Andy Polyakov
8ff5c8874f
Alpha assembler fixed from HEAD.
...
PR: 2577
2011-08-12 12:31:08 +00:00
Dr. Stephen Henson
c5d38fc262
aesni TLS GCM support
2011-08-11 23:06:37 +00:00
Dr. Stephen Henson
6b71970520
Sync EVP AES modes from HEAD.
2011-08-11 22:52:06 +00:00
Dr. Stephen Henson
0209e111f6
Add XTS OIDs from HEAD.
2011-08-11 22:51:37 +00:00
Dr. Stephen Henson
dc01af7723
Sync ASM/modes to add CCM and XTS modes and assembly language optimisation
...
(from HEAD, original by Andy).
2011-08-11 22:36:19 +00:00
Dr. Stephen Henson
5435d0412f
prevent compilation errors and warnings
2011-08-11 21:12:01 +00:00
Andy Polyakov
922ac25f64
Add provisory support for RDRAND [from HEAD].
2011-08-10 18:53:13 +00:00
Dr. Stephen Henson
61cdb9f36a
Backport GCM support from HEAD. Minimal support at present: no assembly
...
language optimisation. [original by Andy]
2011-08-04 11:12:38 +00:00
Dr. Stephen Henson
1acd042c85
fix memory leak
2011-08-03 16:40:14 +00:00
Dr. Stephen Henson
572712d82a
recognise ecdsaWithSHA1 OID
2011-07-28 14:42:53 +00:00
Dr. Stephen Henson
d1697a7556
Disable rsax for Windows: it doesn't currently work.
2011-07-25 23:45:49 +00:00
Andy Polyakov
90f3e4cf05
Back-port TLS AEAD framework [from HEAD].
2011-07-21 19:22:57 +00:00
Dr. Stephen Henson
7bd8bf58bb
stop warnings
2011-07-21 13:45:17 +00:00
Andy Polyakov
1190d3f442
Add RSAX builtin engine [from HEAD].
2011-07-20 21:51:33 +00:00
Dr. Stephen Henson
0e4f5cfbab
PR: 2559
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS socket error bug
2011-07-20 15:22:02 +00:00
Dr. Stephen Henson
2305ae5d8c
PR: 2556 (partial)
...
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve
Fix OID routines.
Check on encoding leading zero rejection should start at beginning of
encoding.
Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.
2011-07-14 12:01:36 +00:00
Andy Polyakov
2a5e042c70
perlasm/cbc.pl: fix tail processing bug [from HEAD].
...
PR: 2557
2011-07-13 06:22:46 +00:00
Andy Polyakov
a460c42f94
x86_64-xlate.pl: update from HEAD.
2011-07-04 13:11:55 +00:00
Andy Polyakov
d16743e728
sha1-x86_64.pl: nasm-related update from HEAD.
2011-07-04 13:01:42 +00:00
Andy Polyakov
4a29fa8caf
sha1-x86_64.pl: fix win64-specific typos and add masm support [from HEAD].
2011-07-01 21:24:39 +00:00
Andy Polyakov
250bb54dba
x86_64-xlate.pl: masm-specific update.
2011-07-01 21:22:13 +00:00
Dr. Stephen Henson
8315aa03fc
Fix assembly language function renaming so it works on WIN64.
2011-07-01 14:13:52 +00:00
Andy Polyakov
9a35faaa29
rc4-x86[_64].pl: back-sync with original 1.0.1.
2011-06-28 15:04:31 +00:00
Andy Polyakov
fbe2e28911
AES-NI backport from HEAD. Note that e_aes.c doesn't implement all modes
...
from HEAD yet, more will be back-ported later.
2011-06-28 14:49:35 +00:00
Andy Polyakov
84968e25f3
x86[_64] assembler pack: back-port SHA1 and RC4 from HEAD.
2011-06-28 13:53:50 +00:00
Andy Polyakov
10fd0b7b55
x86[_64]cpuid.pl: harmonize OPENSSL_ia32_cpuid [from HEAD].
2011-06-28 13:40:19 +00:00
Andy Polyakov
4a46dc6e5c
x86[_64] perlasm: pull-in from HEAD.
2011-06-28 13:33:47 +00:00
Andy Polyakov
0ec55604c0
Expand OPENSSL_ia32cap_P to 64 bits. It might appear controversial, because
...
such operation can be considered as breaking binary compatibility. However!
OPNESSL_ia32cap_P is accessed by application through pointer returned by
OPENSSL_ia32cap_loc() and such change of *internal* OPENSSL_ia32cap_P
declaration is possible specifically on little-endian platforms, such as
x86[_64] ones in question. In addition, if 32-bit application calls
OPENSSL_ia32cap_loc(), it clears upper half of capability vector maintaining
the illusion that it's still 32 bits wide.
2011-06-28 13:31:58 +00:00
Dr. Stephen Henson
dea113b428
PR: 2470
...
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Reviewed by: steve
Don't call ERR_remove_state from DllMain.
2011-06-22 15:38:40 +00:00
Dr. Stephen Henson
dcbe723bc5
PR: 2540
...
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve
Prevent infinite loop in BN_GF2m_mod_inv().
