Commit graph

4205 commits

Author SHA1 Message Date
Dr. Stephen Henson
0d658ddf25 PR: 1858
Submitted by: Jurko Gospodneti <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Make OPENSSL_NO_SOCK work.
2009-03-09 12:09:03 +00:00
Dr. Stephen Henson
cefa7ce284 PR: 1857
Submitted by: Jurko Gospodnetić <jurko.gospodnetic@docte.hr>
Reviewed by: steve@openssl.org

Make OPENSSL_NO_FP_API work again.
2009-03-09 12:06:23 +00:00
Dr. Stephen Henson
ee4041b8bd PR: 1841
Submitted by: Martin Kaiser <lists@kaiser.cx>
Reviewed by: steve@openssl.org

Remove unused code.
2009-03-08 23:05:34 +00:00
Ben Laurie
a17f351b56 Fix display of all 0 IPv6 address (from Rob Austein). 2009-03-08 10:48:03 +00:00
Dr. Stephen Henson
4fcf8d8b07 Submitted by: Jeremy Shapiro <jnshapir@us.ibm.com>
Reviewed by: steve@openssl.org

Improve efficientcy of mem_gets().
2009-03-07 16:58:43 +00:00
Ben Laurie
1eee8a4226 Use the correct length (reported by Quanhong Wang). 2009-03-03 15:06:49 +00:00
Ben Laurie
e26ad0c4fd Fix FIPS typo. 2009-02-18 10:27:23 +00:00
Dr. Stephen Henson
6e7559ac7f Update from HEAD. 2009-02-16 23:24:06 +00:00
Richard Levitte
9feda63955 Data not initialised.
Notified by Gerardo Ganis <gerardo.ganis@cern.ch>
2009-02-16 15:17:26 +00:00
Ben Laurie
1ed81ff731 Use shared dev team flags, fix resulting warning. 2009-02-16 08:44:23 +00:00
Dr. Stephen Henson
9a6401acdf PR: 1422
Fix return value of X509_NAME_cmp() so it works with qsort/bsearch again.
2009-02-15 12:10:39 +00:00
Dr. Stephen Henson
f908ca4db4 PR: 1840
Submitted by: Martin Kaiser <lists@kaiser.cx>
Approved by: steve@openssl.org

