wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10810 commits 20 branches 302 tags 153 MiB
Commit graph

245 commits

Author SHA1 Message Date
Dr. Stephen Henson
118b90c59e PR: 2192 
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

The prompt_info and wrong_info parameters can be empty strings which
can produce confusing prompts. Treat empty string same as NULL.
 2010-03-12 12:48:46 +00:00
Bodo Möller
7fe747d1eb Always check bn_wexpend() return values for failure (CVE-2009-3245). 
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
 2010-02-23 10:36:30 +00:00
Dr. Stephen Henson
03fd7f27db Submitted by: Dmitry Ivanov <vonami@gmail.com> 
Don't leave dangling pointers in GOST engine if calls fail.
 2010-02-16 14:30:19 +00:00
Richard Levitte
d89b895cfd size_t doesn't compare less than zero... 2010-01-27 01:18:26 +00:00
Dr. Stephen Henson
2e155fde39 PR: 2141 
Submitted by: "NARUSE, Yui" <naruse@airemix.jp>

Remove non-ASCII comment which causes compilation errors on some versions
of VC++.
 2010-01-19 19:28:03 +00:00
Dr. Stephen Henson
a1e1165200 PR: 2135 
Submitted by: Mike Frysinger <vapier@gentoo.org>

Change missed references to lib to $(LIBDIR)
 2010-01-16 20:06:10 +00:00
Andy Polyakov
f0389d8d37 Adapt mingw config for newer mingw environment [from HEAD]. 
PR: 2113
 2009-12-30 11:57:39 +00:00
Bodo Möller
8bbd0e826c Use properly local variables for thread-safety. 
Submitted by: Martin Rex
 2009-12-22 11:52:15 +00:00
Dr. Stephen Henson
b2ac5cb2d0 PR: 1686 
Submitted by: Hanno Böck <hanno@hboeck.de>
Approved by: steve@openssl.org

Create engines dir if it doesn't already exist.
 2009-11-10 01:52:52 +00:00
Dr. Stephen Henson
db6e41f0ed PR: 2070 
Submitted by: Alexander Nikitovskiy <Nikitovski@ya.ru>
Approved by: steve@openssl.org

Fix wrong cast.
 2009-10-19 13:13:14 +00:00
Richard Levitte
51f38e6c2d Make engines compile on VMS for ia64 as well. 
Parse file types in a more secure manner.

Submitted by sms@antinode.info (Steven M. Schweda)
 2009-08-25 07:19:20 +00:00
Dr. Stephen Henson
d5ec7d66a8 PR: 2003 
Make it possible to install OpenSSL in directories with name other
than "lib" for example "lib64". Based on patch from Jeremy Utley.
 2009-08-10 14:42:05 +00:00
Dr. Stephen Henson
7171ade2c2 Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru> 
Reviewed by: steve@openssl.org

EVP_CTRL_PBE_PRF_NID suppot for Gost engine.
 2009-07-01 11:23:07 +00:00
Dr. Stephen Henson
bfd502f027 Updates from HEAD. 2009-06-16 16:39:20 +00:00
Ben Laurie
6cfab29b71 Make depend. 2009-06-14 02:37:22 +00:00
Dr. Stephen Henson
fdc6c6ef08 Update from 0.9.8-stable. 2009-05-29 14:02:30 +00:00
Dr. Stephen Henson
3e84046f90 make errors 2009-05-28 20:45:26 +00:00
Richard Levitte
006c7c6bb1 Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda). 
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
 2009-05-15 16:37:08 +00:00
Andy Polyakov
c65db618bb e_padlock.c: update from HEAD. 2009-05-12 20:24:23 +00:00
Dr. Stephen Henson
8355647403 Typo. 2009-05-07 16:26:44 +00:00
Richard Levitte
11f35a036d Select updates from HEAD 2009-05-06 14:03:24 +00:00
Andy Polyakov
0f41ccf370 e_capi.c: update from HEAD. 2009-05-05 19:17:00 +00:00
Richard Levitte
c44544a1d7 Update from HEAD 2009-05-05 08:46:30 +00:00
Richard Levitte
226a94963a Updates from HEAD 2009-04-27 00:08:50 +00:00
Richard Levitte
88d9f669c5 Add local symbol hacks for OpenVMS 2009-04-26 12:26:04 +00:00
Dr. Stephen Henson
7134507de0 Make no-rsa, no-dsa and no-dh compile again. 2009-04-23 17:16:40 +00:00
Dr. Stephen Henson
d07692cd96 Make no-gost work properly. 2009-04-23 16:12:09 +00:00
Dr. Stephen Henson
9990cb75c1 PR: 1894 
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Fix various typos and stuff.
 2009-04-16 17:22:51 +00:00
Dr. Stephen Henson
5f590d2218 PR: 1887 (part) 
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Approved by: steve@openssl.org