2011-06-22 15:23:40 +00:00
Dr. Stephen Henson
33c98a28ac
correctly encode OIDs near 2^32
2011-06-22 15:15:48 +00:00
Dr. Stephen Henson
b2ddddfb20
allow MD5 use for computing old format hash links
2011-06-22 02:18:06 +00:00
Dr. Stephen Henson
c24367ebb9
Don't set FIPS rand method at same time as RAND method as this can cause
...
the FIPS library to fail. Applications that want to set the FIPS rand
method can do so explicitly and presumably they know what they are doing...
2011-06-21 17:08:25 +00:00
Dr. Stephen Henson
7397b35379
Add FIPS error codes.
2011-06-21 16:58:10 +00:00
Dr. Stephen Henson
1f2e4ecc30
Rename all AES_set*() functions using private_ prefix.
2011-06-21 16:23:42 +00:00
Dr. Stephen Henson
955e28006d
make EVP_dss() work for DSA signing
2011-06-20 20:05:13 +00:00
Dr. Stephen Henson
bf0736eb1f
Redirect null cipher to FIPS module.
2011-06-20 20:00:10 +00:00
Dr. Stephen Henson
3a5b97b7f1
Don't set default public key methods in FIPS mode so applications
...
can switch between modes.
2011-06-20 19:41:13 +00:00
Dr. Stephen Henson
ed1bbe2cad
make sure custom cipher flag doesn't use any mode bits
2011-06-13 23:10:34 +00:00
Dr. Stephen Henson
b0b3d09063
Set rand method in FIPS_mode_set() not in rand library.
2011-06-13 21:18:00 +00:00
Dr. Stephen Henson
0ede2af7a0
Redirect RAND to FIPS module in FIPS mode.
2011-06-13 20:40:52 +00:00
Dr. Stephen Henson
e8d23f7811
Redirect HMAC and CMAC operations to module.
2011-06-12 15:07:26 +00:00
Dr. Stephen Henson
7c402e5af3
Disable GCM, CCM, XTS outside FIPS mode this will be updated
...
when backported.
2011-06-10 14:22:42 +00:00
Dr. Stephen Henson
4276908f51
add android support to DSO (from HEAD)
2011-06-09 21:49:24 +00:00
Ben Laurie
f851acbfff
Fix warnings/errors(!).
2011-06-09 17:09:08 +00:00
Ben Laurie
78ef9b0205
Fix warnings.
2011-06-09 16:03:18 +00:00
Dr. Stephen Henson
ed9b0e5cba
Redirect DH key and parameter generation.
2011-06-09 15:21:46 +00:00
Dr. Stephen Henson
752c1a0ce9
Redirect DSA operations to FIPS module in FIPS mode.
2011-06-09 13:54:09 +00:00
Dr. Stephen Henson
cc30415d0c
Use method rsa keygen first if FIPS mode if it is a FIPS method.
2011-06-09 13:18:07 +00:00
Dr. Stephen Henson
03e16611a3
Redirect DH operations to FIPS module. Block non-FIPS methods.
...
Sync DH error codes with HEAD.
2011-06-08 15:58:59 +00:00
Dr. Stephen Henson
b6d63b2516
Check fips method flags for ECDH, ECDSA.
2011-06-08 14:01:00 +00:00
Dr. Stephen Henson
e6b88d02bd
Implement Camellia_set_key properly for FIPS builds.
2011-06-08 13:11:46 +00:00
Andy Polyakov
125060ca63
rc4_skey.c: remove dead/redundant code (it's never compiled) and
...
misleading/obsolete comment [from HEAD].
2011-06-06 20:04:33 +00:00
Dr. Stephen Henson
6342b6e332
Redirection of ECDSA, ECDH operations to FIPS module.
...
Also use FIPS EC methods unconditionally for now: might want to use them
only in FIPS mode or with a switch later.
2011-06-06 15:39:17 +00:00
Dr. Stephen Henson
59bc67052b
Add flags field to EC_KEY structure (backport from HEAD).
2011-06-06 13:18:03 +00:00
Dr. Stephen Henson
c090562828
Make no-ec2m work again (backport from HEAD).
2011-06-06 13:00:30 +00:00
Dr. Stephen Henson
69e2ec63c5
Reorganise ECC code so it can use FIPS module.
...
Move compression, point2oct and oct2point functions into separate files.
Add a flags field to EC_METHOD.
Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct functions
(all existing methods do this). This removes dependencies from EC_METHOD while
keeping original functionality.
Backport from HEAD with minor changes.
2011-06-06 12:54:51 +00:00
Dr. Stephen Henson
f610a516a0
Backport from HEAD:
...
New option to disable characteristic two fields in EC code.
Make no-ec2m work on Win32 build.
2011-06-06 11:49:36 +00:00
Dr. Stephen Henson
2e51a4caa3
Function not used outside FIPS builds.
2011-06-06 11:24:47 +00:00
Dr. Stephen Henson
c6fa97a6d6
FIPS low level blocking for AES, RC4 and Camellia. This is complicated by
...
use of assembly language routines: rename the assembly language function
to the private_* variant unconditionally and perform tests from a small
C wrapper.
2011-06-05 17:36:44 +00:00
Dr. Stephen Henson
24d7159abd
Backport libcrypto audit: check return values of EVP functions instead
...
of assuming they will always suceed.
