wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9142 commits 20 branches 302 tags 153 MiB
Commit graph

4813 commits

Author SHA1 Message Date
Dr. Stephen Henson
ddcfc25a6d Update from stable branch. 2009-03-25 19:02:22 +00:00
Dr. Stephen Henson
73ba116e96 Update from stable branch. 2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
80b2ff978d Update from stable branch. 2009-03-25 12:53:50 +00:00
Dr. Stephen Henson
7ce8c95d58 Update from stable branch. 2009-03-25 12:53:26 +00:00
Dr. Stephen Henson
e4e949192b Submitted by: Victor B. Wagner <vitus@cryptocom.ru> 
Reviewed by: steve@openssl.org

Check return codes properly in md BIO and dgst command.
 2009-03-18 18:53:08 +00:00
Andy Polyakov
4e52b9845e aes-390x.pl: commentary update. 2009-03-17 20:04:11 +00:00
Andy Polyakov
e22b864846 Make SPARC assembler modules *really* Purify-friendly. 2009-03-17 18:31:08 +00:00
Andy Polyakov
57db09906b Excuse myself from integrating sha1-sparcv9a.pl into build system, but 
make it Purify-friendly...
 2009-03-16 13:48:42 +00:00
Andy Polyakov
4c78bc05c4 Make SPARC assembler Pirify-friendly (Purify can't cope with certain 
PIC constructs).
 2009-03-16 13:32:38 +00:00
Dr. Stephen Henson
ef8e772805 Use OPENSSL_assert() instead of assert. 2009-03-15 14:04:42 +00:00
Dr. Stephen Henson
54571ba004 Use correct ctx name. 2009-03-15 14:03:47 +00:00
Dr. Stephen Henson
237d7b6cae Fix from stable branch. 2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
854a225a27 Update from stable branch. 2009-03-14 18:33:49 +00:00
Dr. Stephen Henson
e39acc1c90 PR: 1864 
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Reviewed by: steve@openssl.org

Check return value.
 2009-03-14 12:39:05 +00:00
Dr. Stephen Henson
a0b76569b2 Update from stable branch. 2009-03-14 12:26:48 +00:00
Dr. Stephen Henson
33ab2e31f3 PR: 1854 
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org

Support GeneralizedTime in ca utility.
 2009-03-09 13:59:07 +00:00
Dr. Stephen Henson
bb7ccdfbe2 Update from stable branch. 2009-03-09 13:08:04 +00:00
Dr. Stephen Henson
c836f8ef73 Update from stable branch. 2009-03-09 12:30:10 +00:00
Dr. Stephen Henson
4df100935f Update from stable branch. 2009-03-09 12:21:19 +00:00
Ben Laurie
c2a548a884 Print IPv6 all 0s correctly (Rob Austein). 2009-03-08 10:54:45 +00:00
Dr. Stephen Henson
77202a85a0 Update from stable branch. 2009-03-07 17:00:23 +00:00
Ben Laurie
2121f15daf Use the right length (reported by Quanhong Wang). 2009-03-03 15:12:56 +00:00
Richard Levitte
605b04f661 Make it possible to disable STORE. 2009-02-19 09:42:51 +00:00
Richard Levitte
97132a0f8e Reference bug. 2009-02-19 09:42:32 +00:00
Dr. Stephen Henson
30e5e39a3d PR: 1778 
Increase default verify depth to 100.
 2009-02-16 23:23:21 +00:00
Dr. Stephen Henson
b5d5c0a21f PR: 1843 
Use correct array size for SHA1 hash.
 2009-02-16 21:42:48 +00:00
Richard Levitte
f8ea4757cc Data not initialised. 
Notified by Gerardo Ganis <gerardo.ganis@cern.ch>
 2009-02-16 15:17:24 +00:00
Dr. Stephen Henson
a63bf2c53c Make no-engine work again. 2009-02-15 15:28:18 +00:00
Ben Laurie
b3f3407850 Use new common flags and fix resulting warnings. 2009-02-15 14:08:51 +00:00
Dr. Stephen Henson
477fd4596f PR: 1835 
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
 2009-02-14 21:49:38 +00:00
Andy Polyakov
c558c99fd8 rc4-s390x.pl: allow for older assembler and optimize character loop. 2009-02-12 14:48:49 +00:00
Andy Polyakov
13c3a1defa RC4 for s390x. 2009-02-11 10:01:36 +00:00
Dr. Stephen Henson
aaa29f9e83 Add error checking to obj_xref.pl and add command line support for data 
file locations.
