Andy Polyakov
066caf0551
aes/asm/*-armv*.pl: compensate for inconsistencies in tool-chains.
...
Suggested by: Ard Biesheuvel
2013-10-01 20:33:06 +02:00
Ben Laurie
3cd8547a20
Mix time into the pool to avoid repetition of the Android duplicated PID problem.
2013-09-20 16:52:07 +01:00
Ben Laurie
79b9209883
More diagnostics for invalid OIDs.
2013-09-20 14:38:36 +01:00
Andy Polyakov
e0202d946d
aes-armv4.pl, bsaes-armv7.pl: add Linux kernel and Thumb2 support.
...
Submitted by: Ard Biesheuvel
2013-09-20 13:22:57 +02:00
Dr. Stephen Henson
94c2f77a62
Add functions to set ECDSA_METHOD structure.
...
Add various functions to allocate and set the fields of an ECDSA_METHOD
structure.
2013-09-18 01:22:50 +01:00
Bodo Moeller
ca567a03ad
Fix overly lenient comparisons:
...
- EC_GROUP_cmp shouldn't consider curves equal just because
the curve name is the same. (They really *should* be the same
in this case, but there's an EC_GROUP_set_curve_name API,
which could be misused.)
- EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
equality (not an error).
Reported by: king cope
2013-09-16 12:59:21 +02:00
Andy Polyakov
8e52a9063a
crypto/armcap.c: fix typo in rdtsc subroutine.
...
PR: 3125
Submitted by: Kyle McMartin
2013-09-15 22:07:49 +02:00
Andy Polyakov
612f4e2384
bsaes-armv7.pl: remove partial register operations in CTR subroutine.
2013-09-15 19:47:51 +02:00
Andy Polyakov
29f41e8a80
bsaes-armv7.pl: remove byte order dependency and minor optimization.
2013-09-15 19:44:43 +02:00
Ard Biesheuvel
a2ea9f3ecc
Added support for ARM/NEON based bit sliced AES in XTS mode
...
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2013-09-15 19:37:16 +02:00
Ben Laurie
edf92f1c41
Constification.
2013-09-10 18:04:08 +01:00
Andy Polyakov
7a1a12232a
crypto/modes/asm/aesni-gcm-x86_64.pl: minor optimization.
...
Avoid occasional up to 8% performance drops.
2013-09-09 21:43:21 +02:00
Andy Polyakov
72a158703b
crypto/bn/asm/x86_64-mont.pl: minor optimization.
2013-09-09 21:40:33 +02:00
Dr. Stephen Henson
52073b7675
Partial path fix.
...
When verifying a partial path always check to see if the EE certificate
is explicitly trusted: the path could contain other untrusted certificates.
2013-09-08 19:26:59 +01:00
Scott Deboy
36086186a9
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
...
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
2013-09-06 13:59:13 +01:00
Veres Lajos
478b50cf67
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
Ben Laurie
a0aaa5660a
Fix compile errors.
2013-08-21 04:21:42 +01:00
Dr. Stephen Henson
14536c8c9c
Make no-ec compilation work.
2013-08-17 17:41:13 +01:00
Kaspar Brand
5ae8d6bcba
Fix for PEM_X509_INFO_read_bio.
...
PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.
2013-08-06 16:01:47 +01:00
Dr. Stephen Henson
bd59f2b91d
CMS RFC2631 X9.42 DH enveloped data support.
2013-08-05 16:23:13 +01:00
Dr. Stephen Henson
dc1ce3bc64
Add KDF for DH.
...
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
3909087801
Extend DH parameter generation support.
...
Add support for DH parameter generation using DSA methods including
FIPS 186-3.
2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
d3cc91eee2
Enhance DH dup functions.
...
Make DHparams_dup work properly with X9.42 DH parameters.
2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
c9577ab5ea
If present print j, seed and counter values for DH
2013-08-05 15:45:00 +01:00
Dr. Stephen Henson
3f6b6f0b8c
Minor optimisation to KDF algorithm.
...
Don't need to use temporary buffer if remaining length equals digest length.
2013-08-05 15:45:00 +01:00
Dr. Stephen Henson
e61f5d55bc
Algorithm parameter support.
...
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
2013-08-05 15:45:00 +01:00
Andy Polyakov
a59f436295
crypto/evp/e_aes.c: fix logical pre-processor bug and formatting.
...
Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
2013-08-03 17:09:06 +02:00
Andy Polyakov
fd8ad019e1
crypto/bn/asm/rsax-x86_64.pl: make it work on Darwin.
2013-08-03 16:28:50 +02:00
Andy Polyakov
006784378d
crypto/sha/asm/sha*-x86_64.pl: comply with Win64 ABI.
2013-07-31 23:50:15 +02:00
Dr. Stephen Henson
584ac22110
Make ecdsatest work with nonces.
...
Update ecdsatest to use ECDSA_sign_setup and ECDSA_sign_ex, this
avoids the nonce generation which would otherwise break the test.
Reinstate ecdsatest.
2013-07-19 14:11:43 +01:00
Dr. Stephen Henson
41b920ef01
Return correct enveloped data type in ASN1 methods.
...
For RSA and DSA keys return an appropriate RecipientInfo type. By setting
CMS_RECIPINFO_NONE for DSA keys an appropriate error is returned if
an attempt is made to use DSA with enveloped data.
2013-07-17 21:45:01 +01:00
Dr. Stephen Henson
88e20b8584
Add support for ECDH KARI.
...
Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.
2013-07-17 21:45:01 +01:00
Dr. Stephen Henson
25af7a5dbc
Add support for X9.62 KDF.
...
Add X9.62 KDF to EC EVP_PKEY_METHOD.
2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
6af440ced4
Add new OIDs from RFC5753
...
Add OIDs for KDF schemes from RFC5753 and add cross references for
each type and the appropriate digest to use.
2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
17c2764d2e
CMS support for key agreeement recipient info.
...
Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
ff7b6ce9db
Set CMS EnvelopedData version correctly.
2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
97cf1f6c28
EVP support for wrapping algorithms.
...
Add support for key wrap algorithms via EVP interface.
Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.
Move test code to evptests.txt
2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
415ece7301
Typo.
2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
8d6a75dc3a
Avoid need to change function code.
...
Keep original function names for nonce versions so we don't have to change
error function codes.
2013-07-17 21:45:00 +01:00
Adam Langley
190c615d43
Make `safe' (EC)DSA nonces the default.
...
This change updates 8a99cb29
to make the generation of (EC)DSA nonces
using the message digest the default. It also reverts the changes to
(EC)DSA_METHOD structure.
In addition to making it the default, removing the flag from EC_KEY
means that FIPS modules will no longer have an ABI mismatch.
2013-07-15 12:57:48 +01:00
Andy Polyakov
5c57c69f9e
bn/asm/rsaz-avx2.pl: Windows-specific fix.
2013-07-12 18:59:17 +02:00
Dr. Stephen Henson
4b26645c1a
Fix verify loop with CRL checking.
...
PR #3090
Reported by: Franck Youssef <fry@open.ch>
If no new reason codes are obtained after checking a CRL exit with an
error to avoid repeatedly checking the same CRL.
This will only happen if verify errors such as invalid CRL scope are
overridden in a callback.
