faster.
Fix quad checksum bug.
Remake cert links when the app is built.
Use the right compiler for ctx_size.
This is now generated, it seems.
Solaris shared library support.
Allow bsdi-gcc - see if it gets anyone anywhere.
Update dependencies.
Fail if test fails.
Fix security hole.
Fix Alpha assembler, remove redundant file.
Linux PPC support.
Don't shadow.
Update dependencies.
Don't shadow.
Install signal handler if we are using sigaction.
Rid the world of more evil casts.
Adjust renegotiation slightly.
Rid the world of yet more evil casts.
gcc claims this is a shadow, though I can't find what it is shadowing...
Add type-safe STACKs and SETs.
Typo.
Just use an ANSI declaration, instead.
Add new experimental ciphersuites. Bring naming into line with RFC.
Fix some warnings. Contributed by Anonymous.
Another STACK bites the dust.
Massive constification.
Update dependencies.
Fix const declarations.
const correctness.
Update dependencies.
Fix DES export ciphersuites.
Remove some unnecessary(?) casting.
Reverse unexplained change.
Work with -pedantic!
Don't shadow.
Another safe stack.
Another stack.
Another stack.
Update dependencies.
Yet another stack.
Some more stack stuff.
Add other people who've done stackification.
Bodo didn't do that.
Make -pedantic work again.
Avoid shadowing, and a bit of constification while I'm at it.
Update dependencies.
Get rid of the cast.
Add actual testing to bntest...
Get rid of casts.
Convert void *.
Switch to new version numbering scheme.
Prepare for a beta release.
Revert.
On seconds thoughts, the version number shoud _never_ decrease.
Don't include top-level CVS directory.
Prepare for final(?) beta.
Move to beta 3.
Here we go: prepare to roll 0.9.3.
Move on to 0.9.4.
Update dependencies.
Prepare to release 0.9.3a
Oops!
And carry on with development...
More safe stack.
Another safe stack.
Another safe stack.
Another stack.
Yet another stack.
More stack.
Stack.
stack.
Stack.
Move stack implementations to more natural places.
stack.
Evil cast extermination.
stack
Make samples compile.
More evil cast removal.
Some constification and stacks that slipped through the cracks (how?).
Aha! That's how pkcs12 got missed from stackification.
const/type fixes.
Survive pedanticism.
Make "make test" fail if bntest fails an internal selfcheck.
I keep forgetting to fix this: update the IV! Most important!
Oops. Get rid of now incorrect comment.
Fix warnings.
Don't shadow.
Make it compile under -pedantic.
More diagnostics.
Fix warnings.
Fix warnings.
Correct warnings.
Fix warnings.
Fix warnings.
Don't return stuff from void functions.
Constification.
Fix (spurious) warnings.
Fix warning.
Update dependencies.
Make salting the default. Fail gracefully if the input is not salted.
Make NO_RSA compile with pedantic.
Fix shadow.
Correct time in seconds instead of minutes.
Fix signed/unsigned warnings.
Add support for Compaq Atalla crypto accelerator.
Reflect API changes.
Get rid of evil cast.
Typo.
Declare memset.
Get definition of ssize_t.
Allow UTCTIME objects to be retrieved. Check for imminent cert expiry.
Typesafety thought police.
Typesafety Thought Police Part 2.
Typesafety Thought Police part 3.
Typesafe Thought Police part 4.
Typesafety Thought Police part 5.
Typesafety Thought Police last part.
Yet more typesafety.
EVP constification.
Use up-to-date functions.
Don't let top go below zero!
max -> dmax in bn_check_top.
Use the passed buffer in ERR_error_string!
Diagnose EOF on memory BIOs (or you just get mysterious errors with no error message).
Add demo state machine.
Distinguish between assertions and conditions that should cause death.
Handle WANT_READ more correctly (thanks to Bodo).
Ignore executable.
Document an old change.
Always return a value.
Make this stuff compile.
Make Rijndael work! Those long flights have some good points.
Better handling of EVP names, add EVP to speed.
Oops! Read a full buffer instead of some spurious number from elswhere.
Fix warnings.
Fix a warning.
Can't remember why this was needed?
BN assembler is no longer option on x86.
Make depend.
Improve the state machine.
Rijdael CBC mode and partial undebugged SSL support.
Fix warning.
Delete a redundant line.
Fix a memory leak (there's another around here somewhere, though). PR:
Fix warning.
Update nCipher header with more liberal licence.
Constification.
Remove unnecessary casts.
Correct const-ness.
Speed test decrypt EVP operations.
Don't update argc, argv for decrypt flag!
Use & instead of % - worth about 4% for 8 byte blocks.
Handle the common case first (where input size is a multiple of block size). Worth around 5% for encrypt. Slows down decrypt slightly, but I expect to regain that later.
A better compromise between encrypt and decrypt (but why isn't it as fast for encrypt?).
Clean up EVP macros, rename DES EDE3 modes correctly, temporary support for OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery is available).
ANSIfication.
Only set the verify callback if there's one to set!
Make EVPs allocate context memory, thus making them extensible. Rationalise DES's keyschedules.
Really add the EVP and all of the DES changes.
Remove //.
Remove old unused stuff.
Document DES changes better.
Make /dev/crypto work with new EVP structures.
This ghastly hack prevents CVS wars over Kerberos (which is disabled by default).
Header bloat reduction for EVP_PKEY.
Get rid of the stuff we, err, got rid of.
Reinstate accidentally deleted code.
Remove extra whitespace. Sorry.
Parameter correction for CIOFSESSION.
Fix memory leak.
Start to reduce some of the header bloat.
Move CIPHER_CTX cleanups to _Final routines instead of _Init, which avoids problems with leaks and uninitialised structures.
Add first cut symmetric crypto support.
Add EVP test program.
Add AES tests.
Add RC4 support to OpenBSD.
More tests.
Add digests.
Test digests.
Fix SSL memory leak.
Make MD functions take EVP_MD_CTX * instead of void *, add copy() function.
Redo type-safety fix.
Now need sha.h for some reason.
Remove duplication.
Look up MD5 by name.
Add a cleanup function for MDs.
Fix warning.
Fixes.
Don't clean up stuff twice.
Fix warning.
Add paralellism to speed - note that this currently causes a weird memory leak.
If verify fails, say why.
Improve back compatibility.
Security fix.
Return value could be undefined.
Add client_cert_cb prototype.
Prototype info function.
Constification, missing declaration, update dependencies.
Fix memory leak.
Stupid apps should die, not fail silently.
Other errors are possible.
Constification, add config to /dev/crypto.
Make no config file not an error. Move /dev/crypto config to ctrl.
Support old DES APIs by default.
Fix warnings.
Fix warnings.
Handle read errors.
Fix warnings, makefile cockup.
Security fixes brought forward from 0.9.7.
Correct asm exclusions.
Fix warning.
Old-style callbacks can be NULL!
Constification.
Blow away Makefile.ssl.
Don't debug.
Make tags target useful.
Take account of Makefile.ssl removal.
Give everything prototypes (well, everything that's actually used).
Get rid of irritating noise.
Simplicate and add lightness.
Consistency.
If input is bad, we still need to clear the buffer.
Add prototypes.
Add debug target, remove cast, note possible bug.
Flag changes in Configure and config, too.
make depend.
Add DTLS support.
Add prototype.
Redundant changes.
There must be an explicit way to build the .o!
Propagate BUILDENV into subdirectories.
Fix warnings.
Brought forward from 0.9.8 - 64 bit warning fixes and fussy compiler fixes.
Fix warning.
Make D-H safer, include well-known primes.
Generate primes, too.
Fix warnings.
Make things static that should be. Declare stuff in headers that should be. Fix warnings.
Forward port of IGE mode.
Fix various warnings.
Add RFC 3779 support.
Fix warning.
Don't die if the value is NULL (Coverity CID 98).
Make sure we detect corruption.
Die if serial number is invalid.
Return an error if the serial number is badly formed. (Coverity ID 116).
Missing return on error. Coverity ID 115.
Don't free a NULL. Coverity ID 112.
Fix buffer overrun. Coverity ID 106.
Handle bad content type. Coverity ID 99.
Resource leak.
Free memory. Coverity ID 62.
Avoid overrun. Coverity ID 60.
Don't use a negative number as a length. Coverity ID 57.
Missing config file.
Don't dereference NULL argument. Coverity ID 52.
Errors should actually be errors.
Fix duplicate error number.
Don't copy from a nonexistent next. Coverity ID 47.
If you're going to check for negative, use an signed integer! Coverity ID 122.
Yet another resource leak. Coverity ID 123.
AES IGE mode speedup.
More IGE speedup.
Inline function declarations have to be prototypes.
Fix warning.
Typo? Why did this work, anyway?
make errors.
The other half of make errors.
Fix dependencies. Make depend.
New release.
0.9.8f.
Fix warnings.
Fix buffer overflow.
Missing headers.
LHASH revamp. make depend.
Memory saving patch.
Only include windows headers when under windows.
More type-checking.
Fix warning.
Ignoring errors in makedepend can hide problems.
Add missing DTLS1_BAD_VER (hope I got the value right).
Type-checked (and modern C compliant) OBJ_bsearch.
Type-safe OBJ_bsearch_ex.
Add XMPP STARTTLS support.
Set comparison function in v3_add_canonize().
Fix warning a different way.
Constification.
Add JPAKE.
Fix warning.
size_tification.
More size_tification.
Fix warning.
Fix warnings.
Fix asserts. Fix incorrect dependency.
Formatting.
Only one of these needs to be signed.
J-PAKE is not experimental in HEAD.
Ignore saved Makefile.
Aftermath of a clashing size_t fix (now only format changes).
Ignore generated ASM.
Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks.
Missing return values (Coverity ID 204).
Check for NULL before use (Coverity ID 203).
Return error if DH_new() fails (Coverity ID 150).
*** empty log message ***
Back out pointless change.
pval must always be set when pk7_cb() does anything (Coverity ID 146).
!a && !a->b is clearly wrong! Changed to !a || !a->b (Coverity ID 145).
Remove misleading dead code. Constify. (Coverity ID 142)
Handle the unlikely event that BIO_get_mem_data() returns -ve.
Deal with the unlikely event that EVP_MD_CTX_size() returns an error. (Coverity ID 140).
Check scalar->d before we use it (in BN_num_bits()). (Coverity ID 129)
Remove dead code. (Coverity ID 2)
Die earlier if we have no hash function.
Reverse incorrect earlier fix.
Die earlier if hash is NULL. (Coverity IDs 137 & 138).
Make sure a bad parameter to RSA_verify_PKCS1_PSS() doesn't lead to a crash. (Coverity ID 135).
If we're going to return errors (no matter how stupid), then we should test for them!
Apparently s->ctx could be NULL at this point (see earlier test). (Coverity ID 148).
Apparently s->ctx could be NULL. (Coverity ID 147).
Document dead code.
Calculate offset correctly. (Coverity ID 233)
srvr_ecdh cannot be NULL at this point (Coverity ID 232).
Add missing entry.
Allow CC to be overridden.
Use new common flags and fix resulting warnings.
Fix memory leak.
Use the right length (reported by Quanhong Wang).
Don't ask for -iv for ciphers that need no IV.
Print IPv6 all 0s correctly (Rob Austein).
Autogeneration seems to have changed slightly.
Fix warnings.
Fix warnings (note that gcc 4.2 has a bug that makes one of its warnings hard to fix without major surgery).
Missing declarations, no assembler in PEDANTIC.
Non-executable stack in asm.
Fix warnings.
Missing prototype.
Sign mismatch.
Add Next Protocol Negotiation.
Fix warnings.
NPN tests.
Fixes to NPN from Adam Langley.
Fix warning.
Constify.
Fix warning.
Add SRP support.
Note SRP support.
Fix Tom Wu's email.
Missing SRP files.
Fix some warnings caused by __owur. Temporarily (I hope) remove the more aspirational __owur annotations.
Add DTLS-SRTP.
Add TLS exporter.
Make it possible to set a time for verification.
Back out redundant verification time change.
Fix warning.
Padlock engine doesn't build (the asm parts are not built for some reason), so remove for now.
Remove redundant TLS exporter.
Padlock doesn't build. I don't even know what it is.
Fix warning.
Build on FreeBSD with gcc 4.6.
RFC 5878 support.
Version skew reduction: trivia (I hope).
Parse authz correctly.
Fix memory leak.
Rearrange and test authz extension.
Fix memory leak.
Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836.
Fix gcc 4.8 warning (strict aliasing violation).
Remove unused static function.
More strict aliasing fix.
Fix OCSP checking.
Tabification. Remove accidental duplication.
Update ignores.
Make openssl verify return errors.
Improve my 64-bit debug target.
Document -pubkey.
Documentation improvements by Chris Palmer (Google).
Fix warning.
Add some missing files, make paths absolute.
Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955).
Fix some clang warnings.
Make "make depend" work on MacOS out of the box.
Can't check a size_t for < 0.
Remove extraneous brackets (clang doesn't like them).
Build/test cleanly on MacOS.
Remove kludge to use RC4 asm.
Merge branch 'master' of openssl.net:openssl
Merge branch 'master' of openssl.net:openssl
Fix warnings.
Add and use a constant-time memcmp.
Make CBC decoding constant time.
Don't crash when processing a zero-length, TLS >= 1.1 record.
Update DTLS code to match CBC decoding in TLS.
Oops. Add missing file. (cherry picked from commit 014265eb02e26f35c8db58e2ccbf100b0b2f0072)
make depend.
Fix ignored return value warnings.
Missing files target.
Ignore MINFO.
Add reallyclean target.
Spelling.
Add dependency on destination directory.
Spelling.
Remove empty command.
Include correctly.
Inherit CFLAGS when plaform is "auto".
Preserve the C compiler.
Remove pointless diagnostic.
Use "copy" instead of "auto".
Take the first definition of a variable.
Allow variables to be overridden on the command line.
Override local vars for MINFO build.
Missing MINFO generation.
Handle assembler files.
Don't make CPUID stuff twice.
Only copy headers if they've changed.
Merge branch 'master' of openssl.net:openssl
Actually comment out the cpuid asm!
Remove unused variable.
Ignore mk1mf.pl output directories.
Use CFLAG for LFLAGS instead of the nonexistent CFLAGS.
Fix warnings.
Get closer to a working single Makefile with test support.
More progress towards working tests.
Make OCSP test work.
Make PKCS#7 test work.
Make RSA test work.
Make S/MIME test work.
Make session ID test work.
Avoid collisions.
Show start/end of tests.
Add new asm target.
Fix test_ss.
Merge, go back to copy-if-different.
Helper scripts for one makefile build.
Make executable.
Missing file.
Missing semicolon.
Use original alltests target for definitive test list.
Make sure all tests are actually run, plus some fixups for things that turn out to be made somewhere by existing Makefiles.
Ugly hack to avoid recompiling the same thing multiple times in parallel.
Tests pass!
Missing prototypes.
Remove added ;.
Add aesni-sha256-x86_64.
Ignore one-makefile stuff.
s/rsaz_eligible/rsaz_avx2_eligible/.
Support new rsaz asm stuff.
Note non-export of CC.
Clarify FIXME.
Add a no-opt 64-bit target.
Fix compile errors.
Correctly test for no-ec.
Clean up layout.
s/recommend/recommended/
Make it build.
More cleanup.
Const fix.
Constification.
More diagnostics for invalid OIDs.
Merge remote-tracking branch 'trevp/pemfix' into trev-pem-fix
Mix time into the pool to avoid repetition of the Android duplicated PID problem.
Show useful errors.
Produce PEM we would consume.
Support new asm files.
Constification.
Add clang debug target.
Remove unused variable.
PBKDF2 should be efficient. Contributed by Christian Heimes <christian at python.org>.
Fix whitespace, new-style comments.
Fix warnings.
Build on MacOS.
Fix warning.
Merge branch 'sct-viewer-master' of https://github.com/robstradling/openssl into sct-viewer
Reverse export of o_time.h.
Make i2r_sctlist static.
Move gmtime functions to crypto.h.
Fix warning.
Fix double frees.
Fix use after free.
More warnings.
Make it build/run.
Fixup for ancient compilers.
Merge branch 'mbland-heartbeat-test'
Don't allocate more than is needed in BUF_strndup().
Implement BUF_strnlen() and use it instead of strlen().
Remove redundant test.
Check length first in BUF_strnlen().
Merge branch 'heartbeat-test' of git://github.com/mbland/openssl
Only copy opensslconf.h at init time.
Make it build.
Add option to run all prime tests.
Zero prime doits.
Constify and reduce coprime random bits to allow for multiplier.
Tidy up, don't exceed the number of requested bits.
Credit to Felix.
Merge branch 'erbridge-probable_primes'
Constification - mostly originally from Chromium.
More constification.
Make depend.
Fix possible buffer overrun.
Reduce casting nastiness.
Reduce casting nastiness.
Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259).
Fix single makefile.
Billy Brumley (1):
"EC_POINT_invert" was checking "dbl" function pointer instead of "invert".
Bjoern Zeeb (1):
RT671: export(i2s|s2i|i2v|v2i)_ASN1_(IA5|BIT)STRING
Bodo Moeller (15):
Fix overly lenient comparisons:
Sync CHANGES and NEWS files.
Move the change note for partial chain verification: this is code from the main branch (http://cvs.openssl.org/chngview?cn=19322) later added to the 1.0.2 branch (http://cvs.openssl.org/chngview?cn=23113), and thus not a change "between 1.0.2 and 1.1.0".
Move change note for SSL_OP_SAFARI_ECDHE_ECDSA_BUG. (This went into 1.0.2 too, so it's not actually a change between 1.0.x and 1.1.0.)
Simplify and fix ec_GFp_simple_points_make_affine (which didn't always handle value 0 correctly).
Sync with current 1.0.2 CHANGES file.
Sync with clean-up 1.0.2 CHANGES file. (If a change is already present in 1.0.1f or 1.0.1h, don't list it again under changes between 1.0.1h and 1.0.2.)
Update $default_depflags to match current defaults.
Further improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and group_order_tests (ectest.c). Also fix the EC_POINTs_mul documentation (ec.h).
DTLS 1.2 support has been added to 1.0.2.
Support TLS_FALLBACK_SCSV.
Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv handling out of #ifndef OPENSSL_NO_DTLS1 section.
Fix SSL_R naming inconsistency.
When processing ClientHello.cipher_suites, don't ignore cipher suites listed after TLS_FALLBACK_SCSV.
Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.
Bodo Möller (1699):
Added comments to des_enc_{read,write} functions warning about their cryptographic weakness (IV reuse).
New option "-showcerts" for s_client
Avoid EADDRINUSE for s_server.
Be more optimistic about the availability of termios for ~ECHO, because sgtty emulation tends to fail on various systems. Submitted by: Reviewed by: PR:
New "open issue" (ERR_...).
Tiny comment to improve code comprehensibility. Submitted by: Reviewed by: PR:
Preprocessor file to allow testenc to test only those ciphers that are available. Submitted by: Reviewed by: PR:
Bugfix: s_client occasionally would sleep in select() when it should have checked SSL_pending() first. Submitted by: Reviewed by: PR:
Submitted by: Reviewed by: PR:
Obsoleted by new openssl command "list-cipher-commands". Submitted by: Reviewed by: PR:
Don#t auto-generate crypto/pem/pem.h -- a fixed file is fine for it.
Submitted by: Reviewed by: PR:
Some tiny fixes.
Make Windows compilers happy.
Cleaning up Ben's clean-ups :-)
/* Just some comments. */
Removed extra semicolons.
New "Configure" entry (Solaris with debug info)
Fixed some race conditions.
Submitted by: Reviewed by: PR:
Don't return 0 from ssl2_read when a packet with empty payload is received.
CVS confusion?
Submitted by: Reviewed by: PR:
Change #include filenames from <foo.h> to <openssl.h>.
Submitted by: Reviewed by: PR:
Submitted by: Reviewed by: PR:
Submitted by: Reviewed by: PR:
"make depend"
Submitted by: Reviewed by: PR:
Submitted by: Reviewed by: PR:
Submitted by: Reviewed by: PR:
Submitted by: Reviewed by: PR:
C indentation style definition for Emacs.
Avoid "incomprehensible" errors when required definitions are missing.
Restore ERRC definitions that are needed to compile the library.
Removed superfluous reference to ERRC.
"perl util/mkerr.pl -static -recurse -rebuild" because the previous codebase apparently was inconsistent. And crypto/Makefile.ssl *does* need an ERRC .. Submitted by: Reviewed by: PR:
Some instructions for how to handle the <foo.h> => <openssl/foo.h> transition.
Fix header files so that any one can be included first.
cryptall.h is not needed for anything and cannot even be #include-d without producing error messages. Submitted by: Reviewed by: PR:
Removed traces of cryptall.h, and did a "make depend".
Comment changed.
Fixed a typo.
A new comment.
Install various scripts to $(OPENSSLDIR)/misc instead of $(INSTALLTOP)/bin.
A faster (and more general, and better documented) replacement for mklink.sh.
Use util/mklink.pl instead of util/mklink.sh.
Typo fixed.
Fix make target "install".
Obey $(PERL) when running util/mklink.pl.
Pass PERL to sub-Makefiles during "make links".
New Configure options "threads" and "no-threads". For Solaris and Linux, "threads" (with proper compiler options) is the default. Submitted by: Reviewed by: PR:
Submitted by: Reviewed by: PR:
Support INSTALL_PREFIX for packagers.
ignore Makefile.save
Superseded by mklink.pl.
Remove extra brace.
Hopefully improved compatibility with earlier versions of Perl5.
New function SSL_CTX_set_session_id_context.
Broken line that was too long.
Use correct error macro so that error messages make sense.
Add "static" to function definition
Point out the "rehashing skipped" is not a problem.
Support verify_depth from the SSL API without need for user-defined callbacks.
New function SSL_CTX_use_certificate_chain_file.
Entry for resolved error macro confusion.
Annotate a bug.
Some comments.
Restored path names that were changed by a previous "Configure" run. (Rather than changing the files in places, we really should use .in files.) Submitted by: Reviewed by: PR:
This was an unused derivate of an old version of s_client.c that had been changed so that it almost could be used under Windows. No one asked to keep it (and no one volunteered to bring it into useable state), so away with it. Submitted by: Reviewed by: PR:
Use "const char *" instead of "char *" for filenames passed to functions.
Move variable definitions into the blocks where they are really needed, so that warnings about unused variables don't appear if those blocks are removed by the C preprocessor.
Some tiny changes to the source code to make future diffs smaller when restructuring the cert_st handling (removed unnused parts, and the like). Submitted by: Reviewed by: PR:
Makefile.save was missing here. Submitted by: Reviewed by: PR:
One comment was in the wrong line ... some others are new. Submitted by: Reviewed by: PR:
Create a duplicate of the SSL_CTX's CERT in SSL_new instead of copying pointers. The cert_st handling is changed by this in various ways. Submitted by: Reviewed by: PR:
No actual change, but the cert_st member of struct ssl_session_st is now called sess_cert instead of just cert. This is in preparation of further changes: Probably often when s->session->sess_cert is used, we should use s->cert instead; s->session->sess_cert should be a new structure containing only the stuff that is for just one connection (e.g. the peer's certificate, which the SSL client implementations currently store in s->session->[sess_]cert, which is a very confusing thing to do). Submitted by: Reviewed by: PR:
New entry debug-solaris-usparc-gcc, as debug-solaris-sparc-gcc no longer applies to usparc systems. Submitted by: Reviewed by: PR:
Moved some variable declarations inside blocks where they are needed so that warnings about unused variables (for certain -D... constellations) are avoided; this corresponds to the earlier change for SHA1. Submitted by: Reviewed by: PR:
The various character predicates (isspace and the like) may not be used with negative char values, so I've added casts to unsigned char. Maybe what really should be done is change all those arrays and pointers to type unsigned char [] or unsigned char *, respectively; but using plain char with those predicates is just wrong, so something had to be done. Submitted by: Reviewed by: PR:
Changed a comment. Submitted by: Reviewed by: PR:
Make SSL library a little more fool-proof by not requiring any longer that SSL_set_{accept,connect}_state be called before SSL_{accept,connect} may be used. Submitted by: Reviewed by: PR:
And I thought I could spell ... but in caps really everything looks the same. Submitted by: Reviewed by: PR:
Clarify comment. Submitted by: Reviewed by: PR:
argc counting bug fixed. Submitted by: Tomas Hulek Reviewed by: PR:
Comment. Submitted by: Reviewed by: PR:
First tiny changes in preparation of changing of "sess_cert" handling. Also I've subsituted real tabs for 8-spaces sequences in some lines so that things don't look that weird with a tab-width of 4.
Spacing in comment corrected.
For solaris-usparc configurations, avoid problems with GNU as, which cannot handle all opcodes we need.
New structure type SESS_CERT used instead of CERT inside SSL_SESSION. While modifying the sources, I found some inconsistencies on the use of s->cert vs. s->session->sess_cert; I don't know if those could really have caused problems, but possibly this is a proper bug-fix and not just a clean-up.
Some tiny clean-ups related to the cert_st / sess_cert_st change.
Don't use reserved name "_encrypt" for parameters; instead I've picked "enc", because that's what's in the prototypes. ("_encrypt" is reserved only as an external name, but still using it in an application doesn't look like good style to me -- and it certainly isn't if the point is just avoiding shadowing, which is apparently why the previous name "encrypt" was changed.)
Add release dates to the "CHANGES" file, because that's an obvious place to look for them.
Change cast in function calls to that which is, I think, the right one for those functions (is it?).
Delete a wish.
*** empty log message ***
Introduce and use function typedef pem_password_cb so that we don't call those functions without having a parameter list declaration. (There are various similar cases left ...)
Fix cryptlib.c. Submitted by: Reviewed by: PR:
Various bugfixes: Uses locking for some more of the stuff that is not thread-safe (where thread-safe counterparts are not available on all platforms), and don't memcpy to NULL-pointers Submitted by: Anonymous Reviewed by: Bodo Moeller
Avoid compiler warnings for x86.
A comment.
Comment.
Return 0 for an error, 1 for no error from read_options; that's what the calling code seems to expect.
Update.
Bugfix (set shutdown only when we should). Submitted by: Oleg Girko
Comment.
e_os* corrections.
e_os2.h is used for things that must be visible when external applications use (certain parts of) OpenSSL.
Use e_os2.h, not e_os.h in exported header file des.h.
Get rid of another cast.
Update dependencies.
OPENSSL_EXTERN, OPENSSL_GLOBAL
OPENSSL_EXTERN
Use OPENSSL_GLOBAL, OPENSSL_EXTERN instead of GLOBAL and EXTERN.
Don't run "make depend" automatically.
Marked probable bug, pointed out by Anonymous.
Added a comment pointing out the behaviour of "openssl x509 -conf ...", which cost me some time to find out about.
Change type of various DES function arguments from des_cblock (meaning pointer to char) to des_cblock * (meaning pointer to array with 8 char elements), which allows the compiler to do more typechecking. (The changed argument types were of type des_cblock * back in SSLeay, and a lot of ugly casts were used then to turn them into pointers to elements; but it can be done without those casts.)
DES changes.
Typo.
Keep text lines less than 80 characters wide.
Clarification.
Rename "openssl x509" option "-config" to "-extfile", because it doesn't have a default value like the "-config" options of other openssl subprograms.
gcc (in some versions) doesn't like the const_des_cblock typedef. So omit it for now :-(
Additional, more descriptive error message for rejection of a session ID because of missing session ID context (so that application programmers are directly pointed to what they should do differently).
Make MD5 work on Alpha, and fix a bug. Submitted by: Andy Polyakov
Substitute spaces for tab.
If we couldn't handle "-showcerts" (which happens with the current SSL2 implementation), show at least the server certificate.
Get rid of some unnecessary casts and add a necessary one.
For Solaris with old gcc versions (that don't understand -mcpu=ultrasparc), don't silently step to solaris-sparc-gcc, which would unnecessarily use less efficient assembler code. Instead, use new configuration variant solaris-usparc-oldgcc; this also means that someone who reads the output of ./config will notice that it may be advantegeous to upgrade gcc.
Bugfix: GCCVAR contains two lines ("Reading specs ..." and the actual version), so we need echo $GCCVAR | sed ... instead of echo "$GCCVAR" | sed ... to process it as intended.
Convert gcc version detection (for solaris-usparc-gcc) into a form better suited for finding what went wrong in case that some compiler versions create an output we can't parse.
Note that the numbering scheme used to be different.
Add -mv8 to solaris-usparc-oldgcc.
Change self-description (mklink.pl is not just faster than the last released version of mklink.sh -- the latter couldn't even handle the ../../include/openssl case).
Some solaris-usparc MD5 fixes.
Don't install e_os.h in include/openssl, use it only as a local include file.
Add a kludge :-( There were problems with putting e_os.h just into the top directory, because the test programs are compiled within test/ in the "standard" case in in their original directories in the makefile.one case; and in the latter symlinks may not be available.
It was a very bad idea to use #include "../e_os.h" -- when this occurs in cryptlib.h (which is often included as "../cryptlib.h"), then the question remains relative to which directory this is to be interpreted. gcc went one further directory up, as intended; but makedepend thinks differently, and so probably do some C compilers. So the ../ must go away; thus e_os.h goes back into include/openssl (but I now use #include "openssl/e_os.h" instead of <openssl/e_os.h> to make the point) -- and we have another huge bunch of dependency changes. Argh.
Older versions of SINIX C development system inherited a bug from SGI' cc; enable workaround. Submitted by: Martin Kraemer
Remove traces of bad idea :-)
We need e_os.h here.
Avoid memory hole when we don't like the session proposed by the client
Let ssl_get_prev_session reliably work in multi-threaded settings.
Comment about bug.
Detect linux-mips.
Don't use NULL-pointer :-/
Final version for 0.9.3.
Update for 0.9.3.
Last minute VMS updates for 0.9.3. Submitted by: Richard Levitte
Temporary workaround for IRIX64 build. Submitted by: Andy Polyakov <appro at fy.chalmers.se>
Add closing parenthesis to usage output.
Set #!... path to Perl in apps/der_chop automatically.
Circument egcs bug. Submitted by: Andy Polyakov <appro at fy.chalmers.se>
I386_ONLY is defined in opensslconf.h, so we need to include it. Submitted by: John Keith <jtkeith at kavi.com>
der_chop is now generated from der_chop.in.
Ignore directories created by "make -f makefile.one".
Change function call according to current API.
*** empty log message ***
Updated some demos. Submitted by: Sean O Riordain <Sean.ORiordain at cyrona.com>
Updated C++ SSL demos. Submitted (a month ago) by: Wade Scholine
Include <stdio.h>.
sco5-gcc configuration.
Some assembler-related clean-ups.
Pass INSTALL_PREFIX to subdirectories of crypto
BSD/OS 4.x support (bsdi-elf-gcc)
Adjust bsdi-elf-gcc to look more like FreeBSD-elf, linux-elf and the like.
Complain about deficiency of internal_verify.
"BTW, I no longer have a wish for this. This was solved in other ways." Mats Nilsson <mats.nilsson at xware.se>, <4.1.19990531095211.040bf2e0 at berit.xware.se> to <openssl-dev at openssl.org>
More consistency.
more typesafe stacks ...
Labels longer than eight characters might cause problems.
"linux-sparc64-gcc" configuration Submitted by: Ray Miller <ray.miller at oucs.ox.ac.uk>
remove conflict indicator ...
Update.
More general definition for S_ISDIR (needed not only for VMS but also for NeXT).
"linux-sparc" configuration.
linux-sparc
Comments added.
Use only -O, not -O3 for NeXTstep:
mkdir -p is not fully portable (according to Marc Crispin, NeXTstep creates a directory called -p); now mkdir-p.pl does its job.
Mention mkdir-p.pl.
Introduce "BIO pairs", which (when finished) will relay data so that the SSL library can be used for applications that have to handle all the actual I/O themselves.
Don't mix real tabs with tabs expanded as 8 spaces -- that's a pain to read when using 4-space tabs.
treat init properly
Use the same path to perl in all #! lines in util.
Use locking in a way that makes more sense.
Fix for BIO pairs.
Don't make assumptions on what the path looks like.
Use mkdir-p.pl more efficiently.
"request" added.
Some pre-POSIX systems don't have unistd.h (but e.g. lib.c). Allow configuring the name of that header file.
Mention unistd.h.
DES CBC change looks dubious to me.
"make update" (added to top Makefile, and applied).
Unify DES library: ncbc_enc.c wasn't used, but its content was almost duplicated in cbc_enc.c (without IV updating) and in des_enc.c
Update dependencies.
des_cbc_encrypt / des_ncbc_encrypt issue.
Delete unnecessary newlines in TABLE
Oops, I forgot to add the dependency "TABLE: Configure".
Repair PEM_write_PrivateKey and PEM_write_bio_PrivateKey.
tiny optical change
Another <unistd.h> ...
Avoid warnings.
Avoid warning.
Try to detect NeXT 3.3 (working Configure entry for this still missing)
hpux-cc (HPUX 9.x) does not work with BN_LLONG (floating point exceptions).
NeXT 3.3 can handle -O3 (3.0 can't).
Don't use unquoted whitespace in "case" case.
Changes for BSD/OS 4.
BIO pairs.
"make update"
Avoid some warnings (on silly compilers).
Bugfix.
Provide fallback configurations for all hpux... configurations (problems with BN_LLONG have been reported both for hpux-cc and for hpux10-gcc).
rc4_locl.h and bf_locl.h incorrectly defined _HEADER_...; opensslconf.h always expects HEADER_... (no leading underscore).
Comment adjusted to reality.
long obsolete
Obsolete.
Don't try to use zero-byte buffers.
Some people don't have /dev/fd/0 on Solaris, so use - instead.
Don't access configuration files outside the source tree.
Use same name in the definition as in the header file declaration :-/ (the extra "get" makes the name quite long, but otherwise it'd sound as if you could request something rather than obtain information about what the peer did).
New function CRYPTO_num_locks.
"make update"
Clarification.
"make update"
Perl variable names are case-sensitive ...
Make some debug-... configurations more useful for debugging.
Don't use inline assembler when configured for "no-asm".
Avoid some memory holes, one of which was pointed out by "Chad C. Mulligan" <mulligan at antipope.org>.
Close another memory hole.
Memory leak checks.
Update TABLE.
configuration change for debugging
The Mingw32 configuration entry was missing one colon (found by "Zot O'Connor" <zot at ZotConsulting.com>). Also, Windows probably does not need the warning about multi-threading.
Fix comments. Submitted by: Anonymous
With mingw32, use "long long" rather than "_int64" (the latter does not work, at least the package mentioned in INSTALL.W32 does not know about it).
Don't use ...-oldgcc for egcs compiler.
New functions SSL[_CTX]_{set,get}_mode; the initial set of mode flags is SSL_MODE_ENABLE_PARTIAL_WRITE, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
typo
typo
make debug-solaris-[u]sparc-gcc more useful
Disable asserts for standard configurations.
avoid confliction definitions of NDEBUG
improve readability of #if conditions (ELF, if defined, supersedes BSDI [which we don't really define if ELF is defined, but who knows])
Updated to reflect recent "Configure" modification.
Don't confuse mk1mf.pl by combining multiple options into one.
Mention modification to Configure.
remove editing artifacts
Provide CFLAGS and PLATFORM information on Windows platforms.
Fix memory checking.
New function RSA_check_key, openssl rsa -check
New function RSA_check_key.
typo
correct error handling
Looks like another memory leak ...
typo in string
fix memory leak in s3_clnt.c
cosmetic changes
Judging from various messages on the OpenSSL mailing lists, HP-UX 10 with cc (but not gcc) seems to work well with BN_LLONG; but -O4 is too much.
Fix option processing. Submitted by: Sam Tetherow
"make clean" has to delete date.h
Add optional (compile-time configurable) time to CRYPTO_mem_leaks output. This is much more helpful than the counter when doing tests with the library interactively.
Have CRYPTO_MDEBUG_TIME automatically set CRYPTO_MDEBUG, and make it the default for some debugging configurations.
New compile time option -DCRYPTO_MDEBUG_THREAD.
SSL_MODE_ENABLE_PARTIAL_WRITE and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER work as intended, both for SSLv2 and TLS.
"make TABLE" (to follow recent Configure change)
Auto-generated file -- this should not be under version control (and the other */asm/*.cpp files are not)
slight clean-up
avoid -DPLATFORM=\"...\" and -DCFLAGS=\"...\" command lines, use new file buildinf.h instead.
Additional user data argument to pem_password_cb function type and to lots of PEM_... functions. Submitted by: Damien Miller <dmiller at ilogic.com.au>
additional argument for key_callback
Torture weak compilers less by not automatically including x509.h where it is not needed.
date.h no longer to be deleted by "make clean"
ignore r586unix.cpp
Don't include x509.h when we just need asn1.h
summary of Andy's changes to Configure
-DPLATFORM and -DCFLAGS command line arguments are no longer used.
change CFLAGS to those given in Configure
Use correct CFLAG definition for makefile.one builds.
close files.
Always use buildinf.h, which now includes the mk1mfinf.h data. Using different files caused problems because the dependencies in the Makefiles produced by mk1mf.pl were for the standard case, i.e. mentioned buildinf.h and not mk1mfinf.h.
correct error signalling for opendir() failure
by request: let BN_dup(NULL) just return NULL
don't prematurely shut down socket -- use SSL_shutdown
SSL_shutdown was done too early.
The SSL_CTX's cert structure is not relevant for the SSL (because now SSL_new makes a copy).
avoid cast
fix previous modification -- if ssl->cert is NULL, don't follow the pointer.
generate error message
avoid some NO_<cipher> problems
Revert previous change -- it was an accident.
automatically use no-mdc2 if no-des is requested.
Revert erroneous change.
comment
0.9.4 won't be completed in July ...
improve clarity of instructions
Add a wish.
New function DSA_dup_DH, and fixes for bugs that were found while implementing and using it.
DSA_dup_DH.
Dont' assume that something starting with '-' is a filename -- "openssl gendsa -help" now prints the usage summary, not error messages that now file -help was found.
fix the bug
change formatting a bit
add some more entries for 0.9.4
New option "-crlf" to s_client and s_server which tells them to convert LFs into CRLFs when forwarding data from stdin to the TLS connection. This is necessary for properly talking HTTP. Because of the code freeze this change is by default disabled for now; without -DAPPS_CRLF, the code is exactly as before.
0.9.4
more consistent formatting
add comments
Comments.
spelling
Provide fixed seed for parameter generation to speed up -dhe1024.
-crlf option.
BIO_write and BIO_read could, in theory, return -2.
Updates. Prototypes and constant declarations for non-copying reads and writes for BIO pairs (which is totally untested as of now, so I don't yet commit the actual source code, but reserve the numbers to avoid conflicts).
Fix typo.
Submitted by: Lidong Zhou <ldzhou at cs.cornell.edu>
Remove -DWINDOWS in debug configuration.
Disable the text about foo.h => openssl/foo.h. Everyone should have got it by now.
Return 0 for succesful exit when -noout is used.
Really undo the base64 change so that make test survives
Fix horrible (and hard to track down) bug in ssl23_get_client_hello: In case of a restart, v[0] and v[1] were incorrectly initialised. This was interpreted by ssl3_get_client_key_exchange as an RSA decryption failure (don't ask me why) and caused it to create a _random_ master key instead (even weirder), which obviously led to incorrect input to ssl3_generate_master_secret and thus caused "block cipher pad is wrong" error messages from ssl3_enc for the client's Finished message. Arrgh.
Handle "#if 0" correctly (I hope)
Use closesocket macro consistently, not close directly, for easier portability. Submitted by: Lennart BÃ¥ng
-no_dhe option for ssltest.c
Fix server behaviour when facing backwards-compatible client hellos.
Make previous bugfix actually work
use explicit constant 11 just once
Reinitialize global variables when necessary (for monolith application).
Reinitialize conf to NULL whenver ca application is started. Submitted by: Lennart Bang
Non-copying interface to BIO pairs. It's still totally untested ...
some more patches for avoiding problems with non-automatic variables
Re-enable message about transition <foo.h> => <openssl/foo.h> because various programs are not updated that often and hence still expect header files names without the openssl/ prefix.
Truncate message about "new" include filenames
typo
Use non-copying BIO interface in ssltest.c.
"make update"
Repair another bug in s23_get_client_hello: tls1 did not survive to restarts, so get rid of it.
Fix yet another bug for client hello handling.
Set s->version correctly for "natural" SSL 3.0 client hello
Add some debug-solaris-...-cc configurations.
typo in a comment
Update dependencies.
Document -startdate and -enddate in usage summary.
Keep line lengths < 80 characters.
typo
Fix typo that I introduced when reformatting lines.
Use a temporary file, not a pipe, for BN test because there are some broken bc's around.
Bugfix: avoid opening CAfile when it's NULL.
Honor BUFSIZZ definition in s_server, don't use tiny 32 byte buffer (which leads to truncation of client cipher list).
Fix typo in error message.
new control code BIO_C_RESET_READ_REQUEST
"make update"
Pass $(RANLIB) when doing "make install" in subdirectories; rsaref needs ist.
Use of DEVRANDOM must be #ifdef'ed (the #ifdef was commented out between SSLeay 0.8.1b and 0.9.0b with no apparent reason). If we *want* an error when DEVRANDOM is not defined (it always is with the current e_os.h) we should use #error.
Respect PEX_LIBS and EX_LIBS when building binaries (needed for RSAREF builds)
Improve support for running everything as a monolithic application.
Update Borland C++ builder support.
Report an error from X509_STORE_load_locations when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
Various randomness handling bugfixes and improvements -- some utilities that should have used RANDFILE did not, and -rand handling was broken except in genrsa.
New file app_rand.c with some functionality used in various openssl applications.
Don't be overly paranoid.
Warn about RANDFILE being overwritten.
Make md_rand.c more robust.
Always hash the pid in the first iteration in ssleay_rand_bytes, don't try to detect fork()s by looking at getpid(). The reason is that threads sharing the same memory can have different PIDs; it's inefficient to run RAND_seed each time a different thread calls RAND_bytes.
Avoid some warnings.
Undo silly change.
Avoid deadlock.
Store verify_result with sessions to avoid potential security hole.
Restore traditional SSL_get_session behaviour so that s_client and s_server don't leak tons of memory.
Add functions des_set_key_checked, des_set_key_unchecked. Never use des_set_key (it depends on the global variable des_check_key), but usually des_set_key_unchecked. Only destest.c bothered to look at the return values of des_set_key, but it did not set des_check_key -- if it had done so, most checks would have failed because of wrong parity and because of weak keys.
Use des_set_key_unchecked, not des_set_key.
Useless files deleted -- they were just copies of files of the same name in the apps/ directory (which were recently changed).
Add missing semicolon to make compiler happy, and switch back from MemCheck_start() to CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) because that is what applications should use (MemCheck_start/stop never really worked for applications unless CRYPTO_MDEBUG was defined both when compiling the library and when compiling the application, so probably we should get rid of it).
Add a comment.
Point out that openssl-bugs is public.
Avoid shadowing p to make the compiler happy.
- Don't assume that int and size_t have the same representation (and that malloc can be called with an int argument). - Use proper prototypes (with argument list) for various function pointers, avoid casts (however there are still many such cases left in these files). - Avoid collissions in app_info_cmp if sizeof int != sizeof long. - Use CRYPTO_LOCK_MALLOC in mem_dbg.c.
fix typos and other little errors ...
Rename CRYPTO_add_info => CRYPTO_push_info CRYPTO_remove_info => CRYPTO_pop_info in the hope that these names are more descriptive; and "make update".
Correct spelling, and don't abuse grave accent as left quote (which was allowed by old ASCII definitions but is not compatible with ISO 8859-1, ISO 10646 etc.).
fix comment
Delete NO_PROTO section (which apparently was just a typo for NOPROTO -- if anyone had actually ever needed that they should have fixed this typo)
Fix SSL_CTX_add_session: When two SSL_SESSIONs have the same ID, they can sometimes be different memory structures.
Don't request client certificate in anonymous ciphersuites except when following the specs is bound to fail.
Rename CA.pl to CA.pl.in (no actual changes), and let Configure set the #! line with the path to Perl.
Slight code cleanup for handling finished labels.
Use prototypes.
Use separate arrays for certificate verify and for finished hashes.
Use less complicated arrangement for data strutures related to Finished messages.
New functions SSL_get_finished, SSL_get_peer_finished.
add "UnixWare", treated like "unixware"
add V_CRYPTO_MDEBUG_ALL Submitted by: Reviewed by: PR:
make no-des and no-rc2 work.
apps/openssl.cnf and the documentation say it's "nombstr", but crypto/asn1/a_strnid.c had "nombchar".
CA.pl is now generated automatically (using CA.pl.in as input)
Use basename instead of complicated sed line.
Unify doc/openssl.pod and doc/man/openssl.pod, which were almost the same and now are identical. The next step will be to delete doc/openssl.pod, this is just to see the individual CVS deltas.
superseded by doc/man/openssl.pod
s_client and s_server now have their own man pages.
Clean up some of the SSL server code.
The buffer in ss3_read_n cannot actually occur because it is never called with max > n when extend is set.
add check for internal error
add dependency and auto-generation rule for bn_prime.h (created by bn_prime.pl, which now prints the copyright/license note as found in bn_prime.h)
Turn BN_prime_checks into a macro.
Note about CRYPTO_malloc_init
Use CRYPTO_push_info to find a memory leak in pkcs12.c.
note about things still to do with RAND_bytes
slightly change usage information
Use CRYPTO_push_info to track down memory leak (only the CRYPTO_push_info's in the apps/ directory are included in the CVS commit, not all those I used in crypto/)
Avoid shadowing variables, and re-enable seeding with more data than read from DEVRANDOM -- just don't pretend it contains entropy.
Avoid some warnings, and run "make update".
- Pseudo-seed the PRNG in programs used for "make test" because otherwise BN_rand will fail unless DEVRANDOM works, which causes the programs to dump core because they don't check the return value of BN_rand (and if they did, we still couldn't test anything).
In EVP_PKEY_assign[_...], return 0 for an error when they "key" is NULL.
Let "make test" survive without DEVRANDOM (and rename a target in test/Makefile.ssl to make it easier to guess the name of the file executed by it)
Delete "random" file .rnd in "make clean".
Enable memory checking earlier (we correctly free everything except for the BIO through which we print the memory leak list, and the leak printing function ignores this one block).
RAND_bytes's return values is 0 for an error, not -1.
add "randomness"
In ssl3_read_n, set rwstate to SSL_NOTHING when the requested number of bytes could be read.
SSL_R_UNSUPPORTED_PROTOCOL (as in s23_clnt.c) for SSL 2 when NO_SSL2 is defined, not SSL_R_UNKNOWN_PROTOCOL.
Define WINDOWS.
Define WINDOWS for Mingw32 and Cygwin.
Rename lst1 to list1 to avoid name conflict on some platforms.
Define WINDOWS in all Mingw32 cases.
mention manual pages
doc/man moved to doc/apps
Don't "goto err" in client_master_key because no such label exists; just return -1 as in other error cases.
add ERR_print_errors after "end" label.
In RAND_write_file, truncate the file to the no. of bytes written (we're now using fopen(..., "rb+") instead of fopen(..., "wb"), so the file is not truncated automatically).
Avoid integer overflow in entropy counter. Slightly clarify the RAND_... documentation.
change comments
update PRNG documentation/comments
As ftruncate is not availabe on all platforms, switch back to opening the output file with "wb" to truncate it except on VMS (where the file now keeps its original length because it is opened with "rb+" -- does VMS have ftruncate?)
Under VMS, ftruncate should be available
The des_xcbc_encrypt apparently always fails. Workaround so that "make test" continues anyway.
RAND_pseudo_bytes is good enough for encryption IVs, we should not need RAND_bytes (and we cannot use the latter unless we load a seed file)
RAND_load_file(..., -1) now means "read the complete file"; this is what we now use to read $RANDFILE / $HOME/.rnd. (Previously, after 'cat'ting lots of stuff into .rnd only the first MB would be looked at.)
Give the correct e-mail address even though the message is not quite serious
Document RAND_load_file change.
Improve clarity.
Avoid a race condition.
New manual page.
Clarification.
Some comments added, and slight code clean-ups.
Correct typos that ispell did not find.
Small correction.
Update references.
enable Montgomery test
Add a pointer to a paper (is the algorithm in section 4.2 the word-based algorithm we are using?)
Update comments to provide a better approximation of reality.
typo in a comment
A couple of things were reversed for BN_pseudo_rand ...
more information on 0.9.5
Make DSA_generate_parameters, and fix a couple of bug (including another problem in the s3_srvr.c state machine).
Tiny changes to previous patch (the log message was meant to be "Make DSA_generate_parameters faster").
Make output of "openssl dsaparam 1024" more interesting :-)
Documentation for BN_is_prime_fasttest.
Reference for SHA-1.
Change log entry completed.
Pointer to important manual page that should be written.
Typo in preprocessor symbol.
If n0 == d0, we must alway compute 'rem' "by hand"
rndsort{Miller, Rabin} primality test.
Tolerate negative numbers in BN_is_prime.
Include OpenSSL license.
Some 'const's for BNs.
Correct spelling as it was done in the source.
Use correct, not American spelling.
Report progress as in dsatest.c when creating a DHE key.
Generate just one error code if iterated SSL_CTX_get() fails. Avoid enabled 'assert()' in production library.
Commit patch to bn.h that CVS decided to throw away during 'cvs update', and initialize too_many because memset(..., 0, ...) is not used here.
Cosmetic changes.
Correction: openssl.c must get the long version of the apps_startup() macro
Memory leak.
Note about des_ncbc_encrypt.
16 * 8 = 128.
'passwd' tool.
Implement MD5-based "apr1" password hash.
Update.
Corrections.
Casts now unnecessary because of changed prototype.
Make sure the return value of by_file_ctrl(..., X509_L_FILE_LOAD, ...) aka X509_LOOKUP_load_file(...) is always 0 or 1, not the counter returned from the recently introduced function X509_load_cert_crl_file. X509_STORE_load_locations expects X509_LOOKUP_load_file to return 1 on success, and possibly there's other software that relies on this too.
add missing 'static'
Avoid potential conflicts between #defines in opensslconf.h and defines when compiling applications, and allow applications to select what #defines to enable -- OPENSSL_EXLUCDE_DEFINES enables the "#define NO_whatever" stuff only, which avoids potential severe confusion caused by "#define _REENTRANT" when opensslconf.h is not the first header file #included.
Stay compatible to older Perl5 releases (see diff -r1.11 -r1.12).
Change the example to show apr1 with an 8-character salt.
Keep variable names consistent with corresponding pre-processor symbols.
Allow for higher granularity of entropy estimates by using 'double' instead of 'unsigned' counters. Seed PRNG in MacOS/GetHTTPS.src/GetHTTPS.cpp.
Tolerate fragmentation and interleaving in the SSL 3/TLS record layer.
ignore Client Hellos when we're in handshake anyway
Workaround for irrelevant problem.
Move MAC computations for Finished from ssl3_read_bytes into ssl3_get_message, which is more logical (and avoids a bug, in addition to the one that I introduced yesterday :-) and makes Microsoft "fast SGC" less special. MS SGC should still work now without an extra state of its own (it goes directly to SSL3_ST_SR_CLNT_HELLO_C, which is the usual state for reading the body of a Client Hello message), however this should be tested to make sure, and I don't have a MS SGC client.
More news.
Move ssl3_do_write from s3_pkt.c to s3_both.c.
Fix some bugs and document others
Workarounds to make broken programs happy (such as s_client and s_server).
Avoid filename "test.c" because otherwise "make test" will invoke a default rule built into make.
Don't define platform-dependent preprocessor symbols for OPENSSL_THREAD_DEFINES.
Do fflush(stdout) when there was an error.
Don't use buffered fread() to read from DEVRANDOM, because this will drain the entropy pool.
Version 0.9.5beta2-dev (so that the next snapshot will not claim to be 0.9.5beta1).
handle entropy estimate correctly
Clarification.
Use threads for linux-ppc.
Ignore files that, well, should be ignored.
Fix warnings by using unsigned int where appropriate.
In "make clean", delete files created by "make report".
Fix off-by-one error :-)
Add OpenSSL licen[cs]e.
The previous revision should have generated _more_ warnings, not less ... The return value of handshake_func is signed, not unsigned.
Use unsigned loop index to make compilers happy
More get0 et al. changes. Also provide fgrep targets in CHANGES where the new functions are mentioned.
Add a comment.
Use standard header file string.h for memset prototype (where "standard" refers to the C language, probably there's also some standard that defines memory.h).
Switch to 0.9.6, and finally remove the annoying message about renamed header files.
Point to INSTALL.MacOS for MacOS pre X.
Check BN_rand return value.
'rand' application for creating pseudo-random files.
Document the 'rand' application.
'rand'/'-rand' documentation.
Change comment.
Use RAND_METHOD for implementing RAND_status.
Add missing dependencies.
Update comment.
Use RAND_pseudo_bytes, not RAND_bytes, for IVs/salts.
Use RAND_pseudo_bytes, not RAND_bytes, for IVs/salts.
Fix for previous patch: If RAND_pseudo_bytes returns 0, this is not an error.
New '-dsaparam' option for 'openssl dhparam', and related fixes.
Avoid potential memory leak in code generated by 'openssl dhparam -C'.
Use signed type where -1 may be returned.
Add an #include.
Note about PRNG error message for openssl command line tool.
Generate correct error reasons strings for SYSerr.
Change output text (ar is not a linker).
Read complete seed files given in -rand options.
There is no reason to use downcase letters throughout in error reason strings, it's just the default because it's usually ok.
Preserve reason strings in automatically build tables.
Add missing include (only MONOLITH builds were possible without it). Submitted by: Andrew W. Gray
Fix the indentation, and avoid a compiler warning.
{NEXT,OPEN}STEP don't have pid_t.
spelling
Clarification.
Manual page installation did not work if INSTALL_PREFIX was a relative path.
typo
another typo
Change to code generated by 'dhparam -C':
Always use fixed DH parameters created with 'dhparam -C', don't dynamically create them. This allows using ssltest for approximate performance comparisons: $ time ./ssltest -num 50 -tls1 -cert ../apps/server2.pem \ [-no_dhe|-dhe1024dsa|-dhe1024] (server2.pem contains a 1024 bit RSA key, the default has only 512 bits.) Note that these timings contain both the server's and the client's computations, they are not a good indicator for server workload in different configurations.
Mention -ign_eof.
Use signed types where necessary, and add missing functionality to make SSL_nread0 work.
On NeXT, ssize_t is int, not long (see <sys/types.h> -- the definition is activated only when _POSIX_SOURCE is defined).
Workaround for Windoze weirdness.
cleaning up a little
Remove Win32 assembler files. They are always rebuilt (with some choice of parameters) when they are needed.
Connection timings (using ISO C function clock()).
Copy DH key (if available) in addition to the bare parameters in SSL_new. If SSL_OP_SINGLE_DH_USE is set, don't waste time in SSL_[CTX_]set_tmp_dh on computing a DH key that will be ignored anyway.
Don't try to test the RSA command if it is not available.
Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
Update usage info
Corrections.
Include a timing test that works without RSA.
"openssl no-..." commands for avoiding the need to grep "openssl list-standard-commands".
Run test_ssl last -- it's the only test that really uses the SSL library in addition to the crypto library.
Clarifications for 'no-XXX'.
Correction.
typo
another typo
Remove "Makefile.uni" files and some related stuff. This was meant for building individual ciphers separately; but nothing of this is maintained, it does not work because we rely on central configuration by the Configure utility with <openssl/opensslconf.h> etc., so the files are only wasting space and time.
Use correct function names in SSLerr macros.
Insert a comment: This is one of the few files in this directory that is actually used (even though it may not appear so at first sight).
SSL_ALLOW_ADH no longer has a meaning.
Avoid a warning.
Remove CRYPTO_push/pop_info invocations to improve code readability -- I hope all memory leaks that may occur here have already been tracked down.
Point out the PRNG usage bug affecting openssl rsa. (Should we point to snapshots, or directly give the one-line patch?)
Eliminate memory leaks in mem_dbg.c.
Document pseudo-commands.
"make update"
Update for new hpux-parisc-cc-o4 entry.
Explain configuration options more completely.
List "no-..." option first because it's the most frequently needed one.
NeXT workaround.
Comments for SSL_get_peer_cert_chain inconsistency.
Fix typo in -clrext option, but add a compatibility hack because 0.9.5a should not break anything that works in 0.9.5.
'entropy >= ENTROPY_NEEDED' should be evaluated while the variables are locked.
Entry for ssleay_rand_status locking fix.
Extend entry on ERR_print_errors.
Avoid memory leak.
Clarifications.
In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites
"make update" for DSO additions.
Minor corrections.
New function ERR_error_string_n.
Ignore lib and Makefile.save.
Correction.
Warn about truncation also in the case when a single password is read using the password prompt.
Stylistic changes: Don't use a macro for the malloc'ed length since it is not constant.
Avoid leaking memory in thread_hash (and enable memory leak detection for it).
Add missing #include.
Fix a memory leak, and don't generate inappropriate error message when PEM_read_bio_X509_REQ fails.
Note apps/x509.c bugfixes.
When open()ing 'file' in RAND_write_file, don't use O_EXCL. This is superfluous now that we don't have to avoid creating multiple versions of the file on VMS (because older versions are now deleted).
typo
Add "FIXME" comment, and adjust the indentation.
Fix "FIXME" indentation :-)
Add required cast.
Avoid sprintf.
Avoid sprintf, and harmonize indentation.
Avoid sprintf.
Avoid sprintf
Implement SSL_OP_TLS_ROLLBACK_BUG for servers.
typo
Bugfix: clear error queue after ignoring ssl_verify_cert_chain result.
Improve PRNG robustness.
Add "FIXME" comment.
Move Windows seeding functions into a separate file. They have nothing to do with the particular PRNG (md_rand.c).
When compiling with /opt/SUNWspro/SC4.2/bin/cc on Solaris, __svr4__ is not defined, but __SVR4 is.
strtoul is not used anywhere.
dh and gendh have been obsoleted by dhparam.
typo
int may be smaller than 32 bits.
use consistent indentation
No need to abort if c_rehash fails here (e.g. because Perl is not where it is expected).
Speed up DH with small generator.
Use the equivalent of a sliding window (without precomputation because we're only handling words anyway) in BN_mod_exp_mont_word making it a little faster for very small exponents, and adjust the performance gain estimate in CHANGES according to slightly more thorough measurements. (15% faster than BN_mod_exp_mont for "large" base, 20% faster than BN_mod_exp_mont for small base.)
Add entry that Richard forgot.
Slightly faster DSA verification (BN_mod_exp2_mont), marginally faster BN_mod_exp for 1024 bit exponents.
Accept -F4 option in lower case, which is what the usage information says one should use.
Harmonize indentation.
Another attempt to allow compiling on SunOS 4.*.
Comment for increased code clarity.
Comment about bcopy on SunOS 4.x.
BN_mod_exp_mont_word entry: Don't give performance gain estimates that appear to be more precise than they really are, especially when they are wrong (2/(1/1.15 + 1) = ca. 1.0698).
In longer tests with g=2, DH exchange does not become quite as fast as expected -- maybe it's the different processor, maybe my previous timings were too inaccurate.
Use BN_CTX_end when exiting early from BN_mod_exp_mont_word because BN_mod_exp_atalla could be used.
This probably fixes a BN_rshift bug.
Report "error" (usually just "File exists", which is harmless) when symlink() fails.
There are compilers that complain if a variable has the same name as a label. (Reported by Alexei Bakharevski.)
In EVP_BytesToKey, replace explicit "8" by "PKCS5_SALT_LEN".
typo
Using speaking "variable" names in macros so that e.g. grepping for sk_whatever_insert and sk_whatever_set immediately reveals the subtle difference in parameter order.
Add OPENSSL_free at the end of CRYPTO_destroy_dynlockid.
Avoid unnecessary links and incomplete program file in apps/.
In BN_mod_exp_mont_word, avoid one application of BN_MOD_MUL_WORD, and for small 'a' also a couple of calls to BN_mod_mul_montgomery(r, r, r, ...).
Actually comment out the parts of BN_MOD_MUL_WORD that I inteded to comment out in the previous commit
BSD-style MD5-based password algorithm in 'openssl passwd'. (Still needs to be tested against the original using sample passwords of different length.)
Don't dereference NULL pointers. Submitted by: bowe at chip.ma.certco.com
Fix code structure (if ... else if ... where both parts may be disabled by preprocessor symbols)
Return bignum '0' when BN_rand is asked for a 0 bit random number.
Add an early reference to BN_CTX_new so that the usage of BN_CTX_start is easier to grasp.
Document -purpose option in usage string.
Bugfix: use write locks, not just read locks
crypto/err.c bugfix
Fix SSL 2.0 rollback checking: The previous implementation of the test was never triggered due to an off-by-one error.
Document rollback issues.
Update 'openssl passwd' documentation on selection of algorithms.
Include SKIP DH parameters with OpenSSL. These have been created by a SHA.1 based procedure, see http://www.skip-vpn.org/spec/numbers.html. (These values are taken from that document, I have not implemented the prime generator.)
-N option to diff is not essential, and mentioning it is unnecessarily confusing to people whose diff doesn't implement it.
QNX 4 support.
Use C syntax, not FORTRAN or whatever that was :-)
Undo change from 1.7 to 1.8:
Tell CVS to ignore 'lib'.
Include MD4 in documentation.
-Wall insists that main return an int.
Fix for BN_mul_word(a, 0).
Avoid abort() throughout the library, except when preprocessor symbols for debugging are defined.
Use consistent indentation,
Consistency
Remove silly test for b->references at the end of BIO_write: If some other thread deletes the BIO that one thread needs for BIO_write, then there's a lot of trouble anyway; there's nothing special about calling the callback.
Ignore Makefile.save
Increase print buffer (10K instead of just 2K).
Mention fix in bio_lib.c.
Clarification for SSL_ERROR_ZERO_RETURN
Add rsautl.
update
Add OAEP. Seed the PRNG.
typo
Changes for QNX: there is no thread support, and the previous configuration only worked with no-asm.
'make update'
Fix X509_STORE_CTX_init. Make indentation more consistent. Dump core less often.
More indentation consistency: for (), while (), if (), return () usually get a space between keyword and opening paranthesis so that they don't look like function calls, where no space is used.
Another round of indentation changes: Position braces consistently, add some whitespace for 'if ()', 'for ()', 'while ()' to distinguish keywords from function names, and finally remove parens around return values (why be stingy with whitespace but fill the source code with an abundance of parentheses that are not needed to structure expressions for readability?).
Another superfluous pair of parentheses.
See RSA Security's press release at http://www.rsasecurity.com/news/pr/000906-1.html (September 6, 2000): "RSA Security Releases RSA Encryption Algorithm into Public Domain"
Get rid of ASN1_UTCTIME_get, which cannot work with time_t return type (on platforms where time_t is a 32 bit value).
Use name ...-whatever-solaris2 instead of ...-sun-solaris2 (the middle string describes the architecture).
clarification (source/sink BIOs are usually *both* source and sink)
New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default behaviour that SSL_read may result in SSL_ERROR_WANT_READ.
'make update'
Some small clarifications.
Clarification.
Change spelling back to "behaviour" and "flavour" instead of the American variants.
TLS => TLS/SSL
SSL => TLS/SSL
Rename new BIO_set_shutdown_wr macro to just BIO_shutdown_wr (it's similar to the shutdown(..., SHUT_WR) system call for sockets).
Disable buggy code variant in BN_mod_mul_montgomery that was enabled in 0.9.6-beta1 and 0.9.6-beta2 and caused the BN_mont_exp_mont_word() failure (bug report "openssh 2.2.0p1 fails with openssl 0.9.6-beta1").
Document BN_mod_mul_montgomery bug; make disabled code slightly more correct (this does not solve the problem though).
Clarification about Montgomery problem
Totally remove the supposedly 'faster' variant in BN_mod_mul_montgomery, which calls bn_sqr_recursive without much preparation.
Additions for 0.9.6.
Avoid protocol rollback.
typo
Fix SSL_CTX_set_read_ahead macro.
Don't modify s->read_ahead in SSL_clear, which is called from accept/connect functions; those should not change the read_ahead setting of the SSL structure.
Set s->read_ahead in SSL_new because SSL_clear no longer modifies it.
Note read_ahead-flag related fixes.
Add BUGS section.
Verbose output when installing manual pages so that you see that something is going on (and what).
BIO_sock_init() returns 1 for success and -1 for failure, not 0; thus the condition '!BIO_sock_init()' doesn't make sense.
Don't ever set 'seeded' if RAND_status() returned 0 (although maybe this static variable should be abolished totally, it was introduced before RAND_status existed).
internal_verify now does know about extensions
Cert chain verification is useable by now. Whether Steve is still working on 'proper' verification is up to him to decide ...
rsautl.c requires RSA.
Never call load_dh_param(NULL) because this leads to an illegal fopen(NULL).
avoid memory leak
handle the case when BN_new returns NULL
Handle BN_copy failure after successful BN_new.
BN_CTX-related fixes.
tmp2 is not used in BN_mod_mul_montgomery.
add missing word
Point to SSL_set_bio(3) early because that manpage provides information that is essential for using BIO pairs.
Additional explanations for SSL_ERROR_WANT_READ/WRITE.
Constify bn_dump1 implementation so that it matches the prototype in bn.h
Improve usability of 'openssl passwd' by including password verification where it makes sense.
Documentation on using the SSL library with non-blocking I/O.
tag SSL_peek bugs
include 'err' label only when it is actually used
Increase permissible ClientKeyExchange message length.
Elliptic curves over GF(p), new BIGNUM functions, Montgomery re-implementation.
Remove CR at line ends.
modular arithmetics
Add bn_mod.c (should have happend in the previous commit ...).
More BN_mod_... functions.
Change submitted files so that they compile (in particular, use BN_CTX_start/get/end instead of accessing ctx->tos).
Change submitted files so that they compile (in particular, use BN_CTX_start/get/end instead of accessing ctx->tos).
Fix BN_is_... macros. Fix BN_gcd. Analyze BN_mod_inverse. Add BN_kronecker. "make update".
Undo previous commit, which was an accident.
Add bn_kron.c (BN_kronecker), which I forgot in the previous commit.
Add test_kron function, which will contain a test for BN_kronecker.
Disable SSL_peek until it is fixed.
Comments on SSL_peek deficiencies
Correct a bug in BN_kronecker.
Note that SSL_peek has been disabled.
Timings.
Use BN_pseudo_rand instead of BN_rand
Improve BN_mod_inverse performance.
Make BN_mod_inverse a little faster
avoid segmentation fault
Implement BN_kronecker test.
Expand expspeed.c to make BN_kronecker timings. This caused a segmentation fault in calls to malloc, so I cleaned up bn_lib.c a little so that it is easier to see what is going on. The bug turned out to be an off-by-one error in BN_bin2bn.
BN_bin2bn did *not* contain an off-by-one error; I'm still investigating what caused the segementation fault (maybe "make clean; make" will cure it ...). But BN_bin2bn should always reset ret->neg.
Fix warnings in expspeed.c (but the segmentation fault remains)
add missing braces
BN_to_montgomery expects its inputs to be in the interval 0 .. modulus-1, so we have to reduce the random numbers used in test_mont.
Fix BN_kronecker so that it works correctly if 'a' is negative (we need the two's complement of BN_lsw then).
mark a bug
BN_legendre is no longer needed now that OpenSSL has BN_kronecker.
BN_sqrt
BN_mod_sqrt
Handle special cases correctly in exponentation functions.
Fix bntest.c problem -- one of the primes got lost
bn_modfs.c is no longer needed, a BN_sqrt implementation exists in bn_sqrt.c now
Move reduction step from BN_mod_exp to BN_mod_exp_mont_word. Fix BN_mod_exp_simple for a==0 (mod m). Skip useless round in BN_mod_sqrt (1 is always a square, no need to test BN_kronecker for it).
BN_mod_exp problems ...
Corrections to the comments in BN_mod_inverse.
Changes to Lenka's Montgomery implementation.
It's "#elif", not "#elsif".
BN_mod_exp(r,a,p,m,ctx) should not be called with r == p. But even if this is avoided, there are still segmentation violations (during one of the BN_free()s at the end of test_kron in some cases, in other cases during BN_kronecker, or later in BN_sqrt; choosing a different exponentiation algorithm in bntest.c appears to influence when the SIGSEGV takes place).
Remove randomness from the test. These constants give me a segment violation in test_kron on a 32 bit system.
Fix BN_rshift, which caused lots of trouble.
Fix the recently introduced test that checks if the result is 0
COMP_zlib should always be declared, even if it is not functional.
update
"make depend"
functionality for BN_mod_sqrt timings
Don't allow BIGNUMs to become so large that computations with dmax might overflow.
include <limits.h>
Change error message to "bignum too long"
Improve formatting.
Discuss http://www.shoup.net/papers/oaep.ps.Z
Workaround for broken (or missing) bc.
Add a comment.
Use bc's "print" feature whenever it is available, not just on certain platforms.
Printing "verify ..." should not be counted as a test for the "xxx tests passed" message.
Faster BN_mod_sqrt algorithm for p == 5 (8).
BN_mod_sqrt documentation/comment
Move 'q->neg = 0' to those places where it is needed (just in cases someone uses a negative modulus)
Sign-related fixes (and tests).
TEST_MUL and TEST_SQR added.
Fix some things that look like bugs.
Placeholder for SCO bc bug detection
Don't throw away bctest's error messages.
Use continuation lines in test/bctest as far as it is possible to dermine what the expression should look like. Apparently CVS does not like lines longer than about 2^10 characters.
Change/add comments
Update.
First step towards SSL_peek fix.
The BN_mul bug test apparently is no longer needed
typo
Very few in the "README" is up-to-date
The C version of bn_sub_part_words is needed not only in NO_ASM configurations
Locking issues.
If CONF_get_string returns NULL and we want to tolerate this (e.g., use a default), we have to call ERR_clear_error().
Simplify preprocessor statements.
When mentioning features that don't exist in current releases of OpenSSL (such as the new undocumented '-prexit' option to s_client), the FAQ should point out that they don't: The FAQ is not just part of the release, it's current version is also published on the web.
undo previous change: '-prexit' is already available in current versions of s_client
Obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX structures and setting rsa->_method_mod_{n,p,q}.
Comment correction.
Import s2_pkt.c wbuf fixes from OpenSSL_0_9_6-stable branch.
Add a comment (intended change)
Don't hold CRYPTO_LOCK_RSA during time-consuming operations.
fix indentation
Split a CHANGES entry so that one of the halves matches the corresponding new entry in the OpenSSL_0_9_6-stable branch.
Don't access non-existing element buf[256], use buf[255] instead.
Fix SSL_peek and SSL_pending.
Finish SSL_peek/SSL_pending fixes.
Get rid of unused error code.
Change prototypes for new CRYPTO_..._mem_ex_functions functions so that they match the function definitions (namely, remove file/line parameters from free_func).
Fix C code generate by 'openssl dsaparam -C'.
Add a pointer to digest options in the description of -fingerprint.
'char' argument to islower must be converted to 'unsigned char'
Add SSLEAY_DIR argument code for SSLeay_version. Add '-d' option for 'openssl version' (included in '-a').
make indentation consistent
Last time I asked, no-one appeared to remember if these "NEEDS PATCH" entries are still current or what they are about:
Add new items: - 0.9.6a is under development - a couple of illegal includes of <openssl/e_os.h> should be purged - ex_data sucks
Use $(PERL) in place of hard-coded perl
Pass ${PERL} down to the Makefile in sub-directory "test" in "make tests"
It's silly to use a different default for PERL than in the top Makefile. (The default is never actually used though because the top Makefile passes its value of PERL down to sub-Makefiles.)
After discussion with Richard, change the new API for extended memory allocation callbacks so that it is no longer visible to applications that these live at a different call level than conventional memory allocation callbacks.
No functional change, but slightly improved code clarity.
New -newreq-nodes option to CA.pl.
Remove "AVAILABLE PATCH" that has now been applied.
When we are waiting for user action, we should say this explicitly.
note strncpy problem
isspace must be used only on *unsigned* chars
New 'openssl ca -status <serial>' and 'openssl ca -updatedb' commands.
Disable RegQueryValueEx() call. Problem reported by "Wolfgang Marczy" <WMarczy at topcall.co.at> in a message to openssl-dev (19 Dec 2000 13:40:51 +0100).
New '-extfile' option for 'openssl ca'. This allows keeping extensions in a separate configuration file.
Fix openssl passwd -1
More on the e_os.h mess ...
Use OpenSSL_add_all_algorithms instead of the backwards compatibility alias SSLeay_add_all_algorithms
For improved compatibility with 'strange' certificates, add some digest aliases (as found in OpenSSL_add_all_digests).
EVP_add_digest_alias additions to SS_library_init
Update "OAEP reconsidered" comment
update
Comment and indentation
Remove serial number file during 'make clean'.
Include string.h (whis is in all relevant standards) instead of memory.h (which is not).
don't dump core
Avoid coredumps for CONF_get_...(NULL, ...)
platform specific CFLAGS don't belong into this Makefile
Integrate my implementation of a countermeasure against Bleichenbacher's DSA attack. With this implementation, the expected number of iterations never exceeds 2.
oops -- remove observation code
Change comments. (The expected number of iterations in BN_rand_range never exceeds 1.333...).
Another comment change. (Previous comment does not apply for range = 11000000... or range = 100000...)
add linux-s390 configuration (based on information submitted by Denis Beauchemin <Denis.Beauchemin at Courrier.USherb.ca>)
fix editing error
Simplify BN_rand_range
use case-insensitive comparison in set_table_opts (similar to how arguments such as -inform/-outform specifications are treated)
disable stdin buffering in load_cert
Add German SiG root certificates (extracted from the official cert registry file http://www.nrca-ds.de/ftp/pkd.ttp, which contains a total of 288 certificates issued by the RegPT so far)
Oops: It's RegTP, not RegPT ...
Add uid.{c,o}
Memory leak detection bugfixes for multi-threading.
Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1.
update
honour '-no_tmp_rsa'
include e_os.h as "openssl/e_os.h" (as elsewhere)
undo previous change: "e_os.h" is now the official name for the file to include (but the OpenSSL_0_9_6-stable branche still has inconsistencies)
e_os.h problems have been solved in the main branch.
EC_set_half and the 'h' component of struct bn_ec_struct are unnecessary. The computations for which h was used can be done more efficiently by using BN_rshift1.
increase emailAddress_max
New option '-subj arg' for 'openssl req' and 'openssl ca'. This sets the subject name for a new request or supersedes the subject name in a given request.
Move ec.h to ec2.h because it is not compatible with what we will use.
Add more EC vaporware (empty source code files I missed in my previous commit).
Add yet another (still empty) source code file that I forgot.
Another file I had forgotten to add.
Some declarations that outline what I intend to implement.
Change comments.
Add EC_GROUP_new_GFp prototype.
Add BN_CTX arguments where appropriate.
New function declarations.
'is_at_infinity' tests don't need a BN_CTX.
Change obj_... generation so that it does not generate rubbish or abort with errors if no name is defined for some object, which was the case for 'pilotAttributeType 27'.
Add a few 'const's
Implement dispatcher for EC_GROUP and EC_POINT method functions.
Fix ERR_R_... problems.
In clear_free, clear the complete structure just in case the method misses something.
Oops ...
extra_data 'mixin'. (This will be used for Lim/Lee precomputation data.)
The next bunch of vaporware.
Optimized EC_METHODs need specific 'set_curve' and 'free' functions.
..._init functions are method-specific too (they can't do much useful, but they will have to set pointers to NULL)
Some actual method functions (not enough yet to use the EC library, though), including EC arithmetics derived from Lenka Fibikova's code (with some additional optimizations).
More method functions.
More method functions for EC_GFp_simple_method.
More 'TODO' items.
Let EC_POINT_copy do nothing if dest==src
Get rid of '#define ERR_file_name __FILE__', which is unnecessary indirection. (It cannot possibly help to avoid duplicate 'name of file' strings in object files because the preprocessor does not work at object file level.)
Order ERR_load_... calls like the stuff in err.h.
Integrate ectest.c (which does not yet do anything).
Sort openssl.ec, the configuration file for mkerr.pl.
Throw out *all* absolute pathnames, not matter what they look like. The filenames we are interested in for Makefile dependencies are always relative.
Integrate ec_err.[co].
Constify BN_value_one.
avoid compiler warning
Hide BN_CTX structure details.
Comment
Bugfix: previously the serial number file could turn negative because an incompletely initialized ASN1_INTEGER was used.
More method functions for elliptic curves, and an ectest.c that actually tests something.
Fixes to make 'no-ec' work (it should not turn 'objects' into 'objts' for example)
Implement EC_GFp_mont_method.
Avoid problems with multi-line NAME sections.
add ssl23_peek
ssl23_peek
Fix ec_GFp_simple_cmp.
Consistently use 'void *' for SSL read, peek and write functions.
Workaround for solaris64 linking problem (explicit "ar rs" is needed to create a symbol table).
Instead of telling both 'make' and the user that ranlib errors can be tolerated, hide the error from 'make'. This gives shorter output both if ranlib fails and if it works.
More EC stuff, including EC_POINTs_mul() for simultaneous scalar multiplication of an arbitrary number of points.
Remove files from Lenka's EC implementation.
comment and error code update
Change timing output: We don't have "exponents" here, curves are considered additive
use fflush
handle negative scalars correctly when doing point multiplication
Add functions EC_POINT_mul and EC_GROUP_precompute. The latter does nothing for now, but its existence means that applications can request precomputation when appropriate.
Timings are not supposed to be enabled by default ...
Forcibly enable memory leak checking during "make test"
EC_METHOD based on bn_mont2 (not used in the library)
Add various X9.62 OIDs. (GF(2^n) mostly left out.)
Rename function EC_GROUP_precompute to EC_GROUP_precompute_mult, which indicate its purpose more clearly.
fix memory leak in err.c
Use err_clear_data macro
typo
Fix: return 0 if no error occured.
The former ULTRASPARC preprocessor symbol is now called OPENSSL_SYSNAME_ULTRASPARC, so we'd better check for that one
More error_data memory leaks
error codes are longs, not ints
avoid infinite loop
Completely remove mont2 stuff. It does not appear to be faster than the current Montgomery code except for very small moduli (somewhere between 192 and 224 bits in a 64-bit Sun environment, and even less than 192 bits on 32 bit systems).
Explicitly ignore the exit code of ./bctest. Usually the shell ignores it anyway in command substitution, but Ultrix reportedly aborted the test when bctest returned 1.
Update.
Table for window sizes.
Increase boundaries in EC_window_bits_for_scalar_size table.
Tag EC_GFp_{nist,recp}_method as "NOEXIST" because they have not yet been implemented.
Update docs.
Harmonize CHANGES and STATUS files between the 0.9.6a branch and the trunk to keep diffs small.
Add missing '#ifndef OPENSSL_NO_DSA'.
Fix bctest, and add a workaround that should solve the problem with FreeBSD's /bin/sh.
News for 0.9.6a.
For -WWW, fix test for ".." directory references (and avoid warning for index -1).
this time *really* fix the /../ check ...
avoid buffer overflow
This change should be suitable as a workaround for the Solaris x86 compiler bug reported in <01032110293775.22278 at weba3.iname.net> (the '++seq[i]' condition is evaluated as 256 rather than 0 when the previous value is 255).
Make sure OPENSSL_SYS_... is defined when we need it.
Fix warnings.
don't use shell functions
Don't use 'tt' uninitialized when reporting an error (we don't have an ASN1_TEMPLATE to complain about at this stage, so errtt == NULL should be OK)
Avoid assert() in the library.
'||', '&&' and 'test -x' apparently don't work on Ultrix; also 'test' appears to be available as '[' only in 'if' conditions.
avoid '||' since Ultrix apparently doesn't understand it
binary algorithm for modular inversion
code documentation
comment
update (0.9.6a)
Adjust BN_mod_inverse algorithm selection according to experiments on Ultra-Sparcs (both 32-bit and 64-bit compilations)
Mention automatically queried EGD sockets (OpenSSL 0.9.7).
Add information on 0.9.6a (in a form such that the list can be verified by looking at 'diff -u ../openssl-0.9.6a/CHANGES CHANGES')
update from 0.9.6a
undo previous change ...
update so that changes going into the 0.9.6 tree can be logged
fix md_rand.c locking bugs
typo
bctest changes for Ultrix (don't return 1 from bctest, otherwise make aborts)
.rnd issues
fix an old entry
restore change undone in 1.831 (apparently by accident)
increase DEFAULT_BUFFER_SIZE (4K instead of just 1K)
Fix Bleichenbacher PKCS #1 1.5 countermeasure. (The attack against SSL 3.1 and TLS 1.0 is impractical anyway, otherwise this would be a security relevant patch.)
when checking OAEP, signal just a single kind of 'decoding error'
OAEP fix
Earlier OpenSSL versions printed prompts to stderr. In the new crypto/ui/, this was changed into tty (which is usually /dev/tty), i.e. the FILE * used for reading passwords from the user. However stdio buffering for read/write streams is not without pitfalls (passwords would be echoed on some systems). To avoid problems, split tty into tty_in and tty_out (which are opened separately).
Add directory name to the entry on /crypto/ui/.
even use of default engines leaks memory
For MSDOS, the tty filename still is "con", not "/dev/tty" ...
pay attention to blocksize before attempting decryption
Translate into valid C (don't call functions with wrong prototypes).
DSA verification should insist that r and s are in the allowed range.
Entry for Andy's mips3.s fix.
Call ENGINE_cleanup() to avoid memory leak.