 2009-02-10 13:03:31 +00:00
Dr. Stephen Henson
ede6ef5e08 Submitted by: Peter Sylvester <Peter.Sylvester@edelweb.fr> 
Reviewed by: steve

If tagging is universal and SET or SEQUENCE set constructed bit.
 2009-02-10 12:13:08 +00:00
Andy Polyakov
0f529cbdc3 s390x-mont.pl: optimize prologue. 2009-02-10 08:46:48 +00:00
Andy Polyakov
eb55b9fc19 linux-s390x failed link after assembler pack update. 2009-02-10 07:43:48 +00:00
Andy Polyakov
7012d2a8fa sha1-sparcv9a.pl: fix bug in commentary section. 2009-02-09 16:03:33 +00:00
Andy Polyakov
8626230a02 s390x assembler pack update. 2009-02-09 15:42:04 +00:00
Dr. Stephen Henson
57f39cc826 Print out UTF8 and NumericString types in ASN1 parsing utility. 2009-01-28 12:54:52 +00:00
Dr. Stephen Henson
6489573224 Update from stable branch. 2009-01-28 12:36:14 +00:00
Dr. Stephen Henson
079e00e646 Typo: just copy across an unknown type. 2009-01-28 12:32:03 +00:00
Richard Levitte
8bf5001612 Do the Camellia part right 2009-01-28 07:01:29 +00:00
Richard Levitte
6ed9dfb23a Synchronise with Unix build 2009-01-20 05:39:24 +00:00
Dr. Stephen Henson
c2c99e2860 Update certificate hash line format to handle canonical format 
and avoid MD5 dependency.
 2009-01-15 13:22:39 +00:00
Dr. Stephen Henson
8125d9f99c Make PKCS#8 the standard write format for private keys, replacing the 
ancient SSLeay format.
 2009-01-15 12:52:38 +00:00
Dr. Stephen Henson
8e6925b0cd Add CRYPTO_MDEBUG_ABORT to abort() is there are any memory leaks. This will 
cause "make test" failures and make resource leaks more obvious.
 2009-01-11 20:36:50 +00:00
Dr. Stephen Henson
41b7619596 Fix missing prototype warnings then fix different prototype warnings ;-) 2009-01-11 16:17:26 +00:00
Dr. Stephen Henson
bab534057b Updatde from stable branch. 2009-01-07 23:44:27 +00:00
Andy Polyakov
6de3683908 Add UltraSPARC VIS-powered SHA1 block procedure. 2009-01-05 14:52:31 +00:00
Richard Levitte
792bbc2374 VMS stuff I forgot... 2009-01-03 09:25:32 +00:00
Ben Laurie
23b973e600 Calculate offset correctly. (Coverity ID 233) 2009-01-01 18:30:51 +00:00
Andy Polyakov
a370537bde Styling update to makefiles: $() to denote make substitutions and $${} - 
shell ones.
 2008-12-29 16:17:52 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should 
test for them!
 2008-12-29 16:11:58 +00:00
Ben Laurie
8aa02e97a7 Make sure a bad parameter to RSA_verify_PKCS1_PSS() doesn't lead to a crash. 
(Coverity ID 135).
