wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
23774 commits 20 branches 302 tags 153 MiB
Commit graph

2123 commits

Author SHA1 Message Date
Bodo Möller
8e85545284 Update for 0.9.8s and 1.0.0f, and for 1.0.1 branch. 
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in HEAD, the actual code is here already.)
 2012-01-05 13:48:55 +00:00
Dr. Stephen Henson
4d0bafb4ae update CHANGES 2012-01-04 23:54:17 +00:00
Dr. Stephen Henson
e745572493 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> 
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
 2012-01-04 23:52:26 +00:00
Dr. Stephen Henson
27dfffd5b7 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 23:16:15 +00:00
Dr. Stephen Henson
2ec0497f08 fix CHANGES 2012-01-04 23:10:44 +00:00
Dr. Stephen Henson
6bf896d9b1 Check GOST parameters are not NULL (CVE-2012-0027) 2012-01-04 23:03:40 +00:00
Dr. Stephen Henson
be71c37296 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 23:01:54 +00:00
Dr. Stephen Henson
0b9f5ef809 update CHANGES 2011-12-31 23:08:15 +00:00
Dr. Stephen Henson
4817504d06 PR: 2658 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
 2011-12-31 22:59:57 +00:00
Dr. Stephen Henson
ad89bf7894 PR: 2563 
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve

Improved PRNG seeding for VOS.
 2011-12-19 17:01:37 +00:00
Andy Polyakov
e75440d2c9 update CHANGES. 2011-12-19 14:48:49 +00:00
Dr. Stephen Henson
188c53f7e8 update CHANGES 2011-12-19 14:41:03 +00:00
Ben Laurie
9a436c0f89 Back out redundant verification time change. 2011-12-13 15:00:43 +00:00
Ben Laurie
7fd5df6b12 Make it possible to set a time for verification. 2011-12-13 14:38:12 +00:00
Dr. Stephen Henson
627b044536 update CHANGES 2011-12-10 00:49:05 +00:00
Dr. Stephen Henson
2ca873e8d8 transparently handle X9.42 DH parameters 2011-12-07 12:44:03 +00:00
Dr. Stephen Henson
afb14cda8c Initial experimental support for X9.42 DH parameter format to handle 
RFC5114 parameters and X9.42 DH public and private keys.
 2011-12-07 00:32:34 +00:00
Bodo Möller
19b0d0e75b Resolve a stack set-up race condition (if the list of compression 
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
 2011-12-02 12:52:00 +00:00
Bodo Möller
ea8c77a55b Fix ecdsatest.c. 
Submitted by: Emilia Kasper
 2011-12-02 12:41:17 +00:00
Bodo Möller
a7c71d8955 Update HEAD CHANGES file. 2011-12-02 12:28:20 +00:00
Bodo Möller
390c579568 Fix BIO_f_buffer(). 
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
 2011-12-02 12:25:03 +00:00
Ben Laurie
e0af04056c Add TLS exporter. 2011-11-15 23:50:52 +00:00
Ben Laurie
333f926d67 Add DTLS-SRTP. 2011-11-15 22:59:20 +00:00
Dr. Stephen Henson
20bee9684d Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest. 2011-11-13 14:07:36 +00:00
Dr. Stephen Henson
a98b8ce652 Update fips_test_suite to take multiple command line options and 
an induced error checking function.
 2011-11-06 12:53:13 +00:00
Dr. Stephen Henson
f4324e51dd Add single call public key sign and verify functions. 2011-11-05 01:34:36 +00:00
Dr. Stephen Henson
3ec9dceb15 Add fips_algvs utility (from FIPS 2.0 stable branch). 2011-11-02 00:57:22 +00:00
Dr. Stephen Henson
5e4eb9954b add authentication parameter to FIPS_module_mode_set 2011-10-19 22:34:53 +00:00
Bodo Möller
e5641d7f05 BN_BLINDING multi-threading fix. 
Submitted by: Emilia Kasper (Google)
 2011-10-19 14:59:27 +00:00
Bodo Möller
e0d6132b8c Fix warnings. 
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
 2011-10-19 08:59:53 +00:00
Bodo Möller
3e00b4c9db Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and 
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.
 2011-10-18 19:43:16 +00:00
Bodo Möller
8b37d33a94 typo 2011-10-13 13:20:33 +00:00
Bodo Möller
3ddc06f082 In ssl3_clear, preserve s3->init_extra along with s3->rbuf. 
Submitted by: Bob Buckholz <bbuckholz@google.com>
 2011-10-13 13:05:58 +00:00
Dr. Stephen Henson
ccbb9badba fix CHANGES entry 2011-10-09 23:11:55 +00:00
Dr. Stephen Henson
2bfeb7dc83 Add FIPS selftests for ECDH algorithm. 2011-09-29 23:08:23 +00:00
Dr. Stephen Henson
cb71870dfa Use function name FIPS_drbg_health_check() for health check function. 
Add explanatory comments to health check code.
 2011-09-22 14:01:25 +00:00
Dr. Stephen Henson
4420b3b17a Revise DRBG to split between internal and external flags. 
One demand health check function.

Perform generation test in fips_test_suite.

Option to skip dh test if fips_test_suite.
 2011-09-21 17:04:56 +00:00
Dr. Stephen Henson
15094852de new function to lookup FIPS supported ciphers by NID 2011-09-14 13:25:48 +00:00
Dr. Stephen Henson
a11f06b2dc More extensive DRBG health check. New function to call health check 
for all DRBG combinations.
 2011-09-12 18:47:39 +00:00
Dr. Stephen Henson
7fdcb45745 Add support for Dual EC DRBG from SP800-90. Include updates to algorithm 
tests and POST code.
 2011-09-09 17:16:43 +00:00
Dr. Stephen Henson
0486cce653 Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past 
produce an error (CVE-2011-3207)
 2011-09-06 15:15:09 +00:00
Bodo Möller
c519e89f5c Fix session handling. 2011-09-05 13:36:23 +00:00
Bodo Möller
612fcfbd29 Fix d2i_SSL_SESSION. 2011-09-05 13:31:17 +00:00
Bodo Möller
e7928282d0 (EC)DH memory handling fixes. 
Submitted by: Adam Langley
 2011-09-05 10:25:31 +00:00
Bodo Möller
837e1b6812 Fix memory leak on bad inputs. 2011-09-05 09:57:20 +00:00
Bodo Möller
acb4ab34a4 Synchronize with 1.0.1 CHANGES file. 2011-09-05 09:30:50 +00:00
Dr. Stephen Henson
f55f5f775e Add support for canonical generation of DSA parameter g. 
Modify fips_dssvs to support appropriate file format.
 2011-08-26 14:51:49 +00:00
Andy Polyakov
c608171d9c Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. 2011-08-23 20:51:38 +00:00
Dr. Stephen Henson
1f59a84308 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA 
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
 2011-08-14 13:45:19 +00:00
Dr. Stephen Henson
20f12e63ff Add HMAC DRBG from SP800-90 2011-08-08 22:07:38 +00:00
Dr. Stephen Henson
28dd49faec Expand range of ctrls for AES GCM to support retrieval and setting of 
invocation field.

Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.
 2011-08-03 15:37:22 +00:00
Dr. Stephen Henson
fe8aeffa92 Update CHANGES. 2011-07-25 21:43:57 +00:00
Dr. Stephen Henson
01a9a7592e Add functions to return FIPS module version. 2011-07-04 23:38:16 +00:00
Bodo Möller
e66cb363d6 Fix the version history: changes going into 1.1.0 that are also going 
into 1.0.1 should not be listed as "changes between 1.0.1 and 1.0.0".

This makes the OpenSSL_1_0_1-stable and HEAD versions of this file
consistent with each other (the HEAD version has the additional 1.1.0
section, but doesn't otherwise differ).
 2011-06-15 14:49:17 +00:00
Dr. Stephen Henson
eda3766b53 Output supported curves in preference order instead of numerically. 2011-05-30 17:58:13 +00:00
Dr. Stephen Henson
992bdde62d Fix the ECDSA timing attack mentioned in the paper at: 
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
 2011-05-25 14:41:56 +00:00
Dr. Stephen Henson
f37f20ffd3 PR: 2295 
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
 2011-05-20 14:56:29 +00:00
Dr. Stephen Henson
101e6e19f2 Add CHANGES entry: add FIPS support to ssl 2011-05-19 18:10:25 +00:00
Dr. Stephen Henson
086e32a6c7 Implement FIPS_mode and FIPS_mode_set 2011-05-19 18:09:02 +00:00
Dr. Stephen Henson
855a54a9a5 Provisional support for TLS v1.2 client authentication: client side only. 
Parse certificate request message and set digests appropriately.

Generate new TLS v1.2 format certificate verify message.

Keep handshake caches around for longer as they are needed for client auth.
 2011-05-12 17:35:03 +00:00
Dr. Stephen Henson
c2fd598994 Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in 
the FIPS capable OpenSSL.
 2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
a2f9200fba Initial TLS v1.2 client support. Include a default supported signature 
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.

Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
 2011-05-09 15:44:01 +00:00
Dr. Stephen Henson
6b7be581e5 Continuing TLS v1.2 support: add support for server parsing of 
signature algorithms extension and correct signature format for
server key exchange.

All ciphersuites should now work on the server but no client support and
no client certificate support yet.
 2011-05-06 13:00:07 +00:00
Dr. Stephen Henson
7409d7ad51 Initial incomplete TLS v1.2 support. New ciphersuites added, new version 
checking added, SHA256 PRF support added.