Handle NULL passing in parameter and BN_CTX_new() error correctly.
2009-02-14 22:19:31 +00:00
Dr. Stephen Henson
72f6453c48 PR: 1835
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
2009-02-14 21:50:14 +00:00
Dr. Stephen Henson
73cb37295d Update from HEAD. 2009-01-28 12:55:36 +00:00
Dr. Stephen Henson
1f35508ae6 Support NumericString for name components. 2009-01-28 12:35:10 +00:00
Richard Levitte
3e2a74c294 Add missing modules 2009-01-28 07:54:16 +00:00
Richard Levitte
ab31dbc482 Another symbol that's longer than 31 characters. 2009-01-17 12:33:43 +00:00
Richard Levitte
36e9d3ee91 A forgotten module... 2009-01-17 12:33:11 +00:00
Dr. Stephen Henson
5f3ad8f82c Update from HEAD. 2009-01-14 10:46:00 +00:00
Dr. Stephen Henson
d34353cc91 Prepare for next version. 2009-01-07 23:38:34 +00:00
Dr. Stephen Henson
6287fa5396 Prepare for 0.9.8j release. 2009-01-07 10:50:54 +00:00
Dr. Stephen Henson
a00c3c4019 Properly check EVP_VerifyFinal() and similar return values
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
2009-01-07 10:48:23 +00:00
Dr. Stephen Henson
92308905dd make update. 2009-01-05 12:47:11 +00:00
Andy Polyakov
e607e731eb Synchronize with bn_nist.c from HEAD. 2008-12-30 13:41:08 +00:00
Andy Polyakov
f17c45611e Backport http://cvs.openssl.org/chngview?cn=17710 from HEAD.
PR: 1230
2008-12-30 13:30:57 +00:00
Andy Polyakov
a51c8c64e0 Backport aes-x86_64.pl update from HEAD. 2008-12-27 13:34:30 +00:00
Richard Levitte
7f065cfdbd In BIO_write(), update the write statistics, not the read statistics.
PR: 1803
2008-12-25 22:24:21 +00:00
Richard Levitte
667fbc0847 Further synchronisation with Unix 2008-12-25 22:04:45 +00:00
Richard Levitte
6ba7bd5697 Synchronise with Unixly build. 2008-12-22 09:30:09 +00:00
Dr. Stephen Henson
2cad035c01 Make no-engine work again... 2008-12-20 17:04:09 +00:00
Andy Polyakov
2a76c68842 Backport aes-x86_64.pl update from HEAD and revisit same code in aes-586.pl.
PR: 1801
2008-12-17 14:14:51 +00:00
Ben Laurie
1b00f4bc37 Missing return values (Coverity ID 204). 2008-12-13 17:00:53 +00:00
Dr. Stephen Henson
fe43caa4a4 Fix from HEAD. 2008-12-08 19:13:57 +00:00
Dr. Stephen Henson
792e614144 Fix from HEAD. 2008-12-07 23:59:13 +00:00
Ben Laurie
f092a073a7 Fix warnings. 2008-12-02 18:14:44 +00:00
Bodo Möller
505ed2b076 Implement Configure option pattern "experimental-foo"
(specifically, "experimental-jpake").
2008-12-02 01:21:06 +00:00
Dr. Stephen Henson
cef3e62d2b Don't clobber passed GENERAL_NAME on error. 2008-11-30 16:07:11 +00:00
Dr. Stephen Henson
516f76fd2c Move new function CRYPTO_strdup to mem_dbg.c because mem.c is excluded in
a fips build.
2008-11-24 17:02:49 +00:00
Dr. Stephen Henson
5a02ac6e5b Revert OPENSSL_EXPERIMENTAL patch.
Change it so JPAKE uses the standard OPENSSL_NO_JPAKE instead.
2008-11-24 16:14:15 +00:00
Dr. Stephen Henson
14d4074ee1 Update from HEAD. 2008-11-21 18:18:28 +00:00
Dr. Stephen Henson
d9f16c405c Commit default dependencies. 2008-11-19 16:03:51 +00:00
Dr. Stephen Henson
5aa032033e Remove jpake.h dependencies from default build. 2008-11-19 00:40:59 +00:00
Dr. Stephen Henson
c0ce8fe755 Update .cvsignore 2008-11-15 17:47:31 +00:00
Dr. Stephen Henson
55eff40084 Stop warnings. 2008-11-15 17:46:41 +00:00
Bodo Möller
fe46b0de29 make update 2008-11-14 00:17:43 +00:00
Dr. Stephen Henson
a581439bb1 Fixes for "make depend". Features which need a #define to be set to
enable them, like FIPS and JPAKE need to have these set when building
dependencies.
2008-11-13 15:08:33 +00:00
Ben Laurie
a43337e8c4 Not an error to include jpake.h when disabled. 2008-11-13 11:35:23 +00:00
Ben Laurie
33c51ec143 J-PAKE is not RSA. 2008-11-13 09:50:24 +00:00
Dr. Stephen Henson
a1bb2d6c2f Update mk1mf.pl for new JPAKE options. Update jpaketest.c for WIN32. 2008-11-12 18:27:17 +00:00
Dr. Stephen Henson
81dde5e8fe Add support for experimental code, not compiled in by default and
with OPENSSL_EXPERIMENTAL_FOO around it. Make JPAKE experimental.
2008-11-12 16:54:35 +00:00
Dr. Stephen Henson
b84e441861 Don't attempt to enter FIPS mode in autoconfig module if already in FIPS mode. 2008-11-11 12:52:14 +00:00
Dr. Stephen Henson
08e012bbec Update from HEAD. 2008-11-11 12:42:32 +00:00
Dr. Stephen Henson
b46acc392b Avoid conflict with some version of Windows platform SDK. 2008-11-11 12:22:17 +00:00
Dr. Stephen Henson
2c17b493b1 Make -DKSSL_DEBUG work again. 2008-11-10 18:55:07 +00:00
Dr. Stephen Henson
3795297af8 Change old obsolete email address... 2008-11-05 18:36:57 +00:00
Dr. Stephen Henson
33fd33d423 Fix from HEAD. 2008-11-05 18:29:49 +00:00
Dr. Stephen Henson
582ef3dbdb Fix from HEAD. 2008-10-31 12:09:18 +00:00
Andy Polyakov
6a933782fa randfile.c: .rnd can become orphaned on VMS [from HEAD].
Submitted by: David North
2008-10-28 16:30:09 +00:00
Andy Polyakov
8d64abacc6 Fix crash in BN_rshift [from HEAD].
PR: 1663
2008-10-28 13:47:38 +00:00
Dr. Stephen Henson
9af6802943 Win32 fixes, add new directory to WIN32 build system. 2008-10-27 12:30:33 +00:00
Dr. Stephen Henson
c10f53a897 Fixes from HEAD. 2008-10-27 12:04:04 +00:00
Ben Laurie
2124e869a8 Add JPAKE. 2008-10-26 18:42:05 +00:00
Dr. Stephen Henson
ff09931e22 Sync OIDS with HEAD. 2008-10-22 18:48:50 +00:00
Lutz Jänicke
312539ae9f Armor pq_compat.h header file against multiple inclusion
