Commit graph

5410 commits

Author SHA1 Message Date
Dr. Stephen Henson
08df41277a PR: 1904
Submitted by: David Woodhouse <dwmw2@infradead.org>

Pass passphrase minimum length down to UI.
2010-03-27 19:31:55 +00:00
Dr. Stephen Henson
ac495542a6 PR: 1813
Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com>

Fix memory leak when engine name cannot be loaded.
2010-03-27 18:28:02 +00:00
Andy Polyakov
26c00de46d rand_win.c: fix logical bug in readscreen. 2010-03-22 22:44:22 +00:00
Andy Polyakov
3dd303129f bss_file.c: fix MSC 6.0 warning. 2010-03-22 22:38:56 +00:00
Andy Polyakov
c3473126b1 GHASH assembler: new ghash-sparcv9.pl module and saner descriptions. 2010-03-22 17:24:18 +00:00
Andy Polyakov
f2fccce4bd Fix UPLINK typo. 2010-03-15 22:25:57 +00:00
Andy Polyakov
480cd6ab6e ghash-ia64.pl: new file, GHASH for Itanium.
ghash-x86_64.pl: minimize stack frame usage.
ghash-x86.pl: modulo-scheduling MMX loop in respect to input vector
results in up to 10% performance improvement.
2010-03-15 19:07:52 +00:00
Dr. Stephen Henson
e19f6678f5 print signature parameters with CRLs too 2010-03-14 13:10:48 +00:00
Dr. Stephen Henson
8d207ee3d1 add X509_CRL_sign_ctx function 2010-03-14 12:52:38 +00:00
Dr. Stephen Henson
e45c32fabf missing goto meant signature was never printed out 2010-03-12 12:06:48 +00:00
Dr. Stephen Henson
a907165250 Submitted by: Martin Kaiser
Reject PSS signatures with unsupported trailer value.
2010-03-11 23:11:36 +00:00
Dr. Stephen Henson
e62774c3b9 alg2 can be NULL 2010-03-11 19:27:03 +00:00
Andy Polyakov
f093794e55 Add GHASH x86_64 assembler. 2010-03-11 16:19:46 +00:00
Dr. Stephen Henson
17c63d1cca RSA PSS ASN1 signing method 2010-03-11 14:06:46 +00:00
Dr. Stephen Henson
877669d69c typo 2010-03-11 14:04:54 +00:00
Dr. Stephen Henson
1c8d92997d ctrl operations to retrieve RSA algorithm settings 2010-03-11 13:55:18 +00:00
Dr. Stephen Henson
bf8883b351 Add support for new PSS functions in RSA EVP_PKEY_METHOD 2010-03-11 13:45:42 +00:00
Dr. Stephen Henson
e8254d406f Extend PSS padding code to support different digests for MGF1 and message. 2010-03-11 13:40:42 +00:00
Dr. Stephen Henson
85522a074c Algorithm specific ASN1 signing functions. 2010-03-11 13:32:38 +00:00
Dr. Stephen Henson
31d66c2a98 update cms code to use X509_ALGOR_set_md instead of internal function 2010-03-11 13:29:39 +00:00
Dr. Stephen Henson
ce25c7207b New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier)
from a digest algorithm.
2010-03-11 13:27:05 +00:00
Andy Polyakov
e3a510f8a6 Add GHASH x86 assembler. 2010-03-09 23:03:33 +00:00
Dr. Stephen Henson
b17bdc7734 PR: 2188
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

Add "missing" functions to get and set prompt constructor.
2010-03-09 17:24:33 +00:00
Dr. Stephen Henson
d6eebf6d8a reserve a few more bits for future cipher modes 2010-03-08 23:48:21 +00:00
Andy Polyakov
2262beef2e gcm128.c: add option for streamed GHASH, simple benchmark, minor naming
change.
2010-03-08 22:44:37 +00:00
Dr. Stephen Henson
31904ecdf3 RSA PSS verification support including certificates and certificate
requests. Add new ASN1 signature initialisation function to handle this
case.
2010-03-08 18:10:35 +00:00
Dr. Stephen Henson
a4d9c12f99 correct error code 2010-03-08 18:07:05 +00:00
Dr. Stephen Henson
809cd0a22d print outermost signature algorithm parameters too 2010-03-07 17:02:47 +00:00
Dr. Stephen Henson
7ed485bc9f The OID sanity check was incorrect. It should only disallow *leading* 0x80
values.
2010-03-07 16:40:05 +00:00
Dr. Stephen Henson
069d4cfea5 although AES is a variable length cipher, AES EVP methods have a fixed key length 2010-03-07 15:54:26 +00:00
Dr. Stephen Henson
49436b59b5 oops, make EVP ctr mode work again 2010-03-07 15:52:41 +00:00
Dr. Stephen Henson
9ef6fe8c2e typo 2010-03-07 15:37:37 +00:00
Dr. Stephen Henson
63b825c9d4 add separate PSS decode function, rename PSS parameters to RSA_PSS_PARAMS 2010-03-07 13:34:51 +00:00
Dr. Stephen Henson
77f4b6ba4f add MGF1 digest ctrl 2010-03-07 13:34:15 +00:00
Dr. Stephen Henson
a5667732b9 update ASN1 sign/verify to use EVP_DigestSign and EVP_DigestVerify 2010-03-07 12:05:45 +00:00
Dr. Stephen Henson
1708456220 don't add digest alias if signature algorithm is undefined 2010-03-06 20:47:30 +00:00
Dr. Stephen Henson
ff04bbe363 Add PSS algorithm printing. This is an initial step towards full PSS support.
Uses ASN1 module in Martin Kaiser's PSS patch.
2010-03-06 19:55:25 +00:00
Dr. Stephen Henson
148924c1f4 fix indent, newline 2010-03-06 18:14:13 +00:00
Dr. Stephen Henson
fa1ba589f3 Add algorithm specific signature printing. An individual ASN1 method can
now print out signatures instead of the standard hex dump.

More complex signatures (e.g. PSS) can print out more meaningful information.

Sample DSA version included that prints out the signature parameters r, s.

[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
 new fields in the middle has no compatibility issues]
2010-03-06 18:05:05 +00:00
Dr. Stephen Henson
8c4ce7bab2 Fix memory leak: free up ENGINE functional reference if digest is not
found in an ENGINE.
2010-03-05 13:33:21 +00:00
Dr. Stephen Henson
b5cfc2f590 option to replace extensions with new ones: mainly for creating cross-certificates 2010-03-03 20:13:30 +00:00
Dr. Stephen Henson
ebaa2cf5b2 PR: 2183
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
2010-03-03 19:56:34 +00:00
Dr. Stephen Henson
2c772c8700 don't mix definitions and code 2010-03-03 15:30:42 +00:00
Andy Polyakov
e7f5b1cd42 Initial version of Galois Counter Mode implementation. Interface is still
subject to change...
2010-03-02 16:33:25 +00:00
Andy Polyakov
80dfadfdf3 ppccap.c: portability fix. 2010-03-02 16:28:29 +00:00
Andy Polyakov
d8c7bd6e11 Fix s390x-specific HOST_l2c|c2l.
Submitted by: Andreas Krebbel
2010-03-02 16:23:40 +00:00
Dr. Stephen Henson
f84c85b0e3 PR: 2178
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>

Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.
2010-03-01 23:54:47 +00:00
Dr. Stephen Henson
ff2fdbf2f8 oops, reinstate correct prototype 2010-03-01 03:01:27 +00:00
Dr. Stephen Henson
da3955256d 'typo' 2010-03-01 01:53:34 +00:00
Dr. Stephen Henson
5e28ccb798 make USE_CRYPTODEV_DIGESTS work 2010-03-01 01:19:18 +00:00
Dr. Stephen Henson
a6575572c6 load cryptodev if HAVE_CRYPTODEV is set too 2010-03-01 00:40:10 +00:00
Dr. Stephen Henson
c3951d8973 update cryptodev to match 1.0.0 stable branch version 2010-03-01 00:37:58 +00:00
Ben Laurie
19ec2f4194 Fix warnings (note that gcc 4.2 has a bug that makes one of its
warnings hard to fix without major surgery).
2010-02-28 14:22:56 +00:00
Dr. Stephen Henson
37c541faed Revert CFB block length change. Despite what SP800-38a says the input to
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
2010-02-26 14:41:58 +00:00
Dr. Stephen Henson
db28aa86e0 add -trusted_first option and verify flag 2010-02-25 12:21:48 +00:00
Dr. Stephen Henson
2da2ff5065 tidy verify code. xn not used any more and check for self signed more efficiently 2010-02-25 11:18:26 +00:00
Dr. Stephen Henson
fbd2164044 Experimental support for partial chain verification: if an intermediate
certificate is explicitly trusted (using -addtrust option to x509 utility
for example) the verification is sucessful even if the chain is not complete.
2010-02-25 00:17:22 +00:00
Dr. Stephen Henson
9b3d75706e verify parameter enumeration functions 2010-02-25 00:08:23 +00:00
Dr. Stephen Henson
b1efb7161f Include self-signed flag in certificates by checking SKID/AKID as well
as issuer and subject names. Although this is an incompatible change
it should have little impact in pratice because self-issued certificates
that are not self-signed are rarely encountered.
2010-02-25 00:01:38 +00:00
Dr. Stephen Henson
df4c395c6d add anyExtendedKeyUsage OID 2010-02-24 15:53:58 +00:00
Dr. Stephen Henson
385a488c43 prevent warning 2010-02-24 15:24:19 +00:00
Andy Polyakov
ea746dad5e Reserve for option to implement AES counter in assembler. 2010-02-23 16:51:24 +00:00
Andy Polyakov
d976f99294 Add AES counter mode to EVP. 2010-02-23 16:48:41 +00:00
Andy Polyakov
e5a4de9e44 Add assigned OIDs, as well as "anonymous" ones for AES counter mode. 2010-02-23 16:47:17 +00:00
Bodo Möller
2d9dcd4ff0 Always check bn_wexpend() return values for failure (CVE-2009-3245).
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
2010-02-23 10:36:35 +00:00
Bodo Möller
a839755329 Fix X509_STORE locking 2010-02-19 18:27:07 +00:00
Dr. Stephen Henson
47e0a1c335 PR: 2100
Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:41 +00:00
Dr. Stephen Henson
1458b931eb The "block length" for CFB mode was incorrectly coded as 1 all the time. It
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
2010-02-15 19:40:16 +00:00
Dr. Stephen Henson
20eb7238cb Correct ECB mode EVP_CIPHER definition: IV length is 0 2010-02-15 19:26:02 +00:00
Dr. Stephen Henson
79cfc3ac54 add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable 2010-02-15 19:20:13 +00:00
Dr. Stephen Henson
918a5d04e4 PR: 2164
Submitted by: "Noszticzius, Istvan" <inoszticzius@rightnow.com>