Engine memory leaks have been fixed by now.
Align with 0.9.6-stable CHANGES file, and make some corrections.
Precomputation will not necessarily be LIm-Lee precomputation.
In version numbers, there is just one "M" nybble.
Fix PRNG.
comment change
For consistency with the terminology used in my SAC2001 paper, avoid the term "simultaneous multiplication" (which -- acording to the paper, at least -- applies only to certain methods which we don't use here)
Avoid race condition.
avoid warnings
add a comment
always reject data >= n
md_rand.c thread safety
Don't preserve existing keys in DH_generate_key.
DH key generation should not use a do ... while loop, or bogus DH parameters can be used for launching DOS attacks
Undo DH_generate_key() change: s3_srvr.c was using it correctly
length of secret exponent is needed only when we create one
remove a comma
Reinsert typedef'ed names for structs to help those trying to read the sourcecode (including fgrep)
More typedef'd struct names as search targets
Bugfix: larger message size in ssl3_get_key_exchange() because ServerKeyExchange message may be skipped.
add missing link
rearrange #includes because trying to include <crypto/cryptodev.h> is a bad idea if OPENSSL_OPENBSD_DEV_CRYPTO is not defined
Use uniformly chosen witnesses for Miller-Rabin test (by using new BN_pseudo_rand_range function)
Rename recently introduced functions for improved code clarity: [DR]SA_up => [DR]SA_up_ref
delete redundant ERR_load_CRYPTO_strings() prototype
OpenSSL copyright notices ...
CHANGES should list all API changes relevant for applications (here: X509_STORE_CTX_init())
changing something requires a write lock, not a read lock
Now that we have ERR_unload_strings(), ERR_load_ERR_strings() must always load its strings because they might have been unloaded since the 'init' flag was deleted.
typo
Solaris <string.h> does not declare 'strdup' if _XOPEN_SOURCE is defined.
-mcpu=i486 vs. -m486 ...
Oops, wrong line
Oops^2: It was the correct line, but an incorrect change.
Renaming DH_up to DH_up_ref does not warrant a CHANGES entry of its own as the functions were only introduced a couple of days ago.
Mention DSO_up => DSO_up_ref renaming
fix formatting so that the file can be view with any tab-width
improve OAEP check
Totally get rid of CRYPTO_LOCK_ERR_HASH.
Avoid strdup.
The various hash #includes in rand_lcl.h *are* needed despite <openssl/evp.h> is now used (MD_DIGEST_LENGTH definitions!). No need to include such headers directly in md_rand.c.
Fix apps/openssl.c and ssl/ssltest.c so that they use CRYPTO_set_mem_debug_options() instead of CRYPTO_dbg_set_options(), which is the default implementation of the former and should usually not be directly used by applications (at least if we assume that the options accepted by the default implementation will also be meaningful to any other implementations).
Delete pointless casts
copyright
Get rid of hazardous EVP_DigestInit_dbg/EVP_DigestInit case distinction (which does not work well because if CRYPTO_MDEBUG is defined at library compile time, it is not necessarily defined at application compile time; and memory debugging now can be reconfigured at run-time anyway). To get the intended semantics, we could just use the EVP_DigestInit_dbg unconditionally (which uses the caller's __FILE__ and __LINE__ for memory leak debugging), but this would make memory debugging inconsistent. Instead, callers can use CRYPTO_push_info() to track down memory leaks.
Get rid of hazardous EVP_DigestInit_dbg/EVP_DigestInit case distinction (which does not work well because if CRYPTO_MDEBUG is defined at library compile time, it is not necessarily defined at application compile time; and memory debugging now can be reconfigured at run-time anyway). To get the intended semantics, we could just use the EVP_DigestInit_dbg unconditionally (which uses the caller's __FILE__ and __LINE__ for memory leak debugging), but this would make memory debugging inconsistent. Instead, callers can use CRYPTO_push_info() to track down memory leaks.
typo
Update so that progs.h can indeed be automatically generated
add AES ciphers
exclude disabled message digests
avoid warning ('const' discarded)
fix memory leak
restore previous revision -- memory leak should be fixed in mem.c
remove an old comment
fix memory leak (I think)
While ispell may not like it, "cancelling" may be spelt with two "l"s
ex_data situation is no longer that bad
update
add 'release showstopper' entry
avoid "statement not reached" warning
add details
Get rid of junk (deleted/renamed function) by rebuilding based on 0.9.6 tree.
add comment
Another demo.
Change Makefile so that it works without any additional changes at least on Solaris
comments
Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't reveal whether illegal block cipher padding was found or a MAC verification error occured.
fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case
make update
New function SSL_renegotiate_pending(). New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
Bugfix: correct cleanup after sending a HelloRequest
Disable session related stuff in SSL_ST_OK case of ssl3_accept if we just sent a HelloRequest.
bugfix: handle HelloRequest received during handshake correctly
crypto/idea and crypto/rijndael were missing in the list of directories that may have been deleted
The 'no-rijndael' option must define OPENSSL_NO_AES because that is what we look for in crypto/evp.
avoid everything resembling a magic trigraph
ignore binary
comment
'openssl speed' does not include AES support yet
'openssl rsa' etc. should include AES support in addition to DES
the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK case of ssl3_accept
Fix ssl3_get_message handle message fragmentation correctly.
make sure .rnd exists
Change ssl3_get_message and the functions using it so that complete 'Handshake' protocol structures are kept in memory, including 'msg_type' and 'length'.
For consistency, set s->init_num in the 'reuse_message' case (if s23_srvr.c faked the message, s->init_num is 0).
The message header for fake SSL 3.0/TLS 1.0 client hellos created from SSL 2.0 client hellos added with the previous commit was totally wrong -- it must start with the message type, not the protocol version. (Not that this particular header is actually used anywhere ...)
Add per-SSL 'msg_callback' with 'msg_callback_arg'. Both have per-SSL_CTX defaults. These new values can be set by calling SSL[_CTX]_[callback_]ctrl with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG.
document SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
gcc complained about "write" being shadowed even though the "write" variable name occured just in a function *prototype* -- so rename it
New functions SSL[_CTX]_set_msg_callback(). New macros SSL[_CTX]_set_msg_callback_arg().
Call msg_callback with correct length parameter if ssl3_write_bytes had to be called multiple times
Fix memory leak.
Fix SSL handshake functions and SSL_clear() such that SSL_clear() never resets s->method to s->ctx->method when called from within one of the SSL handshake functions.
Assume TLS 1.0 when ClientHello fragment is too short.
Consistency with s2_... and s23_... variants (no real functional change)
filenames are des_old.[ch], not des.comp*
Add '-noemailDN' option to 'openssl ca'. This prevents inclusion of the e-mail address in the DN (i.e., it will go into a certificate extension only). The new configuration file option 'email_in_dn = no' has the same effect.
mention des_old.h
remove redundant definitions that are also in des.h
Like MD_Init, MD now must include a NULL engine pointer in its definition.
disable caching in BIO_gethostbyname
Consistency fix in BUF_MEM_grow: Initialise to zero when new memory had to be allocated, not just when reusing the existing buffer.
Note BUF_MEM_grow() consistency fix.
Don't define _REENTRANT here in e_os.h. On systems where we need _REENTRANT if threads support is enabled, the ./Configure entry must define it so that it ends up in CFLAG.
clarify
cast to 'unsigned long' before using ~ if we need an unsigned long result
adjust to OpenSSL_0_9_6-stable version
2001, not 2000
Implement msg_callback for SSL 2.0.
more output for SSL 2.0 in our msg_callback
msg_callback documentation
remove incorrect 'callback' prototype
make code a little more similar to what it looked like before the fixes, call ssl2_part_read again to parse error message
Order chronologically: move entry for recent s2_clnt.c/s2_srvr.c fixes (nearly) to the top.
add changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c
the PRNG race conditions were mostly a theoretical issue, remove from NEWS
Add unixware-7-gcc as in 0.9.6 branch (except that we need a 'sys_id' field here, which is left empty).
information on 0.9.6c-engine
synchronise with 0.9.6 stable branch
consistency between main branch and stable branch
cast to unsigned int, not to int to avoid the warning -- all these values really are unsigned
remove obsolete entry
Improve EC efficiency.
comments etc.
use a more interesting test case
comment
avoid stupid compiler warning
wNAFs use does not bring that much performance on Sparcs (where elliptic curves are are relatively faster than on PCs anyway)
comment
OS/390 support
check OPENSSL_NO_... before including header files that might be disabled
fix submitted by Andy Schneider <andy.schneider at bjss.co.uk> (in main branch, hn_ncipher.c is already correct)
info on 0.9.6 engine branch
For future portability reasons MIT is moving all macros to function calls. This patch allows compilation either way.
discuss -name and default_ca more correctly (I hope)
Fix: 2.5.29 is "id-ce", not "ld-ce" (sort of a typo in objects.h).
crypto/objects stuff
fix warnings (one of them was clearly justified)
fix BN_rand_range
consistency with 0.9.6 stable "CHANGES"
remove redundant ERR_load_... declarations
oops
formatting consistency
update FAQ and CHANGES file (0.9.6c has been released)
fix EVP_CIPHER_mode macro
add automatically generated ERR_load_... prototype
Changes that break something should be included in CHANGES to make it easier to fix things.
fix 'Configure TABLE' output
synchronize with engine-0.9.6 tree
add documentation for SSLeay_version(SSLEAY_DIR) and 'openssl version -d'
add a sentence previously deleted by accident
Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if the SSL_R_LENGTH_MISMATCH error is detected.
Bugfix: In ssl3_accept, don't use a local variable 'got_new_session' to indicate that a real handshake is taking place (the value will be lost during multiple invocations). Set s->new_session to 2 instead.
run test_evp before test_ssl
disable broken code
Reword CHANGES entry for _old_des_..., as it was a little complicated syntactically.
New functions ERR_peek_last_error ERR_peek_last_error_line ERR_peek_last_error_line_data (supersedes ERR_peek_top_error).
fix formatting of automatically generated error section
sort functions ...
Undo previous change, X509_check_issued() was correct. [See Message-ID: <3BB07999.30432AD2 at celocom.com> Date: Tue, 25 Sep 2001 13:33:29 +0100 From: Dr S N Henson <drh at celocom.com> To: openssl-dev at openssl.org Subject: Re: Error in v3_purp.c ]
add a wish
We should implement a countermeasure against the predictable-IV CBC weakness in SSL/TLS
add support for named curves
new locks
some modifications to named curve support
ECDSA support
EC_GROUP_get_group_by_name() is now called EC_GROUP_new_by_name()
don't call OPENSSL_config(), this does not make any sense during "make test"
move ECDSA test right after EC test
fix memory leak
fix '-C'
'-C' is still quite broken
make it possible to disable memory checking for timings
fix indentation
bugfix: allocate sufficiently large buffer
typo
simplifications
disable '#ifdef DEBUG' sections
disable '#ifdef DEBUG' sections
Add 'void *' argument to app_verify_callback.
use ERR_peek_last_error() instead of ERR_peek_error() to ignore any other errors that may be left in the error queue
use ERR_peek_last_error() instead of ERR_peek_error()
'#if OPENSSL_VERSION_NUMBER >= ...' to document the recent change
disable '#ifdef DEBUG' code
more X9.62 OIDs
fix 'ecdsaparam -C' output
typo
fix printf call
fix 'ecdsaparam -C'
Rephrase statement on the security of two-key 3DES.
reference counting for EC_GROUP structures is not needed (at the moment at least), so remove it
add SECG OIDs
Add more curves. Submitted by: Nils Larsch
fix spacing
EC curve stuff
asm/mips3.o problems
use BIO_nwrite() more properly to demonstrate the general idea of BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not in general)
Fixes for 'no-hw' combined with 'no-SOME_CIPHER'. Fix dsaparam usage output.
add OIDs for WAP/TLS curves
fix ssl3_pending
Rename 'cray-t90-cc' into 'cray-j90'. Add to 'config'.
fix #include position
Fix bugs and typos. Add some WTLS curves. New function EC_GROUP_check() (this will probably be implemented differently soon).
Fix typo.
New function EC_GROUP_check_discriminant(). Restructure implementation of EC_GROUP_check().
fix DH_generate_parameters for general 'generator'
fix conditational compilation for OPENSSL_NO_...
add missing declaration
fix memory leak
fix warnings
add usage examples
fix ECDSA handling
harmonize capitalization
ECDSA representation bugfixes
clean up and synchronize with 0.9.6-stable
looks like a typo
Implement known-IV countermeasure.
fix length field we create when converting SSL 2.0 format into SSL 3.0/TLS 1.0 format (the bug was introduced with message callback support)
remove disabled code
get rid of some assignments that have become obsolete
check return values
'version' is not optional in the encoding
'version' is not optional in the encoding
fix usage (no 'key')
AlgorithmIdentifier bugs
oops
new items for 0.9.7
Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not encoded as NULL) with id-dsa-with-sha1.
undo nonsense patch (r *is* signed or we have signedness mismatches elsewhere)
fix casts
disable AES ciphersuites unless explicitly requested
improve wNAF generation
update
fix warning
refer to latest draft for AES ciphersuites
ensure that, for each strength, RC4 ciphers have least preference in the default ciphersuite list
Fix ciphersuite list to enforce low priority for RC4.
in SignerInfo, use ecdsa-with-SHA1 OID for ECDSA (not ecPublicKey)
Change internals of the EC library so that the functions EC_GROUP_{set_generator,get_generator,get_order,get_cofactor} are implemented directly in crypto/ec/ec_lib.c and not dispatched to methods.
make b_print.c consistent with the rest of OpenSSL: disable assert() except for debug builds
update
fix EVP_dsa_sha macro
accept NULL in 'free' functions
fix Cygwin (remove extra colons)
New functions EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex(), EC_POINT_hex2point()
fix memory leak
remove unnecessary calls to EC_POINT_copy()
fix for 'make update'
move ECC ASN1 that is not specific to ECDSA into crypto/ec/, and make some appropriate changes to the EC library.
move ECC ASN1 that is not specific to ECDSA into crypto/ec/, and make some appropriate changes to the EC library.
simplify asn1_flag
typo
New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC vulnerability workaround (included in SSL_OP_ALL).
typo
Implement handling of EC parameter seeds (new functions EC_GROUP_set_seed(), EC_GROUP_get0_seed(), EC_GROUP_get_seed_len()).
always include <string.h> (we do this in various other header files, so it can't be bad)
always include <string.h> (we do this in various other header files, so it can't be bad)
update an entry on EVP changes
Make sure buffers are large enough even for weird parameters
AES cipher suites are now official (RFC3268)
emtpy fragments are not necessary for SSL_eNULL (but noone uses it anyway)
fix synopsis
remove obsolete comment
Replace 'ecdsaparam' commandline utility by 'ecparam' (the same keys can be used for ECC schemes other than ECDSA) and add some new options.
Fix bug introduced with revision 1.95 when this filed was modified to use the new X509_CRL_set_issuer_name() function: The CRL issuer should be X509_get_subject_name(x509), not X509_get_issuer_name(x509).
update
add an explanation and fix a typo
fix a typo and clarify
harmonize options with those for 'ecparam', remove redudant option '-pub'
more detailed instructions for export from US
Move zeroing from bn_expand_internal() to bn_expand2() so that it happens reliably, even if the BIGNUM is already sufficiently large.
Use SEC1 format for EC private keys. This is not ECDSA specific, so it's now PEM_STRING_ECPRIVATEKEY etc.
mention SSL_do_handshake()
get rid of OpenSSLDie
New error code ERR_R_DISABLED
Add more WAP/WTLS elliptic curve OIDs.
Binary field arithmetic contributed by Sun Microsystems. The 'OPENSSL_NO_SUN_DIV' default is still subject to change, so I didn't bother to finish the CHANGES entry yet.
extend curve list (additional curves over binary fields)
add support for elliptic curves over binary fields
there is no alternative EC_METHOD for curves over GF(2^m) (yet)
ec2_smpt.c must be listed in LIBSRC
typos
Rename implementations of method functions so that they match the new method names where _GF... suffixes have been removed.
move GF2m tests to the end
Change BN_mod_sqrt() so that it verifies that the input value is really the square of the return value.
update
Let BN_rand_range() abort with an error after 100 iterations without success.
remove obsoleted disabled code
remove obsolete part of comment
typo
optical changes
fix bn_expand2
disable Sun divison algorithm by default
use bn_wexpand instead of bn_expand2 (the latter is not needed here, and it does not yet work correctly)
fix bn_expand2
oops, undo previous change (was just for testing)
oops -- must use EVP_MD_size, not EVP_MD_block_size
avoid SIGSEGV
use a generic EC_KEY structure (EC keys are not ECDSA specific)
Add ECDH support.
ECC ciphersuite support
ECDH engine support
use 0, not NULL
add field type to text output don't print seed value as a number (leading zeros must not be removed)
fix warnings
make update
.cvsignore for crypto/ecdh
add 0.9.6g information
get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead)
fix comment
remove debug messages
remove comment
fix previous commit (there's no SSLEAY_VERSION_TEXT)
Scripts for testing ECC ciphersuites.
add 'TODO' items
move a TODO from CHANGES to STATUS
change how pod2man is handled: explicitly invoke '$PERL' only when needed, call 'pod2man' directly if this works
Simplify handling of named curves: get rid of EC_GROUP_new_by_name(), EC_GROUP_new_by_nid() should be enough. This avoids a lot of redundancy.
add crypto/ecdh
fix manpage
fix warnings (CHARSET_EBCDIC)
use correct function code in error message
'EC' vs. 'ECDSA'
typo
ecdsa => ec
fix offsets
ASN1 for binary curves
move EC_GROUP_get_basis_type() from ec_lib.c to ec_asn1.c
fix spacing
less specific interface for EC_GROUP_get_basis_type
change 'usage' formatting
don't write beyond buffer
don't memset(data,0,...) if data is NULL
change API for looking at the internal curve list
mention EC_get_builtin_curves()
-nameopt fix has been moved to 0.9.7
Let 'openssl req' fail if an argument to '-newkey' is not recognized instead of using RSA as a default.
1. switch from "-newkey ecdsa:..." to "-newkey ec:..." 2. automatically create required sub-directories
add URL for Internet Draft
make sure 'neg' flag (which does not really matter for GF(2^m), but could cause confusion for ECDSA) is set to zero
fix race condition
there is no minimum length for session IDs
really fix race condition
really fix race conditions
fix more race conditions
synchronize with 0.9.7-stable version of this file
change Emacs indentation style to make it easier to insert tabs manually
I don't like c-tab-always-indent ...
fix warnings, and harmonize indentation
remove superfluous code
fast reduction for NIST curves
clean up new code for NIST primes
'broken' PKCS #8 format does not apply to ECDSA
increase permissible message length so that we can handle CertificateVerify for 4096 bit RSA signatures
'covenant HOWTO' (what to do about the Sun covenant if you modify the code)
Sun has agreed to removing the covenant language from most files.
avoid warnings ('index' shadows global declaration)
implement and use new macros BN_get_sign(), BN_set_sign()
fix typo
avoid Purify warnings
print less output (no details unless a test failed)
corrections to built-in curves
do tests with all built-in curves
remove unused old directory crypto/rijndael (superseded by crypto/aes)
disable weird assert()s
use new BIO_indent() function here as well
fix output
harmonize with 0.9.7 tree
this method does not need field_data1
allocate bio_err before memory debugging is enabled to avoid memory leaks (we can't release it before the CRYPTO_mem_leaks() call!)
fix memory leak in memory debuggin code ...
use consistent order of function definitions
remove redundant functions
allocate bio_err before memory debugging is enabled to avoid memory leaks (we can't release it before the CRYPTO_mem_leaks() call!)
Make ec_GFp_simple_point_get_affine_coordinates() faster for Montgomery representations.
avoid uninitialized memory read
add a comment
rename some functions to improve consistency
Don't compute timings here, we can do this elsewhere. Include X9.62 signature examples.
In ECPKParameters_print, output the private key length correctly (length of the order of the group, not length of the actual key, which will be shorter in some cases).
typo
Typo.
document BN_GENCB API by adding an example
add something to the '$no_shared_warn' text
undo part of a recent change: it's "surname", not "surName" (see X.520 aka ISO/IEC 9594-6)
"!Cname surname" has now become redundant ...
update error library for EC... changes
avoid potential confusion about curves (prime192v1 and prime256v1 are also known as secp192r1 and secp256r1, respectively)
fix warnings
For ecdsa-with-SHA1, as for id-dsa-with-sha1, omit 'parameters' in AlgorithmIdentifier
consistency
cofactor is optional in parameter encodings
simplify
Update PRNG entry: - OpenSSL version differences - Sun /dev/urandom patch information
typo
SSL_add_dir_cert_subjects_to_stack now exists for WIN32
typo in WIN16 section
implement fast point multiplication with precomputation
typo
comment
remove debugging leftovers
avoid coredump
fix EC_GROUP_copy for EC_GFp_nist_method()
first section is now "Changes between 0.9.7a and 0.9.8", not "... 0.9.7 and 0.9.8"
comments
Allow EC_GROUP objects to share precomputation for improved memory efficiency (EC_PRE_COMP objects are now constant once completed).
new lock for EC_PRE_COMP structures
make update
Remove "+Olibcalls" option from HPUX targets.
typo
ECPublicKey_set_octet_string and ECPublicKey_get_octet_string behaviour was not quite consistent with the conventions for d2i and i2d functions as far as handling of the 'out' or 'in' pointer is concerned.
treat 'out' like i2d functions do; cf. asn1_item_flags_i2d (crypto/asn/tasn_enc.c)
include OpenSSL license (in addition to EAY license)
year 2003
add Certicom licensing e-mail address
use tabs for indentation, not spaces
memset problem has been handled
- new ECDH_compute_key interface (KDF is no longer a fixed built-in) - bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary
fix formatting
countermeasure against new Klima-Pokorny-Rosa atack
make sure RSA blinding works when the PRNG is not properly seeded; enable it automatically for the built-in engine
remove patch ID (which is supposed to appear in patched variants of old OpenSSL releases, but not in new releases)
make RSA blinding thread-safe
include 'Changes between 0.9.6i and 0.9.6j'
fix typo
implement PKCS #8 / SEC1 private key format for ECC
manpages for 'openssl ec' and 'openssl ecparam'
new function EC_GROUP_cmp() (used by EVP_PKEY_cmp())
fix: 0.9.7 is based on 0.9.6h, not on 0.9.6k
tolerate extra data at end of client hello for SSL 3.0
add test for secp160r1 add code for kP+lQ timings
updates for draft-ietf-tls-ecc-03.txt
add OpenSSL license
make sure no error is left in the queue that is intentionally ignored
fix out-of-bounds check in lock_dbg_cb (was too lose to detect all invalid cases)
certain changes have to be listed twice in this file because OpenSSL 0.9.6h forked into 0.9.6i and 0.9.7 ...
- update from current 0.9.6-stable CHANGES file - update from current 0.9.7-stable CHANGES file:
BIS correction/addition
improve wording
Change ./Configure so that certain algorithms can be disabled by default. This is now the case for RC5.
In addition to RC5, also exclude MDC2 from compilation unless the algorithm is explicitly requested.
Take MDC2 patent into account.
Fix typo
fix potential memory leak when allocation fails
It seems that Configure revision 1.404 broke "make depend" by hiding from it which algorithms were disabled. With these new changes, "make depend" will properly take into account algorithms that are skipped.
"make depend". This takes into account the algorithms that are now disabled by default (MDC2 and RC5), which until now were skipped by "make links" and yet supposedly required by some of the Makefiles, meaning that the recent snapshots failed to compile.
Harmonize with CHANGES as distributed in OpenSSL 0.9.7f.
HISTORY section: point out change of default digest
This is a collection of those CVS change log entries for the 0.9.7 branch (OpenSSL_0_9_7-stable) that do not appear similarly in 0.9.8-dev (CVS head).
first step to melt down ChangeLog.0_9_7-stable_not-in-head :-)
bring up-to-date
add recent changes; now this file is up-to-date
remove some false positives
remove extra whitespace; fix link
update
fix editing error, and remove a false positive
remove some more changes that came from HEAD
remove some more false positives
remove some more false positives
Sort out changes in FIPS and other changes, collected in separate files. (Also remove another "make update".)
Remove some more entries that are false positives, or have been resolved by recent commits.
Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c
move some more entries into FIPS file
make update
some more false positives to remove
fix SSLerr stuff for DTLS1 code; move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h"; fix silly indentation (a TAB is *not* always 4 spaces)
make update
remove some functions from exported headers
let mkdef.pl know about OPENSSL_NO_DGRAM (which appears in the new file crypto/bio/bss_dgram.c)
take OPENSSL_NO_DGRAM into account (via make update)
Fix various incorrect error function codes.
"PS" to Steve's commit (Port prime utility across from stable branch).
util/mk1mf.pl issues have been resolved
there's no such thing as Makefile.ssl anymore
give EC_GROUP_*_nid functions a more meaningful name EC_GROUP_get_nid -> EC_GROUP_get_curve_name EC_GROUP_set_nid -> EC_GROUP_set_curve_name
improve comment readability
rebuild (starting with state from 0.9.7-stable branch) to avoid clutter
Update util/ck_errf.pl script, and have it run automatically during "make errors" and thus during "make update".
Fix more error codes.
Move some entries from ChangeLog.0_9_7-stable_not-in-head to ChangeLog.0_9_7-stable_not-in-head_FIPS.
Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled with the SSL_OP_NO_SSLv2 option.
Move another item into ChangeLog.0_9_7-stable_not-in-head_FIPS
fix msg_callback() arguments for SSL 2.0 compatible client hello (previous revision got this wrong)
make update
rebuild to synchronize with additions to 0.9.7 branch
Implement fixed-window exponentiation to mitigate hyper-threading timing attacks.
Change wording for BN_mod_exp_mont_consttime() entry
fix memory leak (BIO_free_all needs pointer to first BIO)
check BN_copy() return value
make sure DSA signing exponentiations really are constant-time
Use BN_with_flags() in a cleaner way.
avoid potential spurious BN_free()
recent DH change does not avoid *all* possible small-subgroup attacks; let's be clear about that
correct+extend publication info
new option "openssl ciphers -V"
harmonize with 0.9.7-stable and 0.9.8-stable variants of CHANGES
fix stupid typo
Add fixes for CAN-2005-2969. (This were in 0.9.7-stable and 0.9.8-stable, but not in HEAD so far.)
deFUDify: don't require OPENSSL_EC_BIN_PT_COMP
disable some invalid ciphersuites
deFUDify: don't require OPENSSL_EC_BIN_PT_COMP
comment
update TLS-ECC code
Rewrite timeout computation in a way that is less prone to overflow.
Support TLS extensions (specifically, HostName)
C style fix-up
Make sure that after the change from revision 1.261, it's still possible to do a partial build.
Various changes in the new TLS extension code, including the following: - fix indentation - rename some functions and macros - fix up confusion between SSL_ERROR_... and SSL_AD_... values
Add names for people who provided the TLS extension patch.
Fixes for TLS server_name extension
complete and correct RFC3546 error codes
make sure that the unrecognized_name alert actually gets sent
prepare for additional RFC3546 alerts
There's no such things as DTLS1_AD_MISSING_HANDSHAKE_MESSAGE. For now, anyway.
Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)
include max. codes in debug output
Detect SSL error code mishandling.
Detect more errors. Change assignment strategy: rathern than using max+r for new codes, find first hole in list of existing codes.
Avoid contradictive error code assignments. "make errors".
Further TLS extension updates
More TLS extension related changes.
improvements for alert handling
Further TLS extension improvements
move new member of SSL_SESSION to the end (minimize changes to binary format)
clarification
Implement the Supported Point Formats Extension for ECC ciphersuites
udpate Supported Point Formats Extension code
fix sign problems
Simplify ASN.1 for point format list
Implement cipher-suite selection logic given Supported Point Formats Extension.
Change default curve (for compatibility with a soon-to-be-widely-deployed implementation that doesn't support the previous default)
Implement Supported Elliptic Curves Extension.
fix for hostname extension
fix memory leak
Avoid hard-coded table length where we can use sizeof.
simplify: use s2n macro
check length properly
clarification
Remove ECC extension information from external representation of the session -- we don't really need it once the handshake has completed.
Camellia cipher, contributed by NTT
Camellia cipher, contributed by NTT
Camellia cipher, contributed by NTT
Fix a bug recently introduced when updating this file to use the new keygen API: make sure that 'pkey_type' is actually visible to MAIN().
Thread-safety fixes
Make sure that AES ciphersuites get priority over Camellia ciphersuites in the default cipher string.
Ciphersuite string bugfixes, and ECC-related (re-)definitions.
Disable invalid ciphersuites
Oops ... deleted too much in the previous commit when I deleted the Fortezza stuff
Fix another bug introduced yesterday when deleting Fortezza stuff: make sure 'mask' is initialized in ssl_cipher_get_disabled().
Fix another new bug in the cipherstring logic.
Fix algorithm handling for ECC ciphersuites: Adapt to recent changes, and allow more general RSA OIDs for ECC certs with RSA CA sig.
Call 'print_stuff' even if a handshake failed.
Error messages for client ECC cert verification.
another thread-safety fix
Change array representation of binary polynomials to make GF2m part of the BN library more generally useful.
Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)
Change in 0.9.8 branch: Put ECCdraft ciphersuites back into default build (but disabled unless specifically requested)
New functions CRYPTO_set_idptr_callback(), CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type thread ID, since the 'unsigned long' type of the existing thread ID does not always work well.
always read in RAND_poll() if we can't use select because of a too large FD: it's non-blocking mode anyway
use <poll.h> as by Single Unix Specification
documentation for "HIGH" vs. "MEDIUM" was not up-to-date
Camellia information
New Camellia implementation (replacing previous version)
Camellia IPR information
Every change so far that is in the 0.9.8 branch is (or should be) in HEAD
Make consistent with 0.9.8-branch version of this file
Remove non-functional part of recent patch, after discussion with Colin Percival (this would have caused more problems than solved, and isn't really necessary anyway)
update information on "current version" ...
Make sure the int_rsa_verify() prototype matches the implementation (m_len currently is 'unsigned int', not 'size_t')
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 ciphersuite as well
Update
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
include 0.9.8d and 0.9.7l information
Introduce limits to prevent malicious keys being able to cause a denial of service. (CVE-2006-2940) [Steve Henson, Bodo Moeller]
All 0.9.8d patches have been applied to HEAD now, so we no longer need the redundant entries under the 0.9.9 heading.
ASN1_item_verify needs to initialize ctx before any "goto err" can happen; the new code for the OID cross reference table failed to do so.
fix support for receiving fragmented handshake messages
Fix the BIT STRING encoding of EC points or parameter seeds (need to prevent the removal of trailing zero bits).
Reorganize the data used for SSL ciphersuite pattern matching. This change resolves a number of problems and obviates multiple kludges. A new feature is that you can now say "AES256" or "AES128" (not just "AES", which enables both).
fix incorrect strength bit values for certain Kerberos ciphersuites
fix warnings/inconsistencies caused by the recent changes to the ciphersuite selection code in HEAD
fix warnings for CIPHER_DEBUG builds
Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a ciphersuite string such as "DEFAULT:RSA" cannot enable authentication-only ciphersuites.
fix a typo in the new ciphersuite ordering code
Improve ciphersuite order stability when disabling ciphersuites. Change ssl_create_cipher_list() to prefer ephemeral ECDH over ephemeral DH.
SSL_kKRB5 ciphersuites shouldn't be preferred by default
delete obsolete comment
prefer SHA1 over MD5 (this affects the Kerberos ciphersuites)
Fix incorrect substitution that happened during the recent ciphersuite selection remodeling
use 2007 copyright for generated files
include complete 0.9.7 history include release date of 0.9.8e
clarification regarding libdes files
stricter session ID context matching
Change to mitigate branch prediction attacks
make BN_FLG_CONSTTIME semantics more fool-proof
don't violate the bn_check_top assertion in BN_mod_inverse_no_branch()
fix error codes
Add SEED encryption algorithm.
All ciphersuites should have a strength designator.
remove leftover from editing ...
fix function codes for error
Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
document -S and -nopad options in usage information
Make sure that BN_from_montgomery keeps the BIGNUMS in proper format
Clean up error codes a bit. (engines/ccgost/ remains utter chaos, though; "make errors" is not happy.)
fix warning
Implement the Opaque PRF Input TLS extension (draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and bugfixes on the way. In particular, this fixes the buffer bounds checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().
fix length parameter in SSL_set_tlsext_opaque_prf_input() calls
properly handle length-zero opaque PRF input values (which are pointless, but still might occur)
The hash length check wasn't strict enough, as pointed out by Ernst G Giessmann
fix typos
Should reject signatures that we can't properly verify and couldn't generate (as pointed out by Ernst G Giessmann)
Make sure to set indent-tabs-mode so that we get tabs, not spaces.
fix BIGNUM flag handling
Montgomery-related minor cleanups/documentation
Clarifying comment.
Disable code that clearly doesn't currently serve any useful purpose. (Buggy line reported by Matthias Koenig.)
Change use of CRYPTO_THREADID so that we always use both the ulong and ptr members.
year 2008
grammar
From HEAD:
From HEAD:
sync with 0.9.8 branch
Everyone's had a few years to port their favorite additions to 0.9.7 to HEAD (and the 0.9.8 branch). Remove the reminder.
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Make sure not to read beyond end of buffer
We should check the eight bytes starting at p[-9] for rollback attack detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK will be larger than necessary.
Fix error codes for memory-saving patch.
Mention ERR_remove_state() deprecation, and ERR_remove_thread_state(NULL).
fix error function codes
sanity check
Don't use assertions to check application-provided arguments; and don't unnecessarily fail on input size 0.
Some precautions to avoid potential security-relevant problems.
Really get rid of unsafe double-checked locking.
Note about CVS branch inconsistency.
Fix SSL state transitions.
oops
update comment
from 0.9.8 branch
From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't enable disabled ciphersuites.
symbol deobnoxification
warnings (mostly)
Implement Configure option pattern "experimental-foo" (specifically, "experimental-jpake").
experimental-foo support for mk1mf.pl.
Put back a variable deleted by the previous revision, but used in the code.
-hex option for openssl rand
For -hex, print just one \n
Make CHANGES in CVS head consistent with the CHANGES files in the branches.
Constify crypto/cast.
Constify crypto/cast.
Use properly local variables for thread-safety.
Fix X509_STORE locking
Always check bn_wexpend() return values for failure (CVE-2009-3245).
Fix for "Record of death" vulnerability CVE-2010-0740.
Harmonize with OpenSSL_1_0_1-stable version of CHANGES.
ECC library bugfixes.
New 64-bit optimized implementation EC_GFp_nistp224_method(). This will only be compiled in if explicitly requested (#ifdef EC_NISTP224_64_GCC_128).
(formatting error)
Patch from PR #1833 was broken: there's no s->s3->new_session (only s->new_session).
For better forward-security support, add functions SSL_[CTX_]set_not_resumable_session_callback.
Update version numbers
C conformity fixes: - Move declarations before statements in all blocks. - Where 64-bit type is required, use it explicitly (not 1l).
C conformity fixes: Move declarations before statements in all blocks.
More C language police work.
Fix error codes.
make update
CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)
fix omissions
Assorted bugfixes: - safestack macro changes for C++ were incomplete - RLE decompression boundary case - SSL 2.0 key arg length check
Synchronize with 1.0.0 branch
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
Sync with 1.0.1 branch. (CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
Fix the version history: changes going into 1.1.0 that are also going into 1.0.1 should not be listed as "changes between 1.0.1 and 1.0.0".
Fix typo.
Synchronize with 1.0.1 CHANGES file.
Fix error codes.
Fix expected DEFFLAG for default config.
make update
Fix memory leak on bad inputs.
(EC)DH memory handling fixes.
Fix d2i_SSL_SESSION.
Fix session handling.
oops
Fix OPENSSL_BN_ASM_MONT5 for corner cases; add a test.
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
typo
Clarify warning
Make CTR mode behaviour consistent with other modes: - clear ctx->num in EVP_CipherInit_ex - adapt e_eas.c changes from http://cvs.openssl.org/chngview?cn=19816 for eng_aesni.c
Avoid failed assertion in BN_DEBUG builds
Oops - ectest.c finds further problems beyond those exposed by bntext.c
use -no_ecdhe when using -no_dhe
Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these; -DEC_NISTP224_64_GCC_128 no longer works.)
Fix warnings. Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
Fix indentation
BN_BLINDING multi-threading fix.
"make update" (partial)
Fix NPN implementation for renegotiation. (Problem pointed out by Ben Murphy.)
Fix BIO_f_buffer().
Update HEAD CHANGES file.
Fix ecdsatest.c.
Resolve a stack set-up race condition (if the list of compression methods isn't presorted, it will be sorted on first read).
Fix for builds without DTLS support.
Fix usage indentation
Update for 0.9.8s and 1.0.0f, and for 1.0.1 branch.
Disable SHA-2 ciphersuites in < TLS 1.2 connections.
Enable message names for TLS 1.1, 1.2 with -msg.
Oops - didn't mean to change Makefile on previous submit
Fix warning.
Fix Valgrind warning.
Fix EC_KEY initialization race.
Carlos Alberto Lopez Perez (4):
Fix XMPP code detection on s_client starttls xmpp
Fix infinite loop on s_client starttls xmpp
Add "xmpp" to the list of supported starttls protocols on s_client manpage
Add an "-xmpphost" option to s_client
Chris Rorvick (1):
doc: Add missing =back directive.
Christian Heimes (2):
Implement tests for PKCS#5 PBKDF2 HMAC
add test case to makefiles
Clang via Jeffrey Walton (1):
RT3140: Possibly-unit variable in pem_lib.c
Claus Assmann (1):
RT3268: Fix spelling errors in CHANGES file.
Cristian RodrÃguez (1):
constify tls 1.2 lookup tables.
Daniel Kahn Gillmor (10):
Allow "ECDHE" as a synonym of "EECDH" when specifiying ciphers
emit "ECDHE" instead of "EECDH" for kX packet trace output
use SSL_kECDHE throughout instead of SSL_kEECDH
Allow "DHE" and "kDHE" as synonyms of "EDH" and "kEDH" when specifiying ciphers
emit "DHE" instead of "edh" for kX packet trace output
use SSL_kDHE throughout instead of SSL_kEDH
documentation should use "DHE" instead of "EDH"
change SSL3_CK_EDH_* to SSL_CK_DHE_* (with backward-compatibility)
Replace EDH-RSA-DES-CBC-SHA, etc. with DHE-RSA-DES-CBC-SHA
update remaining documentation to move from EDH to DHE
Dario B (1):
RT3291: Add -crl and -revoke options to CA.pl
David Benjamin (3):
Check there is enough room for extension.
Fix protocol downgrade bug in case of fragmented packets
Do not resume a session if the negotiated protocol version does not match the session's version (server).
David Gatwood (2):
RT1744: SSL_CTX_set_dump_dh() doc feedback
RT1744: SSL_CTX_set_dump_dh() doc feedback
David Lloyd (1):
Prevent infinite loop loading config files.
David Ramos (4):
Double free in i2o_ECPublicKey
Initialise alg.
Allocate extra space when NETSCAPE_HANG_BUG defined.
Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362
David Woodhouse (1):
Check DTLS_BAD_VER for version number.
Dominik Neubauer (1):
typo in s_client
Doug Goldstein (1):
RT2163: Remove some unneeded #include's
Dr Stephen Henson (1):
Fix d4a4370050f7d72239b92a60ab9d4a2dd5e9fd84
Dr. Stephen Henson (3719):
Add extended key usage OID and update STATUS file.
Move DSA test in ca.c inside #ifdef and make pubkey BIT STRING always have zero unused bits.
Make sure applications free up pkey structures and add netscape extension handling to x509.c
Remove one EVP_PKEY_free() that shouldn't be there.
More EVP_PKEY patches for new functionality.
Fix things so DH_free() will be no-op when passed NULL, like RSA_free() and DSA_free(): this was causing crashes when for example an attempt was made to handle a (currently) unsupported DH public key. Also X509_PUBKEY_set()i wasn't checking errors from d2i_PublicKey().
Oops! update CHANGES file properly.
Fix the gendsa program and add it to the app list. The progs.h file is auto generated but not auto updated so it is included. Also remove the encryption from the sample DSA keys.
Fix OBJ_txt2nid(): old function was broken when input used the "dot" form, e.g. 1.2.3.4 . Also added new function OBJ_txt2obj().
Submitted by: Neil Costigan <neil.costigan at celocom.com> PR:
Fix parameters to dummy function BN_ref_mod_exp().
Time to blow up the source tree :-) This is the beginning of support for GeneralizedTime. At several points PKIX specifies that GeneralizedTime can be used but OpenSSL doesn't currently support it. This patch adds several files and a bunch of functions.
Update CHANGES for GeneralizedTime info.
New err_code.pl script to retain old error codes. This should allow the use of 'make errors' without causing huge re-organisations of files when a new code is added.
This is the result of a "make errors" with the new error building functionality in place.
Continued patches so certificates and CRLs now can support and use GeneralizedTime.
Initial addition of new X509 V3 files, tidy of old files.
Continuing adding X509 V3 support. This starts to integrate the code with the main library, but only with printing at present. To see this try: openssl x509 -in cert.pem -text on a certificate with some extensions in it.
Add file x509v3.err.
More X509 V3 stuff. Add support for extensions in the 'req' application so that: openssl req -x509 -new -out cert.pem will take extensions from openssl.cnf a sample for a CA is included. Also change the directory order so pem is nearer the end. Otherwise 'make links' wont work because pem.h can't be built.
Still more X509 V3 stuff. Modify ca.c to work with the new code and modify openssl.cnf for the new syntax.
Add a few extended key usage OIDs.
Add ASN1 code for netscape certificate sequences.
Remember to add the new file this time :-)
Allow the -certfile argument to be used multiple times in crl2pkcs7. Also fix typos in the usage messages: "inout" instead of "input".
New program 'nseq' added to apps to allow Netscape certificate sequences to be pulled apart and built.
Update STATUS, modify ssl.h so mkdef.pl will pick up prototypes and add x509v3.h to mkdef.pl list of include files.
Fix various stuff: that VC++ 5.0 chokes on: 1. Add *lots* of missing prototypes for static ssl functions. 2. VC++ doesn't understand the 'LL' suffix for 64 bits constants: change bn.org 3. Add a few missing prototypes in pem.org Fix mk1mf.pl so it outputs a Makefile that doesn't choke Win95. Fix mkdef.pl so it doesn't truncate longer names.
More Win32 fixes. The Configure script used to give *lots* of warnings about use of undefined variables: kludge so they all get initialised. Also avoid use of POSIX module.
Delete bogus V3 prototype and update the *.num files to include ordinals for the new functions. Update MINFO.
Oops! Restore ssleay.num: it got overwritten with libeay.num :-(
Rename v3_bitstr.c to v3_bitst.c to fit in 8+3. Rebuild MINFO to reflect change.
Delete legacy file.
Add support for GeneralName and GeneralNames extensions. Also preliminary support for subject and issuer alt name. Add a new ASN1 macro and fix a nasty bug that left an ASN1 buffer modified on an error condition with IMPLICIT tagging.
Fix filename in comment.
Comment out def of currently unimplemented function to stop warning.
Support for ASN1 ENUMERATED type. This copies and duplicates the ASN1_INTEGER code and adds support to ASN1_TYPE and asn1parse.
Oops... forgot to add new ENUMERATED file...
More extension code. Incomplete support for subject and issuer alt name, issuer and authority key id. Change the i2v function parameters and add an extra 'crl' parameter in the X509V3_CTX structure: guess what that's for :-) Fix to ASN1 macro which messed up IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
Oops. Forgot to do a 'make errors'.
Delete a few unused files in apps, restore CAST WIN32 ASM file to main tree.
Make the 'crypto' and 'ssl' options in the perl script mkdef.pl really work, also add an 'update' option to automatically append any new functions to the ssleay.num and libeay.num files.
Fix typo in asn1.h (PRINTABLESTRING_STRING) and fix a bug in object creation perl script. It failed if the OID had any zeros in it.
Modify configure script to generate some files that Win32 needs and new script that does the same as 'make files'.
Oops... add other changes this time too.
More Win32 fixes and upsdate INSTALL.W32 documentation.
Convert ms/do_ms.bat to DOS EOL format of DOS chokes on it.
Add support for raw extensions. This means that you can include the DER encoding of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this technique currently unsupported extensions can be generated if you know their DER encoding. Even if the extension is supported in future the raw extension will still work: that is the raw version can always be used even if it is a supported extension.
Update error codes.
Patch to Configure script. For some reason the BN_ASM part was truncated to the first word which broke (at least) the Linux compile. Hopefully this wont break other platforms.
Fix various memory leaks in SSL, apps and DSA
Added code to GENERAL_NAME with support for more options and preliminary support for assignment in config files.
Fuller authority key id support, partial support for private key usage extension and really fix the ASN.1 IMPLICIT bug this time :-)
Oops! Remeber to include the other patches this time...
Overhaul 'crl' application, add a proper X509_CRL_print function and start to support CRL extensions.
Patch so the new crl stuff actually compiles this time :-) Also update the Win32 ordinals.
Preliminary support for reason code CRL extension.
Add more functionality to issuer alt name and subject alt name. New options to include email addresses from DN and copy details from issuer certificate. Include examples in openssl.cnf, update Win32 ordinals.
Make RSA_NO_PADDING really use no padding.
Add preliminary user level config documentation for extension stuff. Programming info will come later...
Various changes to make this stuff compile under Win32 and VC++ with and without -debug option to mk1mf.pl. Change _export to is_export (_export is a reserved word under VC++). Add yucky function prototype function pointer casts. Sanitise the included files in crypto/x509v3.
Redo the way 'req' and 'ca' add objects: add support for oid_section.
Remove debugging fprintf from req.c and fix the code so it properly skips over the first leading XXX. in the DN.
BN_RECURSION causes the stuff in bn_mont.c to fall over for large keys. For now change it to BN_RECURSION_MONT so it isn't compiled in.
Fix the Win32 compile environment and add various changes so it will now compile under Win32 (9X and NT) again. Note: some signed/unsigned changes recently checked in were killing the Win32 compile.
Deleted my str_dup() function from X509V3: the same functionality is provided by BUF_MEM_strdup(). Added text documentation to the BUF_MEM stuff.
Workaround for a Win95 console bug triggered by the password read stuff.
Fix the PKCS#7 stuff: signature verify could fail if attributes reordered, the detached data encoding was wrong and free up public keys.
Add an extra 'raw' function r2i to the extension code. Nothing uses this yet and it is just a place holder for functionality to be added later. Its been added now so the X509V3_EXT_METHOD structure shouldn't (hopefully) have to change after the release.
Added support for adding extensions to CRLs, also fix a memory leak and make 'req' check the config file syntax before it adds extensions. Added info in the documentation as well.
Delete obsolete old X509V3 files.
Various fixes to Win32, update ssleay.num, libeay.num, shuffle various #ifdefs around so more options appear in e_os.h
Add missing funtions from non ANSI section of header files and add missing ordinals to libeay.num.
Comment out two unimplemented functions from bio.h. Attempt to get the Win32 test batch file going again.
Remove some hard coded paths from Win32 test stuff.
Make CC,CFLAG etc get passed to make links and various Win32 fixes.
Fix couple of ANSI declarations and prototypes
Fix for RSA private key encryption if p < q. This took ***ages*** to track down.
Delete NULL ciphers from 'ALL' in the cipher list aliases. This means that NULL ciphers specifically have to be enabled with e.g. "DEFAULT:eNULL". This prevents cipher lists from inadvertantly having NULL ciphers at the top of their list (e.g. the default ones) because they didn't have to be taken into account before.
Delete Win32 test with testreq.pem and req: there is already a test with testreq2.pem.
Remove some references which called malloc and free instead of Malloc and Free.
Using int for the digest length in EVP_DigestFinal() broke some compilers. Changed to unsigned int: also need an evil cast in pk7_doit.c because a signed, unsigned comparison chokes VC++.
Comment out the lines that generated by mk1mf.pl include three separate rules that are equivalent to $(OUT_D). This was what was causing the 'too many rules' warning under VC++.
Add initial support for Thawte strong extranet certificate extensions and include an 'indent' option to V3 stuff.
extranet file added...
This is the beginning of PKCS#12 integration. This just adds the PKCS#12 objects to objects.h
Further PKCS#12 integration, PBE, PKCS#8 additions.
Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment.
Various PKCS#12 related tidies and fixes: it might even compile now :-)
Include pkcs12 program as part of openssl. This completes most of the PKCS#12 integration.
Remove deleted PKCS#12 functions from pkcs12.h, get rid of object creation kludge, remove CRs from ssl_ciph.c and update Win32 functions for PKCS#12 code. It might compile under Win32 now ...
Delete some auto generated files and correct a typo in crypto/asn1/p5_pbe.c
Did a 'make errors' to update asn1 error codes now typo is fixed
Add PKCS#5 v2.0 ASN1 structures.
Delete all the old X509V3 pack and unpack stuff and various structures and files associated with them. This stuff is all obsoleted by the new X509V3 code.
Add some utilities to support SXNet extension also add support in DEF files generator to typesafe stacks.
Fix a horrible BN bug in bn_expand2 which caused BN_add_word() et al to fail when they cause the destination to expand.
Add initial support for r2i RAW extensions which can access the config database add various X509V3_CTX helper functions and support for LHASH as the config database.
Add support for VISIBLESTRING and UTF8String
Allow asn1parse to print out VISIBLESTRING and some code needed for certificate policies extension.
Initial support for Certificate Policies extension: print out works but setting isn't fully implemented (yet).
Finish off support for Certificate Policies extension.
Various fixes so Win32 compile may work. Convert GeneralNames to use safe stack.
Suppport for CRL distribution points extension. Also document some of this stuff.
Oops! Fixup CHANGES.
Complete rewrite of the error code generation script. It now runs as a single script, translates function codes better and doesn't need the K&R function prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are still needed by the DEF generator...). I also ran the script with the -rewrite option to update all the header and source files.
Delete the unnecessary ERR and ERRC lines in makefiles, add some functionality to error code script: it can now find untranslatable function codes (usually because the function is static and not defined in a header: occasionally because of a typo...) and unreferenced function and reason codes. To see this try: perl util/mkerr.pl -recurse -debug Also fixed some typos in crypto/pkcs12 that this found :-) Also tidy up some error calls that had to be all on one line: the old error script couldn't find codes unless the call was all on one line.
Change the command line options of mkerr.pl so -static is now default and a -write option is needed to actually change anything. Second attempt at getting rid of ERR, ERRC definitions: it might even work this time :-)
Fix mkerr.pl to find functions returning function pointers (thanks Ulf!) also add a few missing prototypes.
Various header consistency fixes.
Fixes so it will compile again under Win32.
Extensively changed the DEF file generator mkdef.pl to use a modified version of Ulf's prototype parser, also general tidying and fixing of several problems with the original. Its still a bit of a hack but should work.
Add PKCS#12 documentation and new option in x509 to add certificate extensions.
Oops ... fix warning.
Fix a couple of cases where an attempt is made to lock an already locked mutex.
GeneralizedTime setting fixes.
Allows PKCS#12 password to be placed on command line and add allow config file name for 'ca' to come from the environment.
Various Win32 fixes. Win95 doesn't support MoveFileEx() (which was used for a Win32 version of rename() ). There isn't a precise rename() equivalent under Win95: the standard rename() complains if the destination already exists so replaced with a combination of unlink() and MoveFile().
Kill evil casts, fix PKCS#7 and add new X509V3 Function.
Various PKCS#7 fixes to properly (maybe!) handle PKCS#7 enveloped data. Containts elements of code by Sebastian Akerman <sak at parallelconsulting.com> and made a bit less "naughty" by Steve.
Various PKCS#7 related fixes,tidies and comments.
Add new -out option to asn1parse to allow the parsed data to be output. Fixed -strparse option: it didn't work if used more than once (this was due to the d2i_ASN1_TYPE call parsing a freed buffer). On Win32 the file wincrypt.h #define's X509_NAME and PKCS7_SIGNER_INFO causing clashes so these are #undef'ed
Several of the EVP_CIPHER structures had the get and set asn1 parameter functions transposed.
The encoding of negative ASN1 INTEGERs and the conversion of BNs to negative integers was completely broken. Also added a NEG_PUBKEY_BUG compilation option to compensate for public keys improperly encoded as negative integers.
Various Win32 fixes. Change args in do_ms.bat to put platform last. Fix unsigned/signed cmp error in asn1parse. Change various pem_all.c args to use pem_password_cb.
Fix some obvious bugs in the PKCS#7 library handling. It didn't try to find the right RecipientInfo based on the recipient certificate (so would fail a lot of the time) and fixup cipher structures to correctly (maybe) modify the AlgorithmIdentifiers. Largely untested at present... this will be fixed in due course. Well the stuff was broken to begin with so if its broken now then you haven't lost anything :-)
Fix various less obvious bugs in PKCS#7 handling: such as not zeroing the secret key before we've encrypted it and using the right NID for RC2-64. Add various arguments to the experimental programs 'dec' and 'enc' to make testing less painful.
Oops! Get the pmatch test the right way round.
Various clarifications to extension docs: change the name of literal extensions from RAW to DER to avoid confusion with raw extensions.
Change default PKCS#12 iteration count to 2048, include rsa_oeap_test in the test batch file.
New functions sk_set, sk_value and sk_num to replace existing macros: this is to minimise the effects on existing code.
Include some notes on basic extension usage and change openssl.cnf to usually do sensible things with extensions.
The last argument in the d2i_XXX_fp and d2i_XXX_bio functions should be of type XXX ** not XXX *
Move the Win32 #undefs of X509_NAME and PKCS7_ISSUER_AND_SERIAL so they will always get included with the relevant files.
Fixup do_nt.bat for new mk1mf arg order.
Set ext_list to NULL after use.
Fix URL for perl in INSTALL.W32
Update md5 assembly source for Win32.
Fix for memory leak.
Free up 'out' before exiting pkcs12 application. Submitted by: Wu Zhigang <zhigangwu at yahoo.com>
Add PKCS#5 v1.5 compatible algorithms and initial PKCS#8 support. PKCS#8 needs more work: need an application and make the private key routines automatically handle PKCS#8.
The rest of the PKCS#5, PKCS#8 patch I forgot before :-)
Add a 'pkcs8' application for initial PKCS#8 support. Still needs lots more options to handle encrypted and unencrypted forms and DER format input and output.
Add d2i,i2d bio and fp functions for PKCS#8 and add -inform and -outform arguments to pkcs8 application.
More PKCS#8 stuff. Support for unencrypted forms of private key.
Change so PEM private key read routines can handle PKCS#8 transparently.
Rewrite PBE handling read to support PKCS#5 v2.0 and update the function list for Win32.
Change PBE handling a bit more: now the key and iv generator does calls EVP_CipherInit() this because the IV wont be easily available when doing PKCS#5 v2.0
More PKCS#5 v2.0 development. Add a function to setup a PKCS#5 v2.0 AlgorithmIdentifier and make various ASN1 fixes.
This is the main PKCS#5 v2.0 key generation function, it parses the ASN1 structure and decides what key to generate (if any). Not currently added to the PBE algorithm list because it is largely untested.
Complete support for PKCS#5 v2.0. Still needs extensive testing.
Change the PEM function implementation to use a common set of macros: this should make modifying them easier.
Reformat and "modernise" the sign.c demo.
Two new functions to write out PKCS#8 private keys. Also fixes for some of the the PBE code and a new constant PKCS5_DEFAULT_ITER for the default iteration count if it is passed as zero.
Document the X509V3 code and change some of the extension function pointers to use 'void *' rather than 'char *' for an "arbitrary extension".
Fix to i2d_DSAPublicKey() to return the correct length. Submitted by: Jeon KyoungHo <khjeon at sds.samsung.co.kr>
New functions CONF_load_bio() and CONF_load_fp() to load a configuration file from a bio or fp. Added some more constification to the BN library.
Convert the CONF library to use a typesafe stack: a STACK_OF(CONF_VALUE). It seemed like a good idea at the time... several hours later it was rather obvious that these are used all over the place making the changes rather extensive.
Implement STACK_OF(ANS1_OBJECT) for extended key usage extension, change the documentation to reflect the STACK_OF(CONF_VALUE) change to the CONF lib and use ANSI typedefs for X509V3_EXT_I2D and X509V3_EXT_FREE.
Change the PEM_* function prototypes to use DECLARE_PEM macros and change util/mkdef.pl to handle this. Also do a 'make update'.
New function PKCS7_signatureVerify to allow the signing certificate to be explicitly stated with PKCS#7 verify.
Fix d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() so it correctly works out the length of negative integers.
New functions to allow RSA_METHODs to be changed without poking round in RSA structure internals.
SXnet code was freeing up the extension data rather than the temporary zone number.
Fix a bug in x509.c that omitted DSA parameters when they didn't match the signers parameters. Changed it to never omit parameters.
Copy flags in ASN1_STRING_dup()
Add a debugging option to PKCS#5 v2.0 key generation function.
Various changes to stop VC++ choking under Win32.
Beginnings of experimental support for NASM assembler. This is a free assembler for various X86 platforms including Win32. It can output object files that VC++ will tolerate so it could be used to provide assembly language support to Win32 without the need for MASM.
More NASM support code it still doesn't work but it doesn't work less than it didn't work before :-)
Continues NASM support. This might work now. Its still experimental but it passes all the tests. Added documentation in INSTALL.W32.
Eliminate a warning: BN_mod_inverse() returns a (BIGNUM *) and remove and unnecessary cast.
New RSA flag RSA_FLAG_EXT_PKEY, to always call rsa_mod_exp.
New function OBJ_obj2txt()
Tidy up pkcs12 application.
Allow the PKCS#7 (S/MIME encrypt) application to support more than one recipient.
Fix to PKCS#12 code to use the cipher block length when allocating a buffer for encrypted data, rather than hard coding '8'.
Configure fix for Windows: under Windows+perl "system" ends up going via the command shell which means that redirecttion needs backslashes in the paths.
Change all the -'s to _'s.
Fix -startdate and -enddate arguments to 'ca' program. Also update NEWS file with some 0.9.4 changes.
*** empty log message ***
Support for parsing of certificate extensions in PKCS#10 requests: these are used by things like Xenroll. Also include documentation for extendedKeyUsage extension.
Add functions to allow extensions to be added to certificate requests.
Fix PKCS7_ENC_CONTENT_new() to include a sensible default content type and add support for encrypted content type in PKCS7_set_content().
Allow memory bios to be read only and change PKCS#7 routines to use them.
Initial support for DSA_METHOD...
Initial support for DH_METHOD. Also added a DH lock. A few changes made to DSA_METHOD to make it more consistent with RSA_METHOD.
Fix for a bug which meant encrypting BIOs sometimes wouldn't read the final block.
Allow extensions to be added to certificate requests, update the sample config file (change RAW to DER).
Allow the 1.OU="my OU" syntax in 'ca' for SPKACs.
Allow the extension section specified in config files to be overridden on the command line for various utilities.
Make DH_free() free up any ex_data and also call the finish method.
Add new 'spkac' utility and several SPKAC utility functions.
New UTF8 utility functions to parse/generate UTF8 strings.
New function to convert ASN1 tag values to strings. Also fix typo in asn1.h
This is preliminary support for an "RSA null" cipher. Unfortunately when OpenSSL is compiled with NO_RSA, no RSA operations can be used: including key generation storage and display of RSA keys. Since these operations are not covered by the RSA patent (my understanding is it only covers encrypt, decrypt, sign and verify) they can be included: this is an often requested feature, attempts to use the patented operations return an error code.
Oops... forgot the other RSA_NULL patches...
Fix typo.
Fix typo.
Various CRL enhancements tidies and workaround for broken CRLs.
Add new sign and verify members to RSA_METHOD and change SSL code to use sign and verify rather than direct encrypt/decrypt.
Lots of evil casts to stop VC++ choking with "possible loss of data" warnings :-(
Fix to make s_client and s_server work under Windows. A bit of a hack but an improvement on not working at all.
Modify the 'speed' application so it now uses RSA_sign and RSA_verify instead of RSA_private_encrypt and RSA_public_decrypt
Fix for base64 BIO decoding bug
Fix for d2i_ASN1_bytes and stop PKCS#7 routines crashing is signed message contains no certificates.
Add support for public key input and output in rsa and dsa utilities with some new DSA public key functions that were missing.
New option -dhparam to s_server to allow the DH parameter file to be set explicitly. Previously it couldn't be changed because it was hard coded as "server.pem".
Fix for bug in pkcs12 program and typo in ASN1_tag2str().
Fix for bug in pkcs12 program and typo in ASN1_tag2str().
Fix incorrect usage messages in some commands.
New functions to parse and get extensions.
Add EX_DATA support to X509. Fix a bug in the X509_get_d2i() functions which didn't check if crit was NULL.
Initial support for certificate purpose checking: this will ultimately lead to certificate chain verification. It is VERY EXPERIMENTAL at present though.
Replace the macros in asn1.h with function equivalents. Also make UTF8Strings tolerated in certificates.
New function ASN1_mbstring_copy() to handle ASN1 string copying. Ultimately this will be used to clear up the horrible DN mess.
More multibyte character support.
Continued multibyte character support.
Fix to PKCS#7 routines so it can decrypt some oddball RC2 handling.
Allow additional information to be attached to a certificate: currently this includes trust settings and a "friendly name".
Fix to the -revoke option in ca. It was leaking memory, crashing and just plain not working :-(
Very preliminary POD format documentation for some of the openssl utility commands...
Oops. The pkcs8 man page wasn't finished: this is an updated version
Fix a couple of outstanding issues: update STATUS file, fix NO_FP_API problems.
Add password command line options to some utils. Fix and update man pages.
More docs and corrections/updates
Oops forgot the S/MIME v3 RFC.
Merge some common functionality in the apps, delete the encryption option in the pkcs7 utility (they never did anything) and add a couple more options to pkcs7.
Add an spkac manual page and fix the pkcs7 manpage.
Correct x509 manpaghe and add a crl manpage
Add info about the header and footer lines used in PEM formats and add an nseq manpage.
Add support for the 40 and 64 bit RC2 and RC4 ciphers in 'enc' add documentation for 'enc'.
Add some examples to the enc man page.
'req' fixes. Reinstate length check one request fields. Fix to stop null being added to attributes. Modify X509_LOOKUP, X509_INFO to handle auxiliary info.
New function X509_cmp().
Add a salt to the key derivation using the 'enc' program.
Clarify docs.
Fix for a bug in PKCS#7 code and non-detached data.
Modify verify code to handle self signed certificates.
Support for otherName in GeneralName.
Transparent support for PKCS#8 private keys in RSA/DSA.
Support for authority information access extension.
Initial chain verify code: not tested probably not working at present. However nothing enables it yet so this doesn't matter :-)
New options to the -verify program which can be used for chain verification. Extend the X509_PURPOSE structure to include shortnames for purposed and default trust ids.
Initial trust code: allow setting of trust checking functions in a table. Doesn't do too much yet.
Oops! Commit died on me :-(
Add trust setting support to the verify code. It now checks the trust settings of the root CA.
Add part of chain verify SSL support code: not complete or doing anything yet.
Remainder of SSL purpose and trust code: trust and purpose setting in SSL_CTX and SSL, functions to set them and defaults if no values set.
Document all possible errors (and some impossible) from the verify program.
Document the extension tests performed by the -purpose test in the x509 utility.
Modify the X509 V3 extension lookup code.
Change the trust and purpose code so it doesn't need init either and has a static and dynamic mix.
Fix a bug in the modified purpose code: it wasn't updated to use the new purpose getting function.
New function PKC12_newpass()
Merge in my S/MIME library and utility.
Modify S/MIME application so the -signer option writes the signer(s) to a file if we are verifying.
Add i2d_ASN1_PRINTABLESTRING() function, and do 'make update'
Make the PKCS#7 S/MIME functions check for passed NULL pointers.
Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs.
Various S/MIME fixes.
Fix a typo in a_enum.c.
Various S/MIME fixes. Fix for memory leak, recipient list bug and not excluding parameters with DSA keys.
Fix the S/MIME code to use canonical MIME format for encrypted mail. Also update the smime docs.
Delete an unused variable and make the PKCS#12 keygen debugging code work again.
Support for ASN1 NULL type.
Add PKCS#8 utility functions and add PBE options.
Fixes so NO_RSA works again.
Allow passwords to be included on command line for a few more utilities.
New {i2d,d2i}_PrivateKey_{bio, fp} functions.
Simplify the trust structure: basically zap the bit strings and represent everything by OIDs.
Add OIDs for idea and blowfish. Unfortunately these are in the middle of the OID table so the diff is rather large :-(
Fix some of the command line password stuff. New function that can automatically determine the type of a DER encoded "traditional" format private key and change some of the d2i functions to use it instead of requiring the application to work out the key type.
Add support for MS "fast SGC".
Initial automation changes to 'req' and X509_ATTRIBUTE functions.
More X509_ATTRIBUTE changes.
#undef PKCS7_SIGNER_INFO for Win32 to avoid clashes.
Add PKCS#12 manpage and use MAC iteration counts by default.
Manpages for the DH utils and fix for a memory leak in dh program
Add -prexit command to s_client and patch some BIO functions so it doesn't crash. Document s_client.
Man page for s_server.
New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code. Remove references to 'TXT' in -inform and -outform switches.
Update docs.
Rename X509_att*() stuff to X509at_*(), add X509_REQ wrappers.
Finish off the X509_ATTRIBUTE string stuff.
Oops... undo change to wrong prototype.
Change the 'man' directory to 'apps'. Yes I wish cvs could rename too :-(
Make -CAcreateserial start from 1 instead of 0 for serial numbers.
Docs for sess_id utility.
Apply Lutz Behnke's 56 bit cipher patch with a few minor changes.
Gets Lutz Jaenicke's name right this time :-)
Add new program dhparam and update docs.
Minor patch: check only match @STRENGTH and remove eNULL comment.
Make s_server, s_client check cipher list return codes.
Tidy up CRYPTO_EX_DATA structures.
Document how CRYPTO_EX_DATA stuff works for RSA structures. Other structures behave in a similar way.
New -pkcs12 option to CA.pl. Document CA.pl script. Initialise and free up the extra DH fields (nothing uses them yet though).
Add CA.pl man page this time...
Fix CRL encoding bug.
Update docs.
Update docs.
Add new -notext option to 'ca', -pubkey option to spkac.
Rename SSLeay_add_all_algorithms() et al to OpenSSL_add_all_algorithms(). Move these into separate files so they work properly.
Add support for some broken PKCS#8 formats.
Document EVP digest operations.
Rename the X509V3_*_d2i functions to X509_get_ext_d2i() etc. This better reflects their behaviour.
Add command line password options to the reamining utilities, amend docs.
Update docs.
Make pkcs12 and smime applications seed random number generator (otherwise they don't work) and add -rand option. Update docs.
Modernise 'selfsign.c' to use new X509_NAME code and add example of extension aliasing. Also fix the extension aliasing because it didn't work :-)
Fix for Netscape "hang" bug.
Pass phrase reorganisation.
Add -pass argument to 'enc'. Fix to make Win32 compile work again.
New functions and option to use NEW in certificate requests.
Add -clrext option to 'x509'
Change the 'other' structure in certificate aux info.
Change EVP_MD_CTX_type so it is more logical and add EVP_MD_CTX_md for the old functionality.
Update docs.
Make pkcs8 work again.
Allow ADH to be used but not present in the default cipher list.
Add PBE algorithms with ciphers, not digests.
Allow code which calls RSA temp key callback to cope with a failure.
Rename functions for new convention.
Fix shadow warning.
Make ASN1 types real typedefs.
Fix so Win32 assembly language works with MASM.
Fix so Win32 compiles again...
Don't call BN_rand with zero bits in bntest.c
Ouch! PKCS7_encrypt() was heading MIME text headers twice because it added them manually and as part of SMIME_crlf_copy(). Removed the manual add.
Fix bug which would free up a public key twice if the verify callback tried to continue after a signature failure.
Move the 'file scope' argument in set_label to the third argument: the second was being used already.
Make name_funcs_stack static.
Fix the PKCS#8 DSA code so it works again. All the broken formats worked but the valid didn't :-(
New compatability trust and purpose settings.
Manual pages for EVP signing and verifying.
Manual pages for EVP_Open* and EVP_Seal*
Fix typo and make ca get the CA and request fields correct.
Don't Free() password if it was read from config file.
Make V_ASN1_APP_CHOOSE work again.
Fix a memory leak in PKCS12_parse. Don't copy private key to X509 etc public key structures. Fix for warning.
Update docs and remove old PKCS#7 README file.
Add a few more FAQs.
Update docs.
Fix for HMAC.
Add a couple of FAQs.
Make PKCS#12 code handle missing passwords.
Fix for SSL server purpose checking
Fix c_rehash script, add -fingerprint option to crl.
Add DSA library string. Workaround for IIS .key file invalid ASN1 encoding.
Beginnings of EVP cipher overhaul. This should eventually enhance and tidy up the EVP interface.
Second phase of EVP cipher overhaul.
Third phase of EVP cipher overhaul.
Fourth phase EVP revision.
Fourth phase EVP revision.
More EVP cipher revision.
Document EVP routines. Change EVP_SealInit() and EVP_OpenInit() to support multiple calls.
Make EVP_SealInit() and EVP_OpenInit() check EVP_EncryptInit() and EVP_DecryptInit() return values.
Fix evp_locl.h macros.
Add support for the modified SGC key format used in IIS.
Safe stack reorganisation in terms of function casts.
Handle ASN1_SET_OF and PKCS12_STACK_OF using function casts in the same way as STACK_OF.
Fixes for Win32 build.
Change mkstack.pl so it now sorts each group into lexical order. Previously it depended on the order of files in the directory.
Update STATUS.
New ASN1 functions that just deal with content octets, not tag+length.
Fix some typose in the i2d/d2i functions that call the i2c/c2i (they were not using the content length for the headers).
Make req seed the PRNG if signing with an already existing DSA key.
Make NEG_PUBKEY_BUG on by default.
Fix warnings.
Fix a bug in the new i2d_{ENUMERATED,INTEGER} that didn't recognise NULL to mean 'don't output anything'
New ASN1_STRING_print_ex() and X509_NAME_print_ex() functions. These are intended to be replacements for the ancient ASN1_STRING_print() and X509_NAME_print() functions.
Document the new DN printing options.
Changes needed for Tandem NSK, supplied by Scott Uroff (scott at xypro.com).
Fix for bad sorting of object names.
Various fixes...
Fixes to d2i_ASN1_OBJECT, ASN1_INTEGER_to_BN and a_strex.c
Fix ASN1_INTEGER_to_BN properly this time...
Add support for 'other' PKCS#7 content types.
New option to CA.pl to sign request using CA extensions. This allows intermediate CAs to be created more easily.
Change PKCS#7 test data to take account of removal of indefinite length encoding.
Fix typo in i2d_ASN1_ENUMERATED
Add 'rsautl' low level RSA utility.
Keep a not of original encoding in certificate requests.
*BIG* verify code reorganisation.
Fix typo in rsautl.
Some BIO docs, incomplete, more to follow.
Add docs for BIO_find_type() and friends.
Ugh, BIO_find_type() cannot be passed a NULL.
Two new PKCS#12 demo programs.
Update verify docs.
Add BIO_read() (etc.) docs.
Really add BIO_read this time...
More preliminary BIO docs...
More new BIO docs, correct some old ones.
Docs for cipher and base64 BIOs.
More BIO docs.
Clarify some of the I/O issues.
BIO_s_fd() manual page.
Docs for socket BIO.
Initial connect BIO docs.
BIO_s_bio() manual page detailing BIO pair.
Update BIO_s_connect().
Accept BIO docs.
BIO_f_ssl() docs.
Remove redundant manpages and references to them.
New macro BIO_set_shutdown_wr().
Work around for Netscape PKCS#7 signedData bug.
Clarify the BIO_seek() mess and related issues.
Fix a typo in apps/pkcs12.c which was using the wrong part of ASN1_TYPE (though they are both ASN1_STRING so it didn't cause any problems).
Add docs for X509_get_ext_d2i() function.
Fix ASN1_TYPE bug.
Only use the new informational verify codes if we specifically ask for them.
Global DirectoryString mask fix.
More code for X509_print_ex() support.
Make non blocking I/O work for accept BIOs.
Fix for typo in certificate directory lookup code.
Update test server certificate in apps/server.pem (it was expired).
Move expired CA certificate.
Fix for bug (?) in assembly language routines for SHA1. This causes MASM to complain and not produce valid debug info. Hopefully this wont break anything else...
Merge from the ASN1 branch of new ASN1 code to main trunk.
Rewrite the extension code to use an ASN1_ITEM structure for its ASN1 operations as well as the old style function pointers (i2d, d2i, new, free). Change standard extensions to support this.
Stop extension creation code core dumping.
Replace the old style OCSP ASN1 module.
Change the PKCS7 structure to use SEQUENCE OF for the authenticated attributes: this is used to retain the original encoding and not break signatures.
New function X509_signature_print() to remove some duplicate code from certificate, CRL and request printing routines.
New function X509V3_extensions_print() this removes extension duplication from the print routines.
Add OCSP nonce extension to supported extensions.
Implement some standard OCSP extensions in the v3 code. These are all raw print only extensions at present.
Add a couple of FAQs.
Make mkdef.pl parse some ASN1 IMPLEMENT macros.
Add support for the noCheck OCSP extension. This is just a NULL and appears in a certificate.
Add OCSP service locator extension.
Redo OCSP response printing. Remove duplicate or obsolete code. Delete some redundant files.
Fixes to OCSP print code.
Various Win32 related fixes. Doesn't compile yet on Win32 but it is getting there...
New function X509V3_add_i2d() this is used for encoding, replacing and deleting extensions.
X509V3_add_i2d() needs to be able to allocate a STACK_OF(X509_EXTENSION) so it should be passed STACK_OF(X509_EXTENSION) ** in the first argument.
Avoid compiler warnings in hw_ubsec.c: unused static functions and signed/unsigned mismatch.
New OCSP extension functions.
ASN1_ITEM versions of sign, verify, pack and unpack.
Add NO_ASN1_OLD to remove some old style functions: currently OpenSSL itself wont compile with this set because some old style stuff remains.
ASN1_ITEM version of ASN1_dup(). Might want something more efficient later...
Replace the old ASN1_dup() with ASN1_item_dup() and zap some evil function pointers casts along the way...
ASN1_ITEM versions of ASN1_d2i_{fp, bio} and replacement of most of the old wrappers. A few of the old versions remain because they are non standard and the corresponding ASN1 code has not been reimplemented yet.
Delete PKCS#12 redundant files.
Rewrite PKCS#12 code and remove some of the old horrible macros.
Fix the S/MIME code so it now works again and uses the new ASN1 code.
Update OCSP API.
Fix typo in OCSP nonce extension.
Modify OCSP API to more closely reflect application needs.
Add set of OCSP client functions. All experimental and subject to addition, modifcation or deletion.
Add prototypes for new OCSP functions.
Fix uni2asc() so it can properly convert zero length unicode strings. Certain PKCS#12 files contain these in BMPStrings and it used to crash on them.
OCSP basic response verify. Very incomplete but will verify the signatures on a response and locate the signers certifcate.
Fix typo in OCSP ASN1 module, this caused invalid format in OCSP request signatures.
New OCSP utility. This can generate, parse and print OCSP requests. It can also query reponders and parse or print out responses.
Preliminary ocsp utility documentation.
Fix warning in apps/ca.c
Change PKCS#12 key derivation routines to cope with non null terminated passwords.
Initial OCSP certificate verify. Not complete, it just supports a "trusted OCSP global root CA".
Implement remaining OCSP verify checks in accordance with RFC2560.
Don't shadow.
Additional functionality in ocsp utility: print summary of status info. Check nonce values. Option to disable verify. Update usage message.
Fixes to various ASN1_INTEGER routines for negative case.
Update ocsp utility documentation.
Fix to stop X509_time_adj() using GeneralizedTime.
Add debugging info to new ASN1 code to trace memory leaks.
Zero the premaster secret after deriving the master secret in DH ciphersuites.
New OCSP response verify option OCSP_TRUSTOTHER
Make sk_sort tolearate a NULL argument.
Tolerate some "variations" used in some certificates.
Tidy up the mess in bss_sock.c and bss_fd.c by placing them socket/fd code in separate files rather than trying to have them both share the same one.
Various function for commmon operations.
Various OCSP responder utility functions.
Fix ASN1_TIME_to_generlizedtime().
New function to copy nonce values from OCSP request to response.
Fix AES code.
Allow various options to be included for signing and verify of OCSP responses.
Add missing \n's to ocsp usage message.
Various updates to mkdef.pl to cope with new aes and ASN1 code.
Various Win32 related fixed. Make no-krb5 work in mkdef.pl .
Fix CRL printing to correctly show when there are no revoked certificates.
Work around for libsafe "error".
Modify OCSP nonce behaviour.
New function OCSP_parse_url() and -url option for ocsp utility.
Initial OCSP SSL support.
Option to disable standard block padding with EVP API.
New options to 'ca' utility to support CRL entry extensions.
New -set_serial options to 'req' and 'x509'.
Fix typo.
Rebuild ASN1 error codes to remove unused function and reason codes.
Initial support for ASN1_ITEM_FUNCTION option to change the way ASN1 modules are exported.
Get rid of ASN1_ITEM_FUNCTIONS dummy function prototype hack. This unfortunately means that every ASN1_*_END construct cannot have a trailing ;
Oops, forgot CHANGES entry for ASN1_ITEM_FUNCTIONS.
Make OCSP cert id code tolerate a missing issuer certificate or serial number.
Stop PKCS7_verify() core dumping with unknown public key algorithms and leaking if the signature verify fails.
Print out OID of unknown signature or public key algorithms.
New function and options to check OCSP response validity.
Trap an invalid ASN1_ITEM construction and print out the errant field for more ASN1 error conditions.
Enhance OCSP_request_verify() so it finds the signers certificate properly and supports several flags.
Typo in comment.
Fix a bug which caused BN_div to produce the wrong result if rm==num and num < 0.
Fix bug in copy_email() which would not find emailAddress at start of subject name.
Make EVP_Digest*() routines return a value.
Change the EVP_somecipher() and EVP_somedigest() functions to return constant EVP_MD and EVP_CIPHER pointers.
Update docs.
Add the 'ec' directory to mkdef.pl and mkfiles.pl so the Windows build can see it.
Typo.
In crypto/ec #if 0 out structures which reference (currently) non existent functions because this breaks shared libraries.
Initial docs for PEM routines.
Document the -certopt option to the x509 utility.
Overhaul the display of certificate details in the 'ca' utility. This can now be extensively customised in the configuration file and handles multibyte strings and extensions properly.
Add 'align' option to nameopt.
Add copy_extensions option to 'ca' utility.
Fix PKCS#12 key generation bug.
Rewrite CHOICE field setting code to properly handle combine in CHOICE options.
Fix ASN1 bug when decoding OTHER type.
Win32 fixes:
Initial CRL based revocation checking.
Allow various X509_STORE_CTX properties to be inherited from X509_STORE.
Fix to allow multiple NONE libraries in mkerr.pl .
Fix warning with DEBUG_SAFESTACK
Purpose and trust setting functions for X509_STORE.
Typo.
Under VC++ _DLL is set to indicate that the application will be linked against the DLL runtime library. It is automatically set when /MD is used.
Change Win32 to use EXPORT_VAR_AS_FN.
#if 0 out deleted (?) functions to stop Win32 DLL build falling over.
Fix for new UI functions under Win32.
Add examples to EVP_EncryptInit manual page.
Add missing variable length cipher flag for Blowfish.
Add support for MS CSP Name PKCS#12 attribute.
Initialize UI ex_data.
Make update
Don't set pointer if add_lock_callback used.
make apps compile again
Fix memory leaks.
Change all calls to low level digest routines in the library and applications to use EVP. Add missing calls to HMAC_cleanup() and don't assume HMAC_CTX can be copied using memcpy().
Fix memory leak when RAND is used: need to cleanup RANDs ENGINE reference in ENGINE_cleanup().
Update my config entry to allow use of DSOs.
In UI_dup_*() function, use the duped string, not the original.
Fix UI leak in apps.
Fix hwcrhk_insert_card.
In {RSA,DSA,DH}_new_method(x) need to increase the reference count of the ENGINE is x is not NULL since it will be freed in {RSA,DSA,DH}_free().
Handle empty X509_NAME in printing routines.
Another empty X509_NAME fix.
Modify apps to use NCONF code instead of old CONF code.
In ocsp_match_issuerid() we are passed the CA that signed the responder certificate so need to match its subject with the certificate IDs in the response.
Delete extra ;
Initial OCSP server support, using index.txt format.
Allow OCSP server to handle multiple requests.
First of several reorganisations to reduce linker bloat. For example the single line:
More linker bloat reorganisation:
Make sure *outl is always initialized in EVP_EncryptUpdate().
Add CRL utility functions to allow CRLs to be built up without accessing structures directly.
Make -passin -passout etc work again.
Add #ifdefs to some devcrypto code
Load OCSP responder key before waiting for an incoming connection so it can prompt for pass phrase on startup instead of after the first connection.
Replace old (and invalid) copyright notice.
Add certificate and request demos.
Fix AES CBC mode EVP_CIPHER structures: the IV length is always 16.
Support fractional seconds in GeneralizedTime
Make (ancient) sign.c demo compile again.
Constify EVP_SealInit, EVP_OpenInit
Modernise and fix (ancient) "maurice" demos.
Make EVP_DecryptUpdate work again.