2013-07-12 17:48:41 +01:00
Ben Laurie
852f837f5e
s/rsaz_eligible/rsaz_avx2_eligible/.
2013-07-12 12:47:39 +01:00
Andy Polyakov
241fba4ea9
sha512-586.pl: fix typo.
...
Submitted by: Gisle Vanem
2013-07-10 09:59:25 +02:00
Andy Polyakov
f5b132d652
Remove RSAX engine, superseded by RSAZ module.
2013-07-05 22:11:28 +02:00
Andy Polyakov
ca48ace5c5
Take RSAZ modules into build loop, add glue and engage.
...
RT: 2582, 2850
2013-07-05 21:39:47 +02:00
Andy Polyakov
0b4bb91db6
Add RSAZ assembly modules.
...
RT: 2582, 2850
2013-07-05 21:30:18 +02:00
Andy Polyakov
26e43b48a3
bn/asm/x86_86-mont.pl: optimize reduction for Intel Core family.
2013-07-05 21:10:56 +02:00
Andy Polyakov
cbce8c4644
bn/bn_exp.c: harmonize.
2013-07-05 20:52:58 +02:00
Dr. Stephen Henson
e0f7cfda68
Initialise CMS signature buffer length properly.
2013-07-02 22:12:19 +01:00
Andy Polyakov
b74ce8d948
bn/bn_exp.c: Solaris-specific fix, T4 MONTMUL relies on alloca.
2013-06-30 23:09:09 +02:00
Andy Polyakov
a9d14832fd
x86_64-xlate.pl: Windows fixes.
2013-06-30 23:07:33 +02:00
Andy Polyakov
42386fdb62
aesni-sha256-x86_64.pl: fix typo in Windows SEH.
2013-06-30 23:06:28 +02:00
Dr. Stephen Henson
0574cadf85
CMS RSA-OAEP and RSA-PSS support.
...
Extend RSA ASN1 method to support CMS PSS signatures for both sign
and verify.
For signing the EVP_PKEY_CTX parameters are read and the appropriate
CMS structures set up.
For verification the CMS structures are analysed and the corresponding
parameters in the EVP_PKEY_CTX set.
Also add RSA-OAEP support.
For encrypt the EVP_PKEY_CTX parameters are used.
For decrypt the CMS structure is uses to set the appropriate EVP_PKEY_CTX
parameters.
2013-06-21 23:43:05 +01:00
Dr. Stephen Henson
e365352d6a
CMS public key parameter support.
...
Add support for customisation of CMS handling of signed and enveloped
data from custom public key parameters.
This will provide support for RSA-PSS and RSA-OAEP but could also be
applied to other algorithms.
2013-06-21 21:33:00 +01:00
Dr. Stephen Henson
211a14f627
Update to OAEP support.
...
Add OAEP ctrls to retrieve MD and label. Return errors if
an attempt is made to set or retrieve OAEP parameters when
padding mode is not OAEP.
2013-06-21 21:33:00 +01:00
Dr. Stephen Henson
810639536c
Add control to retrieve signature MD.
2013-06-21 21:33:00 +01:00
Dr. Stephen Henson
e423c360fd
Add new OID to pSpecified from PKCS#1
2013-06-21 21:33:00 +01:00
Andy Polyakov
8ee3c7e676
SPARC T4 DES support: fix typo.
2013-06-18 10:42:08 +02:00
Andy Polyakov
4ddacd9921
Optimize SPARC T4 MONTMUL support.
...
Improve RSA sing performance by 20-30% by:
- switching from floating-point to integer conditional moves;
- daisy-chaining sqr-sqr-sqr-sqr-sqr-mul sequences;
- using MONTMUL even during powers table setup;
2013-06-18 10:39:38 +02:00
Andy Polyakov
02450ec69d
PA-RISC assembler pack: switch to bve in 64-bit builds.
...
PR: 3074
2013-06-18 10:37:00 +02:00
Adam Langley
8a99cb29d1
Add secure DSA nonce flag.
...
This change adds the option to calculate (EC)DSA nonces by hashing the
message and private key along with entropy to avoid leaking the private
key if the PRNG fails.
2013-06-13 17:26:07 +01:00
Adam Langley
a54a61e7a9
Don't SEGFAULT when trying to export a public DSA key as a private key.
2013-06-13 17:03:35 +01:00
Dr. Stephen Henson
271fef0ef3
Exetended OAEP support.
...
Extend OAEP support. Generalise the OAEP padding functions to support
arbitrary digests. Extend EVP_PKEY RSA method to handle the new OAEP
padding functions and add ctrls to set the additional parameters.
2013-06-12 18:48:17 +01:00
Dr. Stephen Henson
965e06da3c
Typo.
2013-06-12 18:47:28 +01:00
Andy Polyakov
3b848d3401
aesni-sha1-x86_64.pl: update performance data.
2013-06-10 22:35:22 +02:00
Andy Polyakov
42b9a4177b
aesni-sha256-x86_64.pl: harmonize with latest sha512-x86_64.pl.
2013-06-10 22:34:06 +02:00
Andy Polyakov
cd8d7335af
sha1-x86_64.pl: add AVX2+BMI code path.
2013-06-10 22:30:34 +02:00
Andy Polyakov
c7f690c243
sha512-x86_64.pl: upcoming-Atom-specific optimization.
2013-06-10 22:29:01 +02:00
Andy Polyakov
32213d8d77
sha[256|512]-586.pl: add more SIMD code paths.
2013-06-10 22:26:53 +02:00
Andy Polyakov
b42759158d
ghash-x86_64.pl: add Haswell performance data.
2013-06-10 22:25:12 +02:00
Andy Polyakov
1bc0b68d7b
x86cpuid.pl: fix extended feature flags detection.
2013-06-10 22:20:46 +02:00
Dr. Stephen Henson
2f58cda4ce
Fix PSS signature printing.
...
Fix PSS signature printing: consistently use 0x prefix for hex values for
padding length and trailer fields.
2013-06-05 15:06:03 +01:00
Dr. Stephen Henson
c71fdaed58
Reencode with X509_CRL_ctx_sign too.
2013-06-05 15:06:03 +01:00
Adam Langley
96a4c31be3
Ensure that, when generating small primes, the result is actually of the
...
requested size. Fixes OpenSSL #2701 .
This change does not address the cases of generating safe primes, or
where the |add| parameter is non-NULL.
Conflicts:
crypto/bn/bn.h
crypto/bn/bn_err.c
2013-06-04 18:52:30 +01:00
Adam Langley
2b0180c37f
Ensure that x**0 mod 1 = 0.
2013-06-04 18:47:11 +01:00
Adam Langley
7753a3a684
Add volatile qualifications to two blocks of inline asm to stop GCC from
...
eliminating them as dead code.
Both volatile and "memory" are used because of some concern that the compiler
may still cache values across the asm block without it, and because this was
such a painful debugging session that I wanted to ensure that it's never
repeated.
2013-06-04 18:46:25 +01:00
Ben Laurie
5dcd2deb3e
Remove added ;.
2013-06-04 17:27:18 +01:00
Ben Laurie
b25b8417a7
Missing prototypes.
2013-06-04 16:34:45 +01:00
Andy Polyakov
b69437e1e5
crypto/bn/bn_exp.c: SPARC portability fix.
2013-06-01 09:58:07 +02:00
Andy Polyakov
36df342f9b
aesni-x86_64.pl: optimize XTS.