Don't clear the output buffer: ciphers should correctly the same input
and output buffers.
2010-02-15 19:00:12 +00:00
Dr. Stephen Henson
29e722f031 Fix memory leak in ENGINE autoconfig code. Improve error logging. 2010-02-09 14:17:14 +00:00
Dr. Stephen Henson
e3e31ff482 Use supplied ENGINE when initialising CMAC. Restore pctx setting. 2010-02-08 16:31:28 +00:00
Dr. Stephen Henson
bae060c06a add cvsignore 2010-02-08 15:34:02 +00:00
Dr. Stephen Henson
0ff907caf8 Make update. 2010-02-08 15:33:23 +00:00
Dr. Stephen Henson
c8ef656df2 Make CMAC API similar to HMAC API. Add methods for CMAC. 2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
8c968e0355 Initial experimental CMAC implementation. 2010-02-07 18:01:07 +00:00
Dr. Stephen Henson
cc0661374f make update 2010-02-07 13:54:30 +00:00
Dr. Stephen Henson
089f02c577 oops, use new value for new flag 2010-02-07 13:50:36 +00:00
Dr. Stephen Henson
c2bf720842 Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
2010-02-07 13:39:39 +00:00
Dr. Stephen Henson
c95bf51167 don't assume 0x is at start of string 2010-02-03 18:19:22 +00:00
Dr. Stephen Henson
2712a2f625 tolerate broken CMS/PKCS7 implementations using signature OID instead of digest 2010-02-02 14:30:39 +00:00
Dr. Stephen Henson
17ebc10ffa PR: 2161
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.

Make no-dsa, no-ecdsa and no-rsa compile again.
2010-02-02 13:35:27 +00:00
Richard Levitte
1d62de0395 The previous take went wrong, try again. 2010-01-29 12:02:50 +00:00
Richard Levitte
d7b99700c0 Architecture specific header files need special handling. 2010-01-29 11:44:36 +00:00
Dr. Stephen Henson
92714455af In engine_table_select() don't clear out entire error queue: just clear
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
2010-01-28 17:49:25 +00:00
Dr. Stephen Henson
891d3c7a60 revert previous change 2010-01-28 14:17:39 +00:00
Dr. Stephen Henson
9fb6fd34f8 reword RI description 2010-01-27 18:53:33 +00:00
Richard Levitte
407a410136 Have the VMS build system catch up with the 1.0.0-stable branch. 2010-01-27 09:18:42 +00:00
Dr. Stephen Henson
1bfdbd8e75 PR: 2138
Submitted by: Kevin Regan <k.regan@f5.com>

Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.
2010-01-26 18:07:26 +00:00
Dr. Stephen Henson
e92f9f45e8 Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and
later.
2010-01-26 14:29:06 +00:00
Dr. Stephen Henson
8c02119e39 OPENSSL_isservice is now defined on all platforms not just WIN32 2010-01-26 13:59:32 +00:00
Dr. Stephen Henson
ca9f55f710 export OPENSSL_isservice and make update 2010-01-26 13:52:36 +00:00
Andy Polyakov
964ed94649 parisc-mont.pl: PA-RISC 2.0 code path optimization based on intruction-
level profiling data resulted in almost 50% performance improvement.
PA-RISC 1.1 is also reordered in same manner, mostly to be consistent,
as no gain was observed, not on PA-7100LC.
2010-01-25 23:12:00 +00:00
Dr. Stephen Henson
cab6de03a2 PR: 2149
Submitted by: Douglas Stebila <douglas@stebila.ca>

Fix wap OIDs.
2010-01-25 16:07:42 +00:00
Richard Levitte
6fa0608eaf A few more macros for long symbols.
Submitted by Steven M. Schweda <sms@antinode.info>
2010-01-25 00:18:29 +00:00
Andy Polyakov
3f2a98acbf ia64cpuid.S: OPENSSL_cleanse to accept zero length parameter. 2010-01-24 17:08:52 +00:00
Andy Polyakov
82a66ce313 pariscid.pl: OPENSSL_cleanse to compile on PA-RISC 2.0W and to accept zero
length parameter.
2010-01-24 15:04:28 +00:00
Andy Polyakov
7676eebf42 OPENSSL_cleanse to accept zero length parameter [matching C implementation]. 2010-01-24 14:54:24 +00:00
Dr. Stephen Henson
ba64ae6cd1 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:12 +00:00
Andy Polyakov
b3020393f2 rand_win.c: fix time limit logic. 2010-01-19 20:35:22 +00:00
Andy Polyakov
ee2b8ed2f5 x86_64-xlate.pl: refine sign extension logic when handling lea.
PR: 2094,2095
2010-01-19 16:15:23 +00:00
Andy Polyakov
7a6e0901ff rand_win.c: handle GetTickCount wrap-around. 2010-01-19 13:48:18 +00:00
Andy Polyakov
91fdacb2c3 s390x assembler update: add support for run-time facility detection. 2010-01-19 12:24:59 +00:00
Andy Polyakov
78a533cb93 Minor updates to ppccap.c and ppccpuid.pl. 2010-01-17 13:44:14 +00:00
Andy Polyakov
4f38565204 bn_lcl.h: add MIPS III-specific BN_UMULT_LOHI as alternative to porting
crypto/bn/asm/mips3.s from IRIX. Performance improvement is not as
impressive as with complete assembler, but still... it's almost 2.5x
[on R5000].
2010-01-17 12:08:24 +00:00
Andy Polyakov
4407700c40 ia64-mont.pl: add shorter vector support ("shorter" refers to 512 bits and
less).
2010-01-17 11:33:59 +00:00
Dr. Stephen Henson
031c78901b make update 2010-01-15 15:24:19 +00:00
Dr. Stephen Henson
1b31b5ad56 Modify compression code so it avoids using ex_data free functions. This
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
2010-01-13 18:57:40 +00:00
Dr. Stephen Henson
0e0c6821fa PR: 2136
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
2010-01-12 17:29:34 +00:00
Andy Polyakov
74f2260694 ia64-mont.pl: addp4 is not needed when referring to stack (this is 32-bit
HP-UX thing).
2010-01-07 15:36:59 +00:00
Andy Polyakov
25d1d62275 http://cvs.openssl.org/chngview?cn=19053 made me wonder if bind() and
connect() are as finicky as sendto() when it comes to socket address
length. As it turned out they are, therefore the fix. Note that you
can't reproduce the problem on Linux, it was failing on Solaris,
FreeBSD, most likely on more...
2010-01-07 13:12:30 +00:00
Andy Polyakov
9b5ca55695 sendto is reportedly picky about destination socket address length.
PR: 2114
Submitted by: Robin Seggelmann
2010-01-07 10:42:39 +00:00
Andy Polyakov
cba9ffc32a Fix compilation on older Linux. Linux didn't always have sockaddr_storage,
not to mention that first sockaddr_storage had __ss_family, not ss_family.
In other words it makes more sense to avoid sockaddr_storage...
2010-01-06 21:22:56 +00:00
Dr. Stephen Henson
f8e1ab79f5 ENGINE_load_capi() now exists on all platforms (but no op on non-WIN32) 2010-01-06 13:21:08 +00:00
Andy Polyakov
1f23001d07 ppc64-mont.pl: commentary update. 2010-01-06 10:58:59 +00:00
Andy Polyakov
dacdcf3c15 Add Montgomery multiplication module for IA-64. 2010-01-06 10:57:55 +00:00
Dr. Stephen Henson
60c52245e1 PR: 2102
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Remove duplicate definitions.
2010-01-05 17:57:33 +00:00
Andy Polyakov
2f4c1dc86c b_sock.c: correct indirect calls on WinSock platforms.
PR: 2130
Submitted by: Eugeny Gostyukhin
2009-12-30 12:55:23 +00:00
Andy Polyakov
70b76d392f ppccap.c: fix compiler warning and perform sanity check outside signal masking.
ppc64-mont.pl: clarify comment and fix spelling.
2009-12-29 11:18:16 +00:00
Andy Polyakov
3fc2efd241 PA-RISC assembler: missing symbol and typos. 2009-12-28 16:13:35 +00:00
Andy Polyakov
b57599b70c Update sha512-parisc.pl and add make rules. 2009-12-27 21:05:19 +00:00
Andy Polyakov
cb3b9b1323 Throw in more PA-RISC assembler. 2009-12-27 20:49:40 +00:00
Andy Polyakov
beef714599 Switch to new uplink assembler. 2009-12-27 20:38:32 +00:00
Andy Polyakov
d741cf2267 ppccap.c: tidy up.
ppc64-mont.pl: missing predicate in commentary.
2009-12-27 11:25:24 +00:00
Andy Polyakov
b4b48a107c ppc64-mont.pl: adapt for 32-bit and engage for all builds. 2009-12-26 21:30:13 +00:00
Dr. Stephen Henson
7e765bf29a Traditional Yuletide commit ;-)
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:13:11 +00:00
Bodo Möller
f21516075f Constify crypto/cast. 2009-12-22 11:46:00 +00:00
Bodo Möller
7427379e9b Constify crypto/cast. 2009-12-22 10:58:33 +00:00
Dr. Stephen Henson
e50858c559 PR: 2127
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check for lookup failures in EVP_PBE_CipherInit().
2009-12-17 15:27:57 +00:00
Dr. Stephen Henson
338a61b94e Add patch to crypto/evp which didn't apply from PR#2124 2009-12-09 15:01:39 +00:00
Dr. Stephen Henson
e4bcadb302 Revert lhash patch for PR#2124 2009-12-09 14:59:47 +00:00
Dr. Stephen Henson
fdb2c6e4e5 PR: 2124
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
2009-12-09 13:38:05 +00:00
Dr. Stephen Henson
7e4cae1d2f PR: 2111
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
2009-12-02 15:28:42 +00:00
Dr. Stephen Henson
ec7d16ffdd Check it actually compiles this time ;-) 2009-12-02 14:25:40 +00:00
Dr. Stephen Henson
5656f33cea PR: 2120
Submitted by: steve@openssl.org