Use the maximum block length for the extra size in the encrypt BIO buffer instead of hard coding it as 8.
Retain compatibility of EVP_DigestInit() and EVP_DigestFinal() with existing code.
Update docs.
Modify EVP cipher behaviour in a similar way to digests to retain compatibility.
Update docs.
Add missing EVP_CIPHER_CTX_{init,cleanup}
Typo.
Stop spurious "unable to load config info" errors in req
Reject certificates with unhandled critical extensions.
Sanitize CHANGES entry.
New options to allow req to accept UTF8 strings as input.
Add support for Subject Info Acess extension.
Stop compiler warnings.
Bugfixes for noemailDN option. Make it use the correct name (instead of NULL) if nomailDN is not set, fix memory leaks and retain DN structure when deleting emailAddress.
Allow ca to certify requests containing BMPStrings and UTF8Strings.
Another noemailDN fix.
Fix email address delete code.
Win32 fixes.
PKCS#12 code fixes: initialize and cleanup digests and ciphers properly.
Add an FAQ.
NO_DSA, NO_RSA patches.
Add -pubkey option to req command.
Make EVP_SealInit() return the correct value.
EVP_BytesToKey documentation.
Don't overwrite signing time.
Update PEM docs
Experimental configuration code.
Initial ENGINE config module, docs to follow.
default_algorithms option in ENGINE config.
Constification.
#undef some things that cause a conflict under Win32 when wincrypt.h is included.
Config file updates from stable branch
Config code updates.
Update from stable branch.
make errors
non-Monolith fixes.
Fix for AIX.
New OPENSSL_LOAD_CONF define to load openssl.cnf when OpenSSL_add_all_algorithms() is called.
Updates from stable branch.
Make the engine config module always add dynamic ENGINEs to the list using dynamic_path. This stops ENGINEs which don't supply any default algorithms being automatically freed (because they have no references) and allows them to be accessed by id.
Fix new -aes command argument handling
Always init ctx_tmp in PKCS7_dataFinal since it is always cleaned up.
Fix warnings about signed/unsigned mismatch and global shadowing (random, index) in hw_4758_cca.c
Make sure the type accessed by the LONG and ZLONG ASN1 type is really a long, to avoid problems on platforms where sizeof(int) != sizeof(long).
ENGINE module additions.
Fix the Win32_rename() function so it correctly returns an error code. Use the same code in Win9X and NT.
Make {RSA,DSA,DH}_new_method obtain and release an ENGINE functional reference in all cases.
Make ciphers and digests obtain an ENGINE functional reference if impl is explicitly supplied.
Fix various warnings when compiling with KRB5 code.
Fix ASN1 additions for KRB5
Fix Kerberos warnings with VC++.
Undo previous patch: avoid warnings by #undef'ing duplicate definitions.
Initialize cipher context in KRB5 ("D. Russell" <russelld at aol.net>)
Ensure EVP_CipherInit() uses the correct encode/decode parameter if enc == -1
Initialize ciph_ctx in kssl.c
Add apps_startup and bio_err init code to smime.c
Avoid gcc warning: BN_DEC_CONV when SIXTY_FOUR_BIT is defined is unsigned.
Fallback to normal multiply if n2 == 8 and dna or dnb is not zero in bn_mul_recursive.
Add config entry debug-steve-linux-pseudo64. This sets the SIXTY_FOUR bignum library option to use 64 bit operations on the 32 bit linux platform.
EVP_SealFinal should return a value.
Zero cipher_data in EVP_CIPHER_CTX_cleanup
Add missing EVP_CIPHER_CTX_init call.
Fix Mingw32 asm build: use the Unix bignum assembly method of bn-586.pl and co-586.pl which (for some reason) VC++ doesn't use.
Reorganise -subj option code, fix buffer overrun.
Make i2c_ASN1_BIT_STRING return the correct length.
The new ASN1 code automatically allocates structures for fields that are not OPTIONAL.
Fix ext_dat.h extension ordering.
Fix the ASN1 sanity check: correct header length calculation and check overflow against LONG_MAX.
Fix typo
Fix typo in OBJ_txt2obj which incorrectly passed the content length, instead of the encoding length to d2i_ASN1_OBJECT.
Fix block_size field for CFB and OFB modes: it should be 1.
Fix crahses and leaks in pkcs12 utility -chain option
#if out unused function to shut the compiler up.
Change C++ style comments
Make -nameopt work in req and add support for -reqopt
Reinstate the check for invalid length BIT STRINGS, which was effectively bypassed in the ASN1 changed.
Fix ASN1_STRING_to_UTF8: remove non sensical !*out test.
Fix typos in PKCS#12 ASN1 code.
Really fix PKCS7_set_detached this time...
Preliminary streaming ASN1 encode support.
Various enhancements to PKCS#12 code, new medium level API, improved PKCS12_create and additional functionality in pkcs12 utility.
Update mkdef.pl to handle new ASN1 macro
Add declaration got PKCS#7 NDEF.
make update
Add version info to Win32 DLLs.
Typo.
Some docs relating to X509 ASN1 functions.
Update RSAPublicKey manual page...
Oops, remove old comment out debugging printf...
Various Win32 fixes.
Update DH parameter docs.
Update docs.
Update docs.
Document "0" and "1" naming convention.
More d2i/i2d manual pages.
More docs.
PKCS7_verify() docs.
More man pages.
PKCS12_create manual page
PKCS12_parse manual page.
Update docs.
Typo.
More docs.
New docs.
Typo: v3 is represented by 2.
Check for NULL ASN1_ITEM when initializeing boolean option in ASN1_TYPE.
CRL reason code docs.
Typo in OCSP ASN1 module
Typo
Initial ASN1 generation code. This can construct arbitrary encodings from strings and config files.
Initial ASN1 generation documentation.
Update docs
Fix memory leak in s2i_ASN_INTEGER and return an error if any invalid characters are present.
Add header ctype.h
Only accept exact match for modifier or tag name
Put NAME in right place, fix typo
Update docs
Typo
Fix get_email: 0 is a valid return value
Fix documentation of i2d_X509_fp and i2d_X509_bio.
Add SETWRAP modifier to ASN1 generate.
In asn1_d2i_read_bio, don't assume BIO_read will return the requested number of bytes when reading content.
Typo in X509v3_get_ext_by_critical
Make ASN1_TYPE_get() work for V_ASN1_NULL type.
Fix leak.
NULL tofree when it is freed to avoid double free.
Typo.
Set EXPORT_VAR_AS_FN for BC-32 to work around a compiler bug,
EVP_DecryptInit() should call EVP_CipherInit() not EVP_CipherInit_ex().
Check return value of gmtime() and add error codes where it fails in ASN1_TIME_set().
Correct EVP_SealInit() documentation, iv is an output parameter.
IPv6 display and input support for extensions usingh GeneralName.
Typo.
GeneralString support in mini-ASN1 compiler
Option to disable SSL auto chain build
Single pass processing to cleartext S/MIME signing.
Update docs.
Typo.
Update debub-steve* entries.
Fix bug in base64 bios during write an non blocking I/O: if the write fails when flushing the buffer return the value to the application so it can retry.
Re enable the read side non blocking test BIO code.
Ooops forgot to recognise V_ASN1_GENERALSTRING.
Base64 bio fixes. The base64 bio was seriously broken when reading from a non blocking BIO.
Fix indefinite length encoding so EOC correctly updates the buffer pointer.
Support for dirName from config files in GeneralName extensions.
Typo.
Encryption BIOs misbehave when used with non blocking I/O.
Fixes for EVP_DigestInit_ex() and OPENSSL_NO_ENGINE.
Avoid warnings for no-engine and PEDANTIC
Return an error if gmtime returns NULL.
Fix PEDANTIC stuff...
Add some OIDs.
Add entry for domainComponent so it is treated correctly.
Don't give an error if response reason absent in OCSP HTTP.
Fix for no-ec on Windows.
Fix Certificate and CRL adding in X509_load_cert_crl_file: an X509_INFO structure can contain more than one object, for example a certififcate and a CRL.
make update
Avoid warning.
Typo: OID should be policyMappings
Support for policyMappings
New ASN1 macros to just implement and declare the new and free functions and changes to mkdef.pl so it recognises them.
make update
Support for policy constraints.
make update
Name Constraints OID.
Support for name constraints.
make update
Update ocsp usage message and docs.
Multi valued AVA support.
Update from stable branch.
Typo.
Make DER option work again.
Add correct DN entry for serialNumber.
Fix docs.
The square brackets in BIO_s_bio.pod for some reason cause wml to bomb out with the error message:
PR: 631 Submitted by: Doug Sauder <dws+001 at hunnysoft.com>
PR: 627
Various S/MIME bug and compatibility fixes.
Stop checking for CRLF when start of buffer is reached.
Only count 'LF' as EOL in pk7_mime.c, this avoids incorrect results if CR+LF straddles the line buffer.
Update CHANGES to reflect base64 fix added to 0.9.7
Really get X509_CRL_CHECK_ALL right this time...
Return EOF when an S/MIME part have been read.
Avoid clashes with Win32 names in WinCrypt.h
outlen should be int * in out_utf8.
Only accept a client certificate if the server requests one, as required by SSL/TLS specs.
New -ignore_err option in ocsp application to stop the server exiting on the first error in a request.
Typos.
In order to get the expected self signed error when calling X509_verify_cert() in x509.c the cert should not be added to the trusted store.
Add -passin support to rsautl
ASN1 parse fix and release file changes.
Avoid warnings: add missing prototype, don't shadow.
Retrieve correct content to sign when the type is "other".
Initialize digested data type in PKCS7_set_type().
New function to initialize a PKCS7 structure of type other.
Simplify cipher and digest lookup in PKCS#7 code.
Add support for digested data PKCS#7 type.
Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
Give CRLDP its standard name.
Typos.
Replace expired certificate.
Add flag to avoid continuous memory allocate when calling EVP_MD_CTX_copy_ex().
Fix handling of -offset and -length in asn1parse tool.
Use an OCTET STRING for the encoding of an OCSP nonce value.
Initial docs for the OpenSSL library configuration via openssl.cnf
More autoconfig docs.
Documentation of the KISS autoconfig functions.
Config docs.
Indent some of the code examples.
Typos.
Various X509 fixes. Disable broken certificate workarounds when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in CRL issuer certificates. Reject CRLs with unhandled (any) critical extensions.
Memory leak fix.
Call autoconfig code in pkcs7 utility.
Cleanup ASN1 OID module when it exits.
Support for inhibitAnyPolicy extension.
Fix policy constraints syntax.
Avoid warnings.
Initial support for certificate policy checking and evaluation.
Fix ASN1 warnings.
Fix loads of warnings in policy code.
Remove BN_CTX debug from debug-steve
Free up BIO properly when using streaming S/MIME sign.
Extend OID config module format.
Allow CRLs to be passed into X509_STORE_CTX. This is useful when the verified structure can contain its own CRLs (such as PKCS#7 signedData).
Remove obsolete files.
Make {i2v,v2i}_ASN1_BIT_STRING global.
Enhance EVP code to generate random symmetric keys of the appropriate form, for example correct DES parity.
New function X509_POLICY_NODE_print()
Oops forgot CHANGES entry.
Don't use C++ reserved word.
Add some root CAs.
Clear error if unique_subject lookup fails.
Reduce chances of issuer and serial number duplication by use of random initial serial numbers.
Use X509_get_serialNumber() instead of accessing internals in x509.c
New option to 'x509' -next_serial. This outputs the certificate serial number plus 1 to the output file. Its purpose is to allow serial number files to be initialized when random serial numbers are used.
Fix leak.
Reformat/tidy some of the ASN1 code.
More ASN1 reformat/tidy.
Make ASN1 code work again...
Make self signing option of 'x509' use random serial numbers too.
Fixes so alerts are sent properly in s3_pkt.c
Add SHA256 and SHA512 algorithms to mkdef.pl.
Delete obsolete and unimplemented function.
Delete unused function from libeay.num, replace with one that does exist.
Reformat pkcs8 source.
Stop compiler warnings with debug-steve
Don't try to parse non string types.
PKCS#8 fixes from stable branch.
Delete non-POSIX header file.
Delta CRL support in extension code.
Add FIPS library name to error routines.
Oops, wrong version...
Don't ignore return value of EVP_DigestInit_ex() in md BIOs and dgst utility.
Call setup_engine after autoconfig.
Make ASN1_INTEGER_cmp() work as expected with negative integers.
Update FAQ.
Stop compiler warnings.
New X509_VERIFY_PARAM structure and associated functionality.
Reformat smime.c
Don't use 'explicit' for variable name.
Reformat smime utility.
When looking for request extensions in a certificate look first for the PKCS#9 OID then the non standard MS OID.
Change values of MBSTRING_* to the form MBSTRING_FLAG|nbyte as assumed in ASN1_STRING_to_UTF8().
Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap().
Don't use C++ reserved work "explicit".
Update debug-steve
Fix race condition when CRL checking is enabled.
Oops!
Fix race condition when SSL ciphers are initialized.
Update FAQ.
Update NEWS
Don't return an error with crl -noout.
Use the default_md config file value when signing CRLs.
Fix x509.c so it creates serial number file again if no serial number is supplied on command line.
PR: 969 Submitted by: David Holmes <davidh at 3blackdogs.com>
Zap obsolete der_chop script.
PR: 938
PR: 923
PR: 940
Initial pod documentation of X509V3 config file format.
PR: 910
Update X509v3 docs.
Update X509v3 doc.
In "req" exit immediately if configuration file is needed and it can't be loaded instead of giving the misleading:
Fix memory leak.
Typo.
Check return code of EVP_CipherInit() in PKCS#12 code.
Update docs.
Update docs
Allow alternative manual sections to be embedded in .pod file comments.
Add errstr manual page
Typo.
Perform partial comparison of different character types in X509_NAME_cmp().
Add couple of OIDs. Resync NIDs for consistency with 0.9.7.
V1 certificates that aren't self signed can't be accepted as CAs.
Add -passin argument to dgst command.
In by_file.c check last error for no start line, not first error.
Update year.
Add lots of checks for memory allocation failure, error codes to indicate failure and freeing up memory if a failure occurs.
Remaing bits of PR:620 relevant to 0.9.8.
Use X509_cmp_time() in -checkend option, to support GeneralizedTime.
Update 'certs' directory. Move expired certificates to expired directory and zero assurance demontrations CAs to 'demo'.
Automatically mark the CRL cached encoding as invalid when some operations are performed.
Remove duplicate lines.
Fix s_client so it works without a certificate again.
Don't use multiple storage types.
Remove unused buffer 'buf'.
Prompt for passphrases for PKCS12 input format
PKCS7_verify() performance optimization. When the content is large and a memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots of slow memory copies from the memory BIO by saving the content in a temporary read only memory BIO.
In mkdef.pl ignore trailing whitespace in #ifdef lines
Fix possible memory leak.
Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and client random values.
Doc fixes.
Update FAQ
Typo
Make kerberos ciphersuite code work with newer header files
Move allow_proxy_certs declaration to start of function.
Include error library value in C error source files instead of fixing up at runtime.
Rebuild error codes.
Replace overwritten lines before error codes.
More overwritten stuff...
Update FAQ.
Check return values of <Digest>_Init functions in low level digest calls.
Fix from stable branch.
Various Win32 and other fixes for warnings and compilation errors.
Update year.
Ignore TYPEDEF_OF in mkdef.pl
New "algorithm define" OPENSSL_NO_GMP. Update mkdef.pl and Configure script to use it.
Stop perl warning.
Fix logic in mkdef.pl function is_valid.
Handle similar mk1mf.pl options with a hash table.
Process MINFO file earlier in mk1mf.pl so it can modify variables like CFLAGS.
Stop bogus shadowing warning.
Stop compiler warnings about deprecated lvalue casts.
Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts.
Make kerberos ciphersuite code compile again.
Don't use standard kerberos library locations in MK1MF builds.
Recognize zlib and krb5 options in mk1mf.pl
Oops...
False positive removed.
Fixes for signed/unsigned warnings and shadows.
Remove more false positives.
Port from stable branch.
Remove more false positives.
Port prime utility across from stable branch.
More false positives and cases covered by port of prime.c
Port from stable branch.
Remove more false positives.
Stop unused variable warning.
Port BN_MONT_CTX_set_locked() from stable branch.
Change method_mont_p from (char *) to (BN_MONT_CTX *) and remove several casts.
Lots of Win32 fixes for DTLS.
Update default dependency flags.
Increase offset for BIO_f_enc() to avoid problems with overlapping buffers when decrypting data.
Use more efficient way to locate end of an ASN1 structure.
Don't attempt to parse nested ASN1 strings by default.
Typo.
Support for smime-type MIME parameter.
Typo.
Fix from stable branch.
Avoid warnings.
Some C compilers produce warnings or compilation errors if an attempt is made to directly cast a function of one type to what it considers and incompatible type. In particular gcc 3.4.2.
openssl_fcast should always be defined, not just with DEBUG_SAFESTACK
Make -CSP option work again in pkcs12 utility by checking for attribute in EVP_PKEY structure.
Make update.
Assing check_{cert,crl}_time to 'ok' variable so it returns errors on expiry.
Update from 0.9.7-stable. Also repatch and rebuild error codes.
Add pss/x931 files.
Update from stable branch.
Update from 0.9.7-stable.
Update CHANGES.
Typo.
Use correct name for config file env variable.
Fix for padding X9.31 padding check and zero padding bytes.
Fix extension ordering.
Typo.
Add Argen root CAs.
Sync libeay.num
Check PKCS7 structures in PKCS#12 files are of type data.
Update from stable branch.
Initial print only support for IDP CRL extension.
Print out previously unsupported fields in CRLDP by i2r instead of i2v.
Typo which prevents mult valued RDNs being created.
Allow setting of all fields in CRLDP. Few cosmetic changes to output.
Don't use @syntax for extended CRLDP format.
Add support for setting IDP too.
Add declaration for IDP ASN1 functions.
Update ASN1 printing code. Highly experimental, not working properly (neither did the old code) and not compiled in yet...
Handle case where it==NULL
Allow PKCS7_decrypt() to work if no cert supplied.
Initialize SSL_METHOD structures at compile time. This removes the need for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
New version of ASN1 print code, still not compiled in though.
Remove ASN1_METHOD code replace with new ASN1 alternative.
Update from stable branch.
Add file which includes new ASN1 NETSCAPE format for certificates.
Delete old ASN1_METHOD files.
Command line support for RSAPublicKey format.
Use correct date and filename.
Integrated support for PVK files.
Initial support for ASN1 print code.
Update ASN1 printing code and add a -print option to 'pkcs7' utility for initial testing.
Return 2 from X509_NAME printing routine to add newline.
Extend callback function to support print customization.
Two new verify flags functions.
Update to ASN1 printing code.
Update asn1t.h too for ASN1 print.
Update ASN1 print implement macro.
Update print macro properly this time...
Fix for Win32.
Change openssl.cnf to use UTF8Strings by default and not always include issuer and serial versions of AKID.
128 bit AES ciphersuites should be classified as HIGH.
Update from stable branch.
Make OPENSSL_NO_COMP compile again.
Fix compilation without OPENSSL_NO_COMP :-)
Make OPENSSL_NO_COMP work under Win32.
Oops :-)
Initialize bignum constants using BN_bin2bn() instead of BN_hex2bn(). This saves a bit of space and avoids a compiler warning about string length.
New option SSL_OP_NO_COMP to disable compression. New ctrls to set maximum send fragment size. Allocate I/O buffers accordingly.
Avoid warning on Win32.
Add PVK support to dsa utility.
Include kerberos libraries (if used) when linking test apps: some need it.
Update from stable branch.
Add symbols for ASN1 print functions, update ordinal file.
Make DLL engines the default in 0.9.9 and VC++.
Update from stable branch.
Update docs.
Update from stable branch.
Extensive OID code enhancement and fixes.
Make CA.pl script use CA extensions when creating a root CA.
Typo
Include EVP_whirlpool() prototype in evp.h
Add error checking to avoid crashing when zlib cannot be loaded.
New functions to support opaque EVP_CIPHER_CTX handling.
Update ordinals and include changes from 0.9.8.
Oops...
Make ZLIB without ZLIB_SHARED compiled again.
Make mk1mf.pl and friends recognize Whirlpool.
Update from stable branch.
Update from 0.9.8-stable.
Avoid warnings on VC++ 2005.
Initial attempt at Whirlpool assembler support on VC++.
Don't include zlib header dir if it is not defined.
Add cpuid code to VC++ build.
In ASN1_parse() show tag value for ASN1 tags > 30.
Update from stable branch.
Typo.
Fix from stable branch.
Fixes for BOOL handling: produce errors for invalid string for mini-compiler, correctly encode FALSE for BOOL in ASN1_TYPE.
Ignore zero length constructed segments.
Recognize mingw in perlasm.
Update filenames in makefiles.
Update from 0.9.7-stable.
Avoid warnings about shadowed definitions.
Fix warnings about "sin" conflicting with sin(3) definition.
Add FAQ about AKID.
Minor clarification.
Fix warnings.
Fix from stable branch.
Tolerate a SEQUENCE in DN components.
Print out <INVALID> if an OID value is invalid.
Check EVP_DigestInit_ex() return value in EVP_BytesToKey().
Typo.
Stop compiler warnings.
Initial support for pluggable public key ASN1 support. Process most public key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move the spaghetti algorithm specific code to a single ASN1 module for each algorithm.
Transfer parameter handling and key comparison to algorithm methods.
DH EVP_PKEY_ASN1_METHOD, doesn't do much (yet?).
Gather printing routines into EVP_PKEY_ASN1_METHOD.
Move algorithm specific print code from crypto/asn1/t_pkey.c to separate *_prn.c files in each algorithm directory.
Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to initialize it. Initial support for application added public key ASN1.
Add information and pem strings. Update dependencies.
Fix bug in DSA, EC methods.
Typo.
Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD.
Initial support for generalized public key parameters.
New general public key utility 'pkey'.
New utility pkeyparam. Enhance and bugfix algorithm specific parameter functions to support it.
Typo.
Fix bug where freed OIDs could be accessed in EVP_cleanup() by defering freeing in OBJ_cleanup().
Add missing function declaration.
Add some GOST OIDs.
Fix typo.
Fix gost OIDs.
Initialize pval.
Don't free up key in priv_decode.
Add GOST parameter set OIDs.
More GOST OIDs
Update and add last (?) set of GOST OIDs.
Stop warning.
New function to retrieve ASN1 info on public key algorithms. New command line option to print out info.
Fix dynamic public key method lookup.
Add an explicit load_config() call so any added algorithms are visible.
Minor object name edit.
Typo.
Typos in a few OID names.
Rebuild mac table to avoid duplicates.
Last arg to EVP_PKEY_assign() should be void *.
New function to add dynamic alias.
Initial definitions and a few functions for EVP_PKEY_METHOD: an extension of the EVP routines to public key algorithms.
Updated to EVP_PKEY_METHOD code... still doesn't do much.
Initial functions for main EVP_PKEY_METHOD operations. No method implementations yet.
Include EVP_PKEY argument in EVP_PKEY_CTX_new(). This avoids the need for a separate EVP_PKEY parameter in the other operation initialization routines.
New utility 'pkeyutl' a general purpose version of 'rsautl'.
If <operatio>_init function is zero interpret as noop.
Initial functions for RSA EVP_PKEY_METHOD.
Implement encrypt/decrypt using RSA.
Update dependencies.
Reformat pkeyutl.c, add support for verify operation but nothing actually supports it (yet).
Fix typo. Add EVP_PKEY_CTX control function for later use by command line utilities.
Add RSA ctrl for padding mode, add ctrl support in pkeyutl.
Add checking to padding ctrl.
Support for digest signing and X931 in rsa_pkey_meth.
Bugfix X9.31 padding.
Constification.
Store digests as EVP_MD instead of a NID.
New utility function to reverse a buffer, either by copying or in-place.
Implementation of pkey_rsa_verify. Some constification.
Change operation values so they can be used as a mask.
Beginnings of PSS support.
Preliminary PSS support.
ctrls to set PSS salt length.
Initial keygen support.
Add support for setting keybits and public exponent value for pkey RSA keygen.
Add parameter generation option to genpkey.
Write parameters if -genparam option include.
Fix parameter error messages.
Initial DSA EVP_PKEY_METHOD. Fixup some error codes.
Support for DSA keygen, fix for genpkey.
Add file dso_beos.c missing from original commit.
Compare parameters when comparing public keys.
Extend DH ASN1 method to support public key encode/decode and parameter utilities.
PKCS#3 DH PKCS#8 ASN1 support.
Fix leak.
Extend DH ASN1 method, add DH EVP_PKEY_METHOD.
Typo.
Change the option setting command line switch to "-pkeyopt" to avoid confusion with algorithm parameters.
Add key derivation support.
Update dependencies.
Complete key derivation support.
Add functions to allow setting and adding external EVP_PKEY_METHOD.
Print out zero length string properly.
Update copyright notices on a few files where all original SSLeay code has been deleted.
If cipher list contains a match for an explicit ciphersuite only match that one suite.
Oops...
Revert to original...
Fix from 0.9.7-stable branch.
Use more flexible method of determining output length, by setting &outlen value of the passed output buffer is NULL.
Provisional support for EC pkey method, supporting ECDH and ECDSA.
Fix (most) WIN32 warnings and errors.
If we include winsock2.h then FD_SET wants an unsigned type for an fd.
Allow public key ASN1 methods to set PKCS#7 SignerInfo structures.
Add OID cross reference table.
Remove comment from SSLeay days about EVP_PKEY_METHOD.
Remove link between digests and signature algorithms.
Remove dss1 hack from S/MIME code.
Add 'flags' parameter to EVP_PKEY_asn1_meth_new() to set algorithm flags.
Correct copyright notice... this doesn't contain any SSLeay code.
Add prototypes and pkey accessor function for EVP_PKEY_CTX.
Fix usage message for pkeyutl.
Don't free up parameter. The public key ASN1 method can do that if it needs to.
New function to extract AlgorithmIdentifier for PKCS7_RECIP_INFO.
Code tidy.
Replace RSA specific PKCS7_RECIP_INFO set up with an public key algorithm ctrl.
Fix from stable branch.
Update EVP_PKEY_cmp() and X509_check_private() to return sensible values and handle unsupported key types.
Update from stable branch.
Update FAQ.
Update from stable branch.
Fix from stable branch.
Add support for default public key digest type ctrl.
Update S/MIME code to use default digest.
Update PKCS#7 enveloped data to new API.
Update PKCS#7 decrypt routines to use new API.
New functions to get key types without dereferncing EVP_PKEY.
Update 'req' command to use new keygen API.
Typo.
Stop warnings about deprecated -mcpu option.
In interactive mode only config OpenSSL once.
Typo.
Check for deprecated private key types before PKCS#8 types.
Extend PBE code to support non default PKCS#5 v2.0 PRFs.
Add feature to PKCS12_create() if the encryption NID corresponds to a supported encryption algorithm instead of a PBE NID then use that algorithm with PBES2.
Correctly handle missing DSA parameters.
Bugfix: the NONE string for PBE algorithms wasn't working.
Update old **EVIL** PEM_X509_INFO_read_bio() function to correctly assign private keys.
Change builting PBE to use static table. Add entries for HMAC and MD5, GOST.
Add PRF preference ctrl to ciphers.
Gather keygen options in req and only use them after all other options have been processed. This allows any ENGINE changing operations to be processed first (for example a config file).
HMAC OIDs from RFC4231.
Oops...
Extended PBES2 function supporting application supplied IV and PRF NID.
Tidy up of S/MIME code and add new functions which will make is easier to create S/MIME signed data with multiple signers.
PKCS#12 mac key length should equal digest length.
Don't try to print PBE information if it can't be decoded.
New option to pkcs12 utility to set alternative MAC digest algorithm.
Reformat smime.c utility.
Multiple signer support in smime application.
Remove old digest type hacks for non RSA keys.
More S/MIME tidy. Place some common attribute operations in utility functions.
make update
Typo.
Code tidy.
Add -resign and -md options to smime command to support resigning an existing structure and using alternative digest for signing.
Add ctrl to EVP_MD and EVP_PKEY_CTX to EVP_MD_CTX. These will be used for enhanced sign/verify operations.
Fix smime -pk7out.
Use size_t for new crypto size parameters.
Fix warnings.
New functions for enchanced digest sign/verify.
New function to dup EVP_PKEY_CTX. This will be needed to make new signing functions and EVP_MD_CTX_copy work properly.
Update EVP_MD_CTX_copy_ex() to use EVP_PKEY_CTX_dup().
Add prototypes, update Win32 ordinals.
Allow any supported cipher to be used with smime -encrypt.
Update pkeyutl to use size_t for pkey functions.
Fix warnings.
Flush p7bio when all data has been copied.
Install openssl.cnf to OPENSSLDIR in mk1mf.pl
New pkey functions for keygen callbacks and retrieving operation type.
Add engine table for EVP_PKEY_METHOD. Doesn't do much yet.
Add missing prototype. Extend engine utility to print public key algorithms.
Fix error code. make update
Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE implementations and functional reference counting when a context is allocated, free or copied.
Typo.
Extend default method string to include public key methods.
Automatically free up dynamically allocated public key methods when and ENGINE is destroyed.
Initial public key ASN1 method engine support. Not integrated yet.
Make update.
Complete EVP_PKEY_ASN1_METHOD ENGINE support.
Clarify comment and add #ifdef.
Add AES and GOST S/MIME capabilities if algorithms are supported.
Output MIME parameter micalg according to RFC3851 and RFC4490 instead of hard coding it to "sha1".
Fix EVP_PKEY_CTX_dup() to return correct value and handle NULL keys in the source.
Make return value from EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() consistent.
dsa_pub_cmp() doesn't need to check parameters because that is done in EVP_PKEY_cmp().
Add documentation for new smime options.
Docs for new utilities.
Initial docs for pkeyutl.
Typo.
Update docs with algorithm options.
Add some EVP_PKEY_METHOD docs.
Update docs.
New docs.
EVP_PKEY_verify() docs.
Add some examples.
EVP_PKEY_derive() docs.
Keygen docs.
New functions to enumerate digests and ciphers.
Update docs.
EVP_PKEY_CTX_ctrl() docs.
EVP_PKEY_get_default_digest() manual page.
Public key comparison and printing routine functions.
Set detached flag in PKCS7 structure earlier to avoid eating up memory.
New functions to add and free up application defined signature OIDs.
Allow digests to supply S/MIME micalg values from a ctrl.
make update
Update some usage messages.
Add docs for pkeyparam. Update some existing docs.
New docs for EVP_Digest{Sign,Verify}*() function. Update existing docs.
Typo.
Bugfix: don't look in internal table for signature if found in application supplied list.
In genpkey, also look for algorithm string name in any supplied ENGINE.
There is should be no need to rewind the input stream any more.
New non-blocking OCSP functionality.
Add -timeout option to ocsp utility.
Fix various error codes to match functions.
Update .cvsignore
Update .cvsignore again.
WIN32 fixes signed/unsigned issues and slightly socket semantics.
Store canonical encodings of Name structures. Update X509_NAME_cmp() to use them.
Use correct pointer types for various functions.
Avoid warnings.
Avoid WIN32 warning.
Avoid warning.
Cache some CRL related extensions.
Support for multiple CRLs with same issuer name in X509_STORE. Modify verify logic to try to use an unexpired CRL if possible.
Fix leak
Fix C++ style comments, change assert to OPENSSL_assert, stop warning with pedantic mode.
Kill more C++ comments.
Add an FAQ.
Additional detail.
Add verify callback functions to lookup a STACK of matching certs or CRLs based on subject name.
Fixes for new CRL/cert callbacks. Update CRL processing code to use new callbacks.
Update docs.
Support for AKID in CRLs and partial support for IDP. Overhaul of CRL handling to support this.
GOST public key algorithm ENGINE donated to the OpenSSL by Cryptocom.
Overhaul of by_dir code to handle dynamic loading of CRLs.
Tidy up CRL handling by checking for critical extensions when it is loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked entry to avoid the need to access the structure directly.
Do CRL method init after other operations.
Updated version of gost engine.
Compile in gost engine.
Make int_rsa_sign function match prototype.
Add missing prototype. Fix various warnings (C++ comments, ; outside function).
Updated file.
Update length if copying MSB set in asn1_string_canon().
Using correct lock for X509_REQ.
Buffer size handling fix for enc.
Submitted by: Brad Spencer <spencer at jacknife.org> Reviewed by: steve
Initialize new callbacks and make sure hent is always initialized.
Place standard CRL behaviour in default X509_CRL_METHOD new functions to create, free and set default CRL method.
Typo.
Initialize old_priv_encode, old_priv_decode.
Add documentetion for noCheck extension and add a few cross references to the extension documentation.
Add v3 ref to see also sections.
Typo.
Fix link for ASN1_generate_nconf
Typo.
Don't add the TS EKU by default in openssl.cnf because it then makes certificates genereated by ca, CA.pl etc useless for anything else.
Avoid shadow warning.
Make TSA tests use the noprompt mode of utilities rather than piping the result into interative utilities.
OCSP library tidy. Use extension to encode OCSP extensions instead of doing it manually. Make OCSP_CERTID_dup() a real function instead of a macro.
Don't assume requestorName is present for signed requests. ASN1 OCSP module fix: certs field is OPTIONAL.
Initial, incomplete support for typesafe macros without using function casts.
Remove redundant PREDECLARE statement.
Remove illegal IMPLEMENT macros from header file.
Update ordinals.
Update from 0.9.8 stable. Eliminate duplicate error codes.
Add .cvsignore
Win32 fixes from stable branch.
Update dependencies.
Import ordinals from 0.9.8 and update.
Fix default dependency flags.
Fix change to OPENSSL_NO_RFC3779
Sync OID NIDs with OpenSSL 0.9.8.
Update from 0.9.7-stable branch.
Experimental streaming PKCS#7 support.
Add bit I missed from PKCS#7 streaming encoder.
Add AOL an AOLTW root CAs to bundle.
Constify version strings and some structures.
Constify version strings is ssl lib.
Update from 0.9.7-stable.
Update from fips2 branch.
Add -hmac option to dgst from 0.9.7 stable branch.
PR: 1483
Updates from 0.9.8-stable branch.
Update from 0.9.7-stable.
Update FAQ,NEWS in HEAD.
Update from stable branch.
Fix from stable branch.
Win32 fixes. Add GOST algorithm to mkdef, update ordinals. Signed/unsigned fixes.
Stage 1 GOST ciphersuite support.
New -sigopt option for dgst utility.
Preliminary support for signctx/verifyctx callbacks.
Fix digest signing so digest type is set after init.
Fix from stable branch.
Don't ignore config_name parameter passed to OPENSSL_config(). Use "openssl_conf" in config file if config_name variable is missing.
Constification.
Experimental HMAC support via EVP_PKEY_METHOD.
Update CHANGES.
New -mac and -macopt options to dgst utility. Reimplement -hmac option in terms of new API.
Copy update callback across when copying EVP_MD_CTX.
Update smime utility to support streaming for -encrypt and -sign -nodetach options. Add new streaming i2d (though strictly speaking it is BER format when streaming) and PEM functions.
Update docs.
Update docs.
Oops...
d2i_PKCS7_bio_stream() docs.
Typo.
More docs for streaming functions.
PKCS7_sign_add_signer() docs.
Don't finalize signerinfo if reuse and partial both set.
Flush b64 BIO.
Add a bunch of S/MIME sample programs and data.
Sample text files for S/MIME test programs.
New function ASN1_STRING_copy() to copy to an already alloacted ASN1_STRING structure.
More useful ASN1 macros for static allocation functions.
Tidy up docs, remove warning.
Improve error detection when streaming S/MIME.
Document streaming options.
Change C++ style comments.
New function EVP_PKEY_asn1_copy(). Use default MD if type param is NULL.
Fix error code name.
PR: 1516
Use EVP_DigestVerify() in dgst.c if verifying.
Use default md if none specified in dgst utility.
Prepend signature name in dgst output.
Set len to buffer size.
Add .cvsignore to seed dir.
Initial GOST MAC support. Not fully working yet...
Updated GOST MAC support.
Fix warning and back out bad modification.
Fixes for dgst tool. Initialize md_name, sig_name properly. Return error code on failure. Keep output format consistent with previous versions.
Typo.
Revert broken change to ccgost.
Fix X509_REQ_print_ex() to process extension options.
Update ordinals.
Fix for GOST engine on platforms where sizeof(size_t) != sizeof(int).
Handle NULL parameter in some EVP utility functions.
Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.
Avoid use of function pointer casts in pem library. Modify safestack to always use inline functions.
Back out safestack.h change for now: seems to break some things.
Finish gcc 4.2 changes.
Remove unnecessary casts and avoid some warnings with gcc 4.2.
WIN32 fixes.
Make ordinals consistent with OpenSSL 0.9.8
Update .cvsignore
Update from stable branch.
WIN32 VC++ build fixes.
Update debug-steve
RFC4507 (including RFC4507bis) TLS stateless session resumption support for OpenSSL.
Remove debugging fprintfs, fix typo.
Fix warnings.
Typo.
Fix warning and make no-tlsext work.
OPENSSL_NO_TLS1 WIN32 build support. Fix so normal build works again.
Fix for asm/no-asm on WIN32.
Use SHA256 for ticket HMAC if possible.
Docs and usage messages for RFC4507bis support.
Add usage message for -sess_out, -sess_in
Document ticket disabling option.
Update from stable branch.
Add Google sponsorship note.
Add ctrls to set and get RFC4507bis keys to enable several contexts to reuse the same tickets.
Check return code when attempting to receive new session ticket message.
Update ssl code to support digests other than MD5+SHA1 in handshake.
Fix warnings: computed value not use, incompatible pointer initialization and cast from pointer to int of different size (linux-x86_64 and align).
Change safestack reimplementation to match 0.9.8.
Fix another warning.
Fix warning: print format option not compatible with size_t.
Handle empty case in X509_NAME canonical encoding.
Update from stable branch.
Update from stable branch.
Use accept flag for new session ticket write.
Support for certificate status TLS extension.
Typo.
Move no status notification to ssl_check_serverhello_tlsext() to ensure no status is notified even if no server extensions are present.
Off by one fix from stable branch.
Fix from fips branch.
Update CHANGES. Keep ordinals consistent.
Fix from stable branch.
Don't lookup zero length session ID. PR: 1591
Fix from stable branch.
1. Changes for s_client.c to make it return non-zero exit code in case of handshake failure
GOST ENGINE information.
Fix duplicate error codes.
Fix from stable branch.
Rebuild object cross reference table.
Submitted by: "Victor B. Wagner" <vitus at cryptocom.ru>
Update debug-steve targets.
Avoid warning.
Submitted by: "Victor B. Wagner" <vitus at cryptocom.ru>
Lookup public key ASN1 methods by string by iterating through all implementations instead of all added ENGINEs to cover case where an ENGINE is not added.
Add caRepository OID and sync object NIDs with OpenSSL 0.9.8.
Fix from stable branch.
Rebuild OID database: duplicates got in there somehow??
Submitted by: Victor B. Wagner <vitus at cryptocom.ru>, steve
Handle non-SHA1 digests for certids in OCSP test responder.
Initialize sigsize.
Update ordinals
Avoid aliasing warning.
Add quotes to Win32 install directories. Submitted by: Mladen Turk <mturk at apache.org>
Netware support. Submitted by: Guenter Knauf <eflash at gmx.net>
Move CHANGES entry. Revert include file install line.
Avoid WIN32 signed/unsigned warnings.
Update WIN32 nasm build to use new asm files.
Update netware to use new SHA2 assembly language modules.
Add sha2 defines.
Add extra SHA2 defines.
Include Mont asm files in WIN32 build.
Update perl asm scripts include paths for perlasm.
Experimental support for import of more options from Configure (via top level Makefile) into mk1mf builds. This avoids the need to duplicate the CFLAG handling and can auto build assembly language source files from perl scripts.
<strings.h> does not exist under WIN32.
Clarify BITLIST format and include an example.
Clarify FAQ.
Add Global Sign root CA.
Support custom primitive type printing routines and add one to LONG type.
Extend attribute setting routines to support non-string types.
Utility attribute function to retrieve attribute data from an expected type. Useful for many attributes which are single valued and can only have one type.
Typo.
Add OIDs for compressedData content type and zlib compression.
Use default value for $dir if it is empty.
Clarification and fix typo.
Fix typo and avoid warning.
Fix error code function name mismatches in GOST engine, rebuild errors.
Avoid warnings.
We already have an object for "zlib compression" but it was a place holder and its actual encoding never used.
#undef X509_EXTENSIONS to avoid conflict with CryptoAPI.
Update year.
And so it begins...
Free up additional data in RecipientInfo structure
.cvignore file for cms
RFC4134 S/MIME examples test script.
Only call free once in CHOICE type.
New utility functions for encryptedData content type which will also be used by envelopedData.
Encrypted Data type processing. Add options to cms utility and run section 7 tests in RFC4134.
Reorganise encrypted content info code to avoid duplication and be more consistent with other content types.
Typos.
Delete temp files.
Initial support for Encrypted Data type generation.
Return error if no cipher set for encrypted data type.
Check for cipher BIO errors and set key length after parameter decode.
Initial support for enveloped data decrypt. Extent runex.pl to cover these examples. All RFC4134 examples can not be processed.
Initial support for enveloped data decrypt. Extent runex.pl to cover these examples. All RFC4134 examples can now be processed.
Add support for random key generation: this will be needed by enveloped data.
Extend runex.pl to extract examples directly from RFC text.
Don't need to check for examples directory any more.
Remove deleted function from header file, update mkfiles.pl
Adapt to diffrent OpenSSL utility locations.
Fix some warnings.
Preliminary support for enveloped data content type creation.
Partial support for KEKRecipientInfo type.
More support for KEK RecipientInfo.
Various tidies/fixes:
Add extensive PCKS7 and CMS consistency test script.
Fixes for S/MIME consistency checker and flexibility enhancements.
Uninitialized variable bug fix.
Add enveloped data keyid test.
Delete tmp files, silence openssl commands, compare extracted content.
Delete standard out and err temp files too.
Make 3DES default cipher in cms utility.
Add support for KEKRecipientInfo in cms application.
Additional sanity check.
Produce meaningful error if sanity check fails.
Add support for KEK decrypt in cms utility.
Rebuild CMS error codes.
Allow alternate eContentType oids to be set in cms utility.
Preliminary documentation for CMS utility.
Update dependencies.
Fix duplicate asn1 ctrl values.
Add support for CMS structure printing in cms utility.
Add signed receipt ASN1 structures. Initial GENERAL_NAME utility functions.
Signed Receipt Request utility functions and option on CMS utility to print out receipt requests.
Add support for signed receipt request printout and generation.
Support for verification of signed receipts.
Signed receipt generation code.
Update docs.
Remove unnecessary header.
Update dependencies.
Use correct headers for signed receipts. Use consistent naming.
Fix macro.
Fix it properly this time....
Add signed receipt tests.
Avoid warnings.
Since OID NIDs with 0.9.8.
Update CHANGES.
Update CHANGES.
Rename runex.pl to cms-examples.pl
Make mk1mf.pl recognize no-cms.
Delete nonexistant function from pkcs7.h header file. WIN32 build fix from stable branch. Sync and update ordinals.
Give consistent return value and add error code for duplicate certificates.
Fix typo and add header files to err library.
Set contentType attribute just before signing to allow encapsulated content type to be set at any time in applications.
Implement CMS_NOCRL.
Initial CMS API documentation.
Correct d2i/i2d typos.
Fix various typos, update SMIMECapabilities description.
More CMS API documentation.
Add CMS_compress() docs.
Add CMS_uncompress manual page.
Update docs.
Correct references to smime in cms app.
Signed receipt request function documentation.
Spellcheck CMS docs.
Add CMS signed receipt genration and verification docs.
Ignore nonsensical flags for signed receipts.
Add additional parameter to CMS_final() to handle detached content.
Add docs for CMS_final() and BIO_new_CMS().
Typo.
Correct HISTORY reference.
Reformat, fix typos and clarify CMS API docs.
PKCS#7 examples converted to CMS.
Fix for compression and updated CMS_final().
CMS compressed data examples.
Make CMS_uncompress() argument order consistent with other functions.
Fix comments.
Revert argument swap change... oops CMS_uncompress() was consistent...
Fix prototype for CMS_decrypt(), don't free up detached content.
Correct argument order for CMS_decrypt() in docs.
Detached encrypt/decrypt example, fix decrypt sample.
Make certs argument work in CMS_sign() add test case. PR:1664
Disable debugging fprintf.
Don't send zero length session ID if stateless session resupmtion is successful. Check be seeing if there is a cache hit.
Update from stable branch.
Update from stable branch.
Oops!
Update from stable branch.
Update from stable branch.
Use "cont" consistently in cms-examples.pl
Typo.
Indicate support for digest init ctrl.
New function CMS_add1_crl().
Add missing cast.
Fix from stable branch.
Fix two invalid memory reads in RSA OAEP mode. Submitted by: Ivan Nestlerode <inestlerode at us.ibm.com> Reviewed by: steve
Fix from stable branch.
Update from stable branch.
Update ordinals.
Typo.
Typo.
C++ style comments fixed.
Avoid warning about empty structures and always define CHECKED_PTR_OF
Avoid "duplicate const" warnings.
Fix from stable branch.
Stop const mismatch warning in VC++.
Stop warning about extra ';' outside of function.
Stop const mismatch warning.
Recognize LHASH_OF().
Add CryptoAPI ENGINE from stable branch.
Add CryptoAPI error file too.
More CryptoAPI engine code from stable branch.
Update VC-32.pl and load CryptoAPI engine in the right place.
Update from stable branch.
Update from stable branch.
Add support for ENGINE supplied SSL client auth.
Update error codes, move typedef of SSL, SSL_CTX to ossl_typ.h
Add client cert engine to SSL routines.
Update error codes.
Allow ENGINE client cert callback to specify a set of other certs, for the rest of the certificate chain. Currently unused.
Release engine reference when calling SSL_CTX_free().
Get and note keyspec when signing.
Use keyspec for DSA too.
Add ctrl for alternative certificate store names.
Free old store name (if any).
Avoid cast with wrapper function.
Revert, doesn't fix warning :-(
Avoid case in ca.c fix.
Fix indentation.
#undef OCSP_RESPONSE: CryptoAPI uses this too.
Windows batch file to rebuild error codes for CryptoAPI ENGINE.
Update year.
Prevent signed/unsigned warning on VC++
Add preliminary SSL client auth callback to CryptoAPI ENGINE.
Add support for client cert engine setting in s_client app. Add appropriate #ifdefs round client cert functions in headers.
Match empty CA list to anything for ssl client auth in CryptoAPI engine.
Add initial support for multiple SSL client certifcate selection in CryptoAPI ENGINE.
Avoid name clash.
Remove store from Windows build.
Update ordinals.
Make DSO WIN32 compile again.
Tidy up and add comments to selection code.
Remove old non-safestack code.
Add support for Windoes dialog box based certificate selection.
Use an appropriate Window for selection dialog.
Compilation option to use a specific ssl client auth engine automatically.
Remove test fprintf.
Update from stable branch.
Link in extra CryptoAPI related libraries if needed.
Sync ordinals with stable branch.
Update from stable branch.
Update from stable branch.
Update CHANGES.
Update from stable branch.
Don't change _WIN32_WINNT and detect GetConsoleWindow() and CryptUIDlgSelectCertificateFromStore() at runtime. Add callback function for selection mechanism.
Remove uidlg library from VC-32.pl, it is now bound at runtime.
Fix memory leak. The canonical X509_NAME_ENTRY STACK is reallocated rather than referencing existing X509_NAME_ENTRY structures so needs to be completely freed.
Sync ordinals.
Add acknowledgement.
Update from stable branch.
Update from stable branch.
Update from stable branch.
Fix from stable branch.
Update ordinals.
Update from stable branch.
Update from stable branch.
Avoid warnings with -pedantic, specifically:
X509 verification fixes.
We support inhibit any policy extension, add to table.
Zero is a valid value for any_skip and map_skip
Policy validation fixes.
Initial support for alternative CRL issuing certificates.
Make explicit_policy handling match expected RFC3280 behaviour.
Add support for nameRelativeToCRLIssuer field in distribution point name fields.
Correctly handle errors in CMS I/O code.
Initial support for name constraints certificate extension.
Support for policy mappings extension.
Initial code to support distinct certificate and CRL signing keys where the CRL issuer is not part of the main path.
Initial support for CRL path validation. This supports distinct certificate and CRL signing keys.
Support for certificateIssuer CRL entry extension.
Initial indirect CRL support.
Add support for freshest CRL extension.
Add support for CRLs partitioned by reason code.
Initial support for delta CRLs. If "use deltas" flag is set attempt to find a delta CRL in addition to a full CRL. Check and search delta in addition to the base.
Perl script to run and verify OpenSSL against PKITS RFC3280 compliance test suite.
Make no-tlsext compile.
Do not discard cached handshake records during resumed sessions: they are used for mac computation.
Fix from stable branch.
Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new strength "FIPS" to represent all FIPS approved ciphersuites without NULL encryption.
Update FAQ.
Add missing CHANGES entry.
Experimental new date handling routines. These fix issues with X509_time_adj() and should avoid any OS date limitations such as the year 2038 bug.
Add missing lock definitions.
Add missing lock definitions...
Ooops... remove code accidentally commited from FIPS version.
Fix multiple ; warning.
Fix Warning...
Fix a shed load or warnings:
Reinstate obj_xref.h as it is not auto generated on all platforms.
Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros with the appropriate parameters which calls OBJ_bsearch(). A compiler will typically inline this.
Add permanentIdentifier OID.
Add support for -crlnumber option in crl utility.
Fix warnings and various issues.
Win32 fixes... add new directory to build system. Fix warnings.
Add install target to crypto/jpake/Makefile
Fix warnings about mismatched prototypes, undefined size_t and value computed not used.
Fix warnings: printf format mismatches on 64 bit platforms. Change assert to OPENSSL_assert(). Fix e_padlock prototype.
Update HMAC functions to return an error where relevant.
Fix prototypes.
Use stddef.h to pick up size_t def.
Fix prototypes.
Not sure about this one... seems to be needed to make 64 bit release builds work properly...
Don't use clobbered 'i' for checking UTCTime and GeneralizedTime length.
Update obsolete email address...
PR: 1777 Submitted by: "Alon Bar-Lev" <alon.barlev at gmail.com> Approved by: steve at openssl.org
Make -DKSSL_DEBUG work again.
Update from stable branch.
Update from stable branch.
Tolerate -----BEGIN PKCS #7 SIGNED DATA----- header lines as used by some implementations.
Reinstate camellia header fix patch.
Update from stable branch.
Revert another size_t change.
mk1mf.pl update from stable branch.
Oops...
PR: 1574 Submitted by: Jouni Malinen <j at w1.fi> Approved by: steve at openssl.org
Don't disable JPAKE by default in head...
Set memory BIOs up properly when stripping text headers from S/MIME messages.
Update from stable-branch.
Stop warning about different const qualifiers.
Update libeay.num
Update from stable branch.
Don't stop -cipher from working.
Handle case where v6stat.zero_pos == 0 correctly.
Oops should check zero_pos >= 0.
Fix from stable branch.
Make no-engine work again.
Update steve-debug* options.
Add standard .cvsignore file.
Update FAQ.
Updatde from stable branch.
Add a set of standard gcc warning options which are designed to be the minimum requirement for committed code. Added to debug-steve* config targets for now.
Fix sign-compare warnings.
Fix missing prototype warnings then fix different prototype warnings ;-)
Fix warnings properly this time ;-)
Add CRYPTO_MDEBUG_ABORT to abort() is there are any memory leaks. This will cause "make test" failures and make resource leaks more obvious.
Make PKCS#8 the standard write format for private keys, replacing the ancient SSLeay format.
Update certificate hash line format to handle canonical format and avoid MD5 dependency.
Typo: just copy across an unknown type.
Update from stable branch.
Print out UTF8 and NumericString types in ASN1 parsing utility.
Just to be awkward Ubuntu 8.10 doesn't like _XOPEN_SOURCE_EXTENDED...
Submitted by: Peter Sylvester <Peter.Sylvester at edelweb.fr> Reviewed by: steve
Add error checking to obj_xref.pl and add command line support for data file locations.
Avoid leaks in pkcs8 app, tidy code up.
Return correct exit code.
PR: 1835 Submitted by: Damien Miller <djm at mindrot.org> Approved by: steve at openssl.org
Make no-engine work again.
Stop warning about use of *printf() without a format.
PR: 1843 Use correct array size for SHA1 hash.
Submitted by: "Victor B. Wagner" <vitus at cryptocom.ru> Reviewed by: steve at openssl.org
PR: 1778
Submitted by: "Victor B. Wagner" <vitus at cryptocom.ru> Approved by: steve
Update from stable branch.
Typo.
Update from stable branch.
Update from stable branch.
Update from stable branch.
PR: 1854 Submitted by: Oliver Martin <oliver at volatilevoid.net> Reviewed by: steve at openssl.org
Update from stable branch.
PR: 1862
Submitted by: Victor Duchovni <Victor.Duchovni at morganstanley.com> Reviewed by: steve at openssl.org
Update from stable branch.
PR: 1864 Submitted by: Ger Hobbelt <ger at hobbelt.com> Reviewed by: steve at openssl.org
Update from stable branch.
Fix from stable branch.
Use correct ctx name.
Use OPENSSL_assert() instead of assert.
Submitted by: "Victor B. Wagner" <vitus at cryptocom.ru> Reviewed by: steve at openssl.org
Submitted by: Victor B. Wagner <vitus at cryptocom.ru> Reviewed by: steve at openssl.org
Typo in usage message.
Update from stable branch.
Update from stable branch.
Update from stable branch.
Update FAQ.
Update CHANGES.
Update from stable branch.
Fix typo in CHANGES.
Update NEWS file.
Nothing to see here... move along....
Allow use of algorithm and cipher names for dgsts and enc utilities instead of having to manually include each one.
Update STATUS and NEWS.
HEAD is now 1.1.0 The 1.0.0 branch is now OpenSSL_1_0_0-stable
Stop warnings.
Update from 0.9.8-stable
Ooops reverse previous patch.
Fix from 1.0.0-stable
Update from 1.0.0-stable
Update from 1.0.0-stable.
Merge from 1.0.0-stable branch.
Update version info.
Updates from 1.0.0-stable
Updates from 1.0.0-stable
Update from 1.0.0-stable
Update from 0.9.8-stable.
Changes from 1.0.0-stable.
Update from 1.0.0-stable
Updates from 1.0.0-stable.
Updates from 1.0.0-stable branch.
Merge from 1.0.0-stable branch.
Update from 1.0.0-stable.
Update from 1.0.0-stable.
Typo.
Updates from 1.0.0 stable branch.
Fix from 1.0.0-stable.
Update from 1.0.0-stable branch.
Typo.
Typo.
Update from stable branch.
Update from 1.0.0-stable.
Update from stable branch.
Update from 1.0.0-stable.
Update from 1.0.0-stable.
PR: 1929 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Approved by: steve at openssl.org
Update from 1.0.0 stable branch.
Update from 1.0.0-stable.
Update from 1.0.0-stable
Fix from 1.0.0-stable.
Update from 1.0.0-stable.
Update from 1.0.0-stable.
Update from 1.0.0-stable.
Add CHANGES entries from 0.9.8-stable.
Update from 1.0.0-stable.
Sync ordinals from 1.0.0-stable
Update from 1.0.0-stable
Update from 0.9.8-stable.
Add ignored FIPS options to evp.h change clashing flag value.
Update from 1.0.0-stable.
Update from 1.0.0-stable.
Oops, update CHANGES entry.
PR: 1945 Submitted by: Guenter <lists at gknw.net> Approved by: steve at openssl.org
PR: 1938 Submitted by: Mark Phalan <Mark.Phalan at Sun.COM> Reviewed by: steve at openssl.org
PR: 1946 Submitted by: Guenter <lists at gknw.net> Reviewed by: steve at openssl.org
Update from 1.0.0-stable.
Updates from 1.0.0-stable
PR: 1952 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve at openssl.org
Update from 1.0.0-stable.
Fix error codes.
Update from 0.9.8-stable.
Submitted by: Artem Chuprina <ran at cryptocom.ru> Reviewed by: steve at openssl.org
PR: 1946 Submitted by: Guenter <lists at gknw.net> Approved by: steve at openssl.org
Submitted by: Peter Gutmann <pgut001 at cs.auckland.ac.nz> Approved by: steve at openssl.org
PR: 1956 Submitted by: Guenter <lists at gknw.net> Approved by: steve at openssl.org
PR: 1958 Submitted by: Sean Boudreau <seanb at qnx.com> Approved by: steve at openssl.org
Update from 1.0.0-stable.
Rename asc2uni and uni2asc functions to avoid clashes.
Add beos as a supported DSO scheme.
Initialize outlen.
Update FAQ with note about online docs.
Update from 1.0.0-stable
Stop warnings in gcc where "a" is const passed as a non-const argument.
Update from 1.0.0-stable.
Update from 0.9.8-stable.
Fix from 0.9.8-stable.
Update from 0.9.8-stable.
Allow setting of verify depth in verify parameters (as opposed to the depth implemented using the verify callback).
Update from 1.0.0-stable
Update from 1.0.0-stable.
Update from 1.0.0-stable.
Updates from 1.0.0-stable
Use common verify parameters instead of the small ad-hoc subset in s_client, s_server.
Typo.
Update from 0.9.8-stable
Update from 1.0.0-stable
Update from 1.0.0-stable
Update from 1.0.0-stable
Update from 1.0.0-stable
Update from 1.0.0-stable
Update from 1.0.0-stable.
Upadte from 1.0.0-stable
PR: 1981 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Approved by: steve at openssl.org
Fix warnings.
Delete MD2 from algorithm tables as in 0.9.8-stable. However since this is a new branch we can also disable it by default.
Make update.
Update from 1.0.0-stable.
PR: 1624 Submitted by: "Simon L. Nielsen" <simon at FreeBSD.org> Obtained from: steve at openssl.org
Update from 0.9.8-stable
Use new time routines to avoid possible overflow.
Update from 1.0.0-stable.
Document MD2 deprecation.
Updates from 1.0.0-stable.
Updates from 1.0.0-stable
Update from 1.0.0-stable.
Updates from 1.0.0-stable
Use correct extension and OSX detection.
Update from 0.9.8-stable
Update from 0.9.8-stable
Update from 0.9.8-stable.
Fix from 0.9.8-stable
PR: 1993
Document removal of digest+signature algorithm link.
PR: 1990
New debug targets from 1.0.0-stable
Fix typos.
Remove MD2 test from WIN32 as we don't compile it in by default any more.
Update from 0.9.8-stable.
Update from 1.0.0-stable
Update from 1.0.0-stable.
PR: 2001 Submitted by: Tomas Mraz <tmraz at redhat.com> Approved by: steve at openssl.org
Update from 1.0.0-stable.
Oops!
PR: 2002 Submitted by: Tomas Mraz <tmraz at redhat.com> Obtained from: steve at openssl.org
Reject leading 0x80 in OID subidentifiers.
Fix error code.
Add COMP error strings.
PR: 2003 Make it possible to install OpenSSL in directories with name other than "lib" for example "lib64". Based on patch from Jeremy Utley.
PR: 2004 Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr> Approved by: steve at openssl.org
PR: 1999 Submitted by: "Bayram Kurumahmut" <kbayram at ubicom.com> Approved by: steve at openssl.org
Typo
PR: 1997 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Approved by: steve at openssl.org
Update README with bug report and contribution details.
Enable mdc2 support by default as the patent has now expired.
Update default dependency flags. Make error name discrepancies a fatal error. Fix error codes. make update
Use SHA1 and not deprecated MD5 in demos.
Stop unused variable warning on WIN32 et al.
PR: 2015 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Approved by: steve at openssl.org
PR: 2006 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Approved by: steve at openssl.org
PR: 2005 Submitted by: steve at openssl.org
Missing break.
Tidy up and fix verify callbacks to avoid structure dereference, use of obsolete functions and enhance to handle new conditions such as policy printing.
PR: 2022 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Approved by: steve at openssl.org
PR: 2009 Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov at opera.com> Approved by: steve at openssl.org
PR: 2013 Submitted by: steve at openssl.org
PR: 2029 Submitted by: Tomas Mraz <tmraz at redhat.com> Checked by: steve at openssl.org
PR: 2020 Submitted by: Keith Beckman <kbeckman at mcg.edu>, Tomas Mraz <tmraz at redhat.com> Checked by: steve at openssl.org
Oops, s can be NULL
Correction: salt is now default
PR: 2028 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Approved by: steve at openssl.org
PR: 1644 Submitted by: steve at openssl.org
Make update, deleting bogus DTLS error code
Typo presumably....
PR: 2031 Submitted by: steve at openssl.org
Seed PRNG with DSA and ECDSA digests for additional protection against possible PRNG state duplication.
Add new option --strict-warnings to Configure script. This is used to add in devteam warnings into other configurations.
PR: 2033 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Approved by: steve at openssl.org
PR: 2038 Submitted by: Artem Chuprina <ran at cryptocom.ru> Approved by: steve at openssl.org
PR: 1411 Submitted by: steve at openssl.org
PR: 2025 Submitted by: Tomas Mraz <tmraz at redhat.com> Approved by: steve at openssl.org
PR: 2023 Submitted by: James Beckett <jmb.openssl at nospam.hackery.net>, steve Approved by: steve at openssl.org
Submitted by: Julia Lawall <julia at diku.dk>
PR: 2039 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Approved by: steve at openssl.org
PR: 2048 Submitted by: john blair <mailtome200420032002 at yahoo.com> Approved by: steve at openssl.org
add version info for VC-WIN64I too
Don't use __try+__except unless on VC++
Ooops, missing close quote
PR: 2047 Submitted by: David Lee <live4thee at gmail.com>, steve at openssl.org Approved by: steve at openssl.org
PR: 2050 Submitted by: Michael Tuexen <tuexen at fh-muenster.de> Approved by: steve at openssl.org
Add attribute to check if return value of certain functions is incorrectly ignored.
Add DEBUG_UNUSED to debug-steve* entries
Add more return value checking attributes to evp.h and hmac.h
Audit libcrypto for unchecked return values: fix all cases enountered
Fixup sureware ENGINE to handle new RAND_METHOD
Free SSL_CTX after BIO
PR: 2064, 728 Submitted by: steve at openssl.org
Change version from 0.9.9 to 1.0.0 in docs
PR: 2058 Submitted by: Julia Lawall <julia at diku.dk> Approved by: steve at openssl.org
PR: 2057 Submitted by: Julia Lawall <julia at diku.dk> Approved by: steve at openssl.org
PR: 2063 Submitted by: Julia Lawall <julia at diku.dk> Approved by: steve at openssl.org
PR: 2054 Submitted by: Julia Lawall <julia at diku.dk> Approved by: steve at openssl.org
PR: 2055 Submitted by: Julia Lawall <julia at diku.dk> Approved by: steve at openssl.org
PR: 2056 Submitted by: Julia Lawall <julia at diku.dk> Approved by: steve at openssl.org
PR: 2059 Submitted by: Julia Lawall <julia at diku.dk> Approved by: steve at openssl.org
PR: 2062 Submitted by: Julia Lawall <julia at diku.dk> Approved by: steve at openssl.org
PR: 2061 Submitted by: Julia Lawall <julia at diku.dk> Approved by: steve at openssl.org
Yes it is a typo ;-)
Typo.
Prevent aliasing warning
Prevent ignored return value warning
Fix warnings about ignoring fgets return value
Fix unitialized warnings
Allow cross compilation prefix to come from CROSS_COMPILE environment variable
Allow uname values to be overridden by the environment
Rename CROSS_COMPILE_PREFIX to CROSS_COMPILE
PR: 2066 Submitted by: Guenter <lists at gknw.net> Approved by: steve at openssl.org
Revert extra changes from previous commit.
PR: 1847 Submitted by: Tomas Mraz <tmraz at redhat.com> Approved by: steve at openssl.org
PR: 2069 Submitted by: Michael Tuexen <tuexen at fh-muenster.de> Approved by: steve at openssl.org
Update ordinals.
Fix for WIN32 and possibly other platforms which don't define in_port_t.
Fixes to CROSS_COMPILE, don't override command line option from environment
PR: 2073 Submitted by: Tomas Mraz <tmraz at redhat.com> Approved by: steve at openssl.org
PR: 2072 Submitted by: Tomas Mraz <tmraz at redhat.com> Approved by: steve at openssl.org
PR: 2074 Submitted by: Bram Neijt <bneijt at gmail.com> Approved by: steve at openssl.org
Manual page for X509_verify_cert()
Typo.
More X509 verification docs.
Add docs for X509_STORE_CTX_new() and related functions.
Preliminary documentation for X509_VERIFY_PARAM.
Clarification.
Add "missing" function X509_STORE_set_verify_cb().
Verification callback functions.
Document more error codes.
take install prefix from the environment
Use new X509_STORE_set_verify_cb function instead of old macro.
make update
PR: 2070 Submitted by: Alexander Nikitovskiy <Nikitovski at ya.ru> Approved by: steve at openssl.org
Need to check <= 0 here.
If not checking all certificates don't attempt to find a CRL for the leaf certificate of a CRL path.
Add an FAQ.
Clarification
PR: 2078 Submitted by: Dale Anderson <dra at redevised.net> Approved by: steve at openssl.org
PR: 2080 Submitted by: Mike Frysinger <vapier at gentoo.org> Approved by: steve at openssl.org
PR: 2081 Submitted by: Mike Frysinger <vapier at gentoo.org> Approved by: steve at openssl.org
Don't replace whole AR line
Add -no_cache option to s_server
PR: 2085 Submitted by: Mike Frysinger <vapier at gentoo.org> Approved by: steve at openssl.org
oops!
Don't attempt session resumption if no ticket is present and session ID length is zero.
Fix statless session resumption so it can coexist with SNI
Move CHANGES entry to 0.9.8l section
Generate stateless session ID just after the ticket is received instead of when a session is loaded. This will mean that applications that just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION() will still work.
Add option to allow in-band CRL loading in verify utility. Add function load_crls and tidy up load_certs. Remove useless purpose variable from verify utility: now done with args_verify.
Add missing functions to allow access to newer X509_STORE_CTX status information. Add more informative message to verify callback to indicate when CRL path validation is taking place.
PR: 2089 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Approved by: steve at openssl.org
Ooops, revert committed conflict.
If it is a new session don't send the old TLS ticket: send a zero length ticket to request a new session.
Remove BF_PTR2 from configuration: it doesn't improve performance any more and causes gcc warnings about arrays out of range
make udpate
update CHANGES
First cut of renegotiation extension. (port to HEAD)
PR: 2090 Submitted by: Martin Kaiser <lists at kaiser.cx>, Stephen Henson Approved by: steve at openssl.org
PR: 2091 Submitted by: Martin Kaiser <lists at kaiser.cx>, Stephen Henson Approved by: steve at openssl.org
PR: 1686 Submitted by: Hanno Böck <hanno at hboeck.de> Approved by: steve at openssl.org
commit missing apps code for reneg fix
add missing parts of reneg port, fix apps patch
PR: 2098 Submitted by: Corinna Vinschen <vinschen at redhat.com> Approved by: steve at openssl.org
set engine to NULL after releasing it
PR: 2088 Submitted by: Aleksey Samsonov <s4ms0n0v at gmail.com> Approved by: steve at openssl.org
PR: 2101 Submitted by: Doug Kaufman <dkaufman at rahul.net> Approved by: steve at openssl.org
PR: 2101 (additional) Submitted by: Roumen Petrov <openssl at roumenpetrov.info> Approved by: steve at openssl.org
PR: 2103 Submitted by: Rob Austein <sra at hactrn.net> Approved by: steve at openssl.org
Include a more meaningful error message when rejecting legacy renegotiation
Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation
Servers can't end up talking SSLv2 with legacy renegotiation disabled
Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat and is a pre-requisite to adding password based CMS support.
Add PBKFD2 prototype.
Add OID for PWRI KEK algorithm.
Experimental CMS password based recipient Info support.
typo
PR: 2118 Submitted by: Mounir IDRASSI <mounir.idrassi at idrix.net> Approved by: steve at openssl.org
PR: 1432 Submitted by: "Andrzej Chmielowiec" <achmielowiec at enigma.com.pl>, steve at openssl.org Approved by: steve at openssl.org
PR: 2115 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Approved by: steve at openssl.org
check DSA_sign() return value properly
Ooops...
PR: 2120 Submitted by: steve at openssl.org
Check it actually compiles this time ;-)
Replace the broken SPKAC certification with the correct version.
Update CHANGES.
PR: 2111 Submitted by: Martin Olsson <molsson at opera.com>
Initial experimental TLSv1.1 support
PR: 2121 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
Add support for magic cipher suite value (MCSV). Make secure renegotiation work in SSLv3: initial handshake has no extensions but includes MCSV, if server indicates RI support then renegotiation handshakes include RI.
Add ctrl and macro so we can determine if peer support secure renegotiation.
Send no_renegotiation alert as required by spec.
Add ctrls to clear options and mode.
PR: 2124 Submitted by: Jan Pechanec <Jan.Pechanec at Sun.COM>
Revert lhash patch for PR#2124
Add patch to crypto/evp which didn't apply from PR#2124
Check s3 is not NULL
remove DEBUG_UNUSED from config for now
Document option clearning functions.
clarify docs
Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL and move SSL_OP_NO_TLSv1_1
Allow initial connection (but no renegoriation) to servers which don't support RI.
New option to enable/disable connection to unpatched servers
PR: 2127 Submitted by: Tomas Mraz <tmraz at redhat.com>
Alert to use is now defined in spec: update code
Traditional Yuletide commit ;-)
Update RI to match latest spec.
Typo
Add simple external session cache to s_server. This serialises sessions just like a "real" server making it easier to trace any problems.
return v1.1 methods for client/server
Include CHANGES entry for external cache
Compression handling on session resume was badly broken: it always used compression algorithms in client hello (a legacy from when the compression algorithm wasn't serialized with SSL_SESSION).
Client side compression algorithm sanity checks: ensure old compression algorithm matches current and give error if compression is disabled and server requests it (shouldn't happen unless server is broken).
Remove tabs on blank lines: they produce warnings in pod2man
PR: 2132 Submitted by: steve
Typo
PR: 2102 Submitted by: John Fitzgibbon <john_fitzgibbon at yahoo.com>
ENGINE_load_capi() now exists on all platforms (but no op on non-WIN32)
compress_meth should be unsigned
Missing commit from change ofr compress_meth to unsigned
Updates to conform with draft-ietf-tls-renegotiation-03.txt:
Simplify RI+SCSV logic:
PR: 2136 Submitted by: Willy Weisz <weisz at vcpc.univie.ac.at>
update and sync ordinals
Modify compression code so it avoids using ex_data free functions. This stops applications that call CRYPTO_free_all_ex_data() prematurely leaking memory.
Fix version handling so it can cope with a major version >3.
PR: 2125 Submitted by: "Alon Bar-Lev" <alon.barlev at gmail.com>
make update
convert to Unix EOL form
PR: 2133 Submitted by: steve at openssl.org
PR: 2144 Submitted by: steve at openssl.org
PR: 2135 Submitted by: Mike Frysinger <vapier at gentoo.org>
PR: 2144 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
PR: 2141 Submitted by: "NARUSE, Yui" <naruse at airemix.jp>
The use of NIDs in the password based encryption table can result in algorithms not found when an application uses PKCS#12 and only calls SSL_library_init() instead of OpenSSL_add_all_algorithms(). Simple work around is to add the missing algorithm (40 bit RC2) in SSL_library_init().
Support -L options in VC++ link.
Update demo
update NEWS file
oops
fix comments
typo
If legacy renegotiation is not permitted then send a fatal alert if a patched server attempts to renegotiate with an unpatched client.
Tolerate PKCS#8 DSA format with negative private key.
The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should both address the original bug and retain compatibility with the old behaviour.
PR: 2153, 2125 Submitted by: steve at openssl.org
PR: 2149 Submitted by: Douglas Stebila <douglas at stebila.ca>
Typo
export OPENSSL_isservice and make update
OPENSSL_isservice is now defined on all platforms not just WIN32
Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and later.
PR: 2138 Submitted by: Kevin Regan <k.regan at f5.com>
PR: 1949 Submitted by: steve at openssl.org
PR: 2157 Submitted by: "Green, Paul" <Paul.Green at stratus.com>
typo
Some shells print out the directory name if CDPATH is set breaking the pod2man test. Use ./util instead to avoid this.
update documentation to reflect new renegotiation options
revert wrongly committed test code
reword RI description
revert previous change
oops revert test code accidentally committed
In engine_table_select() don't clear out entire error queue: just clear out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise errors from other sources (e.g. SSL library) can be wiped.
Experimental renegotiation support in s_server test -www server.
typo
PR: 2159 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
PR: 2160 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
PR: 2161 Submitted by: Doug Goldstein <cardoe at gentoo.org>, Steve.
tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
don't assume 0x is at start of string
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy an EVP_CIPHER_CTX structure which may have problems with external ENGINEs who need to duplicate internal handles etc.
oops, use new value for new flag
make update
Initial experimental CMAC implementation.
Make CMAC API similar to HMAC API. Add methods for CMAC.
Make update.
add cvsignore
Use supplied ENGINE when initialising CMAC. Restore pctx setting.
update year
Fix memory leak in ENGINE autoconfig code. Improve error logging.
PR: 2170 Submitted by: Magnus Lilja <lilja.magnus at gmail.com>
update references to new RI RFC
PR: 2164 Submitted by: "Noszticzius, Istvan" <inoszticzius at rightnow.com>
add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable
Correct ECB mode EVP_CIPHER definition: IV length is 0
The "block length" for CFB mode was incorrectly coded as 1 all the time. It should be the number of feedback bits expressed in bytes. For CFB1 mode set this to 1 by rounding up to the nearest multiple of 8.
PR: 2171 Submitted by: Tomas Mraz <tmraz at redhat.com>
Submitted by: Dmitry Ivanov <vonami at gmail.com>
PR: 2100 Submitted by: James Baker <jbaker at tableausoftware.com> et al.
Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as initial connection to unpatched servers. There are no additional security concerns in doing this as clients don't see renegotiation during an attack anyway.
OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved
clarify documentation
The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in the verify application documentation.
prevent warning
add anyExtendedKeyUsage OID
Include self-signed flag in certificates by checking SKID/AKID as well as issuer and subject names. Although this is an incompatible change it should have little impact in pratice because self-issued certificates that are not self-signed are rarely encountered.
verify parameter enumeration functions
allow setting of verify names in command line utilities and print out verify names in verify utility
Experimental support for partial chain verification: if an intermediate certificate is explicitly trusted (using -addtrust option to x509 utility for example) the verification is sucessful even if the chain is not complete.
tidy verify code. xn not used any more and check for self signed more efficiently
add -trusted_first option and verify flag
update FAQ
update NEWS
oops, use correct date
Revert CFB block length change. Despite what SP800-38a says the input to CFB mode does *not* have to be a multiple of the block length and several other specifications (e.g. PKCS#11) do not require this.
include TVS 1.1 version string
Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and 1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos ciphersuite bugs introduced with PR:1336."
oops, revert verify.c change
algorithms field has changed in 1.0.0 and later: update
update cryptodev to match 1.0.0 stable branch version
load cryptodev if HAVE_CRYPTODEV is set too
make USE_CRYPTODEV_DIGESTS work
'typo'
oops, reinstate correct prototype
use supplied ENGINE in genrsa
PR: 2178 Submitted by: "Kennedy, Brendan" <brendan.kennedy at intel.com>
don't mix definitions and code
Submitted by: Tomas Hoger <thoger at redhat.com>
PR: 2183
option to replace extensions with new ones: mainly for creating cross-certificates
Add -engine_impl option to dgst which will use an implementation of an algorithm from the supplied engine instead of just the default one.
Fix memory leak: free up ENGINE functional reference if digest is not found in an ENGINE.
Add algorithm specific signature printing. An individual ASN1 method can now print out signatures instead of the standard hex dump.
fix indent, newline
Add PSS algorithm printing. This is an initial step towards full PSS support.
don't add digest alias if signature algorithm is undefined
update ASN1 sign/verify to use EVP_DigestSign and EVP_DigestVerify
add MGF1 digest ctrl
add separate PSS decode function, rename PSS parameters to RSA_PSS_PARAMS
typo
oops, make EVP ctr mode work again
although AES is a variable length cipher, AES EVP methods have a fixed key length
The OID sanity check was incorrect. It should only disallow *leading* 0x80 values.
oops
print outermost signature algorithm parameters too
correct error code
RSA PSS verification support including certificates and certificate requests. Add new ASN1 signature initialisation function to handle this case.
reserve a few more bits for future cipher modes
PR: 2186 Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch at tecsys.com>
PR: 2188 Submitted By: Jaroslav Imrich <jaroslav.imrich at disig.sk>
don't leave bogus errors in the queue
New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier) from a digest algorithm.
update cms code to use X509_ALGOR_set_md instead of internal function
Algorithm specific ASN1 signing functions.
Extend PSS padding code to support different digests for MGF1 and message.
Add support for new PSS functions in RSA EVP_PKEY_METHOD
ctrl operations to retrieve RSA algorithm settings
typo
RSA PSS ASN1 signing method
typo
alg2 can be NULL
Submitted by: Martin Kaiser
missing goto meant signature was never printed out
PR: 2192 Submitted By: Jaroslav Imrich <jaroslav.imrich at disig.sk>
new sigopt and PSS support for req and x509 utilities
add X509_CRL_sign_ctx function
add -sigopt option to ca utility
update CHANGES
clear bogus errors in ca utility
free up sigopts STACK
print signature parameters with CRLs too
workaround for missing definition in some headers
PR: 1731 and maybe 2197
initialise buf if wrong_info not used
update FAQ
PR: 1813 Submitted by: Torsten Hilbrich <torsten.hilbrich at secunet.com>
PR: 1904 Submitted by: David Woodhouse <dwmw2 at infradead.org>
sync ordinals with 1.0.0
PR: 1763
PR: 1696
update HEAD FAQ
update FAQ
update FAQ
fix FAQ
update FAQ
fix FAQ (again)
PR: 2220
PR: 2223 Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
PR: 2219 Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
PR: 2218 Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
PR: 2209 Submitted Daniel Mentz <danielml at sent.com>
Remove obsolete PRNG note. Add comment about use of SHA256 et al.
Add SHA2 algorithms to SSL_library_init(). Although these aren't used directly by SSL/TLS SHA2 certificates are becoming more common and applications that only call SSL_library_init() and not OpenSSL_add_all_alrgorithms() will fail when verifying certificates.
make GOST MAC work again
PR: 2228 Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
PR: 2229 Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
PR: 2230 Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
check ASN1 type before using it
fix bug in ccgost CFB mode code
fix signed/unsigned comparison warnings
update FAQ
PR: 2235 Submitted By: Bruce Stephens <bruce.stephens at isode.com>
PR: 2234 Submitted By: Matthias Andree <matthias.andree at gmx.de>
oops, commit Configure part of PR#2234
oops revert patch not part of Configure diff
new function to diff tm structures
PR: 2241 Submitted By: Artemy Lebedev <vagran.ast at gmail.com>
experimental function to convert ASN1_TIME to tm, not used or even compiled in yet
PR: 2250 Submitted By: Ger Hobbelt <ger at hobbelt.com>
PR: 2244 Submitted By: "PMHager" <hager at dortmund.net>
PR: 2230 Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
PR: 2252 Submitted By: Ger Hobbelt <ger at hobbelt.com>
PR: 2255 Submitted By: Ger Hobbelt <ger at hobbelt.com>
PR: 2253 Submitted By: Ger Hobbelt <ger at hobbelt.com>
oops, revert test patch
PR: 2259 Submitted By: Artem Chuprina <ran at cryptocom.ru>
Update cms-test.pl to handle some Unix like Windows environments where calling shlib_wrap.sh doesn't work.
oops, typo
Stop compiler complaining in pedantic mode: may be a better way to do this...
PR: 2251 Submitted by: Ger Hobbelt <ger at hobbelt.com> Approved by: steve at openssl.org
PR: 2254 Submitted by: Ger Hobbelt <ger at hobbelt.com> Approved by: steve at openssl.org
Avoid use of ex_data free function in Chil ENGINE so it can be safely reloaded.
PR: 2266 Submitted By: Jonathan Gray <jsg at goblin.cx>
PR: 2258 Submitted By: Ger Hobbelt <ger at hobbelt.com>
PR: 2261 Submitted By: De Rudder, Stephen L." <s_derudder at tditx.com>
PR: 2262 Submitted By: Victor Wagner <vitus at cryptocom.ru>
update NEWS
PR: 2278 Submitted By: Mattias Ellert <mattias.ellert at fysast.uu.se>
fix PR#2261 in a different way
add CVE-2010-0742 and CVS-2010-1633 fixes
update FAQ
clarify comment
no need for empty fragments with TLS 1.1 and later due to explicit IV
i variable is used on some platforms
PR: 2297 Submitted by: Antony, Benoy <bantony at ebay.com> Approved by: steve at openssl.org
Fix warnings (From HEAD, original patch by Ben).
oops, revert wrong patch..
PR: 1830 Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>, Steve Henson
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), this means that some implementations will be used automatically, e.g. aesni, we do this for cryptodev anyway.
Fix WIN32 build system to correctly link ENGINE DLLs contained in a directory: currently the GOST ENGINE is the only case.
Add modes.h and cmac to WIN32 build system.
Update symhacks.
Sync ordinals and update.
WIN32 build fix.