...
PR: 3042
2013-05-25 19:23:09 +02:00
Andy Polyakov
4df2280b4f
aesni-sha1-x86_64.pl: Atom-specific optimization.
2013-05-25 19:08:39 +02:00
Andy Polyakov
504bbcf3cd
sha512-x86_64.pl: +16% optimization for Atom.
...
(and pending AVX2 changes).
2013-05-25 19:02:57 +02:00
Andy Polyakov
988d11b641
vpaes-x86[_64].pl: minor Atom-specific optimization.
2013-05-25 18:57:03 +02:00
Andy Polyakov
8a97a33063
Add AES-SHA256 stitch.
2013-05-13 22:49:58 +02:00
Andy Polyakov
22de0e6583
x86_64-xlate.pl: minor size/performance improvement.
2013-05-13 16:06:25 +02:00
Andy Polyakov
cd54249c21
aesni-x86_64.pl: minor CTR performance improvement.
2013-05-13 15:49:03 +02:00
Dr. Stephen Henson
c6d8adb8a4
Reencode certificates in X509_sign_ctx.
...
Reencode certificates in X509_sign_ctx as well as X509_sign.
This was causing a problem in the x509 application when it modified an
existing certificate.
2013-05-02 12:19:40 +01:00
Andy Polyakov
9575d1a91a
bsaes-armv7.pl: add bsaes_cbc_encrypt and bsaes_ctr32_encrypt_blocks.
...
Submitted by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Contributor claims ~50% improvement in CTR and ~9% in CBC decrypt
on Cortex-A15.
2013-04-23 17:52:14 +02:00
Andy Polyakov
75fe422323
bsaes-armv7.pl: take it into build loop.
2013-04-23 17:49:54 +02:00
Andy Polyakov
3bdd80521a
crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on ARMv7.
...
While ARMv7 in general is capable of unaligned access, not all instructions
actually are. And trouble is that compiler doesn't seem to differentiate
those capable and incapable of unaligned access. Side effect is that kernel
goes into endless loop retrying same instruction triggering unaligned trap.
Problem was observed in xts128.c and ccm128.c modules. It's possible to
resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT
be feels more appropriate.
2013-04-13 20:57:37 +02:00
Ben Laurie
282a480a35
Fix warnings.
2013-04-06 15:08:44 +01:00
Andy Polyakov
99cda4376e
cryptlib.c: fix typo in OPENSSL_showfatal.
2013-04-04 15:57:43 +02:00
Andy Polyakov
73325b221c
aesni-x86_64.pl: optimize CBC decrypt.
...
Give CBC decrypt approximately same treatment as to CTR and collect 25%.
2013-04-04 15:56:23 +02:00
Andy Polyakov
a42abde699
e_aes.c: reserve for future extensions.
2013-04-04 15:55:49 +02:00
Andy Polyakov
64f7e2c4c0
gcm128.c: fix linking problems in 32-bit Windows build.
2013-04-04 15:54:58 +02:00
Andy Polyakov
7f97d57236
dest4-sparcv9.pl: add clarification comment.
2013-04-04 15:54:08 +02:00
Andy Polyakov
c9a8e3d1c7
evptests.txt: add XTS test vectors
2013-04-04 15:53:01 +02:00
Dr. Stephen Henson
0ded2a0689
Typo.
2013-03-31 17:42:46 +01:00
Andy Polyakov
c5d975a743
Add support for SPARC T4 DES opcode.
2013-03-31 14:32:05 +02:00
Andy Polyakov
d8f3ed2306
des_enc.m4: add missing #include.
...
Submitted by: David Miller
2013-03-31 14:07:48 +02:00
Andy Polyakov
4e049c5259
Add AES-NI GCM stitch.
2013-03-29 20:45:33 +01:00
Andy Polyakov
b4a9d5bfe8
aesni-x86_64.pl: fix typo and optimize small block performance.
2013-03-29 18:54:24 +01:00
Matt Caswell
94782e0e9c
Make binary curve ASN.1 work in FIPS mode.
...
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
2013-03-26 16:56:50 +00:00
Andy Polyakov
6c79faaa9d
aesni-x86_64.pl: optimize CTR even further.
...
Based on suggestions from Shay Gueron and Vlad Krasnov.
PR: 3021
2013-03-26 14:29:18 +01:00
Andy Polyakov
1da5d3029e
ghash-x86_64.pl: add AVX code path.
2013-03-24 23:44:35 +01:00
Andy Polyakov
1bc4d009e1
aesni-x86_64.pl: optimize CTR even further.
2013-03-19 20:03:02 +01:00
Andy Polyakov
fbf7c44bbf
ghash-x86_64.pl: minor optimization.
2013-03-19 20:02:11 +01:00
Andy Polyakov
5c60046553
e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms.
...
PR: 3002
2013-03-18 19:29:41 +01:00
Dr. Stephen Henson
5de18d5d0d
Encode INTEGER correctly.
...
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit 1643edc63c
)
2013-03-18 14:22:08 +00:00
Andy Polyakov
ca303d333b
evptests.txt: additional GCM test vectors.
2013-03-06 19:24:05 +01:00
Dr. Stephen Henson
15652f9825
GCM and CCM test support
...
Add code to support GCM an CCM modes in evp_test. On encrypt this
will compare the expected ciphertext and tag. On decrypt it will
compare the expected plaintext: tag comparison is done internally.
Add a simple CCM test case and convert all tests from crypto/modes/gcm128.c
2013-03-06 16:15:42 +00:00
Dr. Stephen Henson
95248de327
Add CCM ciphers to tables.
2013-03-06 16:15:42 +00:00
Andy Polyakov
28997596f2
ghash-x86_64.pl: fix length handling bug.
...
Thanks to Shay Gueron & Vlad Krasnov for report.
2013-03-06 10:42:21 +01:00
Andy Polyakov
5702e965d7
x86cpuid.pl: make it work with older CPUs.
...
PR: 3005
2013-03-04 20:05:04 +01:00
Ben Laurie
4e2322892b
Override local vars for MINFO build.
2013-03-04 14:31:18 +00:00
Ben Laurie
ea5003bd1e
Include correctly.
2013-03-04 14:31:18 +00:00
Andy Polyakov
342dbbbe4e
x86_64-gf2m.pl: fix typo.
2013-03-01 22:36:36 +01:00
Andy Polyakov
7c43601d44
x86_64-gf2m.pl: add missing Windows build fix for #2963 .
...
PR: 3004
2013-03-01 21:43:10 +01:00
Ben Laurie
e46a281de5
Missing files target.
2013-02-26 21:51:13 +00:00
Dr. Stephen Henson
e1f1d28f34
Add function CMS_RecipientInfo_encrypt
...
Add CMS_RecipientInfo_encrypt: this function encrypts an existing content
encryption key to match the key in the RecipientInfo structure: this is
useful if a new recpient is added to and existing enveloped data structure.
Add documentation.
2013-02-26 16:59:56 +00:00
Ben Laurie
975dfb1c6c
make depend.
2013-02-21 18:17:38 +00:00
Andy Polyakov
47edeb9f59
sha256-586.pl: code refresh.
2013-02-15 11:23:06 +01:00
Andy Polyakov
35c77b7303
sha1-586.pl: code refresh.