Initialize fields correctly if pem_str or info are NULL in  EVP_PKEY_asn1_new().
2009-12-02 13:56:45 +00:00
Dr. Stephen Henson
6732e14278 check DSA_sign() return value properly 2009-12-01 18:39:33 +00:00
Dr. Stephen Henson
606c46fb6f PR: 1432
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org

Truncate hash if it is too large: as required by FIPS 186-3.
2009-12-01 17:32:44 +00:00
Dr. Stephen Henson
fed8dbf46d PR: 2118
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org

Check return value of ECDSA_sign() properly.
2009-11-30 13:56:04 +00:00
Andy Polyakov
b6bf9e2ea7 bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER.
PR: 2110
2009-11-26 20:52:08 +00:00
Dr. Stephen Henson
d2a53c2238 Experimental CMS password based recipient Info support. 2009-11-26 18:57:39 +00:00
Dr. Stephen Henson
f2334630a7 Add OID for PWRI KEK algorithm. 2009-11-25 22:07:49 +00:00
Dr. Stephen Henson
007f7ec1bd Add PBKFD2 prototype. 2009-11-25 22:07:22 +00:00
Dr. Stephen Henson
3d63b3966f Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat
and is a pre-requisite to adding password based CMS support.
2009-11-25 22:01:06 +00:00
Dr. Stephen Henson
446a6a8af7 PR: 2103
Submitted by: Rob Austein <sra@hactrn.net>
Approved by: steve@openssl.org

Initialise atm.flags to 0.
2009-11-17 13:25:53 +00:00
Andy Polyakov
a83f83aac8 Add sha512-parisc.pl. 2009-11-15 17:29:31 +00:00
Andy Polyakov
5727f1f790 SHA1 assembler show off: minor performance updates and new modules for
forgotten CPUs.
2009-11-15 17:26:11 +00:00
Andy Polyakov
53f73afc4d sha512.c: there apparently is ILP32 PowerPC platform, where it is safe to
inline 64-bit assembler instructions. Normally it's inappropriate, because
signalling doesn't preserve upper halves of general purpose registers.
Meaning that it's only safe if signals are blocked for the time "wide"
code executes.
PR: 1998
2009-11-15 17:19:49 +00:00
Andy Polyakov
10232bdc0e x86_64-xlate.pl: new gas requires sign extention in lea instruction.
This resolves md5-x86_64.pl and sha1-x86_64.pl bugs, but without modifying
the code.
PR: 2094,2095
2009-11-15 17:11:38 +00:00
Andy Polyakov
55ff3aff8c x86masm.pl: eliminate linker "multiple sections found with different
attributes" warning.
2009-11-15 17:06:44 +00:00
Andy Polyakov
b7cec490fa bss_dgram.c: more elegant solution to PR#2069. Use socklen_t heuristic
from b_sock.c, don't assume that caller always passes pointer to buffer
large enough to hold sockaddr_storage.
PR: 2069
2009-11-15 17:03:33 +00:00
Andy Polyakov
2335e8a9cc b_sock.c: fix compiler warning. 2009-11-15 16:52:11 +00:00
Andy Polyakov
6f766a4181 aesni-x86.pl: eliminate development comments. 2009-11-15 16:40:22 +00:00
Dr. Stephen Henson
c18e51ba5e PR: 2088
Submitted by: Aleksey Samsonov <s4ms0n0v@gmail.com>
Approved by: steve@openssl.org

Fix memory leak in d2i_PublicKey().
2009-11-12 19:56:56 +00:00
Dr. Stephen Henson
773b63d6f9 set engine to NULL after releasing it 2009-11-12 19:25:37 +00:00
Richard Levitte
0a02d1db34 Update from 1.0.0-stable 2009-11-12 17:03:10 +00:00
Dr. Stephen Henson
709a395d1c PR: 2091
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org

If an OID has no short name or long name return the numerical representation.
2009-11-10 01:00:07 +00:00
Dr. Stephen Henson
b599006751 PR: 2090
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org

Improve error checking in asn1_gen.c
2009-11-10 00:48:07 +00:00
Dr. Stephen Henson
2008e714f3 Add missing functions to allow access to newer X509_STORE_CTX status
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
2009-10-31 19:22:18 +00:00
Dr. Stephen Henson
45cd59ac71 If not checking all certificates don't attempt to find a CRL
for the leaf certificate of a CRL path.
2009-10-23 12:06:35 +00:00
Dr. Stephen Henson
d11d977da4 Need to check <= 0 here. 2009-10-22 23:12:05 +00:00
Dr. Stephen Henson
19a9d0fcea make update 2009-10-18 14:53:00 +00:00
Dr. Stephen Henson
a5b37fca0a Add "missing" function X509_STORE_set_verify_cb(). 2009-10-18 13:24:16 +00:00
Dr. Stephen Henson
636b6b450d PR: 2069
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org

IPv6 support for DTLS.
2009-10-15 17:41:31 +00:00
Andy Polyakov
b34d449c42 Combat gcc 4.4.1 aliasing rules. 2009-10-06 07:17:57 +00:00
Dr. Stephen Henson
04f9095d9e Fix unitialized warnings 2009-10-04 16:52:51 +00:00
Dr. Stephen Henson
0e039aa797 Fix warnings about ignoring fgets return value 2009-10-04 16:42:56 +00:00
Dr. Stephen Henson
c21869fb07 Prevent ignored return value warning 2009-10-04 14:04:27 +00:00
Dr. Stephen Henson
9a0c776c60 Prevent aliasing warning 2009-10-04 14:02:22 +00:00
Dr. Stephen Henson
77db140f94 Typo. 2009-10-02 18:20:22 +00:00
Dr. Stephen Henson
fecef70773 Yes it is a typo ;-) 2009-10-01 12:17:44 +00:00
Dr. Stephen Henson
e8a682f223 PR: 2062
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BN_rand error handling in bntest.c
2009-10-01 00:21:20 +00:00
Dr. Stephen Henson
98fbfff417 PR: 2059
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct EVP_SealInit error handling in pem_seal.c
2009-10-01 00:17:59 +00:00
Dr. Stephen Henson
78ca13a272 PR: 2056
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_wirte error handling in asn1_par.c
2009-10-01 00:11:04 +00:00
Dr. Stephen Henson
aec13c1a9f PR: 2063
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_write error handling in ocsp_prn.c
2009-09-30 23:58:37 +00:00
Dr. Stephen Henson
64f0f80eb6 PR: 2057
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT
error handling in OCSP print routines.
2009-09-30 23:55:53 +00:00
Dr. Stephen Henson
d71061122c PR: 2058
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct EVP_DigestVerifyFinal error handling.
2009-09-30 23:49:11 +00:00
Dr. Stephen Henson
18e503f30f PR: 2064, 728
Submitted by: steve@openssl.org