#if out deleted function from headers so it isn't picked up by WIN32 build system.
Add new type ossl_ssize_t instead of ssize_t and move definitions to e_os2.h, this should fix WIN32 compilation issues and hopefully avoid conflicts with other headers which may workaround ssize_t in different ways.
Make ctr mode behaviour consistent with other modes.
Fix ctr mode properly this time....
PR: 2315
PR: 1833 Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
sync and update ordinals
PR: 1833 Submitted By: Robin Seggelmann <seggelmann at fh-muenster.de>
fix bug in AES_unwrap()
make no-gost work on Windows
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), this means that some implementations will be used automatically, e.g. aesni, we do this for cryptodev anyway.
Typo, PR#2346
Minor documentation fixes, PR#2344
Minor documentation fixes, PR#2345
fix warnings
fix signature printing routines
We can't always read 6 bytes in an OCSP response: fix so error statuses are read correctly for non-blocking I/O.
PR: 2314 Submitted by: Mounir IDRASSI <mounir.idrassi at idrix.net> Reviewed by: steve
move CHANGES entry to correct place
PR: 2295 Submitted by: Alexei Khlebnikov <alexei.khlebnikov at opera.com> Reviewed by: steve
Submitted by: Jonathan Dixon <joth at chromium.org> Reviewed by: steve
PR: 2366 Submitted by: Damien Miller <djm at mindrot.org> Reviewed by: steve
Submitted By: Bogdan Harjoc <harjoc at gmail.com> Add missing debug WIN64 targets.
preliminary acknowledgments file
Get correct GOST private key instead of just assuming the last one is correct: this isn't always true if we have more than one certificate.
Only use explicit IV if cipher is in CBC mode.
If EVP_PKEY structure contains an ENGINE the key is ENGINE specific and we should use its method instead of any generic one.
add TLS v1.1 options to s_server
bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files
Don't assume a decode error if session tlsext_ecpointformatlist is not NULL: it can be legitimately set elsewhere.
oops, reinstate TLSv1 string
PR: 2372 Submitted by: "W.C.A. Wijngaards" <wouter at nlnetlabs.nl> Reviewed by: steve
fix no SIGALRM case in speed.c
compile cts128.c on VMS
remove duplicate statement
PR: 2374 Submitted by: Guenter <lists at gknw.net> Reviewed by: steve
PR: 2375 Submitted by: Guenter <lists at gknw.net> Reviewed by: steve
PR: 2376 Submitted by: Guenter <lists at gknw.net> Reviewed by: steve
add pice of PR#2295 not committed to HEAD
constify EVP_PKEY_new_mac_key()
use generalise mac API for SSL key generation
oops, revert invalid change
add "missing" functions to copy EVP_PKEY_METHOD and examine info
VERY EXPERIMENTAL HMAC redirection example in OpenSSL ENGINE. Untested at this stage and probably wont work properly.
fix typo in HMAC redirection, add HMAC INIT tracing
using_ecc doesn't just apply to TLSv1
PR: 2240 Submitted by: Jack Lloyd <lloyd at randombit.net>, "Mounir IDRASSI" <mounir.idrassi at idrix.net>, steve Reviewed by: steve
Some of the MS_STATIC use in crypto/evp is a legacy from the days when EVP_MD_CTX was much larger: it isn't needed anymore.
apply J-PKAKE fix to HEAD (original by Ben)
PR: 2385 Submitted by: Stefan Birrer <stefan.birrer at adnovum.ch> Reviewed by: steve
update FAQ
use right version this time in FAQ
fix doc typos
PR: 2386 Submitted by: Stefan Birrer <stefan.birrer at adnovum.ch> Reviewed by: steve
update FAQ
ignore leading null fields
Support routines for ASN1 scanning function, doesn't do much yet.
avoid verification loops in trusted store when path building
PR: 2413 Submitted by: Michael Bergandi <mbergandi at gmail.com> Reviewed by: steve
PR: 2410 Submitted by: Rob Austein <sra at hactrn.net> Reviewed by: steve
Fix escaping code for string printing. If *any* escaping is enabled we must escape the escape character itself (backslash).
PR: 2411 Submitted by: Rob Austein <sra at hactrn.net> Reviewed by: steve
oops missed an assert
Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed alert.
Don't use decryption_failed alert for TLS v1.1 or later.
add X9.31 prime generation routines from 0.9.8 branch
move some string utilities to buf_str.c to reduce some dependencies (from 0.9.8 branch).
missed change in ACKNOWLEDGEMENTS file
stop warning with no-engine
add va_list version of ERR_add_error_data
Add additional parameter to dsa_builtin_paramgen to output the generated seed to: this doesn't introduce any binary compatibility issues as the function is only used internally.
oops, revert mistakenly committed EC changes
PR: 1612 Submitted by: Robert Jackson <robert at rjsweb.net> Reviewed by: steve
check EC public key isn't point at infinity
New function EC_KEY_set_affine_coordinates() this performs all the NIST PKV tests.
PR: 2433 Submitted by: Chris Wilson <chris at qwirx.com> Reviewed by: steve
revert Makefile change
recalculate DSA signature if r or s is zero (FIPS 186-3 requirement)
Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign() and DSA_do_verify().
Move BN_options function to bn_print.c to remove dependency for BIO printf routines from bn_lib.c
Move RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate crypto and ENGINE dependencies in RSA library.
And so it begins... again.
add some missing fips files
add fips/Makefile
add fips/des/Makefile
add fips/aes/Makefile
add fips/sha files
add fips_sha1_selftest.c
add fips_premain.c.sha1
update mkerr.pl for use fips directory, add arx.pl script
FIPS_allow_md5() no longer exists and is no longer required
Add fipscanisterbuild configuration option and update Makefile.org: doesn't compile yet
FIPS mode changes to make RNG compile (this will need updating later as we need a whole new PRNG for FIPS).
FIPS mode EVP changes:
add new RAND errors
FIPS mode RSA changes:
FIPS mode DSA changes:
FIPS DH changes: selftest checks and key range checks.
FIPS mode ERR changes. Redirect errors to tiny FIPS callbacks to avoid ERR library dependencies.
Change AR to ARX to allow exclusion of fips object modules
FIPS HMAC changes:
Use ARX in crypto/Makefile
FIPS changes to test/Makefile: rules to build FIPS test applications.
Internal version of BN_mod_inverse allowing checking of no-inverse without need to inspect error queue.
update .cvsignore
use FIPSEVP in some bn and rsa files
Move locking and thread ID functions into new files lock.c and thr_id.c, redirect locking to minimal FIPS_lock() function where required.
New FIPS_lock() function for minimal FIPS locking API: to avoid dependencies on OpenSSL locking code. Use API in some internal FIPS files.
Include thread ID code in fips module.
Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer to EVP any more.
Update source files to handle new FIPS_lock() location. Add FIPS_lock() definition. Remove stale function references from fips.h
add fips_dsatest.c file
Redirect FIPS memory allocation to FIPS_malloc() routine, remove OpenSSL malloc dependencies.
add FIPS API malloc/free
add .cvsignore
Move all FIPSAPI renames into fips.h header file, include early in crypto.h if needed.
Add preliminary FIPS information.
don't descend fips directory if not in fips mode
typo
update version to 2.0
use different default fips install directory
add fiplibdir and basedir options to Configure
Add fips option into Configure, disable endian code for no-asm and FIPS. Make shared library default for fips.
Fix shared build for fips
stop warnings about no previous prototype when compiling shared engines
Provisional, experimental support for DSA2 parameter generation algorithm. Not properly integrated or tested yet.
Since FIPS 186-3 specifies we use the leftmost bits of the digest we shouldn't reject digest lengths larger than SHA256: the FIPS algorithm tests include SHA384 and SHA512 tests.
update README.FIPS
fixes for DSA2 parameter generation
Tolerate mixed case and leading zeroes when comparing.
Support more DSA2 tests.
Add DSA2 support to final algorithm tests: keypair and keyver.
Don't try to set pmd if it is NULL.
Remove DSA parameter generation from DSA selftest. It is unnecessary and can be very slow on embedded platforms. Hard code DSA parameters instead.
Add sign/verify digest API to handle an explicit digest instead of finalising a context.
Make no-asm work in fips mode. Add android platform.
Fix target config errors.
Cope with new DSA2 file format where some p/q only tests are made.
Use single X931 key generation source file for FIPS and non-FIPS builds.
Add FIPS support to mkdef.pl script, update ordinals.
For now disable EC_GFp_nistp224_method() for WIN32 so the WIN32 build completes without linker errors.
Add Windows FIPS build utilities.
add -stripcr option to copy.pl from 0.9.8
Add FIPS error codes.
Include fips header file in err_all.c if needed.
Rename crypto/fips_err.c to fips_ers.c to avoid clash with other fips_err.c
Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files that use it.
Add FIPS support to the WIN32 build system.
Remove unneeded functions, make some functions and variables static.
Fix duplicate code and typo.
Use default ASN1 if flag set.
Fix memory leak.
New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying cipher handles all cipher symantics itself.
Typo.
Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher: the NULL value for the input buffer is sufficient to notice this case.
Add CRYPTO_gcm128_tag() function to retrieve the tag.
Initial *very* experimental EVP support for AES-GCM. Note: probably very broken and subject to change.
Link GCM into FIPS module. Check return value in EVP gcm.
Experimental incomplete AES GCM algorithm test program.
Set values to NULL after freeing them.
Equally experimental encrypt side for fips_gcmtest. Currently this uses IVs in the request file need to update it to generate IVs once we have an IV generator in place.
Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest.
Disable FIPS restrictions when doing GCM testing.
Free keys if DSA pairwise error.
Return security strength for supported DSA parameters: will be used later.
In FIPS mode only use "Generation by Testing Candidates" equivalent.
Make Windows build work with GCM.
New "fispcanisteronly" build option: only build fipscanister.o and associated utilities. This functionality will be used by the validated tarball.
Add Makefile.fips.
New option to disable characteristic two fields in EC code.
Disable some functions in headers with no-ec2m
Make no-ec2m work on Win32 build. Add nexprotoneg support too.
Change FIPS source and utilities to use the "FIPS_" names directly instead of using regular OpenSSL API names.
Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1 library.
New function BN_nist_mod_func which returns an appropriate function if the passed prime is a NIST prime.
Use BN_nist_mod_func to avoid need to peek error queue.
Reorganise ECC code for inclusion in FIPS module.
Don't use FIPS api for ec2_oct.c
Include support for an add_lock callback to tiny FIPS locking API.
Add ECDSA functionality to fips module. Initial very incomplete version of algorithm test program.
Add .cvsignore.
Update ECDSA test program to handle ECDSA2 format files. Correctly handle hex strings with an odd number of digits.
Add support for SigGen and KeyPair tests.
Ignore final '\n' when checking if hex line length is odd.
Add FIPS flags to AES ciphers and SHA* digests.
Add non-FIPS algorithm blocking and selftest checking.
Update pairwise consistency checks to use SHA-256.
Use SHA-256 in fips_test_suite.
Add pairwise consistency test to EC.
Experimental symbol renaming to avoid clashes with regular OpenSSL.
Experimental FIPS symbol renaming.
Include openssl/crypto.h first in several other files so FIPS renaming is picked up.
Don't need err library for Makefile.fips
Remove debugging command.
Update auto generated comment.
Correct fipssyms.h for more assembly language symbols.
Experimental perl script to edit assembly language source files, call the assembler, then restore original file.
Make -DOPENSSL_FIPSSYMS work for assembly language builds.
AES GCM selftests.
add ECDSA POST
Move gcm128_context definition to modes_lcl.h (along with some related definitions) so we can use it in EVP GCM code avoiding need to allocate it.
Make fipscanisteronly build only required files.
*** empty log message ***
tools and rehash not needed for fips build.
x509v3.h header file not needed in fips algorithm test utilities.
Need to link additional directories for fipscanisteronly build.
Remove unnecessary dependencies.
Create fips links even if not compiling in fips mode.
Update dependencies.
Remove unnecessary link directories.
*** empty log message ***
Remove debugging option.
Call Makefile.fips when making a fips tarball.
Initial perl script to filter out unneeded files for a fips tarball.
typo
Make "make links" work in fipscanisteronly builds.
Don't try and update c_rehash for fipscanisteronly builds.
Removing debugging print.
Add modes_lcl.h to header list.
Remove duplicate test rule.
Add fips/ecdsa directory to mkfiles.pl
Make fipscanisteronly work with WIN32 build system.
Include ms directory for fips distribution.
Make mkfiles.pl work with fipscanisteronly.
Make -DOPENSSL_FIPSSYMS work under WIN32: run perl script when WIN32 assembly language files are created, add norunasm option to just translate and not run the assembler.
Add new symbols to fipssyms.h
Add DllMain to fips symbols: will need to call this in FIPS capable OpenSSL.
Use more portable options when making links in Makefile.fips
Stop warnings.
Update status information.
Initial, provisional, subject to wholesale change, untested, probably not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.
Updates to DRBG: fix bugs in infrastructure. Add initial experimental algorithm test generator.
Fix couple of bugs in CTR DRBG implementation.
Uninstantiate and free functions for DRBG.
Remove need for redirection on RNG and DSS algorithm test programs: some platforms don't support it.
Remove redirection from fipsalgtest.pl script.
Support I/O with files in new fips_gcmtest program.
Add file I/O to fips_drbgvs program.
Add meaningful error codes to DRBG.
New SP 800-56A compliant version of DH_compute_key().
New initial DH algorithm test driver.
Typo.
Update .cvsignore
Update fips_dhvs to handle functional test by generating keys.
Enter FIPS mode in fips_dhvs. Support file I/O in fips_ecdsavs.
Add ECDH to validated module.
Add a few more symbol renames.
Make no-ec2m work again.
Update status.
make no-dsa work again
Check requested security strength in DRBG. Add function to retrieve the security strength.
Remove redundant check to stop compiler warning.
Fix warnings: signed/unisgned comparison, shadowing (in some cases global functions such as rand() ).
PR: 2469 Submitted by: Jim Studt <jim at studt.net> Reviewed by: steve
Add extensive DRBG selftest data and option to corrupt it in fips_test_suite.
Fix broken SRP error/function code assignment.
Fix warnings about ignored return values.
Implement health checks needed by SP800-90.
Implement continuous RNG test for SP800-90 DRBGs.
Typo.
Free DRBG context in self tests.
Use a signed value to check return value of do_cipher().
Typo.
Make some Unix builds work again.
Fix compiler warnings.
Remove unused function.
Add .cvsignore
Allow setting of get_entropy and get_nonce callbacks outside test mode. Test mode is now set when a DRBG context is initialised.
Disable cmac tests by default so the old algorithm test vectors work.
Have all algorithm test programs call fips_algtest_init() at startup: this will perform all standalone operations such as setting error callbacks, entering FIPS mode etc.
Add .cvsignore
Update .cvsignore
fix warnings
Reorganise DRBG API so the entropy and nonce callbacks can return a pointer to a buffer instead of copying to a fixed length buffer. This removes the entropy and nonce length restrictions.
Remove redundant definitions. Give error code if DRBG sefltest fails.
Unused, untested, provisional RAND interface for DRBG.
Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for test applications.
Provisional support for auto called OPENSSL_init() function. This can be used to set up any appropriate functions such as FIPS callbacks without requiring an explicit application call.
Add additional OPENSSL_init() handling add dummy call to (hopefully) ensure OPENSSL_init() is always linked into an application.
Allow FIPS malloc callback setting. Automatically set some callbacks in OPENSSL_init().
Only zeroise sensitive parts of DRBG context, so the type and flags are undisturbed.
temporarily update .cvsignore
delete lib file
restore .cvsignore
restore .cvsignore
Make WIN32 static builds work again.
PR: 2457 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
PR: 2458 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
PR: 2462 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
check RAND_pseudo_bytes return value
Change RNG test to block oriented instead of request oriented, add option to test a "stuck" DRBG.
Disable test fprintf.
Change FIPS locking functions to macros so we get useful line information.
Use environment when builds libcrypto shared library so CC value is picked up in FIPS builds.
Set error code is additional data callback fails.
Updated error codes for FIPS library.
FIPS mode support for openssl utility: doesn't work properly yet due to missing DRBG support in libcrypto.
Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be used by applications directly and the X9.31 PRNG is deprecated by new FIPS140-2 rules anyway.
Extensive reorganisation of PRNG handling in FIPS module: all calls now use an internal RAND_METHOD. All dependencies to OpenSSL standard PRNG are now removed: it is the applications resposibility to setup the FIPS PRNG and initalise it.
Update fipssyms.h to keep all symbols in FIPS,fips namespace.
updated FIPS status
check buffer is larger enough before overwriting
Remove rand files from fipscanister.o
Add missing error code strings.
Update OpenSSL DRBG support code. Use date time vector as additional data. Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
Add fips hmac key to dgst utility.
Update CHANGES.
Only use fake rand once per operation. This stops the EC pairwise consistency test interfering with the test.
DH keys have an (until now) unused 'q' parameter. When creating from DSA copy q across and if q present generate DH key in the correct range.
New function to return security strength of PRNG.
Before initalising a live DRBG (i.e. not in test mode) run a complete health check on a DRBG of the same type.
Add error for health check failure.
remove ENGINE dependency from ecdh
Remove unused build targets from Makefile.fips, add cmac to dist list.
Auto configure for fips is from restricted tarball.
Clarify README.FIPS.
set OPENSSL_FIPSSYMS for restricted buils and auto detect no-ec2m
Auto detect no-ec2m add option to make no-ec2m tarball.
fix fipscanisteronly autodetect
Typo: fix duplicate call.
Don't give dependency warning for fips builds.
Reorder headers to get definitions before they are used.
Set length to 41 (40 hex characters + null).
Fix warning.
Add mem_clr.c explicity for no-asm builds.
Use correct version number.
Update copyright year.
Update fips_premain.c fingerprint.
Update ECDSA selftest to use hard coded private keys. Include tests for prime and binary fields.
No need to disable leak checking for FIPS builds now we use internal memory callbacks.
Stop warning and fix memory leaks.
Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx when performing ECDSA selftest.
Update RSA selftest code to use a 2048 bit RSA and only a single KAT for PSS+SHA256
Complete rewrite of FIPS_selftest_dsa(). Use hardcoded 2048 bit DSA key and SHA384. Use fips_pkey_signature_test().
Update fips_pkey_signature_test: use fixed string if supplies tbs is NULL. Always allocate signature buffer.
Provisional AES XTS support.
Use consistent FIPS tarball name.
Remove duplicate flag.
Initial incomplete POST overhaul: add support for POST callback to allow status of POST to be monitored and/or failures induced.
Remove several of the old obsolete FIPS_corrupt_*() functions.
Update CMAC, HMAC, GCM to use new POST system.
Revise fips_test_suite to use table of IDs for human readable strings.
Report each cipher used with CMAC tests.
Add new POST support to X9.31 PRNG.
Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation.
Add XTS selftest, include in fips_test_suite.
Add length limitation from SP800-38E.
Add "post" option to fips_test_suite to run the POST only and exit.
Remove PSS salt length detection hack from fipslagtest.pl by allowing a regexp search of the file to determine its type. This will be needed for other tests later...
Remove shlib_wrap.sh as it is not needed (all algorithm tests are staticly linked to fipscanister.o). Add option to generate a shell script to run all tests: this is useful for platforms that don't have perl.
Don't need separate tag buffer for GCM mode: use EVP_CIPHER_CTX buf field which is not unused for custom ciphers.
Compile ccm128.c, move some structures to modes_lcl.h add prototypes.
Initial untested CCM support via EVP.
CCM encrypt algorithm test support.
Override flag for XTS length limit.
Typo.
Fix EVP CCM decrypt. Add decrypt support to algorithm test program.
Add fips/cmac directory to WIN32 build.
Use 0 for tbslen to perform strlen.
Add AES CCM selftest.
Warn if lines are truncated in algorithm test utilities.
Add partial DH and ECDH primitives only testing to fipsalgtest.pl
Add partial GCM tests to fipsalgtest.pl
Add periodic DRBG health checks as required by SP800-90.
Update DRBG to use new POST scheme.
Add continuous RNG test to entropy source. Entropy callbacks now need to specify a "block length".
Update ordinals.
Fix WIN32 warning.
Make fipscanisteronly auto detect work on WIN32.
Reconise no-ec-nistp224-64-gcc-128 option.
Initial do_fips.bat build script for WIN32 fipscanister.
Rewrite OutputValue to avoid use of buffer when printing out hex values.
Add XTS test vector support to fipsalgtest.pl
Return errors instead of aborting when selftest fails.
Add PRNG security strength checking.
Always return multiple of block length bytes from default DRBG seed callback.
Oops, work out expanded buffer length before allocating it...
Make sure overrides work for RSA/DSA.
More fixes for DSA FIPS overrides.
Clarification.
Recognise invalid enable/disable options.
Fix warning.
Stop warnings about undefined _exit on Android.
Don't assume version of rm supports -rf: use RM instead.
Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN all ssl related structures are opaque and internals cannot be directly accessed. Many applications will need some modification to support this and most likely some additional functions added to OpenSSL.
Initial incomplete TLS v1.2 support. New ciphersuites added, new version checking added, SHA256 PRF support added.
no need to include memory.h
Update symbol translation table.
Disable SHA256 if not supported.
Some changes to support VxWorks in the validted module.
For FIPS algorithm test utilities use our own version of strcasecmp and strncasecmp to cover cases where platforms don't support them.
Add ppc_cap.c to restricted tarball.
Include crypto.h in ppccap.c
Rename some more symbols.
Handle multiple CPUID_OBJ correctly.
Two more symbol renames.
Quick hack to time POST.
Stop warning in VxWorks.
Use more portable clock_gettime() for fips_test_suite timing.
Use faster curves for ECDSA self test.
Fix do_fips script.
PR: 2499 Submitted by: "James 'J.C.' Jones" <james.jc.jones at gmail.com>
Remove useless setting.
Include fipssyms.h for ARM builds to translate symbols.
Fix warning.
Remove debugging print.
Update status.
Remove superfluous PRNG self tests.
Fix warning of signed/unsigned comparison.
Hide more symbols.
Continuing TLS v1.2 support: add support for server parsing of signature algorithms extension and correct signature format for server key exchange.
Return error codes for selftest failure instead of hard assertion errors.
Don't fail WIN32 builds on warnings.
Get OPENSSL_FIPSSYMS from environment in fipsas.pl, include ppccap.c and .S files in fipsdist.
Fixes for WIN64 FIPS build.
Don't include GF2m source files is NOEC2M set.
Omit GF2m properly this time ;-)
Remove FIXME comments.
Remove gf2m modules from bn_asm if no-ec2m set.
allow SHA384, SHA512 wit DSA
Call fipsas.pl directly for pa-risc targets.
Initial TLS v1.2 client support. Include a default supported signature algorithms extension (including everything we support). Swicth to new signature format where needed and relax ECC restrictions.
Initialise rc.
Typo.
Update instructions.
Add NSA sublicense info.
Inlcude README.ECC in FIPS restricted tarball.
Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in the FIPS capable OpenSSL.
Set FIPS mode for values other than 1. The only current effect is to return a consistent value. So calling FIPS_module_mode_set(n) for n != 0 will result in FIPS_module_mode() returning n. This will support future expansion of more FIPS modes e.g. a Suite B mode.
Reorder signature algorithms in strongest hash first order.
make kerberos work with OPENSSL_NO_SSL_INTERN
Sync ordinals.
Add SSL_INTERN definition.
Fix error discrepancy.
Process signature algorithms during TLS v1.2 client authentication.
Provisional support for TLS v1.2 client authentication: client side only.
Enter FIPS mode by calling FIPS_module_mode_set in openssl.c until FIPS_mode_set is implemented.
Recognise NO_NISTP224-64-GCC-128
typo
Typo.
NULL is a valid cspname
new flag to stop ENGINE methods being registered
set encodedPoint to NULL after freeing it
inherit HMAC flags from MD_CTX
update date
oops
Implement FIPS_mode and FIPS_mode_set
Add CHANGES entry: add FIPS support to ssl
PR: 2295 Submitted by: Alexei Khlebnikov <alexei.khlebnikov at opera.com> Reviewed by: steve
PR: 2522 Submitted by: Henrik Grindal Bakken <henribak at cisco.com>
use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS
PR: 2505 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
PR: 2506 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
PR: 2512 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
Oops use up to date patch for PR#2506
Some nextproto patches broke DTLS: fix
Fix the ECDSA timing attack mentioned in the paper at:
Fix the ECDSA timing attack mentioned in the paper at:
PR: 2527 Submitted by: Marcus Meissner <meissner at suse.de> Reviewed by: steve
PR: 2529 Submitted by: Marcus Meissner <meissner at suse.de> Reviewed by: steve
PR: 2533 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
Don't advertise or use MD5 for TLS v1.2 in FIPS mode
More symbol renaming.
Only install FIPS related files for fipscanisteronly build.
Install fips_standalone_sha1 and make use of it in fipsld script.
In fipsld use FIPSLIBCRYPTO environment variable to specify an alternative location for libcrypto.a, support shared library builds in different source tree.
Use FIPSLD_LIBCRYPTO for consistency with other env variables in fipsld. Use current directory for fips_premain_dso
Typo.
Rename many internal only module functions from FIPS_* to fips_*.
Add prototypes for FIPS EVP implementations: for use in FIPS capable OpenSSL.
Add FIPS_digestinit prototype for FIPS capable OpenSSL.
Prototypes for more FIPS functions for use in FIPS capable OpenSSL.
Add more cipher prototypes.
Output supported curves in preference order instead of numerically.
Don't round up partitioned premaster secret length if there is only one digest in use: this caused the PRF to fail for an odd premaster secret length.
Fake CPU caps so fips_standalone_sha1 compiles.
set FIPS permitted flag before initalising digest
typo
Add DSA and ECDSA "clone digests" to module for compatibility with old applications.
Clone digest prototypes.
Simple automated certificate creation demo.
Move FIPS RSA function definitions to fips.h
Remove FIPS RSA functions from crypto/rsa.
Typo.
Constify RSA signature buffer.
Add "OPENSSL_FIPSCAPABLE" define for a version of OpenSSL which is FIPS capable: i.e. FIPS module is supplied externally.
license correction, no EAY code included in this file
fix error discrepancy
Move function prototype to fips.h
Set SSL_FIPS flag in ECC ciphersuites.
Add prototypes for some FIPS EC functions.
Set flags in ECDH and ECDSA methods for FIPS.
Add flags for DH FIPS method.
fix memory leak
Add more prototypes.
more prototypes in fips.h
Install FIPS module in FIPSDIR if set.
Remove x509.h from SHA1 clone digests, update dependencies.
Update dependencies for m_dss.c too.
#undef bn_div_words as it is defined for FIPS builds.
CMAC FIPS prototypes.
HMAC fips prototypes
Use FIPSCAPABLE for FIPS module functions used in FIPS capable OpenSSL.
Don't export functions marked as FIPSCAPABLE.
sync and update ordinals
Allow applications to specify alternative FIPS RAND methods if they are sure they are OK.
make sure custom cipher flag doesn't use any mode bits
set FIPS allow before initialising ctx
Update to mk1mf.pl and ms\do_fips.bat to install relevant files for WIN32 FIPS builds.
Don't include des.h any more: it is not needed.
Option "fipscheck" which checks to see if FIPS is autodetected in a build. Use this for WIN32 builds.
Give parameters names in prototypes.
Initial FIPS capable OpenSSL information
Strip CRs when installing fips_premain.c Correct compat library rule in FIPS mode.
Correction.
add null cipher to FIPS module
typo
make EVP_dss() work for DSA signing
Add prototype for null cipher.
Don't set FIPS rand method at same time as RAND method as this can cause the FIPS library to fail. Applications that want to set the FIPS rand method can do so explicitly and presumably they know what they are doing...
allow MD5 use for computing old format hash links
add symbol rename
Now the FIPS capable OpenSSL is available simplify the various FIPS test build options.
stop complaints about no CVS version
typo
correctly encode OIDs near 2^32
PR: 2540 Submitted by: emmanuel.azencot at bull.net Reviewed by: steve
PR: 2543 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
PR: 2470 Submitted by: Corinna Vinschen <vinschen at redhat.com> Reviewed by: steve
Add sparcv9cap.c to restricted tarball.
get the filename right
allow KERNEL_BITS to be specified in the environment
Add stub for HMAC DRBG.
typo
Fix CPRNG test for Hash DRBG.
auto detect configuration using KERNEL_BITS and CC
Recognise fipscheck option and call fipsas for WIN64 builds.
Add no-asm argument to Configure if needed.
Delete any EXARG value first.
Additional error checking.
If make clean fails it is not a fatal error.
Add functions to return FIPS module version.
Rename symbol.
PR: 2556 (partial) Reported by: Daniel Marschall <daniel-marschall at viathinksoft.de> Reviewed by: steve
Add support for ECCCDH test format.
PR: 2550 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
PR: 2555 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
PR: 2559 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
Rename another symbol.
stop warnings
Make sure OPENSSL_FIPSCANISTER is visible to ARM assembly language files.
More symbol renaming.
Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and prohibit use of these ciphersuites for TLS < 1.2
oops, remove debug option
Update CHANGES.
Fix warnings.
recognise ecdsaWithSHA1 OID
Expand range of ctrls for AES GCM to support retrieval and setting of invocation field.
fix memory leak
Initial support for tests for 2.0 module. Not complete and not all working yet.
Fix DSA to skip EOL test when parsing mod line.
Use "resp" for default directory name for .rsp files.
Add HMAC DRBG from SP800-90
Remove redundant assignment.
Include armcap.c in fips tarball.
prevent compilation errors and warnings
aesni TLS GCM support
Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA using OBJ xref utilities instead of string comparison with OID name.
Enable rsa-pss0 for non-v2 tests.
quote LIBS to copy with empty string
Delete library install from Makefile.fips: it isn't used.
Update instructions to recommend use of included incore script.
typo
Fix fipsalgtest.pl to still work with old test vectors.
Correct maximum request length. SP800-90 quotes maximum bits, not bytes.
Rename sparc symbols.
Don't use some object files in FIPS build.
Fix warning.
Add support for canonical generation of DSA parameter g. Modify fips_dssvs to support appropriate file format.
Add support for DSA2 PQG generation of g parameter.
Fix ecdh primitives test command line.
Print private key component is -exout parameter is given.
PR: 2586 Submitted by: Thomas Jarosch <thomas.jarosch at intra2net.com> Reviewed by: steve
PR: 2586 Submitted by: Thomas Jarosch <thomas.jarosch at intra2net.com> Reviewed by: steve
PR: 2588 Submitted by: Thomas Jarosch <thomas.jarosch at intra2net.com> Reviewed by: steve
PR: 2589 Submitted by: Thomas Jarosch <thomas.jarosch at intra2net.com> Reviewed by: steve
PR: 2573 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
Stop warnings.
make timing attack protection unconditional
PR: 2340 Submitted by: "Mauro H. Leggieri" <mxmauro at caiman.com.ar> Reviewed by: steve
Sync ordinals with 1.0.1-stable.
PR: 2576 Submitted by: Doug Goldstein <cardoe at gentoo.org> Reviewed by: steve
Don't use *from++ in tolower as this is implemented as a macro on some platforms. Thanks to Shayne Murray <Shayne.Murray at Polycom.com> for reporting this issue.
Rename some more symbols for fips module.
Extension of DRBG selftests using new data.
Add header to Makefile.
Update dependencies.
Don't perform full DRBG health check on all DRBG types on power up, just one shorter KAT per mechanism.
Place DRBG in error state if health check fails.
Check reseed interval before generating output.
Update FAQ.
Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past produce an error (CVE-2011-3207)
Add error codes for DRBG KAT failures.
Put quick DRBG selftest return after first generate operation.
Add /fixed option to linker with fips builds.
Add support for Dual EC DRBG from SP800-90. Include updates to algorithm tests and POST code.
Fix 3DES Monte Carlo test file output which previously outputted extra bogus lines. Update fipsalgtest.pl to tolerate the old format.
Check we recognise DRBG type in fips_drbgvs.c initialised DRBG_CTX if we don't set type in FIPS_drbg_new().
Delete strength parameter from FIPS_drbg_generate. It isn't very useful (strength can be queried using FIPS_drbg_get_strength ) and adds a substantial extra overhead to health check (need to check every combination of parameters).
Check length of additional input in DRBG generate function.
More extensive DRBG health check. New function to call health check for all DRBG combinations.
new function to lookup FIPS supported ciphers by NID
Remove fipsdso target: it isn't supported in the 2.0 module.
Update CMAC/HMAC sefltests to use NIDs instead of function pointers.
Fix warning.
Make HMAC kat symbols static.
Don't use vpaes in fips builds and exclude from restricted tarball.
Minor code tidy and bug fix: need to set t = s after first pass and t and s do not need to have independent values after the first pass so set t = s.
clarify comment
Sync error codes with 1.0.1-stable.
Allow reseed interval to be set.
Update error codes.
Revise DRBG to split between internal and external flags.
Perform health check on all reseed operations not associated with prediction resistance requests. Although SP 800-90 is arguably unclear on whether this is necessary adding an additional check has minimal penalty (very few applications will make an explicit reseed request).
Remove unused variable.
Don't print out errors in cases where errors are expected: testing DSA parameter validity and EC public key validity.
Use function name FIPS_drbg_health_check() for health check function.
Typo.
Run PQGVer test before DSA2 tests.
PR: 2347 Submitted by: Tomas Mraz <tmraz at redhat.com> Reviewed by: steve
PR: 2602 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
PR: 2606 Submitted by: Christoph Viethen <cv at kawo2.rwth-aachen.de> Reviewed by: steve
use keyformat for -x509toreq, don't hard code PEM
make sure eivlen is initialised
Handle provable prime parameters for canonical g generation which are sometimes erroneously included.
Add a --disable-all option to disable all tests.
fix signed/unsigned warning
Fix output format for DSA2 parameter generation.
Check return codes properly.
Remove s = s * P deferral.
Add FIPS selftests for ECDH algorithm.
make depend
Never echo Num lines for PQGGen DSA2 test.
Make fips algorithm test utilities use RESP_EOL for end of line character(s). This should be CRLF even under *nix.
? crypto/aes/aes-armv4.S ? crypto/aes/aesni-sha1-x86_64.s ? crypto/aes/aesni-x86_64.s ? crypto/aes/foo.pl ? crypto/aes/vpaes-x86_64.s ? crypto/bn/.bn_lib.c.swp ? crypto/bn/armv4-gf2m.S ? crypto/bn/diffs ? crypto/bn/modexp512-x86_64.s ? crypto/bn/x86_64-gf2m.s ? crypto/bn/x86_64-mont5.s ? crypto/ec/bc.txt ? crypto/ec/diffs ? crypto/modes/a.out ? crypto/modes/diffs ? crypto/modes/ghash-armv4.S ? crypto/modes/ghash-x86_64.s ? crypto/modes/op.h ? crypto/modes/tst.c ? crypto/modes/x.h ? crypto/objects/.obj_xref.txt.swp ? crypto/rand/diffs ? crypto/sha/sha-512 ? crypto/sha/sha1-armv4-large.S ? crypto/sha/sha256-armv4.S ? crypto/sha/sha512-armv4.S Index: crypto/objects/obj_xref.c =================================================================== RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v retrieving revision 1.9 diff -u -r1.9 obj_xref.c --- cryp
to/objects/obj_xref.c 5 Nov 2008 18:38:58 -0000 1.9 +++ crypto/objects/obj_xref.c 6 Oct 2011 20:30:21 -0000 @@ -110,8 +110,10 @@ #endif if (rv == NULL) return 0; - *pdig_nid = rv->hash_id; - *ppkey_nid = rv->pkey_id; + if (pdig_nid) + *pdig_nid = rv->hash_id; + if (ppkey_nid) + *ppkey_nid = rv->pkey_id; return 1; }
use client version when eliminating TLS v1.2 ciphersuites in client hello
New -force_pubkey option to x509 utility to supply a different public key to the one in a request. This is useful for cases where the public key cannot be used for signing e.g. DH.
Add fips/ecdh directory.
PR: 2482 Submitted by: Rob Austein <sra at hactrn.net> Reviewed by: steve
Sync ordinals with 1.0.1-stable.
fix memory leaks
fix CHANGES entry
Synv ordinals with 1.0.1-stable.
Don't disable TLS v1.2 by default now.
disable GCM if not available
add GCM ciphers in SSL_library_init
fix leak properly this time...
remove some debugging code
def_rsa_finish not used any more.
print out subgroup order if present
update pkey method initialisation and copy
Only include one ECDH selftest.
Fix warnings.
ECDH POST selftest failure inducing support.
Handle broken test on verify too.
Updates to handle some verification of v2 tests.
Update instructions.
Handle partial test where H is absent: needed to check g generation.
Skip ECDH sanity check. Add --compare-all to run comparison tests on all files instead of sanity checks.
Remove o_init.o special case from Makefile: this doesn't work.
Update README.FIPS for new FIPS 2.0 testvectors.
increase test RSA key size to 1024 bits
Print curve type for signature tests.
Add usage messages.
Don't use TPREFIX shell variable for minimal script.
Allow override of GCCVER and noexecstack checking from environment.
more vxworks patches
Clarify usage message.
L=3072, N=256 provides 128 bits of security not 112.
Do global replace to remove assembly language object files.
Update premain fingerprint.
Recognise new option.
Build fipscanister.o only by default. Utility build now needs make build_tests
Typo (?)
add authentication parameter to FIPS_module_mode_set
Add "nopass" for empty password too.
Fix error codes.
Check for uninitialised DRBG_CTX and don't free up default DRBG_CTX.
fix (?) AVX clearing
Update error codes.
Check for selftest failure in various places.
No need for custom flag in XTS mode: block length is 1.
typo
Use correct tag for SRP username.
PR: 2632 Submitted by: emmanuel.azencot at bull.net Reviewed by: steve
PR: 2628 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
PR: 2628 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
Add fips_algvs utility (from FIPS 2.0 stable branch).
Print out an error for "make test" in FIPS builds. (from FIPS stable)
Remove duplicate test from health check. Fix memory leaks by uninstantiating DRBG before reinitialising it.
Add support for memory leak checking in fips_algvs.
Add single call public key sign and verify functions.
fix set but unused warnings
typo: use key for POST callback
make post failure simulation reversible in all cases
typo
Update fips_test_suite to take multiple command line options and an induced error checking function.
check for unset entropy and nonce callbacks
portability fix for some perl versions
PR: 1794 Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr> Reviewed by: steve
Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest.
In EC_KEY_set_public_key_affine_coordinates include explicit check to see passed components do not exceed field order
bcmp doesn't exist on all platforms, replace with memcmp
move internal functions to ssl_locl.h
add strp.h to mkdef.pl headers
sync and update ordinals
add cryptlib.h to mkdef.pl
sync and update ordinals
PR: 1794 Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr> Reviewed by: steve
check counter value against 4 * L, not 4096
return error if counter exceeds limit and seed value supplied
Correct some parameter values.
Update DH_check() to peform sensible checks when q parameter is present.
The default CN prompt message can be confusing when often the CN needs to be the server FQDN: change it. [Reported by PSW Group]
Initial experimental support for X9.42 DH parameter format to handle RFC5114 parameters and X9.42 DH public and private keys.
Document RFC5114 "generation" options.
fix error discrepancy
transparently handle X9.42 DH parameters
Replace expired test server and client certificates with new ones.
implement -attime option as a verify parameter then it works with all relevant applications
update CHANGES
add commented out option to allow use of older PKITS data
use different names for asm temp files to avoid problems on some platforms
add cofactor ECDH support from fips branch
Updates from fips2 branch: close streams in test utilities, use cofactor ECDH add new key and signature generation tests to fips_test_suite.
detect and use older PKITS data
Add private keys and generation scripts for test certificates in apps directory.
PR: 1794 Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr> Reviewed by: steve
update CHANGES
PR: 2563 Submitted by: Paul Green <Paul.Green at stratus.com> Reviewed by: steve
New ctrl values to clear or retrieve extra chain certs from an SSL_CTX. New function to retrieve compression method from SSL_SESSION structure.
remove prototype for deleted SRP function
sync and update ordinals
delete unimplemented function from header file, update ordinals
recognise DECLARE_PEM_write_const, update ordinals
typo
PR: 2535 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
recognise SCTP in mkdef.pl script
recognise no-sctp
PR: 2326 Submitted by: Tianjie Mao <tjmao at tjmao.net> Reviewed by: steve
PR: 1794 Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr> Reviewed by: steve
fix deprecated statement
fix error code
update default depflags
make update
PR: 2658 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
update CHANGES
recognise HEARTBEATS in mkdef.pl script
incomplete provisional OAEP CMS decrypt support
only send heartbeat extension from server if client sent one
oops, revert wrong patch
Submitted by: Adam Langley <agl at chromium.org> Reviewed by: steve
fix warnings
update FAQ
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
Check GOST parameters are not NULL (CVE-2012-0027)
fix CHANGES
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>, Michael Tuexen <tuexen at fh-muenster.de> Reviewed by: steve
update CHANGES
disable heartbeats if tlsext disabled
Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de> Reviewed by: steve
PR: 2671 Submitted by: steve
fix warning (revert original patch)
fix warning
Support for fixed DH ciphersuites.
fix CHANGES entry
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050)
return error if md is NULL
oops revert debug change
add support for use of fixed DH client certificates
add example for DH certificate generation
initialise dh_clnt
allow key agreement for SSL/TLS certificates
Tidy/enhance certificate chain output code.
Revise ssl code to use a CERT_PKEY structure when outputting a certificate chain instead of an X509 structure.
code tidy
Add support for distinct certificate chains per key type and per SSL structure.
typo
Modify client hello version when renegotiating to enhance interop with some servers.
oops, revert unrelated changes
Submitted by: Eric Rescorla <ekr at rtfm.com>
add fips blocking overrides to command line utilities
only cleanup ctx if we need to, save ctx flags when we do
PR: 2714 Submitted by: Tomas Mraz <tmraz at redhat.com>
PR: 2710 Submitted by: Tomas Mraz <tmraz at redhat.com>
PR: 2704 Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr>
Submitted by: Eric Rescorla <ekr at rtfm.com>
PR: 2705 Submitted by: Alexey Melnikov <alexey.melnikov at isode.com>
PR: 2703 Submitted by: Alexey Melnikov <alexey.melnikov at isode.com>
PR: 2716 Submitted by: Adam Langley <agl at google.com>
PR: 2717 Submitted by: Tim Rice <tim at multitalents.net>
PR: 2713 Submitted by: Tomas Mraz <tmraz at redhat.com>
An incompatibility has always existed between the format used for RSA signatures and MDC2 using EVP or RSA_sign. This has become more apparent when the dgst utility in OpenSSL 1.0.0 and later switched to using the EVP_DigestSign functions which call RSA_sign.
Additional compatibility fix for MDC2 signature format.
Fix bug in CVE-2011-4619: check we have really received a client hello before rejecting multiple SGC restarts.
Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert between NIDs and the more common NIST names such as "P-256". Enhance ecparam utility and ECC method to recognise the NIST names for curves.
initialise i if n == 0
SSL export fixes (from Adam Langley) [original from 1.0.1]
ABI compliance fixes.
PR: 2727 Submitted by: Bruce Stephens <bruce.stephens at isode.com>
PR: 2696 Submitted by: Rob Austein <sra at hactrn.net>
PR: 2711 Submitted by: Tomas Mraz <tmraz at redhat.com>
ABI fixes from 1.0.1-stable
PR: 2730 Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy at scientificgames.se>
Detect symmetric crypto errors in PKCS7_decrypt.
free headers after use in error message
PR: 2735
PR: 2739 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
PR: 2737 Submitted by: Remi Gacogne <rgacogne-bugs at coredump.fr>
PR: 2736 Reported by: Remi Gacogne <rgacogne-bugs at coredump.fr>
Fix memory leak cause by race condition when creating public keys.
PR: 2742 Reported by: Dmitry Belyavsky <beldmit at gmail.com>
PR: 2743 Reported by: Dmitry Belyavsky <beldmit at gmail.com>
don't do loop check for single self signed certificate
PR: 2748 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
PR: 2755 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
New ctrls to retrieve supported signature algorithms and curves and extensions to s_client and s_server to print out retrieved valued.
check return value of BIO_write in PKCS7_decrypt
PR: 2756 Submitted by: Robin Seggelmann <seggelmann at fh-muenster.de>
Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr>
PR: 2744 Submitted by: Dmitry Belyavsky <beldmit at gmail.com>
update NEWS
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and continue with symmetric decryption process to avoid leaking timing information to an attacker.
corrected fix to PR#2711 and also cover mime_param_cmp
update FAQ, NEWS
oops, revert unrelated patches
Always use SSLv23_{client,server}_method in s_client.c and s_server.c, the old code came from SSLeay days before TLS was even supported.
use client version when deciding whether to send supported signature algorithms extension
Submitted by: Markus Friedl <mfriedl at gmail.com>
fix leak
Initial revision of ECC extension handling.
don't shadow
PR: 2778(part) Submitted by: John Fitzgibbon <john_fitzgibbon at yahoo.com>
Update ordinals.
Tidy up EC parameter check code: instead of accessing internal structures add utility functions to t1_lib.c to check if EC certificates and parameters are consistent with peer.
add FAQ about version numbers
Add support for automatic ECDH temporary key parameter selection. When enabled instead of requiring an application to hard code a (possibly inappropriate) parameter set and delve into EC internals we just automatically use the preferred curve.
Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr>
update rather ancient EVP digest documentation
make reinitialisation work for CMAC
fix reset fix
use different variable for chain iteration
Add options to set additional type specific certificate chains to s_server.
Partial workaround for PR#2771.
Additional workaround for PR#2771
correct error codes
recognise X9.42 DH certificates on servers
update FAQ
Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean.
PR: 2239 Submitted by: Dominik Oepen <oepen at informatik.hu-berlin.de>
correct old FAQ answers
check correctness of errors before updating them so we don't get bogus errors added
correct error code
update NEWS
oops, not yet ;-)
Submitted by: Peter Sylvester <peter.sylvester at edelweb.fr> Reviewed by: steve Improved localisation of TLS extension handling and code tidy.
Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
update FAQ
update NEWS
Don't try to use unvalidated composite ciphers in FIPS mode
Reported by: Solar Designer of Openwall
update FAQ
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to fix DoS attack.
PR: 2806 Submitted by: PK <runningdoglackey at yahoo.com>
PR: 2811 Reported by: Phil Pennock <openssl-dev at spodhuis.org>
PR: 2813 Reported by: Constantine Sapuntzakis <csapuntz at gmail.com>
print out issuer and subject unique identifier fields in certificates
New functions to retrieve certificate signatures and signature OID NID.
Initial record tracing code. Print out all fields in SSL/TLS records for debugging purposes. Needs "enable-ssl-trace" configuration option.
Make it possible to delete all certificates from an SSL structure.
fix clashing error code
oops, add -debug_decrypt option which was accidenatally left out
Add support for application defined signature algorithms for use with TLS v1.2. These are sent as an extension for clients and during a certificate request for servers.
Reorganise supported signature algorithm extension processing.
don't use pseudo digests for default values of keys
Add new "valid_flags" field to CERT_PKEY structure which determines what the certificate can be used for (if anything). Set valid_flags field in new tls1_check_chain function. Simplify ssl_set_cert_masks which used to have similar checks in it.
Function tls1_check_ec_server_key is now redundant as we make appropriate checks in tls1_check_chain.
Add certificate callback. If set this is called whenever a certificate is required by client or server. An application can decide which certificate chain to present based on arbitrary criteria: for example supported signature algorithms. Add very simple example to s_server. This fixes many of the problems and restrictions of the existing client certificate callback: for example you can now clear existing certificates and specify the whole chain.
recognise OPENSSL_NO_SSL_TRACE
Fix Win32 build.
remove unnecessary attempt to automatically call OPENSSL_init
Separate client and server permitted signature algorithm support: by default the permitted signature algorithms for server and client authentication are the same but it is now possible to set different algorithms for client authentication only.
no need to check s->server as default_nid is never used for TLS 1.2 client authentication
new function SSL_is_server to which returns 1 is the corresponding SSL context is for a server
add support for client certificate callbak, fix memory leak
cert_flags is unsigned
Fix memory leak.
PR: 2840 Reported by: David McCullough <david_mccullough at mcafee.com>
add missing evp_cnf.c file
Add new ctrl to retrieve client certificate types, print out details in s_client.
update trace messages
reinclude crypto.h: this is needed in HEAD only to get the __fips_constseg definition
New function ssl_set_client_disabled to set masks for any ciphersuites that are disabled for this session (as opposed to always disabled by configuration).
Don't ignore (\!) reference count in X509_STORE_free
add ssl_locl.h to err header files, rebuild ssl error strings
stop warning
set ciphers to NULL before calling cert_cb
update NEWS
Add support for certificate stores in CERT structure. This makes it possible to have different stores per SSL structure or one store in the parent SSL_CTX. Include distint stores for certificate chain verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN to build and store a certificate chain in CERT structure: returing an error if the chain cannot be built: this will allow applications to test if a chain is correctly configured.
typo
check EC tmp key matches preferences
Abort handshake if signature algorithm used not supported by peer.
Make tls1_check_chain return a set of flags indicating checks passed by a certificate chain. Add additional tests to handle client certificates: checks for matching certificate type and issuer name comparison.
add suite B chain validation flags and associated verify errors
Rename Suite B functions for consistency.
update ordinals
Add three Suite B modes to TLS code, supporting RFC6460.
PR: 2786 Reported by: Tomas Mraz <tmraz at redhat.com>
update debug-steve* configurations
New compile time option OPENSSL_SSL_TRACE_CRYPTO, when set this passes all derived keys to the message callback.
oops, typo
Add compilation flag to disable certain protocol checks and allow use of some invalid operations for testing purposes. Currently this can be used to sign using digests the peer doesn't support, EC curves the peer doesn't support and use certificates which don't match the type associated with a ciphersuite.
give more meaningful error if presented with wrong certificate type by server
make EC test certificates usable for ECDH
perform sanity checks on server certificate type as soon as it is received instead of waiting until server key exchange
Don't load GOST ENGINE if it is already loaded.
store and print out message digest peer signed with in TLS 1.2
new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client
New -valid option to add a certificate to the ca index.txt that is valid and not revoked
Extend certificate creation examples to include CRL generation and sample scripts running the test OCSP responder.
update README
fix memory leak
Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate change the current certificate (in s->cert->key) to the one used and then SSL_get_certificate and SSL_get_privatekey will automatically work.
fix memory leak
enhance EC method to support setting curve type when generating keys and add parameter encoding option
Add ctrl and utility functions to retrieve raw cipher list sent by client in client hello message. Previously this could only be retrieved on an initial connection and it was impossible to determine the cipher IDs of any uknown ciphersuites.
Add -brief option to s_client and s_server to summarise connection details.
Add -rev test option to s_server to just reverse order of characters received by client and send back to server. Also prints an abbreviated summary of the connection parameters.
If OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set allow the use of "SCSV" as a ciphersuite to position the SCSV value in different places for testing purposes.
New functions to check a hostname email or IP address against a certificate. Add options to s_client, s_server and x509 utilities to print results of checks.
oops, fix compilation errors in s_server
Don't require tag before ciphertext in AESGCM mode
add simple AES GCM code example
fix error code
fix ASN1_STRING_TABLE_add so it can override existing string table values
use correct year automatically
New config module for string tables. This can be used to add new multi string components (as used in DN fields or request attributes) or change the values of existing ones.
oops, add missing asn_mstbl.c
typo
correct error function code
contify
new feature: if ctx==NULL in SSL_CTX_ctrl perform syntax checking only for some operations (currently curves and signature algorithms)
add "missing" TLSv1.2 cipher alias
new command line option -stdname to ciphers utility
initial update of ciphers doc
update ciphers documentation to indicate implemented fixed DH ciphersuites
typo
add SSL_CONF functions and documentation
fix typos in SSL_CONF documentation
initial decription of GCM/CCM usage via EVP
Delegate command line handling for many common options in s_client/s_server to the SSL_CONF APIs.
fix error messages
remove redundant code from demo
PR: 2909 Contributed by: Florian Weimer <fweimer at redhat.com>
PR: 2880 Submitted by: "Florian Rüchel" <florian.ruechel at ruhr-uni-bochum.de>
add -naccept <n> option to s_server to automatically exit after <n> connections
document -naccept option
fix manual page file name
clarify docs
fix typo and warning
remove obsolete code
don't call gethostbyname if OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set
make depend
new function ASN1_TIME_diff to calculate difference between two ASN1_TIME structures
make depend
update docs for s_server/s_client
document -trace and -msgfile options
correct docs
update usage messages
with -rev close connection if client sends "CLOSE"
fix leaks
reorganise SSL_CONF_cmd manual page and update some links
first parameter is difference in days, not years
don't use psec or pdays if NULL
fix printout of expiry days if -enddate is used in ca
PR: 2908 Submitted by: Dmitry Belyavsky <beldmit at gmail.com>
Submitted by: Florian Weimer <fweimer at redhat.com> PR: 2909
Reorganise parameters for OPENSSL_gmtime_diff.
only use a default curve if not already set
use correct return values when callin cmd
curves can be set in both client and server
support -quiet with -msg or -trace
reject zero length point format list or supported curves extensions
Add support for printing out and retrieving EC point formats extension.
Don't display messages about verify depth in s_server if -quiet it set.
add Suite B 128 bit mode offering only combination 2
option to output corrupted signature in certificates for testing purposes
set cmdline flag in s_server
set auto ecdh parameter selction for Suite B
change inaccurate error message
Use default point formats extension for server side as well as client side, if possible.
Print out point format list for clients too.
New functions to set lookup_crls callback and to retrieve internal X509_STORE from X509_STORE_CTX.
Generalise OCSP I/O functions to support dowloading of other ASN1 structures using HTTP. Add wrapper function to handle CRL download.
constify
add wrapper function for certificate download
PR: 2803 Submitted by: jean-etienne.schwartz at bull.net
Add new test option set the version in generated certificates: this is needed to test some profiles/protocols which reject certificates with unsupported versions.
return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded
add option to get a certificate or CRL from a URL
New option to add CRLs for s_client and s_server.
add -badsig option to corrupt CRL signatures for testing too
if no error code and -brief selected print out connection closed instead of read error
don't check errno is zero, just print out message
oops, really check brief mode only ;-)
fix leak
check mval for NULL too
make -subj always override config file
initial support for delta CRL generations by diffing two full CRLs
don't print verbose policy check messages when -quiet is selected even on error
Integrate host, email and IP address checks into X509_verify.
Fix two bugs which affect delta CRL handling:
remove print_ssl_cert_checks() from openssl application: it is no longer used
Add code to download CRLs based on CRLDP extension.
fix handling of "automatic" in file mode
documentation fixes
really fix automatic ;-)
typo
send out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace
allow ECDSA+SHA384 signature algorithm in SUITEB128ONLY mode
add -badsig option to ocsp utility too.
revert SUITEB128ONLY patch, anything wanting to use P-384 can use SUITEB128 instead
add -cert_chain option to s_client
add -crl_download option to s_server
New verify flag to return success if we have any certificate in the trusted store instead of the default which is to return an error if we can't build the complete chain.
Use new partial chain flag instead of modifying input parameters.
apps/ocsp.c
oops, revert, committed in error
Add support for '-' as input and output filenames in ocsp utility.
typo
Return success when the responder is active.
Check chain is not NULL before assuming we have a validated chain.
add -rmd option to set OCSP response signing digest
Use client version when deciding which cipher suites to disable.
correct CHANGES
Update test OCSP script "tocsp" to use shell functions and to use December 17th as check date to avoid certificate expiry errors.
revert OCSP_basic_verify changes: they aren't needed now we support partial chain verification and can pass verify options to ocsp utility
add missing newline
Make partial chain checking work if we only have the EE certificate in the trust store.
Fix tocsp: we don't need -trust_other any more.
typo
missing tab
Portability fix: use BIO_snprintf and pick up strcasecmp alternative definitions from e_os.h
stop warning when compiling with no-comp
make JPAKE work again, fix memory leaks
make no-comp compile
Initial .gitignore
Change default bits to 1024
Typo (PR2959).
Don't include comp.h if no-comp set.
fix domd
Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set
Fix warning: lenmax isn't used any more.
Don't use C++ style comments.
Fix for trace code: SSL3 doesn't include a length value for encrypted premaster secret value.
Timing fix mitigation for FIPS mode. We have to use EVP in FIPS mode so we can only partially mitigate timing differences.
Add ordinal for CRYPTO_memcmp: since this will affect multiple branches it needs to be in a "gap". (cherry picked from commit 81ce0e14e72e8e255ad1bd9c7cfaa47a6291919c)
typo. (cherry picked from commit 34ab3c8c711ff79c2b768f0b17e4b2a78fd1df5d)
Don't access EVP_MD_CTX internals directly. (cherry picked from commit 04e45b52ee3be81121359cc1198fd01e38096e9f)
update FAQ
Fix in ssltest is no-ssl2 configured (cherry picked from commit cbf9b4aed3e209fe8a39e1d6f55aaf46d1369dc4)
Upate FAQ.
Update SSL_CONF docs.
Demo code for SSL_CONF API
Fix error codes.
Add function CMS_RecipientInfo_encrypt
Fix WIN32 build.
Initial CCM code.
typo
Add CCM ciphers to tables.
GCM and CCM test support
DTLS trace support.
Typo. (cherry picked from commit 1546fb780bc11556a18d70c5fb29af4a9d5beaff)
Encode INTEGER correctly.
DTLS revision.
Use appropriate versions of SSL3_ENC_METHOD
Use enc_flags when deciding protocol variations.
Typo.
Disable compression for DTLS.
Enable various DTLS extensions.
Extend DTLS method macros.
Remove versions test from dtls1_buffer_message
Provisional DTLS 1.2 support.
DTLS 1.2 cached record support.
Update fixed DH requirements.
Enable TLS 1.2 ciphers in DTLS 1.2.
Call RAND_cleanup in openssl application. (cherry picked from commit 944bc29f9004cf8851427ebfa83ee70b8399da57)
Typo.
Use $(PERL) when calling scripts in mk1mf.pl
Make TLS 1.2 ciphers work again.
Fix non-copy builds.
Asm build portability.
Set s->d1 to NULL after freeing it.
Dual DTLS version methods.
Always return errors in ssl3_get_client_hello
Suite B support for DTLS 1.2
Typo.
Reencode certificates in X509_sign_ctx.
Reencode with X509_CRL_ctx_sign too.
Fix PSS signature printing.
Typo.
Exetended OAEP support.
Add new OID to pSpecified from PKCS#1
Add control to retrieve signature MD.
Update to OAEP support.
CMS public key parameter support.
CMS RSA-OAEP and RSA-PSS support.
Add -keyopt option to cms utility.
Add new CMS tests.
Update cms docs.
Update CHANGES
Fix duplicate error code.
Initialise CMS signature buffer length properly.
Fix verify loop with CRL checking.
Avoid need to change function code.
Typo.
EVP support for wrapping algorithms.
Set CMS EnvelopedData version correctly.
CMS support for key agreeement recipient info.
Add new OIDs from RFC5753
Add support for X9.62 KDF.
Add support for ECDH KARI.
Return correct enveloped data type in ASN1 methods.
Custom key wrap option for cms utility.
Scripts to recreate S/MIME test certificates.
New CMS tests.
Temporarily disable ECDSA test.
Make ecdsatest work with nonces.
Algorithm parameter support.
Minor optimisation to KDF algorithm.
If present print j, seed and counter values for DH
Enhance DH dup functions.
Extend DH parameter generation support.
Add KDF for DH.
CMS RFC2631 X9.42 DH enveloped data support.
Add X9.42 DH certificate to S/MIME test
Add X9.42 DH test.
Update cms docs.
Add the server 'hang' issue to the FAQ
Return 1 when setting ECDH auto mode.
Make no-ec compilation work.
Don't run ECDH CMS tests if EC disabled.
Add documentation.
Typo: don't call RAND_cleanup during app startup. (cherry picked from commit 90e7f983b573c3f3c722a02db4491a1b1cd87e8c)
Correct ECDSA example.
Document -force_pubkey option.
Document supported curve functions.
Set TLS v1.2 disabled mask properly.
Experimental encrypt-then-mac support.
Document extension clash.
Partial path fix.
Remove ancient PATENTS section and FAQ reference.
DTLS version usage fixes.
Fix error code clashes.
Add functions to set ECDSA_METHOD structure.
Sync OID numbers with 1.0.2 branch.
RFC7027 (Brainpool for TLS) support.
Add test vectors from RFC7027
Fix warning.
Add brainpool curves to NID table too.
Prevent use of RSA+MD5 in TLS 1.2 by default.
Time value for various platforms.
Typo.
Extend SSL_CONF
Add demo for SSL server using SSL_CONF.
Modify sample accept.cnf
Fix various typos.
Update demos/bio/README
Constification.
Fix argument processing.
Add SSL_CONF command to set DH Parameters.
Update test server details.
Fix warning.
Fix warning.
Add -ecdh_single option.
Add brainpool curves to trace output. (cherry picked from commit bd80d0229c9a154f569b046365bc85d76b59cfc5)
Initialise context before using it. (cherry picked from commit a4947e4e064d2d5bb622ac64cf13edc4a46ed196)
Sync error codes with 1.0.2-stable
Enable PSK in FIPS mode.
Experimental workaround TLS filler (WTF) extension.
Check for missing components in RSA_check.
Add CMS_SignerInfo_get0_signature function.
Document RSAPublicKey_{in,out} options.
Fix for some platforms where "char" is unsigned.
Update FAQ with PGP note.
Update FAQ
Support setting of "no purpose" for trust.
Fix memory leak.
Allow match selecting of current certificate.
Flag to disable automatic copying of contexts.
Constify. (cherry picked from commit 1abfa78a8ba714f7e47bd674db53dbe303cd1ce7)
Use correct header length in ssl3_send_certifcate_request
Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set
New functions to retrieve certificate from SSL_CTX
Simplify and update openssl.spec
Add release dates to NEWS
remove obsolete STATUS file
Don't use rdrand engine as default unless explicitly requested. (cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)
Verify parameter retrieval functions.
Fix for partial chain notification.
Update to pad extension.
Add opaque ID structure.
Update demo.
Check EVP errors for handshake digests.
Ignore NULL parameter in EVP_MD_CTX_destroy. (cherry picked from commit a6c62f0c25a756c263a80ce52afbae888028e986)
Fix DTLS retransmission from previous session.
Canonicalise input in CMS_verify.
Update curve list size. (cherry picked from commit cfa86987a8d9d2b8cc5e5fea2d3260c46542cdb9)
Don't change version number if session established
Use algorithm specific chains for certificates.
Add ServerInfoFile to SSL_CONF, update docs.
Sync NEWS.
Add fix for CVE-2013-4353 (cherry picked from commit 6b42ed4e7104898f4b5b69337589719913b36404)
update NEWS
update FAQ
Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling.
Use rdrand as additional entropy source.
typo
Add new function SSL_CTX_get_ssl_method().
Support retries in certificate callback
Certificate callback doc.
Add cert callback retry test.
Compare encodings in X509_cmp as well as hash.
New function to set compression methods so they can be safely freed.
Add loaded dynamic ENGINEs to list.
Fix demo comment: 0.9.9 never released.
Check i before r[i].
typo
Clarify docs.
Demo of use of errors in applications.
New ctrl to set current certificate.
Add quotes as CC can contain spaces.
Return per-certificate chain if extra chain is NULL.
Oops, get selection logic right.
Return previous compression methods when setting them.
fix error discrepancy (cherry picked from commit a2317c3ffde3f1f73bd7fa3f08e420fb09043905)
Add suppot for ASCII with CRLF canonicalisation.
Don't do loop detection for self signed check.
Include TA in checks/callback with partial chains.
Remove duplicate statement.
Don't use getcwd in non-copy builds.
Restore SSL_OP_MSIE_SSLV2_RSA_PADDING
Don't use CRYPTO_AES_CTR if it isn't defined.
Remove references to o_time.h
make depend
Move CT viewer extension code to crypto/x509v3
make depend
fix WIN32 warnings (cherry picked from commit b709f8ef54b1c9ad513878ba0213aa651a9acef8)
Option to set current cert to server certificate.
New chain building flags.
Only set current certificate to valid values.
Avoid Windows 8 Getversion deprecated errors.
Add -show_chain option to print out verified chain.
Fix for v3_scts.c
Don't use BN_ULLONG in n2l8 use SCTS_TIMESTAMP. (cherry picked from commit 3678161d717d0f46c5b5b052a6d6a33438b1df00)
Fix for WIN32 builds with KRB5 (cherry picked from commit 3eddd1706a30cdf3dc9278692d8ee9038eac8a0d)
Add function to free compression methods.
Fix memory leak. (cherry picked from commit 124d218889dfca33d277404612f1319afe04107e)
PKCS#8 support for alternative PRFs.
For self signed root only indicate one error. (cherry picked from commit bdfc0e284c89dd5781259cc19aa264aded538492)
Remove -WX option from debug-VC-WIN32 (cherry picked from commit 7a3e67f029969620966b8a627b8485d83692cca5)
Simplify ssl_add_cert_chain logic.
typo
Fix for CVE-2014-0076
Update ordinals.
Workaround for some CMS signature formats.
Update chain building function.
Add -no_resumption_on_reneg to SSL_CONF. (cherry picked from commit 1f44dac24d1cb752b1a06be9091bb03a88a8598e)
Fix memory leak with client auth. (cherry picked from commit bc5ec653ba65fedb1619c8182088497de8a97a70)
Add functions returning security bits.
Auto DH support.
Allow return of supported ciphers.
Check return value of ssl3_output_cert_chain
Security framework.
Security callback debug print out.
Set security level to zero is ssltest
Set security level in cipher string.
Add initial security framework docs.
Don't try and verify signatures if key is NULL (CVE-2013-0166) Add additional check to catch this in ASN1_item_verify too. (cherry picked from commit 66e8211c0b1347970096e04b18aa52567c325200)
Document new crl option.
Use correct length when prompting for password.
Update FAQ.
Update security framework docs.
For more than 160 bits of security disable SHA1 HMAC
Set TLS padding extension value.
Document -verify_return_error option.
Add heartbeat extension bounds check.
Return if ssleay_rand_add called with zero num.
Update NEWS
ssleay_rand_add returns a value in 1.1.0
Fix free errors in ocsp utility.
Add new key fingerprint.
Clarify CMS_decrypt behaviour.
Extension checking fixes.
Document -debug_decrypt option.
Set Enveloped data version to 2 if ktri version not zero.
Initialize num properly.
Return an error if no recipient type matches.
Correct example.
Enc doesn't support AEAD ciphers. (cherry picked from commit 09184dddead165901700b31eb39d540ba30f93c5)
Fix bug in signature algorithm copy.
Adding padding extension to trace code.
For portability use BUF_strndup instead of strndup.
Change default cipher in smime app to des3.
Fix for PKCS12_create if no-rc2 specified.
Rename vpm_int.h to x509_lcl.h
Don't use expired certificates if possible.
Set version number correctly.
Don't compile heartbeat test code on Windows (for now).
Use correct digest when exporting keying material.
Set default global mask to UTF8 only.
Option to disable padding extension.
Recognise padding extension.
Allow reordering of certificates when signing.
Fix CVE-2014-3470
Fix CVE-2014-0221
Additional CVE-2014-0224 protection.
Fix for CVE-2014-0224
Fix for CVE-2014-0195
Update value to use a free bit.
Update NEWS.
Add official extension value.
Make tls_session_secret_cb work with CVE-2014-0224 fix.
Update strength_bits for 3DES.
SRP ciphersuite correction.
Fix null pointer errors.
Fix compilation with no-comp
Fix Windows build. (cherry picked from commit 5f4c5a902b0508eab235adecb34b236cdc0048a5)
Accept CCS after sending finished.
Remove ancient obsolete files under pkcs7.
Memory leak and NULL dereference fixes.
Fix OID encoding for one component.
Rebuild OID table.
Tolerate critical AKID in CRLs.
Fix for EVP_PBE_alg_add().
Don't disable state strings with no-ssl2
Typo.
Handle BER length encoding.
Clarify protocols supported.
Make no-ssl3 no-ssl2 do more sensible things.
Show errors on CSR verification failure.
Fix memory leak.
Don't core dump when using CMAC with dgst.
Fix copy for CCM, GCM and XTS.
Test copying of contexts in evp_test.
Accessor functions for app_data in ECDSA_METHOD
Make NO_SYS_UN_H compile.
Fix warning. (cherry picked from commit c97ec5631bb08a2171a125008d2f0d2a75687aaa)
Windows build fixes.
ASN1 sanity check.
Update ticket callback docs.
Remove all RFC5878 code.
typo (cherry picked from commit 2cfbec1caea8f9567bdff85d33d22481f2afb40a)
Add license info.
Don't limit message sizes in ssl3_get_cert_verify.
Sanity check keylength in PVK files.
s_server usage for certificate status requests
Document certificate status request options.
Usage for -hack and -prexit -verify_return_error
Fix typo.
Use more common name for GOST key exchange.
Use case insensitive compare for servername.
Don't allow -www etc options with DTLS.
Fix DTLS certificate requesting code.
Clarify -Verify and PSK.
Sanity check lengths for AES wrap algorithm.
Make *Final work for key wrap again.
RFC 5649 support.
Fix documentation for RSA_set_method(3)
Windows build fixes.
Add test header, sync ordinals with 1.0.2
Don't call setenv in gost2814789t.c
Add conditional unit testing interface.
Fix SRP ciphersuite DoS vulnerability.
Fix SRP buffer overrun vulnerability.
Check SRP parameters early.
Test SRP authentication ciphersuites.
Fix SRP authentication ciphersuites.
Include error messages on extension check failure.
Revision of custom extension code.
fix warning
Custom extension revision.
Add custom extension sanity checks.
Remove serverinfo checks.
Callback revision.
New extension callback features.
New function SSL_extension_supported().
Use consistent function naming.
Rename some callbacks, fix alignment.
Custom extension documentation.
Fix comments, add new test.
sync ordinals with 1.0.2
Add CHANGES entry for SCT viewer code.
Fix warning.
Use correct function name: CMS_add1_signer()
Add additional DigestInfo checks.
Add additional explanation to CHANGES entry.
Parse custom extensions after internal extensions.
Disable encrypt them mac for SSL 3.0 and stream ciphers (RC4 only).
Remove reference to deleted md4.c
Fix for session tickets memory leak.
Process signature algorithms in ClientHello late.
Copy negotiated parameters in SSL_set_SSL_CTX.
Fix WIN32 build by disabling bn* calls.
Fix cross reference table generator.
Add SSL_CONF support to ssltest.
Additional output for ssltest.
Prevent use of binary curves when OPENSSL_NO_EC2M is defined
Process signature algorithms before deciding on certificate.
Only handle RI extension for SSLv3
New option no-ssl3-method which removes SSLv3_*method
Fix excert logic.
Fix SuiteB chain checking logic.
Print out Suite B status.
Remove some unnecessary OPENSSL_FIPS references
Remove fipscanister from Configure, delete fips directory
Remove fipscanister build functionality from makefiles.
Remove fips utility build rules from test/Makefile
Remove FIPSCANISTERINTERNAL reference.
Remove OPENSSL_FIPSCANISTER code.
remove unnecessary OPENSSL_FIPS reference
remove another FIPSCANISTER reference
Remove fips_constseg references.
Remove fips.h reference.
make depend
Remove FIPS error library from openssl.ec mkerr.pl
remove FIPS module code from crypto/rsa
remove FIPS module code from crypto/dsa
Remove FIPS module code from crypto/dh
remove FIPS module code from crypto/ecdsa
remove FIPS module code from crypto/ecdh
remove FIPS module code from crypto/bn
remove FIPS module code from crypto/evp
remove FIPS_*_SIZE_T
remove OPENSSL_FIPSAPI
Remove references to deleted fips directory from Makefile.org
Remove fips directories from mkfiles.pl
Reject invalid constructed encodings.
Clear existing extension state.
Remove MS SGC
Remove SGC restart flag.
Fix various certificate fingerprint issues.
Constify ASN1_TYPE_cmp add X509_ALGOR_cmp.
update ordinals
ECDH downgrade bug fix.
Only allow ephemeral RSA keys in export ciphersuites.
fix compilation error
RT3662: Allow leading . in nameConstraints
use correct function name
use correct credit in CHANGES
fix error discrepancy
Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record.
Unauthenticated DH client certificate fix.
For master windows build dsa.h is now needed.
Remove use of BN_init, BN_RECP_CTX_init from bntest
Emilia Kasper (40):
Allow duplicate certs in ssl_build_cert_chain
Fix OID handling:
make depend
Fix build when BSAES_ASM is defined but VPAES_ASM is not
define inline for Visual Studio
Improve EVP_PKEY_sign documentation
RT3061: slightly amend patch
RT 3060: amend patch
Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey
Constant-time utilities
Make the inline const-time functions static.
Add i2d_re_X509_tbs
make update
Note i2d_re_X509_tbs and related changes in CHANGES
make update
RT3066: rewrite RSA padding checks to be slightly more constant time.
RT3067: simplify patch
RT3425: constant-time evp_enc
Add missing tests
Fix ssltest logic when some protocols are compiled out.
Sync CHANGES
Add missing CHANGES interval [1.0.1h, 1.0.1i]
Tighten session ticket handling
Reset s->tlsext_ticket_expected in ssl_scan_serverhello_tlsext. This ensures that it's zeroed even if the SSL object is reused (as in ssltest.c). It also ensures that it applies to DTLS, too.
Set s->hit when resuming from external pre-shared secret.
Remove ssl3_check_finished.
Always require an advertised NewSessionTicket message.
Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state.
Clean up CHANGES
Fix broken build
Reject elliptic curve lists of odd lengths.
Add extra checks for odd-length EC curve lists.
Clarify the return values for SSL_get_shared_curve.
Fix unused variable warning
Check for invalid divisors in BN_div.
Build fixes
Revert "RT3425: constant-time evp_enc"
Add a comment noting the padding oracle.
Add a clang build target for linux-x86_64
Only inherit the session ID context in SSL_set_SSL_CTX if the existing context was also inherited (matches that of the existing SSL_CTX).
Emilia Käsper (1):
Fix DTLS anonymous EC(DH) denial of service
Eric Young (1):
Fix base64 decoding bug.
Erik Auerswald (1):
RT3301: Discard too-long heartbeat requests
Felix Laurie von Massenbach (18):
Add a new target to Configure for me.
Strip trailing whitespace from Configure.
Remove indentation from the goto targets.
Remove static from probable_prime_dh.
Add speed test for prime trial division.
Tidy up speed.c a little.
Run the prime speed tests for 10 seconds.
Add a method to generate a prime that is guaranteed not to be divisible by 3 or 5.
Generate safe primes not divisible by 3, 5 or 7.
Add python script to generate the bits needed for the prime generator.
Remove editor barf on updating copyright.
Try skipping over the adding and just picking a new random number.
Refactor the first prime index.
Only count successful generations.
Remove unused BIGNUMs.
Add a test to check we're really generating probable primes.
Fix shadow declaration.
Fix signed/unsigned comparisons.
František Bořánek (1):
Fix memory leak.
Frédéric Giudicelli (1):
RT783: Minor optimization to ASN1_INTEGER_set
Gabor Tyukasz (1):
Fix race condition in ssl_parse_serverhello_tlsext
Geoff Keating (1):
RT1909: Omit version for v1 certificates
Geoff Thorpe (421):
Gets around VC++ compiler pickiness. (long != double)
More VC++ pickiness. (destest.c doesn't have a "return" and the usual signed/unsigned stuff in s3_pkt.c)
another one done.
This is a set of startup code for the DSO support, it's not yet linked into the build process (an upcoming commit no doubt), and is very much *new* code - what that means is that it compiles ok - usually. It certainly doesn't mean it runs well or even properly yet. Please don't muck round with this unless you're looking to help out and hunt bugs. :-)
This commit ties the new DSO code (crypto/dso/) into the build for a variety of platforms. A few are missing, and they will be added in eventually, but as this is new stuff, it was better to not break lots of platforms in one go that we can't easily test. The changes to "Configure" should illustrate how to add support to other systems if you feel like having a go.
Better make a note of what's going on ... :-)
This helps make the DSO stuff more portable; * "no-dso" option available in Configure so that all DSO methods will return NULL, overriding any support the platform might otherwise have built. * dlfcn_no_h config string now available rather than just dlfcn. This is for platforms that have dlfcn.h functions but do not have (or need) the dlfcn.h header file.
I forgot about $openssl_other_defines ... should probably do this for consistency. Not sure though whether HAVE_DLFCN_H should be included too? If we go the autoconf route then this probably wouldn't be included.
Constification, and a silly mistake in the comments.
This change facilitates name translation for shared libraries. The technique used is far from perfect and alternatives are welcome. Basically if the translation flag is set, the string is not too long, and there appears to be no path information in the string, then it is converted to whatever the standard should be for the DSO_METHOD in question, eg; blah --> libblah.so on *nix, and blah --> blah.dll on win32.
Thanks to "make update" ...
Previously, the default RSA_METHOD was NULL until the first RSA structure was initialised, at which point an appropriate default was chosen. This meant a call to RSA_get_default_method might have returned FALSE.
The handling of DSA_METHOD and DH_METHOD wasn't quite as problematic as with RSA_METHOD (the **_get_default_methods do set the default value if it's not set). However, the code had some duplication and was a bit conter-intuitive.
This case in the "dso_unload" handlers should not be reported as an error - if a DSO_load(NULL,...) operation fails, it will have to call DSO_free() on the DSO structure it created and that will filter through to this "unload" call.
cvs update
oops.
This declaration seems to have been added into the header file accidently. There's no trace of it being implemented and it doesn't seem to have been intended given that it is prototyped with a BIO yet there was a BIO- specific version added in at the same time.
It seems that mktime does what is required here. Certainly timegm() can not be used because it is not available on all systems (most notably, win32).
another warning.
Minor corrections to documentation.
"make update"
All the little functions created by the IMPLEMENT_STACK_OF() macro will cast their type-specific STACK into a real STACK and call the underlying sk_*** function. The problem is that if the STACK_OF(..) parameter being passed in has a "const *" qualifier, it is discarded by the cast.
sk_value was also suffering from de-const-ification. Also, add in a couple of missing declarations in pkcs7 code.
sk_***_new_null() seems to be there to avoid exactly this sort of thing which is a cast between NULL and a function pointer.
This is the first of two commits (didn't want to dump them all into the same one). However, the first will temporarily break things until the second comes through. :-)
The previous commit to crypto/stack/*.[ch] pulled the type-safety strings yet tighter, and also put some heat on the rest of the library by insisting (correctly) that compare callbacks used in stacks are prototyped with "const" parameters. This has led to a depth-first explosion of compiler warnings in the code where 1 constification has led to 3 or 4 more. Fortunately these have all been resolved to completion and the code seems cleaner as a result - in particular many of the _cmp() functions should have been prototyped with "const"s, and now are. There was one little problem however;
This change will cause builds (by default) to not use different STACK structures and functions for each stack type. The previous behaviour can be enabled by configuring with the "-DDEBUG_SAFESTACK" option. This will also cause "make update" (mkdef.pl in particular) to update the libeay.num and ssleay.num symbol tables with the number of extra functions DEBUG_SAFESTACK creates.
"make update" + stripping the type-specific stack functions out of libeay.num and ssleay.num.
Enable DSO support on alpha (OSF1), cc and gcc.
The atalla functionality doesn't work with the "word" version of BN_mod_exp. Call the regular atalla mod_exp operation instead.
Currently the DSO_METHOD interface has one entry point to bind all "symbols" including functions (of all prototypes( and variables. Whilst casting any function type to another violates ANSI C (I believe), it is a necessary evil in shared-library APIs. However, it is quite conceivable that functions in general and data symbols could very well be represented differently to each other on some systems, as Bodo said;
'make update'
* This adds some checking to the 'dlfcn' DSO_METHOD that at least lets it cope with OpenBSD which doesn't understand "RTLD_NOW". * Added the dso_scheme config string entry for OpenBSD-x86 to give it DSO support. * 'make update' that has also absorbed some of Steve's mkstack changes for the ASN-related macros.
Steve fixed up some strange errors introduced into dso_win32.c, and I'm just converting some spaces to tabs from his fix. :-)
Time to get rid of some rather silly code duplication - some DSO_ctrl() commands are common to all DSO_METHODs, hence handle them at the top.
None of the DSO_METHOD's were handling anything except generic messages. These are now processed inside DSO_ctrl() itself.
DSO_ctrl() changes have removed a couple of DSO_METHOD-specific functions so I've regenerated the error numbers and strings for the DSO functions.
This changes the behaviour of the DSO mechanism for determining an appropriate filename translation on the host system. Apart from this point, users should also note that there's a slight change in the API functions too. The DSO now contains its own to-be-converted filename ("dso->filename"), and at the time the DSO loads the "dso->loaded_filename" value is set to the translated form. As such, this also provides an impicit way of determining if the DSO is currently loaded or not. Except, perhaps, VMS .... :-)
Add a note about the recent DSO changes in CHANGES.
DSO_load() should also work when it is passed a NULL - a new DSO is created automatically, however some code was still referring to the original pointer rather than the internal one (and thus to NULL instead of the created pointer).
This is a demo that performs SSL tunneling (client and/or server) and is built using an abstracted state machine with a non-blocking IP wrapper around it. README will follow in the next commit.
Explanation, tips, etc.
oops, remove comments that are no longer true.
Richard moved hw_nuron.c over to DSO-land recently, so this include isn't needed now.