 2008-12-29 13:35:08 +00:00
Andy Polyakov
a68c7b9171 bn_lib.c: [re-]fix Win64 compiler warning. 2008-12-29 12:44:33 +00:00
Andy Polyakov
5cabcf96e7 Fix "possible loss of data" Win64 compiler warnings. 2008-12-29 12:35:49 +00:00
Dr. Stephen Henson
2d1cbc85c8 Add standard .cvsignore file. 2008-12-29 00:27:06 +00:00
Andy Polyakov
e81695205e x86_64-xlate.pl: support for binary constants, such as 0b1010101. 2008-12-27 14:00:37 +00:00
Andy Polyakov
fe150ac25d Add modes/cts128.c, Ciphertext Stealing implementation. 2008-12-27 13:40:45 +00:00
Andy Polyakov
bec45a35bb cmll-x86_64.pl: fix bug in cbc tail processing and comply with Win64 ABI spec. 2008-12-27 13:39:38 +00:00
Andy Polyakov
3b0ee0d2bf Revisit RT#1801 and complete fix. 2008-12-27 13:32:21 +00:00
Ben Laurie
dde5b979d2 Remove dead code. (Coverity ID 2) 2008-12-27 02:36:24 +00:00
Ben Laurie
57a6ac7c4f Check scalar->d before we use it (in BN_num_bits()). (Coverity ID 129) 2008-12-27 02:15:16 +00:00
Richard Levitte
4ded7b44a8 More synchronisation with Unix 2008-12-26 23:52:06 +00:00
Ben Laurie
1457619e13 Remove misleading dead code. Constify. (Coverity ID 142) 2008-12-26 17:17:21 +00:00
Ben Laurie
ccf529928f !a && !a->b is clearly wrong! Changed to !a || !a->b (Coverity ID 145). 2008-12-26 15:32:59 +00:00
Ben Laurie
5ceb595dfa pval must always be set when pk7_cb() does anything (Coverity ID 146). 2008-12-26 15:29:02 +00:00
Richard Levitte
44390fadc0 In BIO_write(), update the write statistics, not the read statistics. 
PR: 1803
 2008-12-25 22:24:17 +00:00
Richard Levitte
974d05a323 Further synchronisation with Unix 2008-12-25 22:04:42 +00:00
Andy Polyakov
0f76640fba Windows-specific addenum to "engage crypto/modes" commit #17716. 2008-12-23 15:15:44 +00:00
Andy Polyakov
a11974180f Patch the omission from prvious commit #17716. 2008-12-23 11:38:33 +00:00
Andy Polyakov
5d48a66a6a Engage crypto/modes. 2008-12-23 11:33:01 +00:00
Andy Polyakov
63fc7f848d crypto/modes: make modes.h selfsufficient and rename block_f to block128_t. 2008-12-23 11:18:45 +00:00
Andy Polyakov
830457ce4f Optimize CAST for size on 64-bit platforms. For reference, CAST_LONG being 
unsigned long must be attributed to 16-bit support. As we don't support
16-bit platoforms anymore, there is no reason to waste twice required
space on CAST S-boxes (16KB vs. 8KB) or key schedule.
 2008-12-22 15:21:59 +00:00
Andy Polyakov
ea4d5005d9 cmll-x86_64.pl: Win64 SEH section to handle pushf/popf in CBC routine. 2008-12-22 14:15:11 +00:00
Andy Polyakov
9f03d0fc04 Optimize #undef DES_UNROLL for size. 2008-12-22 14:10:42 +00:00
Andy Polyakov
e527201f6b This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another 
.DLL, in particular static build. The issue has been discussed in RT#1230
and later on openssl-dev, and mutually exclusive approaches were suggested.
This completes compromise solution suggested in RT#1230.
PR: 1230
 2008-12-22 13:54:12 +00:00
Dr. Stephen Henson
70531c147c Make no-engine work again. 2008-12-20 17:04:40 +00:00
Andy Polyakov
702e742515 cmll-x86_64.pl: bug fix and size optimization of Win64 SEH section. 2008-12-19 11:19:19 +00:00
Andy Polyakov
be01f79d3d x86_64 assembler pack: add support for Win64 SEH. 2008-12-19 11:17:29 +00:00
Andy Polyakov
bf785c9849 x86_64-xlate.pl: fix masm hexadecimal constants. 2008-12-19 11:14:38 +00:00
Andy Polyakov
4db4882402 perlasm/x86* update: support for 3 and 4 argument instructions. 2008-12-17 19:56:48 +00:00
Andy Polyakov
6786f52ada SEGV in AES_cbc_encrypt in aes-x86_64 assembler module. 
