Andy Polyakov
d364506a24
ghash-x86_64.pl: "528B" variant delivers further >30% improvement.
2010-06-09 15:05:59 +00:00
Andy Polyakov
04e2b793d6
ghash-x86.pl: commentary updates.
2010-06-09 15:05:14 +00:00
Andy Polyakov
8525950e7e
ghash-x86.pl: "528B" variant of gcm_ghash_4bit_mmx gives 20-40%
...
improvement.
2010-06-04 13:21:01 +00:00
Andy Polyakov
d08eae1bda
x86 perlasm: add support for 16-bit values.
2010-06-04 13:13:18 +00:00
Dr. Stephen Henson
3cbb15ee81
add CVE-2010-0742 and CVS-2010-1633 fixes
2010-06-01 14:39:01 +00:00
Andy Polyakov
f9a152bd90
x86_64-xlate.pl: refine mingw support and regexps, update commentary.
2010-06-01 05:56:24 +00:00
Dr. Stephen Henson
eadfa019b3
fix PR#2261 in a different way
2010-05-31 13:18:21 +00:00
Dr. Stephen Henson
9799937510
PR: 2278
...
Submitted By: Mattias Ellert <mattias.ellert@fysast.uu.se>
Fix type checking macro SKM_ASN1_SET_OF_i2d
2010-05-29 12:49:20 +00:00
Dr. Stephen Henson
cb877ccb35
PR: 2258
...
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Base64 BIO fixes:
Use OPENSSL_assert() instead of assert().
Use memmove() as buffers overlap.
Fix write retry logic.
2010-05-27 12:41:05 +00:00
Dr. Stephen Henson
3d4fc82c0e
PR: 2266
...
Submitted By: Jonathan Gray <jsg@goblin.cx>
Correct ioctl definitions.
2010-05-26 23:23:34 +00:00
Andy Polyakov
e747f4d418
gcm128.c: P.-M. Hager has tipped about possibility to fold reductions
...
in gcm_ghash_4bit. Taking the idea a step further I've added extra
256+16 bytes of per-key storage, so that one can speak about 3rd variant
in addition to "256B" and "4KB": "528B" one. Commonly it should be
~50% faster than "256B" implementation or ~25% slower than "4KB" one.
2010-05-26 21:36:36 +00:00
Andy Polyakov
07e29c1234
ghash-x86.pl: MMX optimization (+20-40%) and commentary update.
2010-05-23 12:37:01 +00:00
Andy Polyakov
fb2d5a91e9
gcm128.c: commentary update.
2010-05-23 12:35:41 +00:00
Dr. Stephen Henson
ca96d38981
PR: 2251
...
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org
Memleak, BIO chain leak and realloc checks in v3_pci.c
2010-05-22 00:30:41 +00:00
Dr. Stephen Henson
9f08866940
Stop compiler complaining in pedantic mode: may be a better way to do this...
2010-05-22 00:20:42 +00:00
Dr. Stephen Henson
19674b5a1d
PR: 2253
...
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Check callback return value when outputting errors.
2010-05-15 00:34:06 +00:00
Andy Polyakov
629fd3aa91
rc4-x86_64.pl: "Westmere" optimization.
2010-05-13 21:01:24 +00:00
Andy Polyakov
1aa8a6297c
ghash-x86[_64].pl: add due credit.
2010-05-13 17:21:52 +00:00
Andy Polyakov
c1f092d14e
GCM "jumbo" update:
...
- gcm128.c: support for Intel PCLMULQDQ, readability improvements;
- asm/ghash-x86.pl: splitted vanilla, MMX, PCLMULQDQ subroutines;
- asm/ghash-x86_64.pl: add PCLMULQDQ implementations.
2010-05-13 15:32:43 +00:00
Andy Polyakov
ea7239cf15
x86asm.pl: consistency imrovements.
2010-05-13 15:28:07 +00:00
Andy Polyakov
046ea30864
x86_64-xlate.pl: refine some regexp's and add support for OWORD/QWORD PTR.
