Andy Polyakov
eb1aa135d8
sha1-armv4-large.pl performance improvement. On PXA255 it gives +10% on
...
8KB block, +60% on 1KB, +160% on 256B...
2008-08-06 08:47:07 +00:00
Dr. Stephen Henson
6d6c47980e
Correctly handle errors in CMS I/O code.
2008-08-05 15:55:53 +00:00
Dr. Stephen Henson
3e727a3b37
Add support for nameRelativeToCRLIssuer field in distribution point name
...
fields.
2008-08-04 15:34:27 +00:00
Dr. Stephen Henson
a9ff742e42
Make explicit_policy handling match expected RFC3280 behaviour.
2008-08-02 11:16:35 +00:00
Dr. Stephen Henson
5cbd203302
Initial support for alternative CRL issuing certificates.
...
Allow inibit any policy flag to be set in apps.
2008-07-30 15:49:12 +00:00
Dr. Stephen Henson
592a207b94
Policy validation fixes.
...
Inhibit any policy count should ignore self issued certificates.
Require explicit policy is the number certificate before an explict policy
is required.
2008-07-30 15:41:42 +00:00
Andy Polyakov
b94551e823
perlasm update: implement dataseg directive.
2008-07-22 08:44:31 +00:00
Andy Polyakov
9b634c9b37
x86_64-xlate.pl: implement indirect jump/calls, support for Win64 SEH.
2008-07-22 08:42:06 +00:00
Bodo Möller
5b331ab77a
We should check the eight bytes starting at p[-9] for rollback attack
...
detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK
will be larger than necessary.
PR: 1695
2008-07-17 22:11:53 +00:00
Andy Polyakov
dd6f479ea8
mem_dbg.c: avoid compiler warnings.
...
PR: 1693
Submitted by: Stefan Neis
2008-07-17 13:58:21 +00:00
Andy Polyakov
87facba376
Remove junk argument to function_begin in sha/asm/*-586.pl.
...
PR: 1681
2008-07-17 09:50:56 +00:00
Andy Polyakov
e4662fdb62
x86masm.pl: harmonize functions' alignment.
2008-07-17 09:46:09 +00:00
Bodo Möller
efa73a77e4
Make sure not to read beyond end of buffer
2008-07-16 18:10:27 +00:00
Andy Polyakov
89778b7f3f
x86_64cpuid.pl cosmetics: harmonize $dir treatment with other modules.
2008-07-15 19:52:20 +00:00
Andy Polyakov
c79c5a256b
des-596.pl update: short-circuit reference to DES_SPtrans.
2008-07-15 13:24:16 +00:00
Andy Polyakov
9960bdc6fa
x86masm.pl cosmetics.
2008-07-15 13:16:42 +00:00
Andy Polyakov
23dcb447ff
x86nasm.pl update: use pre-defined macros and allow for /safeseh link.
2008-07-15 12:50:44 +00:00
Dr. Stephen Henson
34d05a4023
Zero is a valid value for any_skip and map_skip
2008-07-13 22:38:18 +00:00
Dr. Stephen Henson
dcc0c29876
We support inhibit any policy extension, add to table.
2008-07-13 15:55:37 +00:00
Dr. Stephen Henson
db50661fce
X509 verification fixes.
...
Ignore self issued certificates when checking path length constraints.
Duplicate OIDs in policy tree in case they are allocated.
Use anyPolicy from certificate cache and not current tree level.
2008-07-13 14:25:36 +00:00
Dr. Stephen Henson
d4cdbab99b
Avoid warnings with -pedantic, specifically:
...
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
2008-07-04 23:12:52 +00:00
Geoff Thorpe
5f834ab123
Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
...
version some time soon.
2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
8528128b2a
Update from stable branch.
2008-06-26 23:27:31 +00:00
Bodo Möller
8228fd89fc
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
...
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
2008-06-23 20:46:24 +00:00
Dr. Stephen Henson
6c2878344f
Fix from stable branch.
2008-06-21 23:28:55 +00:00
Dr. Stephen Henson
a01a351cc2
Update from stable branch.
2008-06-16 15:51:48 +00:00
Dr. Stephen Henson
6cb9fca70d
Fix memory leak. The canonical X509_NAME_ENTRY STACK is reallocated rather
...
than referencing existing X509_NAME_ENTRY structures so needs to be
completely freed.
2008-06-06 11:26:07 +00:00
Dr. Stephen Henson
985de86340
Remove old non-safestack code.
2008-06-04 14:34:39 +00:00
Dr. Stephen Henson
c07a126fb2
Make DSO WIN32 compile again.
2008-06-04 11:53:14 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
59d2d48f64
Add support for client cert engine setting in s_client app.
...
Add appropriate #ifdefs round client cert functions in headers.
2008-06-03 11:26:27 +00:00
Dr. Stephen Henson
55bef26d8a
#undef OCSP_RESPONSE: CryptoAPI uses this too.
2008-06-02 23:09:04 +00:00
Dr. Stephen Henson
3fc59c8406
Allow ENGINE client cert callback to specify a set of other certs, for
...
the rest of the certificate chain. Currently unused.
