Commit graph

5303 commits

Author SHA1 Message Date
Andy Polyakov
9b2a29660b Sanitize usage of <ctype.h> functions. It's important that characters
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
2012-01-12 16:28:03 +00:00
Andy Polyakov
b7b4a9fa57 sparcv9cap.c: omit unused variable. 2012-01-12 14:19:52 +00:00
Andy Polyakov
958e6a75a1 asn1/t_x509.c: fix serial number print, harmonize with a_int.c [from HEAD].
PR: 2675
Submitted by: Annie Yousar
2012-01-11 21:12:47 +00:00
Andy Polyakov
397977726c aes-sparcv9.pl: clean up regexp [from HEAD].
PR: 2685
2012-01-11 15:32:08 +00:00
Dr. Stephen Henson
285d9189c7 PR: 2652
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

OpenVMS fixes.
2012-01-05 14:30:08 +00:00
Dr. Stephen Henson
2f97765bc3 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 23:01:19 +00:00
Dr. Stephen Henson
3205ca8deb fix warnings 2012-01-04 14:46:04 +00:00
Dr. Stephen Henson
ab585551c0 prepare for 1.0.1-beta1 2012-01-03 13:30:28 +00:00
Dr. Stephen Henson
6cf0d7b999 OpenSSL 1.0.1 is now in beta. 2012-01-02 18:28:28 +00:00
Dr. Stephen Henson
9d972207f0 incomplete provisional OAEP CMS decrypt support 2012-01-02 18:16:40 +00:00
Dr. Stephen Henson
5c05f69450 make update 2011-12-27 14:38:27 +00:00
Dr. Stephen Henson
f529dca488 fix error code 2011-12-27 14:37:43 +00:00
Dr. Stephen Henson
e065e6cda2 PR: 2535
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Add SCTP support for DTLS (RFC 6083).
2011-12-25 14:45:40 +00:00
Dr. Stephen Henson
62308f3f4a PR: 2563
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve

Improved PRNG seeding for VOS.
2011-12-19 17:02:35 +00:00
Andy Polyakov
700384be8e vpaes-x86.pl: revert previous commit and solve the problem through x86masm.pl [from HEAD].
PR: 2657
2011-12-15 22:20:26 +00:00
Dr. Stephen Henson
b8a22c40e0 PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Remove unnecessary code for srp and to add some comments to
s_client.

- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable

- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
2011-12-14 22:18:03 +00:00
Andy Polyakov
3918de9ad1 vpaes-x86.pl: portability fix.
PR: 2657
2011-12-14 21:30:25 +00:00
Andy Polyakov
7b467c6b81 modexp512-x86_64.pl: Solaris portability fix [from HEAD].
PR: 2656
2011-12-12 15:12:09 +00:00
Dr. Stephen Henson
e559febaf1 typo 2011-12-10 01:37:55 +00:00
Ben Laurie
6a4b87eb9d Fix warning. 2011-12-09 20:15:48 +00:00
Andy Polyakov
edcba19c23 perlasm/x86gas.pl: give a hand old assemblers assembling loop instruction
[from HEAD].
2011-12-09 19:16:35 +00:00
Andy Polyakov
b140ae9137 cryptlib.c: allow for OPENSSL_ia32cap=~0x????? syntax for environment value
in question.
2011-12-09 15:46:41 +00:00
Andy Polyakov
8ee0591f28 x86-mont.pl: fix bug in integer-only squaring path.
PR: 2648
2011-12-09 14:26:28 +00:00
Ben Laurie
825e1a7c56 Fix warnings. 2011-12-02 14:39:41 +00:00
Bodo Möller
a0dce9be76 Fix ecdsatest.c.
Submitted by: Emilia Kasper
2011-12-02 12:40:42 +00:00
Bodo Möller
cf2b938529 Fix BIO_f_buffer().
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
2011-12-02 12:24:48 +00:00
Andy Polyakov
62f685a9cd bn/asm/mips.pl: fix typos [from HEAD]. 2011-12-01 12:17:20 +00:00
Dr. Stephen Henson
a310428527 Workaround so "make depend" works for fips builds. 2011-11-22 12:50:59 +00:00
Andy Polyakov
0a8f00af34 bsaes-x86_64.pl: fix buffer overrun in tail processing [from HEAD]. 2011-11-16 23:36:40 +00:00
Ben Laurie
060a38a2c0 Add DTLS-SRTP. 2011-11-15 23:02:16 +00:00
Andy Polyakov
58402976b4 aes-armv4.pl: make it link. 2011-11-15 13:55:52 +00:00
Andy Polyakov
cd7b854bbb e_rc4_hmac_md5.c: make it work on darwin64, which is configured with RC4_CHAR. 2011-11-15 12:39:48 +00:00
Andy Polyakov
aecc0756e8 aes-s390x.pl: make it link. 2011-11-15 12:20:55 +00:00
Andy Polyakov
e6ccc6ed70 Configure, e_aes.c: allow for XTS assembler implementation [from HEAD]. 2011-11-15 12:19:56 +00:00
Andy Polyakov
e959a01fac e_aes.c: jumbo update from HEAD. 2011-11-14 21:17:08 +00:00
Andy Polyakov
17674bfdf7 ec_cvt.c: performance update from HEAD. 2011-11-14 21:14:53 +00:00
Andy Polyakov
d807d4c21f c_allc.c: add XTS ciphers [from HEAD]. 2011-11-14 21:13:35 +00:00
Andy Polyakov
2357ae17e7 x86 assembler pack update from HEAD. 2011-11-14 21:06:50 +00:00
Andy Polyakov
9f1c5491d2 BN update from HEAD. 2011-11-14 21:05:42 +00:00
Andy Polyakov
70b52222f5 x86_64 assembler pack update from HEAD. 2011-11-14 21:01:21 +00:00
Andy Polyakov
88cb59727c ARM assembler pack update from HEAD. 2011-11-14 20:58:01 +00:00
Andy Polyakov
781bfdc314 Alpha assembler pack update from HEAD. 2011-11-14 20:56:15 +00:00
Andy Polyakov
b66723b23e MIPS assembler pack update from HEAD. 2011-11-14 20:55:24 +00:00
Andy Polyakov
cf96d71c22 PPC assembler pack update from HEAD. 2011-11-14 20:54:17 +00:00
Andy Polyakov
1a111921da PA-RISC assembler pack update from HEAD. 2011-11-14 20:50:15 +00:00
Andy Polyakov
5d9bb428bb SPARCv9 assembler pack update from HEAD. 2011-11-14 20:48:35 +00:00
Andy Polyakov
9833757b5d s390x assembler pack update from HEAD. 2011-11-14 20:47:22 +00:00
Andy Polyakov
4195343c0d IA64 assembler pack update from HEAD. 2011-11-14 20:45:57 +00:00
Andy Polyakov
042bee4e5c perlasm update from HEAD. 2011-11-14 20:44:20 +00:00
Andy Polyakov
4afba1f3d9 Mafiles updates to accomodate assembler update from HEAD. 2011-11-14 20:42:22 +00:00
Dr. Stephen Henson
5999d45a5d DH keys have an (until now) unused 'q' parameter. When creating from DSA copy
q across and if q present generate DH key in the correct range. (from HEAD)
2011-11-14 14:16:09 +00:00
Dr. Stephen Henson
f69e5d6a19 Call OPENSSL_init after we've checked to see if customisation is permissible. 2011-11-14 14:15:29 +00:00
Ben Laurie
3517637702 Ignorance. 2011-11-14 02:42:26 +00:00
Ben Laurie
4c02cf8ecc make depend. 2011-11-13 20:23:34 +00:00
Andy Polyakov
6471ec71aa x86cpuid.pl: compensate for imaginary virtual machines [from HEAD].
PR: 2633
2011-11-08 21:28:14 +00:00
Andy Polyakov
cb45708061 x86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs.
PR: 2633
2011-11-05 10:44:25 +00:00
Andy Polyakov
02597f2885 ppc.pl: fix bug in bn_mul_comba4 [from HEAD].
PR: 2636
Submitted by: Charles Bryant
2011-11-05 10:16:30 +00:00
Richard Levitte
8c6a514edf Add missing algorithms to disable, and in particular, disable
EC_NISTP_64_GCC_128 by default, as GCC isn't currently supported on
VMS.  Add CMAC to the modules to build, and synchronise with Unix.
2011-10-30 11:45:30 +00:00
Dr. Stephen Henson
a8d72c79db PR: 2632
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
2011-10-26 16:43:23 +00:00
Dr. Stephen Henson
03f84c8260 Update error codes for FIPS.
Add support for authentication in FIPS_mode_set().
2011-10-21 13:04:27 +00:00
Bodo Möller
67f8de9ab8 "make update" 2011-10-19 15:24:44 +00:00
Bodo Möller
2d95ceedc5 BN_BLINDING multi-threading fix.
Submitted by: Emilia Kasper (Google)
2011-10-19 14:58:59 +00:00
Bodo Möller
3d520f7c2d Fix warnings.
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
2011-10-19 08:58:35 +00:00
Bodo Möller
9c37519b55 Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.
2011-10-18 19:43:54 +00:00
Andy Polyakov
a99ce1f5b1 e_aes.c: fix bug in aesni_gcm_tls_cipher [in HEAD]. 2011-10-14 09:34:14 +00:00
Andy Polyakov
42660b3cf1 aesni-x86[_64].pl: pull from HEAD. 2011-10-14 09:21:03 +00:00
Bodo Möller
93ff4c69f7 Make CTR mode behaviour consistent with other modes:
clear ctx->num in EVP_CipherInit_ex