At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
 2011-04-29 22:56:51 +00:00
Dr. Stephen Henson
08557cf22c Initial "opaque SSL" framework. If an application defines 
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.

The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
 2011-04-29 22:37:12 +00:00
Dr. Stephen Henson
e0d1a2f80a Always return multiple of block length bytes from default DRBG seed 
callback.

Handle case where no multiple of the block size is in the interval
[min_len, max_len].
 2011-04-23 20:05:19 +00:00
Dr. Stephen Henson
cac4fb58e0 Add PRNG security strength checking. 2011-04-23 19:55:55 +00:00
Dr. Stephen Henson
b5dd178740 Fix EVP CCM decrypt. Add decrypt support to algorithm test program. 2011-04-18 22:48:40 +00:00
Dr. Stephen Henson
2391681082 Initial untested CCM support via EVP. 2011-04-18 14:25:11 +00:00
Dr. Stephen Henson
06b7e5a0e4 Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation. 2011-04-15 02:49:30 +00:00
Dr. Stephen Henson
ac892b7aa6 Initial incomplete POST overhaul: add support for POST callback to 
allow status of POST to be monitored and/or failures induced.
 2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
32a2d8ddfe Provisional AES XTS support. 2011-04-12 23:21:33 +00:00
Dr. Stephen Henson
d7a3ce989c Update CHANGES. 2011-04-06 23:41:19 +00:00
Dr. Stephen Henson
05e24c87dd Extensive reorganisation of PRNG handling in FIPS module: all calls 
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.

Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
 2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14 Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be 
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
 2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
96ec46f7c0 Implement health checks needed by SP800-90. 
Fix warnings.

Instantiate DRBGs at maximum strength.
 2011-03-17 16:55:24 +00:00
Ben Laurie
d4f3dd5fb6 Fix Tom Wu's email. 2011-03-16 11:28:43 +00:00
Ben Laurie
0deea0e03c Note SRP support. 2011-03-12 17:04:07 +00:00
Dr. Stephen Henson
8857b380e2 Add ECDH to validated module. 2011-03-09 23:44:06 +00:00
Dr. Stephen Henson
11e80de3ee New initial DH algorithm test driver. 2011-03-08 19:10:17 +00:00
Dr. Stephen Henson
591cbfae3c Initial, provisional, subject to wholesale change, untested, probably 
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.

Did I say this was untested?
 2011-03-04 18:00:21 +00:00
Dr. Stephen Henson
eead69f5ed Make fipscanisteronly build only required files. 2011-02-21 14:07:15 +00:00
Dr. Stephen Henson
5d439d6955 Make -DOPENSSL_FIPSSYMS work for assembly language builds. 2011-02-17 19:03:52 +00:00
Dr. Stephen Henson
017bc57bf9 Experimental FIPS symbol renaming. 
Fixups under fips/ to make symbol renaming work.
 2011-02-16 14:49:50 +00:00
Dr. Stephen Henson
25c6542944 Add non-FIPS algorithm blocking and selftest checking. 2011-02-15 16:03:47 +00:00
Dr. Stephen Henson
fe26d066ff Add ECDSA functionality to fips module. Initial very incomplete version 
of algorithm test program.
 2011-02-14 17:14:55 +00:00
Dr. Stephen Henson
b331016124 New option to disable characteristic two fields in EC code. 2011-02-12 17:23:32 +00:00
Dr. Stephen Henson
30b56225cc New "fispcanisteronly" build option: only build fipscanister.o and 
associated utilities. This functionality will be used by the validated
tarball.
 2011-02-11 19:02:34 +00:00
Dr. Stephen Henson
b3d8022edd Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest. 2011-02-09 16:21:43 +00:00
Bodo Möller
c415adc26f Sync with 1.0.1 branch. 
(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
 2011-02-08 19:09:08 +00:00
Dr. Stephen Henson
bdaa54155c Initial *very* experimental EVP support for AES-GCM. Note: probably very 
broken and subject to change.
 2011-02-07 18:16:33 +00:00
Dr. Stephen Henson
d45087c672 Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher: 
the NULL value for the input buffer is sufficient to notice this case.
 2011-02-07 18:04:27 +00:00
Dr. Stephen Henson
3da0ca796c New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying 
cipher handles all cipher symantics itself.
 2011-02-07 14:36:08 +00:00
Bodo Möller
9bda745876 fix omissions 2011-02-03 11:13:29 +00:00
Bodo Möller
88f2a4cf9c CVE-2010-4180 fix (from OpenSSL_1_0_0-stable) 2011-02-03 10:43:00 +00:00
Dr. Stephen Henson
968062b7d3 Fix escaping code for string printing. If *any* escaping is enabled we 
must escape the escape character itself (backslash).
 2011-01-03 01:31:24 +00:00
Dr. Stephen Henson
2b3936e882 avoid verification loops in trusted store when path building 2010-12-25 20:45:59 +00:00
Dr. Stephen Henson
300b1d76fe apply J-PKAKE fix to HEAD (original by Ben) 2010-11-29 18:32:05 +00:00
Dr. Stephen Henson
f830c68f4d add "missing" functions to copy EVP_PKEY_METHOD and examine info 2010-11-24 16:08:20 +00:00
Dr. Stephen Henson
732d31beee bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files 2010-11-16 14:18:51 +00:00
Dr. Stephen Henson
e49af2ac38 move CHANGES entry to correct place 2010-10-10 12:24:13 +00:00
Dr. Stephen Henson
5759425810 PR: 2314 
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
 2010-10-10 12:15:47 +00:00
Dr. Stephen Henson
39239280f3 Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), 
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
 2010-10-03 18:58:09 +00:00
Bodo Möller
7b3a9b0099 Update version numbers 2010-08-26 18:45:45 +00:00
Bodo Möller
7c2d4fee25 For better forward-security support, add functions 
SSL_[CTX_]set_not_resumable_session_callback.

Submitted by: Emilia Kasper (Google)

[A part of this change affecting ssl/s3_lib.c was accidentally commited
separately, together with a compilation fix for that file;
see s3_lib.c CVS revision 1.133 (http://cvs.openssl.org/chngview?cn=19855).]
 2010-08-26 15:15:47 +00:00
Bodo Möller
04daec862c New 64-bit optimized implementation EC_GFp_nistp224_method(). 
This will only be compiled in if explicitly requested
(#ifdef EC_NISTP224_64_GCC_128).

Submitted by: Emilia Kasper (Google)
 2010-08-26 14:29:55 +00:00
Dr. Stephen Henson
44959ee456 PR: 1833 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Support for abbreviated handshakes when renegotiating.
 2010-08-26 14:23:52 +00:00
Bodo Möller
c94f7f657b ECC library bugfixes. 
Submitted by: Emilia Kasper (Google)
 2010-08-26 12:11:01 +00:00
Bodo Möller
173350bcca Harmonize with OpenSSL_1_0_1-stable version of CHANGES. 2010-08-26 11:22:33 +00:00
Ben Laurie
ee2ffc2794 Add Next Protocol Negotiation. 2010-07-28 10:06:55 +00:00
Dr. Stephen Henson
eb1c48be6f Add new type ossl_ssize_t instead of ssize_t and move definitions to 
e_os2.h, this should fix WIN32 compilation issues and hopefully avoid
conflicts with other headers which may workaround ssize_t in different ways.
 2010-07-26 18:15:59 +00:00
Dr. Stephen Henson
223c59eae5 Fix WIN32 build system to correctly link ENGINE DLLs contained in a 
directory: currently the GOST ENGINE is the only case.
 2010-07-24 17:52:43 +00:00
Dr. Stephen Henson
7bbd0de88d Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), 
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
 2010-07-21 16:14:48 +00:00
Dr. Stephen Henson
f96ccf36ff PR: 1830 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson

Support for RFC5705 key extractor.
 2010-07-18 17:43:18 +00:00
Dr. Stephen Henson
b9e7793dd7 oops, revert wrong patch.. 2010-07-18 17:43:01 +00:00
Dr. Stephen Henson
d135da5192 Fix warnings (From HEAD, original patch by Ben). 2010-07-18 16:52:47 +00:00
Dr. Stephen Henson
3cbb15ee81 add CVE-2010-0742 and CVS-2010-1633 fixes 2010-06-01 14:39:01 +00:00
Andy Polyakov
3efe51a407 Revert previous Linux-specific/centric commit#19629. If it really has to 
be done, it's definitely not the way to do it. So far answer to the
question was to ./config -Wa,--noexecstack (adopted by RedHat).
 2010-05-05 22:05:39 +00:00
Ben Laurie
0e3ef596e5 Non-executable stack in asm. 2010-05-05 15:50:13 +00:00
Dr. Stephen Henson
1bf508c9cf new function to diff tm structures 2010-04-15 13:25:26 +00:00
Dr. Stephen Henson
c0b8eb606f Add SHA2 algorithms to SSL_library_init(). Although these aren't used 
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
 2010-04-07 13:18:07 +00:00
Bodo Möller
3e8b6485b3 Fix for "Record of death" vulnerability CVE-2010-0740. 
Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010),
and further harmonize this version of CHANGES with the versions in the current branches.
 2010-03-25 11:25:30 +00:00
Dr. Stephen Henson
be449448dc update CHANGES 2010-03-14 12:55:15 +00:00
Dr. Stephen Henson
4c623cddbe add -sigopt option to ca utility 2010-03-14 12:54:45 +00:00
Mark J. Cox
fb75f349b7 This entry was in 0.9.8m changelog but missing from here, since it's 
security relevent we'd better list it.
 2010-03-12 08:36:44 +00:00
Dr. Stephen Henson
f26cf9957f typo 2010-03-11 14:19:46 +00:00
Dr. Stephen Henson
17c63d1cca RSA PSS ASN1 signing method 2010-03-11 14:06:46 +00:00
Dr. Stephen Henson
85522a074c Algorithm specific ASN1 signing functions. 2010-03-11 13:32:38 +00:00
Dr. Stephen Henson
31904ecdf3 RSA PSS verification support including certificates and certificate 
requests. Add new ASN1 signature initialisation function to handle this
case.
 2010-03-08 18:10:35 +00:00
Dr. Stephen Henson
ff04bbe363 Add PSS algorithm printing. This is an initial step towards full PSS support. 
Uses ASN1 module in Martin Kaiser's PSS patch.
 2010-03-06 19:55:25 +00:00
Dr. Stephen Henson
fa1ba589f3 Add algorithm specific signature printing. An individual ASN1 method can 
now print out signatures instead of the standard hex dump.