2011-06-03 20:53:00 +00:00
Dr. Stephen Henson
d99e6b5014
New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier) from a digest algorithm (backport from HEAD).
2011-06-03 18:35:49 +00:00
Dr. Stephen Henson
2cf40fc2b8
license correction, no EAY code included in this file
2011-06-03 17:56:51 +00:00
Dr. Stephen Henson
260d08b814
Backport CMAC support from HEAD.
2011-06-03 15:08:42 +00:00
Dr. Stephen Henson
53dd05d8f6
Redirect RSA keygen, sign, verify to FIPS module.
2011-06-03 13:16:16 +00:00
Dr. Stephen Henson
fbe7055370
Redirection of low level APIs to FIPS module.
...
Digest sign, verify operations are not redirected at this stage.
2011-06-02 18:22:42 +00:00
Dr. Stephen Henson
a5b386205f
Backport extended PSS support from HEAD: allow setting of mgf1Hash explicitly.
...
This is needed to handle FIPS redirection fully.
2011-06-02 18:13:33 +00:00
Dr. Stephen Henson
916bcab28e
Prohibit low level cipher APIs in FIPS mode.
...
Not complete: ciphers with assembly language key setup are not
covered yet.
2011-06-01 16:54:06 +00:00
Dr. Stephen Henson
c7373c3dee
For consistency define clone digests in evp_fips.c
2011-06-01 15:11:00 +00:00
Dr. Stephen Henson
9f2c8eb2a1
Redirect clone digests to FIPS module for FIPS builds.
2011-06-01 14:28:21 +00:00
Dr. Stephen Henson
65300dcfb0
Prohibit use of low level digest APIs in FIPS mode.
2011-06-01 13:39:45 +00:00
Dr. Stephen Henson
5792219d1d
Redirect cipher operations to FIPS module for FIPS builds.
2011-05-29 16:18:38 +00:00
Dr. Stephen Henson
293c58c1e7
Use approved API for EVP digest operations in FIPS builds.
...
Call OPENSSL_init() in a few more places to make sure it is always called
at least once.
Initial cipher API redirection (incomplete).
2011-05-29 15:55:13 +00:00
Dr. Stephen Henson
9f375a752e
Add default ASN1 handling to support FIPS.
2011-05-29 02:32:05 +00:00
Dr. Stephen Henson
04dc5a9ca6
Redirect digests to FIPS module for FIPS builds.
...
Use FIPS API when initialising digests.
Sync header file evp.h and error codes with HEAD for necessary FIPS
definitions.
2011-05-28 23:01:26 +00:00
Dr. Stephen Henson
ae6cb5483e
Use || instead of && so build doesn't fail.
2011-05-26 22:10:28 +00:00
Dr. Stephen Henson
a168ec1d27
Support shared library builds of FIPS capable OpenSSL, add fipscanister.o
...
to libcrypto.a so linking to libcrypto.a works.
2011-05-26 21:23:11 +00:00
Dr. Stephen Henson
7207eca1ee
The first of many changes to make OpenSSL 1.0.1 FIPS capable.
...
Add static build support to openssl utility.
Add new "fips" option to Configure.
Make use of installed fipsld and fips_standalone_sha1
Initialise FIPS error callbacks, locking and DRBG.
Doesn't do anything much yet: no crypto is redirected to the FIPS module.
Doesn't completely build either but the openssl utility can enter FIPS mode:
which doesn't do anything much either.
2011-05-26 14:19:19 +00:00
Dr. Stephen Henson
ed67f7b7a7
Fix the ECDSA timing attack mentioned in the paper at:
...
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:52:33 +00:00
Dr. Stephen Henson
6ea8d138d3
Fix the ECDSA timing attack mentioned in the paper at:
...
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:42:27 +00:00
Dr. Stephen Henson
419b09b053
PR: 2512
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix BIO_accept so it can be bound to IPv4 or IPv6 sockets consistently.
2011-05-25 12:36:59 +00:00
Richard Levitte
ab08405984
LIBOBJ contained o_fips.c, now o_fips.o.
2011-05-21 09:17:54 +00:00
Dr. Stephen Henson
f98d2e5cc1
Implement FIPS_mode and FIPS_mode_set
2011-05-19 18:19:07 +00:00
Dr. Stephen Henson
f4ddbb5ad1
inherit HMAC flags from MD_CTX
2011-05-19 17:38:57 +00:00
Dr. Stephen Henson
676cd3a283
new flag to stop ENGINE methods being registered
2011-05-15 15:58:38 +00:00
Dr. Stephen Henson
e24b01cc6f
Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have disabled by
...
default. If we don't do it this way, it screws up libeay.num.
(update from HEAD, original from levitte).
2011-05-12 13:10:27 +00:00
Dr. Stephen Henson
889c2282a5
allow SHA384, SHA512 with DSA
2011-05-08 12:38:51 +00:00
Dr. Stephen Henson
dca30c44f5
no need to include memory.h
2011-04-30 23:38:05 +00:00
Dr. Stephen Henson
f2c358c6ce
check buffer is larger enough before overwriting
2011-04-06 18:06:54 +00:00
Richard Levitte
ecff2e5ce1
Corrections to the VMS build system.
...