Submitted by: Alex Chen <alex_chen@filemaker.com>
2008-10-20 12:40:20 +00:00
Ben Laurie
b76306c983 Constification. 2008-10-18 14:27:36 +00:00
Ben Laurie
cdffc716c9 Set the comparison function in v3_addr_canonize(). 2008-10-14 19:21:30 +00:00
Lutz Jänicke
cfe04f607d Fix incorrect command for assember file generation on IA64
Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>
2008-10-06 10:35:29 +00:00
Dr. Stephen Henson
c0e9f540e0 Check for errors in ASN1 sign and verify routines. 2008-09-25 16:38:07 +00:00
Andy Polyakov
7c97aacbe8 Fix EC_KEY_check_key [from HEAD]. 2008-09-23 17:34:08 +00:00
Dr. Stephen Henson
155ad6d219 Fix warnings when more pedantic "debuge-steve32" target is used. 2008-09-21 11:40:36 +00:00
Dr. Stephen Henson
138f20433e Camellia low level API algorithm blocking. 2008-09-21 11:21:43 +00:00
Dr. Stephen Henson
7747c67861 Make camellia work with updated EVP macros. 2008-09-21 10:24:08 +00:00
Dr. Stephen Henson
e852835da6 Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
Dr. Stephen Henson
52702f6f92 Updates to build system from FIPS branch. Make fipscanisterbuild work and
build FIPS test programs.
2008-09-17 15:56:42 +00:00
Dr. Stephen Henson
05794d983f Add RSA update from FIPS branch that got omitted.... 2008-09-17 15:53:59 +00:00
Dr. Stephen Henson
364f36f851 Don't change NUM_LOCKS value for non-FIPS builds. 2008-09-17 15:07:41 +00:00
Dr. Stephen Henson
9b809d6278 Add missing files. 2008-09-16 22:54:30 +00:00
Dr. Stephen Henson
bbefea3387 Add missing files. 2008-09-16 22:48:18 +00:00
Dr. Stephen Henson
d83dde6180 Merge changes to build system from fips branch. 2008-09-16 21:44:57 +00:00
Dr. Stephen Henson
8067d34b3a FIPS merge "crypto" functions. 2008-09-16 15:11:50 +00:00
Dr. Stephen Henson
e3f2860e73 Merge public key FIPS code, RSA, DSA, DH. 2008-09-16 14:55:26 +00:00
Dr. Stephen Henson
92eb44d238 Add missing file. 2008-09-16 11:52:33 +00:00
Dr. Stephen Henson
f4179bead4 RAND library FIPS merge. 2008-09-16 11:50:05 +00:00
Dr. Stephen Henson
fced277486 conf/hmac FIPS merge. 2008-09-16 11:37:03 +00:00
Dr. Stephen Henson
3d1be455ce ERR library FIPS merge. Reorganise functions and add FIPS error
definitions.
2008-09-16 11:26:29 +00:00
Dr. Stephen Henson
dee4d129cb FIPS des library merge. 2008-09-16 11:17:48 +00:00
Dr. Stephen Henson
0067bd77a8 Part FIPS bn merge: move functiosn to bn_opt.c to reduce dependencies. 2008-09-16 11:08:24 +00:00
Dr. Stephen Henson
d98904e5a7 Add missing RC4 algorithm block source file. 2008-09-16 11:02:19 +00:00
Dr. Stephen Henson
96a259e81e Merge FIPS low level algorithm blocking code. Give hard errors if non-FIPS
algorithms are use in FIPS mode using low level API. No effect in non-FIPS
mode.
2008-09-16 10:47:28 +00:00
Dr. Stephen Henson
f947b818bf Oops, restore change that got reverted accidentally. 2008-09-15 22:32:23 +00:00
Dr. Stephen Henson
a2dc9b6be2 Merge EVP changes in from FIPS branch. 2008-09-15 22:21:42 +00:00
Dr. Stephen Henson
16349eeceb Port X931 key generation routines from FIPS branch. Don't include deprecated
versions as they weren't in 0.9.8 before now anyway.
2008-09-15 21:42:28 +00:00
Bodo Möller
aecf1c1f96 Fix intendation 2008-09-15 20:39:32 +00:00
Dr. Stephen Henson
5d582fd516 pkcs12 FIPS changes. 2008-09-15 20:16:04 +00:00
Dr. Stephen Henson
8ec86dcf04 Merge minor FIPS branch changes: buffer, objects, pem, x509. 2008-09-15 19:56:12 +00:00
Dr. Stephen Henson
6d3b70c8da Prepare for next version... 2008-09-15 15:30:20 +00:00
Dr. Stephen Henson
0a4fda742b Oops... use correct version number this time.... 2008-09-15 14:26:34 +00:00
Dr. Stephen Henson
3745e57bf9 Prepare for next version.... 2008-09-15 12:19:09 +00:00
Dr. Stephen Henson
b7e7aa00de Begin release of OpenSSL 0.9.8i. 2008-09-15 10:28:13 +00:00
Andy Polyakov
1098fd48ce Compilation warning fix [from HEAD, "must have, as our Windows build does
not tolerate warnings].
2008-09-15 07:19:41 +00:00
Andy Polyakov
393906d9be Fix yesterday typos in bss_dgram.c [from HEAD]. 2008-09-15 05:45:36 +00:00
Andy Polyakov
cfb95ba9f6 Winsock handles SO_RCVTIMEO in unique manner... [from HEAD].
PR: 1648
2008-09-14 19:23:46 +00:00
Dr. Stephen Henson
1af12ff1d1 Fix error code discrepancy.
Make update.
2008-09-14 16:43:37 +00:00
Dr. Stephen Henson
bd72b8eca6 Stop warnings about value not used. 2008-09-14 15:46:36 +00:00
Bodo Möller
669b912dea Really get rid of unsafe double-checked locking.
Also, "CHANGES" clean-ups.
2008-09-14 13:51:49 +00:00
Bodo Möller
36a4a67b2b Some precautions to avoid potential security-relevant problems. 2008-09-14 13:42:40 +00:00
Ben Laurie
b7c8b4fc95 Allow soft-loading engines. 2008-09-12 13:29:59 +00:00
Dr. Stephen Henson
fd43ae3fe4 Fix flag clash... only used internally when policy checking is
enabled.
2008-08-31 11:15:35 +00:00
Bodo Möller
cdd0f3b328 Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.
2008-08-14 21:37:20 +00:00
Dr. Stephen Henson
405f382144 Fix from HEAD. 2008-08-05 15:56:11 +00:00
Dr. Stephen Henson
a750273546 Fix from HEAD. 2008-08-02 11:17:04 +00:00
Dr. Stephen Henson
4231b356aa Fix from HEAD. 2008-07-30 15:42:19 +00:00
Bodo Möller
df1f7b4b02 We should check the eight bytes starting at p[-9] for rollback attack
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.