PR: 1801
Submitted by: Huang Ying
 2008-12-17 14:11:30 +00:00
Richard Levitte
2e6a7b3efc Constify where needed 2008-12-16 13:41:49 +00:00
Richard Levitte
63461b8db1 Remove extraneous semicolons 2008-12-16 10:56:05 +00:00
Richard Levitte
e77228ba11 Stack changes made dso_vms.c not compile properly. 2008-12-16 10:55:26 +00:00
Richard Levitte
5c60b1637a A few more symbols that are a little bit long for VMS 2008-12-16 10:54:53 +00:00
Richard Levitte
26397d2e8c Synchronise VMS build system with the Unixly one 2008-12-16 10:54:28 +00:00
Andy Polyakov
85b2c0ce7f 128-bit block cipher modes consolidation. As consolidated functions 
rely on indirect call to block functions, they are not as fast as
non-consolidated routines. However, performance loss(*) is within
measurement error and consolidation advantages are considered to
outweigh it.

(*) actually one can observe performance *improvement* on e.g.
    CBC benchmarks thanks to optimization, which also becomes
    shared among ciphers.
 2008-12-16 08:39:21 +00:00
Andy Polyakov
f826bf7798 SEED to support OPENSSL_SMALL_FOOTPRINT: ~2x size decrease on x86. 2008-12-16 07:41:21 +00:00
Andy Polyakov
3ebbe8853f Bring C bn_mul_mont template closer to assembler. 2008-12-16 07:28:38 +00:00
Ben Laurie
1f6e9bce21 Missing return values (Coverity ID 204). 2008-12-13 17:19:40 +00:00
Dr. Stephen Henson
9d44cd1642 Oops should check zero_pos >= 0. 2008-12-08 19:13:06 +00:00
Dr. Stephen Henson
1d4e879106 Handle case where v6stat.zero_pos == 0 correctly. 
Reported by: Kurt Roeckx <kurt@roeckx.be>, Tobias Ginzler <ginzler@fgan.de> (Debian bug #506111)
 2008-12-07 23:58:44 +00:00
Andy Polyakov
ae381fef5c Add Camellia assembler x86 and x86_64 modules. 2008-12-03 09:22:51 +00:00
Bodo Möller
7a76219774 Implement Configure option pattern "experimental-foo" 
(specifically, "experimental-jpake").
 2008-12-02 01:21:39 +00:00
Dr. Stephen Henson
e9afa08cd1 Update from stable branch. 2008-11-30 16:09:04 +00:00
Geoff Thorpe
bcaa36fd11 Fix compilation with -DOPENSSL_NO_DEPRECATED. 2008-11-28 22:06:55 +00:00
Dr. Stephen Henson
79bd20fd17 Update from stable-branch. 2008-11-24 17:27:08 +00:00
Dr. Stephen Henson
d0c3628834 Set memory BIOs up properly when stripping text headers from S/MIME messages. 2008-11-21 18:18:13 +00:00
Ben Laurie
f3b7bdadbc Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks. 2008-11-16 12:47:12 +00:00
Ben Laurie
ad7159ea84 Ignore generated ASM. 2008-11-16 12:32:14 +00:00
Andy Polyakov
93c4ba07d7 x86_64-xlate.pl update, engage x86_64 assembler in mingw64. 2008-11-14 16:40:37 +00:00
Ben Laurie
6c901ae8c1 Ignore saved Makefile. 2008-11-13 09:31:37 +00:00
Ben Laurie
90c65a9838 J-PAKE is not experimental in HEAD. 2008-11-13 09:31:08 +00:00
Dr. Stephen Henson
ed551cddf7 Update from stable branch. 2008-11-12 17:28:18 +00:00
Dr. Stephen Henson
5aca224ecd Reinstate camellia header fix patch. 2008-11-12 17:02:40 +00:00
Andy Polyakov
1416aec60d Update make rules for x86_64 assembler pack. 2008-11-12 08:19:04 +00:00
Andy Polyakov
aa8f38e49b x86_64 assembler pack to comply with updated styling x86_64-xlate.pl rules. 2008-11-12 08:15:52 +00:00
Andy Polyakov
8525377265 x86_64-xlate.pl to support MacOS X and mingw64. 2008-11-12 08:05:58 +00:00
Andy Polyakov
2fbc8a2aad Revert commit #17603, it should have been part of #17617. 2008-11-12 07:27:36 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more 
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
 2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2401debe83 Tolerate -----BEGIN PKCS #7 SIGNED DATA----- header lines as used by some 
implementations.