More complex signatures (e.g. PSS) can print out more meaningful information.

Sample DSA version included that prints out the signature parameters r, s.

[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
 new fields in the middle has no compatibility issues]
 2010-03-06 18:05:05 +00:00
Dr. Stephen Henson
cca1cd9a34 Submitted by: Tomas Hoger <thoger@redhat.com> 
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
 2010-03-03 15:41:18 +00:00
Dr. Stephen Henson
0f776277bc oops, use correct date 2010-02-26 12:13:36 +00:00
Dr. Stephen Henson
db28aa86e0 add -trusted_first option and verify flag 2010-02-25 12:21:48 +00:00
Dr. Stephen Henson
fbd2164044 Experimental support for partial chain verification: if an intermediate 
certificate is explicitly trusted (using -addtrust option to x509 utility
for example) the verification is sucessful even if the chain is not complete.
 2010-02-25 00:17:22 +00:00
Bodo Möller
a839755329 Fix X509_STORE locking 2010-02-19 18:27:07 +00:00
Dr. Stephen Henson
c2c49969e2 Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:38:31 +00:00
Dr. Stephen Henson
47e0a1c335 PR: 2100 
Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.
 2010-02-17 14:32:41 +00:00
Dr. Stephen Henson
f959598866 update references to new RI RFC 2010-02-12 21:59:31 +00:00
Dr. Stephen Henson
c8ef656df2 Make CMAC API similar to HMAC API. Add methods for CMAC. 2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
8c968e0355 Initial experimental CMAC implementation. 2010-02-07 18:01:07 +00:00
Dr. Stephen Henson
c2bf720842 Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy 
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
 2010-02-07 13:39:39 +00:00
Dr. Stephen Henson
da454e4c67 typo 2010-01-29 00:09:33 +00:00
Dr. Stephen Henson
08c239701b Experimental renegotiation support in s_server test -www server. 2010-01-28 19:48:36 +00:00
Dr. Stephen Henson
4ba1aa393b typo 2010-01-27 14:05:39 +00:00
Dr. Stephen Henson
d5e7f2f2c3 PR: 1949 
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
 2010-01-26 19:47:37 +00:00
Dr. Stephen Henson
58c0da84dd Typo 2010-01-26 12:30:00 +00:00
Dr. Stephen Henson
ba64ae6cd1 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:12 +00:00
Dr. Stephen Henson
bd5f21a4ae Fix version handling so it can cope with a major version >3. 
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
 2010-01-13 19:08:02 +00:00
Dr. Stephen Henson
1b31b5ad56 Modify compression code so it avoids using ex_data free functions. This 
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
 2010-01-13 18:57:40 +00:00
Dr. Stephen Henson
0e0c6821fa PR: 2136 
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
 2010-01-12 17:29:34 +00:00
Dr. Stephen Henson
76998a71bc Updates to conform with draft-ietf-tls-renegotiation-03.txt: 
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
 2010-01-06 17:37:09 +00:00
Dr. Stephen Henson
e6f418bcb7 Compression handling on session resume was badly broken: it always 
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
 2009-12-31 14:13:30 +00:00
Dr. Stephen Henson
5e63121758 Include CHANGES entry for external cache 2009-12-31 13:58:57 +00:00
Bodo Möller
7427379e9b Constify crypto/cast. 2009-12-22 10:58:33 +00:00
Dr. Stephen Henson
ef51b4b9b4 New option to enable/disable connection to unpatched servers 2009-12-16 20:25:59 +00:00
Dr. Stephen Henson
7661ccadf0 Add ctrls to clear options and mode. 
Change RI ctrl so it doesn't clash.
 2009-12-09 13:25:16 +00:00
Dr. Stephen Henson
82e610e2cf Send no_renegotiation alert as required by spec. 2009-12-08 19:06:26 +00:00
Dr. Stephen Henson
5430200b8b Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:08 +00:00
Dr. Stephen Henson
13f6d57b1e Add support for magic cipher suite value (MCSV). Make secure renegotiation 
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
 2009-12-08 13:14:03 +00:00
Dr. Stephen Henson
637f374ad4 Initial experimental TLSv1.1 support 2009-12-07 13:31:02 +00:00
Dr. Stephen Henson
9d9530255b Update CHANGES. 2009-12-02 15:28:27 +00:00
Dr. Stephen Henson
d2a53c2238 Experimental CMS password based recipient Info support. 2009-11-26 18:57:39 +00:00
Bodo Möller
480af99ef4 Make CHANGES in CVS head consistent with the CHANGES files in the 
branches.

This means that http://www.openssl.org/news/changelog.html will
finally describe 0.9.8l.
 2009-11-26 18:43:17 +00:00
Dr. Stephen Henson
3d63b3966f Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat 
and is a pre-requisite to adding password based CMS support.
 2009-11-25 22:01:06 +00:00
Dr. Stephen Henson
e0e7997212 First cut of renegotiation extension. (port to HEAD) 2009-11-09 19:03:34 +00:00
Dr. Stephen Henson
befbd0619b update CHANGES 2009-11-09 17:33:32 +00:00
Dr. Stephen Henson
245d2ee3d0 Add option to allow in-band CRL loading in verify utility. Add function 
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
 2009-10-31 13:33:57 +00:00
Dr. Stephen Henson
bb4060c5b5 Move CHANGES entry to 0.9.8l section 2009-10-30 13:29:30 +00:00
Dr. Stephen Henson
661dc1431f Fix statless session resumption so it can coexist with SNI 2009-10-30 13:22:24 +00:00
Dr. Stephen Henson
18e503f30f PR: 2064, 728 
Submitted by: steve@openssl.org

Add support for custom headers in OCSP requests.
 2009-09-30 21:40:55 +00:00
Dr. Stephen Henson
b6dcdbfc94 Audit libcrypto for unchecked return values: fix all cases enountered 2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
acf20c7dbd Add attribute to check if return value of certain functions is incorrectly 
ignored.
 2009-09-23 16:27:10 +00:00
Dr. Stephen Henson
a25f33d28a Submitted by: Julia Lawall <julia@diku.dk> 
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
 2009-09-13 11:29:29 +00:00
Dr. Stephen Henson
0c28f277d1 Add new option --strict-warnings to Configure script. This is used to add 
in devteam warnings into other configurations.
 2009-09-09 16:31:32 +00:00
Dr. Stephen Henson
1771668096 Tidy up and fix verify callbacks to avoid structure dereference, use of 
obsolete functions and enhance to handle new conditions such as policy printing.
 2009-09-02 12:47:28 +00:00
Dr. Stephen Henson
6727565a84 PR: 2003 
Make it possible to install OpenSSL in directories with name other
than "lib" for example "lib64". Based on patch from Jeremy Utley.
 2009-08-10 14:48:40 +00:00
Dr. Stephen Henson
d9d0f1b52c Reject leading 0x80 in OID subidentifiers. 2009-08-06 16:32:54 +00:00
Dr. Stephen Henson
0e4bc56347 Document MD2 deprecation. 2009-07-13 11:58:05 +00:00
Dr. Stephen Henson
9de014a7f8 Update from 0.9.8-stable 2009-06-30 22:27:33 +00:00
Dr. Stephen Henson
d2f6d28298 Update from 0.9.8-stable. 2009-06-28 16:24:37 +00:00
Dr. Stephen Henson
f3be6c7b7d Update from 1.0.0-stable. 2009-06-26 11:29:26 +00:00
Dr. Stephen Henson
e30dd20c0e Update from 1.0.0-stable 2009-06-25 11:29:30 +00:00
Dr. Stephen Henson
c05353c50a Rename asc2uni and uni2asc functions to avoid clashes. 2009-06-17 12:04:56 +00:00
Dr. Stephen Henson
31db43df08 Update from 0.9.8-stable. 2009-06-15 15:01:00 +00:00
Dr. Stephen Henson
d741ccadb5 Oops, update CHANGES entry. 2009-05-31 17:13:55 +00:00
Dr. Stephen Henson
d0b72cf45b Add CHANGES entries from 0.9.8-stable. 2009-05-18 17:37:33 +00:00
Dr. Stephen Henson
5f8f94a661 Update from 1.0.0-stable. 2009-04-28 22:10:54 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
22c98d4aad Update from 1.0.0-stable 2009-04-08 16:16:35 +00:00
Dr. Stephen Henson
cc7399e79c Changes from 1.0.0-stable. 2009-04-07 16:33:26 +00:00
Dr. Stephen Henson
14023fe352 Merge from 1.0.0-stable branch. 2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
aaf35f11d7 Allow use of algorithm and cipher names for dgsts and enc utilities instead 
of having to manually include each one.
 2009-03-30 11:31:50 +00:00
Dr. Stephen Henson
77ea8c3002 Fix typo in CHANGES. 2009-03-25 22:21:12 +00:00
Dr. Stephen Henson
ddcfc25a6d Update from stable branch. 2009-03-25 19:02:22 +00:00
Dr. Stephen Henson
4d7b7c62c3 Update CHANGES. 2009-03-25 12:57:50 +00:00
Dr. Stephen Henson
73ba116e96 Update from stable branch. 2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
80b2ff978d Update from stable branch. 2009-03-25 12:53:50 +00:00
Dr. Stephen Henson
7ce8c95d58 Update from stable branch. 2009-03-25 12:53:26 +00:00
Dr. Stephen Henson
b6af2c7e3e Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru> 
Reviewed by: steve@openssl.org