Many applications that use OpenSSL with ENGINE support might face a situation where they've initialised the ENGINE, loaded keys (which are then linked to that ENGINE), and performed other checks (such as verifying certificate chains etc). At that point, if the application goes multi-threaded or multi-process it creates problems for any ENGINE implementations that are either not thread/process safe or that perform optimally when they do not have to perform locking and other contention management tasks at "run-time".
I have no idea how this comment got there, but it's certainly not applicable to ENGINE_ctrl()
Ensure that the "ex_data" member of an RSA structure is initialised before the RSA_METHOD's "init()" handler is called, and is cleaned up after the RSA_METHOD's "finish()" handler is called. Custom RSA_METHODs may wish to initialise contexts and other specifics in the RSA structure upon creation and that was previously not possible - "ex_data" is where that stuff should go and it was being initialised too late for it to be used.
It was a small change, but it *could* conceivably affect people - so I'm making a note in the CHANGES file.
A typo and a couple of logic errors fixed. I think there may still be one or two kinks lurking around, but it now appears to deal with the basic test cases ok.
Minor tweaks and improvements to the tunala demo.
Make s_client/s_server-style cert verification output configurable by command line, and make the peer-authentication similarly configurable.
More little changes to the tunala demo;
Do to DH and DSA what has already been done to RSA. This involves moving the initialisation and cleanup of "ex_data" elements to before an init() handler and after a finish() handler respectively.
Amend the original CHANGES log entry. The ex_data handling has been similarly modified now on DH and DSA.
* Fix a slight bug in the state-machine. This caused the client end of a tunnel to not pro-actively close down when failing an SSL handshake.
First step in tidying up the LHASH code. The callback prototypes (and casts) used in the lhash code are about as horrible and evil as they can be. For starters, the callback prototypes contain empty parameter lists. Yuck.
Next step in tidying up the LHASH code. This commit defines DECLARE and IMPLEMENT macros for defining wrapper functions for "hash" and "cmp" callbacks that are specific to the underlying item type in a hash-table. This prevents function pointer casting altogether, and also provides some type-safety because the macro does per-variable casting from the (void *) type used in LHASH itself to the type declared in the macro - and if that doesn't match the prototype expected by the "hash" or "cmp" function then a compiler error will result.
Use the new LHASH macros to declare type-safe wrapper functions that can be used as the hash/compare callbacks without function pointer casting.
Make the remaining LHASH macro changes. This should leave no remaining cases of function pointer casting in lh_new() calls - and leave only the lh_doall and lh_doall_arg cases to be finished.
Make a note of the LHASH changes.
Update the documentation to the current state of the LHASH changes. There will probably be more when the lh_doall[_arg] callbacks are similarly tidied up, but this 'pod' should now be current.
ANSI C doesn't allow trailing semi-colons after a function's closing brace so these macros probably shouldn't be used like that at all. So, this change removes the misleading comment and also adds an implicit trailing semi-colon to the DECLARE macros so they too don't require one.
Sync up with a minor change in lhash.h
Next step in tidying up the LHASH code.
This is an engine contributed by Broadcom - it is meant to support the BCM5805 and BCM5820 units. So far I've merely taken a skim over the code and changed a few things from their original contributed source (de-shadowing variables, removing variables from the header, and re-constifying some functions to remove warnings). If this gives compilation problems on any system, please let me know. We will hopefully know for sure whether this actually functions on a system with the relevant hardware in a day or two. :-)
Make a note of the new engine.
Some minor changes to the "tunala" demo.
This adds support to 'tunala' for supplying DH parameters (without which it will not support EDH cipher suites). The parameters can either be loaded from a file (via "-dh_file"), generated by the application on start-up ("-dh_special generate"), or be standard DH parameters (as used in s_server, etc).
Re-order the options in tunala and add command switches like s_server for disabling different SSL/TLS protocol versions.
Whilst in the process of fixing outstanding function-pointer casts in the LHASH code, this evil was uncovered. The cast was obscuring the fact that the function was prototyped to take 2 parameters when in fact it is being used as a callback that should take only one. Anyway, the function itself ignores the second parameter (thankfully). A proper cure is on the way but for now this corrects the inconsistency.
This adds macros to implement (and/or declare) type-safe wrapper functions around the callbacks required in the LHASH code for the "doall" functions.
Get rid of the function pointer casting in the debugging memory code due to LHASH usage. NB: The callback type used as been suctioned off into crypto.h as CRYPTO_MEM_LEAK_CB to improve clarity.
Move all the existing function pointer casts associated with LHASH's two "doall" functions to using type-safe wrappers. As and where required, this can be replaced by redeclaring the underlying callbacks to use the underlying "void"-based prototypes (eg. if performance suffers from an extra level of function invocation).
It was correctly pointed out to me that my CHANGES entry was a little thin on details. :-)
oops, void functions shouldn't try and return a value. Strangely, gcc didn't even give a warning for this yet HPUX cc considered it an error. Reported by Lutz(@openssl.org).
Update the LHASH man page.
Insert a missing space to stop pod2man giving stroppy "malformed" warnings.
This change was a quick experiment that I'd wanted to try that works quite well (and is a good demonstration of how encapsulating the SSL in a memory-based state machine can make it easier to apply to different situations).
Re-order a couple of static functions and "#if 0" out unused ones - this gets rid of gcc warnings.
The callbacks in the NAME_FUNCS structure are not used directly as LHASH callbacks, and their prototypes were consistent as they were. These casts need reversing.
'make update'
This change allows a callback to be used to override the generation of SSL/TLS session IDs in a server. According to RFC2246, the session ID is an arbitrary value chosen by the server. It can be useful to have some control over this "arbitrary value" so as to choose it in ways that can aid in things like external session caching and balancing (eg. clustering). The default session ID generation is to fill the ID with random data.
This adds command-line support to s_server for controlling the generation of session IDs. Namely, passing "-id_prefix <text>" will set a generate_session_id() callback that generates session IDs as random data with <text> block-copied over the top of the start of the ID. This can be viewed by watching the session ID s_client's output when it connects.
Note changes re: session ID generation callbacks, etc.
If a callback is generating a new session ID for SSLv2, then upon exiting, the ID will be padded out to 16 bytes if the callback attempted to generate a shorter one. The problem is that the uniqueness checking function used in callbacks may mistakenly think a 9-byte ID is unique when in fact its padded 16-byte version is not. This makes the checking function detect SSLv2 cases, and ensures the padded form is checked rather than the shorter one passed by the callback.
Fix an oversight - when checking a potential session ID for conflicts with an SSL_CTX's session cache, it is necessary to compare the ssl_version at the same time (a conflict is defined, courtesy of SSL_SESSION_cmp(), as a matching id/id_length pair and a matching ssl_version). However, the SSL_SESSION that will result from the current negotiation does not necessarily have the same ssl version as the "SSL_METHOD" in use by the SSL_CTX - part of the work in a handshake is to agree on an ssl version!
I missed one.
Don't return an error until the global lock is released.
Actually there were two error cases that could return without releasing the lock - stupidly, my last change addressed only one of them.
ENGINE_load_[private|public]_key had error handling that could return without releasing a lock. This is the same fix as applied to OpenSSL-engine-0_9_6-stable, minus the ENGINE_ctrl() change - the HEAD already had that fixed.
'make update'
This moves string constants out of vendor headers and into C files.
Structural references should never be decremented directly - so leave that to ENGINE_free(). Also, remove "#if 0" code that has no useful future.
Some more tweaks to ENGINE code.
Some more tweaks to ENGINE code.
Some more tweaks to ENGINE code.
Some more tweaks from ENGINE code.
Make the shared library name and function symbol for the "nuron" ENGINE static data where they could be parameterised by ctrl() commands.
Make a note of the recent ENGINE developments.
Some more tweaks to ENGINE code.
Some BIG tweaks to ENGINE code.
Some more tweaks to ENGINE code.
Changes to "openssl engine" to support the new control command code in ENGINE.
Add notes about the new ENGINE functionality.
Make update.
This change to the "dl", "dlfcn", and "win32" DSO_METHODs adds the filename or symbol name to the error stack in the event a load or bind operation failed.
This adds 2 things to the ENGINE code.
Make notes about ENGINE changes.
"make update"
Some fixes to the reference-counting in ENGINE code. First, there were a few statements equivalent to "ENGINE_add(ENGINE_openssl())" etc. The inner call to ENGINE_openssl() (as with other functions like it) orphans a structural reference count. Second, the ENGINE_cleanup() function also needs to clean up the functional reference counts held internally as the list of "defaults" (ie. as used when RSA_new() requires an appropriate ENGINE reference). So ENGINE_clear_defaults() was created and is called from within ENGINE_cleanup(). Third, some of the existing code was logically broken in its treatment of reference counts and locking (my fault), so the necessary bits have been restructured and tidied up.
For some inexplicable reason, I'd (a) left the debugging irreversibly turned on, and (b) left a somewhat curious debugging string in the output.
In RSA, DSA, DH, and RAND - if the "***_new()" function fails because the ENGINE code does not return a default, set an error.
Fix a memory leak in 'sk_dup' in the case a realloc() fails. Also, tidy up a bit of weird code in sk_new.
openssl speed is quite useful for testing hardware support (among other things), especially as the RSA keys are fixed. However, DSA only fixes the DSA parameters and then generates the public and private components on the fly each time - this commit hard-codes some sampled key values so that this is no longer the case.
Currently, RSA code, when using no padding scheme, simply checks that input does not contain more bytes than the RSA modulus 'n' - it does not check that the input is strictly *less* than 'n'. Whether this should be the case or not is open to debate - however, due to security problems with returning miscalculated CRT results, the 'rsa_mod_exp' implementation in rsa_eay.c now performs a public-key exponentiation to verify the CRT result and in the event of an error will instead recalculate and return a non-CRT (more expensive) mod_exp calculation. As the mod_exp of 'I' is equivalent to the mod_exp of 'I mod n', and the verify result is automatically between 0 and n-1 inclusive, the verify only matches the input if 'I' was less than 'n', otherwise even a correct CRT calculation is only congruent to 'I' (ie. they differ by a multiple of 'n'). Rather than rejecting correct calculations and doing redundant and slower ones instead, this
changes the equality check in the verification code to a congruence check.
Tidy up "cvs update" output a bit.
- New INSTALL document describing different ways to build "tunala" and possible problems. - New file breakage.c handles (so far) missing functions. - Get rid of some signed/unsigned/const warnings thanks to solaris-cc - Add autoconf/automake input files, and helper scripts to populate missing (but auto-generated) files.
The indexes returned by ***_get_ex_new_index() functions are used when setting stack (actually, array) values in ex_data. So only increment the global counters if the underlying CRYPTO_get_ex_new_index() call succeeds. This change doesn't make "ex_data" right (see the comment at the head of ex_data.c to know why), but at least makes the source code marginally less frustrating.
The indexes returned by ***_get_ex_new_index() functions are used when setting stack (actually, array) values in ex_data. So only increment the global counters if the underlying CRYPTO_get_ex_new_index() call succeeds. This change doesn't make "ex_data" right (see the comment at the head of ex_data.c to know why), but at least makes the source code marginally less frustrating.
Give DH, DSA, and RSA functions to "up" their reference counts. Otherwise, dependant code has to directly increment the "references" value of each such structure using the corresponding lock. Apart from code duplication, this provided no "REF_CHECK/REF_PRINT" checking and violated encapsulation.
Changes crypto/evp/ and ssl/ code from directly incrementing reference counts in DH, DSA, and RSA structures. Instead they use the new "***_up()" functions that handle this.
Make a note of the "up" functions.
This changes the "ERR" code to have all access to state (a hash table of error strings and a hash table storing per-thread error state) go via an ERR_FNS function table. The first time an ERR operation occurs, the implementation that will be used (from then on) is set to the internal "defaults" implementation if it has not already been set. The actual LHASH tables are only accessed by this implementation.
Note the "ERR" changes.
Tidy up some code formatting.
gcc can't spot that 'derlst' is not used uninitialised, so appease it.
"make update"
Make sure "CRYPTO_mem_leaks_fp" doesn't itself create a reportable memory leak.
Ensure that failure to create the BIO in 'CRYPTO_mem_leaks_fp' doesn't leave memory debugging turned off. [Spotted by Götz Babin-Ebell]
(A version of) gcc had been giving somewhat odd "trigraph" warnings about this construct, and Ulf provided the following insight as to why;
Only OPENSSL_free() non-NULL pointers.
First step in fixing "ex_data" support. Warning: big commit log ...
Make the necessary changes to work with the recent "ex_data" overhaul. See the commit log message for that for more information.
Note the "ex_data" changes.
Convert "max" to "mx" for variable names (brought to my attention by Steve Henson). Also, reverse a previous change that used an implicit function pointer cast rather than an explicit data pointer cast in the STACK cleanup code.
Correct a typo.
Add a new ERR function, "ERR_unload_strings", to complement the existing "ERR_load_strings" function.
Note the "ERR_unload_strings" function.
This change adds a new ENGINE called "dynamic" that allows new ENGINE implementations to be loaded from self-contained shared-libraries. It also provides (in engine.h) definitions and macros to help implement a self-contained ENGINE. Version control is handled in a way whereby the loader or loadee can veto the load depending on any objections it has with each other's declared interface level. The way this is currently implemented assumes a veto will only take place when one side notices the other's interface level is too *old*. If the other side is newer, it should be assumed the newer version knows better whether to veto the load or not. Version checking (like other "dynamic" settings) can be controlled using the "dynamic" ENGINE's control commands. Also, the semantics for the loading allow a shared-library ENGINE implementation to handle differing interface levels on the fly (eg. loading secondary shared-libraries depending
on the versions required).
This changes the existing hardware ENGINE implementations to dynamically declare their own error strings so that they can be more easily compiled as external shared-libraries if desired. Also, each implementation has been given canonical "dynamic" support at the base of each file and is only built if the ENGINE_DYNAMIC_SUPPORT symbol is defined.
Add a "_up" -> "_up_ref" change to libeay.num that was missing from the recent changes. Also, do the same change to the DSO_up() function.
Make the 'dynamic' ENGINE bundle up the loading application/library's locking callbacks to pass to the loaded library (in addition to the existing mem, ex_data, and err callbacks). Also change the default implementation of the "bind_engine" function to apply those callbacks, ie. the IMPLEMENT_DYNAMIC_BIND_FN macro.
Update the ENGINE README, and stock it up with extra verbeage for good measure (including info and instructions on "dynamic" ENGINEs).
"DH_up" had been changed to "DH_up_ref" in libeay.num but the function declaration and implementation had not. So a recent update recreated the original definition in libeay.num ... this corrects it and changes the "dh" code to the "up_ref" variant.
Change DH_up() -> DH_up_ref()
Add some missing CHANGES items.
ENGINE's init() and finish() handler functions are used when the ENGINE is being enabled or disabled (respectively) for operation. Additionally, each ENGINE has a constructor function where it can do more 'structural' level intialisations such as loading error strings, creating "ex_data" indices, etc. This change introduces a handler function that gives an ENGINE a corresponding opportunity to cleanup when the ENGINE is being destroyed. It also adds the "get/set" API functions that control this "destroy" handler function in an ENGINE.
This adds "destroy" handlers to the existing ENGINEs that load their own error strings - the destroy handler functions unload the error strings so any pending error state referring to them will not attempt to reference them after the ENGINE has been destroyed.
ENGINEs can now perform structural cleanup.
enginetest needs 'memset' defined.
Put all "common" initialisation in the apps_startup() and apps_shutdown() macros in apps.h.
make update
ENGINE files were renamed, and error strings are now in eng_err.c
ENGINE uses a very opaque design, so we can predeclare the structure type in "types.h" so that very few headers will need to include engine.h, generally only C files using API functions will need it (reducing the header dependencies quite a lot).
Reduce the header dependencies on engine.h in apps/.
Updated dependencies from "make update"
'evp_test' needs to initialise and cleanup EVP_CIPHER_CTX structures. Also, fix a typo and add cleanup operations. This also switches on memory leak checking (which is how the rest was found).
Add a SHA1 test to evptests.txt - only the MD5 hash algorithm was being tested previously.
Fix a typo in the preprocessor logic in eng_list.c that had left RSA, DSA, and DH all conditional upon OPENSSL_NO_RSA.
Some of the ENGINE file names were changed for 8.3 filename uniqueness recently. So comments including file names have been fixed, and copyright notices brought up to "2001" at the same time.
"make update"
Some major restructuring changes to ENGINE, including integrated cipher and digest support, are on their way. Rather than having gigantic commit log messages and/or CHANGES entries, this change to the README will serve as an outline of what it all is and how it all works.
This change replaces the ENGINE's underlying mechanics with the new ENGINE_TABLE-based stuff - as described in crypto/engine/README.
This commits the changes to STACK macros forced by recent ENGINE surgery.
This commits changes to various parts of libcrypto required by the recent ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE pointers to manage their hooking with ENGINE. Previously their use of "method" pointers was replaced by use of ENGINE references. See crypto/engine/README for details.
Make necessary tweaks to apps/ files due to recent ENGINE surgery. See crypto/engine/README for details.
"make update".
indentation.
This change adds cipher and digest support into ENGINE using the ENGING_TABLE mechanism. The necessary hooks from crypto/evp/ to use this will be committed shortly.
This changes EVP's cipher and digest code to hook via the ENGINE support. See crypto/engine/README for details.
This change adds dummy RC4 and SHA1 support to the "openssl" ENGINE for testing. Because of the recent changes (see crypto/engine/README), the "openssl" ENGINE is no longer needed nor is it loaded automatically or by ENGINE_load_builtin_engines(). So a explicit ENGINE_load_openssl() call is required by applications or a modification to eng_all.c before this ENGINE will be used. This change will send output to stderr as/when its implementations are used.
This change puts the original OpenBSD /dev/crypto support that was in crypto/evp/ into the corresponding ENGINE. This code is currently untested.
Fiddling.
Put the cipher info back into the "openssl engine" command.
Make update to bring in all the cipher/digest-related ENGINE changes. NB: It looks like mkdef.pl is causing certain cvs wars by continually flipping the order of some definitions ...
"FALLBACK" handling was a hack that was thrown out long ago in the ENGINE redevelopment. The idea had been that "-1" could be used as a special "ask me later" 'nid' rather than specifying supported cipher and digest 'nid's up front. However the idea turned out to be pretty broken.
ENGINE_register_all_complete() will register all implementations of all algorithms present in all loaded ENGINEs. The result is that if any of those ENGINEs successfully initialises, and the ENGINE_TABLE_FLAG_NOINIT flag isn't set, then they will always be used (and cached as defaults) in preference to software implementations. Ie. accidental auto-detection of acceleration hardware :-)
Make "openssl engine -c" list any supported digests as well as supported ciphers.
Make an (overdue) note about the recent ENGINE restructuring. Apart from a few items however, most of the details are deferred to the crypto/engine/README file.
The STACK macros take care of casting to and from the designated item type of the stack, and the (void *) type used in the underlying sk_*** functions. However, declaring a STACK_OF(type) where type is a *function* type implicitly involves casts between function pointers and data pointers. That's a no-no. This changes the ENGINE_CLEANUP handling to use a regular data type in the stack.
The cleanup stack in ENGINE changed slightly, so this "make update" is needed.
Missing pointer in the eng_table_register function. Reported by Martin Szotkowski.
Make sure the "ENGINE_TABLE" cleanup callbacks have correct prototypes.
As ENGINE_load_openbsd_dev_crypto() is an API function, it makes sense for it to be defined on all platforms whether or not it is of any practical use on them. This also resolves linker problems on "special" platforms, such as win32.
EVP_EncryptInit_ex() and EVP_DecryptInit_ex() had been defined in evp.h but not implemented. (Bug reported by Martin Szotkowski)
Change some EVP prototypes to use "cipher" rather than "type" as a variable name. The implementations already use this anyway.
evp_test.c and evptests.txt both need to be linked in the test/ directory however for different reasons. This separation should prevent the win32 build from interpreting evptests.txt as source code.
'flags' should only be set inside DSO_load() if constructing a new DSO object - otherwise we overwrite any flags that had been previously set in the DSO before calling DSO_load().
The "openssl" ENGINE is no longer used except as a testing/debugging device. This change enables it for building as a self-contained "dynamic" ENGINE, to help testing such mechanisms.
When the "dynamic" ENGINE loads another ENGINE from a shared-library, it essentially overwrites itself with the new ENGINE, with the exception of reference counts, ex_data structures, and other 'admin' elements. However if the new ENGINE doesn't populate certain elements, there's the risk of the "dynamic" ENGINE's elements showing through - the "cmd_defns" were just one of the possibilities. This implements a more comprehensive cleanup.
In this particular error condition, the structural reference wasn't being released.
Cut "ENGINE_ID" to the more concise "ID".
This looks to have been a typo.
Constify.
- Add the same header stuff to aes_locl.h as is in des_locl.h to avoid undefined functions (memset, etc). - Put a .cvsignore in the aes directory too.
- libtool finally annoyed me too much, so I'm nuking it, - tidy up some output, - print a warning when running an SSL server with no cert, - only log each connect/disconnect if the new "-out_conns" switch is used.
- Network errors could pollute the buffers because -1 isn't noticed in an "unsigned int". - Remove redundant processing with machine->ssl is NULL. - Remove compiler warnings about uninitialised 'ctx' (it's not used uninitialised, but gcc can't see that).
The sample certs had expired, so these are newer ones that should last quite a bit longer.
Produce less confusing statistics when "-out_totals" is used.
Correct for the recent prototype changes.
The 'type' parameter, an EVP_MD pointer, represents the type of digest required as well as a default implementation (when no ENGINE provides a replacement implementation). This change makes sure the correct implementation's "init()" handler is used rather than assuming 'type'.
- Add support for cipher suites that require a temporary RSA key for key-agreement. - Tolerate signal interruptions of select().
Make the "ungunk" logic a little more robust.
A rough little self-test for tunala. This runs through all cipher-suite / SSL/TLS version combinations looking for mishaps.
make update
This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice Gittens.
This apparently fixes compilation on OSX that was failing in 0.9.7 betas.
Make sure any ENGINE control commands make local copies of string pointers passed to them whenever necessary. Otherwise it is possible the caller may have overwritten (or deallocated) the original string data when a later ENGINE operation tries to use the stored values.
Correct an error in the README.ENGINE file.
oops, there were other cases of "ENGINE_ID" to change too.
This documentation change was being written at the same time as Richard's changes. So I'm committing this version to overwrite his changes for now, and he can always take his turn to overwrite my words if he wants :-)
Fix "make install_docs" (and thus "make install").
A single monolithic man page for the ENGINE stuff. This is a rough first-cut but provides better documentation than having nothing on the ENGINE API.
Various parts of the RSA documentation were inaccurate and out of date and this fixes those that I'm currently aware of. In particular, the ENGINE interference in the RSA API has hopefully been clarified. This still needs to be done for other areas of the API ...
typo fix
These are updates/fixes to DH/DSA/RAND docs based on the fixes to the RSA docs. There were a couple of other places (including RSA) where the docs were not quite synchronised with the API that are now fixed. One or two still remain to be fixed though ...
Fix a bug to allow the 4758 ENGINE to build as a DSO.
- Remo Inverardi noticed that ENGINEs don't have an "up_ref" function in the normal 'structural' case (ENGINE_init() satisfies this in the less normal 'functional' case). This change provides such a function.
The ENGINE implementations in ./engines/ should be role models on how to write external engines (and thus should require only installed openssl headers and libs to compile without warnings). So this gets rid of recently introduced compilation warnings (no longer including internal headers) by including string.h directly.
The loop variable is 'l', not 'i'.
We need to propogate SHARED_LIBS to sub-directories for "install" targets now.
Another ENGINE implementation dependant on string.h.
If dynamically-loadable ENGINEs are linked against a shared-library version of libcrypto, then it is possible that when they are loaded they will share the same static data as the loading application/library. This means it will be too late to set memory/ERR/ex_data/[etc] callbacks, but entirely unnecessary to try. This change puts a static variable in the core ENGINE code (contained in libcrypto) and a function returning a pointer to it. If the loaded ENGINE's return value from this function matches the loading application/library's return value - they share static data. If they don't match, the loaded ENGINE has its own copy of libcrypto's static data and so the callbacks need to be set.
Make pod2man happier.
Correct and enhance the behaviour of "internal" session caching as it relates to SSL_CTX flags and the use of "external" session caching. The existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE". The bitwise OR of the two flags is also defined as "SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most applications wanting to implement session caching *entirely* by its own provided callbacks. As the documented behaviour contradicted actual behaviour up until recently, and since that point behaviour has itself been inconsistent anyway, this change should not introduce any compatibility problems. I've adjusted the relevant documentation to elaborate about how this works.
The last character of inconsistency in my recent commits is hereby squashed.
The recent CHANGES note between 0.9.6g and 0.9.6h needs copying into the other branches.
Add a HISTORY section to the man page to mention the new flags.
Fix a warning, and do some constification as a lucky side-effect :-)
This is a first-cut at improving the callback mechanisms used in key-generation and prime-checking functions. Rather than explicitly passing callback functions and caller-defined context data for the callbacks, a new structure BN_GENCB is defined that encapsulates this; a pointer to the structure is passed to all such functions instead.
Undefine OPENSSL_NO_DEPRECATED inside openssl application code if we are being built with it defined - it is not a symbol to affect how openssl itself builds, but to alter the way openssl headers can be used from an API point of view. The "deprecated" function wrappers will always remain inside OpenSSL at least as long as they're still being used internally. :-)
Nils Larsch submitted; - a patch to fix a memory leak in rsa_gen.c - a note about compiler warnings with unions - a note about improving structure element names
This stops a compiler warning from -Wmissing-prototypes. (Noticed by Nils Larsch)
Make 'tunala' link with zlib if possible (so it works if openssl was configured with zlib support).
The ampersand is not required in these constructs, and was giving AIX warnings.
This is the first step in allowing RSA_METHODs to implement their own key generation. This prototype matches the new API function RSA_generate_key_ex(), though both may be subject to change during development before 0.9.8.
RSA_METHOD now supports key-generation, but (for now) none of these ENGINEs implement it.
As with RSA, which was modified recently, this change makes it possible to override key-generation implementations by placing handlers in the methods for DSA and DH. Also, parameter generation for DSA and DH is possible by another new handler for each method.
"openssl engine" will not display ENGINE/DSO load failure errors when testing availability of engines with "-t" - the old behaviour of is produced by increasing the feature's verbosity with "-tt".
Commit a slightly modified version of an old experiment to do RSA private key operations using the GMP library. The default is not to build (or use) this code unless OPENSSL_USE_GMP is defined (because it will impose header and linker dependencies that might need specifying too).
This glues the GMP wrapper ENGINE into OpenSSL if it is being built (ie. if the OPENSSL_USE_GMP symbol is defined). Also, I've re-ordered the listing of other builtin ENGINEs to be alphabetical (though "dynamic" will still come first).
Summarise the last couple of commits.
David Brumley <dbrumley at stanford.edu> noted and corrected a case in the verification step of CRT private key operations in the RSA code - previously no montgomery form was checked or used for 'n', and so it would be generated on the fly each time. As a result, private key operations are now a percent or two faster.
We cache a montgomery form for 'n' if the PUBLIC flag is set, not PRIVATE.
Declare prototypes for function pointer types, even if they are likely to be cast later on.
Session cache implementations shouldn't have to access SSL_SESSION elements directly, so this missing functionality is required.
The default implementation of DSA_METHOD has an interdependence on the dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and dsa_sign_setup(). When another DSA_METHOD implementation does not define these lower-level handlers, it becomes impossible to do a fallback to software on errors using a simple DSA_OpenSSL()->fn(key).
Fix a bone-head bug. This warrants a CHANGES entry because it could affect applications if they were passing a bogus 'flags' parameter yet having things work as they wanted anyway.
This memset() in the ubsec ENGINE is a bug. Zeroing out the result array should not be necessary in any case, but more importantly the result and input BIGNUMs could be the same, in which case this is clearly a problem.
These should be write-locks, not read-locks.
Remove duplicate prototypes have already been (correctly) added to rsa.h, as this is already included by x509.h anyway.
crypto/evp/evptests.txt is copied to tests/ rather than symlinked because of windows (see checkin 1.75 of crypto/evp/Makefile.ssl), so quiet cvs noise for the copied version.
Ignore derived file.
make update
Add my own debug config target.
The "cryptodev" engine preprocessor logic used undefined symbols in comparisons. It's better not to allow this, because it gives false positives when using compiler warnings that detect mistyped symbols.
When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should be) precompiled out in the API headers. This change is to ensure that if it is defined when compiling openssl, the deprecated functions aren't implemented either.
Update any code that was using deprecated functions so that everything builds and links with OPENSSL_NO_DEPRECATED defined.
For whatever reason (compiler or header bugs), at least one commonly-used linux system (namely mine) chokes on our definitions and uses of the "HZ" symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast" (when in fact there is no function casting involved at all). In both cases, it is easily worked around by not defining a cast into the macro and jiggling the expressions slightly.
Avoid "empty source file" warnings.
Comments out some unimplemented functions instead of redeclaring them.
Relax some over-zealous constification that gave some lhash-based code no choice but to have to cast away "const" qualifiers from their prototypes. This does not remove constification restrictions from hash/compare callbacks, but allows destructor commands to be run over a tables' elements without bad casts.
Remove redundant declaration.
Remove an unnecessary cast that causes certain compilers (eg. mine) some confusion. Also silence a couple of signed/unsigned warnings.
remove accidentally committed debugging cruft.
BN_CTX is opaque and the static initialiser BN_CTX_init() is not used except internally to the allocator BN_CTX_new(), as such this deprecates the use of BN_CTX_init() in the API. Moreover, the structure definition of BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself.
A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate.
Some provisional bignum debugging has begun to detect inconsistent BIGNUM structures being passed in to or out of API functions, and this corrects a couple of cases found so far.
Make md32_common.h friendlier to compiler warnings. Obtained from: Andy Polyakov <appro at openssl.org>
Oops, this file already had the "empty source file" workaround but it requires -DPEDANTIC and was hidden at the bottom of the file. This moves it to the top and removes the redundant declaration.
Copy-n-paste bug (don't mix variable declarations and code). This sets the callback structure just before it is needed.
Remove a line that was causing redundant declarations. Obtained from: Stephen Henson <steve at openssl.org>
Tighten up my compiler settings.
make update
This fixes a couple of cases where an inconsistent BIGNUM could be passed as input to a function.
When a BN_CTX is used for temporary workspace, the variables are sometimes left in an inconsistent state when they are released for later reuse. This change resets the BIGNUMs when they are released back to the context.
bn_div() does some pretty nasty things with temporary variables, constructing BIGNUM structures with pointers offset into other bignums (among other things). This corrects some of it that is too plainly insane, and tries to ensure that bignums are normalised when passed to other functions.
This is the least unacceptable way I've found for declaring the bignum data and structures as constant without having to cast away const at any point. There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy, but crypto/bn/ is now ok. Purists are welcome to suggest alternatives.
Avoid some shadowed variable names. Submitted by: Nils Larsch
Put the first stage of my bignum debugging adventures into CVS. This code is itself experimental, and in addition may cause execution to break on existing openssl "bugs" that previously were harmless or at least invisible.
This is a revert of my previous commit to "improve" the declaration of constant BIGNUMs. It turns out that this trips up different but equally useful compiler warnings to -Wcast-qual, and so wasn't worth the ugliness it created. (Thanks to Ulf for the forehead-slap.)
Put more debug screening in BN_div() and correct a comment.
Add debug-screening of input parameters to some functions I'd missed before.
This extends the debugging macros to use "pollution" during bn_correct_top(), previously only bn_check_top() did this.
Avoid possible memory leaks in error-handling.
General improvements to the ec_asn1.c code. This squashes at least one bug (where it was impossible to create an EC certificate with a compressed public key), and has some style improvements based on some comments from Steve Henson about use of the ASN1 macros.
This rewrites two "for" loops in BN_rshift() - equality with zero is generally a more efficient comparison than comparing two integers, and the first of these two loops was off-by-one (copying one too many values). This change also removes a superfluous assignment that would set an unused word to zero (and potentially allow an overrun in some cases).
Fix a small bug in str_copy: if more than one variable is replaced, make sure the current length is used to calculate the new buffer length instead of using the old length (prior to any variable substitution).
BN_div() cleanup: replace the use of BN_sub and BN_add with bn_sub_words and bn_add_words to avoid using fake bignums to window other bignums that can lead to corruption. This change allows all bignum tests to pass with BN_DEBUG and BN_DEBUG_RAND debugging and valgrind. NB: This should be tested on a few different architectures and configuration targets, as the bignum code this deals with is quite preprocessor (and assembly) sensitive.
Some changes for bn_gf2m.c: better error checking plus some minor optimizations.
Fix some handling in bn_word. This also resolves the issues observed in ticket 697 (though uses a different solution than the proposed one). This problem was initially raised by Otto Moerbeek.
Due to recent debugging bursts, openssl should be more or less solid against inconsistent BIGNUMs coming out of any of its API functions. So this change no longer "fixes" the bn_print.c functions, but it makes for cleaner code. This patch was a part of ticket 697.
Get rid of some signed/unsigned comparison warnings.
This improves the placement of check_top() macros in a couple of bn_lib functions.
Make BN_DEBUG_RAND less painfully slow by only consuming one byte of pseudo-random data for each bn_pollute().
Improve a couple of the bignum macros. Note, this doesn't eliminate tolerance of ambiguous zero-representation, it just improves BN_abs_is_word() and simplifies other macros that depend on it.
If BN_STRICT is defined, don't accept an ambiguous representation of zero (ie. where top may be zero, or it may be one if the corresponding word is set to zero). Note, this only affects the macros in bn.h, there are probably similar corrections required in some c files.
Add more debugging to my Configure target, and "make update" to incorporate this and a few other changes.
bn_fix_top() exists for compatibility's sake and is mapped to bn_correct_top() or bn_check_top() depending on debug settings. For internal source, all bn_fix_top()s should be converted one way or the other depending on whether the use of bn_correct_top() is justified.
The bn_set_max() macro is only "used" by the bn_set_[low|high]() macros which, in turn, are used nowhere at all. This is a good thing because bn_set_max() would currently generate code that wouldn't compile (BIGNUM has no 'max' element).
Add missing bn_check_top()s to bn_gf2m.c and remove some miscellaneous white-space.
Add missing bn_check_top()s to bn_kron.c, remove some miscellaneous white-space, and include extra headers to satisfy debugging builds.
Declare the static BIGNUM "BN_value_one()" more carefully.
BN_FLG_FREE is of extremely dubious usefulness, and is only referred to once in the source (where it is set for the benefit of no other code whatsoever). I've deprecated the declaration in the header and likewise made the use of the flag conditional in bn_lib.c. Note, this change also NULLs the 'd' pointer in a BIGNUM when it is reset but not deallocated.
Use the BN_is_odd() macro in place of code that (inconsistently) does much the same thing.
Incremental cleanups to bn_lib.c. - Add missing bn_check_top() calls and relocate some others - Use BN_is_zero() where appropriate - Remove assert()s that bn_check_top() is already covering - Simplify the code in places (esp. bn_expand2()) - Only keep ambiguous zero handling if BN_STRICT isn't defined - Remove some white-space and make some other aesthetic tweaks
minor signed/unsigned warning fixes
When adding positive elements, we can use BN_uadd() instead of BN_add().
A cleanup of the ecs_ossl.c code and some (doxygen) comments for ecdsa.h
Add ECDSA documentation.
More changes coming out of the bignum auditing. BN_CTX_get() should ideally return a "zero" bignum as BN_new() does - so reset 'top'. During BN_CTX_end(), released bignums should be consistent so enforce this in debug builds. Also, reduce the number of wasted BN_clear_free() calls from BN_CTX_end() (typically by 75% or so).
Minimise the amount of code dependent on BN_DEBUG_RAND. In particular, redefine bn_clear_top2max() to be a NOP in the non-debugging case, and remove some unnecessary usages in bn_nist.c.
static
Document a change I'd already made, and at the same time, correct the change to work properly; BN_zero() should set 'neg' to zero as well as 'top' to match the behaviour of BN_new().
The efforts to eliminate the dual-representation of zero and to ensure bignums are passed in and out of functions and APIs in a consistent form has highlighted that zero-valued bignums don't need any allocated word data. The use of BN_set_word() to initialise a bignum to zero causes needless allocation and gives it a return value that must be checked. This change converts BN_zero() to a self-contained macro that has no return/expression value and does not cause any expansion of bignum data.
Convert openssl code not to assume the deprecated form of BN_zero().
Variety of belt-tightenings in the bignum code. (Please help test this!)
Note my bignum hijinx in case app maintainers are using CHANGES for their porting efforts. Also, add Richard's name to the prior change.
Protect against gcc's "warning: cast does not match function type".
Remove some warnings.
Damn, I was a bit hasty with my fix and hadn't spotted the linker dependency from asn1.
By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key operations no longer require two distinct BN_CTX structures. This may put more "strain" on the current BN_CTX implementation (which has a fixed limit to the number of variables it will hold), but so far this limit is not triggered by any of the tests pass and I will be changing BN_CTX in the near future to avoid this problem anyway.
... and this should likewise fix up those RSA implementations that weren't already built and tested.
Adds warnings about two curves and fixes the "seed" value for two other curves.
Replace the BN_CTX implementation with my current work. I'm leaving the little TODO list in there as well as the debugging code (only enabled if BN_CTX_DEBUG is defined).
Adjust various bignum functions to use BN_CTX for variables instead of locally initialising their own.
Avoid undefined results when the parameter is out of range.
Reduce header interdependencies, initially in engine.h (the rest of the changes are the fallout). As this could break source code that doesn't directly include headers for interfaces it uses, changes to recursive includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to define this when building and using openssl, and then adapt code where necessary - this is how to stay current. However the mechanism exists for the lethargic.
(oops) Apologies all, that last header-cleanup commit was from the wrong tree. This further reduces header interdependencies, and makes some associated cleanups.
header cleanup in apps/
When generating dependencies in the makefiles, generate the reduced dependencies of the OPENSSL_NO_DEPRECATED mode. This prevents dependencies being reproduced for "deprecated" header behaviour when a developer doesn't define the symbol (with the subsequent CVS wars that can ensue).
More updates for the header cleanups (and apologies, again, for not having consolidated these prior to committing).
"make update" noticed a new function.
make update
Extend the index parameter checking from sk_value to sk_set(). Also tidy up some similar code elsewhere.
As far as I can tell, the bugfix this comment refers to was committed to 0.9.7-stable as well as HEAD (and doesn't apply to the 0.9.6-engine variant).
Allow RSA key-generation to specify an arbitrary public exponent. Jelte proposed the change and submitted the patch, I jiggled it slightly and adjusted the other parts of openssl that were affected.
The problem of rsa key-generation getting stuck in a loop for (pointlessly) small key sizes seems to result from the code continually regenerating the same prime value once the range is small enough. From my tests, this change fixes the problem by setting an escape velocity of 3 repeats for the second of the two primes.
With the new dynamic BN_CTX implementation, there should be no need for additional contexts.
The new BN_CTX code makes this sort of abuse unnecessary.
Fix realloc usage in ec_curve.c
This file implements various functions that have since been redefined as macros. I'm removing this from the NO_DEPRECATED build.
Make some more API types opaquely available from ossl_typ.h, meaning the corresponding headers are only required for API functions or structure details. This now includes the bignum types and BUF_MEM. Subsequent commits will remove various dependencies on bn.h and buffer.h and update the makefile dependencies.
Moving opaque definitions to ossl_typ.h lets us reduce header dependencies. Deprecate inclusion of crypto.h from ui.h.
Reduce dependencies on crypto.h by moving the opaque definition of CRYPTO_EX_DATA and the new/free/dup callback prototypes to ossl_typ.h.
Deprecate some recursive includes from the store.h API header, and put back required includes back via the internal header and str_lib.c.
Deprecate quite a few recursive includes from the ssl.h API header and remove some unnecessary includes from the internal header ssl_locl.h. This then requires adding includes for bn.h in four C files.
The inclusion of bn.h from the engine.h API header has been deprecated, so the engine implementations need to include bn.h to manipulate bignums.
I can't verify this directly, but recent changes will probably require that the cryptodev implementation include bn.h directly (when building with OPENSSL_NO_DEPRECATED that is).
Because of recent reductions in header interdependencies, these files need to include crypto.h directly.
Remove some unnecessary recursive includes from the internal apps.h header, and include bn.h in those C files that need bignum functionality.
Deprecate the recursive includes of bn.h from various API headers (asn1.h, dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are already declared in ossl_typ.h. Add explicit includes for bn.h in those C files that need access to structure internals or API functions+macros.
After the latest round of header-hacking, regenerate the dependencies in the Makefiles. NB: this commit is probably going to generate a huge posting and it is highly uninteresting to read.
This fixes the installation target for dynamic engines, which was trying to install to a different location than it had created. (BTW, VMS will need a matching fix in eng_list.c.) Note, these aren't ssl-specific, so I'm putting "engines/" into the libs directory rather than at the "--prefix" level or inside "ssl/".
"no-engine" was being ignored, so remove it from the advertised syntax. Also remove some commented-out lines of code that deny CVS its purpose.
Correct the return codes for ecdsatest.
BN_div_word() was breaking when called from BN_bn2dec() (actually, this is the only function that uses it) because it would trip up an assertion in bn_div_words() when first invoked. This also adds BN_div_word() testing to bntest.
As Nils put it;
Tweak my debug target flags.
Get rid of signed/unsigned warnings, and teach CVS about new things to ignore.
Actually, that last change to BN_get_word() was a little too simple.
Minor change to group like functions together.
Attempt to bring the 'engine' documentation up to date w.r.t missing prototypes, etc. Also, some fairly significant edits were made to the text (who wrote this crap anyway? oh wait ...), removing stuff which is overkill, rewriting stuff that was opaque, correcting things that were just downright false, etc.
Deprecate unused cruft, and "make update".
Incomplete initial sweep over the engine code. Mainly reducing some comment-noise to managable levels and inverting the sense of the "uptodate" boolean (which was counter-intuitive the way I'd left it).
Tidy up, including; - Remove unused and unuseful debug cruft. - Remove unnecessary 'top' fudging from BN_copy(). - Fix a potential memory leak and simplify the expansion logic in BN_bin2bn().
Improve error handling if decompression of an ec point fails, and cleanup ec_curve.c (unify comments, etc).
Using Horner's algorithm to evaluate the ec polynomial (suggested by Adam Young <ayoung at cigital.com>)
Quick fix.
Make a note of the new engine.
Make -Werror happy again.
Two TODO comments taken care of. Nils pointed out that one of them had already been done, and took care of the other one (which hadn't).
Remove distracting comments and code. Thanks to Nils for picking up on the outstanding ticket.
Nils Larsch reported that this include is required. Strange that this had gone unnoticed ...
Update ECDSA and ECDH for OPENSSL_NO_ENGINE.
Fix typos in the ecparam doc.
Handle differences between engine IDs and their dynamic library names (and source files, for that matter) by tolerating the alternatives. It would be preferable to also change the generated shared library names, but that will be taken up separately.
Change the source and output paths for 'chil' and '4758cca' engines so that dynamic loading is consistent with respect to engine ids.
Fix some signed/unsigned warnings.
Fix 64-bit compilation when PQ_64BIT_IS_INTEGER isn't defined.
Fix PEDANTIC compilation, using the same trick as elsewhere.
Fix signed/unsigned warnings.
Fix compilation when HAVE_LONG_LONG isn't defined.
Change my debug build for amd64.
"make update"
add a .cvsignore
Silence two more generated files.
Fix my debug-geoff configuration.
Fix a nasty cast issue that my compiler was choking on.
Fix a variety of warnings generated by some elevated compiler-fascism, OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
Fork my debug configuration into 32-bit and 64-bit versions.
Comment out a (currently) unused CMS function. (Sorry Steve, but I need -Werror right now to help me code-by-domino :-)
Update tunala so it builds ok with OPENSSL_NO_DEPRECATED, and improve the autoungunk.sh logic (autobits have grown since I last tried this...).
There was a need to support thread ID types that couldn't be reliably cast to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed version was added but it required portable code to check *both* modes to determine equality. This commit maintains the availability of both thread ID types, but deprecates the type-specific accessor APIs that invoke the callbacks - instead a single type-independent API is used. This simplifies software that calls into this interface, and should also make it less error-prone - as forgetting to call and compare *both* thread ID accessors could have led to hard-to-debug/infrequent bugs (that might only affect certain platforms or thread implementations). As the CHANGES note says, there were corresponding deprecations and replacements in the thread-related functions for BN_BLINDING and ERR too.
Paul Sheer optimised the OpenSSL to/from libGMP conversions for the case where they both use the same limb size. I've tweaked his patch slightly, so blame me if it breaks.
Fix auto-discovery of ENGINEs. See the CHANGES entry for details (and/or ticket #1668).
Revert my earlier CRYPTO_THREADID commit, I will commit a reworked version some time soon.
If --prefix="C:\foo\bar" is supplied to Configure for a windows target, then the backslashes need escaping to avoid being treated as switches in the auto-generated strings in opensslconf.h. Perl users are welcome to suggest a less hokey way of doing this ...
Fix signed/unsigned warning.
Remove the dual-callback scheme for numeric and pointer thread IDs, deprecate the original (numeric-only) scheme, and replace with the CRYPTO_THREADID object. This hides the platform-specifics and should reduce the possibility for programming errors (where failing to explicitly check both thread ID forms could create subtle, platform-specific bugs).
Correct the FAQ and the threads man page re: CRYPTO_THREADID changes.
Fix build warnings.
Use of a 'top' var creates "shadow variable" warnings.
Apparently '__top' is also risky, obfuscate further. (All this to avoid inlines...)
Revert the size_t modifications from HEAD that had led to more knock-on work than expected - they've been extracted into a patch series that can be completed elsewhere, or in a different branch, before merging back to HEAD.
Allow the CHIL engine to load even if dynamic locks aren't registered.
Clarify a 'chil' engine param that is a little unintuitive.
Fix compilation with -DOPENSSL_NO_DEPRECATED.
util/mkdef.pl: o_time.h doesn't exist any more
util/mkerr.pl: fix perl warning
apps: constify some string parameters
make depend
bignum: fix boundary condition in montgomery logic
dso: eliminate VMS code on non-VMS systems
apps/s_server: document '-naccept' cmd-line argument
bignum: allow concurrent BN_MONT_CTX_set_locked()
evp: prevent underflow in base64 decoding
s_client/s_server: support unix domain sockets
Remove demos/tunala
Fix no-ssl3 configuration option
Include <openssl/foo.h> instead of "foo.h"
Guenter (1):
NetWare compilation fix.
Günther Noack (1):
Avoid out-of-bounds write in SSL_get_shared_ciphers
Hans Wennborg (1):
RT3023: Redundant logical expressions
Hubert Kario (10):
add description of -no_ecdhe option to s_server man page
add description of -attime to man page
add ECC strings to ciphers(1), point out difference between DH and ECDH
Document -trusted_first option in man pages and help.
smime man page: add missing options in SYNOPSIS
add description of missing options to verify man page
sort the options in verify man page alphabetically
add references to verify(1) man page for args_verify() options
document -nextprotoneg option in man pages
Add support for Camellia HMAC-Based cipher suites from RFC6367
Huzaifa Sidhpurwala (1):
Make sure BN_sqr can never return a negative value.
Ingo Schwarze (1):
RT3239: Extra comma in NAME lines of two manpages
Istvan Noszticzius (1):
Fix use after free bug.
Jake Goulding (1):
RT2301: GetDIBits, not GetBitmapBits in rand_win
Jakub Wilk (1):
Create ~/.rnd with mode 0600 instead of 0666
James Westby (1):
RT1941: c_rehash.pod is missing
Jan Hykel (1):
Don't use msg on error.
Jan Schaumann (1):
RT1804: fix EXAMPLE in EVP_EncryptInit.pod
Janpopan (1):
Fix a wrong parameter count ERR_add_error_data
Jean-Paul Calderone (1):
Correct the return type on the signature for X509_STORE_CTX_get_ex_data given in the pod file.
Jeff Trawick (3):
typo
typo
typo in SSL_get_peer_cert_chain docs
Jeff Walton (1):
Fix multiple cosmetic typos.
Jeffrey Walton (9):
Add information to BUGS section of enc documentation. PR#3354
Fix grammar error in verify pod. PR#3355
Clarify docs.
Clarified that the signature's buffer size, `s`, is not used as an IN parameter.
Added reference to platform specific cryptographic acceleration such as AES-NI
Fix typo, add reference.
PR2401: Typos in FAQ
PR2401: Typos in FAQ
RT3142: Extra initialization in state_machine
Jim Reid (2):
RT 2820: Case-insensitive filenames on Darwin
RT2880: HFS is case-insensitive filenames
John Fitzgibbon (1):
RT2724: Remove extra declaration
John Gardiner Myers (1):
RT2942: CRYPTO_set_dynlock_create_callback doc fix
Jonas Maebe (42):
SetBlob: free rgSetBlob on error path
ASN1_verify, ASN1_item_verify: cleanse and free buf_in on error path
mime_hdr_new: free mhdr, tmpname, tmpval on error path
mime_hdr_addparam: free tmpname, tmpval and mparam on error path, and check whether sk_MIME_PARAM_push succeeds
BIO_new_dgram_sctp, dgram_sctp_read: zero entire authchunks
multi_split: check for NULL when allocating parts and bpart, and for failure of sk_BIO_push()
rtcp_new: return failure if allocation of bi->ptr failed
cms_SignerInfo_content_sign: free sig on failure path
cryptodev_digest_update: don't leak original state->mac_data if realloc fails
cryptodev_digest_copy: return error if allocating dstate->mac_data fails
dev_crypto_init_key: return error if allocating CDATA(ctx)->key failed
dev_crypto_cipher: return immediately if allocating cin/cout failed
dev_crypto_md5_update: check result of realloc(md_data->data) and don't leak memory if it fails
dev_crypto_md5_copy: return error if allocating to_md->data fails
old_hmac_encode: check for NULL result when allocating *pder
JPAKE_CTX_new: check for NULL result when allocating ctx
hashbn: check for NULL result when allocating bin and return an error if it fails all (in)direct callers of hashbn: propagate potential error in hashbn
UI_construct_prompt: check for NULL when allocating prompt
get_cert_by_subject: check for NULL when allocating hent
NETSCAPE_SPKI_b64_encode: free der_spki and b64_str on error path
do_othername: check for NULL after allocating objtmp
do_ext_i2d: free ext_der or ext_oct on error path
process_pci_value: free (*policy)->data before setting to NULL after failed realloc
engine_md_copy: check for NULL after allocating to_md->HashBuffer
pub_decode_gost94, pub_decode_gost01: check for NULL after allocating databuf pub_encode_gost94, pub_encode_gost01: check for NULL after allocating databuf and octet
pkey_gost_ctrl: check for NULL after allocating pctx->shared_ukm
pkey_gost_mac_keygen: check for NULL after allocating keydata
capi_get_provname: free name on error if it was malloc'ed
capi_cert_get_fname: check for NULL after allocating wfname
capi_get_key: check for NULL after allocating key
dtls1_process_heartbeat: check for NULL after allocating buffer
dtls1_heartbeat: check for NULL after allocating s->cert->ctypes
ssl_cert_dup: Fix memory leak
ssl_create_cipher_list: check whether push onto cipherstack succeeds
SSL_COMP_add_compression_method: exit if allocating the new compression method struct fails
ssl3_get_certificate_request: check for NULL after allocating s->cert->ctypes
ssl3_digest_cached_records: check for NULL after allocating s->s3->handshake_dgst
serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo) and don't leak memory if it fails
SSL_set_session: check for NULL after allocating s->kssl_ctx->client_princ
tls1_process_heartbeat: check for NULL after allocating buffer
tls1_heartbeat: check for NULL after allocating buf
tree_print: check for NULL after allocating err
Juli Mallett (1):
Fix cast of boolean where cast of LHS intended.
Justin Blanchard (1):
RT1815: More const'ness improvements
Kaspar Brand (3):
Fix for PEM_X509_INFO_read_bio.
Omit initial status request callback check.
Fix SSL_CTX_get{first,next}_certificate.
Ken Ballou (2):
Remove redundant check.
Typo.
Klaus-Peter Junghanns (1):
Add support for aes-128/192/256-ctr to the cryptodev engine. This can be used to speed up SRTP with libsrtp, e.g. on TI omap/sitara based devices.
Krzysztof Kwiatkowski (1):
Delete duplicate entry.
Kurt Cancemi (4):
Fix off-by-one errors in ssl_cipher_get_evp()
RT3508: Remove unused variable introduced by b09eb24
RT3506: typo's in ssltest
RT3547: Add missing static qualifier
Kurt Roeckx (23):
Fix additional pod errors with numbered items.
Use defaults bits in req when not given
Set authkey to NULL and check malloc return value.
Check sk_SSL_CIPHER_num() after assigning sk.
Link heartbeat_test with the static version of the libraries
RT2626: Change default_bits from 1K to 2K
Keep old method in case of an unsupported protocol
Fix spelling of EECDH
Fix warning about negative unsigned intergers
Use the SSLv23 method by default
Remove SSLv2 support
Update changes to indicate that SSLv2 support has been removed
dtls1_new: free s on error path
capi_get_provname: Check return values
Replace GOST_R_MALLOC_FAILURE and GOST_R_NO_MEMORY with ERR_R_MALLOC_FAILURE
capi_ctrl, capi_vtrace: check for NULL after allocating and free it
Allow using -SSLv2 again when setting Protocol in the config.
Return error when a bit string indicates an invalid amount of bits left
Fix memory leak in the apps
dlfcn: always define _GNU_SOURCE
Make "run" volatile
Add missing include of sys/time.h
Make build reproducible
Laszlo Papp (3):
RT2489: Remove extra "sig" local variable.
RT2492: Remove extra NULL check.
PR2490: Remove unused local variable bn ecp_nist.c
Libor Krystek (2):
Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370
Add support for SHA2 in CAPI ENGINE.
Lubomir Rintel (2):
POD: Fix item numbering
POD: Fix list termination
Luiz Angelo Daros de Luca (1):
OpenSSL is able to generate a certificate with name constraints with any possible subjectAltName field. The Name Contraint example in x509v3_config(5) even use IP as an example:
Lutz Jaenicke (1):
FAQ/README: we are now using Git instead of CVS (cherry picked from commit f88dbb8385c199a2a28e9525c6bba3a64bda96af)
Lutz Jänicke (300):
HP-UX shared libraries do not build any longer, as EX_LIBS contains "-Wl,+s" instead of +s: * Hardcoded necessary references to -ldld/-ldl into the build rules and removed EX_LIBS.
Some platforms (namely HP-UX) require the 'x' bit set for shared libraries. For performance reasons, it is also recommended to make the (mmap'ed) shared library 'read-only'. -> New permissions for installed shared libraries = 555
Fill in missing information about the string returned from SSL_CIPHER_description(), as there is no other API function to find out details about the cipher used besides the number of bits or protocol used.
Store verify_result with sessions to avoid potential security hole. For the server side this was already done one year ago :-(
Log security relevant change.
Add EXAMPLES for SSL_CIPHER_description() output.
Typo and additional information about cert-chain building.
Add manual pages for certficate/key loading and friends.
Add description of SSL_[CTX_]_check_private_key().
Don't cheat: when only getting several bytes from each source, n is incremented correctly, but RAND_add(..,n) counts the increasing n several times. Only RAND_add(..,n) once entropy collection is finished.
Add automatic query of EGD sockets to RAND_poll(). The EGD sockets are only queried when the /dev/[u]random devices did not return enough entropy. Only the amount of entropy missing to reach the required minimum is queried, as EGD may be drained. Queried locations are: /etc/entropy, /var/run/egd-pool
Documentation about SSL_get_ex_data_X509_STORE_CTX_idx and SSL_get_ex_new_index() functionality. Extended verify_callback() example to show the usage.
Add entries for new manpages...
Copy over just written manpage to the ones still missing.
New manual page for a hardly known but important item :-)
Document session caching, first step.
If the source has already been succesfully queried, do not try to open it again as file.
Typo: on my screen it nicely wrapped around at 80 :-)
Clarify why SSL_CTX_use_certificate_chain_file() should be preferred.
Documenting session caching, 2nd step.
Fix typo preventing correct usage of -out option.
Change preferences for sockets of EGD-style entropy daemons to a more reasonable selection.
Modify access to EGD socket to deal with EINTR etc that can appear during connect() and other calls. First seen on Unixware-7.
Update documentation to match the state at 0.9.6 _and_ the recent changes.
Fix "wierd" typo as submitted by Jeroen Ruigrok/Asmodai <asmodai at wxs.nl>.
Typo
New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override the clients choice; in SSLv2 the client uses the server's preferences.
Manual page for SSL_CTX_set_options(). Unfortunately for some of the options someone much longer working with OpenSSL/SSLeay is needed.
Update for 0.9.7 with SSL_OP_CIPHER_SERVER_PREFERENCE.
Include information that automatic query is a new feature.
More about session caching.
New manual page: SSL_CTX_set_mode.
Finish first round of session cache documentation.
Add "-rand" option to s_client and s_server.
Don't forget to mention minor change.
Move entry to match chronologic orderering.
SSL_get_version() was an easy one :-)
Describe new callback for session id generation.
Typo, spotted by "Greg Stark" <gstark at ethentica.com>.
Add newly learned knowledge from yesterday's discussion.
Forgot "cvs add", so only the surrounding changes made it... sigh.
Add forgotten "-passin" option to smime.c usage help.
OpenSSH 1.2.2p1 is dead and gone. Errors detecting the OpenSSL library are however still common and are solved by checking config.log.
Some clarifications about $RANDFILE usage.
Typo (Jun-ichiro itojun Hagino <itojun at iijlab.net>)
Fix wrong information with respect to CAs listed to the client (follows from technical discussion with Amit Chopra <amitc at pspl.co.in>).
Missing link ("Greg Stark" <gstark at ethentica.com>)
Constify (Jason Molenda <jason at molenda.com>)
Clarify request of client certificates. This is a FAQ.
Typo (reported by Petr Lancaric <Petr.Lancaric at ips-ag.cz>)
Update changelog to reflect additional changes made to the egd-locations.
Clarify behaviour of SSL_write() by mentioning SSL_MODE_ENABLE_PARTIAL_WRITE flag as discussed on the mailing list.
Clarify behaviour with respect to SSL/TLS records.
One more point to clarify, pointed out by "Greg Stark" <ghstark at pobox.com>
Typos.
Increase ENTROPY_NEEDED to support Rijndael's larger key size.
Add missing item(s) SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT.
Don't forget responsible person so that its clear who is to blame.
ERR_peek_error() returns "unsigned long".
When only the key is given to "enc", the IV is undefined (found by Andy Brown <logic at warthog.com>).
Clarify! (based on recent mailing-list discussions)
What is an '-engine' version?
Typo...
Clarify actual state.
Some more documentation bits.
Updated explanation.
Documentation about ephemeral key exchange
Add missing reference.
Additional inline reference.
Fix wrong information about SSL_set_connect_state()...
Fix problem occuring when used from OpenSSH on Solaris 8.
Another uninitialized static that may lead to problems on Solaris under some circumstances.
Forgot to mention second fix.
Fix inconsistent behaviour with respect to verify_callback handling.
Don't miss files...
Indent.
Reworked manual pages with a lot of input from Bodo Moeller.
Remove SSL_OP_NON_EXPORT_FIRST: It did not work, it was deactivated by #if 0/#endif anyway _and_ we now have the working SSL_OP_CIPHER_SERVER_PREFERENCE.
Mention removed option.
Don't disable rollback attack detection as a recommended bug workaround.
Oops, one SSL_OP_NON_EXPORT_FIRST was left.
Fix typos (shinagawa at star.zko.dec.com)
Better description of the behaviour of SSL_shutdown() as it is now, broken or not.
Bugfixes provided by "Stephen Hinton" <shinton at netopia.com>.
Unidirectional shutdown is allowed according to the RFC.
One more step on the way for complete documentation...
SSL_shutdown() has even more properties...
One more function documented.
More details about session timeout settings.
Alert description strings for TLSv1 and documentation.
More interdependencies with respect to shutdown behaviour.
Checked in from the wrong !@#$%&*() copy...
Documentation on how to handle compression methods. Hopefully it is clear enough, that it is currently not recommended.
One more manual page...
Make clear, that using the compression layer is currently not recommended.
As discussed recently on openssl-users.
More manual pages. Constify.
Typo.
-passin argument not used when actually loading the key (found by Massimiliano Pala <madwolf at hackmasters.net>).
More docs.
Needed for build on SunOS 4.1.x with gcc (Jeffrey Hutzelman <jhutz at cmu.edu>).
Wording of comment...
Allow client certificate lists > 16kB ("Douglas E. Engert" <deengert at anl.gov>.)
Build shared libaries for Unixware-7 and OpenUNIX-8 in old (pre 0.9.7) style (Boyd Lynn Gerber <gerberb at zenez.com>).
Support for shared libraries on Unixware-7 and OpenUNIX-8 (Boyd Lynn Gerber <gerberb at zenez.com>).
Sort out mess of colons...
Even more corrections for OpenUNIX 8
Completely reworked SVR5 shared library support.
Recognize OpenUNIX-8 with compiler
Make maximum certifcate chain size accepted from the peer application settable (proposed by "Douglas E. Engert" <deengert at anl.gov>).
Rework section about return values another time (based on hints from Bodo Moeller).
One more manual page.
Typo.
Typos (Chris Pepper <pepper at mail.reppep.com>)
Small documentation fixes (Howard Lum <howard at pumpkin.canada.sun.com>)
Update information as a partial response to the post From: "Chris D. Peterson" <cpeterson at aventail.com> Subject: Implementation Issues with OpenSSL To: openssl-users at openssl.org Date: Wed, 22 Aug 2001 16:13:17 -0700 The patch included in the original post may improve the internal session list handling (and is therefore worth a seperate investigation). No change to the list handling will however solve the problems of incorrect SSL_SESSION_free() calls. The session list is only one possible point of failure, dangling pointers would also occur for SSL object currently using the session. The correct solution is to only use SSL_SESSION_free() when applicable!
Flush buffers to prevent mixed output (Adam Back <adam at cypherspace.org>).
Clarify reference count handling/removal of session (shinagawa at star.zko.dec.com).
Support for QNX (wrat at jump.net (the wharf rat)).
HPUX 9.X on m68k with gcc ("Anton J. Gamel" <gamel at anna.anatomie.uni-freiburg.de>)
Add information as provided by Richard Levitte on openssl-users :-)
Tsss, SSLeay_version() was already documented, it just was not linked in.
Fix incorrect BIO_*_ctrl() macros (Shay Harding <sharding at ccbill.com>).
Typos (jsyn <jsyn at openbsd.org>).
Document the current behaviour of the DES interface.
Remove blanks at begin of empty lines irritating epv_test.c
Superflous '\' messes up with HP-UX make.
Make SHLIB_TARGET available in subdirs (here: apps/)
HP-UX 32bit: * When linking against shared libraries, the absolute path is remembered. - When linking against -L.., '..' is remembered inside the executable, so it will fail after "make install" or when not called from inside the "apps/" subdirectory of the build tree. - When using the "+cdp" option of "ld", the ".." information can be exchanged against $(INSTALL_TOP)/lib. In this case the executable will however refuse to work before "make install" has been called. This makes testing the 'openssl' executable a problem. * Solution 1: Relink the "openssl" executable, when "make install" is called. This would however require significant changes to the toplevel Makefile and the apps/ Makefile. * Solution 2: Statically link against libssl and libcrypto, so that the "openssl" executable is no longer dependant on the openssl shared libraries.
Shut up compiler warnings for inconsistent declarations.
Do not store unneeded data.
Make removal from session cache more robust.
Even though it is not really practical people should know about it.
Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi).
SSL_clear != SSL_free/SSL_new
Fix the fix (Yoram Zahavi)...
Add missing strength entries.
Map new X509 verification errors to alert codes (Tom Wu <tom at arcot.com>).
Remove superflous (and buggy) statement <justin.fletcher at ntlworld.com>.
Fix buggy if-condition (thomas poindessous <poinde_t at epita.fr>).
Fix typo (Craig Davison <cd at securityfocus.com>).
Make short names of objects RFC2256-compliant.
Fix buggy object definitions (Svenning Sorensen <sss at sss.dnsalias.net>).
Apply OID fixes for elliptic curves as supplied by Nils Larsch <nlarsch at compuserve.de>.
Keep my own specially optimized HP-UX shared library building up to date.
Synchronize with 0.9.7-stable branch
Synchronize with 0.9.7-stable.
Fix CRLF problem in BASE64 decode.
Some more OID enhancements.
Use the "mail" short name according to RFC2798 (Michael Bell <michael.bell at rz.hu-berlin.de>).
Document OID changes.
Handle headings uniformly to allow automatic processing.
Optimize: better shortcut evaluation ("Howard Chu" <hyc at highlandsun.com>).
Missing "Configure" entry (Jean-Marc Desperrier <jean-marc.desperrier at certplus.com>).
Add cygwin build script (Corinna Vinschen <vinschen at redhat.com>).
ERR_file_name is no longer being used.
Add generationQualifier OID (proposed by Fiel Cabral).
Add information about -nameopt option for x509.
Fix escaping when using the -subj option of "openssl req", document 'hidden' -nameopt support. (Robert Joop <joop at fokus.gmd.de>)
Add missing ";" after fi Submitted by: bryanh at giraffe-data.com Reviewed by: PR: [openssl.org #18]
Recognize PPC64 target. Submitted by: Reviewed by: PR: 26
Add missing '"' Submitted by: Boyd Gerber <gerberb at zenez.com>
Use the indirect way to the actual request tracker, so that people also are informed about the credentials required for guest access and the operation instructions.
Fix incorrect =over 4 location. Submitted by: David Waitzman <djw at bbn.com> Reviewed by: Lutz Jaenicke PR: [openssl.org #38]
Remove item listed twice <kromJx at crosswinds.net>.
0.9.7-beta1 is just being released.
Typo. PR: 72
The correct PERL interpreter is passed via commandline.
On some systems the default "perl" may still be perl4, use the correct version determined by "config" instead.
There is no continuation at this point.
New OID for X509 usage: pseudonym Submitted by: Michael Bell <michael.bell at rz.hu-berlin.de> Reviewed by: Lutz Jaenicke PR: 83
Make sure that settings are passed back and forth when walking around in the tree during build. Reinstall default PERL settings in Makefiles, as the real reason for the failure was that the settings were not passed.
For the main directory, Makefile.org is significant :-)
Make sure that flags are passed to "make" subprocesses.
Support building the distribution .tar file on platforms with limited argument list length. This requires Gnu-tar. As we use the non-standard "tardy" software anyway, it doesn't hurt too much to require Gnu-tar. "make dist" will probably only be used by team-members anyway.
Correct wrong usage information. PR: 95
Make change uniqueIdentifier -> x500UniqueIdentifier clearly visible. Submitted by: Reviewed by: PR: 82
Clarify formulation (proposed by Bodo Moeller).
Add OIDs for Secure Electronic Transactions (SET) Submitted by: Vadim Fedukovich <vf at unity.net> Reviewed by: Lutz Jaenicke PR: 80
Add missing prototypes. Submitted by: Goetz Babin-Ebell <babinebell at trustcenter.de> PR: 89
Some more prototype fixes. Use DECLARE macros in asn1* instead of direct declaration. Submitted by: Goetz Babin-Ebell <babinebell at trustcenter.de> Reviewed by: PR: 89
Initial support for hpux64-parisc-gcc Submitted by: ross.alexander at uk.neceur.com Reviewed by: PR: 96
OpenSSL_add_all_algorithms has been replaced by configuration dependent functions and is redirected by macros. Switch it off now, possible removal later.
Use -dumpversion to obtain gcc's version. Submitted by: ross.alexander at uk.neceur.com, allenh at eecs.berkeley.edu Reviewed by: PR: 96
Roll out OpenSSL-0.9.7-beta2
beta2, not beta1
load_netscape_key is static.
AIX (V3) requires <sys/select.h> (included via e_os.h) for fd_set. Submitted by: Bernhard Simon <bs at bsws.zid.tuwien.ac.at> Reviewed by: PR:
Fix path to find util/pod2man.pl from the execution directory. Make sure to use the predefined PERL. Submitted by: Bernhard Simon <bs at bsws.zid.tuwien.ac.at> Reviewed by: PR:
HP-UX: shared libraries MUST be +x and SHOULD be -w.
<sys/select.h> is included for AIX, when USE_SOCKETS is defined. Submitted by: Bernhard Simon <bs at bsws.zid.tuwien.ac.at> Reviewed by: PR:
README and INSTALL should contain information about the request tracker (noted by Jonathan Louie <jlouie at recourse.com>).
Ciphers with NULL encryption were not properly handled because they were not covered by the strength bit mask. Submitted by: Reviewed by: PR: 130
Reorder inclusion of header files:
Minor typos Submitted by: jufi at nerdnet.de Reviewed by: PR: 138
Sun's official statement with respect to /dev/random support. Submitted by: Garrett Anderson garrett at dirsec.com Reviewed by: PR: 120
Typos in links between manual pages Submitted by: Richard.Koenning at fujitsu-siemens.com Reviewed by: PR: 129
Discussion about Redhat's specialties for the FAQ. Submitted by: John.Airey at rnib.org.uk Reviewed by: PR: 128
Rewording: some algorithms are also patented in Europe, so choose more defensive phrases...
Manual page for SSL_do_handshake(). Submitted by: Martin Sjögren <martin at strakt.com> PR: 137
The behaviour is undefined when calling SSL_write() with num=0. Submitted by: Reviewed by: PR: 141
HP-UX shared libraries must be +x and should be -w. It doesn't hurt on other platforms. Submitted by: Reviewed by: PR: 134
New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT. Submitted by: Reviewed by: PR: 127
Only use DSA-functions if available. Submitted by: "Hellan,Kim KHE" <KHE at kmd.dk> Reviewed by: PR: 167
0.9.6e and 0.9.7-beta3 are out.
"make update"
OpenSSL Security Advisory [30 July 2002]
Typo. Submitted by: Jeffrey Altman <jaltman at columbia.edu> Reviewed by: PR: 169
Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb(). Submitted by: Reviewed by: PR: 212
Consequently use term URI instead of URL Submitted by: TJ Saunders <tj at castaglia.org> Reviewed by: PR: 268
Add missing brackets. Submitted by: "Chris Brook" <cbrook at v-one.com>
Corrected exchanged parameters in example for EVP_EncryptInit_ex() Submitted by: "Marcus Carey" <marcus.carey at verizon.net> Reviewed by: PR: 265
More information to the important issue of seeding the PRNG Submitted by: Reviewed by: PR: 285
Make sure permissions are friendly when building release tar file. Submitted by: Reviewed by: PR: 171
Typo. Submitted by: assar <assar at kth.se> Reviewed by: PR:
Missing =back Submitted by: Reviewed by: PR:
Correct reference to section name. Submitted by: Reviewed by: PR:
Opportunistic change to work around pod2latex bug: rename NAME OPTIONS section to SUBJECT AND ISSUER NAME OPTIONS Submitted by: Reviewed by: PR: 333
Don't declare 2 WARNINGS sections Submitted by: Reviewed by: PR:
No such reference to link to (found running pod2latex). Submitted by: Reviewed by: PR:
Use =back to finish =over (found using pod2latex). Submitted by: Reviewed by: PR:
The pointer to the cipher object is not yet set, when session was reloaded from external cache (using d2i_SSL_SESSION). Perform comparison based on the cipher's id instead. Submitted by: Steve Haslam <araqnid at innocent.com> Reviewed by: PR: 288
Fix buggy #! magic and update ssleay->openssl Submitted by: Reviewed by: PR: 305
Better workaround to the "=head1 NAME OPTIONS" pod2latex problem: NAME OPTIONS are a subset of OPTIONS, so just make it =head2! Submitted by: Reviewed by: PR: 333
Fix bug introduced by the attempt to fix client side external session caching (#288): now internal caching failed (#351): Make sure, that cipher_id is set before comparing. Submitted by: Reviewed by: PR: 288 (and 351)
Missing ")" Submitted by: Christian Hohnstaedt <chohnstaedt at innominate.com> Reviewed by: PR:
Fix wrong URI. Submitted by: assar at kth.se Reviewed by: PR: 390
Update -Olimit setting. Submitted by: Bernhard Simon <simon at zid.tuwien.ac.at> Reviewed by: PR:
Fix Kerberos5/SSL interaction Submitted by: "Kenneth R. Robinette" <support at securenetterm.com> Reviewed by: PR:
Some more adjustments Submitted by: Jeffrey Altman <jaltman at columbia.edu>, "Kenneth R. Robinette" <support at securenetterm.com>
Fix wrong handling of session ID in SSLv2 client code.
Add information about AES cipher suites to ciphers manual page.
Third argument to shl_load() is "long address", not a pointer. (Didn't influence functionality, as on HP-UX 32bit the NULL pointer is a 32bit 0-value and thus is identical to the required 0L.)
Document hpux-parisc2-cc problems, probably due to optimizer bug.
Really fix SSLv2 session ID handling
Fix initialization sequence to prevent freeing of unitialized objects. Submitted by: Nils Larsch <nla at trustcenter.de>
ncr-scde target needs -lc89 for strcasecmp() and ftime() (Tim Rice, Martin Megele).
Armor against systems without ranlib... Submitted by: Thierry Lelegard <thierry.lelegard at canal-plus.fr>
Add SCO5 shared library scripts. Upate SVR5 scripts for the upcoming 0.9.7b. Submitted by: Boyd Lynn Gerber <gerberb at zenez.com>
Add warning about unwanted side effect when calling SSL_CTX_free(): sessions in the external session cache might be removed. Submitted by: "Nadav Har'El" <nyh at math.technion.ac.il>
Fix ordering of compare functions: strncmp() must be used first, a the cipher name in the list is not guaranteed to be at least "buflen" long. PR: 567 Submitted by: "Matt Harren" <matth at cs.berkeley.edu>
Move header file inclusion to prevent irritation of users forgetting to call "make depend" after enabling or disabling ciphers... Submitted by: Tal Mozes <talm at cyber-ark.com>
Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before) Submitted by: dg at sunet.ru (Daniel Ginsburg)
Clarify ordering of certificates when using certificate chains
Clarify return value of SSL_connect() and SSL_accept() in case of the WANT_READ and WANT_WRITE conditions.
Clarify wording of verify_callback() behaviour.
Provide ASFLAGS in the subdirectories handling assembler code.
Catch error condition to prevent NULL pointer dereference. Submitted by: Goetz Babin-Ebell <babin-ebell at trustcenter.de>
Make sure to initialize AES counters to obtain proper results. Submitted by: Kirill Kochetkov <kochet at ixbt.com>
Free "engine" resource in case of failure to prevent memory leak PR: #778 Submitted by: George Mitchell <george at m5p.com>
Some more ASFLAGS settings required PR: #735 Submitted by: Tim Rice <tim at multitalents.net>
Restructure make targets to allow parallel make. Submitted by: Witold Filipczyk <witekfl at poczta.gazeta.pl>
unintptr_t and <inttypes.h> are not strictly portable with respect to ANSI C 89. Undo change to maintain compatibility.
Update URI Submitted by: Gertjan van Oosten <gertjan at West.NL>
Add s_time manual page Submitted by: "Martin Witzel" <MWITZEL at de.ibm.com>
Updates to s_time manual page PR: #570 Submitted by: Martin Witzel <MWITZEL at de.ibm.com>
Cover all DSA setups when running tests PR: #748 Submitted by: Kirill Kochetkov <kochet at ixbt.com>
More precise explanation of session id context requirements.
Fix hang in EGD/PRNGD query when communication socket is closed prematurely by EGD/PRNGD. PR: 1014 Submitted by: Darren Tucker <dtucker at zip.com.au>
Fix typo on blowfish manual page PR: 1010 Submitted by: Marc Balmer <mbalmer at openbsd.org>
Typo
Update to new home page
Fix incorrect handling of special characters PR: 1459 Submitted by: tnitschke at innominate.com Reviewed by: steve at openssl.org
Add support for m68k linux PR: 1277 Submitted by: Mike Frysinger <vapier at gentoo.org>
Add automatic detection for Linux on SuperH PR: 1152 Submitted by: Mike Frysinger <vapier at gentoo.org>
Extend SMTP and IMAP protocol handling to perform the required EHLO or CAPABILITY handshake before sending STARTTLS
Fix problem with multi line responses in -starttls by using a buffering BIO and BIO_gets().
Do not use uninitialized memory to seed the PRNG as it may confuse code checking tools. PR: 1499
Initialize "buf" to 0 to make valgrind happy :-) Note: the RAND_bytes() manual page says: RAND_bytes() puts num cryptographically strong pseudo-random bytes into buf. It does not talk about using the previous contents of buf so we are working as documented.
Port from 0.9.8-stable
Typos PR: 1578 Submitted by: Charles Longeau <chl at tuxfamily.org>
Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f
Add OIDs by CMP (RFC 4210) and CRMF (RFC 4211)
Typos in man pages: dependant->dependent
Add missing colon in manpage
Fix URI of OpenSSL Request Tracker information PR: 1661
Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev PR: 1552 Submitted by: Roumen Petrov <openssl at roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev at gmail.com>
Correctly handle case of bad arguments supplied to rsautl PR: 1659
Fix incorrect return value in apps/apps.c:parse_yesno() PR: 1607 Submitted by: "Christophe Macé" <mace.christophe at gmail.com>
Another minor update from the mingw development PR: 1552 Submitted by: Roumen Petrov <openssl at roumenpetrov.info>
Add missing 'extern "C" {' to some _err.h files in crypto/engines/ PR: 1609
Another occurance of possible valgrind/purify "uninitialized memory" complaint related to the PRNG: with PURIFY policy don't feed uninitialized memory into the PRNG.
Typo. (From 0.9.8-stable/S. Henson) PR: 1672
Provide information about "openssl dgst" -hmac option.
Document "openssl s_server" -crl_check* options
Correctly adjust location of comment
Remove all root CA files (beyond test CAs including private key) from the OpenSSL distribution.
Clear error queue when starting SSL_CTX_use_certificate_chain_file PR: 1417, 1513 Submitted by: Erik de Castro Lopo <mle+openssl at mega-nerd.com>
Reword comment to be much shorter to stop other people from complaining about "overcommenting".
Add README about removed root CA certificates.
Refer to SSL_pending from the man page for SSL_read
Fix incorrect command for assember file generation on IA64
When the underlying BIO_write() fails to send a datagram, we leave the offending record queued as 'pending'. The DTLS code doesn't expect this, and we end up hitting an OPENSSL_assert() in do_dtls1_write().
Half of the commit for 0.9.8 as the bitmap handling has changed. (Firstly... ommitted)
Remove the DTLS1_BAD_VER thing from 0.9.9-dev. It is present in 0.9.8 but has been omitted from HEAD (0.9.9), see commit http://cvs.openssl.org/chngview?cn=16627 by appro.
Add missing "-d" to option list of openssl version.
Allow detection of input EOF in quiet mode by adding -no_ign_eof option to s_client application. PR: #1761 Submitted by: David Woodhouse <dwmw2 at infradead.org>
Clarify (non-)blocking behavior of EGD socket interface used by RAND_egd().
apps/speed.c: children should not inherit buffered I/O PR: 1787 Submitted by: Artur Klauser <aklauser at google.com>
Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP
Mark J. Cox (19):
Fixes to BN code. Previously the default was to define BN_RECURSION but the BN code had some problems that would cause failures when doing certificate verification and some other functions.
fix typo
Fix some more typos
Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
add what I'm doing and a vote
Updates to the new SSL compression code [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD). The problem was that one of the replacement routines had not been working since SSLeay releases. For now the offending routine has been replaced with non-optimised assembler. Even so, this now gives around 95% performance improvement for 1024 bit RSA signs.
This corrects the reference count handling in SSL_get_session. Previously, the returned SSL_SESSION didn't have its reference count incremented so the SSL_SESSION could be freed at any time causing seg-faults if the pointer was subsequently used. Code that uses SSL_get_session must now make a corresponding SSL_SESSION_free() call when it is done to avoid memory leaks (or blocked up session caches).
I've still got one left; the backport of the Broadcom UBSEC driver to 0.9.6 that we've got - just waiting for clearance on that one Submitted by: Reviewed by: PR:
Phew, finished Submitted by: Reviewed by: PR:
Mention that the keys likely to have signed the distribution are now listed on the web site for easy finding and downloading
Make sure head CHANGES is up to date, we refer to this in announce.txt
one time CAN->CVE update
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher (CVE-2006-4339)
Fix buffer overflow in SSL_get_shared_ciphers() function. (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix ASN.1 parsing of certain invalid structures that can result in a denial of service. (CVE-2006-2937) [Steve Henson]
Initialise ctx to NULL to avoid uninitialized free, noticed by Steve Kiernan
This entry was in 0.9.8m changelog but missing from here, since it's security relevent we'd better list it.
Remove latest version, it's pretty redundant and just one more thing to keep up to date with releases. Reported because http://www.openssl.org/support/faq.html#MISC1 was out of date
Martin Brejcha (2):
dgram_sctp_ctrl: authkey memory leak
Fix memory leak.
Martin Kaiser (3):
Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352
Modify the description of -noout to match the manpage. PR#3364
remove duplicate 0x for default RSASSA-PSS salt len
Martin Nowak (1):
remove duplicate defines
Martin Olsson (5):
RT2513: Fix typo's paramter-->parameter
RT2848: Remove extra NULL check
RT2847: Don't "check" uninitialized memory
RT2842: Remove spurious close-comment marker.