 2008-11-11 12:38:25 +00:00
Dr. Stephen Henson
5c61111bff Update from stable branch. 2008-11-11 12:23:18 +00:00
Bodo Möller
0a8c9f7de1 symbol deobnoxification 2008-11-11 07:08:59 +00:00
Dr. Stephen Henson
7b808412c9 Make -DKSSL_DEBUG work again. 2008-11-10 19:08:37 +00:00
Dr. Stephen Henson
0afc9f5bc0 PR: 1777 
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>
Approved by: steve@openssl.org

Fix some size_t issues.
 2008-11-05 23:14:32 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Dr. Stephen Henson
5947ca0409 Don't use clobbered 'i' for checking UTCTime and GeneralizedTime length. 2008-11-05 18:28:24 +00:00
Ben Laurie
d40a1b865f Only one of these needs to be signed. 2008-11-04 15:16:23 +00:00
Ben Laurie
f80921b6a6 Formatting. 2008-11-04 12:06:09 +00:00
Andy Polyakov
8fe8bae15a Minor perlasm updates. 2008-11-03 08:46:07 +00:00
Dr. Stephen Henson
f2c0230518 Not sure about this one... seems to be needed to make 64 bit release 
builds work properly...
 2008-11-02 18:29:27 +00:00
Dr. Stephen Henson
e6e0c9018c Fix prototypes. 2008-11-02 18:12:36 +00:00
Dr. Stephen Henson
9619b730b4 Use stddef.h to pick up size_t def. 2008-11-02 16:56:13 +00:00
Dr. Stephen Henson
2766515fca Fix prototypes. 2008-11-02 16:13:19 +00:00
Dr. Stephen Henson
87d52468aa Update HMAC functions to return an error where relevant. 2008-11-02 16:00:39 +00:00
Dr. Stephen Henson
70d71f6185 Fix warnings: printf format mismatches on 64 bit platforms. 
Change assert to OPENSSL_assert().
Fix e_padlock prototype.
 2008-11-02 15:41:30 +00:00
Ben Laurie
5ee92a5ec1 Fix asserts. Fix incorrect dependency. 2008-11-02 13:15:06 +00:00
Dr. Stephen Henson
c76fd290be Fix warnings about mismatched prototypes, undefined size_t and value computed 
not used.
 2008-11-02 12:50:48 +00:00
Ben Laurie
d0a20cafa1 Fix warnings. 2008-11-02 09:22:29 +00:00
Ben Laurie
8da07655ee Fix warning. 2008-11-02 09:00:25 +00:00
Andy Polyakov
befe1fbc29 Fix bss_log.c on Windows. 2008-11-01 21:09:54 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Ben Laurie
4d6e1e4f29 size_tification. 2008-11-01 14:37:00 +00:00
Andy Polyakov
122396f2db Fix SHA512 and optimize BN for mingw64. 2008-11-01 12:46:18 +00:00
Andy Polyakov
09a60c9833 Fix warnings after commit#17578. 2008-10-31 20:20:54 +00:00
Andy Polyakov
b444ac3e6f size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require 
underlying cipher to be size_t-fied, it allows for size_t, signed and
unsigned long. It maintains source and even binary compatibility.
 2008-10-31 19:48:25 +00:00
Andy Polyakov
f768be81d8 size_t-fy AES, Camellia and RC4. 2008-10-31 19:30:11 +00:00
Dr. Stephen Henson
91173829db Add install target to crypto/jpake/Makefile 2008-10-31 12:06:25 +00:00
Andy Polyakov
e6b4578540 randfile.c: .rnd can become orphaned on VMS. 
Submitted by: David North
 2008-10-28 16:25:47 +00:00
Andy Polyakov
ea71ec1b11 ec2_mult.c readability update. 2008-10-28 13:53:51 +00:00
Andy Polyakov
f1455b3063 Minor clean-up in bn_lib.c: constification and optimization. 2008-10-28 13:52:51 +00:00
Andy Polyakov
b764f82c64 Fix crash in BN_rshift. 