2013-02-14 22:20:17 +01:00
Andy Polyakov
273a808180
ghash-x86[_64].pl: code refresh.
2013-02-14 16:28:09 +01:00
Andy Polyakov
7c9e81be40
[aesni-]sha1-x86_64.pl: code refresh.
2013-02-14 16:14:02 +01:00
Andy Polyakov
c4558efbf3
sha512-x86_64.pl: add AVX2 code path.
2013-02-14 15:39:42 +01:00
Andy Polyakov
750398acd8
bn_nist.c: work around clang 3.0 bug.
2013-02-14 09:51:41 +01:00
Andy Polyakov
3caeef94bd
sparccpuid.S: work around emulator bug on T1.
2013-02-11 10:39:50 +01:00
Andy Polyakov
2141e6f30b
e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line.
...
It also ensures that valgring is happy.
2013-02-08 10:31:13 +01:00
Andy Polyakov
1041ab696e
e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret.
...
(cherry picked from commit 529d27ea47
)
2013-02-06 14:19:11 +00:00
Andy Polyakov
9970308c88
e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues.
...
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
(cherry picked from commit 125093b59f
)
2013-02-06 14:19:10 +00:00
Ben Laurie
2acc020b77
Make CBC decoding constant time.
...
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.
This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.
In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc
)
2013-02-06 14:19:07 +00:00
Ben Laurie
7c770d572a
Add and use a constant-time memcmp.
...
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a
)
2013-02-06 14:16:55 +00:00
Andy Polyakov
4568182a8b
x86_64 assembly pack: keep making Windows build more robust.
...
PR: 2963 and a number of others
2013-02-02 19:54:59 +01:00
Dr. Stephen Henson
1703627ba8
Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set
2013-01-23 01:09:38 +00:00
Andy Polyakov
46bf83f07a
x86_64 assembly pack: make Windows build more robust.
...
PR: 2963 and a number of others
2013-01-22 22:27:28 +01:00
Andy Polyakov
543fd85460
bn/asm/mips.pl: hardwire local call to bn_div_words.
2013-01-22 21:13:37 +01:00
Andy Polyakov
1598af9ac9
sha512-ppc.pl: minimize stack frame.
2013-01-22 21:09:14 +01:00
Dr. Stephen Henson
f20c673d0d
Don't include comp.h if no-comp set.
2013-01-20 02:34:25 +00:00
Andy Polyakov
a006fef78e
Improve WINCE support.
...
Submitted by: Pierre Delaage
2013-01-19 21:23:13 +01:00
Ben Laurie
6f0a93b069
Merge branch 'master' of openssl.net:openssl
2013-01-19 17:35:41 +00:00
Andy Polyakov
d4571f43e8
sha512-ppc.pl: add PPC32 code, >2x improvement on in-order cores.
2013-01-19 17:22:05 +01:00
Ben Laurie
a6bbbf2ff5
Make "make depend" work on MacOS out of the box.
2013-01-19 14:14:30 +00:00
Ben Laurie
08e5536445
Fix some clang warnings.
2013-01-13 21:04:39 +00:00
Ben Laurie
f00c54ae2e
Fix warning.
2013-01-06 19:03:48 +00:00
Dr. Stephen Henson
c1faa8b5b2
make no-comp compile
2012-12-30 16:04:51 +00:00
Dr. Stephen Henson
bdcf772aa5
Portability fix: use BIO_snprintf and pick up strcasecmp alternative
...
definitions from e_os.h
2012-12-26 23:51:56 +00:00
Dr. Stephen Henson
2dabd82236
Make partial chain checking work if we only have the EE certificate in
...
the trust store.
2012-12-21 18:31:32 +00:00
Dr. Stephen Henson
0028a23b9f
revert OCSP_basic_verify changes: they aren't needed now we support partial chain verification and can pass verify options to ocsp utility
2012-12-20 18:51:00 +00:00
Andy Polyakov
0a2d5003df
dso/dso_win32.c: fix compiler warning.
2012-12-18 18:19:54 +00:00
Andy Polyakov
f469880c61
d1_lib.c,bss_dgram.c: eliminate dependency on _ftime.
2012-12-16 19:02:59 +00:00
Dr. Stephen Henson
e9754726d2
Check chain is not NULL before assuming we have a validated chain.
...
The modification to the OCSP helper purpose breaks normal OCSP verification.
It is no longer needed now we can trust partial chains.
2012-12-15 02:58:00 +00:00
Dr. Stephen Henson
2a21cdbe6b
Use new partial chain flag instead of modifying input parameters.
2012-12-13 18:20:47 +00:00
Dr. Stephen Henson
51e7a4378a
New verify flag to return success if we have any certificate in the
...
trusted store instead of the default which is to return an error if
we can't build the complete chain.
2012-12-13 18:14:46 +00:00
Ben Laurie
b204ab6506
Update ignores.
2012-12-11 15:52:10 +00:00
Ben Laurie
ec40e5ff42
Tabification. Remove accidental duplication.
2012-12-10 16:52:17 +00:00
Ben Laurie
30c278aa6b
Fix OCSP checking.
2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
abd2ed012b
Fix two bugs which affect delta CRL handling:
...
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
2012-12-06 18:24:28 +00:00
Dr. Stephen Henson
3bf15e2974
Integrate host, email and IP address checks into X509_verify.
...
Add new verify options to set checks.
Remove previous -check* commands from s_client and s_server.
2012-12-05 18:35:20 +00:00
Andy Polyakov
8df400cf8d
aes-s390x.pl: fix XTS bugs in z196-specific code path.
2012-12-05 17:44:45 +00:00
Andy Polyakov
3766e7ccab
ghash-sparcv9.pl: shave off one more xmulx, improve T3 performance by 7%.
2012-12-04 20:21:24 +00:00
Dr. Stephen Henson
2e8cb108dc
initial support for delta CRL generations by diffing two full CRLs
2012-12-04 18:35:36 +00:00
Andy Polyakov
f91926a240
cryptlib.c: fix logical error.
2012-12-01 18:24:20 +00:00
Andy Polyakov
9282c33596
aesni-x86_64.pl: CTR face lift, +25% on Bulldozer.
2012-12-01 18:20:39 +00:00
Andy Polyakov
c3cddeaec8
aes-s390x.pl: harmonize software-only code path [and minor optimization].
2012-12-01 11:06:19 +00:00
Dr. Stephen Henson
2fceff5ba3
PR: 2803
...
Submitted by: jean-etienne.schwartz@bull.net
In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
2012-11-29 19:15:14 +00:00
Dr. Stephen Henson
f404278186
add wrapper function for certificate download
2012-11-29 01:15:09 +00:00
Dr. Stephen Henson
68f5500d31
constify
2012-11-29 01:13:38 +00:00
Dr. Stephen Henson
6f9076ff37
Generalise OCSP I/O functions to support dowloading of other ASN1
...
structures using HTTP. Add wrapper function to handle CRL download.
2012-11-28 16:22:53 +00:00
Andy Polyakov
904732f68b
C64x+ assembly pack: improve EABI support.
2012-11-28 13:19:10 +00:00
Andy Polyakov
cf5ecc3e1f
Update support for Intel compiler: add linux-x86_64-icc and fix problems.