Submitted by: Emilia Kasper
2011-10-13 13:42:29 +00:00
Dr. Stephen Henson
6841abe842 update pkey method initialisation and copy 2011-10-11 18:16:02 +00:00
Dr. Stephen Henson
cb70355d87 Backport ossl_ssize_t type from HEAD. 2011-10-10 22:33:50 +00:00
Dr. Stephen Henson
b17442bb04 def_rsa_finish not used anymore. 2011-10-10 20:34:17 +00:00
Dr. Stephen Henson
4874e235fb fix leak properly this time... 2011-10-10 14:09:05 +00:00
Dr. Stephen Henson
9309ea6617 Backport PSS signature support from HEAD. 2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
88bac3e664 fix memory leaks 2011-10-09 23:09:22 +00:00
Dr. Stephen Henson
5473b6bc2f Fix memory leak. From HEAD. 2011-10-09 16:04:17 +00:00
Dr. Stephen Henson
dc100d87b5 Backport of password based CMS support from HEAD. 2011-10-09 15:28:02 +00:00
Dr. Stephen Henson
6f6b31dadc PR: 2482
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
2011-10-09 00:56:43 +00:00
Dr. Stephen Henson
177f27d71e ? crypto/aes/aes-armv4.S
? crypto/aes/aesni-sha1-x86_64.s
? crypto/aes/aesni-x86_64.s
? crypto/aes/foo.pl
? crypto/aes/vpaes-x86_64.s
? crypto/bn/.bn_lib.c.swp
? crypto/bn/armv4-gf2m.S
? crypto/bn/diffs
? crypto/bn/modexp512-x86_64.s
? crypto/bn/x86_64-gf2m.s
? crypto/bn/x86_64-mont5.s
? crypto/ec/bc.txt
? crypto/ec/diffs
? crypto/modes/a.out
? crypto/modes/diffs
? crypto/modes/ghash-armv4.S
? crypto/modes/ghash-x86_64.s
? crypto/modes/op.h
? crypto/modes/tst.c
? crypto/modes/x.h
? crypto/objects/.obj_xref.txt.swp
? crypto/rand/diffs
? crypto/sha/sha-512
? crypto/sha/sha1-armv4-large.S
? crypto/sha/sha256-armv4.S
? crypto/sha/sha512-armv4.S
Index: crypto/objects/obj_xref.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v
retrieving revision 1.9
diff -u -r1.9 obj_xref.c
--- crypto/objects/obj_xref.c	5 Nov 2008 18:38:58 -0000	1.9
+++ crypto/objects/obj_xref.c	6 Oct 2011 20:30:21 -0000
@@ -110,8 +110,10 @@
 #endif
 	if (rv == NULL)
 		return 0;
-	*pdig_nid = rv->hash_id;
-	*ppkey_nid = rv->pkey_id;
+	if (pdig_nid)
+		*pdig_nid = rv->hash_id;
+	if (ppkey_nid)
+		*ppkey_nid = rv->pkey_id;
 	return 1;
 	}

@@ -144,7 +146,8 @@
 #endif
 	if (rv == NULL)
 		return 0;
-	*psignid = (*rv)->sign_id;
+	if (psignid)
+		*psignid = (*rv)->sign_id;
 	return 1;
 	}