PR: 1663
 2008-10-28 13:46:14 +00:00
Andy Polyakov
436bdcff4e Harmonize Camellia API with version 1.x. 2008-10-28 12:13:52 +00:00
Andy Polyakov
27f864e8ac Camellia update. Quoting camellia.c: 
/*
 * This release balances code size and performance. In particular key
 * schedule setup is fully unrolled, because doing so *significantly*
 * reduces amount of instructions per setup round and code increase is
 * justifiable. In block functions on the other hand only inner loops
 * are unrolled, as full unroll gives only nominal performance boost,
 * while code size grows 4 or 7 times. Also, unlike previous versions
 * this one "encourages" compiler to keep intermediate variables in
 * registers, which should give better "all round" results, in other
 * words reasonable performance even with not so modern compilers.
 */
 2008-10-28 08:47:24 +00:00
Andy Polyakov
80aa9cc985 x86_64-xlate.pl update: refine SEH support. 2008-10-28 08:40:07 +00:00
Dr. Stephen Henson
ab7e09f59b Win32 fixes... add new directory to build system. Fix warnings. 2008-10-27 12:31:13 +00:00
Dr. Stephen Henson
e9eda23ae6 Fix warnings and various issues. 
C++ style comments.
Signed/unsigned warning in apps.c
Missing targets in jpake/Makefile
 2008-10-27 12:02:52 +00:00
Ben Laurie
6caa4edd3e Add JPAKE. 2008-10-26 18:40:52 +00:00
Dr. Stephen Henson
df0681e554 Add permanentIdentifier OID. 2008-10-22 18:48:11 +00:00
Dr. Stephen Henson
e19106f5fb Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros 
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.

This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
 2008-10-22 15:43:01 +00:00
Geoff Thorpe
ae7ec4c71d Apparently '__top' is also risky, obfuscate further. (All this to 
avoid inlines...)
 2008-10-22 12:00:15 +00:00
Geoff Thorpe
3fdc6c11aa Use of a 'top' var creates "shadow variable" warnings. 2008-10-22 01:25:45 +00:00
Dr. Stephen Henson
dcf6b3e9b6 Reinstate obj_xref.h as it is not auto generated on all platforms. 2008-10-20 15:12:48 +00:00
Dr. Stephen Henson
606f6c477a Fix a shed load or warnings: 
Duplicate const.
Use of ; outside function.
 2008-10-20 15:12:00 +00:00
Ben Laurie
0d6f9c7181 Constification. 2008-10-19 22:51:27 +00:00
Dr. Stephen Henson
111a6e2a23 Fix multiple ; warning. 2008-10-18 15:02:59 +00:00
Ben Laurie
d764e7edb8 Fix warning a different way. 2008-10-18 12:12:34 +00:00
Andy Polyakov
aff8259510 Fix argument order in BN_nnmod call and implement rigorous boundary 
condition check.
 2008-10-16 07:54:41 +00:00
Andy Polyakov
256b3e9c5f Optimize bn_correct_top. 2008-10-15 10:48:52 +00:00
Andy Polyakov
762a2e3cab Remove redundant BN_ucmp, fix boundary condition in BN_nist_mod_224 and 
reimplement BN_nist_mod_521.
 2008-10-15 10:47:48 +00:00
Ben Laurie
28b6d5020e Set comparison function in v3_add_canonize(). 2008-10-14 19:27:07 +00:00
Dr. Stephen Henson
0f7efbc859 Ooops... remove code accidentally commited from FIPS version. 2008-10-14 15:44:14 +00:00
Dr. Stephen Henson
a7ae4abfd9 Add missing lock definitions... 2008-10-14 15:24:49 +00:00
Dr. Stephen Henson
30661b1b01 Add missing lock definitions. 2008-10-14 15:22:11 +00:00
Ben Laurie
1ea6472e60 Type-safe OBJ_bsearch_ex. 2008-10-14 08:10:52 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90 Experimental new date handling routines. These fix issues with X509_time_adj() 
and should avoid any OS date limitations such as the year 2038 bug.
 2008-10-07 22:55:27 +00:00
Lutz Jänicke
1e369b375e Fix incorrect command for assember file generation on IA64 
Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>
 2008-10-06 10:34:49 +00:00
Andy Polyakov
6bf24568bc Fix EC_KEY_check_key. 2008-09-23 17:33:11 +00:00
Bodo Möller
1a489c9af1 From branch OpenSSL_0_9_8-stable: Allow soft-loading engines. 