Add support for custom headers in OCSP requests.
2009-09-30 21:40:55 +00:00
Dr. Stephen Henson
b6dcdbfc94 Audit libcrypto for unchecked return values: fix all cases enountered 2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
cd4f7cddc7 Add more return value checking attributes to evp.h and hmac.h 2009-09-23 23:40:13 +00:00
Dr. Stephen Henson
acf20c7dbd Add attribute to check if return value of certain functions is incorrectly
ignored.
2009-09-23 16:27:10 +00:00
Dr. Stephen Henson
7c75f462e8 PR: 2050
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org

Fix handling of ENOTCONN and EMSGSIZE for dgram BIOs.
2009-09-22 11:34:45 +00:00
Dr. Stephen Henson
d636aa7109 PR: 2047
Submitted by: David Lee <live4thee@gmail.com>, steve@openssl.org
Approved by: steve@openssl.org

Fix for IPv6 handling in BIO_get_accept_socket().
2009-09-20 16:41:27 +00:00
Dr. Stephen Henson
44c8b81eea Don't use __try+__except unless on VC++ 2009-09-20 12:39:32 +00:00
Andy Polyakov
282feebab3 cmll-x86_64.pl: small buglet in CBC subroutine.
PR: 2035
2009-09-17 19:35:13 +00:00
Dr. Stephen Henson
a25f33d28a Submitted by: Julia Lawall <julia@diku.dk>
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:29:29 +00:00
Dr. Stephen Henson
8c7168698e Seed PRNG with DSA and ECDSA digests for additional protection against
possible PRNG state duplication.
2009-09-09 12:15:08 +00:00
Dr. Stephen Henson
f4274da164 PR: 1644
Submitted by: steve@openssl.org

Fix to make DHparams_dup() et al work in C++.

For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.
2009-09-06 15:49:46 +00:00
Dr. Stephen Henson
07a9d1a2c2 PR: 2028
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.
2009-09-04 17:42:53 +00:00
Dr. Stephen Henson
4f59432c06 Oops, s can be NULL 2009-09-04 11:30:59 +00:00
Dr. Stephen Henson
fc68056917 PR: 2029
Submitted by: Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org

Fix so that the legacy digest EVP_dss1() still works.
2009-09-02 15:51:19 +00:00
Dr. Stephen Henson
17b5326ba9 PR: 2013
Submitted by: steve@openssl.org

Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.

Add error checking to CRL generation in ca utility when nextUpdate is being
set.
2009-09-02 13:54:50 +00:00
Dr. Stephen Henson
38663fcc82 Missing break. 2009-08-31 22:19:26 +00:00
Dr. Stephen Henson
a6dab873d9 PR: 2005
Submitted by: steve@openssl.org

Some systems have broken IPv6 headers and/or implementations. If
OPENSSL_USE_IPV6 is set to 0 IPv6 is not used, if it is set to 1 it is used
and if undefined an attempt is made to detect at compile time by checking
if AF_INET6 is set and excluding known problem platforms.
2009-08-26 15:15:15 +00:00
Andy Polyakov
c372482c1b sha1-x86* assembler update: F_40_59 and Atom-specific optimizations. 2009-08-18 19:24:50 +00:00
Dr. Stephen Henson
3ed3603b60 Update default dependency flags.
Make error name discrepancies a fatal error.
Fix error codes.
make update
2009-08-12 17:30:37 +00:00
Dr. Stephen Henson
e33d290159 PR: 2004
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Approved by: steve@openssl.org

Handle fractional seconds properly in ASN1_GENERALIZEDTIME_print
2009-08-10 14:56:57 +00:00
Dr. Stephen Henson
a0778bfae5 Add COMP error strings. 2009-08-09 14:58:37 +00:00
Dr. Stephen Henson
0f1d77a870 Fix error code. 2009-08-06 16:39:34 +00:00
Dr. Stephen Henson
d9d0f1b52c Reject leading 0x80 in OID subidentifiers. 2009-08-06 16:32:54 +00:00
Dr. Stephen Henson
bc32dbbea9 Oops! 2009-08-05 15:32:10 +00:00
Dr. Stephen Henson
f10f4447da Update from 1.0.0-stable. 2009-08-05 15:29:58 +00:00
Dr. Stephen Henson
d76b8c89ec PR: 2001
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Add patch: http://cvs.openssl.org/chngview?cn=14635 which never made it to
1.0.0, HEAD.
2009-08-05 14:55:20 +00:00
Dr. Stephen Henson
512d359e26 Update from 1.0.0-stable. 2009-07-27 21:22:02 +00:00
Dr. Stephen Henson
c869da8839 Update from 1.0.0-stable 2009-07-27 21:10:00 +00:00
Ben Laurie
d80866041e Fix warnings. 2009-07-26 12:09:21 +00:00
Dr. Stephen Henson
75a86fa024 Update from 0.9.8-stable. 2009-07-24 13:48:07 +00:00
Dr. Stephen Henson
6aa220c935 PR: 1990
Update from 0.9.8-stable
2009-07-24 13:07:30 +00:00
Dr. Stephen Henson
83019f7e12 Update from 0.9.8-stable. 2009-07-24 11:25:13 +00:00
Dr. Stephen Henson
3c630352e2 Use correct extension and OSX detection. 2009-07-16 09:52:59 +00:00
Dr. Stephen Henson
4a620922e2 Updates from 1.0.0-stable 2009-07-15 18:00:04 +00:00
Dr. Stephen Henson
6bb7dc1e90 Updates from 1.0.0-stable 2009-07-15 11:02:24 +00:00
Dr. Stephen Henson
1e8569398c PR: 1624
Submitted by: "Simon L. Nielsen" <simon@FreeBSD.org>
Obtained from: steve@openssl.org

Correct FreeBSD check.
2009-07-11 22:28:45 +00:00
Dr. Stephen Henson
6e0c9e6008 Update from 1.0.0-stable. 2009-07-11 21:43:50 +00:00
Dr. Stephen Henson
c55d27ac33 Make update. 2009-07-08 09:19:53 +00:00
Dr. Stephen Henson
4e9de7aa3a Delete MD2 from algorithm tables as in 0.9.8-stable. However since this is
a new branch we can also disable it by default.
2009-07-08 08:49:17 +00:00
Dr. Stephen Henson
6c495bdb5d Upadte from 1.0.0-stable 2009-07-01 15:47:04 +00:00
Dr. Stephen Henson
8b96875052 Update from 1.0.0-stable. 2009-07-01 15:43:04 +00:00
Dr. Stephen Henson
b53e076988 Update from 1.0.0-stable 2009-07-01 15:37:17 +00:00
Dr. Stephen Henson
0e698584a0 Update from 1.0.0-stable 2009-07-01 15:26:00 +00:00
Dr. Stephen Henson
9a6d8ee5b5 Update from 1.0.0-stable 2009-07-01 11:40:19 +00:00
Dr. Stephen Henson
e5b2b0f91f Updates from 1.0.0-stable 2009-06-30 15:28:16 +00:00
Dr. Stephen Henson
508c535221 Update from 1.0.0-stable 2009-06-30 11:24:57 +00:00
Dr. Stephen Henson
a5f78bf3ba Fix from 0.9.8-stable. 2009-06-26 23:14:39 +00:00
Dr. Stephen Henson
f3be6c7b7d Update from 1.0.0-stable. 2009-06-26 11:29:26 +00:00
Dr. Stephen Henson
4aa902ebaf Stop warnings in gcc where "a" is const passed as a non-const argument. 2009-06-25 17:10:44 +00:00
Dr. Stephen Henson
e30dd20c0e Update from 1.0.0-stable 2009-06-25 11:29:30 +00:00
Dr. Stephen Henson
c05353c50a Rename asc2uni and uni2asc functions to avoid clashes. 2009-06-17 12:04:56 +00:00
Dr. Stephen Henson
73ea416070 Update from 1.0.0-stable. 2009-06-17 11:48:22 +00:00
Dr. Stephen Henson
d70323f1c5 Submitted by: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Approved by: steve@openssl.org

Check return values for NULL in case of malloc failure.
2009-06-17 11:25:42 +00:00
Dr. Stephen Henson
f0288f05b9 Submitted by: Artem Chuprina <ran@cryptocom.ru>
Reviewed by: steve@openssl.org

Various GOST ciphersuite and ENGINE fixes. Including...

Allow EVP_PKEY_set_derive_peerkey() in encryption operations.