Update ccgost engine to support parameter files.
 2009-03-17 15:38:34 +00:00
Dr. Stephen Henson
237d7b6cae Fix from stable branch. 2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
854a225a27 Update from stable branch. 2009-03-14 18:33:49 +00:00
Dr. Stephen Henson
33ab2e31f3 PR: 1854 
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org

Support GeneralizedTime in ca utility.
 2009-03-09 13:59:07 +00:00
Dr. Stephen Henson
77202a85a0 Update from stable branch. 2009-03-07 17:00:23 +00:00
Bodo Möller
7ca1cfbac3 -hex option for openssl rand 
PR: 1831
Submitted by: Damien Miller
 2009-02-02 00:01:28 +00:00
Dr. Stephen Henson
57f39cc826 Print out UTF8 and NumericString types in ASN1 parsing utility. 2009-01-28 12:54:52 +00:00
Dr. Stephen Henson
6489573224 Update from stable branch. 2009-01-28 12:36:14 +00:00
Ben Laurie
7f62532030 Allow CC to be overridden. 2009-01-18 12:06:37 +00:00
Dr. Stephen Henson
c2c99e2860 Update certificate hash line format to handle canonical format 
and avoid MD5 dependency.
 2009-01-15 13:22:39 +00:00
Dr. Stephen Henson
8125d9f99c Make PKCS#8 the standard write format for private keys, replacing the 
ancient SSLeay format.
 2009-01-15 12:52:38 +00:00
Dr. Stephen Henson
363bd0b48e Add a set of standard gcc warning options which are designed to be the 
minimum requirement for committed code. Added to debug-steve* config targets
for now.
 2009-01-11 15:56:32 +00:00
Ben Laurie
60aee6ce15 Add missing entry. 2009-01-09 12:48:02 +00:00
Dr. Stephen Henson
bab534057b Updatde from stable branch. 2009-01-07 23:44:27 +00:00
Bodo Möller
7a76219774 Implement Configure option pattern "experimental-foo" 
(specifically, "experimental-jpake").
 2008-12-02 01:21:39 +00:00
Dr. Stephen Henson
79bd20fd17 Update from stable-branch. 2008-11-24 17:27:08 +00:00
Geoff Thorpe
31636a3ed1 Allow the CHIL engine to load even if dynamic locks aren't registered. 
Submitted by: Sander Temme
 2008-11-19 14:21:27 +00:00
Dr. Stephen Henson
12bf56c017 PR: 1574 
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.
 2008-11-15 17:18:12 +00:00
Dr. Stephen Henson
ed551cddf7 Update from stable branch. 2008-11-12 17:28:18 +00:00
Dr. Stephen Henson
87d52468aa Update HMAC functions to return an error where relevant. 2008-11-02 16:00:39 +00:00
Ben Laurie
6caa4edd3e Add JPAKE. 2008-10-26 18:40:52 +00:00
Ben Laurie
28b6d5020e Set comparison function in v3_add_canonize(). 2008-10-14 19:27:07 +00:00
Ben Laurie
d5bbead449 Add XMPP STARTTLS support. 2008-10-14 19:11:26 +00:00
Ben Laurie
1ea6472e60 Type-safe OBJ_bsearch_ex. 2008-10-14 08:10:52 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90 Experimental new date handling routines. These fix issues with X509_time_adj() 
and should avoid any OS date limitations such as the year 2038 bug.
 2008-10-07 22:55:27 +00:00
Bodo Möller
837f2fc7a4 Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't 
enable disabled ciphersuites.
 2008-09-22 21:22:47 +00:00
Bodo Möller
1a489c9af1 From branch OpenSSL_0_9_8-stable: Allow soft-loading engines. 
Also, fix CHANGES (consistency with stable branch).
 2008-09-15 20:41:24 +00:00
Dr. Stephen Henson
8c864e5466 Add missing CHANGES entry. 2008-09-15 20:30:58 +00:00
Bodo Möller
e65bcbcef0 Fix SSL state transitions. 
Submitted by: Nagendra Modadugu
 2008-09-14 14:02:07 +00:00
Bodo Möller
e710de12ce Note about CVS branch inconsistency. 2008-09-14 13:53:18 +00:00
Bodo Möller
db99c52509 Really get rid of unsafe double-checked locking. 
Also, "CHANGES" clean-ups.
 2008-09-14 13:51:44 +00:00
Bodo Möller
f8d6be3f81 Some precautions to avoid potential security-relevant problems. 2008-09-14 13:42:34 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find 
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
 2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06 Add support for CRLs partitioned by reason code. 
Tidy CRL scoring system.

Add new CRL path validation error.
 2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
249a77f5fb Add support for freshest CRL extension. 2008-08-27 15:52:05 +00:00
Dr. Stephen Henson
d0fff69dc9 Initial indirect CRL support. 2008-08-20 16:42:19 +00:00
Bodo Möller
2ecd2edede Mention ERR_remove_state() deprecation, and ERR_remove_thread_state(NULL). 2008-08-13 19:30:01 +00:00
Dr. Stephen Henson
9d84d4ed5e Initial support for CRL path validation. This supports distinct certificate 
and CRL signing keys.
 2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
002e66c0e8 Support for policy mappings extension. 
Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.
 2008-08-12 10:32:56 +00:00
Dr. Stephen Henson
e9746e03ee Initial support for name constraints certificate extension. 
TODO: robustness checking on name forms.
 2008-08-08 15:35:29 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs, 
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
 2008-08-06 15:54:15 +00:00
Dr. Stephen Henson
5cbd203302 Initial support for alternative CRL issuing certificates. 
Allow inibit any policy flag to be set in apps.
 2008-07-30 15:49:12 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked 
version some time soon.
 2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
8528128b2a Update from stable branch. 2008-06-26 23:27:31 +00:00
Bodo Möller
8228fd89fc avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr() 
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
 2008-06-23 20:46:24 +00:00
Dr. Stephen Henson
adb92d56eb Add acknowledgement. 2008-06-09 16:48:42 +00:00
Dr. Stephen Henson
6bf79e30ea Update CHANGES. 2008-06-05 15:34:24 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Ben Laurie
8671b89860 Memory saving patch. 2008-06-03 02:48:34 +00:00
Dr. Stephen Henson
368888bcb6 Add client cert engine to SSL routines. 2008-06-01 22:33:24 +00:00
Bodo Möller
2cd81830ef sync with 0.9.8 branch 2008-05-28 22:30:28 +00:00
Bodo Möller
e194fe8f47 From HEAD: 
Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com
 2008-05-28 22:17:34 +00:00
Bodo Möller
40a706286f From HEAD: 
Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com
 2008-05-28 22:15:48 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Lutz Jänicke
c2c2e7a438 Clear error queue when starting SSL_CTX_use_certificate_chain_file 
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
 2008-05-23 10:37:52 +00:00
Lutz Jänicke
d18ef847f4 Remove all root CA files (beyond test CAs including private key) 
from the OpenSSL distribution.
 2008-05-23 08:59:23 +00:00
Dr. Stephen Henson
5c0d90a699 Typo. 2008-05-20 18:49:00 +00:00
Dr. Stephen Henson
f434730524 Typo. 2008-05-20 16:13:57 +00:00
Dr. Stephen Henson
94fd382f8b Fix two invalid memory reads in RSA OAEP mode. 
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
 2008-05-19 21:33:55 +00:00
Bodo Möller
4bd4afa34e Change use of CRYPTO_THREADID so that we always use both the ulong and 
ptr members.

(So if the id_callback is bogus, we still have &errno.)
 2008-05-19 20:45:25 +00:00
Dr. Stephen Henson
8a2062fefe Update from stable branch. 2008-04-30 16:14:02 +00:00
Geoff Thorpe
e7b097f558 Fix auto-discovery of ENGINEs. See the CHANGES entry for details (and/or 
ticket #1668).

PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe
 2008-04-28 21:39:09 +00:00
Geoff Thorpe
5ee6f96cea Paul Sheer optimised the OpenSSL to/from libGMP conversions for the case 
where they both use the same limb size. I've tweaked his patch slightly, so
blame me if it breaks.

Submitted by: Paul Sheer
Reviewed by: Geoff Thorpe
 2008-04-27 18:41:23 +00:00
Dr. Stephen Henson
3df9357103 Update CHANGES. 2008-04-02 11:44:00 +00:00
Dr. Stephen Henson
992e92a46e Update CHANGES. 2008-04-02 11:24:22 +00:00
Dr. Stephen Henson
eb9d8d8cd4 Support for verification of signed receipts. 2008-03-28 13:15:39 +00:00
Geoff Thorpe
f7ccba3edf There was a need to support thread ID types that couldn't be reliably cast 
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
 2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
fd47c36136 Return error if no cipher set for encrypted data type. 
Update CHANGES.
 2008-03-15 00:02:23 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins... 
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
 2008-03-12 21:14:28 +00:00
Bodo Möller
7c9882eb24 fix BIGNUM flag handling 2008-02-27 06:01:28 +00:00
Dr. Stephen Henson
7398053149 Experimental support for import of more options from Configure 
(via top level Makefile) into mk1mf builds. This avoids the need
to duplicate the CFLAG handling and can auto build assembly language
source files from perl scripts.