2010-05-13 15:26:46 +00:00
Andy Polyakov
3efe51a407
Revert previous Linux-specific/centric commit#19629. If it really has to
...
be done, it's definitely not the way to do it. So far answer to the
question was to ./config -Wa,--noexecstack (adopted by RedHat).
2010-05-05 22:05:39 +00:00
Ben Laurie
0e3ef596e5
Non-executable stack in asm.
2010-05-05 15:50:13 +00:00
Andy Polyakov
f472ec8c2f
"Jumbo" update for crypto/modes:
...
- introduce common modes_lcl.h;
- ctr128.c: implement additional CRYPTO_ctr128_encrypt_ctr32 interface;
- gcm128.c: add omitted ARM initialization, remove ctx.ctr;
2010-05-04 19:23:02 +00:00
Andy Polyakov
8a682556b4
Add ghash-armv4.pl.
2010-05-03 18:23:29 +00:00
Dr. Stephen Henson
efcf5f1c50
PR: 2244
...
Submitted By: "PMHager" <hager@dortmund.net>
Initialise pkey callback to 0.
2010-05-03 12:50:36 +00:00
Dr. Stephen Henson
a033c3c72b
PR: 2250
...
Submitted By: Ger Hobbelt <ger@hobbelt.com>
Don't overwrite return value with strlen(f).
2010-05-03 12:24:01 +00:00
Dr. Stephen Henson
359b0c9fb8
experimental function to convert ASN1_TIME to tm, not used or even compiled in yet
2010-05-03 12:17:44 +00:00
Ben Laurie
19f7e5e24a
Missing declarations, no assembler in PEDANTIC.
2010-05-01 14:41:25 +00:00
Andy Polyakov
bb92e2c89b
bss_file.c: refine UTF-8 logic on Windows.
2010-04-28 20:02:28 +00:00
Andy Polyakov
5e19ee96f6
Add ghash-parisc.pl.
2010-04-28 18:51:45 +00:00
Andy Polyakov
8a1c92ce49
Take gcm128.c and ghash assembler modules into the build loop.
2010-04-22 21:36:26 +00:00
Andy Polyakov
d183244b43
bss_file.c: reserve for option to encode file name with UTF-8.
2010-04-21 20:38:21 +00:00
Andy Polyakov
5e60dba84f
md5-ia64.S: fix assembler warning.
2010-04-20 20:40:46 +00:00
Dr. Stephen Henson
9a8a7d58af
PR: 2241
...
Submitted By: Artemy Lebedev <vagran.ast@gmail.com>
Typo.
2010-04-20 12:53:18 +00:00
Dr. Stephen Henson
1bf508c9cf
new function to diff tm structures
2010-04-15 13:25:26 +00:00
Dr. Stephen Henson
799668c1ce
oops revert patch not part of Configure diff
2010-04-15 13:24:20 +00:00
Dr. Stephen Henson
7f7f155103
oops, commit Configure part of PR#2234
2010-04-15 13:17:15 +00:00
Dr. Stephen Henson
d7f573fea6
PR: 2235
...
Submitted By: Bruce Stephens <bruce.stephens@isode.com>
Make ts/Makefile consistent with other Makefiles.
2010-04-14 23:04:12 +00:00
Andy Polyakov
1fd79f66ea
x86_64cpuid.pl: ml64 is allergic to db on label line.
2010-04-14 19:24:48 +00:00
Andy Polyakov
4f39edbff1
gcm128.c and assembler modules: change argument order for gcm_ghash_4bit.
...
ghash-x86*.pl: fix performance numbers for Core2, as it turned out
previous ones were "tainted" by variable clock frequency.
2010-04-14 19:04:51 +00:00
Andy Polyakov
6a1823b371
[co]fb128.c: fix "n=0" bug.
2010-04-14 07:47:28 +00:00
Andy Polyakov
109757d254
aes-ppc.pl: 10% performance improvement on Power6.
2010-04-10 14:53:17 +00:00
Andy Polyakov
a595baff9f
gcm128.c: commentary and formatting updates.