Added error codes for ccgost.
 2009-04-10 11:07:35 +00:00
Dr. Stephen Henson
1dad4f3672 PR: 1882 
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Approved by: steve@openssl.org

Typo.
 2009-04-02 15:04:01 +00:00
Dr. Stephen Henson
70b2186e24 Stop warnings. 2009-03-31 19:54:51 +00:00
Dr. Stephen Henson
b6af2c7e3e Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru> 
Reviewed by: steve@openssl.org

Update ccgost engine to support parameter files.
 2009-03-17 15:38:34 +00:00
Dr. Stephen Henson
2c618ab993 Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru> 
Reviewed by: steve@openssl.org

Change default Gost parameter set to id_Gost28147_89_CryptoPro_A_ParamSet
 2009-02-16 21:52:01 +00:00
Andy Polyakov
e527201f6b This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another 
.DLL, in particular static build. The issue has been discussed in RT#1230
and later on openssl-dev, and mutually exclusive approaches were suggested.
This completes compromise solution suggested in RT#1230.
PR: 1230
 2008-12-22 13:54:12 +00:00
Richard Levitte
26397d2e8c Synchronise VMS build system with the Unixly one 2008-12-16 10:54:28 +00:00
Ben Laurie
19d300d07c Return error if DH_new() fails (Coverity ID 150). 2008-12-13 17:39:53 +00:00
Ben Laurie
071920d9f6 Check for NULL before use (Coverity ID 203). 2008-12-13 17:28:25 +00:00
Geoff Thorpe
71702f7ed0 Clarify a 'chil' engine param that is a little unintuitive. 
Submitted by: Sander Temme <sander@temme.net>
 2008-11-28 22:04:49 +00:00
Geoff Thorpe
31636a3ed1 Allow the CHIL engine to load even if dynamic locks aren't registered. 
Submitted by: Sander Temme
 2008-11-19 14:21:27 +00:00
Ben Laurie
774b2fe700 Aftermath of a clashing size_t fix (now only format changes). 2008-11-13 09:48:47 +00:00
Dr. Stephen Henson
dd9557a8ba Revert another size_t change. 2008-11-12 18:47:24 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more 
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
 2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Andy Polyakov
9be5481297 Add initial support for mingw64. 
PR: 1693
Submitted by: Alon Bar-Lev
 2008-11-03 21:15:07 +00:00
Dr. Stephen Henson
70d71f6185 Fix warnings: printf format mismatches on 64 bit platforms. 
Change assert to OPENSSL_assert().
Fix e_padlock prototype.
 2008-11-02 15:41:30 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Andy Polyakov
09a60c9833 Fix warnings after commit#17578. 2008-10-31 20:20:54 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Andy Polyakov
492279f6f3 AIX build updates. 2008-09-12 14:45:54 +00:00
Bodo Möller
9be8035b11 fix error function codes 2008-08-13 19:44:15 +00:00
Dr. Stephen Henson
a0f3679b52 Update from stable branch. 2008-06-25 10:43:07 +00:00
Dr. Stephen Henson
2836cb3816 Update from stable branch. 2008-06-18 15:08:41 +00:00
Dr. Stephen Henson
46d4782888 Update from stable branch. 2008-06-18 12:06:10 +00:00
Dr. Stephen Henson
1cd504e7be Don't change _WIN32_WINNT and detect GetConsoleWindow() and 
CryptUIDlgSelectCertificateFromStore() at runtime. Add callback function
for selection mechanism.
 2008-06-05 23:19:56 +00:00
Dr. Stephen Henson
11f3cee93b Update from stable branch. 2008-06-05 17:04:16 +00:00
Dr. Stephen Henson
ffc2b3e927 Update from stable branch. 2008-06-05 11:45:25 +00:00
Dr. Stephen Henson
e1451bb51d Update from stable branch. 2008-06-04 23:03:28 +00:00
Dr. Stephen Henson
1381bf90f4 Use an appropriate Window for selection dialog. 2008-06-04 16:45:05 +00:00
Dr. Stephen Henson
e0f7b87227 Add support for Windoes dialog box based certificate selection. 2008-06-04 16:10:09 +00:00
Dr. Stephen Henson
b814c01a76 Tidy up and add comments to selection code. 2008-06-04 12:03:57 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
37cf49a3df Avoid name clash. 2008-06-04 10:57:38 +00:00
Ben Laurie
f79262e94b Only include windows headers when under windows. 2008-06-04 05:21:13 +00:00
Dr. Stephen Henson
7d537d4fc7 Add initial support for multiple SSL client certifcate selection in 
CryptoAPI ENGINE.
 2008-06-03 23:54:31 +00:00
Dr. Stephen Henson
ca89fc1fb4 Match empty CA list to anything for ssl client auth in CryptoAPI engine. 2008-06-03 11:37:52 +00:00
Dr. Stephen Henson
b3c8dd4eab Add preliminary SSL client auth callback to CryptoAPI ENGINE. 2008-06-03 10:27:39 +00:00
Dr. Stephen Henson
eac442ddd3 Windows batch file to rebuild error codes for CryptoAPI ENGINE. 2008-06-02 23:10:34 +00:00
Dr. Stephen Henson
2aa2a5775f Fix indentation. 2008-06-02 14:29:32 +00:00
Dr. Stephen Henson
953174f46e Free old store name (if any). 2008-06-01 23:45:11 +00:00
Dr. Stephen Henson
c621c7e432 Add ctrl for alternative certificate store names. 2008-06-01 23:42:49 +00:00
Dr. Stephen Henson
2bbe8f9129 Use keyspec for DSA too. 2008-06-01 23:28:17 +00:00
Dr. Stephen Henson
4be0a5d429 Get and note keyspec when signing. 2008-06-01 23:24:53 +00:00
Dr. Stephen Henson
408f906592 Add CryptoAPI error file too. 2008-05-31 22:50:00 +00:00
Dr. Stephen Henson
7a18ecb2df Add CryptoAPI ENGINE from stable branch. 2008-05-31 22:49:32 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Geoff Thorpe
5ee6f96cea Paul Sheer optimised the OpenSSL to/from libGMP conversions for the case 
where they both use the same limb size. I've tweaked his patch slightly, so
blame me if it breaks.