Submitted by Steven M. Schweda <sms@antinode.info>
2011-03-25 16:21:08 +00:00
Dr. Stephen Henson
c9d630dab6
make some non-VMS builds work again
2011-03-25 15:07:18 +00:00
Richard Levitte
d135906dbc
For VMS, implement the possibility to choose 64-bit pointers with
...
different options:
"64" The build system will choose /POINTER_SIZE=64=ARGV if
the compiler supports it, otherwise /POINTER_SIZE=64.
"64=" The build system will force /POINTER_SIZE=64.
"64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.
2011-03-25 09:39:46 +00:00
Richard Levitte
9f427a52cb
make update (1.0.1-stable)
...
This meant a slight renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable. However, since there's been no release on
this branch yet, it should be harmless.
2011-03-23 00:06:04 +00:00
Richard Levitte
9ed8dee71b
A few more long symbols needing shortening.
2011-03-19 11:03:41 +00:00
Richard Levitte
4692b3345d
Keep file references in the VMS build files in the same order as they
...
are in the Unix Makefiles, and add SRP tests.
2011-03-19 10:46:21 +00:00
Richard Levitte
e59fb00735
SRP was introduced, add it for OpenVMS.
2011-03-19 09:55:35 +00:00
Richard Levitte
9275853084
A few more symbols that need shorter versions on OpenVMS.
2011-03-19 09:54:47 +00:00
Richard Levitte
01d2e27a2b
Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 09:47:47 +00:00
Ben Laurie
a149b2466e
Add SRP.
2011-03-16 11:26:40 +00:00
Andy Polyakov
2bbd82cf24
s390x-mont.pl: optimize for z196.
2011-03-04 13:13:04 +00:00
Andy Polyakov
1bfd3d7f58
dso_dlfcn.c: make it work on Tru64 4.0 [from HEAD].
2011-02-12 16:47:12 +00:00
Bodo Möller
a288aaefc4
Assorted bugfixes:
...
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check
Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
2011-02-03 12:03:57 +00:00
Dr. Stephen Henson
5080fbbef0
Since FIPS 186-3 specifies we use the leftmost bits of the digest
...
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
2011-02-01 12:53:47 +00:00
Dr. Stephen Henson
b5b724348d
stop warnings about no previous prototype when compiling shared engines
2011-01-30 01:55:29 +00:00
Dr. Stephen Henson
c3ee90d8ca
FIPS mode changes to make RNG compile (this will need updating later as we
...
need a whole new PRNG for FIPS).
1. avoid use of ERR_peek().
2. If compiling with FIPS use small FIPS EVP and disable ENGINE
2011-01-26 14:55:23 +00:00
Richard Levitte
bf35c5dc7f
Add rsa_crpt
2011-01-26 06:32:22 +00:00
Dr. Stephen Henson
c42d223ac2
Move RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate
...
crypto and ENGINE dependencies in RSA library.
2011-01-25 17:43:20 +00:00
Dr. Stephen Henson
d5654d2b20
Move BN_options function to bn_print.c to remove dependency for BIO printf
...
routines from bn_lib.c
2011-01-25 17:10:42 +00:00
Dr. Stephen Henson
a7508fec1a
Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of
...
DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().
2011-01-25 16:55:27 +00:00
Dr. Stephen Henson
c31945e682
recalculate DSA signature if r or s is zero (FIPS 186-3 requirement)
2011-01-25 16:02:27 +00:00
Dr. Stephen Henson
d3203b931e
PR: 2433
...
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve
Constify ASN1_STRING_set_default_mask_asc().
2011-01-24 16:20:05 +00:00
Dr. Stephen Henson
947f4e90c3
New function EC_KEY_set_affine_coordinates() this performs all the
...
NIST PKV tests.
2011-01-24 16:09:57 +00:00
Dr. Stephen Henson
d184c7b271
check EC public key isn't point at infinity
2011-01-24 15:07:47 +00:00
Dr. Stephen Henson
913488c066
PR: 1612
...
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve
Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
2011-01-24 14:41:49 +00:00
Dr. Stephen Henson
7fa27d9ac6
Add additional parameter to dsa_builtin_paramgen to output the generated
...
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.
The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
2011-01-19 14:46:42 +00:00
Dr. Stephen Henson
c341b9cce5
add va_list version of ERR_add_error_data
2011-01-14 15:13:59 +00:00
Dr. Stephen Henson
bbbf0d45ba
stop warning with no-engine
2011-01-13 15:42:47 +00:00
Richard Levitte
114c402d9e
PR: 2425
...
Synchronise VMS build with Unixly build.
2011-01-10 20:55:27 +00:00
Dr. Stephen Henson
d51519eba4
add buf_str.c file
2011-01-09 13:30:58 +00:00
Dr. Stephen Henson
e650f9988b
move some string utilities to buf_str.c to reduce some dependencies (from 0.9.8 branch).
2011-01-09 13:30:34 +00:00
Dr. Stephen Henson
8ed8454115
add X9.31 prime generation routines from 0.9.8 branch
2011-01-09 13:22:47 +00:00
Dr. Stephen Henson
964e91052e
oops missed an assert
2011-01-03 12:52:11 +00:00
Dr. Stephen Henson
4e55e69bff
PR: 2411
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Fix corner cases in RFC3779 code.