Index: crypto/x509/x509type.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v
retrieving revision 1.10
diff -u -r1.10 x509type.c
--- crypto/x509/x509type.c	26 Oct 2007 12:06:33 -0000	1.10
+++ crypto/x509/x509type.c	6 Oct 2011 20:36:04 -0000
@@ -100,20 +100,26 @@
 		break;
 		}

-	i=X509_get_signature_type(x);
-	switch (i)
+	i=OBJ_obj2nid(x->sig_alg->algorithm);
+	if (i && OBJ_find_sigid_algs(i, NULL, &i))
 		{
-	case EVP_PKEY_RSA:
-		ret|=EVP_PKS_RSA;
-		break;
-	case EVP_PKEY_DSA:
-		ret|=EVP_PKS_DSA;
-		break;
-	case EVP_PKEY_EC:
-		ret|=EVP_PKS_EC;
-		break;
-	default:
-		break;
+
+		switch (i)
+			{
+		case NID_rsaEncryption:
+		case NID_rsa:
+			ret|=EVP_PKS_RSA;
+			break;
+		case NID_dsa:
+		case NID_dsa_2:
+			ret|=EVP_PKS_DSA;
+			break;
+		case NID_X9_62_id_ecPublicKey:
+			ret|=EVP_PKS_EC;
+			break;
+		default:
+			break;
+			}
 		}

 	if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
2011-10-06 20:45:08 +00:00
Dr. Stephen Henson
e8f31f80d1 PR: 2606
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve

Handle timezones correctly in UTCTime.
2011-09-23 13:39:35 +00:00
Dr. Stephen Henson
e34a303ce1 make depend 2011-09-16 23:15:22 +00:00
Dr. Stephen Henson
36f120cd20 Improved error checking for DRBG calls.
New functionality to allow default DRBG type to be set during compilation or during runtime.
2011-09-16 23:12:34 +00:00
Dr. Stephen Henson
0ae7c43fa5 Improved error checking for DRBG calls.
New functionality to allow default DRBG type to be set during compilation
or during runtime.
2011-09-16 23:08:57 +00:00
Dr. Stephen Henson
c0d2943952 Typo. 2011-09-16 23:04:07 +00:00
Dr. Stephen Henson
7d453a3b49 Fix warnings (from HEAD). 2011-09-10 21:18:37 +00:00
Dr. Stephen Henson
cd447875e6 Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
produce an error (CVE-2011-3207)
2011-09-06 15:14:41 +00:00
Bodo Möller
7f1022a8b1 Fix memory leak on bad inputs. 2011-09-05 09:57:15 +00:00
Bodo Möller
edf6b025b1 make update 2011-09-05 09:44:54 +00:00
Bodo Möller
9e96812934 Fix error codes. 2011-09-05 09:42:55 +00:00
Dr. Stephen Henson
91e97cbe4c Don't use *from++ in tolower as this is implemented as a macro on some
platforms. Thanks to Shayne Murray <Shayne.Murray@Polycom.com> for
reporting this issue.
2011-09-02 11:28:18 +00:00
Dr. Stephen Henson
63ee3b32fe PR: 2576
Submitted by: Doug Goldstein <cardoe@gentoo.org>
Reviewed by: steve

Include header file stdlib.h which is needed on some platforms to get
getenv() declaration.
2011-09-02 11:20:32 +00:00
Dr. Stephen Henson
4ff1a2da10 PR: 2340
Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar>
Reviewed by: steve