Extend VC-WIN32 Configure entry to include new options.
 2008-01-06 00:36:22 +00:00
Dr. Stephen Henson
76d761ccd3 Move CHANGES entry. Revert include file install line. 2008-01-03 22:57:50 +00:00
Dr. Stephen Henson
eef0c1f34c Netware support. 
Submitted by: Guenter Knauf <eflash@gmx.net>
 2008-01-03 22:43:04 +00:00
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case 
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
 2007-10-26 12:06:36 +00:00
Lutz Jänicke
11d01d371f Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f 2007-10-19 08:26:03 +00:00
Andy Polyakov
0d89e45690 Synchronize CHANGES between 0.9.8 and HEAD. 2007-10-13 10:55:30 +00:00
Dr. Stephen Henson
a6db6a0070 Update CHANGES. Keep ordinals consistent. 2007-10-12 00:15:09 +00:00
Andy Polyakov
0023adb47a Switch to bn-s390x (it's faster on keys longer than 512 bits) and mention 
s390x assembler pack in CHANAGES.
 2007-10-01 07:38:32 +00:00
Andy Polyakov
4c7c5ff667 ARMv4 assembler pack. 2007-09-27 07:09:46 +00:00
Dr. Stephen Henson
67c8e7f414 Support for certificate status TLS extension. 2007-09-26 21:56:59 +00:00
Bodo Möller
761772d7e1 Implement the Opaque PRF Input TLS extension 
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way.  In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().

Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
 2007-09-21 06:54:24 +00:00
Dr. Stephen Henson
a6fbcb4220 Change safestack reimplementation to match 0.9.8. 
Fix additional gcc 4.2 value not used warnings.
 2007-09-07 13:25:15 +00:00
Dr. Stephen Henson
81025661a9 Update ssl code to support digests other than MD5+SHA1 in handshake. 
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
 2007-08-31 12:42:53 +00:00
Dr. Stephen Henson
ec5d747328 Add Google sponsorship note. 2007-08-27 23:41:36 +00:00
Dr. Stephen Henson
ba0e826d83 Update from stable branch. 2007-08-23 22:59:09 +00:00
Dr. Stephen Henson
6434abbfc6 RFC4507 (including RFC4507bis) TLS stateless session resumption support 
for OpenSSL.
 2007-08-11 23:18:29 +00:00
Andy Polyakov
85a5668dba CHANGES update from 098-stable. 2007-06-20 17:46:43 +00:00
Dr. Stephen Henson
3c07d3a3d3 Finish gcc 4.2 changes. 2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
297e6f1917 Avoid use of function pointer casts in pem library. Modify safestack to 
always use inline functions.
 2007-06-04 17:53:04 +00:00
Dr. Stephen Henson
b948e2c59e Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. 2007-06-04 17:04:40 +00:00
Bodo Möller
19f6c524bf Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 2007-05-22 09:47:43 +00:00
Ben Laurie
69ab085290 More IGE speedup. 2007-05-13 15:14:38 +00:00
Ben Laurie
5f09d0ecc2 AES IGE mode speedup. 2007-05-13 12:57:59 +00:00
Bodo Möller
96afc1cfd5 Add SEED encryption algorithm. 
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
 2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
9cfc8a9d5c Update smime utility to support streaming for -encrypt and -sign -nodetach 
options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.

These all process content on the fly without storing it all in memory.
 2007-04-13 01:06:41 +00:00
Dr. Stephen Henson
2022cfe07e New -mac and -macopt options to dgst utility. Reimplement -hmac option in 
terms of new API.
 2007-04-11 17:20:40 +00:00
Dr. Stephen Henson
47b71e6ee9 Update CHANGES. 2007-04-11 12:33:28 +00:00
Dr. Stephen Henson
d952c79a7b New -sigopt option for dgst utility. 2007-04-08 12:47:18 +00:00
Bodo Möller
b002265ee3 make BN_FLG_CONSTTIME semantics more fool-proof 2007-03-28 18:41:23 +00:00
Bodo Möller
bd31fb2145 Change to mitigate branch prediction attacks 
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
 2007-03-28 00:15:28 +00:00
Bodo Möller
0f32c841a6 stricter session ID context matching 2007-03-21 14:33:16 +00:00
Bodo Möller
dd2b6750db include complete 0.9.7 history 
include release date of 0.9.8e
 2007-02-26 10:49:59 +00:00
Lutz Jänicke
8d72476e2b Extend SMTP and IMAP protocol handling to perform the required 
EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
 2007-02-21 18:20:41 +00:00
Dr. Stephen Henson
a2e623c011 Update from 0.9.7-stable. 2007-02-21 13:49:35 +00:00
Bodo Möller
fd5bc65cc8 Improve ciphersuite order stability when disabling ciphersuites. 
Change ssl_create_cipher_list() to prefer ephemeral ECDH over
ephemeral DH.
 2007-02-20 16:36:58 +00:00
Bodo Möller
0a05123a6c Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a 
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.

Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".
 2007-02-19 18:41:41 +00:00
Bodo Möller
52b8dad8ec Reorganize the data used for SSL ciphersuite pattern matching. 
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).

In some cases the ciphersuite list generated from a given string is
affected by this change.  I hope this is just in those cases where the
previous behaviour did not make sense.
 2007-02-17 06:45:38 +00:00
Nils Larsch
357d5de5b9 add support for DSA with SHA2 2007-02-03 14:41:12 +00:00
Dr. Stephen Henson
11d8cdc6ad Experimental streaming PKCS#7 support. 
I thought it was about time I dusted this off. This stuff had been sitting on
my hard drive for *ages* (2003 in fact). Hasn't been tested well and may not
work properly.

Nothing uses it at present which is just as well.

Think of this as a traditional Christmas present which looks far more
impressive in the adverts and on the box, some of the bits are missing and
falls to bits if you play with it too much.
 2006-12-24 16:22:56 +00:00
Nils Larsch
fec38ca4ed fix typos 
PR: 1354, 1355, 1398, 1408
 2006-12-21 21:13:27 +00:00
Nils Larsch
06e2dd037e add support for ecdsa-with-sha256 etc. 2006-12-20 08:58:54 +00:00
Bodo Möller
772e3c07b4 Fix the BIT STRING encoding of EC points or parameter seeds 
(need to prevent the removal of trailing zero bits).
 2006-12-19 15:11:37 +00:00
Bodo Möller
1e24b3a09e fix support for receiving fragmented handshake messages 2006-11-29 14:45:50 +00:00
Ben Laurie
96ea4ae91c Add RFC 3779 support. 2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
de12116417 Initial, incomplete support for typesafe macros without using function 
casts.
 2006-11-16 00:19:39 +00:00
Andy Polyakov
3189772e07 Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even 
recent mingw modifications.
 2006-10-23 07:38:30 +00:00
Bodo Möller
3c5406b35c All 0.9.8d patches have been applied to HEAD now, so we no longer need 
the redundant entries under the 0.9.9 heading.
 2006-09-28 13:50:41 +00:00
Bodo Möller
61118caa86 include 0.9.8d and 0.9.7l information 2006-09-28 13:35:01 +00:00
Mark J. Cox
348be7ec60 Fix ASN.1 parsing of certain invalid structures that can result 
in a denial of service.  (CVE-2006-2937)  [Steve Henson]
 2006-09-28 13:20:44 +00:00
Mark J. Cox
3ff55e9680 Fix buffer overflow in SSL_get_shared_ciphers() function. 
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
 2006-09-28 13:18:43 +00:00
Dr. Stephen Henson
010fa0b331 Tidy up CRL handling by checking for critical extensions when it is 
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.

Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
 2006-09-21 12:42:15 +00:00
Dr. Stephen Henson
5d20c4fb35 Overhaul of by_dir code to handle dynamic loading of CRLs. 2006-09-17 17:16:28 +00:00
Dr. Stephen Henson
bc7535bc7f Support for AKID in CRLs and partial support for IDP. Overhaul of CRL 
handling to support this.
 2006-09-14 17:25:02 +00:00
Bodo Möller
b6699c3f07 Update 2006-09-12 14:42:19 +00:00
Bodo Möller
ed65f7dc34 ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 
ciphersuite as well
 2006-09-11 09:49:03 +00:00
Bodo Möller
6a2c471077 Every change so far that is in the 0.9.8 branch is (or should be) in HEAD 2006-09-06 06:34:52 +00:00
Mark J. Cox
b79aa05e3b Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher 
(CVE-2006-4339)

Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
 2006-09-05 08:58:03 +00:00
Ben Laurie
aa6d1a0c19 Forward port of IGE mode. 2006-08-31 14:04:04 +00:00
Dr. Stephen Henson
f6e7d01450 Support for multiple CRLs with same issuer name in X509_STORE. Modify 
verify logic to try to use an unexpired CRL if possible.
 2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
edc540211c Cache some CRL related extensions. 2006-07-24 12:39:22 +00:00
Dr. Stephen Henson
450ea83495 Store canonical encodings of Name structures. Update X509_NAME_cmp() to use 
them.
 2006-07-18 12:36:19 +00:00
Dr. Stephen Henson
454dbbc593 Add -timeout option to ocsp utility. 2006-07-17 13:26:54 +00:00
Dr. Stephen Henson
c1c6c0bf45 New non-blocking OCSP functionality. 2006-07-17 12:18:28 +00:00
Dr. Stephen Henson
b7683e3a5d Allow digests to supply S/MIME micalg values from a ctrl. 
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
 2006-07-10 18:36:55 +00:00
Dr. Stephen Henson
0ee2166cc5 New functions to add and free up application defined signature OIDs. 2006-07-09 16:05:43 +00:00
Dr. Stephen Henson
5ba4bf35c5 New functions to enumerate digests and ciphers. 2006-07-09 00:53:45 +00:00
Bodo Möller
e34aa5a3b3 always read in RAND_poll() if we can't use select because of a too 
large FD: it's non-blocking mode anyway
 2006-06-28 14:50:12 +00:00
Richard Levitte
27a3d9f9aa Use poll() when possible to gather Unix randomness entropy 2006-06-27 06:31:34 +00:00
Bodo Möller
48fc582f66 New functions CRYPTO_set_idptr_callback(), 
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.
 2006-06-23 15:21:36 +00:00
Bodo Möller
81de1028bc Change in 0.9.8 branch: 
Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)
 2006-06-22 12:37:28 +00:00
Bodo Möller
850815cb6e Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch) 2006-06-20 08:50:42 +00:00
Bodo Möller
c4e7870ac1 Change array representation of binary polynomials to make GF2m part of 
the BN library more generally useful.