2008-06-01 22:45:08 +00:00
Dr. Stephen Henson
eafd6e5110
Update error codes, move typedef of SSL, SSL_CTX to ossl_typ.h
2008-06-01 21:18:47 +00:00
Dr. Stephen Henson
05935c47b2
Add support for ENGINE supplied SSL client auth.
2008-06-01 21:10:30 +00:00
Dr. Stephen Henson
a4792168ec
Update VC-32.pl and load CryptoAPI engine in the right place.
2008-05-31 23:21:40 +00:00
Dr. Stephen Henson
90b96776cd
More CryptoAPI engine code from stable branch.
2008-05-31 22:53:16 +00:00
Dr. Stephen Henson
ab3eafd5b5
Stop warning about extra ';' outside of function.
2008-05-31 19:17:25 +00:00
Dr. Stephen Henson
83574cf808
Fix from stable branch.
2008-05-30 10:57:49 +00:00
Dr. Stephen Henson
595852f3b5
Avoid "duplicate const" warnings.
2008-05-27 11:44:03 +00:00
Dr. Stephen Henson
0a56761f19
Avoid warning about empty structures and always define CHECKED_PTR_OF
2008-05-27 11:28:49 +00:00
Dr. Stephen Henson
220903f92e
C++ style comments fixed.
2008-05-26 15:39:36 +00:00
Ben Laurie
3c1d6bbc92
LHASH revamp. make depend.
2008-05-26 11:24:29 +00:00
Dr. Stephen Henson
64ddafc6b6
Update from stable branch.
2008-05-20 11:52:57 +00:00
Dr. Stephen Henson
781f0a9bb5
Fix from stable branch.
2008-05-20 11:30:27 +00:00
Lutz Jänicke
3de5a7745f
Correctly adjust location of comment
...
Submitted by: Ben Laurie <ben@links.org>
2008-05-20 08:10:48 +00:00
Dr. Stephen Henson
94fd382f8b
Fix two invalid memory reads in RSA OAEP mode.
...
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
2008-05-19 21:33:55 +00:00
Bodo Möller
4bd4afa34e
Change use of CRYPTO_THREADID so that we always use both the ulong and
...
ptr members.
(So if the id_callback is bogus, we still have &errno.)
2008-05-19 20:45:25 +00:00
Bodo Möller
148bb9515c
Disable code that clearly doesn't currently serve any useful purpose.
...
(Buggy line reported by Matthias Koenig.)
2008-05-19 19:44:45 +00:00
Lutz Jänicke
8b99c79fae
Another occurance of possible valgrind/purify "uninitialized memory"
...
complaint related to the PRNG: with PURIFY policy don't feed uninitialized
memory into the PRNG.
Submitted by: Bodo Moeller <bmoeller@openssl.org> :-)
2008-05-16 07:14:26 +00:00
Dr. Stephen Henson
e718520cc5
Add missing cast.
2008-05-09 23:16:24 +00:00
Andy Polyakov
4f46934269
Depict future Win64/x64 development.
2008-05-03 18:34:59 +00:00
Bodo Möller
fabe640f5e
Clarifying comment.
2008-05-02 18:47:48 +00:00
Dr. Stephen Henson
19048b5c8d
New function CMS_add1_crl().
2008-05-02 17:27:01 +00:00
Dr. Stephen Henson
156ee88285
Indicate support for digest init ctrl.
2008-05-02 11:24:40 +00:00
Bodo Möller
d05a474556
Montgomery-related minor cleanups/documentation
2008-05-01 18:48:20 +00:00
Geoff Thorpe
e7b097f558
Fix auto-discovery of ENGINEs. See the CHANGES entry for details (and/or
...
ticket #1668 ).
PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe
2008-04-28 21:39:09 +00:00
Andy Polyakov
ba6f95e81b
Add 64-bit support to BN_nist_mod_244 and engage BN_nist_mod_* on 64-bit
...
platforms.
2008-04-24 10:04:26 +00:00
Andy Polyakov
281066cb03
Compensate inline assembler in sha512.c for gcc 2.7.2 compiler bug.
...
PR: 1667
2008-04-24 09:59:45 +00:00
Andy Polyakov
830b8877ba
Takanori Yanagisawa has shown how to correctly use pre-computed values.
...
So in a sense this commit reverts few latest ones fixing bugs in original
code and improving it, most notably adding 64-bit support [though not in
BN_nist_mod_224 yet].
PR: 1593
2008-04-23 08:10:25 +00:00
Andy Polyakov
9912ab6770
Resolve __DECC warning and keep disclaiming support for 16-bit platforms.
2008-04-18 15:47:30 +00:00
Andy Polyakov
299ab428ce
Fix remaining BN_nist_mod_*.
...
PR: 1593
2008-04-18 15:40:57 +00:00
Dr. Stephen Henson
e6ef05d5f3
Make certs argument work in CMS_sign() add test case.
...