Stop warnings if OPENSSL_NO_DGRAM is defined.
2011-09-01 15:01:55 +00:00
Dr. Stephen Henson
4c3c975066 make timing attack protection unconditional 2011-09-01 14:23:22 +00:00
Dr. Stephen Henson
be0853358c PR: 2589
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Initialise p pointer.
2011-09-01 13:52:38 +00:00
Dr. Stephen Henson
fea15b553d PR: 2588
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Close file pointer.
2011-09-01 13:49:08 +00:00
Andy Polyakov
84e7485bfb Add RC4-MD5 and AESNI-SHA1 "stitched" implementations [from HEAD]. 2011-08-23 20:53:34 +00:00
Andy Polyakov
f56f72f219 eng_rsax.c: improve portability [from HEAD]. 2011-08-22 19:01:41 +00:00
Andy Polyakov
2bfb23f102 modexp512-x86_64.pl: make it work with ml64 [from HEAD]. 2011-08-19 06:31:27 +00:00
Dr. Stephen Henson
cf199fec52 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
2011-08-14 13:47:30 +00:00
Andy Polyakov
165c20c2c4 eng_rsax.c: make it work on Win64. 2011-08-14 08:38:04 +00:00
Andy Polyakov
625c6ba4c7 eng_rdrand.c: make it link in './config 386' case [from HEAD]. 2011-08-14 08:31:14 +00:00
Andy Polyakov
a32bede701 x86_64-xlate.pl: fix movzw [from HEAD]. 2011-08-12 21:25:23 +00:00
Andy Polyakov
8ff5c8874f Alpha assembler fixed from HEAD.
PR: 2577
2011-08-12 12:31:08 +00:00
Dr. Stephen Henson
c5d38fc262 aesni TLS GCM support 2011-08-11 23:06:37 +00:00
Dr. Stephen Henson
6b71970520 Sync EVP AES modes from HEAD. 2011-08-11 22:52:06 +00:00
Dr. Stephen Henson
0209e111f6 Add XTS OIDs from HEAD. 2011-08-11 22:51:37 +00:00
Dr. Stephen Henson
dc01af7723 Sync ASM/modes to add CCM and XTS modes and assembly language optimisation
(from HEAD, original by Andy).
2011-08-11 22:36:19 +00:00
Dr. Stephen Henson
5435d0412f prevent compilation errors and warnings 2011-08-11 21:12:01 +00:00
Andy Polyakov
922ac25f64 Add provisory support for RDRAND [from HEAD]. 2011-08-10 18:53:13 +00:00
Dr. Stephen Henson
61cdb9f36a Backport GCM support from HEAD. Minimal support at present: no assembly
language optimisation. [original by Andy]
2011-08-04 11:12:38 +00:00
Dr. Stephen Henson
1acd042c85 fix memory leak 2011-08-03 16:40:14 +00:00
Dr. Stephen Henson
572712d82a recognise ecdsaWithSHA1 OID 2011-07-28 14:42:53 +00:00
Dr. Stephen Henson
d1697a7556 Disable rsax for Windows: it doesn't currently work. 2011-07-25 23:45:49 +00:00
Andy Polyakov
90f3e4cf05 Back-port TLS AEAD framework [from HEAD]. 2011-07-21 19:22:57 +00:00
Dr. Stephen Henson
7bd8bf58bb stop warnings 2011-07-21 13:45:17 +00:00
Andy Polyakov
1190d3f442 Add RSAX builtin engine [from HEAD]. 2011-07-20 21:51:33 +00:00
Dr. Stephen Henson
0e4f5cfbab PR: 2559
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS socket error bug
2011-07-20 15:22:02 +00:00
Dr. Stephen Henson
2305ae5d8c PR: 2556 (partial)
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve

Fix OID routines.

Check on encoding leading zero rejection should start at beginning of
encoding.

Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.
2011-07-14 12:01:36 +00:00
Andy Polyakov
2a5e042c70 perlasm/cbc.pl: fix tail processing bug [from HEAD].
PR: 2557
2011-07-13 06:22:46 +00:00
Andy Polyakov
a460c42f94 x86_64-xlate.pl: update from HEAD. 2011-07-04 13:11:55 +00:00
Andy Polyakov
d16743e728 sha1-x86_64.pl: nasm-related update from HEAD. 2011-07-04 13:01:42 +00:00
Andy Polyakov
4a29fa8caf sha1-x86_64.pl: fix win64-specific typos and add masm support [from HEAD]. 2011-07-01 21:24:39 +00:00
Andy Polyakov
250bb54dba x86_64-xlate.pl: masm-specific update. 2011-07-01 21:22:13 +00:00
Dr. Stephen Henson
8315aa03fc Fix assembly language function renaming so it works on WIN64. 2011-07-01 14:13:52 +00:00
Andy Polyakov
9a35faaa29 rc4-x86[_64].pl: back-sync with original 1.0.1. 2011-06-28 15:04:31 +00:00
Andy Polyakov
fbe2e28911 AES-NI backport from HEAD. Note that e_aes.c doesn't implement all modes
from HEAD yet, more will be back-ported later.
2011-06-28 14:49:35 +00:00
Andy Polyakov
84968e25f3 x86[_64] assembler pack: back-port SHA1 and RC4 from HEAD. 2011-06-28 13:53:50 +00:00
Andy Polyakov
10fd0b7b55 x86[_64]cpuid.pl: harmonize OPENSSL_ia32_cpuid [from HEAD]. 2011-06-28 13:40:19 +00:00
Andy Polyakov
4a46dc6e5c x86[_64] perlasm: pull-in from HEAD. 2011-06-28 13:33:47 +00:00
Andy Polyakov
0ec55604c0 Expand OPENSSL_ia32cap_P to 64 bits. It might appear controversial, because
such operation can be considered as breaking binary compatibility. However!
OPNESSL_ia32cap_P is accessed by application through pointer returned by
OPENSSL_ia32cap_loc() and such change of *internal* OPENSSL_ia32cap_P
declaration is possible specifically on little-endian platforms, such as
x86[_64] ones in question. In addition, if 32-bit application calls
OPENSSL_ia32cap_loc(), it clears upper half of capability vector maintaining
the illusion that it's still 32 bits wide.
2011-06-28 13:31:58 +00:00
Dr. Stephen Henson
dea113b428 PR: 2470
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Reviewed by: steve