RT2843: Remove another spurious close-comment token
Mat (1):
typo
Matt Caswell (131):
Make binary curve ASN.1 work in FIPS mode.
Document updates from wiki.
PKCS5_PBKDF2_HMAC documentation submitted by Jeffrey Walton
Fixed minor errors in docs
Fix SSL_CONF_cmd missing =back
Fixed spelling error in error message. Fix supplied by Marcos Marado
Fixed NULL pointer dereference in PKCS7_dataDecode reported by David Ramos in PR#3339
Fixed CRLF in file
Move length check earlier to ensure we don't go beyond the end of the user's buffer. PR#3320
Fixed NULL pointer dereference. See PR#3321
Moved note about lack of support for AEAD modes out of BUGS section to SUPPORTED CIPHERS section (bug has been fixed, but still no support for AEAD)
Fixed unterminated B tag, causing build to fail with newer pod2man versions
Fixed minor copy&paste error, and stray space causing rendering problem
Fix for non compilation with TLS_DEBUG defined
Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg
Added -strictpem parameter to enable processing of PEM files with data prior to the BEGIN marker
Changed -strictpem to use PEM_read_bio
Added SSLErr call for internal error in dtls1_buffer_record
Fixed minor duplication in docs
Fixed incorrect return code handling in ssl3_final_finish_mac
Added OPENSSL_assert check as per PR#3377 reported by Rainer Jung <rainer.jung at kippdata.de>
Revert "Fixed incorrect return code handling in ssl3_final_finish_mac"
Fixed incorrect return code handling in ssl3_final_finish_mac. Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.
Tidied up, added include to stdlib, removed "goto bad" usage
Fix minor typos
Fixed Windows compilation failure
Revert "Fix off-by-one errors in ssl_cipher_get_evp()"
Fixed error in pod files with latest versions of pod2man
Fix memory leak in BIO_free if there is no destroy function. Based on an original patch by Neitrino Photonov <neitrinoph at gmail.com>
Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data. This is actually ok for this function, but initialised to zero anyway if PURIFY defined.
Add Matt Caswell's fingerprint, and general update on the fingerprints file to bring it up to date
Disabled XTS mode in enc utility as it is not supported
Added comment for the frag->reassembly == NULL case as per feedback from Emilia
Fix DTLS handshake message size checks.
Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read.
RT1665: Fix podpath to get xref's right
Fixed out-of-bounds read errors in ssl3_get_key_exchange.
Typo fixes to evp documentation.
RT3065: automatically generate a missing EC public key
Fixed double inclusion of string.h
RT3192: spurious error in DSA verify
Removed duplicate definition of PKCS7_type_is_encrypted
Fix for SRTP Memory Leak
Fix SRTP compile issues for windows
Updates CHANGES file
Updates to NEWS file
Fix free of garbage pointer. PR#3595
Updated comment references to draft-ietf-tls-ecc-12 to refer to RFC4492 instead
Fixed cms-test.pl for no-ec2m
Added references to RFC 7027
Fix s_server -ssl2. Previously this reported "Error setting EC curve"
When using EVP_PKEY_derive with a KDF set, a negative error from ECDH_compute_key is silently ignored and the KDF is run on duff data
Corrected comments in ssl.h about SSLv23_method and friends
Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask
Add include of ssl.h which is required by srtp.h
Updates to EVP_PKEY_encrypt.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell.
Updates to X509_NAME_add_entry_by_txt.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell.
Updates to X509_NAME_get_index_by_NID.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell
Tidy up ocsp help output
Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST
Add checks to the return value of EVP_Cipher to prevent silent encryption failure.
Delete unused file
Check EVP_Cipher return values for SSL2
Remove more references to dtls1_enc
Fix warning in ssl2_enc
Verify that we have a sensible message len and fail if not RT#3592 provides an instance where the OPENSSL_assert that this commit replaces can be hit. I was able to recreate this issue by forcing the underlying BIO to misbehave and come back with very small mtu values. This happens the second time around the while loop after we have detected that the MTU has been exceeded following the call to dtls1_write_bytes.
The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being automatically updated, and we should use the one provided instead. Unfortunately there are a couple of locations where this is not respected.
The first call to query the mtu in dtls1_do_write correctly checks that the mtu that we have received is not less than the minimum. If its less it uses the minimum instead. The second call to query the mtu does not do that, but instead uses whatever comes back. We have seen an instance in RT#3592 where we have got an unreasonably small mtu come back. This commit makes both query checks consistent.
There are a number of instances throughout the code where the constant 28 is used with no explanation. Some of this was introduced as part of RT#1929. The value 28 is the length of the IP header (20 bytes) plus the UDP header (8 bytes). However use of this constant is incorrect because there may be instances where a different value is needed, e.g. an IPv4 header is 20 bytes but an IPv6 header is 40. Similarly you may not be using UDP (e.g. SCTP). This commit introduces a new BIO_CTRL that provides the value to be used for this mtu "overhead". It will be used by subsequent commits.
Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) and instead use the value provided by the underlying BIO. Also provide some new DTLS_CTRLs so that the library user can set the mtu without needing to know this constant. These new DTLS_CTRLs provide the capability to set the link level mtu to be used (i.e. including this IP/UDP overhead). The previous DTLS_CTRLs required the library user to subtract this overhead first.
Fix dtls_query_mtu so that it will always either complete with an mtu that is at least the minimum or it will fail. There were some instances in dtls1_query_mtu where the final mtu can end up being less than the minimum, i.e. where the user has set an mtu manually. This shouldn't be allowed. Also remove dtls1_guess_mtu that, despite having logic for guessing an mtu, was actually only ever used to work out the minimum mtu to use.
If we really get a situation where the underlying mtu is less than the minimum we will support then dtls1_do_write can go into an infinite loop. This commit fixes that.
Updates to s_client and s_server to remove the constant 28 (for IPv4 header and UDP header) when setting an mtu. This constant is not always correct (e.g. if using IPv6). Use the new DTLS_CTRL functions instead.
Only use the fallback mtu after 2 unsuccessful retransmissions if it is less than the mtu we are already using
Remove "#if 0" code
Remove incorrect code inadvertently introduced through commit 59669b6ab.
Add support for OCB mode as per RFC7253
Add EVP support for OCB mode
Add tests for OCB mode
Add documentation for OCB mode
Added OPENSSL_NO_OCB guards
Add CHANGES entry for OCB
Fix memory leak in SSL_new if errors occur.
Fixed memory leak in the event of a failure of BUF_MEM_grow
Remove internal bn dependancies from speed.c
Prepare for bn opaquify. Implement internal helper functions.
Prepare exptest for bn opaquify
Implement internally opaque bn access from asn1
Implement internally opaque bn access from dh
Implement internally opaque bn access from dsa
Implement internally opaque bn access from ec
Implement internally opaque bn access from evp
Implement internally opaque bn access from rsa
Implement internally opaque bn access from srp
Implement internally opaque bn access from ts
Disable engines that will fail to build when bn is made opaque
Update apps for bn opaque change
Make bn opaque
Update documentation following BN opaquify
Move bn internal functions into bn_int.h and bn_lcl.h
make update
Fixed memory leak if BUF_MEM_grow fails
DTLS fixes for signed/unsigned issues
Remove extraneous white space, and add some braces
Add OPENSSL_NO_ECDH guards
Add missing OPENSSL_NO_EC guards
Rename gost2814789t.c to gost2814789test.c. The old name caused problems for dummytest if gost is compiled out, since the name of the test is not standard (dummytest segfaults). Also the old name caused problems for git because the executable was not in the .gitignore file
Add more meaningful OPENSSL_NO_ECDH error message for suite b mode
The dtls1_output_cert_chain function no longer exists so remove it from ssl_locl.h
Turn on OPENSSL_NO_DEPRECATED by default. Also introduce OPENSSL_USE_DEPRECATED. If OPENSSL_NO_DEPRECATED is defined at config stage then OPENSSL_USE_DEPRECATED has no effect - deprecated functions are not available. If OPENSSL_NO_DEPRECATED is not defined at config stage then applications must define OPENSSL_USE_DEPRECATED in order to access deprecated functions. Also introduce compiler warnings for gcc for applications using deprecated functions
Remove redundant OPENSSL_NO_DEPRECATED suppression
Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED Introduce use of DECLARE_DEPRECATED
make update following changes to default config settings
Update CHANGES for deprecated updates
Made it an error to define OPENSSL_USE_DEPRECATED if OpenSSL has been built with OPENSSL_NO_DEPRECATED defined
Fix a problem if CFLAGS is too long cversion.c fails to compile when config is run with --strict-warnings.
Additional fix required for no-srtp to work
Remove blank line from start of cflags character array in buildinf.h
Further comment amendments to preserve formatting prior to source reformat
Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane.
A memory leak can occur in dtls1_buffer_record if either of the calls to ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion.
Fix build failure on Windows due to undefined cflags identifier
Update .gitignore with windows files to be excluded from git
Further windows specific .gitignore entries
Remove redundant DSO_METHOD_beos declaration in dso.h. BEOS support has been removed.
make update
Fix no-deprecated on Windows
Ensure internal header files are used from mk1mf based builds
Avoid deprecation problems in Visual Studio 13
Fix warning where BIO_FLAGS_UPLINK was being redefined. This warning breaks the build in 1.0.0 and 0.9.8
Make output from openssl version -f consistent with previous versions
Matt Smart (1):
Fix doc typo.
Matthias Andree (1):
RT2272: Add old-style hash to c_rehash
Matthieu Crapet (1):
RT 1505: Use SSL3_AL_FATAL not "2"
Michael Tuexen (4):
Avoid unnecessary fragmentation.
DTLS handshake fix.
DTLS message_sequence number wrong in rehandshake ServerHello
Fix incorrect OPENSSL_assert() usage.
Michal Bozon (2):
Corrected POD syntax errors. PR#3353
Correct timestamp output when clock_precision_digits > 0
Mihai Militaru (1):
RT2210: Add missing EVP_cleanup to example
Mike Bland (16):
Unit/regression test for TLS heartbeats.
More through error checks in set_up
Zero-initialize heartbeat test write buffer
Fix heartbeat_test for -DOPENSSL_NO_HEARTBEATS
Create test/testutil.h for unit test helper macros
test/testutil.c test registry functions.
Use testutil registry in heartbeat_test
Update heartbeat_test #includes
Check the test registry size during add_test()
Add cscope.out and .d files to .gitignore
Emit PERLASM_SCHEME to fix GitMake on OS X
{,darwin64-}debug-test-64-clang Configure targets
Improve variable parsing when generating MINFO
Remove redundant test targets outside of test/
Add missing SRC variable
Add whrlpool and camellia .s files to perlasm list
Mike Frysinger (1):
Have the .pc files depend on each other rather than duplicating the various link settings. PR#3332
Miod Vallat (1):
Fix off-by-one errors in ssl_cipher_get_evp()
Naftuli Tzvi Kay (1):
Added custom PBKDF2 iteration count to PKCS8 tool.
Nick Alcock (1):
Fix POD errors to stop make install_docs dying with pod2man 2.5.0+
Nick Lewis (1):
PR 2580: dgst missing current SHA algorithms
Nick Mathewson (2):
Do not include a timestamp in the Client/ServerHello Random field.
Fix another gmt_unix_time case in server_random
Nick Urbanik (1):
RT2609: Typo in EXAMPLE section of req.pod
Nils Larsch (197):
some const fixes
add new curves to the loop (with some cleanup from me)
test, remove unnecessary const cast
when building with OPENSSL_NO_DEPRECATED defined BN_zero is a macro which cannot be evaluated in an if statement
the second argument of EVP_SealInit is const
update docs (recent constification)
Makefile.ssl doesn't exist anymore
fix header
use SSL3_VERSION_MAJOR instead of SSL3_VERSION etc.
really clear the error queue here
use SHA-1 as the default digest for the apps/openssl commands
remove unused recp method
some const fixes and cleanup
fix example in docu
update progs.pl to reflect changes in progs.h
some const fixes
const fixes
make sure error queue is totally emptied
get rid of very buggy and very imcomplete DH cert support
improve docu of SSL_CTX_use_PrivateKey()
add support for DER encoded private keys to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
include limits.h for UINT_MAX etc.
Makefile.ssl -> Makefile
EVP_CIPHER_CTX_init is a void function + fix typo
const fixes
the pointer to the message digest is const
- use BN_set_negative and BN_is_negative instead of BN_set_sign and BN_get_sign - implement BN_set_negative as a function - always use "#define BN_is_zero(a) ((a)->top == 0)"
make update
more const
change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible
make asn.1 field names const
update
remove false positive
some updates for the blinding code; summary: - possibility of re-creation of the blinding parameters after a fixed number of uses (suggested by Bodo) - calculatition of the rsa::e in case it's absent and p and q are present (see bug report #785) - improve the performance when if one rsa structure is shared by more than a thread (see bug report #555) - fix the problem described in bug report #827 - hide the definition ot the BN_BLINDING structure in bn_blind.c
add docu for BN_BLINDING functions
add missing parentheses
no Makefile.ssl anymore
get rid of Makefile.ssl in util/
avoid warnings when building on systems where sizeof(void *) > sizeof(int)
add reference to BN_BLINDING_new.pod
add 192 bit prime curve to the command line options
hide the definition of ECDSA_METHOD and ECDSA_DATA (and mutatis mutandis for ecdh)
remove some false positive
check return value of RAND_pseudo_bytes; backport from the stable branch
remove false positive
don't let BN_CTX_free(NULL) segfault
backport fix from the stable branch
fix typo
rewrite of bn_nist.c, disable support for some curves on 64 bit platforms for now (it was broken anyway)
remove BN_ncopy, it was only used in bn_nist.c and wasn't particular useful anyway
remove false positive
fix compiler warning; pow10 is also in math.h
give EC_GROUP_*_nid functions a more meaningful name EC_GROUP_get_nid -> EC_GROUP_get_curve_name EC_GROUP_set_nid -> EC_GROUP_set_curve_name
improve command line argument checking
give EC_GROUP_new_by_nid a more meanigful name: EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
use 'p' as conversion specifier for printf to avoid truncation of pointers on 64 bit platforms. Patch supplied by Daniel Gryniewicz via Mike Frysinger <vapier at gentoo.org>.
ecc api cleanup; summary: - hide the EC_KEY structure definition in ec_lcl.c + add some functions to use/access the EC_KEY fields - change the way how method specific data (ecdsa/ecdh) is attached to a EC_KEY - add ECDSA_sign_ex and ECDSA_do_sign_ex functions with additional parameters for pre-computed values - rebuild libeay.num from 0.9.7
simplify EC_KEY_dup
make the type parameter const when ID2_OF_const() is used
fix "dereferencing type-punned pointer will break strict-aliasing rules" warning when using gcc 4.0
update ecdsa doc
fix potential memory leak
fix typo, add prototype
include opensslconf.h if OPENSSL_NO_* is used
changes from 0.9.8
fix assertion
clear error queue on success and return NULL if no cert could be read
check return value
ssl_create_cipher_list should return an error if no cipher could be collected (see SSL_CTX_set_cipher_list manpage). Fix handling of "cipher1+cipher2" expressions in ssl_cipher_process_rulestr.
use "=" instead of "|=", fix typo
- let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an error if the cipher list is empty - fix last commit in ssl_create_cipher_list - clean up ssl_create_cipher_list
replace the deprecated "-m486" gcc option with "-march=i486"
update FAQ
update for the cswift engine: - fix the problem described in bug report 825 - fix a segfault when the engine fails to initialize - let the engine switch to software when keysize > 2048
clear dso pointer in case of an error
remove OPENSSL_NO_ASM dependency
initialize newly allocated data
the second argument of d2i_X509, d2i_X509_CRL and d2i_X509_REQ is const
add missing entries for "-multivalue-rdn" and "-utf8" in ca.pod and req.pod
make ./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa] make depend all test work again
bugfix: 0 - w (w != 0) is actually negative
fix typo
the final byte of a pkcs7 padded plaintext can never be 0
set correct bn->top value
fix BN_mod_word and give a more reasonable return value if an error occurred
improved error checking and some fixes
remove unused variable
add comment
fix potential memory leak + improved error checking
avoid infinite recursion if dynamic engine isn't loaded
remove unused internal foo_base_method functions
a ssl object needs it's own instance of a ecdh key; remove obsolete comment
Let the TLSv1_method() etc. functions return a const SSL_METHOD pointer and make the SSL_METHOD parameter in SSL_CTX_new, SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
add missing file
initialize cipher/digest methods table in SSL_library_init() and hence remove the need for a lock
Keep cipher lists sorted in the source instead of sorting them at runtime, thus removing the need for a lock. Add a test to ssltest to verify that the cipher lists are sorted.
fix warnings when building openssl with the following compiler options: -Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar -Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts -Wstrict-prototypes -Wreturn-type -Wpointer-arith -W -Wunused -Wno-unused-parameter -Wuninitialized
don't try to load cert/key when the "-nocert" option is set
fix typo in sbgp names
fix function name in error
bugfix: register engine as default engine in ENGINE_set_default_DSA
fix typos
add some doxygen comments
cleanup doxygen comments
protect BN_BLINDING_invert with a write lock and BN_BLINDING_convert with a read lock
successfully updating the db shouldn't result in an error message
compile sstrsep only if HAVE_FORK is defined; patch supplied by Johan Gill <johane at lysator.liu.se>
fix typo, pointed out by Patrick Guio
2 is a prime
fix comment
support numeric strings in ASN1_generate_nconf
recent changes from 0.9.8: fix cipher list order in s3_lib.c, make "no-ssl2" work again
add additional checks + cleanup
fix if statement: call conn_state() if the BIO is not in the BIO_CONN_S_OK state
p could be uninitialized
remove unnecessary check
fix typo: pass pre-computed parameters to the underlying signature function; thanks to Lucas Newman
fix warning
fix warning: add missing prototype
use stricter prototypes, fix warnings
don't use the l length modifier for int
use asn1 callbacks for new, free and d2i
fix typos
make some internal functions static; patch supplied by Kurt Roeckx
fix no-dh configure option; patch supplied by Peter Meerwald
fix "#ifndef HZ" statement
force C locale when using [a-z] in sed expressions
make some parameters const
no need to cast away the const
constify some print and ts functions
fix function name in error message
add initial support for RFC 4279 PSK SSL ciphersuites
make update
fix signed vs. unsigned warning
fix "missing initializer" warning
fix signed vs. unsigned warning
note that SSL_library_init() is not reentrant
use BIO_snprintf() instead of snprintf + use BIO_FP_TEXT for text output
fix comment
remove unused variables
signed vs. unsigned
fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()
fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()
create BN_CTX object
fix problems found by coverity: remove useless code
fix for OPENSSL_NO_EC
remove unnecessary code
check if con != NULL before using it
ensure the pointer is valid before using it
fix last commit: return NULL is TS_RESP_CTX_set_status_info_cond() failed
make local function static
as we encrypt every bit separately we need to loop through the number of bits; thanks to Michael McDougall <mmcdouga at saul.cis.upenn.edu>
undo accidental commit
return an error if the supplied precomputed values lead to an invalid signature
fix OPENSSL_NO_foo defines
update md docs
remove SSLEAY_MACROS code
fix warning
register the engine as default engine in ENGINE_set_default()
replace macros with functions
add support for whirlpool in apps/speed
add "Certificate Issuer" and "Subject Directory Attributes" OIDs
allocate a new attributes entry in X509_REQ_add_extensions() if it's NULL (in case of a malformed pkcs10 request)
return 0 if 'noout' is used and no error has occurred
avoid duplicate entries in add_cert_dir()
fix documentation
use const ASN1_TIME *
properly initialize SSL context, check return value
fix order
remove trailing '\'
add support for ecdsa-with-sha256 etc.
update
fix order
update pkcs12 help message + manpage
fix typos
use OPENSSL_NO_DYNAMIC_ENGINE macro, disable debug messages
fix return value of get_cert_chain()
remove undefined constant
fix potential memory leaks
fix documentation
add support for DSA with SHA2
add note about 56 bit ciphers
fix typo
ensure that a ec key is used
remove unused variable
remove unreachable code
use user-supplied malloc functions for persistent kssl objects
avoid shifting input
- use OPENSSL_malloc() etc. in zlib - move zlib_stateful_ex_idx initialization to COMP_zlib()
ensure that the EVP_CIPHER_CTX object is initialized
remove dead code
allow EVP_PKEY_CTX_free(NULL)
remove unused file
size_t -> int
check if pointer is != NULL before dereferencing it (Coverity CID 40)
check correct pointer before freeing it (Coverity CID 79,86)
check return value of ASN1_item_i2d(), Coverity ID 55
Oscar Jacobsson (1):
Add 3072, 7680 and 15360 bit RSA tests to openssl speed
PK (1):
Add SHA256 Camellia ciphersuites from RFC5932
Paul C. Sutton (11):
Makefiles updated to exit if an error occurs in a sub-directory make (including if user presses ^C)
Make the installation documentation easier to follow.
Add votes
ssldir.pl did not correctly set the directory in utils/mk1mk.pl when perl5 was used.
Some more changes for renaming the binary from ssleay to openssl. I wonder what eay.c is?
A couple more ssleay.cnf to openssl.cnf changes
Binary is now apps/openssl not apps/ssleay so use the new name when rehashing the test certs
Various ssleay to openssl fixups
Reflect change from "ssleay" to "openssl" as the main binary name. Also document "sh config" as an easier alternative to "./Configure system".
Update scripts to use "openssl" instead of "ssleay"
The dir is named util/ and better to explicitly call the perl interpreter because not everyone has it in /usr/local/bin/perl.
Paul Suhler (1):
RT2841: Extra return in check_issued
Peter Mosmans (2):
Fix for test_bn regular expression to work on Windows using MSYS. PR#3346
Add names of GOST algorithms.
Phil Mesnier (1):
RT3334: Fix crypto/LPdir_win.c
Piotr Sikora (4):
Fix SSL_OP_SINGLE_ECDH_USE
Fix compilation with no-nextprotoneg.
Retry callback only after ClientHello received.
Fix building with no-srtp
Ralf S. Engelschall (189):
This commit was generated by cvs2svn to track changes on a CVS vendor branch.
Import of old SSLeay release: SSLeay 0.8.1b
This commit was generated by cvs2svn to track changes on a CVS vendor branch.
Import of old SSLeay release: SSLeay 0.8.1b
This commit was generated by cvs2svn to track changes on a CVS vendor branch.
Import of old SSLeay release: SSLeay 0.9.0b
This commit was generated by cvs2svn to track changes on a CVS vendor branch.
Import of old SSLeay release: SSLeay 0.9.0b
Import of old SSLeay release: SSLeay 0.9.1b (unreleased)
This commit was generated by cvs2svn to track changes on a CVS vendor branch.
Import of old SSLeay release: SSLeay 0.9.1b (unreleased)
This commit was generated by cvs2svn to track changes on a CVS vendor branch.
Various cleanups and fixed by Marc and Ralf to start the OpenTLS project
*** empty log message ***
Incorporation of RSEs assembled patches
OpenTLS ready
*** empty log message ***
Fix unused variable warning of GCC
Switch to OpenSSL name
*** empty log message ***
Switch version string to SSLeay/OpenSSL
Add include dir
*** empty log message ***
*** empty log message ***
*** empty log message ***
Test for new CVS repository
Test remote CVS commit...
Import the first cut for manual pages.
Fix an error message
Replace AUTHOR with a better HISTORY as in FreeBSD's manpages
Create a STATUS file to coordinate us. Feel free to edit
Cleanup of doc/ directory: The old/obsolete SSLeay files are now assembled together in a ssleay.txt file.
Ops, forgot to commit the changes entry in recent commit...
MIME encoding and ISO chars at the same time messes up the stuff
Fix version stuff:
Puhhh... now we've documented the prototypes of all 214 API "functions". This is a pain to do, because of the various macro definitions which I had to expand manually to get their prototype :-(
More structuring and sorting of the SSL API documentation. And the first steps to descriptions in prosa.
Some issues for voting
A hint about the license
Remove more old temporary files from CVS
cleanup of apps/ and an answer
Make GCC happy by removing an unused variable defintion.
First cut of a cleanup for apps/. First the `ssleay' program is now named `openssl' and second, the shortcut symlinks for the `openssl <command>' are no longer created. This way we have a single and consistent command line interface `openssl <command>', similar to `cvs <command>'.
A few train of thoughts about the build procedure mess
More .cvsignore stuff to make CVS quiet on our generated files.
The dir is named util/ and better to explicitly call the perl interpreter because not everyone has it in /usr/local/bin/perl.
Make sure the already existing X509_STORE->depth variable is initialized in X509_STORE_new(), but document the fact that this variable is still unused in the certificate verification process.
Start keeping track of wishes people make on our mailing lists to make sure we don't forget them and this way we have them bundled together.
Fix names in usage page of s_time, s_server and s_client
One more incorrect name in usage page
Fill in more contents for the openssl(1) manpage.
Fixed ms/32all.bat script: `no_asm' -> `no-asm'
Add CygWin32 platform information to Configure script.
Change address now that we've the mailing lists established
Update
Ignore crypto/x509v3/lib
Make sure `make rehash' target really finds the `openssl' program.
Update README file a little bit...
Reflect correct filename
Ops, one more reference to 0.9.1c. Make sure we don't forget it...
First cut for a very conservative source tree cleanup:
Remember the cleanup
Ignore mx86unix.cpp which is generated on Intel platforms
Overhauled the Perl interface (perl/*):
What is on my ToDo list...
Remove three more bogus files (2x temp file, 1x trash)
Remove one more totally bogus source file. This one is exactly the same as ssl_sess.c. Thanks to Adam Goodman <adam at a-domain.com> for hint.
Make sure latest Perl versions don't interpret some generated C array as Perl array code in the crypto/err/err_genc.pl script.
Ok, propose a release date of March 15th with a code freeze a few days before so we have enough time for final testing and tarball rolling.
Remember some open issues and available patches
Make gcc -Wall happy ("might be used uninitialized...")
Fix usage message on gendsa: 1. The dsaparam argument is mandatory and not optional 2. Add a little text what this actually is: a filename
Get rid of a nasty debugging message which was forgotten here...
Make `openssl x509 -noout -modulus' functional also for DSA certificates (in addition to RSA certificates) to match the behaviour of `openssl dsa -noout -modulus' as it's already the case for `openssl rsa -noout -modulus'. For RSA the -modulus is the real "modulus" while for DSA currently the public key is printed (a decision which was already done by `openssl dsa -modulus' in the past) which serves a similar purpose. Additionally the NO_RSA no longer completely removes the whole -modulus option; it now only avoids using the RSA stuff. Same applies to NO_DSA now, too.
Remember good pointers to Montgomery multiplication algorithm descriptions as pointed out by Dave Carman <carman at erols.com>
Don't hard-code path to Perl interpreter on shebang line of Configure script. Instead use the usual Shell->Perl transition trick.
More CVS ignore stuff...
Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal() from `int' to `unsigned int' because it's a length and initialized by EVP_DigestFinal() which expects an `unsigned int *'.
Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
Fix the cipher decision scheme for export ciphers: the export bits are *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK. So, the original variable has to be used instead of the already masked variable.
Typo
Move s_server -dcert and -dkey options out of the undocumented feature area because they are useful for the DSA situation and should be recognized by the users. Thanks to Steve for the original hint.
Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH private keys and/or callback functions which directly correspond to their SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed for applications which have to configure certificates on a per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g. s_server).
Remember one more wish from the users
Use consistent and existing addresses
Ops, the logic of the second argument has to be coupled with the != test to work correctly for the SSL_CTX_xxx situations, too. Now "make test" passes again fine.
Get rid of remaining C++-style comments which strict C compilers hate. (Pointed out by Carlos Amengual).
Don't install bss_file.c under PREFIX/include/. It was introduced by Eric between SSLeay 0.8 and 0.9 and just looks useless and confusing.
Remove confusing variables in function signatures in files ssl/ssl_lib.c and ssl/ssl.h. At least the double ctx-variable confused some compilers.
Added the new `Includes OpenSSL Cryptography Software' button as doc/openssl_button.{gif,html} which is similar in style to the old SSLeay button and can be used by applications based on OpenSSL to show the relationship to the OpenSSL project.
Fix GCC warning... t_req.c: In function `X509_REQ_print': t_req.c:181: warning: suggest explicit braces to avoid ambiguous `else'
General source tree makefile cleanups: Made `making xxx in yyy...' display consistent in the source tree and replaced `/bin/rm' by `rm'. Additonally cleaned up the `make links' target: Remove unnecessary semicolons, subsequent redundant removes, inline point.sh into mklink.sh to speed processing and no longer clutter the display with confusing stuff. Instead only the actually done links are displayed.
Ralf is now using FreeBSD 3.1 which runs ELF instead of a.out...
Cleaned up the LICENSE document: The official contact for any license questions now is the OpenSSL core team under openssl-core at openssl.org. And add a paragraph about the dual-license situation to make sure people recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply to the OpenSSL toolkit.
Bring the README file in sync and shape a little bit more...
Add a first cut for a NEWS document similar to what other packages (mostly GNU packages) provide. The idea is that because of the large number of CHANGES entries, this file summarizes the major changes for a brief overview.
just a little typo
Reshape the README file out of the existing README stuff into a single file. Need more cleanup for final release IMHO.
Move the SSL_CTX_xxx defines at the top of ssl.h to the location of other SSL_CTX_xxx defines. What was the reason to move them to the top, even before the copyright and #ifdef HEADER_SSL_H? Hmmm... when there was and still is a good reason feel free to reverse this patch, but please document why it is needed this way.
Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified on the `perl Configure ...' command line. This way one can compile OpenSSL libraries with Position Independent Code (PIC) which is needed for linking it into DSOs.
Typo :-)
Add a useful kludge to allow package maintainers to specify compiler and other platforms details on the command line without having to patch the Configure script everytime: One now can use ``perl Configure <id>:<details>'', i.e. platform ids are allowed to have details appended to them (seperated by colons). This is treated as there would be a static pre-configured entry in Configure's %table under key <id> with value <details> and ``perl Configure <id>'' is called. So, when you want to perform a quick test-compile under FreeBSD 3.1 with pgcc and without assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"'' now, which overrides the FreeBSD-elf entry on-the-fly.
Notice freeze state and update my entry
Two more .cvsignore files for the assembler stuff
Second round of fixing the OpenSSL perl/ stuff. It now at least compiled fine under Unix and passes some trivial tests I've now added. But the whole stuff is horribly incomplete, so a README.1ST with a disclaimer was added to make sure no one expects that this stuff really works in the OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and openssl_bio.xs.
Fix Win32 symbol export lists for BIO functions: Added BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data to ms/libeay{16,32}.def. I'm not a Win32 hacker, but I think I've done it correctly.
Let us start with some platform test list...
Start with some more tarball rolling preparation to make sure it's not overlooed next Monday: - rmlinks is no longer existing - use openssl as the name and not rse - don't roll the STATUS file into the tarball
Make `openssl version' output lines consistent.
typo
Solaris 2.6 makes still problems. Details were posted.
Make it more clear what option -WWW to s_server does.
Update to current state...
Two more things we should look at before release
Update platform test list
Update
Let util/clean-depend.pl work also with older Perl 5.00x versions.
Be less restrictive and allow also `perl util/perlpath.pl /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin', because this way one can also use an interpreter named `perl5' (which is usually the name of Perl 5.xxx on platforms where an Perl 4.x is still installed as `perl').
Just cosmetics: replace a tab with a normal space because the tab always looked too estoeric to my eyes while building... ;)
Some more source tree cleanups (removed obsolete files crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed permission on "config" script to be executable) and a fix for the INSTALL document.
Remove confusing hint to non-existing file. Instead make it clear that one shouldn't change it manually just here. The util/ssldir.pl script does more and has to be used for this. Pointed out by Jacques Supcik <supcik at inf.ethz.ch>.
Add missing pipe char to "make dist" target. Found by Richard Levitte <levitte at stacken.kth.se>
Print a little bit more information
Remove obsolete references to SSLeay and change default PLATFORM from "FreeBSD" to the generic "dist" as it's done implicitly by "make dist".
Be consistent: 0.9.2b
More 0.9.2 -> 0.9.2b
up_ver.pl is now obsolete
Remove up_ver.pl call
Bring style of INSTALL* documents in sync with README file and fix some inconsistencies.
Add latest changes to NEWS file
Final polishing for README file
One more 0.9.2b
function names recently changed - consistency.
Add two recently added functions
Merge ext-conf.txt and buffer.txt into a global openssl.txt because we shouldn't again start with thousend little text files or we quickly come back to the old SSLeay days ;-)
update list
Ops, interrupted commit. Fixed
Typo
Update after release...
Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h so they no longer are missing under -DNOPROTO.
Make sure the RSA OAEP test is skipped under -DRSAref because OAEP isn't supported when OpenSSL is built with RSAref.
Add .cvsignore in new pkcs12 directory
Fix a typo in the X.509v3 docs: cRLSign instead of cRLCertSign is correct according to the sources.... found by Steffen Dettmer <steffen at tfh-berlin.de>.
Fix a few typos and tabs while I'm poking around in ca.c...
Make sure a corresponding plain text error message exists for the X509_V_ERR_CERT_REVOKED/23 error number which can occur when a verify callback function determined that a certificate was revoked.
Fix `openssl crl -noout -text' combination where `-noout' killed the `-text' option at all and this way the `-noout -text' combination was inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
Add `openssl ca -revoke <certfile>' facility which revokes a certificate specified in <certfile> by updating the entry in the index.txt file. This way one no longer has to edit the index.txt file manually for revoking a certificate. The -revoke option does the gory details now.
SSL_ALLOW_ENULL was renamed to SSL_FORBID_ENULL some time ago by Ben.
Start with some plans...
Start assembling some NEWS entries....
Better to not have blanks in .cvsignore files
consistency cosmetics
Convert casted X509_INFO stacks to type-safe STACK_OF(X509_INFO).
Add missing sk_<type>_unshift() function to safestack.h
Bundle stack'ification entries on Bens request
Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+
Ok, give us more time....
Don't forget that it's freeze time now...
Protect applications from failing to compile when they try to directly include opensslv.h.
Puhhh... today is a very hot day.
Fix determination of Perl interpreter: A perl or perl5 _directory_ in $PATH was also accepted as the interpreter.
First cut for a proposed code freeze and release dates (from Steve and me). All OpenSSL developers: Please feel free to adjust the dates if they still do not fit into your personal scheduling.
typo while I poke around...
consistent style
A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency. Hint from: Andrija Antonijevic <TheAntony2 at bigfoot.com>
I don't think this is a real showstopper. Our internal verify procedure lacks even more and I consider this more a useful feature request than a release showstopper.
Let us prepare for tomorrow...
Remove the perl stuff also optically from the build procedure, because it could confuse people (which then send us bug reports)...
Fix two remaining prototype-related warnings
Backout the following change:
Install libRSAglue.a when OpenSSL is build with RSAref. This should now finally make the RSAref users happy...
Ok, final fix for `config' script to detect all flavors of FreeBSD in a more general way.
Ok, I'll do a few more final platform tests and then I'll roll the 0.9.4 tarball baby for us. PLEASE DO NOT COMMIT ANYTHING UNTIL YOU SEE MY FINAL COMMITS TO `STATUS' INDICATING THAT WE'VE REACHED 0.9.5-dev.
Bump version to 0.9.4
Bump after tarball rolling. Friends, feel free to start again hacking for 0.9.5... ;)
Add prototypes for new DSA functions Steve added recently.
Make gcc 2.95.2 happy again, even under ``-Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''.
Add an evil cast, because POSIX/SUSv2 define connect(2) require the second argument to be of type ``struct sockaddr *''.
Make gcc 2.95.2 happy here, too.
Add missing prototypes for new functions
Added configuration support for Linux/IA64
Fix Blowfish URL.
test blank-line commit after migration -- just ignore
test commit (removing trailing blanks) after migration
test commit (just removing tailing blanks) #2 after migration
Fix prime generation loop in crypto/bn/bn_prime.pl by making sure the loop does correctly stop and breaking ("division by zero") modulus operations are not performed. The (pre-generated) prime table crypto/bn/bn_prime.h was already correct, but it could not be re-generated on some platforms because of the "division by zero" situation in the script.
small cosmetics: align title with the other similar manual page
ignore a few additionally generated files
remove a doubled entry for '-binary' in the usage message
Raphael Spreitzer (1):
RT2400: ASN1_STRING_to_UTF8 missing initializer
Rich Salz (91):
RT 487. Mention that generated primes are "at least" B<bits> long.
Fix typo in message (RT 3107)
Merge branch 'master' of git.openssl.org:openssl
Fix RT 3193
Fix RT 2430; typo's in ca.pod
Fix RT 2567; typo in pkeyutl page.
Fix RT 3211; "and are" -->"are"
RT 3245; it's "bitwise or" not "logical or"
RT 1229; typo in comment "dont't"->"don't"
RT 1530; fix incorrect comment
RT 1528; misleading debug print, "pre-master" should be "master key"
Close a whole bunch of documentation-related tickets: 298 424 656 882 939 1630 1807 2263 2294 2311 2424 2623 2637 2686 2697 2921 2922 2940 3055 3112 3156 3177 3277
Merge branch 'rsalz-docfixes'
RT3408; fix some (not all suggested) typo's in openssl.cnf
RT 1638; EVP_*Final() should mention they no longer cleanup the ctx.
Close 3170, remove reference to Ariel Glenn's old 0.9.8 doc
Add tags/TAGS; approved by tjh
Merge branch 'master' of git.openssl.org:openssl
Remove DJGPP (and therefore WATT32) #ifdef's.
Undo a90081576c94f9f54de1755188a00ccc1760549a
Add README.md
Undo 77bf69dced875200f6f0e385a4a270298f8d3c45
Merge branch 'master' of git.openssl.org:openssl
Revert "RT 2820: Case-insensitive filenames on Darwin"
Merge branch 'master' of git.openssl.org:openssl
Merge branch 'master' of git.openssl.org:openssl
RT2751: Declare get_issuer_sk() earlier.
Merge branch 'master' of git.openssl.org:openssl
Merge branch 'master' of git.openssl.org:openssl
Add tags/TAGS target; rm tags/TAGS in clean
RT2308: Add extern "C" { ... } wrapper
Merge branch 'master' of git.openssl.org:openssl
RT3102: Document -verify_error_return flag
RT1665,2300: Crypto doc cleanups
RT3246: req command prints version number wrong
RT2379: Bug in BIO_set_accept_port.pod
RT2379: Additional typo fix
RT2119,3407: Updated to dgst.pod
RT2820: case-insensitive filenames on Darwin
Remove some outdated README files, to avoid confusing people.
Add explanatory note to crypto/store/README
RT1832: Fix PKCS7_verify return value
RT1834: Fix PKCS7_verify return value
Merge branch 'master' of git.openssl.org:openssl
RT2849: Redundant check of "dsa" variable.
RT3108: OPENSSL_NO_SOCK should imply OPENSSL_NO_DGRAM
RT992: RSA_check_key should have a callback arg
RT468: SSL_CTX_sess_set_cache_size wrong
RT2600: Change Win line-endings to Unix.
RT3271: Don't use "if !" in shell lines
RT3271: Don't use "if !" in shell lines
Merge branch 'master' of git.openssl.org:openssl
RT2196: Clear up some README wording
RT2560: missing NULL check in ocsp_req_find_signer
RT3271 update; extra; semi-colon; confuses; some;
RT2772 update: c_rehash was broken
RT3291: Add -crl and -revoke options to CA.pl
RT3544: Remove MWERKS support
RT3544: Must update TABLE after Configure change
Remove #ifdef's for IRIX_CC_BUG
RT2309: Fix podpage MMNNFFPPS->MNNFFPPS
RT2910: Remove des.c and its Makefile target
RT3549: Remove obsolete files in crypto
RT3462: Document actions when data==NULL
RT3488: Update doc for OPENSSL_config
Remove all .cvsignore files
New location on website for binaries.
Remove old private pod2man
RT3543: Remove #ifdef LINT
RT3497: Clean up "dclean" targets
Minor doc fixes.
RT1688: Add dependencies for parallel make
RT3497: Fix; don't remove header files
RT3497: The ticket that keeps on giving.
RT3544: Restore MWERKS for NetWare
RT3548: Remove some obsolete platforms
Fix yet anoither 'make clean' breakage.
RT3548: Remove some obsolete platforms
RT3548: Remove outdated platforms
RT3548: Remvoe unsupported platforms
RT3548: Remove unsupported platforms.
RT3548: unsupported platforms
RT3548: Remove unsupported platforms
RT2914: NULL check missing in X509_name_canon
RT3546: Remove #define IRIX_CC_BUG
Some cleanup of L<> markup in pod files
RT478: Add uninstall make target
RT3548: Remove some unsupported platforms.
Allow multiple IDN xn-- indicators
RT3548: Remove unsupported platforms
Cleanup OPENSSL_NO_xxx, part 1
Richard Levitte (2344):
Make sure installed files are world readable
adjust to changes in test/testssl
adjust to changes in test/Makefile.ssl
DIFFERENCE doesn't handle long (>255 chars) lines well. Use BACKUP instead. No, I'm not joking.
Adjust to changes in apps/Makefile.ssl
Adjust to changes in apps/openssl.cnf
Some new names in asn1.h are longer than 31 chars, which disturbs the VMS C compilers...
Avoid silly compiler warnings about functions not being declared and an int missing.
It's possible that considering the configuration file as a binary file works on Unix and MS-DOS/Windows. It does not under VMS, so open it as text.
Some crypto applications are now being built on Unix, so they should on VMS as well. Not by default, however.
Two changes have been made:
Avoid some silly compiler warnings, and add the change log I forgot :-)
The info removal code was overcomplicated, and error-prone (references being wrongly decreased). Fixed.
Add compilation of x509_trs
Synchronise VMS scripts with Unix Makefiles
Use MemCheck_start() instead of CRYPTO_mem_ctrl(), and generate a small leak to test (conditional)
Rebuild of the OpenSSL memory allocation and deallocation routines. With this change, the following is provided and present at all times (meaning CRYPTO_MDEBUG is no longer required to get this functionality):
Clear out license confusion.
- Made sure some changed behavior is documented in CHANGES. - Moved the handling of compile-time defaults from crypto.h to mem_dbg.c, since it doesn't make sense for the library users to try to affect this without recompiling libcrypto. - Made sure V_CRYPTO_MDEBUG_TIME and V_CRYPTO_MDEBUG_THREAD had clear and constant definitions. - Aesthetic correction.
- Added more documentation in CHANGES. - Made CRYPTO_MDEBUG even less used in crypto.h, giving MemCheck_start() and MemCheck_stop() only one possible definition. - Made the values of the debug function pointers in mem.c dependent on the existence of the CRYPTO_MDEBUG macro, and made the rest of the code understand the NULL case.
Synchronising
Make sure that generated files are labeled as such (except in dofile(), for now)
Add more info to the memory allocation change log. Suggested by Bodo.
Added a comment about Win32.
Typo...
Typo
Tell the truth about list separators.
Synchronise with the makefiles.
Cut'n'paste error
Another name longer than 31 chars
Beautification and a few entries added.
It doesn't make sense to try see if these variables are negative, since they're unsigned.
Give the user the possibility to ask for compilation of only the files that are directly in crypto/, and prepare for a possible disabling of certain messages that DEC C spews out.
Prepare for a possible disabling of certain messages that DEC C spews out.
Build the crypto test applications as well.
SOCKETSHR is showing bad declarations again. However, a simple cast which does no harm fixes that problem.
Build the test apps after all of the library has been built.
A test script to check on the header files
Avoid converting void * to a function pointer when NULL is defined as ((void *)0), by have a 0 instead.
Compaq C 6.2 for VMS will complain when we want to convert non-function pointers to function pointers and vice versa. The current solution is to have unions that describe the conversion we want to do, and gives us the ability to extract the type of data we want.
Correct indentation
Let's make all the example formated the same, shall we?
Add the PID to the output on Win32.
Man page section forgotten...
Update all links so they will be rendered better.
Made link of reference
Update all links so they will be rendered better.
Since pod2man is still evolving, and some sites (among others dev.openssl.org) don't have a version that will handle the L<foo(1)|foo(1)> construct yet, here is a copy from my laptop (slightly modifed to work independently of the place where perl itself resides).
Use the pod2man that comes with OpenSSL. Make it so config(5) really ends up in section 5.
Added a configuration for myself...
It works much better when you don't press shift at the wrong moment...
Declare BN_pseudo_rand().
Put config in section 5, where it belongs.
Synchronise with Unix code
Finally found a form that I like...
Reimplement so only one synchronous stack is used. The benefit is that function pointers are nicely tucker in their structure.
Synchronise
Correct one link.
Typo corrected...
A proposed freeze and release time has come up.
First try at documenting the DES (and other algorithms) modes
des_modes is a section 7 manual, so let's make sure that's where it ends up
Constify
Move down the attributions
Add references to the new passwd utility.
Add compilation of the new passwd utility.
A hack to make sure access() will give us the correct answer about the accessability of an "empty" directory. Thsi *is* weird, and a better solution will be provided in apps/ca.c, when I get time to hack at it.
Add a couple of forgotten $(PERL), and make the code to run pod2html a tad more readable.
Time ran away...
Remove the access() call altogether for VMS, since it doesn't quite work for directory specifications (this will be reported as a bug to DEC^H^H^HCompaq). It could as well be removed for all others as well, since stat() and open() will return appropriate errors as well, but I leave that to someone else to decide.
Cosmetic change. No, openssl.h.in is not autogenerated :-)
Make Configure add the configuration options that it was copmiled with.
Move the registration of callback functions to special functions designed for that. This removes the potential error to mix data and function pointers.
Blowfish docs.
Sync with Unix
Avoid saving any macros starting with a _, since that can create trouble if header files are included in some "impropper" order. It's much better if the application programmer has to specify on his or her own if _REENTRANT shall be defined and when.
make update
Correct a couple of command errors.
Make it possible to have differing tar versions.
0.9.5beta1
Remove structures that are no longer used.
Status update
Changes to synchronise with Unix. (actually, much more is needed, like a real config script)
Enhance consistency by using BIO_flush() instead of fflush().
Another test passed
Some time in history, SSL_CTX_sessions() disappeared. It is now restored, but not as a macro this time...
Update the two threads modules to conform to our recommendations (use CRYPTO_num_locks() instead of CRYPTO_NUM_LOCKS!), and correct all the inconsistencies with the rest of OpenSSL.
New script to compile on systems that already have pthreads in the system.
Adjust all the old scripts to deal with the new location.
Small error fix.
Since a stack with quite long name is declared here, vms_idhacks.h is also needed to get around C compilers on VMS that set the symbol limit to 31 characters. Bot the macros VMS and __VMS are checked, since there's no real way to know if e_os.h has been included yet.
Correct small typo
For safety, check __VMS as well.
Compile rand_egd.c on VMS as well.
Let's avoid compiler warnings over types.
ftruncate() and fileno() are not supported on all versions of OpenVMS (they don't really exist before version 7), so that solution was toast. Instead, let's do it the way it's done on Unix, but then remove older versions of the file.
Add support for Unixware 7. Thanks to Ron Record <rr at sco.com> for the patch.
The OpenVMS library is most definitely not built for anything but files, unless it's all in unixly syntax. We can't guarantee that right now, so let's skip the whole test suit. There are other places (like the open()) where errors are detected anyway.
Don't include sys/types.h if NO_SYS_TYPES_H is defined.
Typo corrected.
Just as in Unix, make sure to generate some kind of "random data".
Move to using the same perl code as Makefile.ssl
Make sure that all test files are gone before starting the tests, or backup will complain about some version not existing. Perhaps.
make update
Make sure there's some entropy, and log a few more errors.
A small script to compile mttest.c on VMS as well.
Add and change docs for the changes that have been made.
New "target": CONFIG. This will build the opensslconf.h file from what is known about VAX and Alpha running VMS, and from the opensslconf.h.in (in VMS often named OPENSSLCONF.H_IN) file.
New logical names to skip algorithms are now supported. Also, on Alpha, vms.mar is no longer used (it produced a lot of confusing messages) for BN. Instead, the assembler part of bn_lcl.h is used.
New logical names to skip algorithms are now supported.
Stop logging all the files that are copied all over the place...
Change version string to reflect the release of beta 2.
For lack of a better name, this is now called 0.9.5beta3-dev until the release.
OpenVMS often has problems with files with more than on period in it. Here's instructions on what to do if you get into trouble because of that.
A new beta has been released, and one test is documented.
One test passed for VMS.
OpenSSL doesn't compile well on OpenVMS/VAX, it seems.
AIX and HP-UX are passing the tests.
Update config for the unixware targets by looking at what was done in Apache's GuessOS (from Apache 1.3.1).
Make sure to catch UnixWare 7, even if the version is 7.1.1 or something like that.
No, the VAX is not a 64 bit architecture.
Works with gcc 2.8.0 as well.
Update the OpenVMS/VAX status
More platforms passed the test.
Include rand.h so RAND_pseudo_bytes may be declared. Remove one ampersand so the compiler may complain less. Make rand() static so it will not conflict with the C RTL. Make bug() static too, for good measure.
Short is always promoted to int when passed as a function argument. This is especially true when it's part of a '...'.
Typo corrected.
A few more tests were reported.
Time for a release
Tagging has been done, time to switch to 0.9.6-dev.
Forgot to check correctly for the new options
I'm experimenting with a hack in dopr() and friends b_printf.c to make it work like asprintf().
It started with finding a misplaced #endif. Then I wanted to see the structure better. I hope noone minds, and that it still works. Steve?
Make bss_log.c a bit more readable, and implement it for VMS as well.
Hack b_print.c to implement asprintf() functionality. Not enabled by default yet, I wanna play with it a bit more.
Synchronise
Let's care about the compiler warnings for both cases, shall we?
Beautifying. Sorry, but code that's slammed to the far left is not very readable in my opinion.
Let's not lie to the people.
Check that a password was actually passed, or the user will just get mysterious crashes.
Protect variables from potential misinterpretations, for example a colon which may bite the lesser knowleged...
Add the possibility (with -ign_eof) to ignore end of file on input but still not be quiet. Also make it clear that -quiet implicitely means -ign_eof as well.
Correct a potential bug.
Synchronise with Unix.
Synchronise with Unixly tests
Make sure strcmp() gets declared.
Typo corrected
bss_log has dollars, so compile it with that warning flag disabled.
Typo corrected
Bugs corrected, and a couple of include files to get declarations for lib$-functions and sys$-functions.
Target added.
Make it possible top build just a part of the crypto library.
Typos corrected.
Typo corrected.
The previous exit code handling was completely bogus for VMS.
Bugs corrected
Make sure to complete the cleanup of names.
e_os.h: don't do double work with status codes. openssl.c: make damn sure e_os.h knows about OPENSSL_C
Small bugs in the test scripts removed.
Keep in sync with Unix code, and prepare for a misfeature fix.
Change the notation and coding of the version to be able to contain both a patch level and a beta status. IMHO, it also makes more sense to have beta status be part of the development status than to have it be an alternate name for patch levels under special conditions.
Make sure an error condition is returned if, for some reason, the file couldn't be opened.
Change the version text, it's time to release the first beta of 0.9.5a.
make update
Beta 1 of 0.9.5a building.
Tagging done, we move to the next possible.
New status
There are a few new features in 0.9.5a... And I've probably forgotten a few.
I just got a not very pleasant report.
Ref: Message-ID: <20000320070111.A90876 at wiz.Sendmail.COM>
Jaenick Lutz reports that hpux-parisc-cc with +02 passed.
Ulf MÂöller reports OpenBSD-x86 and solaris-sparcv9-cc passed.
A quick hack to have ssize_t work with gcc under SunOS 4 (tested on SunOS 4.1.4).
Corrected. It said before that ivec had to be initialised to zero, which isn't true. What is true, however, is that SSH assumes it is.
Clean up context, even if an error occured.
New FAQ for the OpenSSH configuration problem.
Time for version 0.9.5a beta2
I almost forgot...
Tagging has been done, update to next probable version...
Update status
Surround the diff with the new snippage delimiters
VMS on Alpha passed
Another VMS/Alpha with a much more evil compiler passed as well...
Geoff Thorpe reports a whole bunch of tests passing.
A couple of corrections concerning HPUX 10 and shared libraries. Contributed by Lutz Jaenicke.
More info in the Win32 test
One VAX environment passed
VI gave me 4-space tabs... Corrected
Another VAX environment passed
Info on proposed release date
Vi, again
Beautifying code.
Removed, especially since it conflicts with des.pod on case-insensitive file systems.
Don't force the use of GNU make with Borland C++ Builder. Contributed by Joon Radley <jradley at vps.co.za>
Add a default banner. Contributed by Joon Radley <jradley at vps.co.za>
Since ssleay_rand_initialize() unlocks then locks CRYPTO_LOCK_RAND, it's a good thing if ssleay_rand_status() would do the corresponding lock and unlock as everyone else...
_lrotl and _lrotr are defined in MSVC but nowhere else that we know off.
Building version 0.9.5a
Version and name changes, and a last minute changelog
Tagging has now been done, update to the next possible version (I keep a low profile, so we don't get discontinuity in the numbering...)
Tagging has now been done, update to the next version (it's not quite as important to keep a low profile here :-))
Release done, change status.
I've always wanted to make the CONF library more adaptable. Here's the result.
"make update"
I forgot to update the change log
OpenVMS, not OpenVSM...
Clarifications and removal of double declaration...
Use CONFerr, not RSAerr, in the conf library...
In Message-ID: <003201bfb332$14a07520$0801a8c0 at janm.transactionsite.com>, "Jan Mikkelsen" <janm at transactionsite.com> correctly states that the OpenSSL header files have #include's and extern "C"'s in an incorrect order. Thusly fixed.
In Message-ID: <003201bfb332$14a07520$0801a8c0 at janm.transactionsite.com>, "Jan Mikkelsen" <janm at transactionsite.com> correctly states that the OpenSSL header files have #include's and extern "C"'s in an incorrect order. Thusly fixed.
In Message-ID: <003201bfb332$14a07520$0801a8c0 at janm.transactionsite.com>, "Jan Mikkelsen" <janm at transactionsite.com> correctly states that the OpenSSL header files have #include's and extern "C"'s in an incorrect order. Thusly fixed.
Initialise.
Being sick and tired of the hogging Efence does on my laptop, I decided to provide an alternative...
Add a new file where all the standards and other documents that we try to adhere to are listed. It should be regarded as a complement to whatever is out on the web, including the docs in http://www.openssl.org/
Add a note about the new document.
Add a couple of macros that make OpenSSL compilable on SunOS 4.1.4. Contributed by SAKAI Kiyotaka <ksakai at kso.netwk.ntt-at.co.jp>
Remove extra comma (creates a unnessecary null element, right?).
'make update'
Add the target system linux-m68k
Configuration for linux on ARM (contributed by Jeremy Norris <jeremy.norris at rebel.com>)
You must have an empty line between =item's
config can now detect ARM Linux automagically. Contributed by Jeremy Norris <jeremy.norris at rebel.com>
This seems to become a FAQ...
Result of "make update"
Small fix to enable reading from stdin as well. Contributed by Yoichiro Okabe <okabe at wizsoft.co.jp>
Small documentation bug, probably a cut'n'paste, corrected.
There have been a number of complaints from a number of sources that names like Malloc, Realloc and especially Free conflict with already existing names on some operating systems or other packages. That is reason enough to change the names of the OpenSSL memory allocation macros to something that has a better chance of being unique, like prepending them with OPENSSL_.
Typo...
According to Gordon Atwood <gordon at cs.ualberta.ca>, stdlib.h is needed, or size_t won't be defined on SunOS 4.1.4.
According to Gordon Atwood <gordon at cs.ualberta.ca>, GNU C on SunOS 4.1.4 uses libiberty to define strtoul and strerror.
Using checks of the existence of HEADER_{foo}_H in other header files was a really bad idea. For example, the following:
Add info on what some other people are currently working on.
Make sure that bs is not getting free'd again. Reported by Robert Eiglmaier <robert.eiglmaier at ixos.de>
This seems to work better with enums...
Change to have a single library that works on both Win9x and WinNT. As far as I understand, it still needs to be compiled on NT... Contributed by Arne Ansper <arne at ats.cyber.ee>
First of all, with the current macros, we should never get any type-specific stack function. Second, even when we don't build any of those functions, DECLARE_STACK_OF lines should not find themselves into $def.
Add support for dynamically created and destroyed mutexes. This will be needed in some ENGINE code, and might serve elsewhere as well. Note that it's implemented in such a way that the locking itself is done through the same CRYPTO_lock function as the static locks.
Modifications for VMS.
With the new stack hack macros, there's no need to shorten the names any more.
Redo the support for dynamic locks. First of all, it was terribly insecure, so a static lock is added to isolate the sensitive parts. Also, to avoid one thread freeing a lock that is used by another, a reference counter is added.
The dynamic thread API changed, and so does the documentation.
Add the missing callback pointer handling functions. Also, make sure empty slots of the dynamic lock stack are used. Actually, I'm not really sure this is the right thing to do, and may remove it, with an endlessly growing stack as result...
'make update'
Small change to accept the command line parameter '-rand file'. This parameter takes precedence over the RANDFILE option in the configuration file.
Document the change in req.
Forgot the self-documentation within req.
Move the certificate and key loading functions to apps.c, so they can be shared by several applications.
On case-insensitive systems, the 'install' target gets matched against the 'INSTALL' file, which means that 9 times of 10, the BlowFish headers won't get installed. Avoid this in the same way it's done in crypto/des/Makefile.ssl, where someone apparently has thought of this...
Change req so the new parameter '-rand file' uses the given file in addition to the file given through the RANDFILE option or environment variable.
Document the change in req.
Move add_oid_section to apps.c, so it can be shared by several applications. Also, have it and the certificate and key loading functions take a BIO argument for error output.
Added references to RFCs 1421 to 1424, that describe PEM. Suggested by Randolph Bentson <bentson at grieg.holmsjoen.com>
Make sure we use /usr/sbin/sysctl, especially since /usr/sbin is not always in the users $PATH...
That's it, I've seen questions about this one time too many for today. Time to add extra info so the poor users know where to go with their troubles.
Make it possible for people to tell where the EGD socket is through the RANDEGD environment variable.
Make it possible for users of the openssl applications to specify the EGD should be used as seeding input, and where the named socket is.
Document my latest changes.
Undo the changes I just made. I'm not sure what I was thinking of. The message to everyone is "Do not hack OpenSSL when stressed"...
Give the user the option to measure real time instead of user CPU time.
Add a blurb on how to solve the problem with failing compiltaion of sha_dgst.c on Alpha True64 Unix
Beautification
I got sick and tired of having to keep track of NIDs when such a thing could be done automagically, much like the numbering in libeay.num and ssleay.num. The solution works as follows:
Document the change.
Change the FAQ entry a bit, giving the details as I observed them.
More experiments show that you can set your data segment size soft limit higher and thereby get through compilation of sha_dgst.c.
Corrected small bug that could add ',L' when it shouldn't
FAQ about ar "missing" on Solaris.
We do PKCS8 as well
Redo and enhance the support for building shared libraries. Currently there's support for building under Linux and True64 (using examples from the programming manuals), including versioning that is currently the same as OpenSSL versions but should really be a different series.
Show the running line count and definition cont in debug mode. That has helped me a bit when I ran into trouble.
Add a note on installation under Win32.
"make update"
This isn't entirely necessary if you do everything right from the start, but can save you some trouble. Just ignore "shared" if it comes up among the given options, at least for now...
Avoid loops, and make sure that it's possible to still build shared libraries even if the "shared" configuration option wasn't chosen.
Add support for solaris shared libraries, currently just experimental (there's no way to get it through configuration yet).
Avoid a race condition if another thread happens to remove the error state at the same time.
Darrel Hankerson <dhankers at cacr.math.uwaterloo.ca> correctly discovered that of the result pointer to bn_mul was the same as one of the two arguments, That argument might have it's sign destroyed. He provided this fix.
There's a deadlock when ssleay_rand_bytes is called the first time, since it wants to stir the pool using ssleay_rand_add. This fix provides the possibility to call ssleay_rand_add inside a locked state by simply telling it not to do any locking through a static variable. This isn't the most elegant way one could do this, but it does retain thread safety during the stirring process.
When data are written out in very small blocks (less than 3 bytes in size) through the base64 filter, b64_write() messes up it's parameters in such a way that instead of writing correct base64 output, the first 4 characters of that output is repeated over and over. This fix corrects that problem.
Add the possibility to get hexdumps of unprintable data when using 'openssl asn1parse'. As a side effect, the functions ASN1_parse_dump and BIO_dump_indent are added.
Looks like Win32 builds do not define THREADS. However, they're still supporting threads, which means that th assertion is supperbly dangerous, so make sure it's not compiled under Win32, period.
In the case where a < 0 and |a| < w, the result (assigned to a) from BN_add_word becomes wrongly negative... This was discovered by Darrel Hankerson <dhankers at cacr.math.uwaterloo.ca>
There's a slight possibility that a is 0 in BN_sub_word(), and might therefore have unallocated parts. Therefore, a check for the 0 case is needed, resulting with the same thing as when a is negative.
If a ip address is successfully parsed, the WSA structure under Win32 wasn't properly initialised. Fixed. Bug reported by DeJuan Jackson <djackson at inverge.com>
Remove casts that are no longer needed.
Make it so we can dynamically enable memory allocation debugging through the environment variable OPENSSL_DEBUG_MEMORY (existence is sufficient). At the same time, it makes sure that CRYPTO_malloc_debug_init() gets expanded some- where and thereby tested for compilation.
A few corrections with the shared library support:
Add support for shared libraries on Solaris.
I had completely forgotten that print_table_entry also needed to read the two "shared" variables on it's own...
"make update"
It's probably a good idea to make the shared libraries depend in EX_LIBS.
We've now covered the shared library support for Solaris, so the -shared hack in config is no longer needed.
Added and corrected documentation for the 'shared' option
*mumble* unicos 10.0.0.3 with Cray Standard C Version 6.2.0.0 has a syslog.h where the openlog() is declared like this:
Unicos doesn't have sys/timeb.h. Fix it by defining the TIMEB macro unless on Unicos.
On Unicos, openlog() isn't constified, so let's not do that in xopenlog()
On Unicos, shorts are 8 bytes, so instead, use a structure with 2 32-bit ints, just as in destest.c
For n > 7, we might get uninitialized (unzeroed) data. Spotted by "Kyoungho Jeon" <k.h.jeon at securesoft.co.kr>.
Make sure that 'initialized' is zeroed as well when cleaning up.
Duplicate names detected...
Abdelilah Essiari <aes at george.lbl.gov> reports that for very small records, EVP_EncodeUpdate() may misbehave. This happens when there's a record boundary between the two ending b64 equal signs, which makes EVP_EncodeUpdate think there has been more than one EOF, and therefore add an extra NUL at the end of the output buffer. This fix corrects that problem.
The pkcs12 had no way of getting a CA file or path to be used when building a complete chain. Now added through the -CAfile and -CApath arguments.
Memory leaks fix. There seems to be more in other parts of OpenSSL...
Memory leaks fix. It now looks like all memory leaks, at least around building complete chains, are gone.
MD4 implemented. Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test
I forgot this file that Assar provided as well...
IBMcxx complains that maxmem is as low as 2048 for certain modules (like all the digests). Setting maxmem to 16K seems to give the compiler enough space to do all the optimization it wants.
Correct the title. This also fooled the automatic documentation builder that this was actually the pkcs7 document...
Allow reconfiguration. This can be useful if some source update requires that you configure again, but you don't want to reenter all those configuration arguments again.
Document the reconfiguratoin option for Configure.
New option 'ctestall' for mkdef.pl, that makes it not only generate existing functions, but really all functions that exist in libeay.num and ssleay.num. This is a good check on how much we should actually clean up the number files.
make update
Added md4 to the VMS compilation
Add more diversity to the possible log levels. Now we have full coverage for all syslog level.
Document the added diversity to the possible log levels.
NULL is not an integer...
Added BIO_vprintf() and BIO_vsnprintf(). The former because I've found myself needing it a number of times, the latter for completeness.
Assar wanted an address change.
Added OIDs from RFC 2247, 1155, and a few from 1700
Change the printing mahine used by BIO_printf() and friends so it can handle an externally provided "static" buffer as well a a dynamic buffer. The "static" buffer is filled first, but if overflowed, the dynamic buffer is used instead, being allocated somewhere i the heap.
Another thing I'm working on.
It's not just VMS that needs some symbols to be hacked. Let's centralise those hacks in crypto/symhacks.h and use it everywhere it's needed.
Major hack of mkdef.pl. There should be no more need to redo the process when some symbols are missing. Instead, all needed info is saved in the .num files, including what conditions are needed for a specific symbol to exist.
*.num rewitten to include the extra information.
'make update'
Two places where I forgot to change vms_idhacks to symhacks.
Synchronise the VMS build with the Unix one.
Clarify how one should behave when make fails. The fault is not necessarely ours.
More VMS synchronisation
Marin Kraemer <Martin.Kraemer at MchP.Siemens.De> sent us patches to make the OpenSSL commands x50 and req work better on a EBCDIC system.
A cast is needed or Borland C will complain.
I started with a make update, but a rewrite was actually needed. Perhaps we should make rewrites the default thing to do?
Time to release a beta. Change the version numbers and dates accordingly.
Time to release a beta. Change the status accordingly.
Last minute update, in time to make it to 0.9.6-beta1
Reports for OpenBSD 2.7 and HP-UX 10.20
Don't include e_os.h before the system headers
OpenBSD doesn't support timeb.
linux-elf passed
mkdef.pl has erroneous conditions to check if a symbol is excluded from the given target. Fixed, I hope.
mkdef.pl still needed better logic. Also, the semantics of the platforms list is clarified (it's however not quite followed in the RSAREF case...).
Failure on Solaris when using the CSwift card.
debug-linux-elf and debug-linux-elf-efence need to be linked with libdl just as linux-elf...
A couple more HP-UX targets tested.
DSA_verify() and DSA_sign() might return -1...
SCO 5.0.5 with both gcc and cc passed
Linux in Sparc v7 passed
Better error checking for RSA and DSA signature and verification speed tests. This was required to not get mysterious errors when they wouldn't quite want to work.
FreeBSD and solaris with gcc passed
Note the failure on Win32
Holger Reif reports a few more Solaris successes.
A few more systems reported successfull.
3 changes: - Make sure PCURSORINFO is defined even on systems that do not provide it. - Change the reference to Peter Gutmann's paper. - Make sure we don't walk the whole heap lists for performance reasons. Jeffrey Altman suggests following Peter Gutmann's advice to keep it to 50 heap entries per heap list.
Make sure that Configure will defined DSO_WIN32 for the Win32 targets. I feel a bit unsure if this should really be done for Mingw32 and CygWin32
Update info on what has been fixed, and switch format for failure data
Update info on what has been fixed
One more passed test
Jeffrey Altman convinced me this patch was really needed, or there is no way to make sure GetCursorInfo will give us a valid answer.
rsa_num2 is no longer used, so remove it.
Remove indentation in the NAME section. There's really no need to indent there, especially since the pod2* scripts will regard that as preformated text. In one case, indent a code section one step.
Add a configuration for Sony News 4. Submitted by NAKAJI Hiroyuki <nakaji at tutrp.tut.ac.jp>
Add a number of documentation files, mostly for SSL routines, but also for a few BIO routines. Submitted by Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
Remove indentation in the NAME section. There's really no need to indent there, especially since the pod2* scripts will regard that as preformated text. In one case, indent a code section one step.
Add Damien Miller's RPM specification file with a few modifications.
Remove engine stuff that was erroneously put in the main trunk.
Items without a =over and a =back are ignored.
BIO_seed() and BIO_tell() were documented in two other documents, which is redundant. Instead, move them to their own page.
BIO_seed() and BIO_tell() were documented in two other documents, which is redundant. They are now in their own document.
Update the info on version numbering
In the name section, all the functions described shoud be enumerated. This will also make it much simpler to generate softlinks name like each function to man-pages containing the info.
Later, Jeffrey changed his mind. Apparently, GetCursorInfo exists but doesn't quite work on WinNT 4 earlier than SP6. It works fine on Windows 98 and Windows 2000.
Add a flag for OpenVMS.
'make update'
Move up inclusion of conf.h, so non-MONOLITH programs can benefit from it as well, especially in apps.c.
A DSO method for VMS was missing, and I had the code lying around...
Make sure dso_vms.c compiles on other operating systems as well.
'make update'
Compile all dso files on VMS as well.
Add BIO_seek() and BIO_tell() to the BIO control functions manual.
Move text that isn't really descriptions of the functions in the page to the NOTES section, and add references to the functions mentioned (and perhaps a few more).
VMS didn't work out too well...
Inform the VMS people that RSAref is no longer needed
Make sure Compaq C doesn'r complain about dollars, and go around the incompatibility between function and data pointers.
A couple of more names need to be shortened for VMS on VAX.
Some platforms define NULL as ((void *)0). Unfortunately, a void* can't be used as a function pointer according the the standards. Use a 0 instead and there will be no trouble.
Tell users that a rewrite might be a good idea.
Oops, no engine in the main trunk.
siglen is unsigned, so comparing it to less than 0 is silly, and generates a compiler warning with Compaq C.
Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care of complaints from the compiler about data pointers and function pointers not being compatible with each other.
Jeffrey Altman <jaltman at columbia.edu> sent me a patch that fixes the problems with GetCursorInfo, but also adds network statistics and performance statistics where available.
Restore the descriptions to conform with the rest of the documentation. We'll work on better documents after the release of 0.9.6.
A patch from HP for better performance. Submitted by Kevin Steves <ks at hp.se> 3 months ago...
make update
A new beta is being released. Change the version numbers accordingly.
Declare the availability of beta 2 in STATUS.
Jeffrey Altman reminds us to initialize some variables and ercommends the use of LOadLibrary instead of GetModuleHandle
Unless we cast, thorough compilers will complain
The test status as it has been reported so far
Typo in the added hpux targets. -ldl should be -ldld.
HP-UX didn't go through
Disable the net statistics gathering code, since different compilers disagree on the proper syntax and type names.
cyclecount is only used when __GNUC__ isn't defined.
Going through performance statistics sometimes generates an exception, so disable that part. Reported by Jeffrey Altman <jaltman at columbia.edu>
A few more reports
A few more reports
No engine stuff in the main trunk.
A few more reports
HP-UX 64-bit has dlfcn, so let's use that instead of the old dl.
New documentation about things related to SSL_CIPHER. Submitted by Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
ftime() is not supported on SGI. Reported by Steve Robb <steve at eu.c2.net>
A couple more reports.
Reorder the Blowfish documentation so the low-level routines do not get so prominent, and make sure to say out loud what they expect.
A few more HP-UX reports. Reported by Kevin Steves <stevesk at sweden.hp.com>
FreeBSD only supports ftime() through libcompat, which means it's better not to use it.
It seems like all HP-UX are successes as soon as the -ldl vs. -ldld quirk is fixed.
Extend the docs on setting the cipher list. Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
Type correction. Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
Document SSL_library_init() and it's aliases. Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
BSDI only supports ftime() through libcompat, which means it's better not to use it.
make update
On VMS, stdout may very well lead to a file that is written to in a record-oriented fashion. That means that every write() will write a separate record, which will be read separately by the programs trying to read from it. This can be very confusing.
Wrong variable used. It's funny how some bugs take a long time getting triggered...
AIX doesn't like ftime() either.
Reports about a few old systems. Reported by Bernhard Simon <bs at bsws.zid.tuwien.ac.at>
Add news and a description of the ENGINE part and how it's currently distributed.
Mistakes corrected. Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
New documents. Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
Portability patch for HP MPE/iX. Submitted by Mark Bixby <mark_bixby at hp.com>
Clarifications and new documents. Submitted by Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
Changes by Jeffrey Altman <jaltman at columbia.edu> to make RAND_poll() work better in Win32. Verified by zhu qun-ying <qyzhu at krdl.org.sg>.
I'm using GNU tar...
make update
Time to build beta 3. Bump the version numbers accordingly.
Prepare STATUS for the beta 3 reports.
Tests so far.
Tests so far.
More reports.
Ugly hack to make sure static libraries are usable. Without this, anything that just links with libeay32.lib or libssl32.lib will get an error saying the __imp__RegQueryValueEx is unresolved.
Oops, if the target only had USE_TOD, an error message was issued...
More reports
Change IMPORTANT to WARNING for greater emphasis.
More reports
More reports
More reports
Kris Kennaway <kris at FreeBSD.org> tells us that FreeBSD/Alpha shouldn't use an optimization higher than -O.
Problem on FreeBSD/Alpha fixed.
Catch V_ASN1_NULL.
Change the Windows building scripts to enable DSO_WIN32.
make update
Time to build the release. Bump the version info accordingly.
Forgot to change the STATUS file...
Update the status and version number to 0.9.7-dev.
Make the algorithm implementations depend on the corresponding selection macros.
'ranlib' doesn't always run on some systems. That's actually acceptable, since all that happens if it fails is a library with an index, which makes linking slower, but still working correctly.
echo=off works on NT, but not on W2K.
When creating a .def file, be a bit more selective so disabled algorithms do not get in...
Update
Document the change.
A compiler warning removed. Thanks to the folks at HP!
Include arpa/inet.h, since that's where htons() and friends are supposed to be defined according to XPG4.2. Found by Evan <n2xjk at ulster.net> for the MVS platform.
Remove what was described by someone as "an EAY hack for compiling SSLeay with Colin Plumb's MD5 implementation instead of his one".
Document...
More SSL functions documented. Submitted by Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
Linux on Alpha has the configuration name linux-alpha-gcc, not linux-alpha.
Linux on Alpha with gcc knows about shared libraries.
Make sure that shareable libraries are turned off if we don't know how to make them...
Make sure ranlib is only used on .a libraries.
A few small corrections to the SSL documentation. Submitted by Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
Do a favor to those who get weird compiles and report if RAND_pseudo_bytes returns -1...
New docs and new facts in older docs. Submitted by Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
make update
Make the new conf implementatoin bug-compatible with the old one. Actually, it's a feature that it goes looking at environment variables. It's just a pity that it's at the cost of the error checking... I'll see if I can come up with a better interface for this.
Bump the shared library version (should have been done a while ago).
Rework the system to generate shared libraries:
Even when you don't want to create shared libraries, it's a good idea to have the full extension information, so residual shared libraries can be removed so the applications and test programs do not get linked against them by mistake...
The experimental Rijndael code moved to the main trunk. make update done.
CRYPTO_get_ex_new_index would never return an error.
Two questions have been asked quite often lately.
John Denney <jdenney at ca.mdis.com> reports that we forgot to convert Free to OPENSSL_free in the SSL demos.
NCONF_get_number() has no error checking at all. As a replacement, NCONF_get_number_e() is defined (_e for "error checking") and is promoted strongly. The old NCONF_get_number is kept around for binary backward compatibility.
Make it possible for methods to load from something other than a BIO, by providing a function pointer that is given a name instead of a BIO. For example, this could be used to load configuration data from an LDAP server.
Keep binary backward compatibility by putting new method function pointers at the end of the structure.
Document the change to NCONF.
make update
Add what's needed to get shared libraries on HP-UX.
FreeBSD-elf can do threads. However, there seems to be confusion if you should defined _THREAD_SAFE (I found that in an include file, and that's what everybody tells me) or _THREADSAFE (that's what the gcc manual says in the FreeBSD-specific section), so I defined both, just to be safe.
Krister Walfridsson <cato at df.lth.se> tells us sysctl lives in /sbin since NetBSD 1.5.
There's no reason why app_RAND_load_file() should return 0 when RAND_status() hasn't. Reported by Dale Stimson <dale at accentre.com>.
Document
On some operating systems, MAX is defined. Call ours OSSL_MAX instead
If the functions get_dh*() are declared static, they should be defined the same way
Pointer error corrected
It seems like grep isn't as capable as I thought on some Unix systems. Use egrep instead.
When building shared libraries on HP-UX 10.20 and HP-UX 11.00 (32bit), ld warns that -Fl "may not be supported in future releases". We know that, and are doing things in HP-UX 11 (64bit), so turn off that warning with +vnocompatwarnings.
For the operating systems where it matters, it is sometimes good to translate library names by only adding ".so" to them without prepending them with "lib". Add the flag DSO_FLAG_NAME_TRANSLATION_EXT_ONLY for that purpose.
On HP-UX, at least when shl_* are used, the libraries have the extension .sl instead of .so.
Merge the engine branch into the main trunk. All conflicts resolved. At the same time, add VMS support for Rijndael.
The majority of the OCSP code from CertCo.
make update
Document the OCSP addition.
NetBSD doesn't use ftime().
Small documentation change
Add the possibility to use keys handled by engines in more applications.
Document the change.
Make flag variables int instead of char. This avoids getting into trouble on systems where char is unsigned by default
Add configuration option to build on Linux on both big-endian and little-endian MIPS. Submitted by Ralf Baechle <ralf at uni-koblenz.de>
Improvements to openssl.spec. Submitted by Damien Miller <djm at mindrot.org> This change has been CC:ed to crypt at bxa.doc.gov
Rename true64 to the correct tru64. Suggested by Albert Chin-A-Young <china at thewrittenword.com>
Add support for shared libraries under Irix. Submitted by Albert Chin-A-Young <china at thewrittenword.com>
Add application to enumerate, list and test engines with.
-t is supported, so display some help about it.
make update
Better error reporting in 'openssl engine'
'openssl engine' can now list engine capabilities. The current implementation is contained in the application, and the capability string building part should really be part of the engine library. This is therefore an experimental hack, and will be changed in the near future.
Change the engine library so the application writer has to explicitely load the "external" built-in engines (those that require DSO). This makes linking with libdl or other dso libraries non-mandatory.
Update the standards list to the current status
Instead of just STACK, use STACK_OF(ASN1_OBJECT).
Make sure that shared libraries get the internal name engine with the full version number and not just 0. This should mark the shared libraries as not backward compatible. Of course, this should be changed again when we can guarantee backward binary compatibility.
mode used too early in EVP_PKEY_save_parameters. Spotted by Ken Lalonde <ken at torus.ca>
Constify the BIGNUM routines a bit more. The only trouble were the two functions that did expansion on in parameters (BN_mul() and BN_sqr()). The problem was solved by making bn_dup_expand() which is a mix of bn_expand2() and BN_dup().
Make all engines available in the openssl application.
As a consequence of the BIGNUM constification, the ENGINE code needs a few small constifying changes, and why not throw in a couple of extras while I'm at it?
Constify the RSA library.
Constify the RSA library.
Constify the RSA parts of the ASN.1 library. Note some ugly casts that are needed in the ASN.1 macros. Hopefully, we can get rid of those in an elegant way in the future.
Constify the RSAref glue code.
The consequence of constification is that to pass the address to a pointer to a const double pointe parameter, the pointer must point to const data as well.
Constification of CRYPTO_get_ex_data() needed for the sake of RSA_get_ext_data().
Document recent constifications.
shl_load() also needs to load along a path given through an environment variable, SHLIB_PATH. This change makes that possible.
When ENGINE_by_id() couldn't find the given engine id, it generates an error. When checking like engine_add() is, those errors are actually good, so remove them.
Lutz tells me HP cc uses the same syntax for flags that should be passed down to ld as GNU cc.
A few more constifications of some RSA routines that I forgot yesterday.
Make sure ERR_get_error() is declared.
Constify DSA-related code.
Constify DH-related code.
Document that the Nuron hardware has been added and remove the requirement for an engine utility since we now have that.
Constification of LHASH. Contributed by "Paul D. Smith" <psmith at gnu.org> I didn't apply all his patches yet, since I have some hesitance about unconstifying. To be pondered.
Remove references to RSAref. The glue library is but a memory to fade away now...
Really stupid glitch (a comment not properly ended) fixed.
Update my own debugging configuration entry
Enhance granularity on what I want to debug for the moment by changing LEVITTE_DEBUG to LEVITTE_DEBUG_MEM.
For a long time, I've wanted to be able to easily run one or a few individual tests. I finally got myself to implement it...
Add Rijndael as things to look through.
Typo, was "time" instead of "tim". Caught by Jeffrey Altman <jaltman at columbia.edu>
Detect and mark functions that no longer exist.
Get the Rijndael function declarations.
make update
Two OCSP functions that aren't yet implemented.
Modify () to (void), since that's what is actually defined in the engine structure, and some ANSI C compilers will complain otherwise.
/proc/cpuinfo can have several lines containing the word "type". We want the one that is "type", plain and simple. Caught by Raoul Borenius <borenius at shuttle.de>
I've checked again and again. There really is no need to expand a to 4 times it's size when bn_sqr_recursive() won't look farther than the original length. Thereby, constification is no longer a problem.
Oops, when I clean, I should do it thoroughly.
Make sure to print the BN counting (BN_COUNT) to stderr instead of stdout. bc gets so confused by bean counts.
More constification of the BN library.
Make sure BN_DIV2W is not defining when defining it, and remove the declarations of bn_add_part_words() and bn_sub_part_words() since they do not exist.
I might want to debug the assembler modules...
Make the definition of bn_add_words() match the definition.
Remove a declaration for a function that does not exist.
Remove two bn_wexpand() from BN_mul(), which is a step toward getting BN_mul() correctly constified, avoids two realloc()'s that aren't really necessary and saves memory to boot. This required a small change in bn_mul_part_recursive() and the addition of variants of bn_cmp_words(), bn_add_words() and bn_sub_words() that can take arrays with differing sizes.
Add news items early. Please fill in with what I have forgotten.
I wonder if I do too much...