PR:1664
2008-04-18 11:18:20 +00:00
Richard Levitte
e33c72dfc6
Synchronise with Unix.
2008-04-18 06:04:03 +00:00
Lutz Jänicke
4c1a6e004a
Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev
...
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
2008-04-17 10:19:16 +00:00
Richard Levitte
6e6ada18c6
Further synchronisation with Unix build. I hadn't noticed pq_compat.h
...
was gone...
2008-04-12 08:41:05 +00:00
Richard Levitte
b35a131069
Provide other forms for symbols that are too long or that clash with others
2008-04-12 08:40:01 +00:00
Dr. Stephen Henson
852bd35065
Fix prototype for CMS_decrypt(), don't free up detached content.
2008-04-11 23:45:52 +00:00
Dr. Stephen Henson
a5db50d005
Revert argument swap change... oops CMS_uncompress() was consistent...
2008-04-11 23:23:18 +00:00
Dr. Stephen Henson
529d329ce1
Make CMS_uncompress() argument order consistent with other functions.
2008-04-11 17:34:13 +00:00
Dr. Stephen Henson
c02b6b6b21
Fix for compression and updated CMS_final().
2008-04-11 17:07:01 +00:00
Richard Levitte
fc003bcecb
Synchronise with Unix build
2008-04-11 01:53:16 +00:00
Dr. Stephen Henson
e0fbd07309
Add additional parameter to CMS_final() to handle detached content.
2008-04-10 11:22:14 +00:00
Dr. Stephen Henson
eaee098e1f
Ignore nonsensical flags for signed receipts.
2008-04-10 11:12:42 +00:00
Andy Polyakov
d4122504a2
Clarifying comment.
2008-04-09 12:06:42 +00:00
Andy Polyakov
2c4226c42b
Do BN_nist_mod_384 by the book, as cheating doesn't work. Other functions
...
will be revised too.
PR: 1593
2008-04-09 11:36:04 +00:00
Dr. Stephen Henson
853eae51e0
Implement CMS_NOCRL.
2008-04-07 11:00:44 +00:00
Dr. Stephen Henson
ff80280b01
Set contentType attribute just before signing to allow encapsulated content
...
type to be set at any time in applications.
2008-04-06 16:29:47 +00:00
Dr. Stephen Henson
e45641bd17
Fix typo and add header files to err library.
2008-04-06 15:53:29 +00:00
Dr. Stephen Henson
d5a37b0293
Give consistent return value and add error code for duplicate certificates.
2008-04-06 15:41:25 +00:00
Dr. Stephen Henson
6819050722
Delete nonexistant function from pkcs7.h header file. WIN32 build fix from
...
stable branch. Sync and update ordinals.
2008-04-04 00:06:43 +00:00
Dr. Stephen Henson
3247812e34
Since OID NIDs with 0.9.8.
2008-04-02 10:48:34 +00:00
Dr. Stephen Henson
a5cdb7d5bd
Avoid warnings.
2008-04-01 16:29:42 +00:00
Andy Polyakov
2819ffb520
Fix fast reduction on NIST curves (as well BN_NIST_ADD_ONE macro).
...
PR: 1593
2008-04-01 08:39:08 +00:00
Dr. Stephen Henson
964c7e8f6d
Fix it properly this time....
2008-03-31 18:21:30 +00:00
Dr. Stephen Henson
f6a45ac5ac
Fix macro.
2008-03-31 18:14:10 +00:00
Dr. Stephen Henson
2e86f0d8d7
Use correct headers for signed receipts. Use consistent naming.
...
Update cms-test.pl to support OpenSSL 0.9.8.
2008-03-31 15:03:55 +00:00
Dr. Stephen Henson
e2a29d49ca
Update dependencies.
2008-03-29 21:11:25 +00:00
Dr. Stephen Henson
b99674103d
Remove unnecessary header.
2008-03-29 21:08:37 +00:00
Dr. Stephen Henson
36309aa2be
Signed receipt generation code.
2008-03-28 19:43:16 +00:00
Dr. Stephen Henson
eb9d8d8cd4
Support for verification of signed receipts.
2008-03-28 13:15:39 +00:00
Geoff Thorpe
f7ccba3edf
There was a need to support thread ID types that couldn't be reliably cast
...
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
f5e2354c9d
Add support for signed receipt request printout and generation.
2008-03-26 17:40:22 +00:00
Dr. Stephen Henson
f4cc56f494
Signed Receipt Request utility functions and option on CMS utility to
...
print out receipt requests.
2008-03-26 13:10:21 +00:00
Dr. Stephen Henson
be86c7fc87
Add signed receipt ASN1 structures. Initial GENERAL_NAME utility functions.
2008-03-24 22:14:02 +00:00
Dr. Stephen Henson
ab568a17cf
Fix duplicate asn1 ctrl values.
2008-03-23 14:13:45 +00:00
Dr. Stephen Henson
fe591284be
Update dependencies.
2008-03-22 18:52:03 +00:00
Geoff Thorpe
5ffba305c8
Comment out a (currently) unused CMS function. (Sorry Steve, but I need
...