New flag when certificate verify should be omitted in client key exchange.
2009-06-16 16:38:47 +00:00
Dr. Stephen Henson
31db43df08 Update from 0.9.8-stable. 2009-06-15 15:01:00 +00:00
Dr. Stephen Henson
779558b9e5 Update from 1.0.0-stable. 2009-06-15 10:27:22 +00:00
Dr. Stephen Henson
21b25ed4b8 PR: 1952
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve@openssl.org

ECDH negotiation bug.
2009-06-13 20:46:30 +00:00
Dr. Stephen Henson
58f41a926a Updates from 1.0.0-stable 2009-06-05 14:59:26 +00:00
Dr. Stephen Henson
81d06ef2fd Update from 1.0.0-stable. 2009-06-05 11:52:23 +00:00
Dr. Stephen Henson
0176842592 PR: 1945
Submitted by: Guenter <lists@gknw.net>
Approved by: steve@openssl.org

Netware compilation fix for nonexistent header.
2009-06-01 12:13:44 +00:00
Dr. Stephen Henson
8132d3ac40 Update from 1.0.0-stable. 2009-05-30 18:11:26 +00:00
Dr. Stephen Henson
43e12b6f1c Add ignored FIPS options to evp.h change clashing flag value. 2009-05-29 18:57:31 +00:00
Dr. Stephen Henson
4243a7f796 Update from 1.0.0-stable. 2009-05-18 16:12:24 +00:00
Dr. Stephen Henson
046f210112 Update from 1.0.0-stable. 2009-05-17 16:04:58 +00:00
Richard Levitte
98a711b479 Stupid typo 2009-05-17 07:22:11 +00:00
Dr. Stephen Henson
8d932f6fd7 Update from 1.0.0-stable 2009-05-16 16:18:19 +00:00
Dr. Stephen Henson
9289f21b7d Update from 1.0.0 stable branch. 2009-05-16 11:15:42 +00:00
Dr. Stephen Henson
d3d4f9f5e9 PR: 1929
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS MTU bug.
2009-05-15 23:06:41 +00:00
Dr. Stephen Henson
eb38b26dbc Update from 1.0.0-stable. 2009-05-15 22:58:40 +00:00
Richard Levitte
cc8cc9a3a1 Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
2009-05-15 16:36:56 +00:00
Richard Levitte
4531c1aa5e Add a comment about libeay.num and ssleay.num 2009-05-15 16:00:04 +00:00
Andy Polyakov
761393bba7 x86[_64]cpuid.pl: further refine shared cache detection. 2009-05-14 18:17:26 +00:00
Dr. Stephen Henson
83d8fa7dd1 Update from stable branch. 2009-05-13 11:32:46 +00:00
Andy Polyakov
586723138e x86cpuid.pl: sync OPENSSL_ia32_cpuid with x86_64cpuid.pl. 2009-05-12 21:19:41 +00:00
Andy Polyakov
5cd91b5055 x86_64cpuid.pl: refine shared cache detection logic. 2009-05-12 21:01:13 +00:00
Andy Polyakov
6dd9066e0e x86_64-xlate.pl: small commentary update. 2009-05-12 20:29:27 +00:00
Richard Levitte
804ab1e0a4 Forgotten comma... 2009-05-12 05:03:42 +00:00
Richard Levitte
eb2b33c2b9 Synchronise VMS with Unixly build. 2009-05-06 13:54:39 +00:00
Dr. Stephen Henson
eed15a831c Fix from 1.0.0-stable. 2009-05-06 10:28:37 +00:00
Richard Levitte
5d6a017931 Move the time fetching code to its own static function, and thereby
make sure that BOTH instances of said code get the VMS modification.
2009-05-05 08:45:33 +00:00
Andy Polyakov
6022fe81a2 cryptlib.c: refine logic in OpenSSLDie (addenum to commit#18118). 2009-05-04 06:23:05 +00:00
Andy Polyakov
3b58c74c98 Avoid double dialogs in OpenSSLDie on Windows. 2009-05-03 14:16:40 +00:00
Andy Polyakov
03e13ca3f1 eng_aesni.c: win32 fix. 2009-05-03 13:48:54 +00:00
Andy Polyakov
065c5d6328 Engage cmll-x86_64.pl in Win64 build and make it compile correctly. 2009-05-02 21:18:52 +00:00
Andy Polyakov
f00fdcd14d cryptlib.c: eliminate dependency on _strtoui64, older Windows CRT don't have it. 2009-05-02 12:51:37 +00:00
Andy Polyakov
194274cb68 ec_mult.c: fix C4334 win64 compiler warning. 2009-05-02 11:18:44 +00:00
Andy Polyakov
0fe4621e19 eng_aesni.c: fix assembler declarations. 2009-05-02 11:00:07 +00:00
Andy Polyakov
c5036d785a aesni-x86_64.pl: resolve LNK1223 error. 2009-05-02 10:21:29 +00:00
Andy Polyakov
d608b4d662 AES-NI engine jumbo update. 2009-05-02 09:04:17 +00:00
Richard Levitte
d1417be75c Make the NULL definition of OPENSSL_ia32cap_loc() compatible with the
declaration in crypto.h.
2009-04-29 13:40:28 +00:00
Dr. Stephen Henson
5f8f94a661 Update from 1.0.0-stable. 2009-04-28 22:10:54 +00:00
Richard Levitte
3c3f98dc93 Reimplement time check for VMS to mimic the way it's done on Windows.
Reason: gettimeofday() is deprecated.
2009-04-28 12:50:32 +00:00
Andy Polyakov
051742fb6c v3_alt.c: otherName parsing fix.
Submitted by: Love Hörnquist Åstrand
2009-04-27 19:35:16 +00:00
Andy Polyakov
eda2da3235 aesni-x86.pl: fix another typo and add test script. 2009-04-27 15:46:32 +00:00
Andy Polyakov
c0b03d44fb aesni-x86.pl: fix typos. 2009-04-27 12:50:44 +00:00
Andy Polyakov
d64a7232d4 Intel AES-NI engine.
Submitted by: Huang Ying
2009-04-27 05:55:13 +00:00
Dr. Stephen Henson
d4f0339c66 Update from 1.0.0-stable. 2009-04-26 22:18:22 +00:00
Andy Polyakov
f06d0072fc Minor shaX-s390x.pl update. 2009-04-26 18:11:25 +00:00
Andy Polyakov
f81e86d791 Improve readability of bio/b_sock.c 2009-04-26 18:06:14 +00:00
Andy Polyakov
ff65e94e04 Addenum to commit#18074: Expand OPENSSL_ia32cap to 64 bits. 2009-04-26 18:02:06 +00:00
Andy Polyakov
6c8b9259fc AESNI perlasm update. 2009-04-26 17:58:58 +00:00
Andy Polyakov
75d448dde4 Handle push/pop %rbx in epi/prologue (this is Win64 SEH thing). 2009-04-26 17:58:01 +00:00
Andy Polyakov
e303f55fc7 Expand OPENSS_ia32cap to 64 bits. 2009-04-26 17:49:41 +00:00
Richard Levitte
93caba129b Include sys/time.h to declare gettimeofday(). 2009-04-26 11:23:15 +00:00
Richard Levitte
6e177343f7 A DTLS1 symbol needs to be chopped off a bit. 2009-04-26 11:22:26 +00:00
Dr. Stephen Henson
ef236ec3b2 Merge from 1.0.0-stable branch. 2009-04-23 16:32:42 +00:00
Dr. Stephen Henson
8711efb498 Updates from 1.0.0-stable branch. 2009-04-20 11:33:12 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
22c98d4aad Update from 1.0.0-stable 2009-04-08 16:16:35 +00:00
Dr. Stephen Henson
cc7399e79c Changes from 1.0.0-stable. 2009-04-07 16:33:26 +00:00
Dr. Stephen Henson
220bd84911 Updates from 1.0.0-stable 2009-04-06 15:22:01 +00:00
Andy Polyakov
dec95a126a Camellia update: make it respect NO_[INLINE_]ASM and typo in assembler. 2009-04-06 15:13:16 +00:00
Ben Laurie
a79b668b8f Autogeneration seems to have changed slightly. 2009-04-05 10:21:05 +00:00
Dr. Stephen Henson
06ddf8eb08 Updates from 1.0.0-stable 2009-04-04 19:54:06 +00:00
Dr. Stephen Henson
14023fe352 Merge from 1.0.0-stable branch. 2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
0089a9dfa8 Fix from 1.0.0-stable 2009-03-31 21:58:01 +00:00
Dr. Stephen Henson
a5910673a6 Ooops reverse previous patch. 2009-03-31 21:39:37 +00:00
Dr. Stephen Henson
8e93eff8c6 Update from 0.9.8-stable 2009-03-31 21:36:30 +00:00
Dr. Stephen Henson
64ecdaeca9 HEAD is now 1.1.0
The 1.0.0 branch is now OpenSSL_1_0_0-stable
2009-03-31 10:38:37 +00:00
Dr. Stephen Henson
093f5d2c15 Nothing to see here... move along.... 2009-03-28 17:12:51 +00:00
Dr. Stephen Henson
ddcfc25a6d Update from stable branch. 2009-03-25 19:02:22 +00:00
Dr. Stephen Henson
73ba116e96 Update from stable branch. 2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
80b2ff978d Update from stable branch. 2009-03-25 12:53:50 +00:00
Dr. Stephen Henson
7ce8c95d58 Update from stable branch. 2009-03-25 12:53:26 +00:00
Dr. Stephen Henson
e4e949192b Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
Reviewed by: steve@openssl.org