Submitted by: Douglas Stebila
 2006-06-18 22:00:57 +00:00
Bodo Möller
5b57fe0a1e Disable invalid ciphersuites 2006-06-14 17:51:46 +00:00
Bodo Möller
89bbe14c50 Ciphersuite string bugfixes, and ECC-related (re-)definitions. 2006-06-14 17:40:31 +00:00
Bodo Möller
675f605d44 Thread-safety fixes 2006-06-14 08:55:23 +00:00
Bodo Möller
f3dea9a595 Camellia cipher, contributed by NTT 
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
 2006-06-09 15:44:59 +00:00
Dr. Stephen Henson
fb7b393278 Output MIME parameter micalg according to RFC3851 and RFC4490 instead of hard 
coding it to "sha1".
 2006-06-06 13:27:36 +00:00
Dr. Stephen Henson
01b8b3c7d2 Complete EVP_PKEY_ASN1_METHOD ENGINE support. 2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
de9fcfe348 Initial public key ASN1 method engine support. Not integrated yet. 2006-06-02 17:52:27 +00:00
Dr. Stephen Henson
c9777d2659 Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE 
implementations and functional reference counting when a context
is allocated, free or copied.
 2006-06-02 12:33:39 +00:00
Dr. Stephen Henson
58aa573ac2 Add engine table for EVP_PKEY_METHOD. Doesn't do much yet. 2006-06-01 11:38:50 +00:00
Dr. Stephen Henson
91c9e62123 New functions for enchanced digest sign/verify. 2006-05-24 17:30:09 +00:00
Dr. Stephen Henson
5531192151 Add -resign and -md options to smime command to support resigning an 
existing structure and using alternative digest for signing.
 2006-05-18 23:44:44 +00:00
Dr. Stephen Henson
a6e7fcd140 Multiple signer support in smime application. 2006-05-18 12:41:28 +00:00
Dr. Stephen Henson
121dd39f9f New option to pkcs12 utility to set alternative MAC digest algorithm. 2006-05-17 18:46:22 +00:00
Dr. Stephen Henson
6d3a1eac3b Add PRF preference ctrl to ciphers. 2006-05-15 18:35:13 +00:00
Dr. Stephen Henson
b8f702a0af Change builting PBE to use static table. Add entries for HMAC and MD5, GOST. 2006-05-15 17:34:36 +00:00
Dr. Stephen Henson
856640b54f Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-14 18:40:53 +00:00
Dr. Stephen Henson
34b3c72e4e Typo. 2006-05-14 16:50:22 +00:00
Dr. Stephen Henson
959e8dfe06 Update 'req' command to use new keygen API. 2006-05-11 21:39:00 +00:00
Dr. Stephen Henson
399a6f0bd1 Update PKCS#7 enveloped data to new API. 2006-05-08 12:44:25 +00:00
Dr. Stephen Henson
03919683f9 Add support for default public key digest type ctrl. 2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
5cda6c4582 Fix from stable branch. 2006-05-07 12:30:37 +00:00
Dr. Stephen Henson
ee1d9ec019 Remove link between digests and signature algorithms. 
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
 2006-04-19 17:05:59 +00:00
Dr. Stephen Henson
d202709808 Add OID cross reference table. 
Fix some typos in GOST OIDs.