-Werror right now to help me code-by-domino :-)
2008-03-19 23:08:20 +00:00
Dr. Stephen Henson
054307e7ed
Allow alternate eContentType oids to be set in cms utility.
...
Add id-ct-asciiTextWithCRLF OID.
Give more meaninful error message is attempt to use key ID from a certificate
without a key ID.
2008-03-19 19:34:30 +00:00
Dr. Stephen Henson
8cd358bef8
Rebuild CMS error codes.
2008-03-19 18:42:02 +00:00
Dr. Stephen Henson
eeb9cdfc94
Add support for KEK decrypt in cms utility.
2008-03-19 18:39:51 +00:00
Dr. Stephen Henson
16fe5f8b50
Produce meaningful error if sanity check fails.
...
Delete trailing whitespace from objects.txt
Delete duplicate NIDs.
2008-03-19 17:01:12 +00:00
Dr. Stephen Henson
041e7f2eee
Additional sanity check.
2008-03-19 14:18:36 +00:00
Dr. Stephen Henson
ab12438030
Add support for KEKRecipientInfo in cms application.
2008-03-19 13:53:52 +00:00
Dr. Stephen Henson
f7e85c371e
Uninitialized variable bug fix.
2008-03-18 18:18:25 +00:00
Dr. Stephen Henson
e4f0e40eac
Various tidies/fixes:
...
Make streaming support in cms cleaner.
Note errors in various S/MIME functions if CMS_final() fails.
Add streaming support for enveloped data.
2008-03-18 13:45:43 +00:00
Dr. Stephen Henson
6e3bc4f073
More support for KEK RecipientInfo.
...
Generalise RecipientInfo and enveloped data handling so applications can
add their own key lookup routines as well as using the standard ones.
2008-03-18 01:00:38 +00:00
Dr. Stephen Henson
c36e936b60
Partial support for KEKRecipientInfo type.
2008-03-17 18:11:27 +00:00
Dr. Stephen Henson
761ffa729f
Preliminary support for enveloped data content type creation.
...
Fix signed data creation so versions are only corrected if structure is
being created.
2008-03-17 13:38:51 +00:00
Geoff Thorpe
1e26a8baed
Fix a variety of warnings generated by some elevated compiler-fascism,
...
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
7c337e00d2
Fix some warnings.
2008-03-16 20:59:10 +00:00
Dr. Stephen Henson
deb21fbae9
Remove deleted function from header file, update mkfiles.pl
2008-03-16 18:41:20 +00:00
Dr. Stephen Henson
a981e2adbc
Add support for random key generation: this will be needed by enveloped data.
2008-03-16 13:05:03 +00:00
Dr. Stephen Henson
4f1aa191b3
Initial support for enveloped data decrypt. Extent runex.pl to cover these
...
examples. All RFC4134 examples can not be processed.
2008-03-15 23:21:33 +00:00
Dr. Stephen Henson
e540d1cd77
Check for cipher BIO errors and set key length after parameter decode.
2008-03-15 13:37:32 +00:00
Dr. Stephen Henson
fd47c36136
Return error if no cipher set for encrypted data type.
...
Update CHANGES.
2008-03-15 00:02:23 +00:00
Dr. Stephen Henson
d9f5f07e28
Initial support for Encrypted Data type generation.
2008-03-14 23:30:56 +00:00
Dr. Stephen Henson
320bfc1be7
Reorganise encrypted content info code to avoid duplication and be more
...
consistent with other content types.
2008-03-14 19:37:56 +00:00
Dr. Stephen Henson
b820455c6e
Encrypted Data type processing. Add options to cms utility and run section 7
...
tests in RFC4134.
2008-03-14 13:21:48 +00:00
Dr. Stephen Henson
5c4436c977
New utility functions for encryptedData content type which will also be used
...
by envelopedData.
Use PRE and not POST when freeing up RecipientInfo.
2008-03-14 00:58:43 +00:00
Dr. Stephen Henson
a78a03744d
Only call free once in CHOICE type.
2008-03-14 00:57:01 +00:00
Dr. Stephen Henson
31d3c84422
.cvignore file for cms
2008-03-13 00:50:02 +00:00
Dr. Stephen Henson
afff52a3ba
Free up additional data in RecipientInfo structure
2008-03-13 00:48:59 +00:00
Dr. Stephen Henson
8931b30d84
And so it begins...
...
Initial support for CMS.
Add zlib compression BIO.
Add AES key wrap implementation.
Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Dr. Stephen Henson
3964038fe6
#undef X509_EXTENSIONS to avoid conflict with CryptoAPI.
2008-03-12 00:37:31 +00:00
Dr. Stephen Henson
b510d77535
We already have an object for "zlib compression" but it was a place
...
holder and its actual encoding never used.
Just as well because it's value looks like it was made up in the mists of
time...
Now there is a registered value for zlib compression (used in S/MIME
compressedData content type) use that instead.
2008-02-29 14:24:52 +00:00
Dr. Stephen Henson
56c7754cab
Avoid warnings.
