Dr. Stephen Henson
cd366cf7ec
print out subgroup order if present
2011-10-11 17:44:26 +00:00
Dr. Stephen Henson
a59163f6b6
def_rsa_finish not used any more.
2011-10-10 20:35:09 +00:00
Dr. Stephen Henson
fe4394cf1d
remove some debugging code
2011-10-10 19:09:01 +00:00
Dr. Stephen Henson
84a75ba38c
fix leak properly this time...
2011-10-10 14:08:55 +00:00
Dr. Stephen Henson
eb47b2fb13
add GCM ciphers in SSL_library_init
2011-10-10 12:56:18 +00:00
Dr. Stephen Henson
a0f21307e0
disable GCM if not available
2011-10-10 12:41:11 +00:00
Dr. Stephen Henson
7d7c13cbab
Don't disable TLS v1.2 by default now.
2011-10-09 23:26:39 +00:00
Dr. Stephen Henson
0feb83e222
Synv ordinals with 1.0.1-stable.
2011-10-09 23:16:20 +00:00
Dr. Stephen Henson
ccbb9badba
fix CHANGES entry
2011-10-09 23:11:55 +00:00
Dr. Stephen Henson
42753a4f67
fix memory leaks
2011-10-09 23:08:15 +00:00
Andy Polyakov
b1d3e9de63
e_padlock-x86_64.pl: brown-bag bug in stack pointer handling.
2011-10-09 21:53:53 +00:00
Dr. Stephen Henson
7bd4095b12
Sync ordinals with 1.0.1-stable.
2011-10-09 15:29:43 +00:00
Dr. Stephen Henson
58b75e9c26
PR: 2482
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
2011-10-09 00:56:52 +00:00
Andy Polyakov
08d62e9f1a
e_padlock-x86[_64].pl: SHA fixes, comply with specification and fix bug.
2011-10-08 21:37:44 +00:00
Dr. Stephen Henson
549cd657fd
Add fips/ecdh directory.
2011-10-07 18:18:50 +00:00
Dr. Stephen Henson
43206a2d7c
New -force_pubkey option to x509 utility to supply a different public
...
key to the one in a request. This is useful for cases where the public
key cannot be used for signing e.g. DH.
2011-10-07 15:18:09 +00:00
Dr. Stephen Henson
6dd547398a
use client version when eliminating TLS v1.2 ciphersuites in client hello
2011-10-07 15:07:19 +00:00
Dr. Stephen Henson
66bb328e11
? crypto/aes/aes-armv4.S
...
? crypto/aes/aesni-sha1-x86_64.s
? crypto/aes/aesni-x86_64.s
? crypto/aes/foo.pl
? crypto/aes/vpaes-x86_64.s
? crypto/bn/.bn_lib.c.swp
? crypto/bn/armv4-gf2m.S
? crypto/bn/diffs
? crypto/bn/modexp512-x86_64.s
? crypto/bn/x86_64-gf2m.s
? crypto/bn/x86_64-mont5.s
? crypto/ec/bc.txt
? crypto/ec/diffs
? crypto/modes/a.out
? crypto/modes/diffs
? crypto/modes/ghash-armv4.S
? crypto/modes/ghash-x86_64.s
? crypto/modes/op.h
? crypto/modes/tst.c
? crypto/modes/x.h
? crypto/objects/.obj_xref.txt.swp
? crypto/rand/diffs
? crypto/sha/sha-512
? crypto/sha/sha1-armv4-large.S
? crypto/sha/sha256-armv4.S
? crypto/sha/sha512-armv4.S
Index: crypto/objects/obj_xref.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v
retrieving revision 1.9
diff -u -r1.9 obj_xref.c
--- crypto/objects/obj_xref.c 5 Nov 2008 18:38:58 -0000 1.9
+++ crypto/objects/obj_xref.c 6 Oct 2011 20:30:21 -0000
@@ -110,8 +110,10 @@
#endif
if (rv == NULL)
return 0;
- *pdig_nid = rv->hash_id;
- *ppkey_nid = rv->pkey_id;
+ if (pdig_nid)
+ *pdig_nid = rv->hash_id;
+ if (ppkey_nid)
+ *ppkey_nid = rv->pkey_id;
return 1;
}
@@ -144,7 +146,8 @@
#endif
if (rv == NULL)
return 0;
- *psignid = (*rv)->sign_id;
+ if (psignid)
+ *psignid = (*rv)->sign_id;
return 1;
}
Index: crypto/x509/x509type.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v
retrieving revision 1.10
diff -u -r1.10 x509type.c
--- crypto/x509/x509type.c 26 Oct 2007 12:06:33 -0000 1.10
+++ crypto/x509/x509type.c 6 Oct 2011 20:36:04 -0000
@@ -100,20 +100,26 @@
break;
}
- i=X509_get_signature_type(x);
- switch (i)
+ i=OBJ_obj2nid(x->sig_alg->algorithm);
+ if (i && OBJ_find_sigid_algs(i, NULL, &i))
{
- case EVP_PKEY_RSA:
- ret|=EVP_PKS_RSA;
- break;
- case EVP_PKEY_DSA:
- ret|=EVP_PKS_DSA;
- break;
- case EVP_PKEY_EC:
- ret|=EVP_PKS_EC;
- break;
- default:
- break;
+
+ switch (i)
+ {
+ case NID_rsaEncryption:
+ case NID_rsa:
+ ret|=EVP_PKS_RSA;
+ break;
+ case NID_dsa:
+ case NID_dsa_2:
+ ret|=EVP_PKS_DSA;
+ break;
+ case NID_X9_62_id_ecPublicKey:
+ ret|=EVP_PKS_EC;
+ break;
+ default:
+ break;
+ }
}
if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
2011-10-06 20:44:02 +00:00
Andy Polyakov
50452b2e60
e_padlock: add CTR mode.