2010-04-10 14:02:26 +00:00
Andy Polyakov
67a315b60b
cts128.c: add support for NIST "Ciphertext Stealing" proposal.
2010-04-10 14:01:02 +00:00
Andy Polyakov
6c83629bd9
AESNI engine: add counter mode.
2010-04-10 13:56:59 +00:00
Andy Polyakov
fead253986
perlasm/x86*: add support to SSE>2 and pclmulqdq. x86_64-xlate.pl provides
...
correct solution to problem addressed in committ #19244 .
2010-04-10 13:55:05 +00:00
Andy Polyakov
9a649f3b46
sha1-alpha.pl: addenum till commit #19547 .
2010-04-10 13:51:20 +00:00
Andy Polyakov
f62df694ad
ctr129.c: fix typo, simplify ctr128_inc and fix "n=0" bug.
2010-04-10 13:46:53 +00:00
Andy Polyakov
42feba4797
Add ghash-alpha.pl assembler module.
2010-04-10 13:44:20 +00:00
Andy Polyakov
3c01a1e89e
sha1-alpha.pl: engage it in build.
2010-04-10 13:43:26 +00:00
Andy Polyakov
6a79b3cb93
sparccpuid.S: some assembler is allergic to apostrophes in comments.
2010-04-10 13:36:34 +00:00
Andy Polyakov
d23f4e9d5a
alpha-mont.pl: comply with stack alignment requirements.
2010-04-10 13:33:04 +00:00
Dr. Stephen Henson
00a37b5a9b
PR: 2220
...
Fixes to make OpenSSL compile with no-rc4
2010-04-06 11:18:59 +00:00
Andy Polyakov
471d0eb397
cryptlib.c: allow application to override OPENSSL_isservice.
...
PR: 2194
2010-03-29 10:06:01 +00:00
Andy Polyakov
97a6a01f0f
ARMv4 assembler: fix compilation failure. Fix is actually unconfirmed, but
...
I can't think of any other cause for failure
2010-03-29 09:55:19 +00:00
Andy Polyakov
2a460c1aa8
dso_dlfcn.c: fix compile failure on Tru64.
2010-03-29 09:50:02 +00:00
Dr. Stephen Henson
216811b216
PR: 1696
...
Check return value if d2i_PBEPARAM().
2010-03-28 00:42:38 +00:00
Dr. Stephen Henson
3ac75e21a1
PR: 1763
...
Remove useless num = 0 assignment.
Remove redundant cases on sock_ctrl(): default case handles them.
2010-03-27 23:28:09 +00:00
Dr. Stephen Henson
08df41277a
PR: 1904
...
Submitted by: David Woodhouse <dwmw2@infradead.org>
Pass passphrase minimum length down to UI.
2010-03-27 19:31:55 +00:00
Dr. Stephen Henson
ac495542a6
PR: 1813
...
Submitted by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Fix memory leak when engine name cannot be loaded.
2010-03-27 18:28:02 +00:00
Andy Polyakov
26c00de46d
rand_win.c: fix logical bug in readscreen.
2010-03-22 22:44:22 +00:00
Andy Polyakov
3dd303129f
bss_file.c: fix MSC 6.0 warning.
2010-03-22 22:38:56 +00:00
Andy Polyakov
c3473126b1
GHASH assembler: new ghash-sparcv9.pl module and saner descriptions.
2010-03-22 17:24:18 +00:00
Andy Polyakov
f2fccce4bd
Fix UPLINK typo.
2010-03-15 22:25:57 +00:00
Andy Polyakov
480cd6ab6e
ghash-ia64.pl: new file, GHASH for Itanium.
...
ghash-x86_64.pl: minimize stack frame usage.
ghash-x86.pl: modulo-scheduling MMX loop in respect to input vector
results in up to 10% performance improvement.