2008-02-28 14:05:01 +00:00
Dr. Stephen Henson
a70a49a018
Fix typo and avoid warning.
2008-02-28 13:18:26 +00:00
Andy Polyakov
61b05a0025
Make x86_64-mont.pl work with debug Win64 build.
2008-02-27 20:09:28 +00:00
Bodo Möller
7c9882eb24
fix BIGNUM flag handling
2008-02-27 06:01:28 +00:00
Dr. Stephen Henson
a9e96d724d
Use default value for $dir if it is empty.
2008-02-25 13:14:06 +00:00
Andy Polyakov
a23e3dbee1
Support for NASM>=2 in Win64/x64 build.
2008-02-13 13:07:52 +00:00
Dr. Stephen Henson
400ca0e467
Add OIDs for compressedData content type and zlib compression.
2008-02-12 13:48:10 +00:00
Dr. Stephen Henson
9536b85c07
Typo.
2008-02-12 01:24:50 +00:00
Dr. Stephen Henson
4d318c79b2
Utility attribute function to retrieve attribute data from an expected
...
type. Useful for many attributes which are single valued and can only
have one type.
2008-02-11 17:52:38 +00:00
Dr. Stephen Henson
1ad90a916b
Extend attribute setting routines to support non-string types.
2008-02-11 13:59:33 +00:00
Andy Polyakov
8ab9025e31
Ad-hockery for Platform SDK ml64.
2008-02-11 13:04:39 +00:00
Dr. Stephen Henson
9e5df8e448
Support custom primitive type printing routines and add one to LONG type.
2008-02-08 13:07:04 +00:00
Andy Polyakov
96d13fe62b
Micro-profiling assisted "optimization" for Power6. Essentially it's so
...
to say educational commit. Reordering instructions doesn't improve
performance much, rather exhibits Power6 limitations.
2008-02-06 10:18:19 +00:00
Andy Polyakov
089458b096
ppc64-mont optimization.
2008-02-05 13:10:14 +00:00
Andy Polyakov
339ad7ce73
rc5/asm/rc5-586.pl was erroneously omitted from last perlasm unification.
2008-01-17 19:48:01 +00:00
Andy Polyakov
676517e08e
crypto/rc5/Makefile was erroneously omitted from last perlasm unification.
...
Also remove obsolete and now misleading comments.
2008-01-15 11:27:06 +00:00
Dr. Stephen Henson
52108cecc0
<strings.h> does not exist under WIN32.
2008-01-14 18:10:55 +00:00
Andy Polyakov
addd641f3a
Unify ppc assembler make rules.
2008-01-13 22:01:30 +00:00
Andy Polyakov
ca55d11f84
Allow to specify filename on sha1-ia64.pl command line.
2008-01-13 17:43:11 +00:00
Andy Polyakov
abe7f8b457
Make all x86_64 modules independent on current working directory.
2008-01-13 17:42:04 +00:00
Andy Polyakov
a078befcbe
rc4-x86_64 portability fix.
2008-01-12 11:29:45 +00:00
Ben Laurie
f12797a447
Missing headers.
2008-01-12 11:22:31 +00:00
Andy Polyakov
fa8e921f66
Unify x86 perlasm make rules.
2008-01-11 13:15:11 +00:00
Dr. Stephen Henson
4d1f3f7a6c
Update perl asm scripts include paths for perlasm.
2008-01-05 22:28:38 +00:00
Andy Polyakov
ab0ff06205
Make aes-x86_64 work with debug Win64 build.
2008-01-05 18:17:20 +00:00
Andy Polyakov
79eeb47031
Make AES_T[ed] private to aes-586 module.
2008-01-05 08:58:18 +00:00
Andy Polyakov
731339627f
Last dso_dlfcn.c check-in said "Use Dl_info only on systems where it is
...
known to exist. It does not exist on AIX 4.3.3, AIX 5.1, SCO 5, or Cygwin"
and disabled it on banch of systems it's known to exists, such as FreeBSD,
Solaris, 64-bit HP-UX, MacOS X. Get it straight.
2008-01-04 23:03:23 +00:00
Andy Polyakov
26e71a1850
x86gas.pl update.
2008-01-04 22:58:50 +00:00
Dr. Stephen Henson
eef0c1f34c
Netware support.
...
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Andy Polyakov
3a87756fed
perlasm/x86*.pl updates.
2008-01-03 16:21:06 +00:00
Andy Polyakov
c8ec4a1b0b
Final (for this commit series) optimized version and with commentary section.
2007-12-29 20:30:09 +00:00
Andy Polyakov
699e1a3a82
This is also informational commit exposing loop modulo scheduling "factor."
2007-12-29 20:28:01 +00:00
Andy Polyakov
64214a2183
New Montgomery multiplication module, ppc64-mont.pl. Reference, non-optimized
...
implementation. This is essentially informational commit.
2007-12-29 20:26:46 +00:00
Andy Polyakov
0fcb905b0d
ppc-xlate.pl update.