Check return codes properly in md BIO and dgst command.
2009-03-18 18:53:08 +00:00
Andy Polyakov
4e52b9845e aes-390x.pl: commentary update. 2009-03-17 20:04:11 +00:00
Andy Polyakov
e22b864846 Make SPARC assembler modules *really* Purify-friendly. 2009-03-17 18:31:08 +00:00
Andy Polyakov
57db09906b Excuse myself from integrating sha1-sparcv9a.pl into build system, but
make it Purify-friendly...
2009-03-16 13:48:42 +00:00
Andy Polyakov
4c78bc05c4 Make SPARC assembler Pirify-friendly (Purify can't cope with certain
PIC constructs).
2009-03-16 13:32:38 +00:00
Dr. Stephen Henson
ef8e772805 Use OPENSSL_assert() instead of assert. 2009-03-15 14:04:42 +00:00
Dr. Stephen Henson
54571ba004 Use correct ctx name. 2009-03-15 14:03:47 +00:00
Dr. Stephen Henson
237d7b6cae Fix from stable branch. 2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
854a225a27 Update from stable branch. 2009-03-14 18:33:49 +00:00
Dr. Stephen Henson
e39acc1c90 PR: 1864
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Reviewed by: steve@openssl.org

Check return value.
2009-03-14 12:39:05 +00:00
Dr. Stephen Henson
a0b76569b2 Update from stable branch. 2009-03-14 12:26:48 +00:00
Dr. Stephen Henson
33ab2e31f3 PR: 1854
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org

Support GeneralizedTime in ca utility.
2009-03-09 13:59:07 +00:00
Dr. Stephen Henson
bb7ccdfbe2 Update from stable branch. 2009-03-09 13:08:04 +00:00
Dr. Stephen Henson
c836f8ef73 Update from stable branch. 2009-03-09 12:30:10 +00:00
Dr. Stephen Henson
4df100935f Update from stable branch. 2009-03-09 12:21:19 +00:00
Ben Laurie
c2a548a884 Print IPv6 all 0s correctly (Rob Austein). 2009-03-08 10:54:45 +00:00
Dr. Stephen Henson
77202a85a0 Update from stable branch. 2009-03-07 17:00:23 +00:00
Ben Laurie
2121f15daf Use the right length (reported by Quanhong Wang). 2009-03-03 15:12:56 +00:00
Richard Levitte
605b04f661 Make it possible to disable STORE. 2009-02-19 09:42:51 +00:00
Richard Levitte
97132a0f8e Reference bug. 2009-02-19 09:42:32 +00:00
Dr. Stephen Henson
30e5e39a3d PR: 1778
Increase default verify depth to 100.
2009-02-16 23:23:21 +00:00
Dr. Stephen Henson
b5d5c0a21f PR: 1843
Use correct array size for SHA1 hash.
2009-02-16 21:42:48 +00:00
Richard Levitte
f8ea4757cc Data not initialised.
Notified by Gerardo Ganis <gerardo.ganis@cern.ch>
2009-02-16 15:17:24 +00:00
Dr. Stephen Henson
a63bf2c53c Make no-engine work again. 2009-02-15 15:28:18 +00:00
Ben Laurie
b3f3407850 Use new common flags and fix resulting warnings. 2009-02-15 14:08:51 +00:00
Dr. Stephen Henson
477fd4596f PR: 1835
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
2009-02-14 21:49:38 +00:00
Andy Polyakov
c558c99fd8 rc4-s390x.pl: allow for older assembler and optimize character loop. 2009-02-12 14:48:49 +00:00
Andy Polyakov
13c3a1defa RC4 for s390x. 2009-02-11 10:01:36 +00:00
Dr. Stephen Henson
aaa29f9e83 Add error checking to obj_xref.pl and add command line support for data
file locations.
2009-02-10 13:03:31 +00:00
Dr. Stephen Henson
ede6ef5e08 Submitted by: Peter Sylvester <Peter.Sylvester@edelweb.fr>
Reviewed by: steve

If tagging is universal and SET or SEQUENCE set constructed bit.
2009-02-10 12:13:08 +00:00
Andy Polyakov
0f529cbdc3 s390x-mont.pl: optimize prologue. 2009-02-10 08:46:48 +00:00
Andy Polyakov
eb55b9fc19 linux-s390x failed link after assembler pack update. 2009-02-10 07:43:48 +00:00
Andy Polyakov
7012d2a8fa sha1-sparcv9a.pl: fix bug in commentary section. 2009-02-09 16:03:33 +00:00
Andy Polyakov
8626230a02 s390x assembler pack update. 2009-02-09 15:42:04 +00:00
Dr. Stephen Henson
57f39cc826 Print out UTF8 and NumericString types in ASN1 parsing utility. 2009-01-28 12:54:52 +00:00
Dr. Stephen Henson
6489573224 Update from stable branch. 2009-01-28 12:36:14 +00:00
Dr. Stephen Henson
079e00e646 Typo: just copy across an unknown type. 2009-01-28 12:32:03 +00:00
Richard Levitte
8bf5001612 Do the Camellia part right 2009-01-28 07:01:29 +00:00
Richard Levitte
6ed9dfb23a Synchronise with Unix build 2009-01-20 05:39:24 +00:00
Dr. Stephen Henson
c2c99e2860 Update certificate hash line format to handle canonical format
and avoid MD5 dependency.
2009-01-15 13:22:39 +00:00
Dr. Stephen Henson
8125d9f99c Make PKCS#8 the standard write format for private keys, replacing the
ancient SSLeay format.
2009-01-15 12:52:38 +00:00
Dr. Stephen Henson
8e6925b0cd Add CRYPTO_MDEBUG_ABORT to abort() is there are any memory leaks. This will
cause "make test" failures and make resource leaks more obvious.
2009-01-11 20:36:50 +00:00
Dr. Stephen Henson
41b7619596 Fix missing prototype warnings then fix different prototype warnings ;-) 2009-01-11 16:17:26 +00:00
Dr. Stephen Henson
bab534057b Updatde from stable branch. 2009-01-07 23:44:27 +00:00
Andy Polyakov
6de3683908 Add UltraSPARC VIS-powered SHA1 block procedure. 2009-01-05 14:52:31 +00:00
Richard Levitte
792bbc2374 VMS stuff I forgot... 2009-01-03 09:25:32 +00:00
Ben Laurie
23b973e600 Calculate offset correctly. (Coverity ID 233) 2009-01-01 18:30:51 +00:00
Andy Polyakov
a370537bde Styling update to makefiles: $() to denote make substitutions and $${} -
shell ones.
2008-12-29 16:17:52 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should
test for them!
2008-12-29 16:11:58 +00:00
Ben Laurie
8aa02e97a7 Make sure a bad parameter to RSA_verify_PKCS1_PSS() doesn't lead to a crash.
(Coverity ID 135).
2008-12-29 13:35:08 +00:00
Andy Polyakov
a68c7b9171 bn_lib.c: [re-]fix Win64 compiler warning. 2008-12-29 12:44:33 +00:00
Andy Polyakov
5cabcf96e7 Fix "possible loss of data" Win64 compiler warnings. 2008-12-29 12:35:49 +00:00
Dr. Stephen Henson
2d1cbc85c8 Add standard .cvsignore file. 2008-12-29 00:27:06 +00:00
Andy Polyakov
e81695205e x86_64-xlate.pl: support for binary constants, such as 0b1010101. 2008-12-27 14:00:37 +00:00
Andy Polyakov
fe150ac25d Add modes/cts128.c, Ciphertext Stealing implementation. 2008-12-27 13:40:45 +00:00
Andy Polyakov
bec45a35bb cmll-x86_64.pl: fix bug in cbc tail processing and comply with Win64 ABI spec. 2008-12-27 13:39:38 +00:00
Andy Polyakov
3b0ee0d2bf Revisit RT#1801 and complete fix. 2008-12-27 13:32:21 +00:00
Ben Laurie
dde5b979d2 Remove dead code. (Coverity ID 2) 2008-12-27 02:36:24 +00:00
Ben Laurie
57a6ac7c4f Check scalar->d before we use it (in BN_num_bits()). (Coverity ID 129) 2008-12-27 02:15:16 +00:00
Richard Levitte
4ded7b44a8 More synchronisation with Unix 2008-12-26 23:52:06 +00:00
Ben Laurie
1457619e13 Remove misleading dead code. Constify. (Coverity ID 142) 2008-12-26 17:17:21 +00:00
Ben Laurie
ccf529928f !a && !a->b is clearly wrong! Changed to !a || !a->b (Coverity ID 145). 2008-12-26 15:32:59 +00:00
Ben Laurie
5ceb595dfa pval must always be set when pk7_cb() does anything (Coverity ID 146). 2008-12-26 15:29:02 +00:00
Richard Levitte
44390fadc0 In BIO_write(), update the write statistics, not the read statistics.
PR: 1803
2008-12-25 22:24:17 +00:00
Richard Levitte
974d05a323 Further synchronisation with Unix 2008-12-25 22:04:42 +00:00
Andy Polyakov
0f76640fba Windows-specific addenum to "engage crypto/modes" commit #17716. 2008-12-23 15:15:44 +00:00
Andy Polyakov
a11974180f Patch the omission from prvious commit #17716. 2008-12-23 11:38:33 +00:00
Andy Polyakov
5d48a66a6a Engage crypto/modes. 2008-12-23 11:33:01 +00:00
Andy Polyakov
63fc7f848d crypto/modes: make modes.h selfsufficient and rename block_f to block128_t. 2008-12-23 11:18:45 +00:00
Andy Polyakov
830457ce4f Optimize CAST for size on 64-bit platforms. For reference, CAST_LONG being
unsigned long must be attributed to 16-bit support. As we don't support
16-bit platoforms anymore, there is no reason to waste twice required
space on CAST S-boxes (16KB vs. 8KB) or key schedule.
2008-12-22 15:21:59 +00:00
Andy Polyakov
ea4d5005d9 cmll-x86_64.pl: Win64 SEH section to handle pushf/popf in CBC routine. 2008-12-22 14:15:11 +00:00
Andy Polyakov
9f03d0fc04 Optimize #undef DES_UNROLL for size. 2008-12-22 14:10:42 +00:00
Andy Polyakov
e527201f6b This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another
.DLL, in particular static build. The issue has been discussed in RT#1230
and later on openssl-dev, and mutually exclusive approaches were suggested.
This completes compromise solution suggested in RT#1230.
PR: 1230
2008-12-22 13:54:12 +00:00
Dr. Stephen Henson
70531c147c Make no-engine work again. 2008-12-20 17:04:40 +00:00
Andy Polyakov
702e742515 cmll-x86_64.pl: bug fix and size optimization of Win64 SEH section. 2008-12-19 11:19:19 +00:00
Andy Polyakov
be01f79d3d x86_64 assembler pack: add support for Win64 SEH. 2008-12-19 11:17:29 +00:00
Andy Polyakov
bf785c9849 x86_64-xlate.pl: fix masm hexadecimal constants. 2008-12-19 11:14:38 +00:00
Andy Polyakov
4db4882402 perlasm/x86* update: support for 3 and 4 argument instructions. 2008-12-17 19:56:48 +00:00
Andy Polyakov
6786f52ada SEGV in AES_cbc_encrypt in aes-x86_64 assembler module.
PR: 1801
Submitted by: Huang Ying
2008-12-17 14:11:30 +00:00
Richard Levitte
2e6a7b3efc Constify where needed 2008-12-16 13:41:49 +00:00
Richard Levitte
63461b8db1 Remove extraneous semicolons 2008-12-16 10:56:05 +00:00
Richard Levitte
e77228ba11 Stack changes made dso_vms.c not compile properly. 2008-12-16 10:55:26 +00:00
Richard Levitte
5c60b1637a A few more symbols that are a little bit long for VMS 2008-12-16 10:54:53 +00:00
Richard Levitte
26397d2e8c Synchronise VMS build system with the Unixly one 2008-12-16 10:54:28 +00:00
Andy Polyakov
85b2c0ce7f 128-bit block cipher modes consolidation. As consolidated functions
rely on indirect call to block functions, they are not as fast as
non-consolidated routines. However, performance loss(*) is within
measurement error and consolidation advantages are considered to
outweigh it.