2011-01-03 01:40:45 +00:00
Dr. Stephen Henson
e501dbb658
Fix escaping code for string printing. If *any* escaping is enabled we
...
must escape the escape character itself (backslash).
2011-01-03 01:30:58 +00:00
Dr. Stephen Henson
20e505e4b7
PR: 2410
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Use OPENSSL_assert() instead of assert().
2011-01-03 01:22:27 +00:00
Dr. Stephen Henson
291a26e6e3
PR: 2413
...
Submitted by: Michael Bergandi <mbergandi@gmail.com>
Reviewed by: steve
Fix typo in crypto/bio/bss_dgram.c
2011-01-03 01:07:20 +00:00
Dr. Stephen Henson
0383911887
PR: 2416
...
Submitted by: Mark Phalan <mark.phalan@oracle.com>
Reviewed by: steve
Use L suffix in version number.
2011-01-03 00:26:21 +00:00
Richard Levitte
90d02be7c5
First attempt at adding the possibility to set the pointer size for the builds on VMS.
...
PR: 2393
2010-12-14 19:18:58 +00:00
Andy Polyakov
04221983ac
bss_file.c: refine UTF8 logic [from HEAD].
...
PR: 2382
2010-12-11 14:54:48 +00:00
Dr. Stephen Henson
411a388c62
PR: 2386
...
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve
Correct SKM_ASN1_SET_OF_d2i macro.
2010-12-02 18:02:14 +00:00
Dr. Stephen Henson
5566d49103
PR: 2385
...
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve
Zero key->pkey.ptr after it is freed so the structure can be reused.
2010-11-30 19:45:31 +00:00
Dr. Stephen Henson
2c5c4fca14
apply J-PKAKE fix to HEAD (original by Ben)
2010-11-29 18:33:28 +00:00
Dr. Stephen Henson
4fab95ed20
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
...
EVP_MD_CTX was much larger: it isn't needed anymore.
2010-11-27 17:35:56 +00:00
Dr. Stephen Henson
a618011ca1
add "missing" functions to copy EVP_PKEY_METHOD and examine info
2010-11-24 16:07:45 +00:00
Dr. Stephen Henson
ec1e714ac1
constify EVP_PKEY_new_mac_key()
2010-11-24 13:14:03 +00:00
Richard Levitte
e43633011c
Give the architecture dependent directory higher priority
2010-11-23 01:05:32 +00:00
Andy Polyakov
7665b436f0
s390x.S: fix typo in bn_mul_words [from HEAD].
...
PR: 2380
2010-11-22 21:57:29 +00:00
Dr. Stephen Henson
ffca7b85c2
PR: 2376
...
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve
Cleanup alloca use, fix Win32 target for OpenWatcom.
2010-11-19 00:11:44 +00:00
Richard Levitte
b97d371ce0
We redid the structure on architecture dependent source files, but
...
apparently forgot to adapt the copying to the installation directory.
2010-11-18 20:02:54 +00:00
Dr. Stephen Henson
b3aa469c21
compile cts128.c on VMS
2010-11-18 17:04:37 +00:00
Dr. Stephen Henson
1bfe9acbbf
PR: 2372
...
Submitted by: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Reviewed by: steve
Fix OpenBSD compilation failure.
2010-11-18 12:29:38 +00:00
Dr. Stephen Henson
19043426b9
backport AES EVP ctr mode changes from HEAD
2010-11-17 17:46:23 +00:00
Dr. Stephen Henson
975c6efbe4
sync OIDs with HEAD
2010-11-17 17:26:10 +00:00
Dr. Stephen Henson
972491aece
If EVP_PKEY structure contains an ENGINE the key is ENGINE specific and
...
we should use its method instead of any generic one.
2010-11-16 12:11:31 +00:00
Dr. Stephen Henson
4444ff7632
Submitted by: Jonathan Dixon <joth@chromium.org>
...
Reviewed by: steve
If store is NULL set flags correctly.
2010-11-02 15:58:05 +00:00
Dr. Stephen Henson
7770da4b41
PR: 2295
...
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2010-10-11 23:25:23 +00:00
Andy Polyakov
7202a4d42b
x86_64-xlate.pl: fix LNK4078 and LNK4210 link warnings [from HEAD].
...
PR: 2356
2010-10-10 21:12:18 +00:00
Dr. Stephen Henson
b9e468c163
We can't always read 6 bytes in an OCSP response: fix so error statuses
...
are read correctly for non-blocking I/O.
2010-10-06 18:01:14 +00:00
Dr. Stephen Henson
945ba0300d
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-10-03 18:56:25 +00:00
Andy Polyakov
9e15cc606e
Alpha assembler pack: adapt for Linux [from HEAD].
...
PR: 2335
2010-09-13 20:32:53 +00:00
Andy Polyakov
9447da5065
crypto/bn/asm/s390x.S: drop redundant instructions [from HEAD].
2010-09-10 14:55:34 +00:00
Andy Polyakov
387ed39f6d
sparcv9cap.c: disengange Solaris-specific CPU detection routine in favour
...
of unified procedure relying on SIGILL [from HEAD].
PR: 2321
2010-09-05 19:48:19 +00:00
Dr. Stephen Henson
6f0d9950f3
fix bug in AES_unwrap()
2010-08-30 23:58:47 +00:00
Bodo Möller
4705ff7d6d
More C language police work.