Also, fix CHANGES (consistency with stable branch).
 2008-09-15 20:41:24 +00:00
Andy Polyakov
d7235a9d68 Fix yesterday typos in bss_dgram.c. 2008-09-15 05:43:04 +00:00
Geoff Thorpe
fa0f834c20 Fix build warnings. 2008-09-15 04:02:37 +00:00
Andy Polyakov
b9790c1cd4 Winsock handles SO_RCVTIMEO in unique manner... 
PR: 1648
 2008-09-14 19:22:52 +00:00
Bodo Möller
db99c52509 Really get rid of unsafe double-checked locking. 
Also, "CHANGES" clean-ups.
 2008-09-14 13:51:44 +00:00
Bodo Möller
f8d6be3f81 Some precautions to avoid potential security-relevant problems. 2008-09-14 13:42:34 +00:00
Andy Polyakov
492279f6f3 AIX build updates. 2008-09-12 14:45:54 +00:00
Ben Laurie
43048d13c8 Fix warning. 2008-09-07 13:22:34 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find 
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
 2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06 Add support for CRLs partitioned by reason code. 
Tidy CRL scoring system.

Add new CRL path validation error.
 2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
249a77f5fb Add support for freshest CRL extension. 2008-08-27 15:52:05 +00:00
Dr. Stephen Henson
d0fff69dc9 Initial indirect CRL support. 2008-08-20 16:42:19 +00:00
Dr. Stephen Henson
8c9bd89338 Support for certificateIssuer CRL entry extension. 2008-08-18 16:48:47 +00:00
Bodo Möller
2e415778f2 Don't use assertions to check application-provided arguments; 
and don't unnecessarily fail on input size 0.
 2008-08-14 21:37:51 +00:00
Dr. Stephen Henson
9d84d4ed5e Initial support for CRL path validation. This supports distinct certificate 
and CRL signing keys.
 2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
2e0c7db950 Initial code to support distinct certificate and CRL signing keys where the 
CRL issuer is not part of the main path.

Not complete yet and not compiled in because the CRL issuer certificate is
not validated.
 2008-08-12 16:07:52 +00:00
Dr. Stephen Henson
002e66c0e8 Support for policy mappings extension. 
Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.
 2008-08-12 10:32:56 +00:00
Dr. Stephen Henson
e9746e03ee Initial support for name constraints certificate extension. 
TODO: robustness checking on name forms.
 2008-08-08 15:35:29 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs, 
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
 2008-08-06 15:54:15 +00:00
Andy Polyakov
96826bfc84 sha1-armv4-large cosmetics. 2008-08-06 08:58:45 +00:00
Andy Polyakov
eb1aa135d8 sha1-armv4-large.pl performance improvement. On PXA255 it gives +10% on 
8KB block, +60% on 1KB, +160% on 256B...
 2008-08-06 08:47:07 +00:00
Dr. Stephen Henson
6d6c47980e Correctly handle errors in CMS I/O code. 2008-08-05 15:55:53 +00:00
Dr. Stephen Henson
3e727a3b37 Add support for nameRelativeToCRLIssuer field in distribution point name 
fields.
 2008-08-04 15:34:27 +00:00
Dr. Stephen Henson
a9ff742e42 Make explicit_policy handling match expected RFC3280 behaviour. 2008-08-02 11:16:35 +00:00
Dr. Stephen Henson
5cbd203302 Initial support for alternative CRL issuing certificates. 
Allow inibit any policy flag to be set in apps.
 2008-07-30 15:49:12 +00:00
Dr. Stephen Henson
592a207b94 Policy validation fixes. 
Inhibit any policy count should ignore self issued certificates.
Require explicit policy is the number certificate before an explict policy
is required.
 2008-07-30 15:41:42 +00:00
Andy Polyakov
b94551e823 perlasm update: implement dataseg directive. 2008-07-22 08:44:31 +00:00
Andy Polyakov
9b634c9b37 x86_64-xlate.pl: implement indirect jump/calls, support for Win64 SEH. 2008-07-22 08:42:06 +00:00
Bodo Möller
5b331ab77a We should check the eight bytes starting at p[-9] for rollback attack 
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.

PR: 1695
 2008-07-17 22:11:53 +00:00