2012-11-28 13:05:13 +00:00
Dr. Stephen Henson
2c340864be
New functions to set lookup_crls callback and to retrieve internal X509_STORE
...
from X509_STORE_CTX.
2012-11-27 23:47:48 +00:00
Andy Polyakov
cd68694646
AES for SPARC T4: add XTS, reorder subroutines to improve TLB locality.
2012-11-24 21:55:23 +00:00
Dr. Stephen Henson
46a6cec699
Reorganise parameters for OPENSSL_gmtime_diff.
...
Make ASN1_UTCTIME_cmp_time_t more robust by using the new time functions.
2012-11-21 14:13:20 +00:00
Dr. Stephen Henson
472af806ce
Submitted by: Florian Weimer <fweimer@redhat.com>
...
PR: 2909
Update test cases to cover internal error return values.
Remove IDNA wildcard filter.
2012-11-21 14:10:48 +00:00
Dr. Stephen Henson
598c423e65
don't use psec or pdays if NULL
2012-11-20 15:20:40 +00:00
Dr. Stephen Henson
360ef6769e
first parameter is difference in days, not years
2012-11-20 15:19:53 +00:00
Dr. Stephen Henson
d223dfe641
make depend
2012-11-19 15:13:33 +00:00
Dr. Stephen Henson
1c455bc084
new function ASN1_TIME_diff to calculate difference between two ASN1_TIME structures
2012-11-19 15:12:07 +00:00
Andy Polyakov
9f6b0635ad
x86_64-gcc.c: resore early clobber constraint.
...
Submitted by: Florian Weimer
2012-11-19 15:02:00 +00:00
Dr. Stephen Henson
98a7edf9f0
make depend
2012-11-19 13:18:09 +00:00
Dr. Stephen Henson
d88926f181
PR: 2909
...
Contributed by: Florian Weimer <fweimer@redhat.com>
Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.
2012-11-18 15:13:55 +00:00
Andy Polyakov
cccf27c89a
cryptlib.c: revert typo.
2012-11-17 21:42:57 +00:00
Andy Polyakov
c5cd28bd64
Extend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability.
2012-11-17 19:04:15 +00:00
Andy Polyakov
b3aee265c5
perlasm/sparcv9_modes.pl: addendum to commit#22966.
2012-11-17 18:34:17 +00:00
Andy Polyakov
68c06bf6b2
Support for SPARC T4 MONT[MUL|SQR] instructions.
...
Submitted by: David Miller, Andy Polyakov
2012-11-17 10:34:11 +00:00
Andy Polyakov
98dc178494
aes-x86_64.pl: Atom-specific optimizations, +10%.
...
vpaes-x86_64.pl: minor performance squeeze.
2012-11-12 17:52:41 +00:00
Andy Polyakov
89f1eb8213
aes-586.pl: Atom-specific optimization, +44/29%, minor improvement on others.
...
vpaes-x86.pl: minor performance squeeze.
2012-11-12 17:50:19 +00:00
Andy Polyakov
f717abd7c1
ppccap.c: fix typo.
2012-11-10 20:27:18 +00:00
Andy Polyakov
d5630dd60e
ppccap.c: restrict features on AIX 5.
2012-11-10 20:24:51 +00:00
Andy Polyakov
134c00659a
bn_word.c: fix overflow bug in BN_add_word.
2012-11-09 13:58:40 +00:00
Andy Polyakov
96a4cf8c29
crypto/modes: even more strict aliasing fixes [and fix bug in cbc128.c from
...
previous cbc128.c commit].
2012-11-05 17:03:39 +00:00
Ben Laurie
da01515c40
More strict aliasing fix.
2012-11-05 14:23:55 +00:00
Dr. Stephen Henson
7c43ea50fd
correct error function code
2012-11-05 13:34:29 +00:00
Andy Polyakov
c0832990f5
cbc128.c: fix strict aliasing warning.
2012-11-05 10:04:02 +00:00
Andy Polyakov
7cb81398b7
e_camillia.c: remove copy-n-paste artifact, EVP_CIPH_FLAG_FIPS, and
...
leave comment about CTR mode.
2012-11-05 09:20:41 +00:00
Andy Polyakov
24798c5e59
ghash-sparcv9.pl: 22% improvement on T4.
2012-11-05 08:47:26 +00:00
Ben Laurie
5b0e3daf50
Remove unused static function.
2012-11-05 02:01:07 +00:00
Ben Laurie
53d6bf40c1
Fix gcc 4.8 warning (strict aliasing violation).
2012-11-05 01:59:33 +00:00
Andy Polyakov
1efd583085
SPARCv9 assembly pack: harmonize ABI handling (so that it's handled in one
...
place at a time, by pre-processor in .S case and perl - in .s).
2012-10-25 12:07:32 +00:00
Andy Polyakov
8ed11a815e
[aes|cmll]t4-sparcv9.pl: unify argument handling.
2012-10-25 12:03:41 +00:00
Andy Polyakov
38049c2bb9
perlasm/sparcv9_modes.pl: fix typo in IV save code and switch to less
...
aggressive ASI.
2012-10-25 12:02:37 +00:00
Dr. Stephen Henson
918e613a32
oops, add missing asn_mstbl.c
2012-10-24 13:27:46 +00:00
Andy Polyakov
23328d4b27
ghash-sparcv9.pl: add VIS3 code path.
2012-10-24 08:21:10 +00:00
Dr. Stephen Henson
30765fed55
New config module for string tables. This can be used to add new
...
multi string components (as used in DN fields or request attributes)
or change the values of existing ones.
2012-10-22 13:05:54 +00:00
Andy Polyakov
78c3e20579
linux-pcc: make it more robust and recognize KERNEL_BITS variable.
2012-10-21 18:19:41 +00:00
Andy Polyakov
0c832ec5c6
Add VIS3-capable sparcv9-gf2m module.
2012-10-20 15:59:14 +00:00
Andy Polyakov
947d78275b
Add VIS3 Montgomery multiplication.
2012-10-20 09:13:21 +00:00
Dr. Stephen Henson
d35c0ff30b
fix ASN1_STRING_TABLE_add so it can override existing string table values
2012-10-19 15:06:31 +00:00
Dr. Stephen Henson
057c8a2b9e
fix error code
2012-10-18 16:21:39 +00:00
Dr. Stephen Henson
964eaad78c
Don't require tag before ciphertext in AESGCM mode
2012-10-16 22:46:08 +00:00
Andy Polyakov
fd3b0eb01d
sparcv9_modes.pl: membars are reported as must-have.
2012-10-15 14:04:52 +00:00
Andy Polyakov
d17b59e49f
md5-sparcv9.pl: avoid %asi modifications, improve short input performance
...
by 30-20%.
2012-10-14 16:51:27 +00:00
Andy Polyakov
aea4126e4e
[md5|sha1|sha512]-sparcv9.pl: "cooperative" optimizations based on
...
suggestions from David Miller.
2012-10-14 14:46:56 +00:00
Andy Polyakov
eec82a0e1f
[aes|cmll]t4-sparcv9.pl: addendum to previous sparcv9_modes.pl commit.
2012-10-14 14:42:27 +00:00
Andy Polyakov
dea8068015
perlasm/sparcv9_modes.pl: "cooperative" optimizations based on suggestions
...
from David Miller.
2012-10-14 14:25:00 +00:00
Andy Polyakov
4739ccdb39
Add SPARC T4 Camellia support.