Don't call ERR_remove_state from DllMain.
2011-06-22 15:38:40 +00:00
Dr. Stephen Henson
dcbe723bc5 PR: 2540
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Prevent infinite loop in BN_GF2m_mod_inv().
2011-06-22 15:23:40 +00:00
Dr. Stephen Henson
33c98a28ac correctly encode OIDs near 2^32 2011-06-22 15:15:48 +00:00
Dr. Stephen Henson
b2ddddfb20 allow MD5 use for computing old format hash links 2011-06-22 02:18:06 +00:00
Dr. Stephen Henson
c24367ebb9 Don't set FIPS rand method at same time as RAND method as this can cause
the FIPS library to fail. Applications that want to set the FIPS rand
method can do so explicitly and presumably they know what they are doing...
2011-06-21 17:08:25 +00:00
Dr. Stephen Henson
7397b35379 Add FIPS error codes. 2011-06-21 16:58:10 +00:00
Dr. Stephen Henson
1f2e4ecc30 Rename all AES_set*() functions using private_ prefix. 2011-06-21 16:23:42 +00:00
Dr. Stephen Henson
955e28006d make EVP_dss() work for DSA signing 2011-06-20 20:05:13 +00:00
Dr. Stephen Henson
bf0736eb1f Redirect null cipher to FIPS module. 2011-06-20 20:00:10 +00:00
Dr. Stephen Henson
3a5b97b7f1 Don't set default public key methods in FIPS mode so applications
can switch between modes.
2011-06-20 19:41:13 +00:00
Dr. Stephen Henson
ed1bbe2cad make sure custom cipher flag doesn't use any mode bits 2011-06-13 23:10:34 +00:00
Dr. Stephen Henson
b0b3d09063 Set rand method in FIPS_mode_set() not in rand library. 2011-06-13 21:18:00 +00:00
Dr. Stephen Henson
0ede2af7a0 Redirect RAND to FIPS module in FIPS mode. 2011-06-13 20:40:52 +00:00
Dr. Stephen Henson
e8d23f7811 Redirect HMAC and CMAC operations to module. 2011-06-12 15:07:26 +00:00
Dr. Stephen Henson
7c402e5af3 Disable GCM, CCM, XTS outside FIPS mode this will be updated
when backported.
2011-06-10 14:22:42 +00:00
Dr. Stephen Henson
4276908f51 add android support to DSO (from HEAD) 2011-06-09 21:49:24 +00:00
Ben Laurie
f851acbfff Fix warnings/errors(!). 2011-06-09 17:09:08 +00:00
Ben Laurie
78ef9b0205 Fix warnings. 2011-06-09 16:03:18 +00:00
Dr. Stephen Henson
ed9b0e5cba Redirect DH key and parameter generation. 2011-06-09 15:21:46 +00:00
Dr. Stephen Henson
752c1a0ce9 Redirect DSA operations to FIPS module in FIPS mode. 2011-06-09 13:54:09 +00:00
Dr. Stephen Henson
cc30415d0c Use method rsa keygen first if FIPS mode if it is a FIPS method. 2011-06-09 13:18:07 +00:00
Dr. Stephen Henson
03e16611a3 Redirect DH operations to FIPS module. Block non-FIPS methods.
Sync DH error codes with HEAD.
2011-06-08 15:58:59 +00:00