2010-08-27 13:17:58 +00:00
Bodo Möller
74b5feea7b
C conformity fixes: Move declarations before statements in all blocks.
2010-08-27 12:07:12 +00:00
Bodo Möller
11a36aa96f
C conformity fixes:
...
- Move declarations before statements in all blocks.
- Where 64-bit type is required, use it explicitly (not 1l).
2010-08-27 11:29:09 +00:00
Bodo Möller
42ecf418f5
(formatting error)
2010-08-26 14:38:49 +00:00
Bodo Möller
48ce525d16
New 64-bit optimized implementation EC_GFp_nistp224_method().
...
Binary compatibility is not affected as this will only be
compiled in if explicitly requested (#ifdef EC_NISTP224_64_GCC_128).
Submitted by: Emilia Kasper (Google)
2010-08-26 14:29:27 +00:00
Bodo Möller
82281ce47d
ECC library bugfixes.
...
Submitted by: Emilia Kapser (Google)
2010-08-26 12:10:57 +00:00
Andy Polyakov
1657fca2f4
sha1-armv4-large.pl: reschedule instructions for dual-issue pipeline [from HEAD]
...
.
2010-08-03 15:36:52 +00:00
Andy Polyakov
0d25aad90d
Make inline assembler clang-friendly [from HEAD].
2010-08-02 21:54:48 +00:00
Andy Polyakov
b8c1cb1c2c
alphacpuid.pl: fix brown-bag bug [from HEAD].
2010-07-28 08:18:46 +00:00
Andy Polyakov
6e1d44fd56
Replace alphacpuid.s with alphacpuid.pl to ensure it makes to release tar-balls [from HEAD].
...
PR: 2309
2010-07-26 22:11:23 +00:00
Dr. Stephen Henson
160f9b5bf6
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-07-21 16:23:59 +00:00
Andy Polyakov
4e2b990734
ARM assembler pack: reschedule instructions for dual-issue pipeline [from HEAD].
...
Modest improvement coefficients mean that code already had some
parallelism and there was not very much room for improvement. Special
thanks to Ted Krovetz for benchmarking the code with such patience.
2010-07-13 14:08:22 +00:00
Dr. Stephen Henson
6ca1418587
PR: 2297
...
Submitted by: Antony, Benoy <bantony@ebay.com>
Approved by: steve@openssl.org
Fix bug in AES wrap code when t > 0xff.
2010-07-09 17:25:46 +00:00
Andy Polyakov
b29b89ef21
rand_nw.c: compensate for gcc bug (using %edx instead of %eax at -O3)
...
[from HEAD].
PR: 2296
2010-07-08 09:15:49 +00:00
Andy Polyakov
f90bf72280
sparcv9cap.c: reiterate CPU detection logic [from HEAD].
2010-07-08 07:52:36 +00:00
Dr. Stephen Henson
abcf7aa591
crypto/sparc*: elininate _sparcv9_rdwrasi [from HEAD], original from Andy.
2010-07-05 22:22:22 +00:00
Dr. Stephen Henson
40b6d49387
SPARCv9 assembler pack: refine CPU detection on Linux, fix for "unaligned
...
opcodes detected in executable segment" error [from HEAD], original from Andy.
2010-07-05 22:20:36 +00:00
Dr. Stephen Henson
c549810def
update versions for 1.0.1
2010-06-16 13:48:00 +00:00
Dr. Stephen Henson
dfa81d9efb
update README, fix opensslv.h
2010-06-16 13:37:22 +00:00
Dr. Stephen Henson
1dba06e7b0
update for next version
2010-06-16 13:34:33 +00:00
Dr. Stephen Henson
daac87be95
clarify comment
2010-06-16 13:17:22 +00:00
Dr. Stephen Henson
e97359435e
Fix warnings (From HEAD, original patch by Ben).
2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
9c7baca820
prepare for release
2010-06-01 13:31:38 +00:00
Dr. Stephen Henson
618265e645
Fix CVE-2010-1633 and CVE-2010-0742.
2010-06-01 13:17:06 +00:00
Andy Polyakov
938c0bbae1
x86_64-xlate.pl: updates from HEAD.
2010-06-01 05:57:26 +00:00
Dr. Stephen Henson
31c4ab5401
fix PR#2261 in a different way
2010-05-31 13:18:08 +00:00
Dr. Stephen Henson
1f65529824
PR: 2278
...
Submitted By: Mattias Ellert <mattias.ellert@fysast.uu.se>
Fix type checking macro SKM_ASN1_SET_OF_i2d
2010-05-29 12:49:48 +00:00
Dr. Stephen Henson
7a09bc4068
PR: 2258
...
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Base64 BIO fixes:
Use OPENSSL_assert() instead of assert().
Use memmove() as buffers overlap.
Fix write retry logic.
2010-05-27 12:41:20 +00:00
Dr. Stephen Henson
deb15645a8
PR: 2266
...
Submitted By: Jonathan Gray <jsg@goblin.cx>
Correct ioctl definitions.
2010-05-26 23:23:44 +00:00
Dr. Stephen Henson
59d100d959
PR: 2251
...
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org
Memleak, BIO chain leak and realloc checks in v3_pci.c
2010-05-22 00:31:02 +00:00
Dr. Stephen Henson
dc4e1ddc9f
PR: 2253
...