PR: 1695
2008-07-17 22:11:24 +00:00
Andy Polyakov
3a72137211 darwin64-ppc-cc experimental line accidentally made it to stable:-(
PR: 1699
2008-07-17 10:00:18 +00:00
Andy Polyakov
e5d289cc03 sha1-586.pl: update from HEAD.
PR: 1681
2008-07-17 09:51:34 +00:00
Bodo Möller
0ff3766b0e Make sure not to read beyond end of buffer 2008-07-16 18:10:28 +00:00
Dr. Stephen Henson
3562202306 Fix from HEAD. 2008-07-13 22:38:52 +00:00
Dr. Stephen Henson
2bf4b96aef Update from HEAD. 2008-07-13 15:56:01 +00:00
Dr. Stephen Henson
811e08a2c5 Update from HEAD. 2008-07-13 14:33:16 +00:00
Dr. Stephen Henson
dd6e90465d Add support for Local Machine Keyset attribute in PKCS#12 files. 2008-06-26 23:26:52 +00:00
Dr. Stephen Henson
a86c626802 Sync OIDs with HEAD so we don't need to rebuild OID database and change
all NIDs every time an OID is added to 0.9.8.
2008-06-26 23:20:52 +00:00
Bodo Möller
4afcee8b4b avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
2008-06-23 20:46:28 +00:00
Dr. Stephen Henson
e0f6c15418 Make WIN32 build work with no-rc4 2008-06-21 23:28:02 +00:00
Dr. Stephen Henson
14748adb09 Make ssl code consistent with FIPS branch. The new code has no effect
at present because it asserts either noop flags or is inside
OPENSSL_FIPS #ifdef's.
2008-06-16 16:56:43 +00:00
Dr. Stephen Henson
ff2ab9e6bb Add error code for FIPS library and make library numbers consistent. 2008-06-16 15:22:49 +00:00
Ben Laurie
f113bb9f4e OPENSSL_isservice() is defined on all platforms. 2008-06-07 17:22:37 +00:00
Dr. Stephen Henson
3dc466424e Update CryptoAPI ENGINE from head. Export OPENSSL_isservice(). 2008-06-06 15:52:32 +00:00
Dr. Stephen Henson
aa03989791 Backport ssl client auth ENGINE support to 0.9.8. 2008-06-04 18:01:40 +00:00
Dr. Stephen Henson
feb200bbb3 Don't set extended type is mbstring flag set. 2008-05-30 10:57:13 +00:00
Dr. Stephen Henson
203ac694e3 Load CryptoAPI engine if supported. 2008-05-29 23:47:40 +00:00
Mark J. Cox
3f79793b7e After tagging, bump ready for 0.9.8i development 2008-05-28 07:47:50 +00:00
Mark J. Cox
0d01d8a735 Prepare for 0.9.8h release 2008-05-28 07:37:14 +00:00
Dr. Stephen Henson
aa9c7e4b8c Oops... PEM_write_bio_ASN1_stream() shouldn't be in 0.9.8 CMS backport. 2008-05-20 12:10:28 +00:00
Dr. Stephen Henson
6be69a168f Remove deleted function definitions from header files
so Windows build picks it up.