2007-12-29 18:50:44 +00:00
Andy Polyakov
4be63cfb55
Source readability fix, which incidentally works around XLC compiler bug.
2007-12-29 18:32:34 +00:00
Andy Polyakov
ca64056836
Engage x86 assembler in Mac OS X build.
2007-12-18 17:33:49 +00:00
Andy Polyakov
df77428443
Mac OS X x86 assembler support.
2007-12-18 17:28:22 +00:00
Andy Polyakov
3e583572b3
Disable support for Metrowerks assembler. Assembler itself is broken,
...
specifically it incorrectly encodes EA offsets between 128 and 255.
2007-12-18 09:32:20 +00:00
Andy Polyakov
43d8f27dca
x86 perlasm overhaul.
2007-12-18 09:18:49 +00:00
Dr. Stephen Henson
b045299113
Avoid aliasing warning.
2007-12-16 13:57:44 +00:00
Dr. Stephen Henson
cec2538ca9
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
...
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
2007-12-04 12:41:28 +00:00
Richard Levitte
28f7e60d47
Change submitted by Doug Kaufman. He writes:
...
I just compiled the 9.9-dev version from the 12022007 tarball under
DJGPP. There were only 2 changes needed, one for b_sock.c, since
DJGPP with WATT32 doesn't define socklen_t and one for testtsa to
handle DOS style path separators. I also noted what seems to be a
typographical error in ts.pod. The test suite passes. The patch is
attached.
Since I am in the US, I have sent notifications to the Bureau of
Industry and Security and to the NSA.
2007-12-03 09:02:29 +00:00
Andy Polyakov
544b82e493
Some assembler are allergic to lea reg,BYTE PTR[...].
...
Submitted by: Guenter Knauf
2007-12-02 21:32:03 +00:00
Andy Polyakov
8789af8db8
Structure symbol decorations, optimize label handling...
2007-11-24 16:03:57 +00:00
Dr. Stephen Henson
1ad6a1b5e9
Rebuild OID database: duplicates got in there somehow??
2007-11-23 00:34:00 +00:00
Dr. Stephen Henson
6e150083bb
Fix from stable branch.
2007-11-23 00:19:24 +00:00
Dr. Stephen Henson
98d8baabbd
Add caRepository OID and sync object NIDs with OpenSSL 0.9.8.
2007-11-23 00:14:59 +00:00
Andy Polyakov
c1d2e00ec5
Synchronize x86nasm.pl with x86unix.pl.
2007-11-22 21:21:35 +00:00
Andy Polyakov
ad8bd4ece8
Combat [bogus] relocations in some assember modules.
2007-11-22 20:51:48 +00:00
Dr. Stephen Henson
2f0550c4c1
Lookup public key ASN1 methods by string by iterating through all
...
implementations instead of all added ENGINEs to cover case where an
ENGINE is not added.
2007-11-21 17:25:58 +00:00
Dr. Stephen Henson
94e6ae7a69
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
...
Make {d2i,i2d}_PrivateKey() fall back to PKCS#8 format if no legacy format
supported. Add support in d2i_AutoPrivateKey().
2007-11-20 13:37:51 +00:00
Dr. Stephen Henson
f670738987
Rebuild object cross reference table.
2007-11-20 13:04:45 +00:00
Bodo Möller
4726fcfc25
Should reject signatures that we can't properly verify
...
and couldn't generate
(as pointed out by Ernst G Giessmann)
2007-11-19 07:25:55 +00:00
Bodo Möller
da989402f2
The hash length check wasn't strict enough,
...
as pointed out by Ernst G Giessmann
2007-11-16 13:01:14 +00:00
Andy Polyakov
70ba4ee5d5
Commit #16325 fixed one thing but broke DH with certain moduli.
2007-11-03 20:09:04 +00:00
Lutz Jänicke
86140095b5
Add OIDs by CMP (RFC 4210) and CRMF (RFC 4211)
...
Submitted by: Martin Peylo <martinmeis@googlemail.com>
2007-11-01 08:24:56 +00:00
Dr. Stephen Henson
0e1dba934f
1. Changes for s_client.c to make it return non-zero exit code in case
...
of handshake failure
2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).
3. Changes to EVP
- adding of function EVP_PKEY_CTX_get0_peerkey
- Make function EVP_PKEY_derive_set_peerkey work for context with
ENCRYPT operation, because we use peerkey field in the context to
pass non-ephemeral secret key to GOST encrypt operation.
- added EVP_PKEY_CTRL_SET_IV control command. It is really
GOST-specific, but it is used in SSL code, so it has to go
in some header file, available during libssl compilation
4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data
5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
make debugging output which depends on constants defined there, work
and other KSSL_DEBUG output fixes
6. Declaration of real GOST ciphersuites, two authentication methods
SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST
7. Implementation of these methods.
8. Support for sending unsolicited serverhello extension if GOST
ciphersuite is selected. It is require for interoperability with
CryptoPro CSP 3.0 and 3.6 and controlled by
SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
This constant is added to SSL_OP_ALL, because it does nothing, if
non-GOST ciphersuite is selected, and all implementation of GOST
include compatibility with CryptoPro.