(*) actually one can observe performance *improvement* on e.g.
    CBC benchmarks thanks to optimization, which also becomes
    shared among ciphers.
2008-12-16 08:39:21 +00:00
Andy Polyakov
f826bf7798 SEED to support OPENSSL_SMALL_FOOTPRINT: ~2x size decrease on x86. 2008-12-16 07:41:21 +00:00
Andy Polyakov
3ebbe8853f Bring C bn_mul_mont template closer to assembler. 2008-12-16 07:28:38 +00:00
Ben Laurie
1f6e9bce21 Missing return values (Coverity ID 204). 2008-12-13 17:19:40 +00:00
Dr. Stephen Henson
9d44cd1642 Oops should check zero_pos >= 0. 2008-12-08 19:13:06 +00:00
Dr. Stephen Henson
1d4e879106 Handle case where v6stat.zero_pos == 0 correctly.
Reported by: Kurt Roeckx <kurt@roeckx.be>, Tobias Ginzler <ginzler@fgan.de> (Debian bug #506111)
2008-12-07 23:58:44 +00:00
Andy Polyakov
ae381fef5c Add Camellia assembler x86 and x86_64 modules. 2008-12-03 09:22:51 +00:00
Bodo Möller
7a76219774 Implement Configure option pattern "experimental-foo"
(specifically, "experimental-jpake").
2008-12-02 01:21:39 +00:00
Dr. Stephen Henson
e9afa08cd1 Update from stable branch. 2008-11-30 16:09:04 +00:00
Geoff Thorpe
bcaa36fd11 Fix compilation with -DOPENSSL_NO_DEPRECATED. 2008-11-28 22:06:55 +00:00
Dr. Stephen Henson
79bd20fd17 Update from stable-branch. 2008-11-24 17:27:08 +00:00
Dr. Stephen Henson
d0c3628834 Set memory BIOs up properly when stripping text headers from S/MIME messages. 2008-11-21 18:18:13 +00:00
Ben Laurie
f3b7bdadbc Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks. 2008-11-16 12:47:12 +00:00
Ben Laurie
ad7159ea84 Ignore generated ASM. 2008-11-16 12:32:14 +00:00
Andy Polyakov
93c4ba07d7 x86_64-xlate.pl update, engage x86_64 assembler in mingw64. 2008-11-14 16:40:37 +00:00
Ben Laurie
6c901ae8c1 Ignore saved Makefile. 2008-11-13 09:31:37 +00:00
Ben Laurie
90c65a9838 J-PAKE is not experimental in HEAD. 2008-11-13 09:31:08 +00:00
Dr. Stephen Henson
ed551cddf7 Update from stable branch. 2008-11-12 17:28:18 +00:00
Dr. Stephen Henson
5aca224ecd Reinstate camellia header fix patch. 2008-11-12 17:02:40 +00:00
Andy Polyakov
1416aec60d Update make rules for x86_64 assembler pack. 2008-11-12 08:19:04 +00:00
Andy Polyakov
aa8f38e49b x86_64 assembler pack to comply with updated styling x86_64-xlate.pl rules. 2008-11-12 08:15:52 +00:00
Andy Polyakov
8525377265 x86_64-xlate.pl to support MacOS X and mingw64. 2008-11-12 08:05:58 +00:00
Andy Polyakov
2fbc8a2aad Revert commit #17603, it should have been part of #17617. 2008-11-12 07:27:36 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2401debe83 Tolerate -----BEGIN PKCS #7 SIGNED DATA----- header lines as used by some
implementations.
2008-11-11 12:38:25 +00:00
Dr. Stephen Henson
5c61111bff Update from stable branch. 2008-11-11 12:23:18 +00:00
Bodo Möller
0a8c9f7de1 symbol deobnoxification 2008-11-11 07:08:59 +00:00
Dr. Stephen Henson
7b808412c9 Make -DKSSL_DEBUG work again. 2008-11-10 19:08:37 +00:00
Dr. Stephen Henson
0afc9f5bc0 PR: 1777
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>
Approved by: steve@openssl.org

Fix some size_t issues.
2008-11-05 23:14:32 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
5947ca0409 Don't use clobbered 'i' for checking UTCTime and GeneralizedTime length. 2008-11-05 18:28:24 +00:00
Ben Laurie
d40a1b865f Only one of these needs to be signed. 2008-11-04 15:16:23 +00:00
Ben Laurie
f80921b6a6 Formatting. 2008-11-04 12:06:09 +00:00
Andy Polyakov
8fe8bae15a Minor perlasm updates. 2008-11-03 08:46:07 +00:00
Dr. Stephen Henson
f2c0230518 Not sure about this one... seems to be needed to make 64 bit release
builds work properly...
2008-11-02 18:29:27 +00:00
Dr. Stephen Henson
e6e0c9018c Fix prototypes. 2008-11-02 18:12:36 +00:00
Dr. Stephen Henson
9619b730b4 Use stddef.h to pick up size_t def. 2008-11-02 16:56:13 +00:00
Dr. Stephen Henson
2766515fca Fix prototypes. 2008-11-02 16:13:19 +00:00
Dr. Stephen Henson
87d52468aa Update HMAC functions to return an error where relevant. 2008-11-02 16:00:39 +00:00
Dr. Stephen Henson
70d71f6185 Fix warnings: printf format mismatches on 64 bit platforms.
Change assert to OPENSSL_assert().
Fix e_padlock prototype.
2008-11-02 15:41:30 +00:00
Ben Laurie
5ee92a5ec1 Fix asserts. Fix incorrect dependency. 2008-11-02 13:15:06 +00:00
Dr. Stephen Henson
c76fd290be Fix warnings about mismatched prototypes, undefined size_t and value computed
not used.
2008-11-02 12:50:48 +00:00
Ben Laurie
d0a20cafa1 Fix warnings. 2008-11-02 09:22:29 +00:00
Ben Laurie
8da07655ee Fix warning. 2008-11-02 09:00:25 +00:00
Andy Polyakov
befe1fbc29 Fix bss_log.c on Windows. 2008-11-01 21:09:54 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Ben Laurie
4d6e1e4f29 size_tification. 2008-11-01 14:37:00 +00:00
Andy Polyakov
122396f2db Fix SHA512 and optimize BN for mingw64. 2008-11-01 12:46:18 +00:00
Andy Polyakov
09a60c9833 Fix warnings after commit#17578. 2008-10-31 20:20:54 +00:00
Andy Polyakov
b444ac3e6f size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
underlying cipher to be size_t-fied, it allows for size_t, signed and
unsigned long. It maintains source and even binary compatibility.
2008-10-31 19:48:25 +00:00
Andy Polyakov
f768be81d8 size_t-fy AES, Camellia and RC4. 2008-10-31 19:30:11 +00:00
Dr. Stephen Henson
91173829db Add install target to crypto/jpake/Makefile 2008-10-31 12:06:25 +00:00
Andy Polyakov
e6b4578540 randfile.c: .rnd can become orphaned on VMS.
Submitted by: David North
2008-10-28 16:25:47 +00:00
Andy Polyakov
ea71ec1b11 ec2_mult.c readability update. 2008-10-28 13:53:51 +00:00
Andy Polyakov
f1455b3063 Minor clean-up in bn_lib.c: constification and optimization. 2008-10-28 13:52:51 +00:00
Andy Polyakov
b764f82c64 Fix crash in BN_rshift.
PR: 1663
2008-10-28 13:46:14 +00:00
Andy Polyakov
436bdcff4e Harmonize Camellia API with version 1.x. 2008-10-28 12:13:52 +00:00
Andy Polyakov
27f864e8ac Camellia update. Quoting camellia.c:
/*
 * This release balances code size and performance. In particular key
 * schedule setup is fully unrolled, because doing so *significantly*
 * reduces amount of instructions per setup round and code increase is
 * justifiable. In block functions on the other hand only inner loops
 * are unrolled, as full unroll gives only nominal performance boost,
 * while code size grows 4 or 7 times. Also, unlike previous versions
 * this one "encourages" compiler to keep intermediate variables in
 * registers, which should give better "all round" results, in other
 * words reasonable performance even with not so modern compilers.
 */
2008-10-28 08:47:24 +00:00
Andy Polyakov
80aa9cc985 x86_64-xlate.pl update: refine SEH support. 2008-10-28 08:40:07 +00:00
Dr. Stephen Henson
ab7e09f59b Win32 fixes... add new directory to build system. Fix warnings. 2008-10-27 12:31:13 +00:00
Dr. Stephen Henson
e9eda23ae6 Fix warnings and various issues.
C++ style comments.
Signed/unsigned warning in apps.c
Missing targets in jpake/Makefile
2008-10-27 12:02:52 +00:00
Ben Laurie
6caa4edd3e Add JPAKE. 2008-10-26 18:40:52 +00:00
Dr. Stephen Henson
df0681e554 Add permanentIdentifier OID. 2008-10-22 18:48:11 +00:00
Dr. Stephen Henson
e19106f5fb Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.