Make sure bs is assigned NULL when it's free'd, or there will be an (incorrect) attempt to free it once more...
'echo on' works better all over than 'echo=on'. We had the same problem in some other file, but I can't recall which.
Avoid getting warnings about unary - being used on unsigned integer.
Reimplement bn_div_words, bn_add_words and bn_sub_words for VAX. I'm a little bit nervous about bn_div_words, as I don't know what it's supposed to return on overflow. For now, I trust the rest of the system to give it numbers that will not cause any overflow...
Addapt the VMS scripts to the changes in the Makefiles.
Addapt the VMS scripts to the changes in the Makefiles.
Correct a number of syntax errors.
Addapt to added files in the BIGNUM section
Copy and paste error... bn_add_part_words() should of course call bn_add_words(), not bn_sub_words()...
Changes to c_zlib.c to make ZLIB.DLL dynamically loadable under Windows. Really, this should probably be done on Unix as well, but that will be a later story...
Change c_zlib further to allow loading a shared zlib on all operating systems where such an operation is supported.
Make it possible to test SSL compression
COMP_METHOD has a new argument since some time back...
Turn off memory checking when loading new compression algorithms.
comp_methods in a SSL_CTX points at an internal database. Do *not* free that, since it's shared by all SSL_CTX's, present and future.
Simplify and provide the possibility to clean a compression method.
The compression method may be undefined for some reason that has generated errors. Therefore, print whatever error there may be...
New format for the FAQ. We now have different sections for different types of questions. Hopefully, that'll make them easier to spot, and specially, easier to refer to.
A few bug fixes for Windows.
First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. Implemented by Vern Staats <staatsvr at asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab at columbia.edu>
Recognise Darwin as well. For now, have it do exactly the same thing as for Rhapsody
Typo corrected.
Document the addition of Kerberos stuff.
Correct a mail address...
Write a first HOWTO on how to create certificates. This is currently a draft.
Add a comment to explain the purpose of bn_cmp_part_words().
Remove the last bn_wexpand()s that made us break constness. Of course, that means we need to handle the cases where the two arrays to bn_mul_recursive() and bn_mul_part_recursive() differ in size.
It's completely unnecessary to add a compression algorithm that is really undefined. Spotted by Jeffrey Altman <jaltman at columbia.edu>
On Windows, Rainbow uses _stdcall convention under Windows. Spotted by plin <plin at rainbow.com>
Update the internal docs.
Have the self test use bctest to check that bc is sane.
During the self test, we only want to know what bctest says on stderr...
Make TYPE_RSA the default type instead of just setting it when -new is given. That also allows the arguments to come in any order (-new last, for example).
SSL_new() may potentially add a certfificate. Therefore, wen duplicating the certificate that is in the original SSL, remove the one that SSL_new() provided, if any. Spotted by: Mike Zeoli <zeoli at roguewave.com>
When using -pedantic, it's a good thing to define PEDANTIC as well. Also, define a second debugging configuration without assembler.
In bn_mul_recursive(), make sure the comba routines are only called when both a and b are of the exact right size. This may change to something better later.
Problem: bn_mul_normal() misbehaves if the size of b is 0. Solution: multiply a with 0, putting the result in r, and return.
Constification of the data of a hash table. This means the callback functions need to be constified, and therefore meant a number of easy changes a little everywhere.
Make sure each FAQ item has an index entry.
Do not poll DEVRANDOM if weäre building without an file pointer API. Spotted by "David Schwartz" <davids at webmaster.com>.
Update VMS build procedures to match the current status.
Enhancements to mkdef.pl:
"make update" plus a rewrite of both .num files.
Correct a typo.
Check for deselection of KRB5. In fact, skip it completely on VMS for now...
Uhmm, the keyword TRUE does not exist of course...
Remove anything connected to RSAref, since that's gone by now. Add the C macros OPENSSL_BUILD_SHLIBCRYPTO and OPENSSL_BUILD_SHLIBSSL to the build of the object files as appropriate for each library.
Define OPENSSL_EXPORT and OPENSSL_IMPORT and give OPENSSL_EXTERN the default value OPENSSL_IMPORT. Explain the use of all those macros.
If OPENSSL_BUILD_SHLIBCRYPTO (for files that end up as libcrypto objects) or OPENSSL_BUILD_SHLIBSSL (for files that end up as libssl objects) is defined, redefine OPENSSL_EXTERN to be OPENSSL_EXPORT. This is actually only important on Win32, and can safely be ignored in all other cases, at least for now.
Document.
Remove RSAref-related things.
Since asn1.h gets included recursively from many places, the easiest is to have asn1.h include e_os.h and e_os2.h. Of course, this makes the unofficial "non-export" status of e_os.h a bit delicate...
Temporary measure: if no KRB5 is defined, add "no-krb5" to the options. This is so mk1mf.pl can pick it up from Makefile.
Look for no-krb5 and add the definition of NO_KRB5 if it's there. I've no idea were the KRB5 header files and libraries are placed on Win32. When there's better knowledge, we might be able to process the other KRB5-related arguments as well...
The option line may start with a space, which gives an empty option. Make sure those are purged...
Make the DSO code for VMS work again. First attempt.
Keep up with the Unixly changes.
Change RAND_poll for Unix to try a number of devices and only read them for a short period of time (actually, poll them with select(), then read() whatever is there), which is about 10ms (hard-coded value) each.
Because /dev/urandom has a better chance of giving us a good and quick answer, take that one first.
Keep up with Unix code. It's beginning to be time to rethink the VMS build system...
As response to a user request to be able to use external memory handling routines that need file name and line number information, I've added a call level to our memory handling routines to allow that kind of hooking.
Add configuration for GNU Hurd.
Keep up with Unix
Make the change log on the RAND_poll change a bit more explicit. Suggested by Bodo Moeller.
Documentation language corrections, contributed by Chris Pepper <pepper at mail.reppep.com>
Increase consistency of header data (some mail readers really do not like spaces before the semicolon, and besides, other parts of this file makes the values without those spaces), and move spacing of continuation lines to support BIO's that break lines after each write.
Document the change.
Fix a memory leak in BIO_get_accept_socket(). This leak was small and only happened when the port number wasn't parsable ot the host wasn't possible to convert to an IP address. Contributed by Niko Baric <Niko.Baric at epost.de>
Add the -VAfile option to 'openssl ocsp'. This option will give the client code certificates to use to only check response signatures. I'm not entirely sure if the way I just implemented the verification is the right way to do it, and would be happy if someone would like to review this.
The check for request including a nonce and response not having it was inversed. Corrected. Hopefully, this will make it work without dumping core.
Update of linux-ppc. Contributed by MATSUURA Takanori <t-matsuu at protein.osaka-u.ac.jp>
Include the newly reported problem with bc on FreeBSD 4.2.
Make it possible to use gcc to generate the dependency tables.
Perl code patch contributed by "Kurt J. Pires" <kjpires at iat.com> His own words are:
VMS follows suit.
Make the choice of "makedepend" program choosable through a switch.
Do not insert things in syms{} and kind{} when parsing the header files. Instead, insert proper information in the $def string, which will be properly munged later on.
An obvious but hard-to-see cut'n'paste error corrected.
make update
Remove temporary files when done.
Make all configuration macros available for application by making sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h.
I forgot to document the system identification macros
Use the new-style system-identity macros.
Make sure time() is properly declared.
I'm sick of the warnings about long long...
Use new-style system-id macros.
Use new-style system-id macros everywhere possible. I hope I haven't missed any.
Use 0 instead of NULL, at least for function casts, since there are variants of stdio.h that define NULL in such a way that it's "unsafe" to use for function pointer casting.
Include string.h so mem* functions get properly declared.
Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS get a chance to be defined.
Include string.h so mem* functions get properly declared.
Use sk_*_new_null() instead of sk_*_new(NULL). That avoids getting lots of silly warnings from the compiler.
DEC C on VMS is pedantic by definition.
Let VMS catch up.
Include opensslconf.h or the like early to make sure system macros get correctly defined.
Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS get a chance to be defined.
Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS get a chance to be defined. Make a batter file name translator (uhm, no, that's not the finished variant :-)).
DEC C on VMS is pedantic by definition.
A new bunch of too long symbols to hack. OCSP_CRLID_new and OCSP_crlID_new clash on case-insensitive systems.
Include string.h so mem*() functions get properly declared.
Get the right cast for lhash callback functions.
Get e_os2.h to get all the system definitions correctly.
OpenVMS catches up.
I forgot there was a reason why the inclusions and definition of u_int was made in a certain sequence. This change restores the earlier "chain of command".
Some functions, like strdup() and strcasecmp(), are defined in strings.h according to X/Open.
With later version of DEC C on VMS, some functions (strcmp(), for example) are declared with some extra linkage information. This generates a warning when using the function name as a value to a regular function pointer with the "correct" definition of the function. Therefore, use a macro to cast the appropriate function on VMS.
strdup() is a X/Open extension.
I had forgotten to change mkerr.pl to use the new macro system.
Modify mkdef.pl to recognise and parse prprocessor conditionals of the form '#if defined(...) || defined(...) || ...' and '#if !defined(...) && !defined(...) && ...'. This also avoids the growing number of special cases it was previously handling (some of them wrongly).
'make update'
Include e_os2.h instead of opensslconf.h. SSL_add_dir_cert_subjects_to_stack is not implemented on WIN32 and VMS, so declare it the same way.
Since SSL_add_dir_cert_subjects_to_stack isn't impemented on VMS, there's no point creating an alias for it.
When inside a #if 0..#endif, do not define anything.
Always include opensslconf.h, even if it's already been done before. The reason is that some parts are only included when certain other include files have been included.
Windows does not know of strigs.h or strcasecmp, so when in Windows, make strcasecmp a macro to _stricmp.
One indirection level too little compared to the pre-CRYPTO_MEM_LEAK_CB time.
Since opensslconf.h might be included over and over, undefine OPENSSL_UNISTD before redefining it, to avoid compiler warnings.
Exported header files should not include e_os.h.
Use e_os2.h rather than opensslconf.h, since some needed macros are defined there.
Since RAND_file_name() uses strlen, make sure the number that's compared to it has the type size_t. Included the needed headers to make that happen.
e_os.h does not belong with the exported headers. Do not put it there and make all files the depend on it include it without prefixing it with openssl/.
Define the OPENSSL_NO_* macros as NO_* macros for the sake of applications thathaven't yet been changed
CONF_METHOD is one of the few places where you find MS_FAR. I can't really see why we need to define these function pointers with MS_FAR if it's not done cosistently everywhere.
e_os.h defines Getenv()
Define the right macro for Linux and other GNU-based systems to get a correct declaration of strdup()
make depend.
Add the CCITT pilot directory OIDs.
make update Note that all *_it variables are suddenly non-existant according to libeay.num. This is a bug that will be corrected. Please be patient.
MacOSX doesn't have ftime(). Spotted by Pieter Bowman <bowman at math.utah.edu>
Introduce the possibility to access global variables through functions on platform were that's the best way to handle exporting global variables in shared libraries. To enable this functionality, one must configure with "EXPORT_VAR_AS_FN" or defined the C macro "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter is normally done by Configure or something similar).
Spelling corrected.
Sort platforms lexicographically as well. Also, support more than two variants of a symbol.
For SSLv2, return the SSLv2 method, not the SSLv23 method. This way, it's possible to reuse an SSLv2 session.
Add the possibility for option macros and start using it to indicate for Windows compilations if DLL linkage is required or not.
Document the SSLv2 session reuse fix.
Update the VMS build scripts for EC
Code for better build under Darwin (MacOS X). Submitted by Brad Dominy <jdominy at darwinuser.org>
VMS catches up on the EC modifications.
Some EC function names are really long. Make aliases for VMS on VAX.
Build ectest too.
Write a small comment so we know...
Too many dollars...
Bug fixes.
Use 32bit longs on Alpha as well, because that's what the VMS assembler code works with.
For some experiments, it is sometimes nice to serve files with complete HTTP responses.
Document the change.
We need to build MINFO.
make update.
It is a good thing to prepare the .def files.
For AIX 4.3 or above, allow the use of dlfcn.
bsdi-elf needs to link with -ldl.
Minimise the amount of -L. when linking the shared libraries. It seems like some Unixen (SCO) have opinions about too many -L.
An enhanced bctest submitted by Tim Rice <tim at multitalents.net>. It now looks along $PATH for a working bc and returns the absolute path to one that does work.
Correct a typo which might have lead to a dump. Noted by Martin Kraemer <Martin.Kraemer at Fujitsu-Siemens.com>
New cofiguration for Unixwre and SCO,with slightly better granularity. Contributed by Tim Rice <tim at multitalents.net>
avoid linking problems when OpenSSL is built with no-dsa. Spotted by Hellan,Kim KHE <khe at kmd.dk>
Since they aren't implemented yet, EC_GFp_{recp,nist}_method() need to be "#if 0"'d, or they will (re)appear as existing functions in util/libeay.num.
Use stdlib.h to get size_t.
Remove redundant operations and update version info.
We really have no need for PEX_LIBS, so empty it.
A lot of reports.
Small AIX problems solved.
ln on Solaris expects -f to come before -s. The linux-shared method is actually gcc-specific, so call it gnu-shared as well.
gcc uses collect2, not ld, to link things. Therefore, when using gcc there's no need fooling ourselves, it's the gnu-shared method that we should use. Do it for Solaris to begin with.
When using the native tools on Solaris, make damn sure the native ld is used, even if the user has GNU ld earlier in his $PATH.
make update
For mips3 and alpha, put the assembler file directives in separate variables and disable the Alpha assembler for now, since it has been shown to fail.
Reports seem to show that asm/mips3.s has faults. To be investigated, but let's avoid using it in the mean time
Include bn.h so we get BN_LLONG properly defined. Otherwise, we can forget things like %lld
Restore asm/mips3.s to be compiled and linked in, since the bug has (at least hopefully :-)) been fixed.
Add news section for OpenSSL 0.9.6a. Please add what's missing
Since there has been reports of clashes between OpenSSL's des_encrypt() and des_encrypt() defined on some systems (Solaris and Unixware and maybe others), we rename des_encrypt() to des_encrypt1(). This should have very little impact on external software unless someone has written a mode of DES, since that's all des_encrypt() is meant for.
I forgot to rename des_encrypt to des_encrypt1 in libeay.num.
Stress the news about the name change.
One des_encrypt to des_encrypt1 I forgot to commit...
Complete the des_encrypt to des_encrypt1 rename in the main development line as well.
Beta 3 has been released and announced.
linux-elf verified.
Note reports.
A few more reports.
Reports on VMS.
Remove a typo in dgux-R4-gcc.
libfisdef.h and LIB do not exist on older VMS versions
Reports on Windows, DG-UX and older OpenVMS.
Plug a memory leak. Spotted by "Shijin" <shijin at comex.com>
Make do_bsd-gcc-shared depend on do_gnu-shared instead of the non-existent linux-shared
OpenVMS/Alpha should use 64 bits. If nothing else, there's performance to gain.
Since vms.mar handles 32-bit integers, do not use it on Alpha, that's just a slowdown.
Incorporate some changes that make OpenSSL compilable in CygWin.
Correct a typo. linux != linus.
Unixware config.
Fix couple of memory leaks in PKCS7_dataDecode(). (provided by Stephen)
Add the possibility to have AES removed in Windows as well. Spotted by Harald Koch <chk at pobox.com>
Resize a local buffer to accomodate the size requirements of AES. Protect against future mistakes with an assert().
Correct info in the FAQ.
NetBSD and OpenBSD use TOD as well
Make it possible to move the emailAddress object to the subjectAltName extension instead of just copying it. That makes a certificate comply even more with PKIX recommendations according to RFC 2459.
Show an example of moving the emailAddress object from the subkect DN to subjectAltName when signing a certificate.
Add -keyform.
Correct typo.
VMS was behind when it comes to OCSP.
Script to create shareable images (shared libraries in Unixly terms) on VMS.
User OPENSSL_UNISTD instead of <unistd.h>. Spotted by Mark Crispin <MRC at Panda.COM>
We shouldn't skip over header files to avoid functions of disabled algorithms. The selection is done in a different way
engine.h includes all the needed header files, so don't do it again here.
Check for OPENSSL_NO_RSA, OPENSSL_NO_DSA and OPENSSL_NO_DH and disable appropriate code if any of them is defined.
gcc warns when certain values of an enumeration aren't taken care of, unless there's a default clause.
Provide the possibility to clean up internal ENGINE structures. This takes care of what would otherwise be seen as a memory leak.
Clean up ENGINE before exiting.
make update
Linux shared libraries can be linked with debug symbols. Tru64 shared libraries can be linked with static libraries.
Make proper use of all disabling variables.
make update
A method to create shared libraries on AIX, and according to "Howard Chu" <hyc at highlandsun.com>, it may be general enough to work on any Unixly system.
Remove part conflict indicator...
Add support for Sun C on Solaris x86. Contributed by Ben <mouring at etoh.eviladmin.org>
Some platforms (most notably Windows) do not have a $HOME by default. For those, unless the environment variables RANDFILE or HOME are defined (the default case!), RAND_file_name() will return NULL. This change adds a default HOME for those platforms.
Add a general user interface API. This is designed to replace things like des_read_password and friends (backward compatibility functions using this new API are provided). The purpose is to remove prompting functions from the DES code section as well as provide for prompting through dialog boxes in a window system and the like.
make update
Clarify the license and copyright, make preprocessor dirctives a little bit clearer and use the new OPENSSL_SYS_* macros.
Don't forget crypto/ui...
There is no uitest
e_os2.h defines things like OPENSSL_SYS_MSDOS, not opensslconf.h... (basically: whooops :-))
Put back a removed "extern", or many compilers will complain about redefined variables.
Move the password reading functions completely away from the DES section.
When doing rewrites on ssleay.num, the file was prematurely closed. Make rewrites the default, since it works, and people get confused if changed information doesn't get rewritten automagically.
des_read_password() and des_read_2passwords() can only appear if DES is compiled.
Win16 too :-).
make update
Define `ok' and better error detection.
A randomizer for OpenVMS, using the statistics that are easily reachable.
Document the addition.
It seems like the removal of "extern" before "static" wasn't a mistake.
Make it so the compiler doesn't inform me about the dollars in some symbols.
Use ui_compat.h to get the password reading functions.
len is a size_t, which is an unsigned integer. Therefore, some compilers will complain against the check for less than zero.
Make more short aliases for symbols that are longer than 31 characters.
Remove the password reading objects from LIB_DES.
ui_compat.h was forgotten in the "symlinking" routine.
ui was forgotten when installing libcrypto and it's headers.
Make sure memset() is properly declared.
Make sure strdup() is properly declared.
branch on equal is beql, not beq...
Low-case the names of the system routines, since some versions of DEC C only have them declared that way (it doesn't really matter, since the linker is case-insensitive by default)
Do not forget to increment the pointers...
New internal function OPENSSL_gmtime, which is intended to do the same as gmtime_r() on the systems where that is defined.
Add a few more details on what one might need. make and a development environment were a part of a Unix operating systems, but these days you see an increasing number of installations that do not necessarely have these crucial parts by default, so it's needs mentioning.
Add a requirements section for OpenVMS.
VMS doesn't support more than on period in a file name
We had the password callback for ENGINEs pretty much wrong. And passwords that were given to the key loading functions were completely ignored, at least in the ncipher code, and then we made the assumption that the callback wanted a prompt as user argument.
Document the latest change in ENGINEs.
A wish was expressed.
Extend all the loading functions to take an engine pointer, a pass string (some engines may have certificates protected by a PIN!) and a description to put into error messages.
Don't decrement the reference counter twice when destroying dynamic links.
Stop mishandling the type number in dynlock locking
nCipher callbacks shall return 0 on success, something else otherwise.
Confusion between algorithms resolved.
Added more info in SRP.
More info on SRP.
Accept digits in symbol names. Spotted by Brian Havard <brianh at kheldar.apana.org.au>
Small detail about AIX forgotten...
A good use of the UI interface is as a password callback replacement (for new functions...). One might still want to be able to pass down a user-data pointer to be used by the UI. However, ex_data doesn't quite cut it, since that means the appropriate index to it might need to be shared between parts that aren't really related in that sense, and would require the currently hidden (static) index holders to be uncovered. Not a good thing. Therefore, add the possibility to add a user-data pointer to a UI.
Defining __USE_XOPEN_EXTENDED was the wrong thing. Instead, define _XOPEN_SOURCE.
'make update'
Don't forget to initialise.
Use memmove() instead of memcpy() on areas that may overlap. Spotted by Nalin Dahyabhai <nalin at redhat.com>
Provide an application-common setup function for engines and use it everywhere.
One feature wasn't quite commited yet
Enhance the user interface with better support for dialog box prompting, application-defined prompts, the possibility to use defaults (for example default passwords from somewhere else) and interrupts/cancelations.
The default flag should be for default passwords only. Otherwise, someone having a default that is not a password will be confused.
- Add the possibility to control engines through control names but with arbitrary arguments instead of just a string. - Change the key loaders to take a UI_METHOD instead of a callback function pointer. NOTE: this breaks binary compatibility with earlier versions of OpenSSL [engine]. - Addapt the nCipher code for these new conditions and add a card insertion callback.
Change the common application routines to use a UI_METHOD for password prompting, even when done through the callback.
Do a proof of concept. "openssl genrsa" will make the name of the file part of the password prompt unless it's standard input...
cp is only used when DSA is built.
Modify "openssl engine" to handle and display internal control commands appropriately.
Since there is a way to create UI_METHODs, implement a destructor as well.
Update my status.
For the UI functions that return an int, 0 or any positive number is a success return, any negative number is a failure. Make sure we check the return value with that in mind.
Include the UI error strings.
New error printing function that gives the possibility to print the errors through an arbitrary function.
Implement boolean (yes/no or OK/Cancel, ...) input.
make update
Do not loop i the OpenSSL UI method any more. Instead, letthe application do that.
Document recent changes.
Oops, applies to 0.9.7 only.
Make use of new features in UI's. Among others, the application password callbak doesn't need to check for sizes any more.
apps_startup() needs a corresponding apps_shutdown().
Use apps_shutdown() in all applications, in case someone decides not to go the monolith way (does anyone do that these days?).
make update
Including stdio.h before setting _XOPEN_SOURCE and _XOPEN_SOURCE_EXTENDED wasn't very smart...
Use the new UI features, among others the new boolean input.
Make sure we don't return 0 on error.
Call apps_shutdown() to take down what apps_startup() set up.
Make better use of load_cert, load_certs and load_key.
Make get_ip() a bit more strict in it's parsing of IP addresses, and at the same time a bit more accepting with host names.
Make better use of load_cert, load_certs and load_key.
Make better use of load_cert, load_certs and load_key.
Changes to have OpenSSL compile on OS/2. Contributed by "Brian Havard" <brianh at kheldar.apana.org.au>
Insuline shot
[Forgotten commits?] Changes to have OpenSSL compile on OS/2. Contributed by "Brian Havard" <brianh at kheldar.apana.org.au>
Let's include cryptlib.h *before* things like NO_SYSLOG are tested or used.
Make an extra note about shared libraries and backward compatibility.
Change info to correct values.
Use one address consistently.
Patches from Vern Staats <staatsvr at asc.hpc.mil> to get Kerberos 5 in SSL according to RFC 2712. His comment is:
If I define _XOPEN_SOURCE before including *any* system header file, things will work much more smoothly.
EVP_Digest() takes one more parameter.
make update
One forgotten function.
Make sure crypto/krb5/krb5_asn.h becomes part of libeay.num.
Make sure crypto/krb5/krb5_asn.h is copied to the directory of exported header files.
make update
The implementation of the TKTBODY ASN.1 functions was missing.
Changes to the Kerberos SSL code by Jeffrey Altman <jaltman at columbia.edu> His comments are:
Code to avoid the use of non-standard strptime(). By Jeffrey Altman <jaltman at columbia.edu>
Changes to the Kerberos SSL code by Jeffrey Altman <jaltman at columbia.edu> His comments are:
Private functions do not belong in an exported header file, so move them to one that won't get exported.
Include kssl_lcl.h where needed.
make update
Document the recent Kerberos SSL changes.
Some of the Kerberos code had dissapeared. Reapply.
Add the possibility to specify the use of zlib compression and decompression. It can be set up to link at link time or to load the zlib library at run-time.
Clarify that zlib-dynamic is the default choice.
paddr may be NULL. Do not crash if it is.
Prevent KSSL server from requesting a client certificate. Submitted by Jeffrey Altman <jaltman at columbia.edu>
SSL_get_[rw]fd were documented but not implemented.
SSL_get_rfc were documented but not implemented.
More Kerberos SSL patches from Vern Staats <staatsvr at asc.hpc.mil>. His comments are:
Not all platforms have the OpenBSD crypto device.
Addapt VMS script to the latest changes in the makefiles.
make update
More Kerberos SSL changes from Jeffrey Altman <jaltman at columbia.edu> His comments are:
Whoops, my fault, a backslash got converted to a slash...
Correct most of the unsigned vs. signed warnings (or int vs. size_t), and rename some local variables to avoid name shadowing.
Make as sure as possible that gethostname() will be properly declared.
Vade retro C++ comments!
Make sure the source file is included among the dependencies. This is the norm for 'gcc -M' but not for 'makedepend', and is merely introduced here to avoid commit wars.
make update
Make sure memcpy() gets properly declared by including string.h.
Apply the Tru64 patch from Tim Mooney <mooney at dogbert.cc.ndsu.NoDak.edu>
gcc 3.0 tells me that -m486 is deprecated. The gcc 2.95 manual tells me the same and that the correct option is -mcpu=i486. I'm assuming -mcpu has been around for some time, and that it's therefore safe to change all occurences of -m486 to -mcpu=i486.
Make sure evil file name characters, like spaces or ampersands (!), don't disturb the rehashing process. Spotted and suggested patch from Rudo Thomas <rudo at internet.sk>
In case of memory problems, the va_start() wasn't cleaned with a va_end(). Noticed by Thomas Klausner <wiz at danbala.ifoer.tuwien.ac.at>.
Two changes:
The #error message must match a very specific regexp (see mkdef.pl, currently line 470).
'make update'
Apparently, Linux is identified with __linux__ as well.
Stop thinking arguments starting with - are algorithm identifiers. Show timing parameters and timing functions used. It looks like some Linuxen have very weird settings for CLK_TCK. I'm very unsure about this change and will investigate further.
Synchronise with Unixly build.
Change HZ in speed to rely on sysconf() if the clock tick is available that way. Synchronise s_time with these changes.
o_time.c contains symbols with dollar signs in them, so we must tell the compiler not to warn about that.
Some new symbols have very long names...
Addapt seldom compiled code to new semantics of the key schedule (not a pointer any more).
sk_ENGINE_CLEANUP_ITEM_pop_free() is duplicated in ENGINE_cleanup(). Let's use sk_ENGINE_CLEANUP_ITEM_pop_free() instead.
'make update'
Woopsie...
Hmm, everything "open" isn't necessarely "openssl" :-). *sigh* habit...
A lot of things are undeclared unless x509.h is included.
sch isn't an array, how did this pass through gcc?
Because there's chances we clash with the system's types.h, rename our types.h to ossl_typ.h.
Because there's chances we clash with the system's types.h, rename our types.h to ossl_typ.h. Also, it seems like krb5 was forgotten in some places.
Since ossl_typ.h is an exported header, we sure need to export it on VMS as well :-).
'make update'
SSL_add_dir_cert_subjects_to_stack for Win32 finally implemented. Submitted by Massimo Santin <msantin at santineassociati.com>.
Typo...
Copy evptests.txt to the right place.
A few more OIDs, contributed by Peter Sylvester <Peter.Sylvester at EdelWeb.fr>
makedepend sometimes produces duplicates. Remove them.
To avoid commit wars over dependencies, let's make it so things that depend on the environment, like the presence of the OpenBSD crypto device or of Kerberos, do not change the dependencies within OpenSSL.
'make update'
It seems like gcc does canonicalisation of file names. More specifically, a starting './' is removed. makedepend doesn't do this, resulting in another possible commit war, so let's fix that by doing a poor mans canonicalisation of file names that gives the same effect as doing dependencies through gcc.
'make update'
For systems where gcc is used and where we don't know if GNU ld is used or not, let's ask collect2 which ld it uses and choose to use the target do-gnu_shared if GNU ld is used.
Add support for md4WithRSAEncryption.
'make update'
In certain cases, no encoding has been set up for the b64 filter. In such cases, a flush should *not* attempt to finalise the encoding, as the EVP_ENCODE_CTX structure will only be filled with garbage. For the same reason, do the same check when a wpending is performed.
The EVP_*Init_ex() functions take one extra argument. Let's default it to NULL.
Wrong place...
Correction of the id-pda OID's. Submitted by Frederic.Giudicelli at INTRINsec.com
make update
make update
Deprecate the macro MAC_OS_pre_X.
Due to an increasing number of clashes between modern OpenSSL and libdes (which is still used out there) or other des implementations, the OpenSSL DES functions are renamed to begin with DES_ instead of des_. Compatibility routines are provided and declared by including openssl/des_old.h. Those declarations are the same as were in des.h when the OpenSSL project started, which is exactly how libdes looked at that time, and hopefully still looks today.
A C file is a C file is a C file!
Have the removal warnings very high up in the source.
Remove DES_random_seed() but retain des_random_seed() for now. Change the docs to reflect this change and correct libeay.num.
Make sure openssl speed is compilable on systems where fork() doesn't exist. For now, that's all the ones we "support" except Unix.
Change the DES documentation to reflect the current status. Note that some password reading functions are really part of the UI compatibility library...
Correct some links...
Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names
Change the shared library support so the shared libraries get built sooner and the programs get built against the shared libraries.
DOS and Windows do not like unistd.h
No need to include anything on systems that do not have /dev/crypt
Place the OpenSSL-specific headers back so they always get included, or we get a dependency war in Makefile.ssl
des_old.h doesn't really need to include des.h, so don't. That will avoid clashes with other code that have their own DES_ functions but really only use OpenSSL's old des_ functions.
Exclude .out files
unsigned int vs. int.
Remove temporary files
Implement STARTTLS for certain protocols, currently only supporting SMTP.
Change the order of events so the capabilities of loaded engines can get listed as well.
After loading a dynamic engine, reset the command definitions to the empty set. This prevents engines that do not set the command definitions themselves to inherit the ones from "dynamic", which would otherwise be very confusing.
Add a demo that reimplements the RSAref glue in form of a dynamically loadable engine.
In a Debian Linux environment, it's not a good idea, apparently, to manually declare the include directory /usr/include at the same time as the macro PROTOTYPES is defined with the value 1. Besides, /usr/include is the standard include directory anyway, so there's no need to specify it explicitely.
Make use of RSAref's header files instead of EAY's crafted rsaref.h.
make update perl util/mkerr.pl -recurse -write -rebuild
Make it possible to build completely static, independent error C files.
Add a local error code configuration file for the rsaref dynamic engine.
Add targets to update the error code files.
'make update' + some touches.
Use the generated error code files.
At least for the two common Unixly DSO loading methods, include the system error in the error text.
If an engine isn't built in, try loading it as a shareable library instead. This also makes it possible for users to simply give said shareable library as argument for the -engine option.
Add DES functions. Restructure the code and comment it a bit. Prepare for the presence of digests.
Make it possible to give digest names as -evp arguments.
Add MD digests.
make update
A missing comma added.
Make sure evp_locl.h can be included (hw_openbsd_dev_crypto.c needs that).
On systems that don't do too well including headers from a different directory, trust the building scripts to handle it properly.
End assembler macro correctly.
Build dynamic rsaref engine on VMS. Tested on VAX so far.
On VMS, the norm is still that symbols are uppercased, so for now it's better to trust that norm. I might implement a control for this later on
Extentions of the explanations to the linking problem on Win32. Provided by Andrew Gray <agray at iconsinc.com>
Certain missing algorithms make some SSL versions or TLS impossible to build.
I was recently informed that some people wrongly use ssleay.txt as main documentation, so let's warn them a little more, so the word "OBSOLETE" really gets understood.
UID was never a lable for uniqueIdentifier. However, LDAP and certain RFCs concerning X.500 directories use UID as a shorter name for the attribute type userId, which is defined by CCITT and available through RFCs 1274 and 2247.
make update
Implement failover for ubsec. Submitted by Subramanian Ramamoorthy <sram at broadcom.com> with the following comment:
Change pkcs12 so the certificates coming from -in do not get tossed if -certfile is given as well.
Synchronise with the 0.9.6 branch.
Do not forget to compile comp_err.c
Better use the same number in all branches, to avoid confusion
And just for the sake of completeness, let's add some standard macros...
Status update
Add support for Linux on HP/PA. Submitted by "Bryan W. Headley" <bheadley at interaccess.com>
On Solaris64, cc needs the flag -xarch=v9 when linking shared libraries. Make a general change to support shared library linking flags in general. Noted by Nick Briggs <briggs at parc.xerox.com>
Allow 8-bit characters. This is not really complete, it only marks characters with the highest bit set as HIGHBIT. We need to expand this to support the UTF-8 character set properly. However, this solves the problem that the character 0x80 (which is common in UTF-8) gets masked to 0x00. Patch submitted by "Huang Yuzhen" <huangyuzhen at bj.tom.com>
Say that recent CygWin perl versions work as well. Submitted by Eric Hanchrow <erich at votehere.net>
Allow verification of other types than DATA. Submitted by Leonard Janke <leonard at votehere.net>
RSA counter should only be defined of RSA is available.
make update
When RSA or DSA are disabled, do not include the stuff that's specific to them.
The block size may be something other than 8!
Because Rijndael is more known as AES, use crypto/aes instead of crypto/rijndael. Additionally, I applied the AES integration patch from Stephen Sprunk <stephen at sprunk.org> and fiddled it to work properly with the normal EVP constructs (and incidently work the same way as all other symmetric cipher implementations).
Implement speed measurement for AES. Submitted by Stephen Sprunk <stephen at sprunk.org> as part of his AES integration patch.
make update
Better clarification on perl
Patches to make OpenSSL compilable on MacOS/X. Submitted by Pier Fumagalli <pier at betaversion.org>
Bring VMS up to date with development.
Add more of the NIST test vectors for AES.
Use FIPS-197 vectors for AES. The NIST vectors were constructed by reencrypting or redecrypting the ciphertext 10000 times, which of course gives higly different results.
To avoid all kinds of link-level clashes, rename all old des_* functions to _old_des_*.
To avoid all kinds of link-level clashes, rename all old des_* functions to _old_des_*.
Because of recent changes, there's no need to hack the des symbols any more.
make update libeay.num got tweaked so the old des symbols would retain their positions.
Keep the NIST AES vectors that were there previously.
There is no aestest currently. The EVP tester is used to check the AES algorithm.
Add -keyform. Document -engine.
Document the change in rsautl.
I must learn to compile before I commit...
Apply a change by Toomas Kiisk <vix at cyber.ee>:
Apply the following changes by Toomas Kiisk <vix at cyber.ee>:
Apply Neale Ferguson's patch to add a configuration target for linux-s390x
I got a request to make the "old des" symbols more closely tied to OpenSSL. Adding '_ossl' in the name seems to be a good way to do this.
Add old patch from Robert Dahlem <Robert.Dahlem at ffm2.siemens.de> to make it possible to produce shared libraries on ReliantUNIX.
GCC uses __i386__.
Apply a small patch from Diego R. Lopez <diego.lopez at rediris.es>, making X509_check_issued() properly match an issuer that's found in a Authority Key Identifier.
It looks like I didn't remove everything that has to do with the non-existant aestest.c.
Apply a small patch from Oscar Jacobsson <oscar at jacobsson.org> that makes things more compilable with VC++.
Apply a small patch from Dan Lanz <lanz at zolera.com> to get shared libraries with debug-linux-elf.
Update SCO5 targets.
I got some reports that some targets have weird dso_schemes. Therefore, I've added a sanity checker.
Detect one-step shifts of the dso_scheme.
Correct the number of colons for the targets aix43-cc, aix43-gcc, alpha-cc, alpha-cc-rpath, alpha-gcc, alpha164-cc and alphaold-cc.
Spelling correction.
Apply patch from Toomas Kiisk <vix at cyber.ee> and complete it.
ASN1_BIT_STRING_set_bit() didn't clear previously set bits
Apply three patches from Assar Westerlund <assar at kth.se>:
Apply one patch from Assar Westerlund <assar at sics.se>:
With the changed des_old API, let's complete the work by renaming the functions in ui_compat. This gave reason to rework that part more thoroughly, so here are the changes made:
'make update'
If the intended header file doesn't exist, create it.
Generate the individual engines' error strings and macros automatically.
Certain reasons aren't really part of the engine framework, so let's make them ubsec-specific in the ubsec implementation.
Add aep and sureware implementations and clean up some error reasons that were never part of the engine framework.
Because AEP and we used the same AEP_R_ prefix for error reasons, lets change our prefix to AEPHK_R_. Otherwise, we get very mysterious errors because we happen to redefine AEP_R_OK and AEP_R_GENERAL_ERROR.
I forgot to include the aep and sureware vendor header files.
Oops, do not unlock CRYPTO_LOCK_DYNLOCK when we locked CRYPTO_LOCK_RAND...
Remove an unused variable.
Add notes on the added support for aep and sureware crypto cards in 0.9.7.
Make link-shard a little bit more efficient. If there are no extensions to link together, there's no point looping at all.
Move teh silencer to the right place.
Update the configuration of CygWin32 to use the new capabilities of CygWin 1.3.x, which includes thread and shared library support.
Modify the main trunk version to 0.9.8-dev. 0.9.7 now lives in the branch OpenSSL_0_9_7-stable.
Correct sh, please
At Corinna Vinschen's request, change CygWin32 to Cygwin
The Cygwin shared extension was shifted.
make update, with libeay.num remade to match the 0.9.7-stable one.
For some reason, getting the topmost error was done the same way as getting the bottommost one. I hope I understood correctly how this should be done. It seems to work when running evp_test in an environment where it can't find openssl.cnf.
Make sure memset() is defined by including string.h Notified by Oscar Jacobsson <oscar at jacobsson.org>
Add the configuration target VxWorks.
Give the linux-sparv9 target shared capability. Submitted by Ian Marsh <mushypea at dominion.net.uk>
gcc chokes on C++ comments in C code.
Missing #endif
Local `time' shadows the global function `time()'. Rename the local variable to `tim' (and, as a matter of consequence, `time_d' to `tim_d').
The macro IMPLEMENT_ASN1_FUNCTIONS_const already contains an ending ;, so do not add one after the expansion, since ANSI C doesn't allow ;; at this level (or at least, so tells me gcc).
Adjust the NID names for the AES modes OFB and CFB to contain the number of feedback bits
Add the modes OFB128, CFB128 and CTR128 to AES. Submitted by Stephen Sprunk <stephen at sprunk.org>
The AES modes OFB and CFB are defined with 128 feedback bits. This deviates from the "standard" 64 bits of feedback that all other algorithms are using. Therefore, let's redo certain EVP macros to accept different amounts of feedback bits for these modes.
Since Cygwin is the proper spelling, let's change to that everywhere. Also, with the change in Configure, it now knows on it's own if threads are supported or not.
Oh, and since config figures out that we run Cygwin and what versions, let's recommend running config instead of a manual Configure.
Don't shadow already defined variables
With Compaq make, it seems like # inside an action becomes part of the command, not a comment at all
Comparing a pointer (data) with 0 using > is incorrect. The changed comparison doesn't look right, but at least it compiles. It would be nice if the one who knows what this is supposed to do changed it to do it correctly
Instead of just checking for OpenVMS, check if DEC C is used, since it's as picky on all platforms
With Compaq make, it seems like # inside an action becomes part of the command, not a comment at all
Add reports on checked 64-bit platforms and make space to add platforms that need to be checked
Update the status on 64-bit thingy.
Instead of casting a lvalue, let's constify meth.
gcc figures that the format specifier %2x means unsigned int, so let's make n unsigned.
Including openssl/e_os.h in the OpenSSL 0.9.6 branch is legal, since it's exported. Changing that is a BIG step, which has been done in 0.9.7-dev.
Stop assuming the IV is 8 bytes long, use the real size instead. This is especially important for AES that has a 16 bytes IV.
Add comfy aliases for AES in CBC mode.
Add AES support in the applications that support -des and -des3.
We have AES support in openssl speed
make update, after moving around symbols in libeay.num to match 0.9.7-stable.
Document the added modes for AES
Updated AEP engine, submitted by Diarmuid O'Neill <Diarmuid.ONeill at aep.ie>
Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated
Make sure aep_close_connection() is declared and has a prototype that's consistent with the rest of the AEP functions
VMS addaptation, including a few more long names that needed hacking.
make update
Remove the perl/ subdirectory. It hasn't been worked on for ages, is very broken, and there are working modules in CPAN, which makes our module even more moot.
This change was only made in 0.9.7-stable. Synchronise
Make it so one can select tests from within the test directory
Rename des_SPtrans to DES_SPtrans to differentiate from libdes and avoid certain linkage clashes.
Typo. In DCL, the continuation character is a dash at the end of the line, which I forgot when spliting one.
New configuration targets for OpenBSD, handed to me by Bob Beck <beck at openbsd.org>
Provide a pre 0.9.7 compatibility mapping if OPENSSL_DES_PRE_0_9_7_COMPATIBILITY is defined. NOT AT ALL TESTED YET! Add a comment as to the libdes compatibility.
OpenSSL currently fails on certain pure 64-bit architectures. This is a showstopper
Change des_old.c to use types prefixed with _ossl_old_des_.
When closing, do not use close(). Also, if the closing call fails, do not return immediately since that leaves a locked lock.
Synchronise the AEP engine in all branches. For 0.9.6-stable [engine], implement software fallback
Merge in DES changed from 0.9.7-stable.
Merge in DES changed from 0.9.7-stable.
Merge changes from 0.9.7-stable
Merge changes from 0.9.7-stable
Make the change to strong keys in the string to key(s) functions experimental in the main trunk as well
Correct the mapping for des_read_pw()
Add the mapping of des_random_seed() for 0.9.6 compatibility. Make sure DES_cblock is defined at all times (meaning one shouldn't include openssl/des_old.h directly any more).
Add the possibility to enable olde des support, not just disable it, for future support. Redocument
A forgotten file
Fix of mixup bwtween SOMAXCONN and SO_MAXCONN. Furthermore, make SO_MAXCONN the first choice, since that's the standard (as far as I know).
Cast the pointers to the BIGNUM data to unsigned long *. This would be harmful if we didn't also pass the exact number of bytes of that data
Forgot one of the casts
Make shared libraries resolve global symbols within themselves first. Currently only on GNUish linkers... Submitted by Steven Bade <sbade at austin.ibm.com>
Use recv() and send() for socket communication on VMS instead of read() and write(). The reason is that read() and write() make additional record level locking which causes hangs of Compaq Secure Web Server (Apache) with SSL. Submitted by Compaq.
Recognise DEC C++ as equivalent to DEC C for the definitions of OPENSSL_EXTERN and OPENSSL_GLOBAL. Submitted by Compaq.
Oops, the system macro for VMS is OPENSSL_SYS_VMS, not VMS
Allow longer program names (VMS allows up to 39 characters). Submitted by Compaq.
make update (libeay.num has been edited to match 0.9.7-stable)
Allow longer program names (VMS allows up to 39 characters). Submitted by Compaq.
Change the date to XX xxx XXXX in development versions.
Check error code from a2d_ASN1_OBJECT().
Avoid emacs backup files when making a snapshot
Make sure the opened directory is closed on exit. Notified by Lorinczy Zsigmond <lzsiga at mail.ahiv.hu>
Do not free p if it hasn't been used yet. Notified by Bernd Matthes <bernd.matthes at gemplus.com>
No point constifying an int. Notified by Bernd Matthes <bernd.matthes at gemplus.com>
The callback must have (void) as argument list. Notified by Bernd Matthes <bernd.matthes at gemplus.com>
Signedness mismatch. Notified by Bernd Matthes <bernd.matthes at gemplus.com>
Make sure ec and ecdsa is properly handled in Windows. Notified by Bernd Matthes <bernd.matthes at gemplus.com>
Uhmmm, if we use && after having tested for the presence of the certificate, we just *might* stand a certain chance of actually getting it written to file...
Potential memory leak removed. Notified by <threaded at totalise.co.uk>
Synchronise with 0.9.7-stable.
Synchronise with 0.9.7-stable.
Fix unsigned vs. signed clash
Make sure that date is run under the C locale, so dates are given in the default format. PR: 16
Generate an error if rewinding wasn't possible. Notified by Ken Hirsch <kenhirsch at myself.com>. PR: 23
Small documentation fix for EVP_CipherFinal or EVP_CipherFinal_ex. Notified by Stella Power <snpower at maths.tcd.ie>. PR: 24
Move an assert() to avoid core dumps when a static buffer hasn't been given. Notified by Verdon Walker <VWalker at novell.com>
One place where VMS wasn't changed to OPENSSL_SYS_VMS...
Make the huge buffer smaller, so the size becomes reasonable for small-stack environments. Notified by Verdon Walker <VWalker at novell.com>
Synchronise the FAQ
Updating status for 0.9.6d
Use OPENSSL_SYS_VMS instead of just VMS
Allow the use of the TCP/IP stack keyword TCPIP and NONE
Make sure ECDSA is built and tested on VMS.
Make sure ECDSA is built and tested on VMS. Avoid loops if linking an application fails.
Define a short alias for another long EC symbol.
Make sure short aliases are used where required.
make update
Recover from errors
There is a chance that the input string is larger than size, and on VMS, this wasn't checked and could possibly be exploitable (slim chance, but still)
Set DLOPEN_FLAG the same way on NetBSD as on OpenBSD. PR: 58, submitted by andrew at cis.uoguelph.ca
Remove the duplicate description of -out. PR: 28
Add more warnings for my debug targets.
Our copy of pod2man.pl is old and comparatively broken, so lets remove it. PR: 30
Some shlib extensions were in the wrong field
Correct darwin shared library support. PR: 39
Correct AES counter mode, which incorrectly incremented the counter before using it. PR: 56
Apparently, there are still chances we have to deal with buggy pod2man versions. Deal with that by testing any available pod2man and using it if appropriate, and falling back to util/pod2man.pl if none was found.
pod2man.pl would only remove the first LF from the name.
Make sure that MS_STATIC isn't defined to 'static' under Win32. PR: 51
CAformat should not be used for CA key format.
Check the return values where memory allocation failures may happen. PR: 49
a B< that wasn't properly ended.
Support shared libraries properly on linux-sparcv[89]. PR: 60
Support the newly release gcc 3.1 on 64-bit Solaris. Not automatic. PR: 57
Reformat the CFLAG string so it can be made part of a C string. Incidently, this works pretty well on the command line as well. PR: 52
In CFB mode, the iv is always encrypted.
Declare the CFB and OFB modes for AES, and prepare for a declaration of CTR mode.
For CFB and OFB modes, always create the encryption key.
Make it possible to give vectors only for decryption or encryption.
Add the AES test vectors from NIST document SP800-38A.
Document the AES changes.
use sstrsep() to get the proper type to aoti(). Remove unneeded cast in ustrsep(). PR: 69
make update (including adjusting libeay.num in HEAD to the changes in the 0.9.7-stable libeay.num
Update the recognision of GCC version numbers to handle the prefix text that GCC 3.1 adds to the --version output
Since there's no continuation, the ; can go as well :-)
Documentation bug corrected. PR: 70
Check errors when parsing a PKCS8INF PEM FILE, or there will be a core dump on error. PR: 77
It's not good to have a pointer point at something in an inner block. PR: 66
Make perl replacement for dirname, for system that lack the latter. PR: 81
Merge from 0.9.7-stable.
Making a softlink from crypto/des/asm/perlasm to crypto/perlasm isn't strictly necessary, so let's not do that.
Parse directory using both slashes and backslashes as separators. Do file copying in term of perl statements instead of using cp. Part of PR: 75
Check for the executable $openssl, not just the file. Part of PR: 75
Add support for DJGPP. PR: 75
Add support for DJGPP.
Make sure that any dash in the prefix before the version number is removed. PR: 96
Tentatively add support for UWIN, a Unix-like environment on top of Windows. PR: 62
make update (adapt libeay.num to the 0.9.7-stable branch)
For some reason, we need to return the full path to perl
A number of includes were removed from evp.h some time ago. The reason was that they weren't really needed any more for EVP itself. However, it seems like soma applications (I know about OpenSSH, but there may be more) used evp.h as the 'load all' header file, which makes sense since we try our best to promote the use of EVP instead of the lower level crypto algorithms. Therefore, I put the inclusions back so the application authors don't get too shocked by all the errors they would otherwise get.
The general debug target must specify that it doesn't use assembler routines. PR: 105
There is no RSAREF any more, so do not ty to install it. PR: 106
Use bg instead of bag as argument to macros, to avoid clashes with structure field names. PR: 112
gcc requires -m64 to link 64-bit shared libraries on Solaris. PR: 117
have 'openssl pkcs7' exit with code 1 on error instead of 0. PR: 119
Use 32-bit sections instead of the default, 16-bit ones. Part of PR 123
When compiling for Windows, make sure we have the windows definitions declared. Part of PR 123
Use underscores instead of dashes in temporary file names. This is due to weird Borland compilers. Part of PR 123
Document the new way of building with Borland Builder. This concludes the changes from PR 123
The new stuff is for Borland Bulider 5, so document it appropriately
Forgot to change the second $ENV{DJDIR} to /dev/env/DJDIR. Part of PR 75
Update the information on Cygwin. Part of PR 75
DJGPP has some needed header files that other MSDOS/Windows compilers don't have. Part of PR 75
Pass CFLAG to dependency makers, so non-standard system include paths are handled properly. Part of PR 75
A few changes to BC-32.pl didn't get properly applied. This completes PR 123
Try to avoid double declaration of ERR_load_PEM_strings(). PR 71
opensslconf.h doesn't define what we want, e_os2.h does. PR 123
Do not define crypt() on OpenBSD. Notified by Bob Beck of OpenBSD.
In UI_UTIL_read_pw(), we should look at the size parameter, not at BUFSIZ. Submitted by Götz Babin-Ebell <babinebell at trustcenter.de>
There's an ongoing project to bring some kind of path selection mechanism to the ENGINE framework. This means there there are going to be new functionality for the DSO part, and ultimately some way of merging two file specifications together.
Set up the engine before doing anything random-related, since engine randomness is only used for seeding and doing it in the wrong order will mean seeding is done before the engine randomness is hooked in. Notified by Frederic DONNAT <frederic.donnat at zencod.com>
Using -Wtraditional took it a little far. After all, we expect ANSI C, so we don't need to care about traditional compilers
Let's not forget the second -Wtraditional
Some older code (never committed) wasn't converted to the new format. Corrected.
For those wanting to build for several platforms with the same source directory, making a separate directory tree with lots of symbolic links seems to be the solution. Unfortunatelt, Configure doesn't take appropriate steps to support this solution (as in removing a file that's going to be rewritten). This change corrects that situation. Now I just have to find all other places where there's lack of support for this.
For those wanting to build for several platforms with the same source directory, making a separate directory tree with lots of symbolic links seems to be the solution. Unfortunately, Configure doesn't take appropriate steps to support this solution (as in removing a file that's going to be rewritten). This change corrects that situation. Now I just have to find all other places where there's lack of support for this.
There are problems on certain platforms, and possible answers on how to (temporarly) solve them.
Actually, the "bug" is really documented in the man-page for ld, so it's really a misfeature according to the jargon file (4.0.0) definition:
The default C compiler on MacOS X doesn't like empty object files
We had some experimental options in the Darwin entries. They are no longer needed
Add the usually recommended solution to the linking problem entry for MacOS X
On MacOS X, you're not allowed to have common objects in shared libraries
On MacOS X, the shared library editor uses DYLD_LIBRARY_PATH
If OpenSSL is built with shared library support on MacOS X, everything works fine. Note: this is only true for 0.9.7 and on
Add a few FAQ entries for the various ways building OpenSSL on MacOS X can fail, and point at the text in the PROBLEMS file
Add support for shared libraries with OS/2. PR: 124
Make mkdir failsafe in case the directories are already present
OPENSSL_SYS_WIN32 is important so util/mkdef.pl can detect it
Unixware doesn't have strings.h, so we need to declare strcasecmp() differently. Unixware 2 needs to link with libresolv. PR: 148
Make S/MIME output conform with the mail and MIME standards. PR: 151
Reverse the change with the following log, it needs further investigation:
Further enhance assembler support on Cygwin and DJGPP. Make pod2mantest useable on DOS-based systems. Part of PR 75, the rest is still under investigation.
Allow subjects with more than 255 characters to be properly printed. PR: 147
Add history for documented new functions. PR: 59
Explain why RSA_check_key() doesn't work with hard keys. PR: 86
Two more names that are a little too long for the standard VMS linker.
The first compile of the new merger method for VMS *almost* got through. That's not enough, is it? :-)
If DH is disabled, don't define the DH functions. Notified by Kim Hellan <KHE at kmd.dk>
Make dummy tests to make it easier to physically remove unwanted algorithms. This should complete PR 75
Document the recent DJGPP-related changes
Don't clobber loop variable. PR: 159
The version of the shared library should, for now, reflect the version of OpenSSL. Part of PR 181.
ln -f -s doesn't always work, so do a rm -f followed by a ln -s. Part of PR 181
Make sure to use $(MAKE) everywhere instead of make. Part of PR 181
If the email address is moved from the subject to the subject alternate name, the subject in the certificate would differ from the subject in the index file, which has quite bad concequences. PR: 180
If CRYPTO_realloc() is called with a NULL pointer, have it call OPENSSL_malloc(). PR: 187
Cut'n'paste error with other reposnder certificates cleared. PR: 190
Linux on s390 really knows about loading dynamically. PR: 183
OCSP and KRB5 Makefil.ssl should be consistent with all the others
Make it possible to load keys from stdin, and restore that functionality in the programs that had that before. Part fo PR 164
Avoid yet another name clash with libdes, and make the declaration consistent with the definition.
Add the CBC flag for cbc ciphers
make update
Add aix64-cc, and make sure that ar gets proper flags for 64-bit libraries
Don't try testing with parallell make, that will just fail. PR: 175
We don't need to find out which pod2man to use more than once
Certain flag macros were tested with #if instead if #ifdef...
make update
0.9.6f is released
Parse version numbers prefixed with text (egcs does that, even with -dumpversion). PR: 203, part 1
When we want to give a -f argument to $(MAKE), we'd better make sure the variable doesn't already contain a -f argument. PR: 203, part 4
More long names to shorten.
Synchronise with Unix. (I expect the next run will generate lots of errors on VMS :-)).
A new header.
Synchronise tests with Unix.
mem* functions are declared in string.h.
More long symbols to shorten.
Remove clashes between symbols that have the same name except for casing.
One more file to compile on VMS as well.
In case of shared libraries, we might run one version of the application with a different version of the library. Detect if there is a difference of versions, and print both versions in that case. This might prove to be a good enough debugging tool in case of doubt.
Update with the status for 0.9.6g.
A few files in the ENGINE and EVP sections forgotten.
Do not use the word 'modulus', which is a class template name in VC++ 6.0/SP5. PR: 216, point 3
Do not include openssl/ripemd.h when the RIPEMD algorithm has been deselected. PR: 216, point 1
Oh, ec2_smpt.c is #included by ec2_smpl.c!
Comma forgotten.
Merge in demo engines from 0.9.7-stable.
Some files deserve to be ignored
Make sure that the test input file comes in the same record format as the typical output from a program in C. PR: 222
The applications 'ecdsa' and 'ecparam' were missing from the VMS build.
Instead of returning errors when certain flags are unusable, just ignore them. That will make the test go through even if DH (or in some cases ECDH) aren't built into OpenSSL. PR: 216, part 2
Sometimes, the value of the variable containing the compiler call can become rather large. This becomes a problem when the default 1024 character large buffer that WRITE uses isn't enough. WRITE/SYMBOL uses a 2048 byte large buffer instead.
Yet a couple of modules forgotten. These weren't important for OpenSSL itself, since they aren't used there (yet). It became quite visible qhen building a shared library, however...
Add a FAQ entry for yet another bc failure. PR: 199
Missing =back. Part of PR 196
It seems like sun4u doesn't always have a sparcv9 inside. Trust isalist. PR: 220
q may be used uninitialised
Add -lz to the ld flags when the user has chosen to link in zlib *statically*. Notified by Doug Kaufman <dkaufman at rahul.net>
isalist was less trustable than I thought (or rather, one can trust it to come up with all kinds of names we don't have in our targets). Besides, our sparcv9 targets currently generate sparcv8 code, I'm told.
So, I discovered that if you have your $PATH set so a ld different from GNU ld comes first, checking the usage of collect2 gives that instead of GNU ld, even if GNU ld would be the one that would get used if we link using gcc. It's much better, apparently, to ask gcc directly what the path to GNU ld is (provided it's there at all and gcc knows about it), and ask the result if it's a GNU or not. The bonus is that our GNU ld detection mechanism got shorter and easier to understand...
Typo, I assigned the variable ld instead of my_ld...
-elapsed is also useful when using gettimeofday
Missing ;
Incorrect argument order to memset()
It makes more sense to refer to specific function manuals than the concept manual when the specific function is refered to in the current manual text. This correction was originally introduced in OpenBSD's tracking of OpenSSL.
Remove reference to RSA_PKCS1_RSAref, since it doesn't exist any more. This correction was originally introduced in OpenBSD's tracking of OpenSSL.
Remove *all* references to RSA_PKCS1_RSAref, since it doesn't exist any more. This correction was originally introduced in OpenBSD's tracking of OpenSSL.
It makes more sense to refer to specific function manuals than the concept manual when the specific function is refered to in the current manual text. This correction was originally introduced in OpenBSD's tracking of OpenSSL.
Make sure that the signal storage is regarded as volatile. This correction was originally introduced in OpenBSD's tracking of OpenSSL.
The OpenBSD project has replaced the first implementation of the /dev/crypto engine with something they claim is better. I have nothing to compare to, and I assume they know what they're talking about. The interesting part with this one is that it's loaded by default on OpenBSD systems. This change was originally introduced in OpenBSD's tracking of OpenSSL.
Removal missing
Add a small note saying the 'debug' option should come before the platform in the arguments to mk1mf.pl. PR: 298
Document should match reality :-). PR: 255
If we're loading libz dynamically, and COMP_zlib() is called more than once, only the first call would provide the correct result. PR: 277
Add random number generation capability to the cswift engine. Should this be added to 0.9.6-stable as well? PR: 275
Installed libraries should not be overwritten, especially shared ones. Use mv to make sure the old copy is unlinked instead of overwritten. PR: 273, and probably others...
For some reason, the random number support removed the destructor
Do not define crypt(). The supported function is DES_crypt() (an des_crypt() when backward compatibility is desired).
Please do not use C++ comments in C code.
Since crypt() isn't defined anywhere, define it locally in destest.c
Add missing LF
Use double dashes so makedepend doesn't misunderstand the flags we give it. For 0.9.7 and up, that means util/domd needs to remove those double dashes from the argument list when gcc is used to find the dependencies.
Add a few more VxWorks targets. Correct misspelled VXWORKS macros. Add VXWORKS identifying macros to e_os2.h. Add required inclusions and mappings for VxWorks in e_os.h. A few small modifications to make OpenSSL build and work on VxWorks. PR: 253, except for the change that was handled in an earlier commit, and a request for easy build of just parts of OpenSSL.
Don't fuss with the demo binaries
Change the main Makefile to have "mini-build" targets. PR: 253, last part.
Keep the sub_all symbol so all the algorithm Makefiles won't break.
Remove redundancy and use the main makefile better
Make sure that the 'config' variable is correctly defined and declared for monolithic as well as non-monolithic biuld. More work is probably needed in this area. PR: 144
RFC 2712 redefines the codes for use of Kerberos 5 in SSL/TLS. PR: 189
Typo
VMS below version 7 doesn't have strcasecmp, so let's roll our own on VMS. PR: 184
Add a few more target platforms, to see how well the shared library linking works on them.
Rhapsody had ftime, Darwin doesn't (any longer?)
Move the shared library construction stuff to Makefile.shared, a helper makefile that generalises our way of building shared libraries and is designed to take care of almost anything (I hope).
Add a suffix for Darwin's sake, since it seems like .dylib comes after the version in the file name.
Fix inconsistencies in the Darwin targets. Add a variant of SHLIB_SOVER without the preceding period.
BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the requirement that the serial number always be an even amount of characters. PR: 248
Make sure $fname will not give us any surprises with any funny characters. PR: 256
Make sure it's properly detected when there's no version information at all, and in all other cases, make sure foo.so is linked to foo.so.{soversion}.
There may be more than one single quote to fix. PR: 256
make update
Add a configuration target for A/UX. PR: 271
Step 2 of move of engines: copy engines to new directory and rename them to be prefixed with e_ instead of hw_. They aren't necessarely hardware engines. The files commited here are exact copies of the corresponding hw_ files found in crypto/engine/.
Step 3 of move of engines: copy the corresponding vendor header files.
Step 4 of move of engines: Split e.ec into individual files for each engine.
Step 5 of move of engines: Add a makefile (and a .cvsignore).
That wasn't supposed to be there...
Step 6 of move of engines: rename the macro ENGINE_DYNAMIC_SUPPORT to OPENSSL_NO_DYNAMIC_ENGINE and make sure that gets defined unless shared library support has been specifically requested.
Typo.
Step 7 of move of engines: Engines should not depend on private OpenSSL header files.
We didn't copy the cryptodev engine here, darn it!
Step 8 of move of engines: Remove the last little quirks. DECIMAL_SIZE is copied from crypto/cryptlib.h.
Typo
Step 9 of move of engines: rename crypto/engine/hw_cryptodev.c to eng_cryptodev.c. This is an engine that (at least currently) has to be built in.
Step 10 of move of engines: Change crypto/engine/Makefile.ssl so we don't build any "built-in" engines in that directory any more, except fo the cryptodev one.
Step 11a of move of engines: Time to make the changes to support automatic load of dynamic engines. Unless we don't have shared library support, do not try to load any "built-in" engines except for cryptodev.
Step 11b of move of engines: Time to make the changes to support automatic load of dynamic engines. Add functionality to the dynamic engine to handle engine directories and loading from those. This is currently NOT compatible with the use of LD_LIBRARY_PATH and similar environment variables.
Step 11c of move of engines: Time to make the changes to support automatic load of dynamic engines. Change the iterator to try to load the requested engine dynamically. The environment variable OPENSSL_ENGINES can be used to override the internal default directory where one can expect to find dynamically loadable engines.
Step 12 of move of engines: Time to make the changes to support automatic load of dynamic engines. Make the changes in the main Makefile so the engines are built, but now in the engines/ directory.
Step 13 of move of engines: Remove old files.
For the platforms where version info is inserted separately into the shared library, set those flags conditionally.
Oh, there were *two* places where we needed to protect the file name...
And if the path has a space, we definitely need to protect $openssl.
make update.
Step 14 of move of engines: Final step, document the change.
The AES CTR API was buggy, we need to save the encrypted counter as well between calls, or that will be lost if it returned with *num non-zero.
Add more commentary. Check that *num is smaller than the block size.
Chase down the missing backslashes.
Clarify where the engines are by default.
Targeting the solaris platform for specific tests. Something is going wrong, and my test engine doesn't show it. The verbosity will be temporary for about a day.
Add missing quotes. Make sure test doesn't barf because of missing spaces before the closing ]. Add -lc to the list of libraries we depend upon. Not always necessary, but never hurts.
Add needed libraries as per configuration to the list of libraries we depend upon.
libs is a timestamp that we don't really need to know about.
Complete the VxWorks fix by implementing a NULL RAND_poll() for it. PR: 253
makedepend complains when a header file is included more than once in the same source file.
When BN_add_word() reaches top, it shouldn't try to add the the corresponding word, since that word may not be zero.
Makefile.shared needs to know how it can reach itself.
A much better idea, of course, is not to do a submake at all...
Typos. PR: 189
Typos. PR: 189
Eh, -Wl,--whole-archive disappeared from the GNU targets. I've no idea why, but that was definitely wrong...
In my extreme debug mode, gcc complains that 'static' doesn't come first.
Signal an error if the entered output password didn't match itself. PR: 314
On certain platforms, we redefine certain symbols using macros in apps.h. For those, it's better to include apps.h after the system headers where those symbols may be defined, since there's otherwise a chance that the C compiler will barf when it sees something that looks like this after expansion:
There's a name clash between OpenSSL and RSAref. Since this engine handles RSAref data, pretend we don't care for OpenSSL's MD2 and MD5 structures or implementation. Remove all kinds of silly warning
For the mkdef.pl to recognise if the "external" engines are inserted into libcrypto, we need the "algorithm" STATIC_ENGINE.
make update
External engines aren't in crypto/engine/ any more, so don't try to build them there.
Make sure toupper() is declared
A small detail: since 0.9.7, DH_new_method() and DSA_new_method() don't take an ENGINE* as parameter any more. PR: 156
Revert, that was an incorrect change. PR: 156
The #else part of the conditionals have two statements, so they need to be surrounded with braces, or the surrounding if..else will fail miserably in case the #else part is compiled.
synchronise util/libeay.num with the 0.9.7-stable variant (guys, this is something we really need to keep track of!). make update
Plug potential memory leak. Identified by Goetz Babin-Ebell <babinebell at trustcenter.de>
New files have appeared, tell VMS.
Add the command procedure to build external engines on VMS. Currently, we simply assume that they shall always be built as shareable images.
Add all that is needed to build external engines on VMS. Currently, we simply assume that they shall always be built as shareable images.
Remove all referenses to RSAref, since that's been gone for more than a year.
Depend on OPENSSL_NO_STATIC_ENGINE rather than OPENSSL_NO_DYNAMIC_ENGINE. Make sure to include openssl/opensslconf.h to make sure we get the definition of those macros.
Since we're currently assuming VMS can deal with dynamic engines, don't include the static engine entry points in libcrypto.exe.
Cosmetic change
Off-by-one-error corrected. PR: 235
some people just can't read the instructions
Stupid bug fixes. I've forgotten my DCL...
Generate openssl.pc so pkg-config can return proper data. PR: 163
Keep on using ${CC}, since gcc may act in disguise.
Windows doesn't know sys/file.h
-CAcreateserial doesn't take a filename argument. PR: 332
-CAserial does take a filename argument. PR: 332
X509_NAME_cmp() now compares PrintableString and emailAddress with a value of type ia5String correctly. PR: 244
Make the programs link against the static library on MacOS X. PR: 335
Variables on the stack must be initialized or we can't depend on any initial value. For errline/errorline, we did depend on that, erroneously
Make the CBC mode od AES accept lengths that aren't multiples of 16. PR: 330
Make it possible to run individual tests even when linked with libcrypto.so and libssl.so
Synchronise...
Name the flag files correctly.
Make internal functions static.
When build as dynamic engines, the loading functions should be defined static.
Correct support for SunOS 4.1.3_U1. PR: 227
This didn't get to the 0.9.8-dev thread...
Merge from 0.9.7-stable.
free() -> OPENSSL_free()
Constification needed. PR: 241
Handle last lines that aren't properly terminated. PR: 308
Make the Windows test scripts consistent in their echoing
When AES is skipped because the option 'no-rijndael' was given, make sure it's skipped from SDIRS as well.
The directory 'rijndael' doesn't exist any more, let's check the aes directory instead (this should have been done long ago...).
Fix to build better with DJGPP. PR: 338
Cygwin fixes
Add a FAQ on how to check the authenticity of the openSSL distribution. PR: 292
It seems like gcc 2.9aix5.1 doesn't do will with optimization level 3. PR: 115
DCL logic bugs fixed.
Remove warnings.
Add Tandem OSS target. PR: 192
Close the implicitely opened registry key. PR: 264
make update
We need to read one more byte of the REQUEST-CERTIFICATE message. PR: 300
Add -Wstrict-prototype and -Wmissing-prototype to my debugging targets
Spell prototypes correctly :-).
I know ANSI C doesn't like 'long long', and I don't want to see it
-Wid-clash-n isn't support in gcc 3, and I get better result from continuously rebuilding on a VMS box.
The architecture name is i486, not just 486
A few more Microsoft OIDs added
make update
Document the change to remove the 'done' flag variable in the OpenSSL_add_all_*() routines
Changes to make shared library building and use work better with Cygwin
Add the INHIBIT_SYMLINKS flag variable to help Cygwin. Add missing semicolons. Add a comment explaining a bunch of targets without any action lines.
WinCE patches
Mention ActiveState Perl much earlier in INSTALL.WCE.
We don't want TARGETCPU expanded here.
I forgot this is compiled in test/, not crypto/ec/...
Add the file openssl.pc that I forgot a while ago.
Adding openssl.pc to the repository was a mistake, since it's generated.
Ignore openssl.pc. This way, there's no risk that I'll add it again :-).
Make it possible to build for more than one CPU. Clarify what the CE tests do.
A variable of type time_t is supposed to be a time measurement starting at Epoch. offset isn't such a measurement, so let's stop pretend it is.
Make sure sysconf exists (it doesn't in the VMS C RTL lesser than version 7).
Determine HZ exactly as in apps/speed.c.
Add the ASN.1 structures and functions for CertificatePair, which is defined as follows (according to X.509_4thEditionDraftV6.pdf):
Document the addition of certificate pairs.
Add news items for 0.9.6h and expand on the 0.9.7 news as well.
Update STATUS
Fix an unsigned/signed mismatch.
make update
It works on my laptop :-).
Mention a current showstopper
Typo. OPENSSL_NO_ECDH, not NO_OPENSSL_ECDH
Disable this module if OPENSSL_NO_SOCK is defined.
Heimdal isn't really supported right now. Say so, and offer a possibility to force the use of Heimdal, and warn if that's used. PR: 346
Small bugfixes to the KSSL implementation. PR: 349
Heimdal isn't really supported right now. Say so, and offer a possibility to force the use of Heimdal, and warn if that's used. PR: 346
The logic in the main signing and verifying functions to check lengths was incorrect. Fortunately, there is a second check that's correct, when adding the pads. PR: 355
I forgot that @ in strings must be escaped in Perl
Add OPENSSL_cleanse() to help cleanse memory and avoid certain compiler and linker optimizations. PR: 343
Extra ; removed.
Unused variable removed.
Cleanse memory using the new OPENSSL_cleanse() function. I've covered all the memset()s I felt safe modifying, but may have missed some.
Make sure EXIT() can always be used as one statement.
Have all tests use EXIT() to exit rather than exit(), since the latter doesn't always give the expected result on some platforms.
A few more memset()s converted to OPENSSL_cleanse(). I *think* I got them all covered by now, bu please, if you find any more, tell me and I'll correct it. PR: 343
Correct some names.
Make it so all names mentioned in the NAME section of each manpage becomes a symlink to said manpage. PR: 242
Remove incorrect assert. PR: 360
Redo the VAX assembler version of bn_div_words(). PR: 366
EXIT() needs to be in a function that returns int.
Small bugfix: even when r == d, we need to adjust r and q. PR: 366
Through some experimentation and thinking, I think I finally got the proper implementation of bn_div_words() for VAX.
Make some names consistent.
I think I got it now. Apparently, the case of having to shift down the divisor was a bit more complex than I first saw. The lost bit can't just be discarded, as there are cases where it is important. For example, look at dividing 320000 with 80000 vs. 80001 (all decimals), the difference is crucial. The trick here is to check if that lost bit was 1, and in that case, do the following:
define USE_SOCKETS so sys/param.h gets included (and thusly, MAXHOSTNAMELEN gets defined). PR: 371
Windows CE updates, contributed by Steven Reddie <smr at essemer.com.au>
Make CRYPTO_cleanse() independent of endianness.
EXIT() may mean return(). That's confusing, so let's have it really mean exit() in whatever way works for the intended platform, and define OPENSSL_EXIT() to have the old meaning (the name is of course because it's only used in the openssl program)
A gcc 3.0 bug is triggered by our code. Add a section about it in PROBLEMS. PR: 375
Add support for x86_64. PR: 348
DJGPP patches. PR: 347
Correct a few typos that I introduced after applying DJGPP patches.
gethostname() is more a BSD feature than an XOPEN one. PR: 379
Do not implement RC4 stuff if RC4 is disabled. Concequently, apply the same rule for SHA stuff. PR: 381
Only check for a result buffer if the allocated string is a prompt string. PR: 381
PR: 381
If an application supports static locks, it MUST support dynamic locks as well to be able to use the CHIL engine. PR: 281
Make sure using SSL_CERT_FILE actually works, and has priority over system defaults. PR: 376
Allow users to modify /MD to /MT. PR: 380
Declare another general file.
make update
Make sure to implement the cryptodev engine only when /dev/crypto exists.
Corrected DJGPP patch
SSL_CERT_FILE should be used in place of the system default file, not as a first alternative to try
Merge in relevant changes from the OpenSSL 0.9.6h release.
Keep STATUS in HEAD up to date.
Keep NEWS in HEAD up to date.
Apparently, bash is more forgiving than sh. To be backward compatible, don't use ==, use = instead...
Some compilers are quite picky about non-void functions that don't return anything.
Add a few items I intend to work on for 0.9.8 and on.
Forgot one.
Implement a stateful variant if the ZLIB compression method. The old stateless variant is kept, but isn't used anywhere.
Since it's defined in draft-ietf-tls-compression-04.txt, let's make ZLIB a known compression method, with the identity 1.
Since it's defined in draft-ietf-tls-compression-04.txt, let's make ZLIB a known compression method, with the identity 1.
Hmm, Geoff's change made things quite interesting. We can now give users the option of disabling deprecated functions, which should of course be reflected in libeay.num and .def files. Quite nice, actually.
make update
A memset() too many got converted into a OPENSSL_cleanse(). PR: 393
Since HEADER_DES_H has been the protector of des.h since libdes (before SSLeay, maybe?), it's better to have that macro protect the compatibility header des_old.h. In the new des.h, let's use a slightly different protecting macro.
Let's not forget the other places where HEADER_DES_H and HEADER_DES_OLD_H were defined.
Let's not forget the other places where HEADER_DES_H and HEADER_DES_OLD_H were defined.
sk_*_push() returns the number of items on the stack, not the index of the pushed item. The index is the number of items - 1. And if a NULL item was found, actually use it. Finally, provide a little bit of safety in CRYPTO_lock() by asserting the a requested dynamic lock really must exist, instead of just being silent about it
In CRYPTO_lock(), check that the application cares about locking (provided callbacks) before attempting to lock.
Document the modifications in 0.9.7 that will make the hw_ncipher.c engine work properly even in bad situations.
Skip DH-specific tests when no-dh has been configured. PR: 353
I forgot one item I intend to work on.
BIO_set_nbio() is enumerated, but not explained. Remove it from enumeration since it's both enumerated and explained in BIO_s_connect.pod. PR: 370
BIO_new_bio_pair() was unnecessarily described in it's own page as well as in BIO_s_bio.pod. The most logical is to move everything needed from BIO_new_bio_pair.pod to BIO_s_bio.pod (including the nice example) and toss BIO_new_bio_pair.pod. I hope I got all the info over properly. PR: 370
OK, there's at least one application author who has provided dynamic locking callbacks
Bring des_locl.h at the same level as in the 0.9.7 branch. Don't define macros in terms of asm() when __STRICT_ANSI is defined.
Don't define macros in terms of asm() when __STRICT_ANSI is defined.
Update the make system for installations:
Make sure manual pages are properly linked to on systems that have case insensitive file names, as well as those that do not have symlinks. Incidently, both these cases apply on DOS/Windows...
Synchronise with Makefiles.
Protect loading routines with a lock. PR: 373
Transfer the Solaris shared library building changes from 0.9.7-stable.
Update the current status
It was pointed out to me that .pc files are normally stored in ${prefix}/lib/pkgconfig, not ${prefix}/lib/pkginfo.
It was pointed out to me that .pc files are normally stored in ${prefix}/lib/pkgconfig, not ${prefix}/lib/pkginfo.
If _XOPEN_SOURCE_EXTENDED or _XOPEN_SOURCE are defined, _POSIX_C_SOURCE gets defined in DECC$TYPES.H. If _POSIX_C_SOURCE is defined, certain types do not get defined (u_char, u_int, ...). DECC.H gets included by assert.h and others. Now, in6.h uses the types u_char, u_int and so on, and gets included as part of other header inclusions, and will of course fail because of the missing types.
I have no idea what possesed me to compile s_socket.c as POSIXly code. Incidently, it now compiles so much better without _POSIX_C_SOURCE.
To avoid any future programming glitches, let's make each and every assignment (modulo those I missed) individual statements.
Small tweaks for code consistency.
Because the contents of openssl.pc may have to change when a configuration has been performed (and possibly changed), have it depend on Makefile.ssl.
We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies, and then didn't support it very well. And that when there already is a useful variable for exactly this kind of thing; EX_LIBS...
There was a mixup between INSTALLTOP and OPENSSLDIR...
Be consistent with capitalisation of object names.
Be consistent with capitalisation of object names.
Keep the internal lowercase 'surname', for programmer's sake.
Propagate MAKEDEPPROG to the subdirs under crypto/.
A little debugging.
More accurate comments.
Make AES_ENCRYPT and AES_DECRYPT macros instead of static constants. PR: 411
Stop a possible memory leak. (I wonder why s2_connect() handles the initial buffer allocation slightly differently...) PR: 416
Finally, a bn_div_words() in VAX assembler that goes through all tests. PR: 413
All VMS-specific problems have been solved. Confirmed by Mark Daniel <Mark.Daniel at wasd.vsm.com.au>
Cygwin needs the library locatin for .DLLs to be set in PATH. Unfortunately, the conditional was set to add the library directory to PATH when the platform is NOT Cygwin. Corrected. PR: 404
Updates
Avoid double definition of config. PR: 420
Spelling error. This patch was taken from the OpenBSD copy of OpenSSL 0.9.7 beta3 with patches
Update our list of implemented and related standards.
Update our list of implemented and related standards.
Updates
Add SPKM among the related stanrds.
Can't find the referense to errors on XP with Kerberos
Kenneth R. Robinette just told me the latest snapshot works well with MIT Kerberos.
Merge from 0.9.7-stable.
make update
Finally get rid of all the algorithm inclusions that were done from evp.h.
make update
OS/2 does binary by default, apparently. Reported by Brian Havard <brianh at kheldar.apana.org.au>.
Since we're including Kerberos 5 headers in our exported header files (when OpenSSL is configured to use Kerberos), we'd better tell pkg-config users where they can be found. PR: 421
Merge in changes from 0.9.7-stable.
Merge in changes from 0.9.7-stable.
It's rather silly to believe we'd release 0.9.7a in 2002 :-). It's even more silly to pretend we know which year 0.9.8 will be released.
Make sure the last character of the ASN.1 time string (the 'Z') is copied. PR: 429
Adjust the parameter lists in some not commonly used files. PR: 428
Link engines against libcrypto, even when a TCP/IP implementation is specified...
Rijndael should be called AES everywhere
gcc wants character constants to be correct. Before this change, the following would happen on Solaris:
The naming scheme wasn't quite correct for Cygwin
Typos corrected. PR: 445
Make sure everything that may be freed is allocated or initiated. PR: 446
Certain files must be removed before generating them, in case they point into a read-only source tree. PR: 437
Force the removal. PR: 437
When preparing a separate build tree, don't make softlinks to softlinks. Add instructions in INSTALL, for easy access. PR: 437
It's recommended to do 'make clean' after having prepared a new build tree. PR: 437
CFLAG, not CFLAGS
Name the flag file correctly
Add documentation on how to handle the shared libaries. PR: 423
Double the dollars that are intended for the command line. PR: 423
If the user said 'shared' and we haven't included support for shared libraries, warn him or her. Reminder by Andrew Marlow <apm35 at student.open.ac.uk>
Add better support for FreeBSD on non-x86 machines. Add specific support for FreeBSD on sparc64. PR: 427
tty_in will never be stderr, so it will always be closed, which means stdin might get closed... Reported by Mark Daniel <Mark.Daniel at wasd.vsm.com.au>
UI_UTIL_read_pw() misinterpreted the values returned from UI functions. PR: 456
Revert: the names of the cygwin distribution will not be named openssl2-*. Requested by Corinna Vinschen <vinschen at redhat.com>
Correct a misleading comment. PR: 456
DJGPP doesn't have DLLs, so skip adding to %PATH% in that environment. PR: 453
Make sure not to declare a clashing read() for DJGPP. PR: 440
Merge from 0.9.7-stable.
Correct an example that has a few typos. PR: 458
Extend the HOWTO on creating certificates, and add a HOWTO in creating keys. PR: 422
Add verbosity
Fix possible NULL dereferencial. Notified by Verdon Walker <VWalker at novell.com>
make update
Add some debugging output.
FreeBSD has /dev/crypto as well. PR: 462
make update
A few more files to ignore
Ingore the correct flag file.
Missing 0 broke FreeBSD build. PR: 470
DVCS (see RFC 3029) was missing among the possible purposes. Notified privately to me by Peter Sylvester <Peter.Sylvester at EdelWeb.fr>, one of the authors of said RFC
cert_sk isn't always allocated, so freeing it may cause a crash. PR: 481
Fix a memory leak in SSL. PR: 477
Small typo, OENSSL should really be spelled OPENSSL. PR: 476
Add the possibility to build without the ENGINE framework. PR: 287
make update
The OPENSSL_NO_ENGINE has small problem: it changes certain structures. That's bad, so let's not check OPENSSL_NO_ENGINE in those places. Fortunately, all the header files where the problem existed include ossl_typ.h, which makes a 'forward declaration' of the ENGINE type.