Update dependencies.
 2006-04-18 23:36:07 +00:00
Dr. Stephen Henson
492a9e2415 Allow public key ASN1 methods to set PKCS#7 SignerInfo structures. 2006-04-17 17:12:23 +00:00
Dr. Stephen Henson
9ca7047d71 Provisional support for EC pkey method, supporting ECDH and ECDSA. 2006-04-16 16:15:59 +00:00
Dr. Stephen Henson
ba1ba5f0fb If cipher list contains a match for an explicit ciphersuite only match that 
one suite.
 2006-04-15 00:22:05 +00:00
Dr. Stephen Henson
ffb1ac674c Complete key derivation support. 2006-04-13 20:16:56 +00:00
Dr. Stephen Henson
3ba0885a3e Extend DH ASN1 method, add DH EVP_PKEY_METHOD. 2006-04-12 23:51:24 +00:00
Ulf Möller
4700aea951 Add BeOS support. 
PR: 1312
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
Reviewed by: Ulf Moeller
 2006-04-11 21:34:21 +00:00
Dr. Stephen Henson
f5cda4cbb1 Initial keygen support. 2006-04-11 13:28:52 +00:00
Dr. Stephen Henson
f733a5ef0e Initial functions for main EVP_PKEY_METHOD operations. 
No method implementations yet.
 2006-04-07 16:42:09 +00:00
Dr. Stephen Henson
0b6f3c66cd Initial definitions and a few functions for EVP_PKEY_METHOD: an extension 
of the EVP routines to public key algorithms.
 2006-04-06 13:02:06 +00:00
Dr. Stephen Henson
0b33dac310 New function to retrieve ASN1 info on public key algorithms. New command 
line option to print out info.
 2006-04-04 18:16:03 +00:00
Bodo Möller
332737217a Implement Supported Elliptic Curves Extension. 
Submitted by: Douglas Stebila
 2006-03-30 02:44:56 +00:00
Dr. Stephen Henson
246e09319c Fix bug where freed OIDs could be accessed in EVP_cleanup() by 
defering freeing in OBJ_cleanup().
 2006-03-28 17:23:48 +00:00
Dr. Stephen Henson
3e4585c8fd New utility pkeyparam. Enhance and bugfix algorithm specific parameter 
functions to support it.
 2006-03-28 14:35:32 +00:00
Dr. Stephen Henson
3e84b6e15f New general public key utility 'pkey'. 2006-03-28 12:34:45 +00:00
Dr. Stephen Henson
35208f368c Gather printing routines into EVP_PKEY_ASN1_METHOD. 2006-03-22 13:09:35 +00:00
Dr. Stephen Henson
448be74335 Initial support for pluggable public key ASN1 support. Process most public 
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
 2006-03-20 12:22:24 +00:00
Bodo Möller
36ca4ba63d Implement the Supported Point Formats Extension for ECC ciphersuites 
Submitted by: Douglas Stebila
 2006-03-11 23:46:37 +00:00
Bodo Möller
ed4a1d12b9 clarification 2006-03-11 22:10:34 +00:00
Nils Larsch
ddac197404 add initial support for RFC 4279 PSK SSL ciphersuites 
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
 2006-03-10 23:06:27 +00:00
Ulf Möller
c7235be6e3 RFC 3161 compliant time stamp request creation, response generation 
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
 2006-02-12 23:11:56 +00:00
Dr. Stephen Henson
31676a3540 Update from stable branch. 2006-01-15 13:50:10 +00:00
Bodo Möller
241520e66d More TLS extension related changes. 
Submitted by: Peter Sylvester
 2006-01-11 06:10:40 +00:00
Bodo Möller
a13c20f603 Further TLS extension updates 
Submitted by: Peter Sylvester
 2006-01-09 19:49:05 +00:00
Bodo Möller
1aeb3da83f Fixes for TLS server_name extension 
Submitted by: Peter Sylvester
 2006-01-06 09:08:59 +00:00
Bodo Möller
e8e5b46e2b Add names for people who provided the TLS extension patch. 2006-01-04 17:35:51 +00:00
Bodo Möller
f1fd4544a3 Various changes in the new TLS extension code, including the following: 
- fix indentation
 - rename some functions and macros
 - fix up confusion between SSL_ERROR_... and SSL_AD_... values
 2006-01-03 03:27:19 +00:00
Bodo Möller
b1277b9902 C style fix-up 2006-01-02 23:29:12 +00:00
Andy Polyakov
ed26604a71 Engage Whirlpool assembler and mention Whirlpool in CHANGES. 2005-12-16 12:55:33 +00:00
Andy Polyakov
0cb9d93d0c Mention bn(64,64) to bn(64,32) switch on 64-bit SPARCv9 targets in CHANGES. 2005-12-16 11:12:42 +00:00
Bodo Möller
d56349a2aa update TLS-ECC code 
Submitted by: Douglas Stebila
 2005-12-13 07:33:35 +00:00
Dr. Stephen Henson
ad2695b1b7 Update from 0.9.8-stable. 2005-12-05 13:46:46 +00:00
Dr. Stephen Henson
b40228a61d New functions to support opaque EVP_CIPHER_CTX handling. 2005-12-02 13:46:39 +00:00
Dr. Stephen Henson
452ae49db5 Extensive OID code enhancement and fixes. 2005-11-20 13:07:47 +00:00
Bodo Möller
d804f86b88 disable some invalid ciphersuites 2005-11-15 23:32:11 +00:00
Bodo Möller
8dee9f844f deFUDify: don't require OPENSSL_EC_BIN_PT_COMP 2005-11-15 21:08:38 +00:00
Dr. Stephen Henson
fbf002bb88 Update from stable branch. 2005-11-06 17:58:26 +00:00
Richard Levitte
998ac55e19 Document it 2005-11-01 07:53:37 +00:00
Bodo Möller
a1006c373d harmonize with 0.9.7-stable and 0.9.8-stable variants of CHANGES 2005-10-26 19:28:04 +00:00
Andy Polyakov
4d524040bc Change bn_mul_mont declaration and BN_MONT_CTX. Update CHANGES. 2005-10-22 17:57:18 +00:00
Mark J. Cox
04fac37311 one time CAN->CVE update 2005-10-19 11:00:39 +00:00
Richard Levitte
89ec4332ec Add in CHANGES for 0.9.7i. 2005-10-15 04:26:57 +00:00
Mark J. Cox
d357be38b9 Make sure head CHANGES is up to date, we refer to this in announce.txt 2005-10-11 11:10:19 +00:00
Dr. Stephen Henson
566dda07ba New option SSL_OP_NO_COMP to disable compression. New ctrls to set 
maximum send fragment size. Allocate I/O buffers accordingly.
 2005-10-08 00:18:53 +00:00
Bodo Möller
13e4670c29 new option "openssl ciphers -V" 2005-10-01 04:08:48 +00:00
Dr. Stephen Henson
f022c177db Two new verify flags functions. 2005-09-02 22:49:54 +00:00
Dr. Stephen Henson
1ef7acfe92 Initial support for ASN1 print code. 
WARNING WARNING WARNING, experimental code, handle with care, use at
your own risk, may contain nuts.
 2005-09-01 13:59:16 +00:00
Dr. Stephen Henson
a0156a926f Integrated support for PVK files. 2005-08-31 16:37:54 +00:00
Nils Larsch
6e119bb02e Keep cipher lists sorted in the source instead of sorting them at 
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.
 2005-08-25 07:29:54 +00:00
Bodo Möller
770bc596e1 recent DH change does not avoid *all* possible small-subgroup attacks; 
let's be clear about that
 2005-08-23 06:54:33 +00:00
Ben Laurie
bf3d6c0c9b Make D-H safer, include well-known primes. 2005-08-21 16:00:17 +00:00
Dr. Stephen Henson
eea374fd19 Command line support for RSAPublicKey format. 2005-08-21 00:18:26 +00:00
Dr. Stephen Henson
45e2738585 Remove ASN1_METHOD code replace with new ASN1 alternative. 2005-08-20 18:12:45 +00:00
Nils Larsch
4ebb342fcd Let the TLSv1_method() etc. functions return a const SSL_METHOD 
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
 2005-08-14 21:48:33 +00:00
Andy Polyakov
0491e05833 Final(?) WinCE update. 2005-08-07 22:21:49 +00:00
Dr. Stephen Henson
f3b656b246 Initialize SSL_METHOD structures at compile time. This removes the need 
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
 2005-08-05 23:56:11 +00:00
Dr. Stephen Henson
8f2e4fdf86 Allow PKCS7_decrypt() to work if no cert supplied. 2005-08-04 22:15:22 +00:00
Dr. Stephen Henson
0537f9689c Add support for setting IDP too. 2005-07-25 22:35:36 +00:00
Dr. Stephen Henson
0745d0892d Allow setting of all fields in CRLDP. Few cosmetic changes to output. 2005-07-25 18:42:29 +00:00
Dr. Stephen Henson
9aa9d70ddb Print out previously unsupported fields in CRLDP by i2r instead of i2v. 
Cosmetic changes to IDP printout.
 2005-07-24 00:23:57 +00:00
Dr. Stephen Henson
231493c93c Initial print only support for IDP CRL extension. 2005-07-23 23:33:06 +00:00
Richard Levitte
2bd2cd9b78 Changes from the 0.9.8 branch. 2005-07-05 19:16:24 +00:00
Richard Levitte
c83101248a Changes from the 0.9.8 branch. 2005-07-05 18:36:42 +00:00
Andy Polyakov
8d3509b937 CHANGES and TABLE sync with 0.9.8. 2005-07-05 11:48:38 +00:00
Dr. Stephen Henson
cbdac46d58 Update from stable branch. 2005-07-04 23:12:04 +00:00
Dr. Stephen Henson
5d6c4985d1 Typo. 2005-06-02 20:29:32 +00:00
Dr. Stephen Henson
b615ad90c8 Update CHANGES. 2005-06-02 20:11:16 +00:00
Geoff Thorpe
a2c32e2d7f Change the source and output paths for 'chil' and '4758cca' engines so that 
dynamic loading is consistent with respect to engine ids.
 2005-05-29 19:14:21 +00:00
Bodo Möller
0ebfcc8f92 make sure DSA signing exponentiations really are constant-time 2005-05-26 04:40:52 +00:00
Richard Levitte
28e4fe34e4 Version changes where needed. 2005-05-18 04:04:12 +00:00
Bodo Möller
91b17fbad4 Change wording for BN_mod_exp_mont_consttime() entry 2005-05-16 19:14:34 +00:00
Bodo Möller
46a643763d Implement fixed-window exponentiation to mitigate hyper-threading 
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
 2005-05-16 01:43:31 +00:00
Dr. Stephen Henson
b6995add5c Make -CSP option work again in pkcs12 utility by checking for 
attribute in EVP_PKEY structure.
 2005-05-15 00:54:45 +00:00
Bodo Möller
c6c2e3135d Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled 
with the SSL_OP_NO_SSLv2 option.
 2005-05-11 18:25:49 +00:00
Nils Larsch
8b15c74018 give EC_GROUP_new_by_nid a more meanigful name: 
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
 2005-05-10 11:37:47 +00:00
Bodo Möller
0f4499360e give EC_GROUP_*_nid functions a more meaningful name 
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
    EC_GROUP_set_nid -> EC_GROUP_set_curve_name
 2005-05-09 00:05:17 +00:00
Dr. Stephen Henson
05338b58ce Support for smime-type MIME parameter. 2005-05-01 12:46:57 +00:00
Dr. Stephen Henson
6ec8e63af6 Port BN_MONT_CTX_set_locked() from stable branch. 
The function rsa_eay_mont_helper() has been removed because it is no longer
needed after this change.
 2005-04-26 23:58:54 +00:00
Nils Larsch
800e400de5 some updates for the blinding code; summary: 
- possibility of re-creation of the blinding parameters after a
  fixed number of uses (suggested by Bodo)
- calculatition of the rsa::e in case it's absent and p and q
  are present (see bug report #785)
- improve the performance when if one rsa structure is shared by
  more than a thread (see bug report #555)
- fix the problem described in bug report #827
- hide the definition ot the BN_BLINDING structure in bn_blind.c
 2005-04-26 22:31:48 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00
Bodo Möller
aa16a28631 first step to melt down ChangeLog.0_9_7-stable_not-in-head :-) 2005-04-25 21:06:05 +00:00
Nils Larsch
ff22e913a3 - use BN_set_negative and BN_is_negative instead of BN_set_sign 
and BN_get_sign
- implement BN_set_negative as a function
- always use "#define BN_is_zero(a) ((a)->top == 0)"
 2005-04-22 20:02:44 +00:00
Dr. Stephen Henson
bc3cae7e7d Include error library value in C error source files instead of fixing up 
at runtime.
 2005-04-12 13:31:14 +00:00
Dr. Stephen Henson
0858b71b41 Make kerberos ciphersuite code work with newer header files 2005-04-09 23:55:55 +00:00
Richard Levitte
d9bfe4f97c Added restrictions on the use of proxy certificates, as they may pose 
a security threat on unexpecting applications.  Document and test.
 2005-04-09 16:07:12 +00:00
Nils Larsch
dc0ed30cfe add support for DER encoded private keys to SSL_CTX_use_PrivateKey_file() 
and SSL_use_PrivateKey_file()

PR: 1035
Submitted by: Walter Goulet
Reviewed by:  Nils Larsch
 2005-04-08 22:52:42 +00:00
Nils Larsch
6049399baf get rid of very buggy and very imcomplete DH cert support 
Reviewed by: Bodo Moeller
 2005-04-07 23:19:17 +00:00
Nils Larsch
12bdb64375 use SHA-1 as the default digest for the apps/openssl commands 2005-04-02 09:29:15 +00:00
Ben Laurie
41a15c4f0f Give everything prototypes (well, everything that's actually used). 2005-03-31 09:26:39 +00:00
Bodo Möller
b0ef321cc8 Harmonize with CHANGES as distributed in OpenSSL 0.9.7f. 2005-03-24 01:37:07 +00:00
Ulf Möller
7a8c728860 undo Cygwin change 2005-03-24 00:14:59 +00:00
Dr. Stephen Henson
59b6836ab2 Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and 
client random values.
 2005-03-22 14:11:06 +00:00
Ulf Möller
130db968b8 Use Windows randomness code on Cygwin 2005-03-19 11:39:17 +00:00
Bodo Möller
ecc5ef8793 In addition to RC5, also exclude MDC2 from compilation unless 
the algorithm is explicitly requested.
 2005-03-02 20:11:31 +00:00
Bodo Möller
c9a112f540 Change ./Configure so that certain algorithms can be disabled by default. 
This is now the case for RC5.