2011-10-05 17:03:44 +00:00
Andy Polyakov
d18762f7c9
e_padlock-x86_64.pl: fix typo.
2011-10-04 11:21:33 +00:00
Andy Polyakov
149ca7128c
e_padlock-x86*.pl: Nano-related update.
2011-10-04 11:05:16 +00:00
Dr. Stephen Henson
4cc2bbab67
Make fips algorithm test utilities use RESP_EOL for end of line character(s).
...
This should be CRLF even under *nix.
2011-10-01 20:42:52 +00:00
Andy Polyakov
04c3aa5c1a
e_padlock-x86.pl: previous C3-specific fix was incomplete.
2011-10-01 10:44:51 +00:00
Andy Polyakov
3edc26a256
e_padlock-x86.pl: make it work on VIA C3 (which doesn't support SSE2).
2011-10-01 10:16:13 +00:00
Dr. Stephen Henson
10465aca60
Never echo Num lines for PQGGen DSA2 test.
2011-09-30 11:58:59 +00:00
Dr. Stephen Henson
3f1ebb8f42
make depend
2011-09-29 23:17:59 +00:00
Dr. Stephen Henson
2bfeb7dc83
Add FIPS selftests for ECDH algorithm.
2011-09-29 23:08:23 +00:00
Dr. Stephen Henson
55831cd6ee
Remove s = s * P deferral.
2011-09-29 18:22:37 +00:00
Dr. Stephen Henson
884c33b5c4
Check return codes properly.
2011-09-29 16:24:00 +00:00
Dr. Stephen Henson
54bb3f68e1
Fix output format for DSA2 parameter generation.
2011-09-28 22:35:30 +00:00
Andy Polyakov
112726486d
bsaes-x86_64.pl: add due credit.
2011-09-27 19:34:40 +00:00
Dr. Stephen Henson
fca38e350b
fix signed/unsigned warning
2011-09-26 17:04:32 +00:00
Dr. Stephen Henson
a846a7ff32
Add a --disable-all option to disable all tests.
2011-09-25 22:12:39 +00:00
Dr. Stephen Henson
bac3db9cc1
Handle provable prime parameters for canonical g generation which are
...
sometimes erroneously included.
2011-09-25 22:04:43 +00:00
Andy Polyakov
4ec93a10bd
Add bit-sliced AES x86_64 assembler, see http://homes.esat.kuleuven.be/~ekasper/#software for background information. It's not integrated into build system yet.
2011-09-25 15:31:51 +00:00
Dr. Stephen Henson
d18a0df0a6
make sure eivlen is initialised
2011-09-24 23:06:20 +00:00
Dr. Stephen Henson
1579e65604
use keyformat for -x509toreq, don't hard code PEM
2011-09-23 21:48:34 +00:00
Dr. Stephen Henson
c2035bffe7
PR: 2606
...
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve
Handle timezones correctly in UTCTime.
2011-09-23 13:39:23 +00:00
Dr. Stephen Henson
1d7392f219
PR: 2602
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS bug which prevents manual MTU setting
2011-09-23 13:34:48 +00:00
Dr. Stephen Henson
07dda896cb
PR: 2347
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve
Fix usage message.
2011-09-23 13:12:25 +00:00
Dr. Stephen Henson
af70f1a35d
Run PQGVer test before DSA2 tests.
2011-09-23 01:03:37 +00:00
Dr. Stephen Henson
ddf00ffab8
Typo.
2011-09-22 14:15:07 +00:00
Dr. Stephen Henson
cb71870dfa
Use function name FIPS_drbg_health_check() for health check function.
...
Add explanatory comments to health check code.
2011-09-22 14:01:25 +00:00
Dr. Stephen Henson
456d883a25
Don't print out errors in cases where errors are expected: testing
...
DSA parameter validity and EC public key validity.
2011-09-21 18:42:12 +00:00
Dr. Stephen Henson
d57cc97f24
Remove unused variable.
2011-09-21 18:36:53 +00:00
Dr. Stephen Henson
05272d4c51
Perform health check on all reseed operations not associated with
...
prediction resistance requests. Although SP 800-90 is arguably unclear
on whether this is necessary adding an additional check has minimal
penalty (very few applications will make an explicit reseed request).
2011-09-21 18:24:12 +00:00
Dr. Stephen Henson
4420b3b17a
Revise DRBG to split between internal and external flags.
...
One demand health check function.
Perform generation test in fips_test_suite.
Option to skip dh test if fips_test_suite.
2011-09-21 17:04:56 +00:00
Dr. Stephen Henson
e74ac3f830
Update error codes.
2011-09-21 16:17:18 +00:00
Dr. Stephen Henson
a5799bdc48
Allow reseed interval to be set.
2011-09-18 19:36:27 +00:00
Andy Polyakov
2b1f17f83f
Make latest assembler additions (vpaes and e_padlock) work in Windows build.
2011-09-18 15:40:11 +00:00