...
Submitted by: David Miller
2012-10-11 18:35:18 +00:00
Andy Polyakov
54a1f4480e
aest4-sparcv9.pl: split it to AES-specific and reusable part.
2012-10-11 18:30:35 +00:00
Dr. Stephen Henson
a70da5b3ec
New functions to check a hostname email or IP address against a
...
certificate. Add options to s_client, s_server and x509 utilities
to print results of checks.
2012-10-08 15:10:07 +00:00
Andy Polyakov
c5f6da54fc
Add SPARC T4 AES support.
...
Submitted by: David Miller
2012-10-06 18:08:09 +00:00
Bodo Möller
f11d0c7908
Fix EC_KEY initialization race.
...
Submitted by: Adam Langley
2012-10-05 20:50:11 +00:00
Andy Polyakov
3ed6e22771
sha[1|512]-sparcv9.pl: add hardware SPARC T4 support.
...
Submitted by: David Miller
2012-09-28 09:35:39 +00:00
Andy Polyakov
e66055b8f7
md5-sparcv9.pl: add hardware SPARC T4 support.
...
Submitted by: David Miller
2012-09-28 09:34:09 +00:00
Andy Polyakov
b460c8f896
sparc_arch.h: add assembler helpers (and make it work on Solaris).
...
Submitted by: David Miller
2012-09-28 09:31:40 +00:00
Andy Polyakov
27e0c86307
md5-sparcv9.pl: more accurate performance result.
2012-09-28 09:25:49 +00:00
Bodo Möller
7f429a5dbf
Fix Valgrind warning.
...
Submitted by: Adam Langley
2012-09-24 19:49:16 +00:00
Andy Polyakov
e98c526b68
Add md5-sparcv9.pl.
2012-09-23 20:39:53 +00:00
Andy Polyakov
1fda639ae7
sparcv9cap.c: add SPARC-T4 feature detection.
...
Submitted by: David Miller
2012-09-23 20:29:03 +00:00
Andy Polyakov
5cc2159526
MIPS assembly pack: add support for SmartMIPS ASE.
2012-09-18 12:52:23 +00:00
Bodo Möller
6373af15d3
Fix warning.
...
Submitted by: Chromium Authors
2012-09-17 17:21:58 +00:00
Andy Polyakov
8df5518bd9
MIPS assembly pack: add MIPS[32|64]R2 code.
2012-09-15 11:18:20 +00:00
Andy Polyakov
9b222748e7
aes-mips.pl: interleave load and integer instructions for better performance.
2012-09-15 11:15:02 +00:00
Andy Polyakov
17e820aec3
sha512-sparcv9.pl: fix binutils compilation error.
...
Submitted by: David Miller
2012-09-15 08:53:25 +00:00
Andy Polyakov
244ed51a0d
e_aes.c: uninitialized variable in aes_ccm_init_key.
...
PR: 2874
Submitted by: Tomas Mraz
2012-09-15 08:45:42 +00:00
Dr. Stephen Henson
24edfa9df9
enhance EC method to support setting curve type when generating keys and add parameter encoding option
2012-09-11 13:54:09 +00:00
Andy Polyakov
e7db9896bb
bsaes-armv7.pl: closest shave. While 0.3 cpb improvement on S4 appears
...
insignificant, it's actually 4 cycles less for 14 instructions sequence!
2012-09-07 12:29:18 +00:00
Andy Polyakov
4f16215b9d
bsaes-armv7.pl: even closer shave.
2012-09-04 14:39:05 +00:00
Andy Polyakov
a903e6919c
bsaes-armv7.pl: minor performance squeeze on Snapdragon S4.
2012-09-04 08:26:50 +00:00
Andy Polyakov
f26328c2f3
sha512-armv4.pl: optimize for Snapdragon S4.
2012-09-04 08:25:37 +00:00
Andy Polyakov
a58fdc7a34
bn_lcl.h: gcc removed support for "h" constraint, which broke inline
...
assembler.
2012-09-01 13:17:32 +00:00
Andy Polyakov
6206682a35
x86cpuid.pl: hide symbols [backport from x86_64].
2012-08-29 14:19:59 +00:00
Andy Polyakov
be0d31b166
Add linux-x32 target.
2012-08-29 14:08:46 +00:00
Dr. Stephen Henson
0db17852cd
PR: 2786
...
Reported by: Tomas Mraz <tmraz@redhat.com>
Treat a NULL value passed to drbg_free_entropy callback as non-op. This
can happen if the call to fips_get_entropy fails.
2012-08-22 22:43:23 +00:00
Andy Polyakov
1a9d60d2e3
sha1-armv4-large.pl: comply with ABI.
2012-08-17 19:57:04 +00:00
Andy Polyakov
1a002d88ad
MIPS assembly pack: assign default value to $flavour.
2012-08-17 09:10:31 +00:00
Andy Polyakov
5833e4f5d6
bss_dgram.c: fix compilation failure and warning on Windows with
...
contemporary SDK.
2012-08-14 09:53:24 +00:00
Andy Polyakov
9ddd859d2a
gcm128.c: fix AAD-only case with AAD length not divisible by 16.
...
PR: 2859
Submitted by: John Foley
2012-08-13 15:07:37 +00:00
Andy Polyakov
f6ff1aa8e0
sha512-x86_64.pl: revert previous change and solve the problem through
...
perlasm/x86_64-xlate.pl instead.
2012-08-13 12:34:36 +00:00
Andy Polyakov
3a5485a9f8
sha512-x86_64.pl: minimum gas requirement for AMD XOP.
2012-08-13 11:01:44 +00:00
Dr. Stephen Henson
3b0648ebc9
Rename Suite B functions for consistency.
...
New function X509_chain_up_ref to dup and up the reference count of
a STACK_OF(X509): replace equivalent functionality in several places
by the equivalent call.
2012-08-03 15:58:15 +00:00
Dr. Stephen Henson
3ad344a517
add suite B chain validation flags and associated verify errors
2012-08-03 13:51:43 +00:00
Dr. Stephen Henson
a1644902eb
add ssl_locl.h to err header files, rebuild ssl error strings
2012-07-19 14:45:36 +00:00
Dr. Stephen Henson
bff9ce4db3
Don't ignore (\!) reference count in X509_STORE_free
2012-07-19 12:44:09 +00:00
Dr. Stephen Henson
5180f57c65
reinclude crypto.h: this is needed in HEAD only to get the __fips_constseg definition
2012-07-18 14:07:50 +00:00
Andy Polyakov
69f45c520c
sha1-[586|x86_64].pl: shave off one instruction from body_40_59, it's
...
2% less instructions in SIMD code paths, so 2% improvement in average:-)
2012-07-15 20:33:30 +00:00
Andy Polyakov
701d593f70
wp-x86_64.pl: ~10% performance improvement.
2012-07-15 13:37:35 +00:00
Andy Polyakov
ee923b4cef
sha512-s390x.pl: lingering comment update.
2012-07-15 13:36:57 +00:00
Andy Polyakov
46a2b3387a
sha512-ia64.pl: 15-20% performance improvement.
2012-07-15 13:36:25 +00:00
Andy Polyakov
e09039c01c
sha256-armv4.pl: 4% performance improvement.