9. Support for CertificateVerify message without length field. It is
another CryptoPro bug, but support is made unconditional, because it
does no harm for draft-conforming implementation.
10. In tls1_mac extra copy of stream mac context is no more done.
When I've written currently commited code I haven't read
EVP_DigestSignFinal manual carefully enough and haven't noticed that
it does an internal digest ctx copying.
This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Andy Polyakov
ebc06fba67
Bunch of constifications.
2007-10-13 15:51:32 +00:00
Andy Polyakov
ae1552ee99
Addendum to commit #16654 .
2007-10-09 16:37:24 +00:00
Andy Polyakov
debf380122
size_t-fy crypto/buffer.
2007-10-09 15:52:07 +00:00
Ralf S. Engelschall
ddb038d349
ignore a few additionally generated files
2007-10-09 09:56:44 +00:00
Dr. Stephen Henson
fcd1cb666c
Fix from fips branch.
2007-10-05 16:53:31 +00:00
Andy Polyakov
0023adb47a
Switch to bn-s390x (it's faster on keys longer than 512 bits) and mention
...
s390x assembler pack in CHANAGES.
2007-10-01 07:38:32 +00:00
Andy Polyakov
7722e53f12
Yet another ARM update. It appears to be more appropriate to make
...
developers responsible for -march choice.
2007-09-27 16:27:03 +00:00
Andy Polyakov
4c7c5ff667
ARMv4 assembler pack.
2007-09-27 07:09:46 +00:00
Andy Polyakov
d7e915616d
10% performance tweak in 64-bit mode.
2007-09-27 06:19:25 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Andy Polyakov
74eb3e0914
Make sha512-armv4.pl byte-order neutral.
2007-09-26 12:17:33 +00:00
Andy Polyakov
79fe664f19
Clarify commentary in sha512-sparcv9.pl.
2007-09-26 12:16:32 +00:00
Lutz Jänicke
5f0477f47b
Typos
...
PR: 1578
Submitted by: Charles Longeau <chl@tuxfamily.org>
2007-09-24 11:22:58 +00:00
Lutz Jänicke
7bbce69721
Port from 0.9.8-stable
2007-09-24 11:01:18 +00:00
Ben Laurie
9311c4421a
Fix dependencies. Make depend.
2007-09-19 14:53:18 +00:00
Andy Polyakov
a005fb019f
Addenum to "Constify obj_dat.[ch]."
2007-09-18 22:15:31 +00:00
Andy Polyakov
b5e5760d01
Minor formatting fixes in crypto/sha/asm.
2007-09-18 21:12:02 +00:00
Andy Polyakov
cf2bc94e5c
Wire RC4 key_table to read-only segment.
2007-09-18 21:10:32 +00:00
Andy Polyakov
26f0cf69d3
Constify obj_dat.[ch], as well as minimize linker relocations.
2007-09-18 21:05:21 +00:00
Andy Polyakov
61836c1b70
Wire DES weak_keys to read-only segment.
2007-09-18 20:58:33 +00:00
Andy Polyakov
2a1b0c8d65
Eliminate redundant make rule.
2007-09-18 20:57:06 +00:00
Andy Polyakov
75a8e30f4f
Minimize stack utilization in probable_prime.
2007-09-18 20:52:05 +00:00
Andy Polyakov
716b87a026
Remove excessive whitespaces from bio.h
2007-09-18 20:48:39 +00:00
Bodo Möller
08b229e13f
Make sure that BN_from_montgomery keeps the BIGNUMS in proper format
2007-09-18 16:35:28 +00:00
Andy Polyakov
eff371c866
Remove pq_compat.h.
2007-09-16 19:29:35 +00:00
Andy Polyakov
8dc899dee4
Minor sha[256|512]-586 performance tweaks.
2007-09-16 18:47:24 +00:00
Andy Polyakov
cc3d7bd0fc
It's inappropraite to override application signal, nor is it appropriate
...
to shut down Winsock unless we know it won't be used [and we never do].
PR: 1439
2007-09-16 18:35:02 +00:00
Andy Polyakov
77519b51db
Make bn2dec work on "SIXTY_FOUR_BIT" platforms.
...
PR: 1456
2007-09-15 17:05:11 +00:00
Andy Polyakov
1a01868e35
Remove sha512-sse2.pl.
2007-09-15 13:45:17 +00:00
Andy Polyakov
563d3e5948
Engage new x86 assembler modules.
2007-09-14 21:06:14 +00:00
Dr. Stephen Henson
7c5921e736
Handle empty case in X509_NAME canonical encoding.
2007-09-14 18:11:17 +00:00
Andy Polyakov
399f94bfb4
Commentary updates.
2007-09-13 07:27:10 +00:00
Andy Polyakov
1fa29843fa
SHA512 for ARMv4.
2007-09-13 07:26:35 +00:00
Andy Polyakov
ee0449b17c
SHA256/512 for x86.