2010-03-15 19:07:52 +00:00
Dr. Stephen Henson
e19f6678f5
print signature parameters with CRLs too
2010-03-14 13:10:48 +00:00
Dr. Stephen Henson
8d207ee3d1
add X509_CRL_sign_ctx function
2010-03-14 12:52:38 +00:00
Dr. Stephen Henson
e45c32fabf
missing goto meant signature was never printed out
2010-03-12 12:06:48 +00:00
Dr. Stephen Henson
a907165250
Submitted by: Martin Kaiser
...
Reject PSS signatures with unsupported trailer value.
2010-03-11 23:11:36 +00:00
Dr. Stephen Henson
e62774c3b9
alg2 can be NULL
2010-03-11 19:27:03 +00:00
Andy Polyakov
f093794e55
Add GHASH x86_64 assembler.
2010-03-11 16:19:46 +00:00
Dr. Stephen Henson
17c63d1cca
RSA PSS ASN1 signing method
2010-03-11 14:06:46 +00:00
Dr. Stephen Henson
877669d69c
typo
2010-03-11 14:04:54 +00:00
Dr. Stephen Henson
1c8d92997d
ctrl operations to retrieve RSA algorithm settings
2010-03-11 13:55:18 +00:00
Dr. Stephen Henson
bf8883b351
Add support for new PSS functions in RSA EVP_PKEY_METHOD
2010-03-11 13:45:42 +00:00
Dr. Stephen Henson
e8254d406f
Extend PSS padding code to support different digests for MGF1 and message.
2010-03-11 13:40:42 +00:00
Dr. Stephen Henson
85522a074c
Algorithm specific ASN1 signing functions.
2010-03-11 13:32:38 +00:00
Dr. Stephen Henson
31d66c2a98
update cms code to use X509_ALGOR_set_md instead of internal function
2010-03-11 13:29:39 +00:00
Dr. Stephen Henson
ce25c7207b
New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier)
...
from a digest algorithm.
2010-03-11 13:27:05 +00:00
Andy Polyakov
e3a510f8a6
Add GHASH x86 assembler.
2010-03-09 23:03:33 +00:00
Dr. Stephen Henson
b17bdc7734
PR: 2188
...
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>
Add "missing" functions to get and set prompt constructor.
2010-03-09 17:24:33 +00:00
Dr. Stephen Henson
d6eebf6d8a
reserve a few more bits for future cipher modes
2010-03-08 23:48:21 +00:00
Andy Polyakov
2262beef2e
gcm128.c: add option for streamed GHASH, simple benchmark, minor naming
...
change.
2010-03-08 22:44:37 +00:00
Dr. Stephen Henson
31904ecdf3
RSA PSS verification support including certificates and certificate
...
requests. Add new ASN1 signature initialisation function to handle this
case.
2010-03-08 18:10:35 +00:00
Dr. Stephen Henson
a4d9c12f99
correct error code
2010-03-08 18:07:05 +00:00
Dr. Stephen Henson
809cd0a22d
print outermost signature algorithm parameters too
2010-03-07 17:02:47 +00:00
Dr. Stephen Henson
7ed485bc9f
The OID sanity check was incorrect. It should only disallow *leading* 0x80
...
values.
2010-03-07 16:40:05 +00:00
Dr. Stephen Henson
069d4cfea5
although AES is a variable length cipher, AES EVP methods have a fixed key length
2010-03-07 15:54:26 +00:00
Dr. Stephen Henson
49436b59b5
oops, make EVP ctr mode work again
2010-03-07 15:52:41 +00:00
Dr. Stephen Henson
9ef6fe8c2e
typo
2010-03-07 15:37:37 +00:00
Dr. Stephen Henson
63b825c9d4
add separate PSS decode function, rename PSS parameters to RSA_PSS_PARAMS
2010-03-07 13:34:51 +00:00
Dr. Stephen Henson
77f4b6ba4f
add MGF1 digest ctrl
2010-03-07 13:34:15 +00:00
Dr. Stephen Henson
a5667732b9
update ASN1 sign/verify to use EVP_DigestSign and EVP_DigestVerify
2010-03-07 12:05:45 +00:00
Dr. Stephen Henson
1708456220
don't add digest alias if signature algorithm is undefined
2010-03-06 20:47:30 +00:00
Dr. Stephen Henson
ff04bbe363
Add PSS algorithm printing. This is an initial step towards full PSS support.