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Check callback return value when outputting errors.
2010-05-15 00:36:12 +00:00
Dr. Stephen Henson
207886cd3a
PR: 2244
...
Submitted By: "PMHager" <hager@dortmund.net>
Initialise pkey callback to 0.
2010-05-03 12:50:52 +00:00
Andy Polyakov
336d1ee733
bss_file.c: reserve for option to encode file name in UTF-8 on Windows
...
[from HEAD].
2010-04-28 20:04:37 +00:00
Andy Polyakov
bed2b769f5
md5-ia64.S: fix assembler warning [from HEAD].
2010-04-20 20:41:23 +00:00
Dr. Stephen Henson
26029d9c4c
PR: 2241
...
Submitted By: Artemy Lebedev <vagran.ast@gmail.com>
Typo.
2010-04-20 12:53:05 +00:00
Dr. Stephen Henson
4fae54a8e0
PR: 2235
...
Submitted By: Bruce Stephens <bruce.stephens@isode.com>
Make ts/Makefile consistent with other Makefiles.
2010-04-14 23:04:19 +00:00
Andy Polyakov
9f35928719
x86_64cpuid.pl: ml64 is allergic to db on label line [from HEAD].
2010-04-14 19:25:09 +00:00
Andy Polyakov
8a898a6fcc
[co]cf128.c: fix "n=0" bug [from HEAD].
2010-04-14 07:47:53 +00:00
Richard Levitte
2c25edc4c1
Too long symbols
2010-04-13 14:36:58 +00:00
Richard Levitte
d2f098b33d
Spelling
2010-04-13 14:34:48 +00:00
Andy Polyakov
c73cff12f1
aes-ppc.pl: 10% performance improvement on Power6 [from HEAD].
2010-04-10 14:54:34 +00:00
Andy Polyakov
b32d93840e
cryptlib.c: allow application to override OPENSSL_isservice [from HEAD].
2010-04-10 14:13:12 +00:00
Andy Polyakov
cb457849fd
ctr129.c: fix typo, simplify ctr128_inc and fix "n=0" bug [from HEAD].
2010-04-10 13:47:11 +00:00
Andy Polyakov
20dc93e49e
sparccpuid.S: some assembler is allergic to apostrophes in comments [from HEAD].
2010-04-10 13:37:06 +00:00
Andy Polyakov
b620447dcc
alpha-mont.pl: comply with stack alignment requirement [from HEAD].
2010-04-10 13:33:46 +00:00
Dr. Stephen Henson
5b0a79a27a
PR: 2220
...
Fixes to make OpenSSL compile with no-rc4
2010-04-06 11:18:32 +00:00
Dr. Stephen Henson
6747de655e
updates for next release
2010-03-30 00:55:00 +00:00
Dr. Stephen Henson
91bad2b09e
Prepare for 1.0.0 release - finally ;-)
2010-03-29 13:11:54 +00:00
Andy Polyakov
1244d5b713
ARMv4 assembler: [unconfirmed] fix for compilation failure [from HEAD].
2010-03-29 09:59:58 +00:00
Andy Polyakov
c0ed5cd47b
dso_dlfcn.c: fix compile failure on Tru64 [from HEAD].
2010-03-29 09:50:33 +00:00
Dr. Stephen Henson
c8281fd38e
PR: 1696
...
Check return value if d2i_PBEPARAM().
2010-03-28 00:42:29 +00:00
Dr. Stephen Henson
fe8e6bff9b
PR: 1763
...
Remove useless num = 0 assignment.
Remove redundant cases on sock_ctrl(): default case handles them.
2010-03-27 23:28:23 +00:00
Dr. Stephen Henson
9caf25d144
PR: 1904
...
Submitted by: David Woodhouse <dwmw2@infradead.org>
Pass passphrase minimum length down to UI.
2010-03-27 19:27:51 +00:00
Dr. Stephen Henson
348620c7ac
PR: 1813
...
Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Fix memory leak when engine name cannot be loaded.
2010-03-27 18:28:13 +00:00
Andy Polyakov
162de2f2b5
rand_win.c: fix logical bug in readscreen [from HEAD].
2010-03-22 22:44:35 +00:00
Andy Polyakov
f6e4af6fd7
bss_file.c: fix MSC 6.0 warning [from HEAD].
2010-03-22 22:39:46 +00:00
Andy Polyakov
bcfd252052
Fix UPLINK typo [from HEAD].
2010-03-15 22:26:33 +00:00
Dr. Stephen Henson
f6a61b140e
missing goto meant signature was never printed out
2010-03-12 12:07:05 +00:00
Dr. Stephen Henson
5b3fdb0181
PR: 2188
...
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>
Add "missing" functions to get and set prompt constructor.
2010-03-09 17:18:17 +00:00
Dr. Stephen Henson
5356ea7cde
reserve a few more bits for future cipher modes
2010-03-08 23:47:57 +00:00
Dr. Stephen Henson
06226df1a9
The OID sanity check was incorrect. It should only disallow *leading* 0x80
...
values.
2010-03-07 16:40:19 +00:00
Dr. Stephen Henson
bf638ef026
don't add digest alias if signature algorithm is undefined
2010-03-06 20:47:45 +00:00
Dr. Stephen Henson
07973d5db8
Fix memory leak: free up ENGINE functional reference if digest is not
...
found in an ENGINE.