Submitted by: Paul Sheer
Reviewed by: Geoff Thorpe
 2008-04-27 18:41:23 +00:00
Lutz Jänicke
0f401ff08b Add missing 'extern "C" {' to some _err.h files in crypto/engines/ 
PR: 1609
 2008-04-18 07:43:26 +00:00
Lutz Jänicke
5558128541 Another minor update from the mingw development 
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>
 2008-04-18 06:35:55 +00:00
Lutz Jänicke
4c1a6e004a Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev 
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
 2008-04-17 10:19:16 +00:00
Dr. Stephen Henson
fe591284be Update dependencies. 2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism, 
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
 2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
92e2c81aff Fix error code function name mismatches in GOST engine, rebuild errors. 2008-02-28 13:45:06 +00:00
Andy Polyakov
085ea80371 engine/ccgost Win32 portability fixes. 2008-01-05 21:28:53 +00:00
Dr. Stephen Henson
744ecaa5b6 Avoid WIN32 signed/unsigned warnings. 2008-01-04 00:37:23 +00:00
Dr. Stephen Henson
eef0c1f34c Netware support. 
Submitted by: Guenter Knauf <eflash@gmx.net>
 2008-01-03 22:43:04 +00:00
Andy Polyakov
339a1820fd gmp engine was non-operational. 2007-12-04 20:28:52 +00:00
Dr. Stephen Henson
98057eba77 Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru> 
Update gost algorithm print routines.
 2007-11-21 12:39:12 +00:00
Dr. Stephen Henson
097f9d8c52 Avoid warning. 2007-11-20 17:52:02 +00:00
Ben Laurie
10f0c85cfc Fix warnings. 2007-11-16 03:03:01 +00:00
Dr. Stephen Henson
37210fe7e2 GOST ENGINE information. 2007-10-26 23:50:40 +00:00
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case 
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
 2007-10-26 12:06:36 +00:00
Bodo Möller
1b827d7b6f Clean up error codes a bit. 
(engines/ccgost/ remains utter chaos, though; "make errors" is not happy.)
 2007-09-19 00:58:58 +00:00
Dr. Stephen Henson
3c07d3a3d3 Finish gcc 4.2 changes. 2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
0aa08a2e34 Fix for GOST engine on platforms where sizeof(size_t) != sizeof(int). 2007-05-31 12:32:27 +00:00
Dr. Stephen Henson
7b8b797375 Revert broken change to ccgost. 
Initialize context properly for HMAC pkey method.
 2007-05-22 12:58:39 +00:00
Dr. Stephen Henson
9aba74e55a Fix warning and back out bad modification. 2007-05-21 12:16:36 +00:00
Andy Polyakov
61775daf00 Padlock engine fails to compile with -O0 -fPIC. 2007-05-20 07:13:45 +00:00
Dr. Stephen Henson
ec06417d52 Updated GOST MAC support. 
Submitted by: vitus@cryptocom.ru
 2007-05-18 15:55:55 +00:00
Dr. Stephen Henson
a4346646f1 Initial GOST MAC support. Not fully working yet... 2007-05-17 17:44:09 +00:00
Ben Laurie
38e952e8ae Missing config file. 2007-04-05 16:57:07 +00:00