...
Uses ASN1 module in Martin Kaiser's PSS patch.
2010-03-06 19:55:25 +00:00
Dr. Stephen Henson
148924c1f4
fix indent, newline
2010-03-06 18:14:13 +00:00
Dr. Stephen Henson
fa1ba589f3
Add algorithm specific signature printing. An individual ASN1 method can
...
now print out signatures instead of the standard hex dump.
More complex signatures (e.g. PSS) can print out more meaningful information.
Sample DSA version included that prints out the signature parameters r, s.
[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
new fields in the middle has no compatibility issues]
2010-03-06 18:05:05 +00:00
Dr. Stephen Henson
8c4ce7bab2
Fix memory leak: free up ENGINE functional reference if digest is not
...
found in an ENGINE.
2010-03-05 13:33:21 +00:00
Dr. Stephen Henson
b5cfc2f590
option to replace extensions with new ones: mainly for creating cross-certificates
2010-03-03 20:13:30 +00:00
Dr. Stephen Henson
ebaa2cf5b2
PR: 2183
...
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
2010-03-03 19:56:34 +00:00
Dr. Stephen Henson
2c772c8700
don't mix definitions and code
2010-03-03 15:30:42 +00:00
Andy Polyakov
e7f5b1cd42
Initial version of Galois Counter Mode implementation. Interface is still
...
subject to change...
2010-03-02 16:33:25 +00:00
Andy Polyakov
80dfadfdf3
ppccap.c: portability fix.
2010-03-02 16:28:29 +00:00
Andy Polyakov
d8c7bd6e11
Fix s390x-specific HOST_l2c|c2l.
...
Submitted by: Andreas Krebbel
2010-03-02 16:23:40 +00:00
Dr. Stephen Henson
f84c85b0e3
PR: 2178
...
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>
Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.
2010-03-01 23:54:47 +00:00
Dr. Stephen Henson
ff2fdbf2f8
oops, reinstate correct prototype
2010-03-01 03:01:27 +00:00
Dr. Stephen Henson
da3955256d
'typo'
2010-03-01 01:53:34 +00:00
Dr. Stephen Henson
5e28ccb798
make USE_CRYPTODEV_DIGESTS work
2010-03-01 01:19:18 +00:00
Dr. Stephen Henson
a6575572c6
load cryptodev if HAVE_CRYPTODEV is set too
2010-03-01 00:40:10 +00:00
Dr. Stephen Henson
c3951d8973
update cryptodev to match 1.0.0 stable branch version
2010-03-01 00:37:58 +00:00
Ben Laurie
19ec2f4194
Fix warnings (note that gcc 4.2 has a bug that makes one of its
...
warnings hard to fix without major surgery).
2010-02-28 14:22:56 +00:00
Dr. Stephen Henson
37c541faed
Revert CFB block length change. Despite what SP800-38a says the input to
...
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
2010-02-26 14:41:58 +00:00
Dr. Stephen Henson
db28aa86e0
add -trusted_first option and verify flag
2010-02-25 12:21:48 +00:00
Dr. Stephen Henson
2da2ff5065
tidy verify code. xn not used any more and check for self signed more efficiently
2010-02-25 11:18:26 +00:00
Dr. Stephen Henson
fbd2164044
Experimental support for partial chain verification: if an intermediate
...
certificate is explicitly trusted (using -addtrust option to x509 utility
for example) the verification is sucessful even if the chain is not complete.
2010-02-25 00:17:22 +00:00
Dr. Stephen Henson
9b3d75706e
verify parameter enumeration functions
2010-02-25 00:08:23 +00:00
Dr. Stephen Henson
b1efb7161f
Include self-signed flag in certificates by checking SKID/AKID as well
...
as issuer and subject names. Although this is an incompatible change
it should have little impact in pratice because self-issued certificates
that are not self-signed are rarely encountered.