This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Geoff Thorpe
ae7ec4c71d Apparently '__top' is also risky, obfuscate further. (All this to
avoid inlines...)
2008-10-22 12:00:15 +00:00
Geoff Thorpe
3fdc6c11aa Use of a 'top' var creates "shadow variable" warnings. 2008-10-22 01:25:45 +00:00
Dr. Stephen Henson
dcf6b3e9b6 Reinstate obj_xref.h as it is not auto generated on all platforms. 2008-10-20 15:12:48 +00:00
Dr. Stephen Henson
606f6c477a Fix a shed load or warnings:
Duplicate const.
Use of ; outside function.
2008-10-20 15:12:00 +00:00
Ben Laurie
0d6f9c7181 Constification. 2008-10-19 22:51:27 +00:00
Dr. Stephen Henson
111a6e2a23 Fix multiple ; warning. 2008-10-18 15:02:59 +00:00
Ben Laurie
d764e7edb8 Fix warning a different way. 2008-10-18 12:12:34 +00:00
Andy Polyakov
aff8259510 Fix argument order in BN_nnmod call and implement rigorous boundary
condition check.
2008-10-16 07:54:41 +00:00
Andy Polyakov
256b3e9c5f Optimize bn_correct_top. 2008-10-15 10:48:52 +00:00
Andy Polyakov
762a2e3cab Remove redundant BN_ucmp, fix boundary condition in BN_nist_mod_224 and
reimplement BN_nist_mod_521.
2008-10-15 10:47:48 +00:00
Ben Laurie
28b6d5020e Set comparison function in v3_add_canonize(). 2008-10-14 19:27:07 +00:00
Dr. Stephen Henson
0f7efbc859 Ooops... remove code accidentally commited from FIPS version. 2008-10-14 15:44:14 +00:00
Dr. Stephen Henson
a7ae4abfd9 Add missing lock definitions... 2008-10-14 15:24:49 +00:00
Dr. Stephen Henson
30661b1b01 Add missing lock definitions. 2008-10-14 15:22:11 +00:00
Ben Laurie
1ea6472e60 Type-safe OBJ_bsearch_ex. 2008-10-14 08:10:52 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90 Experimental new date handling routines. These fix issues with X509_time_adj()
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Lutz Jänicke
1e369b375e Fix incorrect command for assember file generation on IA64
Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>
2008-10-06 10:34:49 +00:00
Andy Polyakov
6bf24568bc Fix EC_KEY_check_key. 2008-09-23 17:33:11 +00:00
Bodo Möller
1a489c9af1 From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.
Also, fix CHANGES (consistency with stable branch).
2008-09-15 20:41:24 +00:00
Andy Polyakov
d7235a9d68 Fix yesterday typos in bss_dgram.c. 2008-09-15 05:43:04 +00:00
Geoff Thorpe
fa0f834c20 Fix build warnings. 2008-09-15 04:02:37 +00:00
Andy Polyakov
b9790c1cd4 Winsock handles SO_RCVTIMEO in unique manner...
PR: 1648
2008-09-14 19:22:52 +00:00
Bodo Möller
db99c52509 Really get rid of unsafe double-checked locking.
Also, "CHANGES" clean-ups.
2008-09-14 13:51:44 +00:00
Bodo Möller
f8d6be3f81 Some precautions to avoid potential security-relevant problems. 2008-09-14 13:42:34 +00:00
Andy Polyakov
492279f6f3 AIX build updates. 2008-09-12 14:45:54 +00:00
Ben Laurie
43048d13c8 Fix warning. 2008-09-07 13:22:34 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06 Add support for CRLs partitioned by reason code.
Tidy CRL scoring system.

Add new CRL path validation error.
2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
249a77f5fb Add support for freshest CRL extension. 2008-08-27 15:52:05 +00:00
Dr. Stephen Henson
d0fff69dc9 Initial indirect CRL support. 2008-08-20 16:42:19 +00:00
Dr. Stephen Henson
8c9bd89338 Support for certificateIssuer CRL entry extension. 2008-08-18 16:48:47 +00:00
Bodo Möller
2e415778f2 Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.
2008-08-14 21:37:51 +00:00
Dr. Stephen Henson
9d84d4ed5e Initial support for CRL path validation. This supports distinct certificate
and CRL signing keys.
2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
2e0c7db950 Initial code to support distinct certificate and CRL signing keys where the
CRL issuer is not part of the main path.

Not complete yet and not compiled in because the CRL issuer certificate is
not validated.
2008-08-12 16:07:52 +00:00
Dr. Stephen Henson
002e66c0e8 Support for policy mappings extension.
Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.
2008-08-12 10:32:56 +00:00
Dr. Stephen Henson
e9746e03ee Initial support for name constraints certificate extension.
TODO: robustness checking on name forms.
2008-08-08 15:35:29 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs,
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Andy Polyakov
96826bfc84 sha1-armv4-large cosmetics. 2008-08-06 08:58:45 +00:00
Andy Polyakov
eb1aa135d8 sha1-armv4-large.pl performance improvement. On PXA255 it gives +10% on
8KB block, +60% on 1KB, +160% on 256B...
2008-08-06 08:47:07 +00:00
Dr. Stephen Henson
6d6c47980e Correctly handle errors in CMS I/O code. 2008-08-05 15:55:53 +00:00
Dr. Stephen Henson
3e727a3b37 Add support for nameRelativeToCRLIssuer field in distribution point name
fields.
2008-08-04 15:34:27 +00:00
Dr. Stephen Henson
a9ff742e42 Make explicit_policy handling match expected RFC3280 behaviour. 2008-08-02 11:16:35 +00:00
Dr. Stephen Henson
5cbd203302 Initial support for alternative CRL issuing certificates.
Allow inibit any policy flag to be set in apps.
2008-07-30 15:49:12 +00:00
Dr. Stephen Henson
592a207b94 Policy validation fixes.
Inhibit any policy count should ignore self issued certificates.
Require explicit policy is the number certificate before an explict policy
is required.
2008-07-30 15:41:42 +00:00
Andy Polyakov
b94551e823 perlasm update: implement dataseg directive. 2008-07-22 08:44:31 +00:00
Andy Polyakov
9b634c9b37 x86_64-xlate.pl: implement indirect jump/calls, support for Win64 SEH. 2008-07-22 08:42:06 +00:00
Bodo Möller
5b331ab77a We should check the eight bytes starting at p[-9] for rollback attack
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.

PR: 1695
2008-07-17 22:11:53 +00:00
Andy Polyakov
dd6f479ea8 mem_dbg.c: avoid compiler warnings.
PR: 1693
Submitted by: Stefan Neis
2008-07-17 13:58:21 +00:00
Andy Polyakov
87facba376 Remove junk argument to function_begin in sha/asm/*-586.pl.
PR: 1681
2008-07-17 09:50:56 +00:00
Andy Polyakov
e4662fdb62 x86masm.pl: harmonize functions' alignment. 2008-07-17 09:46:09 +00:00