2012-07-15 13:35:10 +00:00
Andy Polyakov
da3bd2779d
sha1-s390x.pl: lingering comment update.
2012-07-15 13:34:26 +00:00
Andy Polyakov
b046d70676
rc5.h: stop wasting space on 64-bit platforms [breaks binary compatibility!].
2012-07-15 13:33:05 +00:00
Andy Polyakov
ae007d4d09
wp-mmx.pl: ~10% performance improvement.
2012-07-15 13:29:23 +00:00
Andy Polyakov
660164a9ed
sha512-586.pl: optimize SSE2 code path, +5-7% on most CPUs, +13% on AMD K8.
2012-07-15 13:28:15 +00:00
Andy Polyakov
367b126491
sha1-586.pl: let masm compile AVX code.
2012-07-15 13:25:31 +00:00
Andy Polyakov
ac82e51f57
x86gas.pl: treat OPENSSL_ia32cap_P accordingly to .hidden status.
2012-07-15 13:24:43 +00:00
Richard Levitte
5dbf4f42fb
Add the missing modules for Camellia, as well as dh_rfc5114 and evp_cnf.
2012-07-05 13:19:06 +00:00
Richard Levitte
c58de759c8
Harmonise symhacks.h in this branch with lower versions.
...
Add aliases for SSL_CTX_set_not_resumable_session_callback and
SSL_set_not_resumable_session_callback on top of that.
2012-07-05 13:17:44 +00:00
Dr. Stephen Henson
44488723de
add missing evp_cnf.c file
2012-07-04 13:15:10 +00:00
Dr. Stephen Henson
ea1d84358b
PR: 2840
...
Reported by: David McCullough <david_mccullough@mcafee.com>
Restore fips configuration module from 0.9.8.
2012-07-03 20:30:40 +00:00
Andy Polyakov
32e03a3016
bn_nist.c: compensate for VC bug [with optimization off!].
...
PR: 2837
2012-07-02 13:30:32 +00:00
Andy Polyakov
8d00f34239
crypto/bn/*.h: move PTR_SIZE_INT to private header.
2012-07-02 13:27:30 +00:00
Dr. Stephen Henson
df53820170
remove unnecessary attempt to automatically call OPENSSL_init
2012-07-01 22:25:04 +00:00
Dr. Stephen Henson
c65c5d05fd
Fix Win32 build.
2012-07-01 22:14:32 +00:00
Andy Polyakov
ae432028d1
bss_dgram.c: fix typos in Windows code.
2012-07-01 09:11:47 +00:00
Andy Polyakov
2dce10c56d
sha256-586.pl: fix typos.
2012-07-01 08:46:38 +00:00
Andy Polyakov
6251989eb6
x86_64 assembly pack: make it possible to compile with Perl located on
...
path with spaces.
PR: 2835
2012-06-27 10:08:23 +00:00
Andy Polyakov
faee82c1bc
sha512-x86_64.pl: fix typo.
2012-06-25 17:13:15 +00:00
Andy Polyakov
a8f3b8b519
sha512-x86_64.pl: add SIMD code paths.
2012-06-24 19:22:06 +00:00
Andy Polyakov
ad880dc469
sha512-x86_64.pl: fix typo.
2012-06-19 07:50:10 +00:00
Andy Polyakov
42a36658c1
sha256-586.pl: fix linking error.
2012-06-19 07:49:36 +00:00
Dr. Stephen Henson
dfcf48f499
New functions to retrieve certificate signatures and signature OID NID.
2012-06-13 13:08:12 +00:00
Andy Polyakov
0bf8f110e0
sha256t.c: make sure unrolled loop is tested.
2012-06-12 14:40:41 +00:00
Andy Polyakov
f3eac74bc5
sha256-586.pl: add AVX and XOP code paths.
2012-06-12 14:40:11 +00:00
Andy Polyakov
3a9b3852c6
sha256-586.pl: squeeze some more, most notably ~10% on Nehalem.
2012-06-12 14:38:01 +00:00
Andy Polyakov
d2e1803197
x86[_64] assembly pack: update benchmark results.
2012-06-12 14:18:21 +00:00
Dr. Stephen Henson
4b9e0b5f74
print out issuer and subject unique identifier fields in certificates
2012-06-12 13:41:18 +00:00
Andy Polyakov
447e1319b1
bss_dgram.c: add BIO_CTRL_DGRAM_SET_DONT_FRAG.
...
PR: 2830
Submitted by: Robin Seggelmann
2012-06-11 14:56:25 +00:00
Andy Polyakov
e77ec2ba6f
bss_dgram.c: make getsockopt work in cases when optlen is 64-bit value.
2012-06-11 14:27:56 +00:00
Andy Polyakov
80c42f3e0c
b_sock.c: make getsockopt work in cases when optlen is 64-bit value.
2012-06-11 08:52:11 +00:00
Andy Polyakov
8d1b199d26
Revert random changes from commit#22606.
2012-06-04 22:12:10 +00:00
Ben Laurie
71fa451343
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
Ben Laurie
03c1d9f99d
Build on FreeBSD with gcc 4.6.
2012-05-30 09:34:44 +00:00
Andy Polyakov
f889bb0384
sha256-586.pl: full unroll to deliver additional ~16%, add Sandy Bridge-
...
specific code path.
2012-05-28 17:50:57 +00:00
Andy Polyakov
83698d3191
sha512-x86_64.pl: >5% better performance.
2012-05-28 17:47:15 +00:00
Andy Polyakov
6a40ebe86b
aesni-x86_64.pl: make it possibel to use in Linux kernel.
2012-05-24 07:39:44 +00:00
Andy Polyakov
d4bb6bddf8
sha256-586.pl: tune away regression on Nehalem core and incidentally
...
improve performance on Atom and P4.
2012-05-24 07:39:04 +00:00
Andy Polyakov
ee9bf3eb6c
sha256-586.pl optimization.
2012-05-19 10:10:30 +00:00
Andy Polyakov
fd05495748
ppccap.c: assume no features under 32-bit AIX kernel.
...
PR: 2810
2012-05-16 12:42:32 +00:00
Dr. Stephen Henson
4242a090c7
PR: 2813
...
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>
Fix possible deadlock when decoding public keys.
2012-05-11 13:53:37 +00:00
Ben Laurie
5762f7778d
Fix warning.
2012-05-10 20:29:00 +00:00
Dr. Stephen Henson
225055c30b
Reported by: Solar Designer of Openwall
...
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-05-10 13:46:09 +00:00
Andy Polyakov
f9c5e5d92e
perlasm: fix symptom-less bugs, missing semicolons and 'my' declarations.
2012-04-28 10:36:58 +00:00
Andy Polyakov
9474483ab7
ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance
...
of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA,
why slower algorithm are affected more...
PR: 2794
Submitted by: Ashley Lai
2012-04-27 20:17:45 +00:00
Andy Polyakov
71fa3bc5ec
objxref.pl: improve portability.
2012-04-22 21:18:30 +00:00
Dr. Stephen Henson
e2f53b675a
correct error code
2012-04-22 13:31:09 +00:00
Dr. Stephen Henson
b36bab7812
PR: 2239
...
Submitted by: Dominik Oepen <oepen@informatik.hu-berlin.de>
Add Brainpool curves from RFC5639.