For VC++7 and up, the file is VSVARS32.BAT. PR: 327
The MASM situation is more difficult than described so far. It is part of VC++ 7. PR: 327
The util scripts need to handled no-hw. PR: 327
A few small bugs with BIO popping. PR: 364
Document -engine where missing. PR: 424
We can't say in advance what the argument to BIO_socket_ioctl() should be, so let's make that a void *. Also, BIO_socket_nbio() should send it an int argument, not a long. PR: 457
PKCS#1 has a new RFC, which we do implement
Make sure memcpy() is properly declared by including string.h.
Adjust DES_cbc_cksum() so the returned value is the same as MIT's mit_des_cbc_cksum(). The difference was first observed, then verified by looking at the MIT source.
Oh, the destest program did look at the return value...
Another long name to deal with
Add full support for -rpath/-R, both in shared libraries and applications, at least on the platforms where it's known how to do it.
Make it possible to disable OCSP, the speed application, and the use of sockets. PR: 358
Change no_rmd160 to no_ripemd for consistency. PR: 500
Pay attention to disabled SSL versions. PR: 500
Update linux-mips and linux-mipsel to support threads and shared libraries. I also updated the bn_ops field with values taken from OpenBSD-mips. PR: 498
Handle krb5 libraries separately and make sure only libssl.so depends on it.
Add support for IA64. PR: 454
Make the no-err option work properly
Borland C++ Builder 5 complains about unreachable statements.
Make sure the memory allocation routines check for negative sizes
Security fix: Vaudenay timing attack on CBC. An advisory will be posted to the web. Expect a release within the hour.
Update release information
Allow building applications against static libraries with Makefile.shared.
Remove duplication and have clean depend on libclean
Add the target linux-ia64-ecc, suggested by Keith Thompson <kst at sdsc.edu>. PR: 516
Shut up an ANSI compiler about uninitialised variables. PR: 517
hinv may generate more than one line (1 line per CPU). PR: 520
Make sure that all the library paths are modified in prepend mode, not replace mode. PR: 528
Spelling errors. PR: 538
Some shells (ksh in this case) don't say 'command not found'. PR: 540
Add documentation for -starttls (s_client) and -id_prefix (s_server). PR: 542
Because it may be needed in public header files, move the definition of OPENSSL_NO_FP_API on existence of OPENSSL_SYS_MSDOS to e_os2.h.
Make sure we get the definition of OPENSSL_NO_AES.
Make sure we get the definition of OPENSSL_NO_BIO and OPENSSL_NO_RSA.
Make sure we get the definition of OPENSSL_NO_BF.
Make sure we get the definition of OPENSSL_NO_FP_API.
Make sure we get the definition of OPENSSL_NO_SOCK.
Make sure we get the definition of OPENSSL_NO_ERR.
Make sure we get the definition of OPENSSL_NO_CAST.
Make sure we get the definition of OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG and OPENSSL_NO_DESCBCM.
Make sure we get the definition of OPENSSL_NO_DH.
Make sure we get the definition of OPENSSL_NO_DSA and OPENSSL_NO_SHA.
Make sure we get the definition of OPENSSL_NO_EC.
Make sure we get the definition of OPENSSL_NO_ECDH.
Make sure we get the definition of OPENSSL_NO_ECDSA.
Make sure we get the definition of OPENSSL_NO_HMAC.
Make sure we get the definition of OPENSSL_NO_IDEA and IDEA_INT.
Make sure we get the definition of OPENSSL_NO_FP_API.
Make sure we get the definition of OPENSSL_NO_MD2.
Include e_os.h correctly.
Make sure we get the definition of OPENSSL_NO_BIO.
Make sure we get the definition of a number of OPENSSL_NO_* macros.
Make sure we get the definition of OPENSSL_NO_AES.
Make sure we get the definition of OPENSSL_NO_BF.
Make sure we get the definition of OPENSSL_NO_CAST.
Make sure we get the definition of OPENSSL_NO_IDEA.
Make sure we get the definition of OPENSSL_NO_RC2.
Make sure we get the definition of OPENSSL_NO_RC4.
Make sure we get the definition of OPENSSL_NO_RC5.
Make sure we get the definition of OPENSSL_NO_DES.
Make sure we get the definition of OPENSSL_NO_MD2.
Make sure we get the definition of OPENSSL_NO_MD4.
Make sure we get the definition of OPENSSL_NO_MD5.
Make sure we get the definition of OPENSSL_NO_MDC2.
Make sure we get the definition of OPENSSL_NO_RIPEMD.
Make sure we get the definition of OPENSSL_NO_SHA.
Make sure we get the definition of OPENSSL_NO_HMAC and OPENSSL_NO_SHA.
Make sure we get the definition of OPENSSL_NO_RSA.
Sometimes, we have partial comments on the same line as other stuff we parse. Make sure to read in the whole comment, so it can be entirely removed.
Don't put configuration macro definitions on the command line, we're just fooling ourselves and then screwing up for other applications.
make update
Make sure to declare mem*() properly.
Define COMP method function prototypes properly.
To define OPENSSL_NO_FP_API for all MSDOS type targets was unfair against DJGPP, and much more restricted than previous definitions.
Missed a few dollars. PR: 528
Let's limit the extent of the definition of _XOPEN_SOURCE.
Update VMS building system
OpenUNIX 8 has some problems using -G with gcc. Maybe using gnu-shared works better (will be tested tonight).
Add usage string for -fingerprint. PR: 560
Don't feil when indent is 0. PR: 559
No need to test -setalias twice. PR: 556
It seems like gcc-drivven shared library building on OpenUnix 8 requires -shared rather than -G.
Make it possible to have multiple active certificates with the same subject.
Conditionalise all debug strings.
Reset the version number of the issuer certificate? I believe this hasn't been tested in a long while...
Remove unused variable.
Reindent for readability.
Don't try to free NULL values...
Typo correction
It's recommended to use req rather than x509 to create self-signed certificates
Add functionality to help making self-signed certificate.
Implement self-signing in 'openssl ca'. This makes it easier to have the CA certificate part of the CA database, and combined with 'unique_subject=no', it should make operations like CA certificate roll-over easier.
Add a CA section, to make sure the test will work with the changes in CA.sh.
One more debug line to conditionalise.
Counter for GCC attributes.
Add GCC attributes when compiled with gcc. This helps find out if we're using the printing functions correctly or not.
Make %p and %# work properly, at least with pointers and floats.
Correct a lot of printing calls. Remove extra arguments...
There's no need to check for __attribute__ with ANSI functions, since we only check to the opening parenthesis anyway...
make update
Add documentation on the added functionality in 'openssl ca'.
Convert save_serial() to work like save_index(), and add a rotate_serial() that works like rotate_index().
Do not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined. PR: 564
Constify
Correct a typo. Have EVP_PKEY_cmp() call EVP_PKEY_cmp_parameters(), and make a note about the lack of parameter comparison for EC.
What was I smoking? EVP_PKEY_cmp() should return with 0 if EVP_PKEY_cmp_parameters() returned 0, otherwise it should go on processing the public key component. Thia has nothing to do with the proper handling of EC parameters or not.
RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function pointers should be used. It doesn't necessarely mean it should go through the ENGINE framework.
We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form of unneeded includes of openssl/engine.h.
We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in form of unneeded direct calls through the engine pointer..
It seems like OpenUnix's ld uses LD_LIBRARY_PATH to search for libraries. What's worse, the directories given in LD_LIBRARY_PATH are checked first! Therefore, we need a hack to prepend all the directories we give with -L to the current value of LD_LIBRARY_PATH, thereby temporarly forming a hacked value.
I forgot to continuation mark.
A single quote too many.
Correct a few typos.
Include rand.h, so RAND_status() and friends get properly declared.
Explicitely tell the compiler we're mips3 for the target irix-mips3-cc.
There's a problem building shared libraries on the sco5-gcc target. However, it's time for a release, so I'm just adding an enty in PROBLEMS, and will hopefully solve this for a later release
Remove all those infernal stupid CR characters
New NEWS
make update
Add the 0.9.6j news.
Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt()
Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances. Memory leak fix: RSA_blinding_on() would leave a dangling pointer in rsa->blinding under certain circumstances. Double definition fix: RSA_FLAG_NO_BLINDING was defined twice.
Make it possible to affect the extension of man pages. PR: 578
Add an extended variant of OBJ_bsearch() that can be given a few flags.
Add an extended variant of sk_find() which returns a non-NULL pointer even if an exact match wasn't found.
Correct documentation. sk_find_ex() doesn't return a pointer, it returns an index.
Some variables were uninitialised...
Include objects.h to get a correct declaration of OBJ_bsearch_ex(), not to mention the OBJ_BSEARCH_* macros.
make update
Add BUF_strndup() and BUF_memdup(). Not currently used, but I've code that uses them that I'll commit in a few days.
make update
Define the OPENSSL_ITEM structure.
Define a STORE lock (the STORE type will be committed later).
Define a STORE type. For documentation, read the entry in CHANGES, crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h.
Add STORE support in ENGINE.
make update
Provide some extra comments about the STORE_Memory STORE method.
Get the year right...
STORE was created 2003, darnit!
It's usually best if the function name matches everywhere...
Yeah, right, an object file ending with .c, that'll work!
Constify RSA_sign() and RSA_verify(). PR: 602
Add the possibility to store arbitrary data in a STORE. Suggested by Götz Babin-Ebell <babin-ebell at trustcenter.de>.
DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function called downstream that need it to be non-const. The fact that the RSA_METHOD functions take the RSA* as a const doesn't matter, it just expresses that *they* won't touch it. PR: 602
/usr/lib/pkgconfig/openssl.pc was never installed in the RPM. Notified by Bennett Todd <bet at rahul.net>.
Add the possibility to hand execution parameters (for example authentication material) to the STORE functions. Suggested by Götz Babin-Ebell <babin-ebell at trustcenter.de>.
Define the two authentication parameter types for passphrase and Kerberos 5 authentications.
Remove certain functions
Make the function STORE_new_engine() public.
Some misspelled function names.
Misspelled functions.
make update
I don't remember what my thinking was with str_compat.h. Maybe it'll come back to me...
I have no idea how I cut away that piece of text...
Make sure EC_window_bits_for_scalar_size() returns a size_t
Correct signedness
Fix sign bugs. PR: 621
Brackets are now allowed, after a small hack in the processing of the docs-on-web.
Make sure to compare unsigned against unsigned.
PR: 630
Have ASFLAGS be defined the same way as CFLAGS
Include openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration macros get properly defined.
Make sure debug-solaris-sparcv9-gcc is consistent with solaris-sparcv9-gcc.
Make sure that size_t matches size_t.
Make sure the function definitions match their declaration.
Remove extra ;
Make sure the sigaction structure and fileno function are properly declared with an ANSI compiler on Solaris (and possibly others).
Typo
The output from AES_cbc_encrypt() should be exact multiple blocks when encrypting
Document the AES_cbc_encrypt() change
Add crypto/store to the directories to look through.
Make sure to NUL-terminate the string on end-of-file (and error) PR: 643
Handle des_modes.pod properly. PR: 634
Add functionality to set marks on the error stack and to pop all errors to the next mark.
Add documentation for ERR_set_mark() and ERR_pop_to_mark().
Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[]. PR: 617
Remove unused variable
Avoid warnings saying that the format takes a void*.
make update
Add the possibility to have symbols loaded globally with DSO.
Typo. PR: 593
Make sure DSO-dlfcn works properly on SunOS4. PR: 585
Make sure ssize_t is defined on SunOS4. PR: 585
Do not try to use non-existent gmtime_r() on SunOS4. PR: 585
Typo. PR: 584
Beautify
Slightly better check of attributes. Now, mem_list_next can actually stop when the searched for key doesn't have it's attributes within the range of the checked key.
Missing string and potential memory leaks. Notified by Goetz Babin-Ebell <goetz at shomitefo.de>
Add the application data type to the README.
EXIT() should mainly be exit(n), not return(n). OPENSSL_EXIT() will take care of returning if necessary.
Unsigned vs. signed fixed.
dynamic_ctrl() didn't have exactly the same prototype as defined by ENGINE_CTRL_FUNC_PTR.
Implement CRL numbers. Contributed in whole by Laurent Genier <Laurent.Genier at intrinsec.com> PR: 644
Typo.
Add documentation for the new crlnumber configuration option.
We set the export flag for 512 *bit* keys, not 512 *byte* ones. PR: 587
Prepare for changes in the 0.9.6 branch
Prepare for changes in the 0.9.6 branch
Document the last change. PR: 587
make update
Make sure the compiler knows we run with pedantic settings.
The definition of dynamic_ctrl() should change along with the declaration :-).
Scan through the engines directory as well.
Conform with the standard prototype for engine control functions.
"Remove" unused variable
Implement missing functions. Have the f parameter to _ctrl functions have the prototype (*)(void) rather than (*)(), for the sake of C++ compilers. Disable unimplemented functionality.
make update
Nils Larsch told me I could remove that variable entirely.
Only remove old files if they exist. [Maing32]. Notified by Michael Gerdau <mgd at technosis.de>
Change AES-CTR to increment the IV by 1 instead of 2^64.
The 'counter' is really the IV.
The convenience argumetn for -nameopt and -certopt is ca_default, not default_ca. PR: 653
Add -issuer_hash and make -subject_hash the default way to get the subject hash, with -hash a synonym kept around for backward compatibility reasons. PR: 650
Oops, I forgot to replace 'counter' with 'ivec' when used...
The counter is big-endian. Since it comes as an array of char, there's absolutely no need to special-case it on little-endian machines.
Make sure openssl.pc is readable by everyone. PR: 654
Replace CCITT with ITU-T. Keep CCITT around as an alias. make update
A document that has a very rough description of the X509 functionality. This is mostly so there's a way to get from the crypto.html page to the function descriptions.
Inclusion of openssl/engine.h should always be wrapped with a check that OPENSSL_NO_ENGINE is not defined.
Correct two problems, found by Martin Kochanski <cardbox at easynet.co.uk>:
Generalise the definition of strcasecmp() and strncasecmp() for platforms that don't (necessarely) have it. In the case of VMS, this means moving a couple of functions from apps/ to crypto/ and make them general (although only used privately).
Add necessary changes to be able to build on VxWorks for PPC860. Contributed by Bob Bradley <bob at chaoticsoftware.com>
Free the Kerberos context upon freeing the SSL. Contributed by Andrew Mann <amann at tccgi.com>
Correct small documentation error. PR: 698
Include the instance in the Kerberos ticket information. In s_server, print the received Kerberos information. PR: 693
Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B. PR: 680
Have ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B. PR: 679
Add reference counting around the thread state hash table. Unfortunately, this means that the dynamic ENGINE version just went up, and isn't backward compatible. PR: 678
Selected changes for MSDOS, contributed by Gisle Vanem <giva at bgnett.no>. PR: 669
Make MD5 assembler code able to handle messages larger than 2GB on 32-bit systems and above. PR: 664
Change the indentation from 12 to indent+4. PR: 657
Uhmm, It seem to have forgotten one file when I committed the MSDOS change yesterday. PR: 669
Synchronise util/libeay.num with the 0.9.7-stable one. make update
Further VxWorks changes from Bob Bradley <bob at chaoticsoftware.com>, this time involving VxWorks on MIPS
Correct buggy PODs (missing commas and a prepended space).
Correct incorrect mode bits change.
Use correct case for manual page references
Avoid 'file names' with spaces
Remove leading and trailing spaces and tabs
Corrected misplacement of one of the greps...
Include e_os.h to get a proper definition of memmove on the platforms that do not have it.
Correct a mixup of return values
Check for errors from SSL_COMP_add_compression_method(). Notified by Andrew Marlow <AMARLOW1 at bloomberg.net>
Remove unused code, don't use zlib functions that are really macros and provide missing prototypes.
Setting the ex_data index is unsafe in a threaded environment, so let's wrap it with a lock.
Make sure int SSL_COMP_add_compression_method() checks if a certain compression identity is already present among the registered compression methods, and if so, reject the addition request.
Add functionality to get information on compression methods (not quite complete).
s_client should inform the user of any compression/expansion methods used.
make update
In realloc, don't destroy the old memory area if a new one couldn't be allocated. Notified by Daniel Lucq <daniel at lucq.org>
The object file is o_str.o, not o_str.c.
Correct serious bug in AES-CBC decryption when the message length isn't a multiple of AES_BLOCK_SIZE. Optimize decryption of all complete blocks in AES-CBC by removing an unnecessary memcpy().
Removing those memcpy()s also took away the possibility for in and out to be the same. Therefore, the removed memcpy()s need to be restored.
Let exit codes propagate from within for loops.
Engines are usually binary, and should therefore be in INSTALLTOP rather than OPENSSLDIR.
Less restrictive debugging build.
Change my debugging entries to do fierce BIGNUM debugging.
Netware-specific changes,
Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option to 'openssl req' and 'openssl ca'.
Move do_subject() to apps.c and rename it to parse_name(). The rationale behind the move is that it's use by several applications. The rationale behind the name change is that it describes what the function does a bit better.
Forgot to change the declaration of do_subject() to one of parse_name()...
Let's use text/plain in the example instead of crapy HTML. PR: 777 Submitted by: Michael Shields <mshields at sunblocksystems.com>
Move another common functionality (reproduced so far with cut'n'paste) to apps.c, and give it the hopefully descriptive name parse_yesno().
Make a number of changes to the OS/2 build. Submitter's comment below.
1024 is the export key bits limit according to current regulations, not 512. PR: 771 Submitted by: c zhang <czhang2005 at hotmail.com>
RSA_size() and DH_size() return the amount of bytes in a key, and we compared it to the amount of bits required... PR: 770 Submitted by: c zhang <czhang2005 at hotmail.com>
Damnit, I'm sick of having to do something special every time a module that gets built before objects barfs all over the place because it uses a new NID that hasn't had a chance of getting defined yet (in this case, it was about a couple of new EC curves, and therefore a couple of new corresponding NIDs).
Add IPSec/IKE/Oakley curves.
We're getting a clash with C++ because it has a type called 'list'. Therefore, change all instances of the symbol 'list' to something else.
Make sure the documentation matches reality.
CRYPTO_malloc(), CRYPTO_realloc() and variants of them should return NULL if the give size is 0.
Check that OPENSSL_malloc() really returned some memory.
It was pointed out to me that if the requested size is 0, we shouldn't ty to allocate anything at all. This will allow eNULL to still work.
Document that you need to include x509.h (to get [i2d|d2i]_DSA_PUBKEY()). Correct the typo PUKEY...
Document that you need to include x509.h (to get [i2d|d2i]_RSA_PUBKEY()). Correct the typo PUKEY...
To figure out if we're going outside the buffer, use the size of the buffer, not the size of the integer used to index in said buffer.
Add a newline at the end of the last line. This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
Use BUF_strlcpy() instead of strcpy(). Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
Include strings.h so strcasecmp() and strncasecmp() get properly declared.
Use sh explicitely to run point.sh This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
OpenBSD-internal changes. This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
Correct documentation typos. This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
Check if a random "file" is really a device file, and treat it specially if it is. Add a few OpenBSD-specific cases. This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
Only use environment variables if uid and gid are the same as euid and egid. This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
Avoid including cryptlib.h, it's not really needed. Check if IDEA is being built or not. This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
Fix Perl problems on sparc64. This is part of a large change submitted by Markus Friedl <markus at openbsd.org>
Adding a slash between the directoryt and the file is a problem with VMS. The C RTL can handle it well if the "directory" is a logical name with no colon, therefore ending being 'logname/file'. However, if the given logical names actually has a colon, or if you use a full VMS-syntax directory, you end up with 'logname:/file' or 'dev:[dir1.dir2]/file', and that isn't handled in any good way.
Typo...
We're passed p, so let's use p instead of making assumptions.
S_IFBLK and S_IFCHR may not exist in some places (like Windows), so let's check for those macros, and if they aren't defined, let's assume there aren't Unixly devices on this platform.
Avoid signed vs. unsigned warnings (which are treated like errors on Windows).
Unsigned vs. signed problem removed
make update
Add the missing parts for DES CFB1 and CFB8. Add the corresponding AES parts while I'm at it. make update
make update
In the development branch, it feels quite all right to warn on a lot more stuff.
Typo
-Wtraditional was a little too much...
Remove typos
Document the AES options for 'openssl smime'. PR: 834
Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also. PR: 833
AES is spelled AES, not ASE. Oops...
Avoid a memory leak in OCSP_parse_url(). Notified by Paul Siegel <psiegel at corestreet.com>
Make our page with pointers to binary distributions visible in the FAQ
Make sure we use unsigned constants, or come compilers may complain.
Make sure that the last argument to RAND_add() is a float, or some compilers may complain.
It was just pointed out to me that it's better to cast to double...
Constify d2i, s2i, c2i and r2i functions and other associated functions and macros.
Make sure fd is defined where it should. PR: 849
Remove a warning for conversion double->long. This has impacts on Windows. PR: 849
Change \t to real tab in echo argument. PR: 847
Correct minor spelling error. PR: 845
Sync the VMS build with Unix.
make update
Make it clear that for RSA_NO_PADDING, flen must be RSA_size(rsa)
Make sure toupper() is properly declared.
Typo...
o_str.h isn't a public header file.
o_str.h isn't a public header file, so make sure it will still be included.
Add store.h among the exported headers on VMS.
Only build the PKCS#7 test applications if "pkcs7" is present in SDIRS.
Make it easier to buld test applications...
Correct constness problems.
Don't define fd for platforms that do not use it, as some may not declare fileno() properly
RAND_add() wants a double as it's last argument.
A couple more cases where RAND_add() gets an integer instead of a doule as last argument.
Make prototypes for some callback pointers.
Change spaces to symbols in names. PR: 856
Wrap code starting with a definition. PR: 854
Move the definition of Win32_rename(), since the macro rename gets undefined in the middle of the code on Windows, and that disrupts operations in functions later that use rename()... PR: 853
SSL_COMP_get_compression_method is a typo (a missing 's' at the end of the symbol name).
Add symbol hacks for some long names. make update
Print the debug thingies on stderr instead of stdout. If for nothing else then at least so bc doesn't have problems parsing the output from bntest :-).
Whooaaaaa, the BN_CTX_DEBUG macro really produces output these days... A little too much for my tests, currently...
When the pointer 'from' changes, it's stored length needs to change as well.
Remove the creation of $(INSTALL_PREFIX)$(OPENSSLDIR)/lib, since we don't use it.
Let's make life easier and have the VMS version of the configuration be generated from the Unixly configuration file.
make update
Synchronise o_str.c between 0.9.8-dev and 0.9.7-stable.
Reimplement old functions, so older software that link to libcrypto don't crash and burn.
X509_policy_lib_init is declared but not defined, so it raises havoc when trying to build a shared library on VMS or Windows...
Move some COMP functions to be inside the #ifndef OPENSSL_NO_COMP wrapping preprocessor directive. This also removes a duplicate declaration.
make update
Synchronise VMS with the Unixly Malefiles.
Since num is now a size_t, it's not necssary to check for less than 0, AND it avoids warnings on certain systems.
SHA224_Update() and SHA224_Final() aren't implemented, and since SHA224() uses SHA256_Update() and SHA256_Final() instead, let's just create aliases in form of macros.
make update
Typo, setting the first element of nids[] to NULL instead of setting *cnids.
Making some values explicitely unsigned was derived from ongoing work that isn't yet committed. It wasn't meant to be committed already, so I'm removing it for now.
Linux on ARM needs -ldl PR: 905
NetWare fixes provided by Verdon Walker for OpenSSL 0.9.8-dev. The changes have been mailed to <crypt at bis.doc.gov> as well.
Make sure that the buffers are large enough to contain padding. PR: 904
Make the tests of EVP operations without padding. As a consequence, there's no need for a larger BUFSIZE any more...
Changes for VOS, submitted by Paul Green <Paul.Green at stratus.com>.
Explain a little better what BN_num_bits() and BN_num_bits_word() do. Add a note as to how these functions do not always return the key size, and how one can deal with that.
o_str.c: Windows doesn't have <strings.h>, and since we use _strnicmp() and _stricmp() on that platform, use the appropriate header file for it, <string.h>. o_str.h: we only want to get size_t, which is defined in <stddef.h>.
Copy a few files from LPlib (a new project of mine), add a wrapper. Now we have directory reading capabilities for VMS as well, and all of it in a fairly general manner.
Use the new directory reading functions.
make update
In some cases, EVMSERR isn't visible (that's fairly new...).
o_dir needs to be compiler with the warnings about dollar signs in identities disabled.
'SSL_add_dir_cert_subjects_to_stack' is longer than 31 characters. Lucky me, I had prepared for this :-).
Some test programs in crypto/sha were named differently than usual...
Because it's one of our libraries calling new functions in the other, we need to have them among the symbols that should appear in the transfer table, at least on VMS (and it wouldn't surprise me if Windows would whine as well).
make update
I think it could be a good thing to know what went wrong with the tests...
Since version 7.0, The C RTL in VMS handles time in terms of UTC instead of local time.
Imported from LPlib, making sure the entry name (at least on Unix) is NUL-teminated at all times, and that we don't make unneeded calls to free().
From LPlib:
From LPlib:
From LPlib:
From LPlib:
The compiler may complain about what looks like a double definition of a static variable
We build the crypto stuff, not the ssl stuff, in this command procedure...
DJGPP has opendir() and friends, according to Gisle Vanem <giva at bgnett.no>.
Stupid casts...
Basically, I wanted to be able to make a dump to a FILE*, and not have to bother creating a BIO around it. So here's a few more functions to make it possible to make the dump using a printing callback, and to print to a FILE* (based on the callback variant), done in the same style as the functions in crypto/err/err_prn.c.
On systems that use case-insensitive symbol names (i.e. they're all converted to upper case or something like that), the application- level bio_dump_cb() has a name clash with the new library function BIO_dump_cb(). The easiest fix is to rename the function at the application level.
'compatibility', not 'computability' :-)...
Another symbol longer than 31 characters...
Synchronise VMS build files with Unixly Makefiles.
make update
Synchronise with Unix build.
- There's no more need for the snprintf macro. - Move the inclusion of malloc.h until after all other includes, so we can do proper tests of system macros. - Make sure the correct header file is included to get the builtin "alloca" under VMS, and define a macro to map the symbol 'alloca' to it.
Import changed files from LPlib. The changes are logged as follows for LPdir_unix.c in LPlib. For the other files, only the last log entry applies.
Move the declaration of alloca() so it's ony declared when really necessary.
usr/doc has recently changed to usr/share/doc on Cygwin. Notified by Corinna Vinschen <vinschen at redhat.com>
Because libraries on Windows lack useful version information, the zlib guys had to change the name to differentiate with older versions when a backward incompatibility came up. Of course, we need to adapt. This change simply tries to load the library through the newer name (ZLIB1) first, and if that fails, it tries the good old ZLIB.
Make sure memmove() is defined, even on SunOS 4.1.4. PR: 963
Because -rpath/-R may have been used, our settings of LD_LIBRARY_PATH and friends may be entirely useless. In such a case, LD_PRELOAD is the answer, at least on platforms using LD_LIBRARY_PATH. There might be other variables to set on other platforms, please fill us in...
Don't use $(EXHEADER) directly in for loops, as most shells will break if $(EXHEADER) is empty.
Make sure LD_PRELOAD is only set when we build shared libraries (and therefore link with them). Add LD_PRELOAD setting code where it was still missing.
Some find it confusing that environment variables are set when shared libraries aren't built or used. I can see the point, so I'm reorganising a little for clarity.
Whoops, syntactic mistake...
Cut'n'paste mistake. All tested OK now...
Make an explicit check during certificate validation to see that the CA setting in each certificate on the chain is correct. As a side- effect always do the following basic checks on extensions, not just when there's an associated purpose to the check: - if there is an unhandled critical extension (unless the user has chosen to ignore this fault) - if the path length has been exceeded (if one is set at all) - that certain extensions fit the associated purpose (if one has been given)
Document the change.
Split X509_check_ca() into a small self and an internal function check_ca(), to resolve constness issue. check_ca() is called from the purpose checkers instead of X509_check_ca(), since the stuff done by the latter (except for calling check_ca()) is also done by X509_check_purpose().
Propagate a few more variables to Makefile.shared when linking programs.
Change libeay.num so it's synchronised with additions in 0.9.7-stable. make update
make update (oops, missed this file)
Add functionality needed to process proxy certificates.
Forgot to synchronise the VMS build scripts.
iv needs to be const because it sometimes takes it's value from a const.
Correct a faulty address assignment, and add a length check (not really needed now, but may be needed in the future, who knows?).
Small typo, `mask' got the same value ORed to it twice instead of `mask' and `emask' getting that operation done once each.
Changes concering RFC 3820 (proxy certificates) integration:
Small thing. It seems like we have to defined _XOPEN_SOURCE to get isascii() on DEC/Compaq/HP C for VMS.
Apparently, at least with my VMS C environment, defining _XOPEN_SOURCE gets _POSIX_C_SOURC and _ANSI_C_SOURCE defined, which stops u_int from being defined, and that breaks havock into the rest of the standard headers... *sigh*
The mix of CFLAGS and LDFLAGS is a bit confusing in my opinion, and Makefile.shared was a bit overcomplicated.
Get rid if the annoying warning
Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might cause a segfault... This was uncovered because EVP_VerifyInit() may fail in FIPS mode if the wrong algorithm is chosen...
Oops, == should really be = when used with test ([ and ]).
The first argument to load_iv should really be a char ** instead of an unsigned char **, since it points at text.
Added HOWTO about proxy certificates.
There are cases when there are no files left to verify. Make sure to handle that properly.
Change the memory leak FAQ entry to describe the levels of thread safety in each function
Add a file with fingerprints that have recently been used to sign OpenSSL distributions, or are about to. This has been requested a little now and then by users, for years :-/...
Added restrictions on the use of proxy certificates, as they may pose a security threat on unexpecting applications. Document and test.
Add emacs cache files to .cvsignore.
Add a NEWS item for 0.9.7g.
Synchronise with ec/Makefile.
Avoid compiler complaint about mismatched function signatures (void * != RSA *)
Type mismatch detected by DEC C compiler. void* != void**
Resolve signed vs. unsigned.
Avoid compiler complaint about mismatched function signatures (void * != char *)
signed vs. unsigned.
Make sure id2_func is properly cast as well...
signed vs. unsigned.
Provide a default OPENSSL_ia32cap_loc for non-Intel platforms where util/libeay.num is important when building shared libraries, like VMS.
Synchronise with Unix build system.
From branch OpenSSL_0_9_7-stable, revision 1.1.4.1, 2002-05-23 17:25:
Remove a bunch of false positives, fix one true positive.
From branch OpenSSL_0_9_7-stable, 2002-11-13 15:30:
Remove a bunch of false positives, and fix some true positives.
This one deserves a note. In the change to CHANGES, there's the following:
All kinds of changes from branch OpenSSL_0_9_7-stable
From branch OpenSSL_0_9_7-stable, 2004-08-11 22:34:
From branch OpenSSL_0_9_7-stable, 2004-09-11 11:45:
Some true positives fixed, toss some false positives.
A few more fingerprints...
Actually, C on VMS/Alpha knows very well what a long long is, and knows how to make use of it. So let's stop pretending the Alpha doesn't know long long...
Since BN_LLONG will only be defined for Alpha/VMS and not VAX/VMS, there's no need to undefine it here. Then, let's get a bit paranoid and not define BN_ULLONG on THIRTY_TWO_BIT machines when BN_LLONG isn't defined.
I was incorrect about VMS/Alpha. Defining BN_LLONG with SIXTY_FOUR_BIT could cause havoc, so don't (it's lucky bn.h undefines BN_LLONG when SIXTY_FOUR_BIT is defined).
I just branched 0.9.8, so HEAD needs to be bumped to 0.9.9-dev.
Version changes where needed.
Update status information
Patches for Cygwin, provided by Corinna Vinschen <vinschen at redhat.com>
When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html.
DEC C complains about bad subscript, but we know better, so let's shut it up.
Typo correction
It seems like mkdef.pl couldn't quite understand that #ifdef OPENSSL_NO_SHA512 was still active when it came down to the functions. mkdef.pl should really be corrected, but that'll be another day...
Typo
We have some source with \r\n as line ends. DEC C informs about that, and I really can't be bothered...
Change all relevant occurences of 'ncipher' to 'chil'. That's what nCipher always wanted...
Synchronise with Unixly build
pqueue and dtls uses 64-bit values. Unfortunately, OpenSSL doesn't have a uniform representation for those over all architectures, so a little bit of hackery is needed.
DJGPP changes. Contributed by Doug Kaufman <dkaufman at rahul.net>
Merge in the new news from 0.9.8-stable.
Merge from 0.9.8-stable.
Synchronise more with the Unix build.
Synchronise yet a little more with the Unixly build
From 0.9.8-stable:
The macro THREADS was changed to OPENSSL_THREADS a long time ago.
Updated support for NetWare, submitted by Verdon Walker <VWalker at novell.com>.
Old typo...
Add support for the new Intel compiler, icc. Submitted by Keith Thompson <kst at sdsc.edu>
Correct typo ia64.o -> bn-ia64.o.
gcc 2.95.3 on Ultrix supports long long.
Change pq_compat.h to trust the macros defined by bn.h a bit more, and thereby provide better generic support for environments that do not have 64-bit integers. Among others, this should solve PR 1086
Remove the incorrect installation of '%{openssldir}/lib'.
Document the change and update the version number (d'oh!).
Further change pq_compat.h to generate the flag macros PQ_64BIT_IS_INTEGER and PQ_64BIT_IS_BIGNUM with the values 0 (for false) and 1 (for true), depending on which is true. Use those flags everywhere else to provide the correct implementation for handling certain operations in q PQ_64BIT.
Update from 0.9.8-stable.
_GNU_SOURCE needs to be defined before any standard header.
Skipping all tests just because one algorithm is disabled seems a bit harsch.
Pass INSTALL_PREFIX in BUILDENV.
Avoid endless loops. Really, we were using the same variable for two different conditions...
When the return type of the function is int, it's better to return an in than NULL, especially when an error is signalled with a negative value.
Show what the offending target was.
Netware patch submitted by Verdon Walker" <VWalker at novell.com> in PR 1107. He says:
Status update
0.9.8-beta5 works on VMS/Alpha
0.9.8-beta5 works on Cygwin
0.9.8-beta5 works on SuSE 9.3
Data about which Cygwin versions 0.9.8-beta5 work on
0.9.8-beta5 works on Gentoo/arml but not /armb, and works on Linux AMD64
Do not undefine _XOPEN_SOURCE. This is currently experimental, and will be firmed up as soon as it's been verified not to break anything.
Have pod2man.pl accept '=for comment ...' before the '=head1 NAME' line.
Only define ZLIB_SHARED if it hasn't already been defined (on the command line, for example).
Move the definition of DEVRANDOM for DJGPP from Configure to e_os.h. That should solve the issues with propagating it through the Makefiles.
Add better documentation on how id_function() should be defined and what issues there are.
Undefine DECRANDOM before redefining it.
With DJGPP, it seems like the return code from grep, even when in the middle of a pipe, is noted. Counter that by forcing a true return code when the return code has no importance.
Add crypto/bn/bn_prime.h to the collection of generated files. In the update target, place the dependency on depend last, so all necessary files are generated *before* the dependencies are figured out.
Check for 'usage' and 'Usage'. Submitted by Tim Rice <tim at multitalents.net>. His comment is:
Do no try to pretend we're at the end of anything unless we're at the end of a 4-character block.
Strip the engine shared libraries as well.
Change dir_ctrl to check for the environment variable before using the default directory instead of the other way around.
Configure update for Stratus VOS.
Update for Stratus VOS.
DCC doesn't like argument names in returned function pointers.
The NAME section of a man page is required to have a dash followed by a short description, at least according to pod2man.
Initialise dir to avoid a compiler warning.
Do not defined des_crypt(), since it clashes with Solaris crypt.h.
Wrap the inclusion of openssl/engine.h with a protective check for the absence of OPENSSL_NO_ENGINE.
Wrap the inclusion of openssl/engine.h with a protective check for the absence of OPENSSL_NO_ENGINE.
Someone did some cutting and pasting and didn't quite finish the job :-).
Updated status from 0.9.8-stable.
There are a few showstoppers. Unfortunately, I only remember one. Please fill this in.
asn1parse doesn't support any TXT format, so let's stop pretending it does.
Actually, the 64bit format specifier differs between SIXTY_FOUR_BIT and SIXTY_FOUR_BIT_LONG
The private key should never have ended up in newreq.pem. Now, it ends up in newkey.pem instead.
Add libcrypto.pc and libssl.pc, and install them along with openssl.pc.
Changes from the 0.9.8 branch.
Changes from the 0.9.8 branch.
On case insensitive systems, 'install' gets mixed up with the existing file 'INSTALL', so we need to put some force into installing
I'm reversing this change, as it seems the error is somewhere else.
bytes_to_long_long isn't used anywhere any more, so let's remove it entirely.
Synchronise with Unix changes.
More synchronisation with the Unixly build.
Last synchronisationn with Unixly build. I hope...
Synchronise with Unixly build.
Synchronise VMS build with Unixly build.
Remove warnings about signed vs. unsigned...
Change a comment so it corresponds to reality. Put back a character that was previously replaced with a NUL for parsing purposes. This seems to fix a very weird parsing bug involving two variable references in the same value.
Renumber to follow what happens with 0.9.8.
Add in CHANGES for 0.9.7i.
A slight change in documentation that makes it so much more comprehensible
Fix numerous bugs in the Win32 path splitter
Document it
Synchronise with the Unix build.
When using POSIXly functions, we need to define _POSIX_C_SOURCE, at least when the source is compiled with ANSI settings.
Build Whirlpool on VMS as well
Whirlpool was added to EVP, so let's build it on VMS as well.
wq instead of wp? That's gotta be among the more amazing typos I've made...
Whoops, we were copying instead of comparing at the end of trying to find a queue element.
Missing files in the VMS installation
Fix signed/unsigned char clashes.
The VMS I run on doesn't know socklen_t and uses size_t instead.
Disable the Mixed Linkage warning for some selected modules. This is because the Compaq C compiler will not accept that a variable be declared extern then defined static without a warning.
Typo...
Forgot to initialize CC6DISABLEWARNINGS properly...
signed vs. unsigned clash.
As an effect of revisions 1.261, BUILD_CMD was changed so $(DIRS) wasn't respected when using it to build different parts of OpenSSL. 1.269 was an attempt to correct that, but unfortunately meant that we built every part that was given i $(DIRS) 7 times. This change puts back the original intent with BUILD_CMD via the new macro BUILD_ONE_CMD while keeping the intent with RECURSIVE_BUILD_CMD.
Document the building macros.
Break out deltree in its' own command procedure.
Add TS to the VMS build.
Add a TSA test. testtsa.com is a manual sh to dcl translation of testtsa.
Synchronise with openss.cnf
Forgot the TSA application...
Make shorter TS symbols for OpenVMS. Don't convert a function pointer to a void*, ISO C doesn't like that.
The actual whirlpool test was missing on VMS...
Remember to *build* WP_TEST on VMS, as well :-)
Resolve signed vs. unsigned issues
Oh, now I noticed Bodo's change that made tlsext_ecpointformatlist unsigned...
tlsext_ecpointformatlist_length is unsigned, so check if it's less than zero will only result in pissing of some compilers...
Typo...
Synchronise with recent changes
VMS doesn't support includes of paths very well.
Keep up with the changes in the Unix build system.
Only try to remove the tsa.dir subdirectory if it actually exists.
Since we're moving between directories, let's get an absolute path to openssl.exe.
Small bug. apps/CA.sh and apps/CA.com look at SSLEAY_CONFIG, not OPENSSL_CONF.
The -config option flag needs to be in the SSLEAY_CONFIG value.
Synchronise with recent changes
If we declare a function, like d2i_TS_MSG_IMPRINT_bio(), we'd better *define* it too, or things like shared libraries might be a bit sad.
Change chop to chomp when reading lines, so CRLF is properly processed on the operating systems where they are the normal line endings
Synchronise with the Unix build
Synchronise what what's happening with the Unix build
Got sick and tired of duplicating... Too error-prone (i.e. I forget to update both...)!
Synchronise
Synchronise with Unixly build. (Geez, a lot is happening right now, eh? :-))
Make sure obj_xref.h is updated during a "make update"
Someone made a mistake, and some function and reason codes got duplicate numbers. Renumbering.
make update
Keep in sync with Unix
There was a problem with too long command lines, so I rebuilt to make it work better.
Signed vs. unsigned conflict
rslen is unsigned, so it can never go below 0.
Deal with another name that's longer than 31 characters.
Use a new signed int ii instead of j (which is unsigned) to handle the return value from sk_SSL_CIPHER_find().
Because all object files are now in a file, we don't need to mention any of them on the linker command line. Besides, OBJECT_FILE now represents the last compiled file, and using it here only results in getting warnings about multiple definitions of the symbols in that file.
Synchronise with the Unixly build.
Synchronise with Unix
A few more ENGINE strings that need shortening.
Keep synchronised with the Unix build
Keep synchronised with Unix
Use poll() when possible to gather Unix randomness entropy
Correct warnings about signedness.
According to documentation, including time.h declares select() on OpenVMS, and possibly more.
Complete the change for VMS.
Fixes for the following claims:
Synchronise with Unixly build
Synchronise with Unixly build, again ;-)
Replace strdup() with BUF_strdup().
Needed definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will see the declarations of fd_set, select() and so on.
Synchronise a bit more with Unixly build
After objects have been freed, NULLify the pointers so there will be no double free of those objects
Add STARTTLS support for IMAP and FTP. Submitted by Kees Cook <kees at outflux.net>
Synchronise the VMS build with recent movements in the Unix build.
Apply a more modern way to get the definition of select(), except for VMS. Submitted by Corinna Vinschen <vinschen at redhat.com>
Synchronise VMS with Unix.
VAX C can't handle 64 bit integers, making SHA512 impossible...
Change submitted by Doug Kaufman. He writes:
Synchronise with Unix build
Provide other forms for symbols that are too long or that clash with others
Further synchronisation with Unix build. I hadn't noticed pq_compat.h was gone...
Synchronise with Unix.
Synchronise VMS build system with the Unixly one
A few more symbols that are a little bit long for VMS
Stack changes made dso_vms.c not compile properly.
Remove extraneous semicolons
Constify where needed
Further synchronisation with Unix
In BIO_write(), update the write statistics, not the read statistics. PR: 1803
More synchronisation with Unix
VMS stuff I forgot...
Synchronise with Unix build
Do the Camellia part right
Hopefully resolve signed vs unsigned issue.
Because DEC C - sorry, HP C - is picky about features, we need to define _XOPEN_SOURCE_EXTENDED to reach fd_set and timeval types and functionality.
Data not initialised. Notified by Gerardo Ganis <gerardo.ganis at cern.ch>
Reference bug.
Make it possible to disable STORE.
Make STORE an experimental feature.
A DTLS1 symbol needs to be chopped off a bit.
Include sys/time.h to declare gettimeofday().
Cast to avoid signedness confusion
Add local symbol hacks for OpenVMS
Add padlock data Redo the loop so it really compiles all objects for one engine, then links the engine (until now, it still thought every file was an engine of its own...).
Stupid typo
Reimplement time check for VMS to mimic the way it's done on Windows. Reason: gettimeofday() is deprecated.
Make the NULL definition of OPENSSL_ia32cap_loc() compatible with the declaration in crypto.h.
Move the time fetching code to its own static function, and thereby make sure that BOTH instances of said code get the VMS modification.
Synchronise VMS with Unixly build.
Make sure the padlock code compiles correctly even on hardware that doesn't have padlocks.
Do not try to link the support file(s), as they aren't a complete engine ;-)
Forgotten comma...
Add a comment about libeay.num and ssleay.num
Have mkdef.pl also handle VAX and Non-VAX differences for VMS
Functional VMS changes submitted by sms at antinode.info (Steven M. Schweda). Thank you\! (note: not tested for now, a few nightly builds should give indications though)
Stupid typo
Update from 1.0.0-stable
A few more macros for long symbols. Submitted by Steven M. Schweda <sms at antinode.info>
Compile t1_reneg on VMS as well. Submitted by Steven M. Schweda <sms at antinode.info>
It seems like sslroot: needs to be defined for some tests to work. Submitted by Steven M. Schweda <sms at antinode.info>
Forgot to correct the definition of __arch in this file. Submitted by Steven M. Schweda <sms at antinode.info>
There's really no need to use $ENV::HOME
size_t doesn't compare less than zero...
Apparently, test/testtsa.com was only half done
Have the VMS build system catch up with the 1.0.0-stable branch.
If opensslconf.h and buildinf.h are to be in an architecture specific directory, place it in the same tree as the other architecture specific things.
Architecture specific header files need special handling.
The previous take went wrong, try again.
Typo.
We redid the structure on architecture dependent source files, but apparently forgot to adapt the copying to the installation directory.
Synchronise with Unix tests
We expect these scripts not to bail on error, so make sure that's what happens.
Tell the user what test is being performed.
Taken from OpenSSL_1_0_0-stable:
Synchronise with Unix and do all other needed modifications to have it build on VMS again.
Better way to build tests. Taken from OpenSSL-1_0_1-stable
* tests.com: Add the symbol openssl_conf, so the openssl application stops complaining about a missing configuration file. Define the logical name PERL_ENV_TABLES with values to Perl considers the DCL symbol table as part of the environment (see 'man perlvms' for details), so cms-test.pl can get the value of EXE_DIR from tests.com, among others. * cms-test.pl: Make changes to have it work on VMS as well. Upper or mixed case options need to be quoted and the openssl command needs a VMS-specific treatment. It all should work properly on Unix, I hope it does on Windows as well...
Don't define an empty CFLAGS, it's much more honest not to defined it at all. Make sure to remove any [.CRYTO]BUILDINF.H so it doesn't get used instead of [.''ARCH'.CRYPTO]BUILDINF.H
Give the architecture dependent directory higher priority
Print openssl version information at the end of the tests
Implement bc test strategy as submitted by Steven M. Schweda <sms at antinode.info>. Make sure we move to '__here' before trying to use it to build local sslroot:
Use the same directory for architecture dependent header files as in the branches OpenSSL-1_0_0-stable and OpenSSL-1_0_1-stable.
Better method for creating SSLROOT:. Make sure to include the path to evptest.txt.
First attempt at adding the possibility to set the pointer size for the builds on VMS. PR: 2393
Part of the IF structure didn't get pasted here... PR: 2393
PR: 2407 Fix fault include. Submitted by Arpadffy Zoltan <Zoltan.Arpadffy at scientificgames.se>
PR: 2425 Synchronise VMS build with Unixly build.
Add rsa_crpt
After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS submitted by Steven M. Schweda <sms at antinode.info>
Add missing source. Also, have the compile also use [.MODES] as include directory, as other parts (notably, EVP) seem to need it.
A few more long symbols need shortening.
* apps/openssl.c: For VMS, take care of copying argv if needed much earlier, directly in main(). 'if needed' also includes when argv is a 32 bit pointer in an otherwise 64 bit environment. * apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional =ARGV, but only if it's supported. Fortunately, DCL is very helpful telling us in this case.
* apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV with turning trapping back on. * test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV here. * test/clean-test.com: A new script for cleaning up.
* apps/makeapps.com: Add srp.
* util/mkdef.pl: Add crypto/o_str.h and crypto/o_time.h. Maybe some more need to be added...
* crypto/crypto-lib.com: Add a few more missing modules.
make update (1.1.0-dev)
Implement FIPS CMAC.
Implement FIPS CMAC.
make update
* Makefile.fips: Update and add details about cmac.
* fips/cmac/fips_cmactest.c: Changed to accept all the ciphers we support (Two Key TDEA is not supported), to handle really big messages (some of the test vectors have messages 65536 bytes long), and to handle cases where there are several keys (Three Key TDEA)
* fips/cmac/fips_cmactest.c: Some say TDEA, others say TDES. Support both names.
* fips/fipsalgtest.pl: Test the testvectors for all the CMAC ciphers we support.
* fips/cmac/fips_cmac_selftest.c: Because the examples in SP_800-38B aren't trustworthy (see examples 13 and 14, they have the same mac, as do examples 17 and 18), use examples from official test vectors instead.
* Configure, crypto/ec/ec.h, crypto/ec/ecp_nistp224.c, util/mkdef.pl: Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have disabled by default. If we don't do it this way, it screws up libeay.num. * util/libeay.num: make update
make update
For VMS, implement the possibility to choose 64-bit pointers with different options: "64" The build system will choose /POINTER_SIZE=64=ARGV if the compiler supports it, otherwise /POINTER_SIZE=64. "64=" The build system will force /POINTER_SIZE=64. "64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.
Corrections to the VMS build system. Submitted by Steven M. Schweda <sms at antinode.info>
Error discrepancy corrected.
fips_check_dsa_prng() should only be built when OPENSSL_FIPS is defined.
No spaces in assignements in a shell script...
Add symbols for the parameters on a couple more functions.
Add a symbol for the first parameter to OPENSSL_showfatal().
Add a tool that (semi)automatically created the API documentation required for FIPS.
Teach mkshared.com to have a look for disabled algorithms in opensslconf.h
Add missing algorithms to disable, and in particular, disable EC_NISTP_64_GCC_128 by default, as GCC isn't currently supported on VMS. Synchronise with Unix.
Typo...
Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS.
Harmonise symhacks.h in this branch with lower versions. Add aliases for SSL_CTX_set_not_resumable_session_callback and SSL_set_not_resumable_session_callback on top of that.
Add the missing modules for Camellia, as well as dh_rfc5114 and evp_cnf.
Add d1_srtp and t1_trce.
Install srtp.h
* ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug. Fortunately in debugging code that's seldom used.
* Configure: make the debug-levitte-linux{elf,noasm} less extreme.
* crypto/ui/ui_lib.c: misplaced brace in switch statement. Detected by dcruette at qualitesys.com
Followup on RT3334 fix: make sure that a directory that's the empty string returns 0 with errno = ENOENT.
Include "constant_time_locl.h" rather than "../constant_time_locl.h". The different -I compiler parameters will take care of the rest...
Correct some layout issues, convert all remaining tabs to appropriate amounts of spaces.
[PR3597] Advance to the next state variant when reusing messages.
Check for FindNextFile when defining it rather than FindFirstFile
Clear warnings/errors within BN_CTX_DEBUG code sections
Clear warnings/errors within CIPHER_DEBUG code sections
Clear warnings/errors within CIPHER_DEBUG code sections
Clear warnings/errors within KSSL_DEBUG code sections
Clear warnings/errors within TLS_DEBUG code sections
Clear warnings/errors within RL_DEBUG code sections (RL_DEBUG should be renamed)
Small typo
Rob Austein (1):
RT2465: Silence some gcc warnings
Rob Stradling (11):
Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
Fix compilation with no-ec and/or no-tlsext.
Use TLS version supplied by client when fingerprinting Safari.
Tidy up comments.
Update CHANGES.
Additional "chain_cert" functions.
Show the contents of the RFC6962 Signed Certificate Timestamp List Certificate/OCSP Extensions. Add the RFC6962 OIDs to the objects table.
Move the SCT List extension parser into libssl. Add the extension parser in the s_client, ocsp and x509 apps.
Parse non-v1 SCTs less awkwardly.
CABForum EV OIDs for Subject Jurisdiction of Incorporation or Registration.
Separate the SCT List parser from the SCT List viewer
Robin Lee (1):
RT3031: Need to #undef some names for win32
Robin Seggelmann (2):
DTLS/SCTP Finished Auth Bug
DTLS/SCTP struct authchunks Bug
Russell Coker (1):
Fix datarace reported by valgrind/helgrind
Sami Farin (1):
Typo: set i to -1 before goto.
Samuel Neves (1):
Use only unsigned arithmetic in constant-time operations
Scott Deboy (7):
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks
Initialize next_proto in s_server - resolves incorrect attempts to free
Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert.
Updating DTCP authorization type to expected value
Re-add alert variables removed during rebase Whitespace fixes
Don't break out of the custom extension callback loop - continue instead The contract for custom extension callbacks has changed - all custom extension callbacks are triggered
Scott Schaefer (5):
Document pkcs12 -password behavior
Fix various spelling errors
RT 2517: Various typo's.
RT 2517: Various typo's. Reviewed-by: Emilia Kasper
RT2518: fix pod2man errors
Serguei E. Leontiev (1):
Replace manual ASN1 decoder with ASN1_get_object
Steve Marquess (2):
Remove gratuitous patent references
Add new sponsors
TANABE Hiroyasu (1):
RT1325,2973: Add more extensions to c_rehash
Thijs Alkemade (1):
Make disabling last cipher work.
Thorsten Glaser (1):
Document openssl dgst -hmac option
Tim Hudson (12):
Add option to generate old hash format.
- fix coverity issues 966593-966596
fix coverity issue 966597 - error line is not always initialised
PR#3342 fix resource leak coverity issue 966577
coverity 966576 - close socket in error path
safety check to ensure we dont send out beyond the users buffer
Minor documentation update removing "really" and a statement of opinion rather than a fact.
Remove old unused and unmaintained demonstration code.
Fixed error introduced in commit f2be92b94dad3c6cbdf79d99a324804094cf1617 that fixed PR#3450 where an existing cast masked an issue when i was changed from int to long in that commit
Add constant_time_locl.h to HEADERS, so the Win32 compile picks it up correctly.
no-ssl2 with no-ssl3 does not mean drop the ssl lib
mark all block comments that need format preserving so that indent will not alter them when reformatting comments
Tom Greenslade (1):
Handle IPv6 addresses in OCSP_parse_url.
Tomas Mraz (1):
Don't advertise ECC ciphersuits in SSLv2 compatible client hello.
Trevor (3):
Add support for arbitrary TLS extensions.
Cleanup of custom extension stuff.
Cosmetic touchups.
Trevor Perrin (5):
Various custom extension fixes.
Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated.
Require ServerInfo PEMs to be named "BEGIN SERVERINFO FOR"...
Update docs to mention "BEGIN SERVERINFO FOR ".
Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated.
Ulf Möller (661):
New switch "386" to generate 80386 code (emulate bswap).
Typo.
Remove file that is to be auto-generated by sha1-586.pl.
New option to generate 80386 code.
pre-0.9.3 development version.
New Makefile variables $(RANLIB) and $(PERL).
Pointer to Ariel Glenn's SSLeay documentation.
Remove obsolete files.
Include bn.h instead of defining BIGNUM as char.
Remove obsolete files from SSLeay 0.8.
Bug fix for X.509 two-digit year.
More assembler problems; new OCSP patch; obsolete patches removed from list.
bn_div_words has been added to alpha.s (Hannes Reinecke's patch).
Fix linux-mips entry.
Test RSA after the BN library it is based on.
Bad dependencies.
Avoid error message about missing gcc.
Bugs.
Separate DSA functionality from ASN.1 encoding. New functions DSA_do_sign and DSA_do_verify to provide access to the raw DSA values.
Use Perl 5 even if Perl 4 comes first in the search path.
Test PKCS#1 v1.5 padding as well.
recent changes.
New Configure option "rsaref".
Write random seed file in binary mode.
Another bug.
Pass $PERL on make errors.
SPARC v8 assembler BIGNUM code.
Defunct assembler files removed; various cleanups.
Definition did not match prototype.
Fix typos in error codes.
Error in comment.
Document additional Configure flags.
Clean up prototypes (prepare for removing NOPROTO).
Change functions to ANSI C.
Missing #endif.
Arguments are des_cblock.
Problems with 64-bit long. Pointed out by Andy Polyakov <appro at fy.chalmers.se>.
Remove useless defines.
Problems with 64-bit long.
-Wall implies -Wuninitialized.
Fix some warnings.
Fix lots of warnings.
Move all autogenerated header file parts to crypto/opensslconf.h.
New header file opensslconf.h contains the macros set by Configure.
Ultrix compatibility.
Be more specify about system requirements.
Set the 386 flag automatically when building on i386.
Pass the $PROCESSOR variable through.
Remove references to .org header file names.
Recognize CPU version on NetBSD and FreeBSD.
Function didn't get ANSIfied because of unusual formatting.
Undo evil cast! <g>
Andy Polyakov points out that BF_PTR2 is slower than the generic case.
*.org files are gone for good.
Remove header files from .cvsignore.
ANSIfy, fix typo in error message, and remove redundant statement from my code.
Replaced by mkerr.pl
New Configure option --openssldir to replace util/ssldir.pl.
New Configure option --openssldir to replace ssldir.pl.
*** empty log message ***
exit on error.
Submitted by: Reviewed by: PR:
Remove NOPROTO definitions and error code comments.
Ignore autogenerated file.
Last week I proposed to increase the version number to 1.0. So far nobody complained...
Remove NOPROTO-related macros.
New Configure option no-<cipher> (rsa, idea, rc5, ...).
Add missing DEPFLAG.
New Configure option no-<cipher> (rsa, idea, rc5, ...).
Message digest stuff.
Undo.
Update NO_* macros.
*** empty log message ***
More portable blowfish macros.
Typo.
Remove autogenerated file.
Do make rehash automatically at make test.
Linux shared libraries.
Linux shared libraries (now in Makefile.ssl).
Pass $PERL on make dclean.
Decrypt test vector data even if previous decryption failed to get better diagnostics.
Ignore autogenerated assembler files.
Autogenerated files.
Change error message for consistency.
Missing "else".
exptest dumps core. Optimizer bug?
Ignore Makefile.save
Compare with BN_mod_exp_simple, too.
Close files.
Bug fix.
OAEP bug fix.
Unused file.
Typo.
$perl should never be empty.
More information about installing.
Better Sun config.
Typo. (You ought to trademark "Configurion". :)
Update HPUX config, work around HPUX library incompatibility.
c_rehash doesn't work at that point of the installation, so don't even try.
Sparc v8plus assembler.
Andy Polyakov points out there are default rules in make in gmake for this.
solaris64 entry.
Recognise Ultra Sparc and compiler version number.
SHA-1 cleanups and performance enhancements.
Fix problem with /usr/ccs/lib/cpp.
C++ bug fix.
Use ANSI stdarg.
Note about required SC5.0 patches.
v8plus must be specified.
Remove unreachable return statements.
Info on how to submit patches.
Support additional Win32 compilers.
Borland C++ builder.
Typo.
Add missing semicolon.
config is Unix specific.
Get the Mingw32 makefiles right.
Generate DLLs with Mingw32.
Superseded by sparcv8.S and sparcv8plus.s.
pass $PERL on make files.
Mingw32.
The libssl32.dll definition file is called ssleay32.def. (why?)
no-xxx option to exclude ciphers.
Fix for +xxx options.
Update.
Move openssl.cnf out of lib/.
Move openssl.cnf out of lib/.
Use ifndef PEDANTIC for all inline assembler.
Missing argument in prototype.
Caldera OpenLinux passes test now.
mk1mf.pl and mkdef.pl read OPTIONS from toplevel Makefile. Configure no longer changes files in place.
VMS support.
Reorganize and speed up MD5.
VMS support.
VMS support bug fixes.
Remove redundant ifdef.
Oops. Close the file.
Cut&paste error.
Missed one line.
mk1mf.pl syntax has been changed.
Mention Andy's assembler stuff.
Mention "make depend".
Move prototypes to the right place.
BC now compiles crypto/des
Spelling error.
BSD alpha config.
no-xxx options.
gcc < 2.8 does not support ultrasparc.
Small corrections.
Oops.
Typos.
Bignum library bug fix. IRIX 6 passes "make test" now! This also avoids the problems with SC4.2 and unpatched SC5.
Declare test key data as static.
Avoid a warning.
Detect Siemens platforms.
NeXT doesn't have dirent.
Bring VMS in sync with the recent changes.
Borland C fix.
Remove redundant line.
gcc dumps core on HPUX.
Define a macro to avoid name conflicts.
Avoid type conflict on Unix with DEC C.
Hint about unresolved symbols when mixing compilers.
Test apps.
Generate no-xxx options for missing ciphers.
Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress).
Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress).
Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress).
Prevent name conflicts.
Fix to compile the des app.
Don't #define _, and eliminate casts.
Warnings and casts.
Casts.
Call our crypt implementation des_crypt(). crypt() now is a wrapper if there is no system crypt() available.
crypt(), demos patched.
The des app.
Remove old libdes version number.
"extern" is a C++ reserved word.
Don't define _ANSI_SOURCE for NetBSD.
Circumvent bug in SC5 without patch #107357-01.
Put SC5 warning back in, future changes might trigger the compiler bug again.
Recognize CPU on BSD/OS.
Typo.
Use the same CPU recogition method for FreeBSD 3 as for the other FreeBSD versions. (The FreeBSD and FreeBSD-elf Configure entries were identical.)
Use "long long" for all Win32 gcc ports.
Fix no-hmac and no-ripemd.
More no-xxx option tweaks.
Broken HPUX cc.
Obsolete/experimental code.
NO_HMAC.
RSA private keys without dmp1/dmq1/iqmp are also valid (but slower).
More DES library cleanups: remove references to srand/rand and delete an unused file.
Did not check the last SDIR line for excluded algorithms.
DES library changes.
Make the perl module compile and eliminate some of the warnings. Still doesn't work (the destructor on BIO and SSL is called immediately after creating the object. Why that??)
Remove obsolete files.
VMS updates. Submitted by: Richard Levitte <levitte at stacken.kth.se>
Restore compability with kerberos/des.h (I had deleted some seemingly useless definitions such as C_Block earlier).
obj_dat.h is autogenerated (it was in the CVS because old versions of Configure didn't generate the file in Windows builds).
*** empty log message ***
No use in naming the cblock _; the structure still is incompatible to Kerberos.
Avoid path separator problems.
Compile pkcs7 and des apps.
Add pkcs7 and des apps to "make all".
Fix faulty base64 decoding of data that was 46 or 47 bytes long.
Honor $PERL environment variable in Configure.
editing error.
Undo base64 decoding change (was not a bug fix).
make update.
make testapps after the library.
Check the as version on Solaris x86. People don't read INSTALL anyway. :)
*** empty log message ***
Correct address in a comment.
Use proper flags to build the testapps (default CC value causes confusion on Solaris)
Correction for the testapps lines.
Parantheses not needed.
note a few things that need to be done
More patches.
Generate obj_dat.h in "make update".
VC++ warning.
Cosmetic changes.
HPUX 11 flags. Contributed by: Peter Huang <PETER_HUANG at HP-Cupertino-om8.om.hp.com>
More patches.
*** empty log message ***
Missing #ifdef NO_DES
Circumvent an exploitable buffer overrun error in RSA Security's RSAREF library. See: http://www.CORE-SDI.COM/english/ssh/index.html
Oops!
CORE SDI proposed patch doesn't make any sense. Undo.
Don't use inline assembler on x86 Solaris (would need a different syntax).
Solaris x86 assembler problem is already addressed in ./config (bug reports keep coming in because that was still missing in 0.9.4)
Update contact information (openssl-bugs, openssl-security).
Add some newlines needed for pod2man, and run ispell.
ispell.
Remove obsolete SSLeay instructions.
Honor the no-xxx Configure options when creating .DEF files.
Submitted by: Reviewed by: PR:
Minor format changes.
Install man pages.
Add missing =back.
dep/ directory is not needed.
Document the RSA library.
Dummy page superseded by crypto/crypto.pod
corrections
PKCS#1 signatures don't use randomness. Add a note about the padding functions.
Precautions against using the PRNG uninitialized: RAND_bytes() now returns int (1 = ok, 0 = not seeded). New function RAND_add() is the same as RAND_seed() but takes an estimate of the entropy as an additional argument.
minor change for the prng
RAND_seed
New function RAND_pseudo_bytes() generated pseudorandom numbers that are not guaranteed to be unpredictable.
remove debug modification that I checked in accidentally
Header for RAND_seed()
Add missing #ifndefs that caused missing symbols when building libssl as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c.
Rename rsa_oaep_test to the more appropriate name rsa_test for the benefit of MS-DOS users.
WINDOWS is defined in e_os.h. The problem was WIN32 (the new egcs uses _WIN32).
AFAICS lst1 stands for "lshift test" not "list".
Don't build the testapps automatically because the openssl program now has s/mime functionality.
Some more ifdefs for no-xxx options.
Check RAND_bytes() return value or use RAND_pseudo_bytes().
Move ssl.pod to doc/ssl
Document RAND library.
Use comment from md_rand.c in rand.pod
Use comment from md_rand.c (part 2, as well).
Move ssl.pod to doc/ssl
Document the DH library, and make some minor changes along the way.
fail on all errors.
config string comment
dh renamed to dhparam
Document the BN library.
Rename asn1/pkcs8.c to asn1/p8_key.c to avoid name conflict.
RSA_print etc
Documented in the RSA_print page
Run ispell. Clean up bn_mont.c.
New manpage.
Increase the year by one.
New news.
Document DSA and SHA. New function BN_pseudo_rand(). Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when generating DSA primes (why not use BN_is_prime()?)
Update comment from bn.h
comment was wrong.
fix link
Update docs: corrections, turn buffer docs into manpage, fold SHA1 pages into one for improved readability, add lhash manpage
Source code cleanups: Use void * rather than char * in lhash, eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
Typos.
Seek out and destroy another evil cast.
Note changes.
Checked in some junk. Sorry.
Print a reassuring message when Configure is done.
spelling
Document ERR library.
EBCDIC support.
undo. I keep confusing my directories. :(
dhgen is gone.
link to SSL_get_error(3)
Remove an =over that never ends
match the prototype
Bug fix: BN_is_prime() would fail with a high probability for small primes (negligible for larger ones).
Document hash functions.
ispell (and minor modifications)
a short page for "speed"
*** empty log message ***
Replace ridiculous libdes PRNG with RAND_bytes. These functions are not used anywhere in OpenSSL, but might be used by libdes applications.
Document RC4.
md2 is documented in the md5 page. lets see if this works...
New functions BN_CTX_start(), BN_CTX_get(), BN_CTX_end() to access temporary BIGNUMs. BN_CTX still uses a fixed number of BIGNUMs, but the BN_CTX implementation could now easily be changed.
Use MONT_WORD macro to control if the word-based or the bignum algorithm is used.
BN_div bugfix. The q-- loop should not be entered in the n0==d0 case.
Improve bntest slightly, and fix another bug in the BN library.
put missing line back in.
BN bug fixes
Refer to EVP_DigestInit() in the hash function descriptions.
"print" is GNU bc specific.
Create the man directories where the manpages will be put.
Install manpages below OPENSSLDIR (I think it was meant to be this way?). New variable for man directory.
Make excluded cipher entry in opensslconf.h a bit more descriptive.
Fix gcc warnings.
Document OPENSSL_VERSION_NUMBER
More compact Configure usage message.
Correction for RSA_padding_check_xxx() documentation.
Correction to RSA_padding_check_xxx() docs (this time for real).
Check tlen size in all padding_check functions. As called within the rsa library, the output buffer always is large enough, but if the tlen parameter is there, it should be checked in the interest of clarity, as proposed by David Sacerdote <das33 at cornell.edu>.
Don't list prototypes for internal functions.
warning.
Frequently asked questions.
minor docs changes (added links is the openssl(1) text)
threads mapage.
another faq.
add missing names.
Run the test suite and generate a report.
*** empty log message ***
correct macro.
yet another faq.
New make target "report" to run util/selftest.pl
CRYPTO_num_locks()
Support EGD.
remove test "goto err"
EGD info, as requested.
Fix NO_RSA (misplaced #endif).
nicer manpages
remove some (apparently) obsolete entries. please put them back in if they're still valid, and remove others that are outdated
EGD socket info.
mention that EGD is used in non-blocking mode.
Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ----------------------------------------------------------------------
Yet another "unixware" spelling.
some test results.
BIO_printf() change
work around a bug in BN_div_recp or BN_reciprocal
divide the correct number...
different snprintf version.
signed/unsigned mismatch (VC++)
linux-ppc
ispell
EGD bugfix.
*** empty log message ***
VC++ problem
mt contained an old copy of mttest.c. remove it and move the other files to crypto/threads
mention RAND_egd()
links
The main() return value is a program's exit code.
Test the division functions.
flush output. Looks like it fails when b is a power of 2, but I never get incorrect results.
Make clear which naming convention is meant.
minor clarification
Reorganize bn_mul.c (no bugfix yet), remove obsolete files in BN library.
remove
workaround no longer needed
*** empty log message ***
Bug fix!
Overly long lines look ugly in the DOS editor. :)
put function names in the title.
remove obsolete BN_CTX info
corrections
works on solaris
Shared library support for Solaris and HPUX by Lutz Behnke and by Lutz Jaenicke.
Support assembler for Mingw32.
Fix for non-monolithic build.
Switch for turning on the predictable "random" number generator.
Mingw32 can now use assembler.
Bug fix.
how to recognize assembler problems
change wording
some people can't read :)
Keep the references to other INSTALL files short. These are the Unix instructions.
check for WIN32 (needed by Mingw32)
change info text (as on the web site)
add RAND_status() to title
pseudo-seed for the PRNG before testing DSA
Note bug fix for the DSA infinite loop
Bug fix.
add comment.
gcc warnings
new component
The selftest sometimes lacked important information
bug fix release planned
bug fix. Submitted by: "Yoram Meroz" <yoram at mail.idrive.com>
clarify.
Repair bss_log.
Don't generate asm files for no-asm.
Use L for all constants.
ssize_t
NO_SYSLOG is defined for MSDOS anyway. just don't include the Unix header...
make update
asm workaround for SuSE Linux proposed by Holger Reif
change manpages to pod. Contents are not up to date!
superseded by des_modes.pod
DES in Perl was incomplete and not very useful
add =cut
des_quad_cksum() byte order bug fix. See http://www.pdc.kth.se/kth-krb/
libdes manpage.
cleanup.
make update
Integrate podd.h sk.h into set_key.c
FLAT_INC is not needed; we use -I.. all the time
New function RAND_event() collects entropy from Windows events.
oops. don't use "entropy" directly.
Bug fix: RAND_write_file() failed to write to files created by open() on Win32.
Sample application using RAND_event() to collect entropy from mouse movements, keyboard etc. and write it to a seed file.
Mention the bug fixes.
Problems with the Windows build.
In some of the Makefiles CPP was not defined.
OpenBSD complains.
More failures.
more failures
RAND_event()
ssize_t for Ultrix
Test results.
Add pointer to EGD manpage. Update the "randomness" section for the upcoming 0.9.5a release.
Submitted by: Reviewed by: PR:
linux-elf bugfix
MacOS changes.
Missing cases when no_rsa is defined
Make sure that NO-RSA applications etc can include evp.h
prototype.
Get rid of more non-ANSI declarations.
#include <stdlib.h> is not needed.
#include <stdio.h> not needed.
is needed.
Bug fix for 64 bit HP-UX.
Don't include <stdlib.h>. In the NO_FP_API case, don't include <stdio.h>.
Use NO_FP_API.
Yet another bc FAQ.
CygWin32 support.
Increased consideration for stupid Linux users.
Option "no-symlinks" to configure without creating the links (e.g. for use with makefile.one)
typo
protoypes
use faster version
Add PRNGD link.
Randomness polling function for Win9x.
Move RNG initialization to RAND_poll(), and shared definitions to rand_lcl.h
don't print debug output
oops.
Profiling option for mk1mf.pl
Fix some CygWin problems.
bug: RAND_poll().
Don't set the two top bits to one when generating a random number < q.:wq
Not the DSA change.
More Windows failures reported
The other log message should have read "Note the DSA change".
Point to Peter Gutmann's revised paper. The copy at www.usenix.org is the old version.
Bug fix: Montgomery multiplication could produce results with the wrong sign.
Jeffrey Altman points out that GetQueueStatus() crashes on NT.
add links to the new BIO and SSL manpages to make them visible on the web.
ispell and some other nit-picking
Note the BN_mod_exp_word bug. (Markus Friedl provided a test program.)
ispell
Note about contribtions from the US
ispell.
The RSA patent will have expired when the next version is released...
Malloc() -> OPENSSL_malloc() etc.
ispell.
URL to "latest" Mingw release (which is almost a year old :()
tlhelp32.h is currently missing in Mingw32 (release 2.95.2 and 2.95.2-1)
Add some missing info.
Workaround for tlhelp32.h: place the missing header file in outinc
tlhelp32.h
more manpage links.
stop perlpod from complaining.
update info to match the README.
spelling
print the perlasm rule only for linux-elf (it seems it confuses some version of make for Mingw32) ---------------------------------------------------------------------- ----------------------------------------------------------------------
typo
The des_modes manpage is in section 7.
fix problems in the selftest
cosmetic change
cosmetic changes
Add short overview, move header files section further down.
correction from Lutz
"DESCRIPTION" is required.
give pseudo prototypes instead of macro definitions for better clarity
Correction from Tani Hosokawa <unknown at riverstyx.net>
s_server not s_client
.
-engine is gone.
_lrotl() is a call to the C runtime library!
Minor corrections (HPUX). From: Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
increase the value a bit
Set the CryptoAPI randomness estimate back to 0. The randomness may not actually be very good (we don't know).
looks like a cut&paste error
in some new file names the first 8 characters were not unique
ignore
Remove RSAREF (not used).
use standard C
fix for Borland C
Add a warning about the usage of the montgomery functions (if the inputs are not reduced modulo m, the outputs won't be either).
typo
Borland C fix.
GPL FAQ.
remove unused static function
Fix bn_cmp_part_words() and move it to bn_lib.c.
New function BN_bntest_rand() to detect more BN library bugs.
Note the bntest change.
Move the rijndael "test" to the bf and cast tests.
Loops like this one:
forgot to remove the loop variable
remember the problem with ftime()
argl
last commit was wrong. Now it works. :)
Use assert as in the rest of the BN library.
PERLASM - the wierdest programming language since Intercal.
minor modification to the previous change
more of the same: add printf() for perlasm.
save registers in the debug output code (return value is overwritten too)
looks like it works now
push the flags too
move constants for debug functions to end of file
test_mod_mul is useful, let's run it more often.
another fix for the debug print
Intel assembler version for bn_sub_part_words(). I haven't got reliable timings yet, please try it out!
remove useless instruction
remove a comment that shouldn't have been there any more
Don't check for bc at all. We can now run a meaningful test even if it is missing.
bn_part_sub_word prototype.
Test for SCO bc bug
*** empty log message ***
Stop on bntest error.
c&p error spotted by Martin Forssen
"Andrew W. Gray" <agray at iconsinc.com> says /GD is no longer a valid compiler switch.
Stop build when an error occurs. "Peter 'Luna' Runestig" <peter+openssl-dev at runestig.com>
branches have been merged.
rsa_num is not used with NO_RSA
link to the new manpage.
Mention the ./config script fixes.
Use the correct number of arguments in the example.
Definition of NO_KRB5 in ssl.h for external applications.
There is no C version of bn_div_3_words
new year
Fix potential buffer overrun for EBCDIC.
format strings
Bleichenbacher's DSA attack
cleanup
Note that EGD is used automatically.
point out that RAND_load_file() etc are only for seed files, not for entropy devices or sockets.
use <= instead of ==
IRIX bugfix
New function OPENSSL_issetugid(). Needs more work.
That was misleading. The problem won't happen with 0.9.6a anyway.
pod format error
ispell
Temporary fix for build break. It's still inconsistent - probably better to undo the whole OPENSSL_NO_* thing.
note OPENSSL_issetugid().
BN_rand_range() needs a BN_rand() variant that doesn't set the MSB.
Fix warning.
Use BN_rand_range().
make it a loop as in dsa
autoconf would be useful...
That statement seems to be not true. In fact, I have said that I would like to use libtool, but not automake.
run self-test with no-krb5
don't read from tty in test mode
%f conversion bug fix Submitted by: Henrik Eriksson <henrik.eriksson at axis.com>
DEC
Forgot a '$'.
old MSVC versions don't have rdtsc use _emit instead
note the rand_win.c change
mips
check CRT
check CRT
Note the Alpha asm change
the backslash is significant...
make sure we don't write to seed[-1]
move check to avoid memory leak.
more error codes fixed
typo.
zlib default was broken on most platforms.
make update
strsep implementation to allow the file to compile on non-BSD systems
*** empty log message ***
undo, didn't work
strsep implementation to allow the file to compile on non-BSD systems
Use GCC 2.95/3.0 optimization
Eric Hanchrow points out that Cygwin perl works.
bug fix: bn_sqr_recursive output is twice its input size.
double definition
include the proper header file
unused function
make engine file names unique in 8.3
ispell
ispell
missed one file
openbsd-x86 macros
remove compatibility notes that no longer apply
name confusion with HP library function prototype (?)
Cygwin patch. Submitted by Michael Kobar <mkobar at lymeware.com>
ssl3_read_bytes bug fix
*** empty log message ***
Cygwin target name has been changed!
error reported by Karsten Braaten
another error discovered by Karsten Braaten. The number was not even prime!
updated Mingw32 instructions.
values were reset for no reason.
Use assembler implementations with Cygwin. This also fixes the bn_sub_part_word problem.
Cygnus correction. (I thought I had tested that...)
make files didn't work on case insensitive filesystems
use OPENSSL_SYS_MSDOS rather than __DJGPP__ to disable egd, this is not compiler specific
update mingw info
clean up MinGW build. MinGW make now supports the Windows path name conventions.
avoid duplicate definiton of bn_sub_part_words
add test
more mingw related cleanups.
remove some more useless code. The mingw target can now be built under cygwin.
Copy rather than symlink the test data. This is needed because Windows doesn't support symlinks.
Add instructions for building the MinGW target in Cygwin, and rearrange some of the other text for better readability.
Cygwin debugging
cleanup as discussed with Geoff
typo in comment
oops... the description of ->top was inaccurate (the example is correct though)
Geoff suggested a more succinct description for "top".
BN_set_bit() etc should use "unsigned int". Keep it as is to avoid an API change, but check for negativ values.
The x9.62 tests replace the PRNG with specific numbers, so don't run them if BN_DEBUG_RAND is defined.
re-enable the test, keeping the original method for RAND_pseudo_bytes which is used by BN_DEBUG_RAND Submitted by: Nils Larsch
Avoid segfault if ret==0.
Skip a curve with generator of non-prime order.
Add "dif" variable to clean up the loop implementations.
typo
typo
fix breakage for Perl versions that do boolean operations on long words
Use Windows randomness code on Cygwin
undo Cygwin change
comments
RFC 3161 compliant time stamp request creation, response generation and response verification.
time stamp Makefile, test files Submitted by: Zoltan Glozik <zglozik at opentsa.org>
make update
*** empty log message ***
shorter filenames
wrap shlib for testtsa Submitted by: David Somers <dsomers at omz13.com>
oops
message style
ignore
TS bugfixes: Do not hardcode message digest algorithms; fix ASN1 decoding.
unused function
Clarification for CPU specific config options.
*** empty log message ***
improve make dclean to remove files generated during build
uncomment; that one slipped through
Use Dl_info only on systems where it is known to exist. It does not exist on AIX 4.3.3, AIX 5.1, SCO 5, or Cygwin.
manual pages as HTML Submitted by: Oliver Tappe <zooey at hirschkaefer.de>
Add BeOS support.
declare as in prototype Submitted by: Gisle Vanem
Bug fix.
bug fix. PR: 1326 Submitted by: John Skodon
Add includes in synopsis. Submitted by: Mike Frysinger <vapier at gentoo.org>
Correct punctuation. PR: 1367
Use gmtime on cygwin Submitted by: Corinna Vinschen
wording (can't really call shared libs experimental after several years in the major Linux distributions)
Veres Lajos (1):
misspellings fixes by https://github.com/vlajos/misspell_fixer
Viktor Dkhovni (1):
RT1325,2973: Add more extensions to c_rehash
Viktor Dukhovni (16):
Fix infinite loop. PR#3347
Fixes to host checking.
Client-side namecheck wildcards.
Enforce _X509_CHECK_FLAG_DOT_SUBDOMAINS internal-only
More complete X509_check_host documentation.
Drop hostlen from X509_VERIFY_PARAM_ID.
X509_check_mumble() failure is <= 0, not just 0
More complete input validation of X509_check_mumble
Implement sk_deep_copy.
Multiple verifier reference identities.
Fix typo in last commit
One more typo when changing !result to result <= 0
New peername element in X509_VERIFY_PARAM_ID
Set optional peername when X509_check_host() succeeds.
Update API to use (char *) for email addresses and hostnames
Improve X509_check_host() documentation.
Viktor Szakats (1):
RT 1988: Add "const" to SSL_use_RSAPrivateKey_ASN1
ZNV (1):
Make EVP_CIPHER_CTX_copy work in GCM mode.
l.montecchiani at gmail.com (1):
RT2193: #ifdef errors in bss_dgram.c
mancha (2):
Fix eckey_priv_encode()
Fix version documentation.
nnposter at users.sourceforge.net (2):
PR 718: Configure not exiting with child status
PR 719: Configure not exiting with child status
rfkrocktk (2):
Added documentation for -iter for PKCS#8
Conform to whitespace conventions
stephen (5):
external error lib number now global and allow error lib to have a name
fix pk7_doit.c for new i2d_ASN1_SET argument
Fix for sk_insert bug: it never worked properly. Allow explicit tag asn macros to handle indefinite length constructed stuff: without this certain "certificates" can't be read in.
Update CHANGES file for latest additions
This is a quick hack conversion of the 'CA.sh' script to perl. It fixes one bug in the original but is otherwise just as horrible :-)
yogesh nagarkar (1):
Fix compilation with -DSSL_DEBUG -DTLS_DEBUG -DKSSL_DEBUG
zhu qun-ying (1):
Free up s->d1->buffered_app_data.q properly.
-----------------------------------------------------------------------
More information about the openssl-commits
mailing list