2010-03-05 13:33:43 +00:00
Dr. Stephen Henson
d92138f703
don't mix definitions and code
2010-03-03 15:30:26 +00:00
Andy Polyakov
b2bf335327
Fix s390x-specific HOST_l2c|c2l [from HEAD].
...
Submitted by: Andreas Krebbel
2010-03-02 16:25:10 +00:00
Dr. Stephen Henson
33bec62a20
PR: 2178
...
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>
Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.
2010-03-01 23:54:34 +00:00
Dr. Stephen Henson
002d3fe863
use correct prototype as in HEAD
2010-03-01 03:01:56 +00:00
Dr. Stephen Henson
fb24311e7c
'typo'
2010-03-01 01:52:47 +00:00
Dr. Stephen Henson
90278430d9
make USE_CRYPTODEV_DIGESTS work
2010-03-01 01:19:36 +00:00
Ben Laurie
bcd9d12a8d
Fix warning.
2010-02-28 13:38:16 +00:00
Dr. Stephen Henson
fc11f47229
Revert CFB block length change. Despite what SP800-38a says the input to
...
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
2010-02-26 14:41:48 +00:00
Bodo Möller
7fe747d1eb
Always check bn_wexpend() return values for failure (CVE-2009-3245).
...
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)
Submitted by: Neel Mehta
2010-02-23 10:36:30 +00:00
Bodo Möller
32567c9f3b
Fix X509_STORE locking
2010-02-19 18:26:23 +00:00
Dr. Stephen Henson
9051fc538f
PR: 2100
...
Submitted by: James Baker <jbaker@tableausoftware.com> et al.
Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:25 +00:00
Dr. Stephen Henson
6c6ca18664
The "block length" for CFB mode was incorrectly coded as 1 all the time. It
...
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
2010-02-15 19:40:30 +00:00
Dr. Stephen Henson
97fe2b40c1
Correct ECB mode EVP_CIPHER definition: IV length is 0
2010-02-15 19:25:52 +00:00
Dr. Stephen Henson
f689ab5017
add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable
2010-02-15 19:17:55 +00:00
Dr. Stephen Henson
edb7cac271
PR: 2164
...
Submitted by: "Noszticzius, Istvan" <inoszticzius@rightnow.com>
Don't clear the output buffer: ciphers should correctly the same input
and output buffers.
2010-02-15 19:01:56 +00:00
Dr. Stephen Henson
1d8fa09c80
Make assembly language versions of OPENSSL_cleanse() accept zero length
...
parameter. Backport from HEAD, orginal by appro.
2010-02-12 17:02:13 +00:00
Dr. Stephen Henson
e085e6c84c
Fix memory leak in ENGINE autoconfig code. Improve error logging.
2010-02-09 14:17:57 +00:00
Dr. Stephen Henson
c8c49133d9
oops, use new value for new flag
2010-02-07 13:54:54 +00:00
Dr. Stephen Henson
961f1dea06
make update
2010-02-07 13:47:08 +00:00
Dr. Stephen Henson
1700426256
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
...
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
2010-02-07 13:41:23 +00:00
Dr. Stephen Henson
aa7f5baad2
don't assume 0x is at start of string
2010-02-03 18:19:05 +00:00
Dr. Stephen Henson
45acdd6f6d
tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
2010-02-02 14:26:32 +00:00
Dr. Stephen Henson
8b354e776b
PR: 2161
...
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.
Make no-dsa, no-ecdsa and no-rsa compile again.
2010-02-02 13:36:05 +00:00
Richard Levitte
d023b4e2dd
The previous take went wrong, try again.
2010-01-29 12:02:54 +00:00
Richard Levitte
fa79cc9c23
Architecture specific header files need special handling.
2010-01-29 11:44:40 +00:00
Dr. Stephen Henson
df21765a3e
In engine_table_select() don't clear out entire error queue: just clear
...
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
2010-01-28 17:50:23 +00:00
Dr. Stephen Henson
1cdb7854a5
PR: 2138
...
Submitted by: Kevin Regan <k.regan@f5.com>
Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.
2010-01-26 18:07:41 +00:00
Dr. Stephen Henson
704d33b347
Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and
...
later.
2010-01-26 14:33:52 +00:00
Dr. Stephen Henson
b2a7515ee8
OPENSSL_isservice is now defined on all platforms not just WIN32
2010-01-26 13:58:49 +00:00
Dr. Stephen Henson
c7d5edbf5e
export OPENSSL_isservice and make update
2010-01-26 13:55:33 +00:00
Dr. Stephen Henson
78bfb45b07
PR: 2149
...
Submitted by: Douglas Stebila <douglas@stebila.ca>
Fix wap OIDs.
2010-01-25 16:07:51 +00:00
Richard Levitte
25d42c17e3
A few more macros for long symbols.
...
Submitted by Steven M. Schweda <sms@antinode.info>
2010-01-25 00:18:31 +00:00
Dr. Stephen Henson
1699389a46
Tolerate PKCS#8 DSA format with negative private key.
2010-01-22 20:17:30 +00:00
Dr. Stephen Henson
53e97e7433
update version for next beta if we have one...
2010-01-20 15:40:27 +00:00