As a side effect, the OPTIONS in the Makefile will usually look a
little different now, but they are essentially only for information
anyway.
 2005-02-22 10:29:51 +00:00
Lutz Jänicke
f69a8aebab Fix hang in EGD/PRNGD query when communication socket is closed 
prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>
 2005-02-19 10:19:07 +00:00
Dr. Stephen Henson
e90faddaf8 Prompt for passphrases for PKCS12 input format 2004-12-29 01:07:14 +00:00
Richard Levitte
6951c23afd Add functionality needed to process proxy certificates. 2004-12-28 00:21:35 +00:00
Dr. Stephen Henson
a0e7c8eede Add lots of checks for memory allocation failure, error codes to indicate 
failure and freeing up memory if a failure occurs.

PR:620
 2004-12-05 01:03:15 +00:00
Dr. Stephen Henson
5b40d7dd97 Add -passin argument to dgst command. 2004-12-03 12:26:56 +00:00
Dr. Stephen Henson
1862dae862 Perform partial comparison of different character types in X509_NAME_cmp(). 2004-12-01 01:45:30 +00:00
Richard Levitte
5022e4ecdf Document the change. 2004-11-29 11:57:00 +00:00
Andy Polyakov
ea681ba872 Summarize recent RC4 tune-ups. 2004-11-26 15:26:09 +00:00
Dr. Stephen Henson
401ee37a3e Allow alternative manual sections to be embedded in .pod file comments. 2004-11-25 17:47:31 +00:00
Dr. Stephen Henson
826a42a088 PR: 910 
Add command line options -certform, -keyform and -pass to s_client and
s_server. This supports the use of alternative passphrase sources, key formats
and keys handled by an ENGINE.

Update docs.
 2004-11-16 17:30:59 +00:00
Dr. Stephen Henson
2f605e8d24 Fix race condition when CRL checking is enabled. 2004-10-04 16:30:12 +00:00
Dr. Stephen Henson
5d7c222db8 New X509_VERIFY_PARAM structure and associated functionality. 
This tidies up verify parameters and adds support for integrated policy
checking.

Add support for policy related command line options. Currently only in smime
application.

WARNING: experimental code subject to change.
 2004-09-06 18:43:01 +00:00
Geoff Thorpe
30fe028f07 Make a note of the new engine. 2004-08-04 22:42:29 +00:00
Dr. Stephen Henson
637ff35ef6 Delta CRL support in extension code. 2004-07-06 17:16:40 +00:00
Geoff Thorpe
df11e1e921 Deprecate unused cruft, and "make update". 2004-06-17 23:50:25 +00:00
Andy Polyakov
ad5003409d Mention new SHA algorithms in CHANGES. This completes the integration. 2004-05-31 14:03:02 +00:00
Dr. Stephen Henson
4843acc868 Fixes so alerts are sent properly in s3_pkt.c 
PR: 851
 2004-05-15 17:55:07 +00:00
Andy Polyakov
e14f4aab0a CHANGES to mention improved PowerPC platform support. 2004-05-13 13:58:44 +00:00
Bodo Möller
d5f686d808 - update from current 0.9.6-stable CHANGES file 
- update from current 0.9.7-stable CHANGES file:

  Now here we have "CHANGES between 0.9.7e and 0.9.8", and I hope
  that all patches mentioned for 0.9.7d and 0.9.7e actually are
  in the CVS HEAD, i.e. what is to become 0.9.8.

  I have rewritten the 'openssl ca -create_serial' entry (0.9.8)
  so that it explains the earlier change that is now listed (0.9.7e).

  The ENGINE_set_default typo bug entry has been moved from 0.9.8
  to 0.9.7b, which is where it belongs.
 2004-05-04 01:15:48 +00:00
Geoff Thorpe
bcfea9fb25 Allow RSA key-generation to specify an arbitrary public exponent. Jelte 
proposed the change and submitted the patch, I jiggled it slightly and
adjusted the other parts of openssl that were affected.

PR: 867
Submitted by: Jelte Jansen
Reviewed by: Geoff Thorpe
 2004-04-26 15:31:35 +00:00
Geoff Thorpe
955d465c2c As far as I can tell, the bugfix this comment refers to was committed to 
0.9.7-stable as well as HEAD (and doesn't apply to the 0.9.6-engine
variant).
 2004-04-21 15:12:20 +00:00
Dr. Stephen Henson
64674bcc8c Reduce chances of issuer and serial number duplication by use of random 
initial serial numbers.

PR: 842
 2004-04-20 12:05:26 +00:00
Geoff Thorpe
3a87a9b9db Reduce header interdependencies, initially in engine.h (the rest of the 
changes are the fallout). As this could break source code that doesn't
directly include headers for interfaces it uses, changes to recursive
includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to
define this when building and using openssl, and then adapt code where
necessary - this is how to stay current. However the mechanism exists for
the lethargic.
 2004-04-19 17:46:04 +00:00
Dr. Stephen Henson
bf5773fa2d Oops forgot CHANGES entry. 2004-03-31 12:55:33 +00:00
Dr. Stephen Henson
216659eb87 Enhance EVP code to generate random symmetric keys of the 
appropriate form, for example correct DES parity.

Update S/MIME code and EVP_SealInit to use new functions.

PR: 700
 2004-03-28 17:38:00 +00:00
Dr. Stephen Henson
e1a27eb34a Allow CRLs to be passed into X509_STORE_CTX. This is useful when the 
verified structure can contain its own CRLs (such as PKCS#7 signedData).

Tidy up some of the verify code.
 2004-03-27 22:49:28 +00:00
Dr. Stephen Henson
6446e0c3c8 Extend OID config module format. 2004-03-27 13:30:14 +00:00
Geoff Thorpe
5c98b2caf5 Replace the BN_CTX implementation with my current work. I'm leaving the 
little TODO list in there as well as the debugging code (only enabled if
BN_CTX_DEBUG is defined).

I'd appreciate as much review and testing as can be spared for this. I'll
commit some changes to other parts of the bignum code shortly to make
better use of this implementation (no more fixed size limitations). Note
also that under identical optimisations, I'm seeing a noticable speed
increase over openssl-0.9.7 - so any feedback to confirm/deny this on other
systems would also be most welcome.
 2004-03-25 04:16:14 +00:00
Geoff Thorpe
46ef873f0b By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key 
operations no longer require two distinct BN_CTX structures. This may put
more "strain" on the current BN_CTX implementation (which has a fixed limit
to the number of variables it will hold), but so far this limit is not
triggered by any of the tests pass and I will be changing BN_CTX in the
near future to avoid this problem anyway.

This also changes the default RSA implementation code to use the BN_CTX in
favour of initialising some of its variables locally in each function.
 2004-03-25 02:52:04 +00:00
Dr. Stephen Henson
4acc3e907d Initial support for certificate policy checking and evaluation. 
This is currently *very* experimental and needs to be more fully integrated
with the main verification code.
 2004-03-23 14:14:35 +00:00
Geoff Thorpe
7f663ce430 Note my bignum hijinx in case app maintainers are using CHANGES for their 
porting efforts. Also, add Richard's name to the prior change.
 2004-03-17 18:30:47 +00:00
Richard Levitte
875a644a90 Constify d2i, s2i, c2i and r2i functions and other associated 
functions and macros.

This change has associated tags: LEVITTE_before_const and
LEVITTE_after_const.  Those will be removed when this change has been
properly reviewed.
 2004-03-15 23:15:26 +00:00
Geoff Thorpe
b6358c89a1 Convert openssl code not to assume the deprecated form of BN_zero(). 
Remove certain redundant BN_zero() initialisations, because BN_CTX_get(),
BN_init(), [etc] already initialise to zero.

Correct error checking in bn_sqr.c, and be less wishy-wash about how/why
the result's 'top' value is set (note also, 'max' is always > 0 at this
point).
 2004-03-13 23:57:20 +00:00
Geoff Thorpe
9e051bac13 Document a change I'd already made, and at the same time, correct the 
change to work properly; BN_zero() should set 'neg' to zero as well as
'top' to match the behaviour of BN_new().
 2004-03-13 22:10:15 +00:00
Dr. Stephen Henson
edec614efd Support for inhibitAnyPolicy extension. 2004-03-08 13:56:31 +00:00
Dr. Stephen Henson
bc50157010 Various X509 fixes. Disable broken certificate workarounds 
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in
CRL issuer certificates. Reject CRLs with unhandled (any)
critical extensions.
 2004-03-05 17:16:35 +00:00
Dr. Stephen Henson
dc90f64d56 Use an OCTET STRING for the encoding of an OCSP nonce value. 
The old raw format can't be handled by some implementations
and updates to RFC2560 will make this mandatory.
 2004-02-19 18:16:38 +00:00
Dr. Stephen Henson
d4575825f1 Add flag to avoid continuous 
memory allocate when calling EVP_MD_CTX_copy_ex().

Without this HMAC is several times slower than
< 0.9.7.
 2004-02-01 13:39:51 +00:00
Dr. Stephen Henson
cd2e8a6f2d Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). 2003-11-10 01:37:23 +00:00
Geoff Thorpe
d870740cd7 Put the first stage of my bignum debugging adventures into CVS. This code 
is itself experimental, and in addition may cause execution to break on
existing openssl "bugs" that previously were harmless or at least
invisible.
 2003-11-04 22:54:49 +00:00