Recognize new option in mk1mf.pl
2008-05-20 11:50:13 +00:00
Dr. Stephen Henson
eaf76feeb6 Remove old DES definition of deleted function too. 2008-05-20 11:23:49 +00:00
Lutz Jänicke
03e79ed05e Correctly adjust location of comment
Submitted by: Ben Laurie <ben@links.org>
2008-05-20 08:10:51 +00:00
Ben Laurie
56bef2df4f Fix warning. 2008-05-20 03:05:50 +00:00
Dr. Stephen Henson
10d3886c51 Fix two invalid memory reads in RSA OAEP mode.
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
2008-05-19 21:26:28 +00:00
Bodo Möller
f1c0cf5b70 Disable code that clearly doesn't currently serve any useful purpose.
(Buggy line reported by Matthias Koenig.)
2008-05-19 19:44:33 +00:00
Lutz Jänicke
439b7ef463 Another occurance of possible valgrind/purify "uninitialized memory"
complaint related to the PRNG: with PURIFY policy don't feed uninitialized
memory into the PRNG.

Submitted by: Bodo Moeller <bmoeller@openssl.org> :-)
2008-05-16 07:14:58 +00:00
Dr. Stephen Henson
6168067160 Fix from HEAD. 2008-05-09 23:17:10 +00:00
Bodo Möller
c3031a4610 Avoid BN_MONT_CTX incompatibility. 2008-05-02 18:47:19 +00:00
Bodo Möller
812d8a176c Unobtrusive backport of 32-bit x86 Montgomery improvements from 0.9.9-dev:
you need to use "enable-montasm" to see a difference.  (Huge speed
advantage, but BN_MONT_CTX is not binary compatible, so this can't be
enabled by default in the 0.9.8 branch.)

The CHANGES entry also covers the 64-bit x86 backport in November 2007
by appro.
2008-05-01 23:11:34 +00:00
Geoff Thorpe
98bd148b1a Fix auto-discovery of ENGINEs, ported from HEAD.
NB, this fixes a regression relative to 0.9.7 and the documented behaviour,
but it would make sense for distro maintainers and others with an interest
in system behaviour to test with this change. The fix re-enables behaviour
that was broken and thus inherently disabled. In particular, if you
register an ENGINE implementation, and that ENGINE is able to successfully
self-initialise on the host, it will get used automatically (as claimed in
the documentation and as was the case for 0.9.7) - this was not the case
with 0.9.8 until now because of a bug.

PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe
2008-04-28 21:45:43 +00:00
Andy Polyakov
c5fbf8c1ba Compensate inline assembler in sha512.c for gcc 2.7.2 compiler bug [from HEAD].
PR: 1667
2008-04-24 10:00:40 +00:00
Andy Polyakov
1ed2d8f512 bn_nist.c update from HEAD.
PR: 1593
2008-04-18 15:51:31 +00:00
Dr. Stephen Henson
d140890259 Update from HEAD. 2008-04-18 11:19:56 +00:00
Richard Levitte
2c16e78400 Synchronise with Unix 2008-04-18 06:07:43 +00:00
Dr. Stephen Henson
501af5ba89 Update from HEAD. 2008-04-12 10:15:33 +00:00
Richard Levitte
31d6e7b7ba Provide other forms for symbols that are too long or that clash with others 2008-04-12 08:40:03 +00:00
Dr. Stephen Henson
b983322bfb Revert change from HEAD. 2008-04-11 23:23:57 +00:00
Dr. Stephen Henson
339654e163 Fix from HEAD. 2008-04-11 17:34:42 +00:00
Richard Levitte
5ca48cc853 Synchronise with Unix build 2008-04-11 01:53:19 +00:00
Dr. Stephen Henson
173acc185c Fix from HEAD. 2008-04-07 11:01:43 +00:00
Dr. Stephen Henson
fb4c24b6e7 Update from HEAD. 2008-04-06 16:30:38 +00:00
Dr. Stephen Henson
1366f6b9bd Fix from HEAD. 2008-04-06 15:57:44 +00:00
Dr. Stephen Henson
e13546f739 Update error codes. 2008-04-06 15:46:17 +00:00
Dr. Stephen Henson
d6c813daff Fix from HEAD. 2008-04-06 15:42:29 +00:00
Dr. Stephen Henson
415fe2abe9 Delete functions not implemented in 0.9.8 from cms.h 2008-04-03 23:31:35 +00:00
Dr. Stephen Henson
8e42429c9d Update default CFLAGS and dependencies. 2008-04-03 23:18:27 +00:00
Dr. Stephen Henson
94b2c29f9d Backport of CMS code to 0.9.8-stable branch. Disabled by default. 2008-04-03 23:03:56 +00:00
Dr. Stephen Henson
090f931a35 Add -DOPENSSL_NO_DEPRECATED to debug-steve* targets. Add headers to make
build work.
2008-04-02 14:51:09 +00:00
Dr. Stephen Henson
7ec2d392e7 Backport of zlib compression BIO from HEAD. Update mkdef.pl script to handle
ZLIB. Update ordinals.
2008-04-02 11:37:25 +00:00
Dr. Stephen Henson
28a2759ab8 Add RFC3394 compatible key wrap algorithm. 2008-04-02 11:18:43 +00:00
Dr. Stephen Henson
9e7459fc5d Backport some useful ASN1 utility functions from HEAD. 2008-04-02 11:11:51 +00:00
Dr. Stephen Henson
a6d4f79f24 Add new missing CMS OIDs. 2008-04-02 10:45:19 +00:00
Andy Polyakov
efcb7a75fc Fix fast reduction on NIST curves [from HEAD].
PR: 1593
2008-04-01 08:40:52 +00:00
Dr. Stephen Henson
30aa23fea2 Update from HEAD. 2008-03-31 14:59:13 +00:00
Dr. Stephen Henson
fd6fa9c0b2 Fix from HEAD. 2008-03-29 13:22:49 +00:00
Dr. Stephen Henson
3fb0f01001 Fix from HEAD. 2008-03-12 00:38:07 +00:00
Andy Polyakov
2035af2091 Make x86_64-mont.pl work with debug Win64 build [from HEAD]. 2008-02-27 20:14:46 +00:00
Bodo Möller
19398a175a fix BIGNUM flag handling 2008-02-27 06:02:00 +00:00
Andy Polyakov
2923e91a98 Allow 32-bit perl to generate x86_64 assembler. 2008-02-13 20:01:48 +00:00
Andy Polyakov
7c52b7706f Source readability fix, which incidentally works around XLC compiler bug
[from HEAD].
PR: 1272
2008-02-11 13:18:40 +00:00
Andy Polyakov
ddec587581 Make aes-x86_64 work with debug Win64 build [from HEAD]. 2008-02-11 13:13:11 +00:00
Andy Polyakov
4f466f8e81 x86_64-xlate.pl update from HEAD. 2008-02-11 13:07:11 +00:00
Dr. Stephen Henson
3b0e61a812 Netware support.
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:53:06 +00:00
Dr. Stephen Henson
5f297c4504 Updates from HEAD. 2007-12-16 16:38:22 +00:00
Dr. Stephen Henson
d7623ff9f3 Update .cvsignore 2007-12-14 19:36:32 +00:00
Dr. Stephen Henson
df9b5405e8 Don't shadow. 2007-12-14 19:34:05 +00:00
Andy Polyakov
187b655bc2 Some assembler are allergic to lea reg,BYTE PTR[...].
Submitted by: Guenter Knauf
2007-12-02 21:32:35 +00:00
Dr. Stephen Henson
8612cb9239 Learn how to spell "Repository" 2007-11-23 00:18:00 +00:00
Dr. Stephen Henson
b2f3fafa6a Oops, use the right caRepository OID this time ;-) 2007-11-23 00:11:54 +00:00
Dr. Stephen Henson
483dab147d Add caRepository OID to OpenSSL. 2007-11-23 00:07:48 +00:00
Bodo Möller
7d610299c9 Should reject signatures that we can't properly verify
and couldn't generate
(as pointed out by Ernst G Giessmann)
2007-11-19 07:25:28 +00:00
Bodo Möller
5c676c47cd The hash length check wasn't strict enough,
as pointed out by Ernst G Giessmann
2007-11-16 13:00:57 +00:00
Andy Polyakov
cc9a645a02 Add x86_64-mont.pl [from HEAD]. 2007-11-11 21:04:34 +00:00
Andy Polyakov
18fb9d807e Add framework for bn_mul_mont [from 098-fips]. 2007-11-11 20:43:23 +00:00
Andy Polyakov
2ea3cd8abc Comply with updated x86cpuid.pl. 2007-11-11 20:06:17 +00:00
Andy Polyakov
095db72024 x86cpuid.pl update [from HEAD]. 2007-11-11 19:44:42 +00:00
Andy Polyakov
4b60f4b175 rc4-x86_64.pl update [from HEAD]. 2007-11-11 16:25:46 +00:00
Andy Polyakov
0794f3a798 x86_64cpuid.pl update [from HEAD]. 2007-11-11 16:25:00 +00:00
Andy Polyakov
2b8e7b5061 Add AES x86_64 assembler. Note that it's not latest version from HEAD,
but older one corresponding to x86 module from 098-stable.
2007-11-11 14:49:56 +00:00
Andy Polyakov
6f57311da0 Add SHA x86_64 assembler [from HEAD]. 2007-11-11 13:56:47 +00:00
Andy Polyakov
98b09d3949 Synchronize message digests in 098-fips with 098. 2007-11-11 13:34:08 +00:00
Andy Polyakov
231a737a82 Commit #16325 fixed one thing but broke DH with certain moduli [from HEAD]. 2007-11-03 20:09:29 +00:00
Lutz Jänicke
ac1ef7ec72 Add OIDs by CMP (RFC 4210) and CRMF (RFC 4211)
Submitted by: Martin Peylo <martinmeis@googlemail.com>
2007-11-01 08:25:28 +00:00
Andy Polyakov
5f761514e1 Make it possible for older masm to compile sse2 modules.
PR: 1592
2007-10-21 14:15:40 +00:00
Lutz Jänicke
32f1f622f6 Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f 2007-10-19 08:25:53 +00:00
Lutz Jänicke
225aeb171e Work around inconsistent version numbering in 0.9.8f (release).
The version code of the release should have been 09086f (6=f, f=release)
but accidently it was marked "090870" (which would be "0.9.8g-dev").