Original patch by Annie Yousar <a.yousar@informatik.hu-berlin.de>
2012-04-22 13:06:51 +00:00
Andy Polyakov
8ea92ddd13
e_rc4_hmac_md5.c: last commit was inappropriate for non-x86[_64] platforms.
...
PR: 2792
2012-04-19 20:38:05 +00:00
Dr. Stephen Henson
d9a9d10f4f
Check for potentially exploitable overflows in asn1_d2i_read_bio
...
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19 16:19:56 +00:00
Dr. Stephen Henson
b214184160
recognise X9.42 DH certificates on servers
2012-04-18 17:03:29 +00:00
Andy Polyakov
6dd9b0fc43
e_rc4_hmac_md5.c: harmonize zero-length fragment handling with
...
e_aes_cbc_hmac_sha1.c (mostly for aesthetic reasons).
2012-04-18 14:55:39 +00:00
Andy Polyakov
e36f6b9cfa
e_rc4_hmac_md5.c: oops, can't use rc4_hmac_md5_cipher on legacy Intel CPUs.
...
PR: 2792
2012-04-18 14:50:28 +00:00
Andy Polyakov
3e181369dd
C64x+ assembler pack. linux-c64xplus build is *not* tested nor can it be
...
tested, because kernel is not in shape to handle it *yet*. The code is
committed mostly to stimulate the kernel development.
2012-04-18 13:01:36 +00:00
Andy Polyakov
4a1fbd13ee
OPENSSL_NO_SOCK fixes.
...
PR: 2791
Submitted by: Ben Noordhuis
2012-04-16 17:42:36 +00:00
Andy Polyakov
9eba5614fe
Minor compatibility fixes.
...
PR: 2790
Submitted by: Alexei Khlebnikov
2012-04-16 17:35:30 +00:00
Andy Polyakov
fc90e42c86
e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag
...
countermeasure.
PR: 2778
2012-04-15 14:14:22 +00:00
Andy Polyakov
26e6bac143
ghash-s390x.pl: fix typo [that can induce SEGV in 31-bit build].
2012-04-12 06:44:34 +00:00
Dr. Stephen Henson
80eb43519e
fix reset fix
2012-04-11 15:05:07 +00:00
Dr. Stephen Henson
bbe0c8c5be
make reinitialisation work for CMAC
2012-04-11 12:26:41 +00:00
Andy Polyakov
b1fd0ccb38
aes-s390x.pl: fix crash in AES_set_decrypt_key in linux32-s390x build.
2012-04-09 15:12:13 +00:00
Andy Polyakov
45cd45bbbc
aes-armv4.pl: make it more foolproof [inspired by aes-s390x.pl in 1.0.1].
2012-04-05 08:30:22 +00:00
Andy Polyakov
bc9583efa2
aes-s390x.pl: make it more foolproof [inspired by 1.0.1].
2012-04-05 08:22:09 +00:00
Andy Polyakov
f62f792057
modes_lcl.h: make it work on i386.
...
PR: 2780
2012-03-31 17:02:46 +00:00
Andy Polyakov
5db9645f1b
vpaes-x86[_64].pl: handle zero length in vpaes_cbc_encrypt.
...
PR: 2775
2012-03-31 16:53:34 +00:00
Dr. Stephen Henson
d3379de5a9
don't shadow
2012-03-30 15:43:32 +00:00
Andy Polyakov
4736eab947
bn/bn_gf2m.c: make new BN_GF2m_mod_inv work with BN_DEBUG_RAND.
2012-03-29 21:35:28 +00:00
Andy Polyakov
23a05fa0c1
modes/gcm128.c: fix self-test.
2012-03-29 18:25:38 +00:00
Andy Polyakov
482a7d80cf
sha512-armv4.pl: optimize NEON code path by utilizing vbsl, bitwise select.
2012-03-29 18:20:11 +00:00
Andy Polyakov
ee743dca53
perlasm/x86masm.pl: fix last fix.
2012-03-29 18:09:36 +00:00
Andy Polyakov
6da165c631
ans1/tasn_prn.c: avoid bool in variable names.
...
PR: 2776
2012-03-29 17:48:19 +00:00
Dr. Stephen Henson
751e26cb9b
fix leak
2012-03-22 16:28:07 +00:00
Dr. Stephen Henson
f404acfa2c
Submitted by: Markus Friedl <mfriedl@gmail.com>
...
Fix memory leaks in 'goto err' cases.
2012-03-22 15:44:51 +00:00
Andy Polyakov
884c580e05
eng_all.c: revert previous "disable Padlock" commit, which was unjustified.
2012-03-19 20:20:41 +00:00
Andy Polyakov
df27a35137
vpaes-x86_64.pl: out-of-date Apple assembler fails to calculate
...
distance between local labels.
PR: 2762
2012-03-17 16:06:31 +00:00
Andy Polyakov
f9ef874a21
bsaes-x86_64.pl: optimize key conversion.
2012-03-16 21:44:19 +00:00
Andy Polyakov
442c9f13d4
bsaes-armv7.pl: optmize Sbox and key conversion.
2012-03-16 21:41:48 +00:00
Andy Polyakov
5c88dcca5b
ghash-x86.pl: omit unreferenced rem_8bit from no-sse2 build.
2012-03-13 19:43:42 +00:00
Andy Polyakov
b2ae61ecf2
x86_64-xlate.pl: remove old kludge.
...
PR: 2435,2440
2012-03-13 19:19:08 +00:00
Dr. Stephen Henson
78dfd43955
corrected fix to PR#2711 and also cover mime_param_cmp
2012-03-12 16:32:19 +00:00
Dr. Stephen Henson
146b52edd1
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
...
continue with symmetric decryption process to avoid leaking timing
information to an attacker.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 16:31:39 +00:00
Dr. Stephen Henson
34b61f5a25
check return value of BIO_write in PKCS7_decrypt
2012-03-08 14:10:23 +00:00
Dr. Stephen Henson
62b6948a27
PR: 2755
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reduce MTU after failed transmissions.
2012-03-06 13:47:43 +00:00
Dr. Stephen Henson
d895f7f060
don't do loop check for single self signed certificate
2012-03-05 15:48:13 +00:00
Andy Polyakov
358c372d16
bsaes-armv7.pl: change preferred contact.
2012-03-03 13:04:53 +00:00
Andy Polyakov
c4a52a6dca
Add bit-sliced AES for ARM NEON. This initial version is effectively
...
reference implementation, it does not interface to OpenSSL yet.
2012-03-03 12:33:28 +00:00
Dr. Stephen Henson
3c6a7cd44b
PR: 2742
...
Reported by: Dmitry Belyavsky <beldmit@gmail.com>
If resigning with detached content in CMS just copy data across.
2012-02-29 14:02:02 +00:00
Dr. Stephen Henson
dc4f678cdc
Fix memory leak cause by race condition when creating public keys.
...
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-28 14:47:02 +00:00
Andy Polyakov
0f2ece872d
x86cpuid.pl: fix processor capability detection on pre-586.
2012-02-28 14:20:21 +00:00
Dr. Stephen Henson
68a7b5ae1e
PR: 2736
...
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>
Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
2012-02-27 18:45:28 +00:00
Dr. Stephen Henson
161c9b4262
PR: 2737
...
Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>
Fix double free in PKCS12_parse if we run out of memory.
2012-02-27 16:46:34 +00:00