2007-09-13 07:26:19 +00:00
Dr. Stephen Henson
a6fbcb4220
Change safestack reimplementation to match 0.9.8.
...
Fix additional gcc 4.2 value not used warnings.
2007-09-07 13:25:15 +00:00
Andy Polyakov
a5804a750b
Add sha512_block implementation optimized for small register bank.
...
On x86 it gives same performance, while code size shrinks >10 times.
2007-09-07 12:34:45 +00:00
Dr. Stephen Henson
81025661a9
Update ssl code to support digests other than MD5+SHA1 in handshake.
...
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
2007-08-31 12:42:53 +00:00
Andy Polyakov
4ece7eb6f4
Constify seed and md2.
2007-08-31 10:12:35 +00:00
Andy Polyakov
1c56e95e28
Compress and more aggressively constify ec_curve.c [the latter is
...
achieved by minimizing link relocations].
2007-08-31 09:36:43 +00:00
Andy Polyakov
d8803d5ae6
aes_ige suffered SIGBUS on RISC platforms.
2007-08-29 21:30:13 +00:00
Andy Polyakov
0ddd3ea217
Make naming more consistent.
2007-08-28 21:02:38 +00:00
Andy Polyakov
6a8517f274
Make room for Camellia assembler.
2007-08-28 20:45:25 +00:00
Andy Polyakov
55eab3b74b
Make x86_64 modules work under Win64/x64.
2007-08-23 12:01:58 +00:00
Andy Polyakov
dc0fcb98df
Workaround MSVC6 compiler bug.
2007-08-23 11:59:53 +00:00
Dr. Stephen Henson
167066fed4
Fix for asm/no-asm on WIN32.
2007-08-13 02:24:26 +00:00
Dr. Stephen Henson
710069c19e
Fix warnings.
2007-08-12 17:44:32 +00:00
Andy Polyakov
9d35d08ab6
Typo in ppccpuid.pl.
2007-07-31 18:19:40 +00:00
Andy Polyakov
983180bb8b
Buglet fixes and minor optimization in aes-x86_86 assembler.
2007-07-30 16:42:57 +00:00
Andy Polyakov
cdb0392159
Make preprocessor logic more fail-safe.
2007-07-30 11:53:01 +00:00
Andy Polyakov
1891f5b395
As for inline vs. __inline. The original code implies that most compilers
...
understand inline, while WIN32 ones insist on __inline. Well, there are
other compilers that insist on __inline. At the same time it turned out
that most compilers understand both __inline and inline. I could find
only one that doesn't understand __inline, Sun C. In other words it seems
that __inline as preferred choice provides better coverage...
2007-07-30 11:42:08 +00:00
Andy Polyakov
a3963619f6
Make ppccpuid AIX friendly.
2007-07-30 08:47:32 +00:00
Andy Polyakov
34994068a4
Respect ISO aliasing rules.
...
PR: 1296
2007-07-27 20:34:10 +00:00
Andy Polyakov
afaad0ada6
AES for IA64 update.
2007-07-27 18:20:52 +00:00
Andy Polyakov
05f9cb3b77
ia64cpuid update.
2007-07-27 18:03:27 +00:00
Andy Polyakov
1988a456a7
x86 perlasm updates.
2007-07-25 12:38:11 +00:00
Andy Polyakov
a61710b868
Allow for option to skip hardware support.
2007-07-23 20:38:57 +00:00
Andy Polyakov
20f7563f3d
md32_common.h update.
2007-07-23 13:57:15 +00:00
Andy Polyakov
3df2eff4bd
x86*cpuid update.
2007-07-21 14:46:27 +00:00
Andy Polyakov
a415ebd026
Complete synchronization of aes-x86_64 with aes-586.
2007-07-21 14:20:46 +00:00
Andy Polyakov
52ee3d01ae
Lppc_AES_[en|de]crypt_compact: size optimization.
2007-07-19 15:31:22 +00:00
Andy Polyakov
e59f992be6
Minor optimization in AES_set_encryption_key for x86_64.
2007-07-19 14:59:26 +00:00
Andy Polyakov
8bae7722a2
_x86_64_AES_[en|de]crypt_compact: size optimization and aggressive
...
T[ed]4 prefetch.
2007-07-19 14:29:41 +00:00
Andy Polyakov
287a9ee76e
gas -g doesn't tolerate unpadded .bytes in code segment.
2007-07-13 21:35:56 +00:00
Andy Polyakov
96b0f6c16d
Various minor updates to AES assembler modules.
2007-07-13 17:42:13 +00:00
Andy Polyakov
e1612ea59d
Add _x86_64_AES_[en|de]crypt_compact.
2007-07-13 17:39:40 +00:00
Andy Polyakov
71f4ea44eb
EVP_*_cfb1 was broken.
...
PR: 1318
2007-07-08 19:14:02 +00:00
Andy Polyakov
35295bdbee
bn_mul_recursive doesn't handle all cases correctly, which results in
...
BN_mul failures at certain key-length mixes.
PR: 1427
2007-07-08 18:53:03 +00:00