Therefore we now use "090871" for the development of 0.9.8g. Once
0.9.8g is released, the problem will be "healed". We have never done
beta releases for 0.9.x-stable patch releases, so 090871 would never
be used in practice.

PR: #1589
2007-10-17 07:46:49 +00:00
Andy Polyakov
ce62fc6eae Copy bn/asm/ia64.S from HEAD. 2007-10-13 11:02:17 +00:00
Dr. Stephen Henson
a523276786 Backport certificate status request TLS extension support to 0.9.8. 2007-10-12 00:00:36 +00:00
Ben Laurie
074471ab0c Back to -dev. 2007-10-11 18:27:10 +00:00
Ben Laurie
d761421e1d Minor release cockups. 2007-10-11 18:23:16 +00:00
Ben Laurie
2339c5d722 Next version. 2007-10-11 15:04:32 +00:00
Ben Laurie
dd00266757 Ready to roll. 2007-10-11 14:58:15 +00:00
Dr. Stephen Henson
fb8fcce2ac Fix from fips branch. 2007-10-05 16:47:04 +00:00
Lutz Jänicke
fbfa11fb29 Typos
PR: 1578
Submitted by: Charles Longeau <chl@tuxfamily.org>
2007-09-24 11:22:31 +00:00
Lutz Jänicke
29f4b05954 The use of the PURIFY macro in ssleay_rand_bytes() is sufficient to
resolve the Valgrind issue with random numbers. Undo the changes to
RAND_bytes() and RAND_pseudo_bytes() that are redundant in this
respect.
Update documentation and FAQ accordingly, as the PURIFY macro is
available at least since 0.9.7.
2007-09-21 10:10:47 +00:00
Ben Laurie
48ca0c99b2 Use PURIFY instead of PEDANTIC. 2007-09-20 12:33:24 +00:00
Dr. Stephen Henson
625782f7ee Wrap "keep valgrind happy" change in #ifdef PEDANTIC so any entropy in the
buffer can be normally used.
2007-09-19 13:29:05 +00:00
Ben Laurie
4f2b7d48b1 make depend 2007-09-19 12:17:11 +00:00
Andy Polyakov
ba75b4e750 Wire DES weak_keys to read-only segment [from HEAD]. 2007-09-18 20:59:33 +00:00
Andy Polyakov
ab011d51be Minimize stack utilization in probable_prime [from HEAD]. 2007-09-18 20:55:10 +00:00
Andy Polyakov
898d9b1a87 Remove excessive whitespaces from bio.h. 2007-09-18 20:49:25 +00:00
Bodo Möller
4f9a9d2b79 Make sure that BN_from_montgomery keeps the BIGNUMS in proper format 2007-09-18 16:31:18 +00:00
Andy Polyakov
12a52467c8 Typo in pq_compat.h [note that this file is not present in HEAD].
PR: 1537
2007-09-17 16:21:21 +00:00
Andy Polyakov
53b9696f3f It's inappropraite to override application signal, nor is it appropriate
to shut down Winsock unless we know it won't be used [and we never do]
[from HEAD].
PR: 1439
2007-09-16 18:35:45 +00:00
Andy Polyakov
80ed5f84de Make bn2dec work on "SIXTY_FOUR_BIT" platforms [from HEAD].
PR: 1456
2007-09-15 17:05:57 +00:00
Andy Polyakov
d4cfbdf2c0 Integrate remaining parts of #14247 [from HEAD]. 2007-09-07 12:27:50 +00:00
Dr. Stephen Henson
294f03a812 Reimplement safestack to avoid function pointer casts. 2007-09-06 21:07:43 +00:00
Dr. Stephen Henson
927a28ba3b gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.
Fix various "computed value not used" warnings too.
2007-09-06 12:43:54 +00:00
Andy Polyakov
7a44a0cee7 aes_ige update [from HEAD]. 2007-08-30 08:11:25 +00:00
Andy Polyakov
1040deb0c5 Respect ISO aliasing rules [from HEAD].
PR: 1296
2007-07-27 20:34:56 +00:00
Andy Polyakov
05ea800faf AES for IA64 update [from HEAD]. 2007-07-27 18:22:04 +00:00
Andy Polyakov
a8098740c6 Relax ISA detection. 2007-07-19 10:45:03 +00:00
Andy Polyakov
e3af0d041e Fix masm type-casting problem in SSE2 code. 2007-07-18 20:25:17 +00:00
Andy Polyakov
a313e23fff Shut up memory debuggers complaining about AES x86 assembler module
[it was not a bug!].
PR: 1508,1320
2007-07-08 19:41:12 +00:00
Andy Polyakov
4d2a292e8a EVP_*_cfb1 was broken [from HEAD].
PR: 1318
2007-07-08 19:18:15 +00:00
Andy Polyakov
5a84b7fc2d bn_mul_recursive doesn't handle all cases correctly, which results in
BN_mul failures at certain key-length mixes [from HEAD].
PR: 1427
2007-07-08 18:54:30 +00:00
Andy Polyakov
d8e660a6dc Typo in str_lib [from HEAD].
PR: 1177
2007-07-07 20:11:42 +00:00
Dr. Stephen Henson
14346b3456 Fix warnings: C++ comments and computed value not used. 2007-07-04 12:56:33 +00:00
Andy Polyakov
a166e96d16 bn_mont.c fix [from HEAD]. 2007-06-29 13:12:34 +00:00
Ben Laurie
8dd8ce1dc3 Fix warning. 2007-06-23 19:07:54 +00:00
Andy Polyakov
649ab2dcfa Optimize OPENSSL_cleanse [from HEAD]. 2007-06-20 17:37:09 +00:00
Andy Polyakov
283aedf498 Privatize BN_*_no_branch [from HEAD]. 2007-06-11 16:33:50 +00:00
Andy Polyakov
1a56614af2 Eliminate conditional final subtraction in Montgomery multiplication
[from HEAD].
2007-06-11 16:15:10 +00:00
Dr. Stephen Henson
693c33e407 Update from HEAD. 2007-06-07 16:13:56 +00:00
Dr. Stephen Henson
d9a9aa027d Update from HEAD. 2007-05-22 23:33:08 +00:00
Bodo Möller
b22250bb67 Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 2007-05-22 09:48:06 +00:00
Andy Polyakov
d446120527 Padlock engine fails to compile with -O0 -fPIC [from HEAD]. 2007-05-20 07:14:14 +00:00
Andy Polyakov
bb9d68489c Type cast fixes in aes-586.pl. 2007-05-19 20:12:21 +00:00
Andy Polyakov
81fc4c93ef Typo in x509_txt.c [from HEAD]. 2007-05-19 18:04:21 +00:00
Ben Laurie
8957121c14 More IGE speedup. 2007-05-13 15:04:16 +00:00
Ben Laurie
50241bc84e AES IGE mode speedup. 2007-05-13 12:03:57 +00:00
Bodo Möller
8db10d9ac4 remove leftover from editing ... 2007-04-24 00:46:48 +00:00
Bodo Möller
c3cc4662af Add SEED encryption algorithm.
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:50:26 +00:00
Bodo Möller
22892f9803 fix error codes 2007-04-19 15:14:39 +00:00
Bodo Möller
27eb115fb6 don't violate the bn_check_top assertion in BN_mod_inverse_no_branch() 2007-04-19 14:45:27 +00:00
Dr. Stephen Henson
51a596ef4f Update from HEAD. 2007-04-09 11:46:36 +00:00
Dr. Stephen Henson
1cb7e5be5b Fix OID config module. 2007-04-08 17:45:03 +00:00
Ben Laurie
84dd04e761 Make sure we detect corruption. 2007-04-04 12:50:13 +00:00
Bodo Möller
2ac061e487 make BN_FLG_CONSTTIME semantics more fool-proof 2007-03-28 18:44:01 +00:00
Bodo Möller
7cdb81582c Change to mitigate branch prediction attacks
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2007-03-28 00:14:25 +00:00
Dr. Stephen Henson
3380c52f15 Stop memory leak. 2007-03-05 00:06:47 +00:00
Lutz Jänicke
1364e6f1ac Initialize "buf" to 0 to make valgrind happy :-)
Note: the RAND_bytes() manual page says:
 RAND_bytes() puts num cryptographically strong pseudo-random bytes into buf.
It does not talk about using the previous contents of buf so we are working
as documented.
2007-03-02 17:54:31 +00:00
Lutz Jänicke
c5ac2aa62c Do not use uninitialized memory to seed the PRNG as it may confuse
code checking tools.
PR: 1499
2007-03-02 17:44:55 +00:00
Dr. Stephen Henson
392a0345de EVP_CIPHER_CTX_key_length() should return the set key length in the
EVP_CIPHER_CTX structure which may not be the same as the underlying
cipher key length for variable length ciphers.
2007-02-27 18:42:52 +00:00
Dr. Stephen Henson
5dd24ead57 Prepare for next version. 2007-02-23 12:50:54 +00:00
Dr. Stephen Henson
d2cb94952a Add L to version number 2007-02-23 12:38:11 +00:00
Dr. Stephen Henson
0615396d2d Prepare for release. 2007-02-23 12:12:28 +00:00
Dr. Stephen Henson
82877ea449 Make update. 2007-02-23 01:01:08 +00:00
Lutz Jänicke
d69f85bf15 Fix incorrect handling of special characters
PR: 1459
Submitted by: tnitschke@innominate.com
Reviewed by: steve@openssl.org
2007-02-21 17:44:51 +00:00
Dr. Stephen Henson
52ee969e29 Update from 0.9.7-stable. 2007-02-21 13:48:49 +00:00
Dr. Stephen Henson
d1049ad93e Fix Win32 warnings. 2007-02-18 17:23:20 +00:00
Nils Larsch
8f813338f1 - use OPENSSL_malloc() etc. in zlib
- move zlib_stateful_ex_idx initialization to COMP_zlib()

PR: 1468
2007-02-14 21:50:26 +00:00
Nils Larsch
5eee0253e5 remove unreachable code 2007-02-10 09:48:42 +00:00
Dr. Stephen Henson
594c723f98 Add hmac option to dgst from 0.9.7-stable. 2007-02-08 19:08:21 +00:00
Richard Levitte
53707e2eec After objects have been freed, NULLify the pointers so there will be no double
free of those objects
2007-02-07 01:42:51 +00:00
Nils Larsch
fde794e898 fix typo 2007-02-06 19:48:36 +00:00
Dr. Stephen Henson
e31c620686 Update from fips2 branch. 2007-02-03 17:32:14 +00:00
Nils Larsch
923df53e25 fix potential memory leaks
PR: 1462
Submitted by: Charles Hardin <chardin@2wire.com>
2007-02-03 09:51:59 +00:00
Dr. Stephen Henson
dc3b721fa0 Update from 0.9.7-stable. 2007-01-23 17:54:22 +00:00
Dr. Stephen Henson
4a0d3530e0 Update from HEAD. 2007-01-21 13:16:49 +00:00
Andy Polyakov
78d4d87e39 Initialize padlock in shared build. 2007-01-04 22:55:25 +00:00
Andy Polyakov
6211633273 #include <stddef.h> in digest headers [from HEAD]. 2006-12-29 14:55:43 +00:00
Richard Levitte
e25eb309ec From HEAD 2006-12-26 21:23:38 +00:00
Richard Levitte
ffa2b2aa7d Synchronise with Unixly build 2006-12-25 10:57:20 +00:00
Andy Polyakov
a77a95584d Make sha.h more "portable" [from HEAD]. 2006-12-22 16:04:56 +00:00
Nils Larsch
8e6905d238 remove trailing '\'
PR: 1438
2006-12-19 19:47:39 +00:00
Bodo Möller
1a8521ff24 Fix the BIT STRING encoding of EC points or parameter seeds
(need to prevent the removal of trailing zero bits).
2006-12-19 15:10:46 +00:00
Dr. Stephen Henson
35e59297fc Update from 0.9.7-stable branch 2006-12-07 13:28:07 +00:00
Dr. Stephen Henson
9b945233b1 Update from HEAD. 2006-12-06 13:38:59 +00:00
Nils Larsch
66c4bb1a70 avoid duplicate entries in add_cert_dir()
PR: 1407
Submitted by: Tomas Mraz <tmraz@redhat.com>
2006-12-05 21:21:10 +00:00
Nils Larsch
3c786aa6c8 allocate a new attributes entry in X509_REQ_add_extensions()
if it's NULL (in case of a malformed pkcs10 request)

PR: 1347
Submitted by: Remo Inverardi <invi@your.toilet.ch>
2006-12-04 19:10:58 +00:00
Nils Larsch
e5cce6d356 add "Certificate Issuer", "Issuing Distribution Point" and
"Subject Directory Attributes" OIDs

PR: 1433
2006-12-04 18:48:16 +00:00
Andy Polyakov
723b7d81e4 Camellia fixes and improvements from HEAD. 2006-12-02 12:00:27 +00:00
Andy Polyakov
a3ddd7358b Camellia portability fixes.
Submitted by: Masashi Fujita, NTT
2006-12-02 11:57:40 +00:00
Dr. Stephen Henson
45c027f31f Update dependencies. 2006-11-30 14:03:58 +00:00
Dr. Stephen Henson
34a8c7ec87 Win32 fixes.
Use OPENSSL_NO_RFC3779 instead of OPENSSL_RFC3779: this makes the Win32 scripts
work and is consistent with other options.

Fix Win32 scripts and Configure to process OPENSSL_NO_RFC3779 properly.

Update ordinals.

Change some prototypes for LSB because VC++ 6 doesn't like the */ sequence and thinks it is an invalid end of comment.
2006-11-30 13:04:43 +00:00
Nils Larsch
d4a6240005 replace macros with functions
Submitted by: Tracy Camp <tracyx.e.camp@intel.com>
2006-11-29 20:47:15 +00:00
Ben Laurie
4636341b05 Add RFC 3779 support, contributed by ARIN. 2006-11-27 13:36:55 +00:00
Nils Larsch
be3b770d8f register the engine as default engine in ENGINE_set_default()
PR: 1431
2006-11-24 18:44:26 +00:00
Dr. Stephen Henson
115fc340cb Rebuild error file C source files. 2006-11-21 20:14:46 +00:00
Dr. Stephen Henson
4877e30504 Fix from HEAD. 2006-11-13 13:23:05 +00:00
Andy Polyakov
e336441197 Gcc over-optimizes PadLock AES CFB codepath, tell it not to [from HEAD]. 2006-10-19 20:56:31 +00:00
Dr. Stephen Henson
20d6182f33 Typo. 2006-10-05 21:59:09 +00:00
Nils Larsch
aa145866f9 return an error if the supplied precomputed values lead to an invalid signature 2006-10-04 19:55:03 +00:00
Mark J. Cox
fdff41e166 Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan
2006-09-29 08:21:07 +00:00
Mark J. Cox
25e52a78fb After tagging, bump ready for 0.9.8e development 2006-09-28 11:39:33 +00:00