2010-02-25 00:01:38 +00:00
Dr. Stephen Henson
df4c395c6d
add anyExtendedKeyUsage OID
2010-02-24 15:53:58 +00:00
Dr. Stephen Henson
385a488c43
prevent warning
2010-02-24 15:24:19 +00:00
Andy Polyakov
ea746dad5e
Reserve for option to implement AES counter in assembler.
2010-02-23 16:51:24 +00:00
Andy Polyakov
d976f99294
Add AES counter mode to EVP.
2010-02-23 16:48:41 +00:00
Andy Polyakov
e5a4de9e44
Add assigned OIDs, as well as "anonymous" ones for AES counter mode.
2010-02-23 16:47:17 +00:00
Bodo Möller
2d9dcd4ff0
Always check bn_wexpend() return values for failure (CVE-2009-3245).
...
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)
Submitted by: Neel Mehta
2010-02-23 10:36:35 +00:00
Bodo Möller
a839755329
Fix X509_STORE locking
2010-02-19 18:27:07 +00:00
Dr. Stephen Henson
47e0a1c335
PR: 2100
...
Submitted by: James Baker <jbaker@tableausoftware.com> et al.
Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:41 +00:00
Dr. Stephen Henson
1458b931eb
The "block length" for CFB mode was incorrectly coded as 1 all the time. It
...
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
2010-02-15 19:40:16 +00:00
Dr. Stephen Henson
20eb7238cb
Correct ECB mode EVP_CIPHER definition: IV length is 0
2010-02-15 19:26:02 +00:00
Dr. Stephen Henson
79cfc3ac54
add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable
2010-02-15 19:20:13 +00:00
Dr. Stephen Henson
918a5d04e4
PR: 2164
...
Submitted by: "Noszticzius, Istvan" <inoszticzius@rightnow.com>
Don't clear the output buffer: ciphers should correctly the same input
and output buffers.
2010-02-15 19:00:12 +00:00
Dr. Stephen Henson
29e722f031
Fix memory leak in ENGINE autoconfig code. Improve error logging.
2010-02-09 14:17:14 +00:00
Dr. Stephen Henson
e3e31ff482
Use supplied ENGINE when initialising CMAC. Restore pctx setting.
2010-02-08 16:31:28 +00:00
Dr. Stephen Henson
bae060c06a
add cvsignore
2010-02-08 15:34:02 +00:00
Dr. Stephen Henson
0ff907caf8
Make update.
2010-02-08 15:33:23 +00:00
Dr. Stephen Henson
c8ef656df2
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
8c968e0355
Initial experimental CMAC implementation.
2010-02-07 18:01:07 +00:00
Dr. Stephen Henson
cc0661374f
make update
2010-02-07 13:54:30 +00:00
Dr. Stephen Henson
089f02c577
oops, use new value for new flag
2010-02-07 13:50:36 +00:00
Dr. Stephen Henson
c2bf720842
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
...
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
2010-02-07 13:39:39 +00:00
Dr. Stephen Henson
c95bf51167
don't assume 0x is at start of string
2010-02-03 18:19:22 +00:00
Dr. Stephen Henson
2712a2f625
tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
2010-02-02 14:30:39 +00:00
Dr. Stephen Henson
17ebc10ffa
PR: 2161
...
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.
Make no-dsa, no-ecdsa and no-rsa compile again.
2010-02-02 13:35:27 +00:00
Richard Levitte
1d62de0395
The previous take went wrong, try again.
2010-01-29 12:02:50 +00:00
Richard Levitte
d7b99700c0
Architecture specific header files need special handling.
2010-01-29 11:44:36 +00:00
Dr. Stephen Henson
92714455af
In engine_table_select() don't clear out entire error queue: just clear
...
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
2010-01-28 17:49:25 +00:00
Dr. Stephen Henson
891d3c7a60
revert previous change
2010-01-28 14:17:39 +00:00
Dr. Stephen Henson
9fb6fd34f8
reword RI description
2010-01-27 18:53:33 +00:00
Richard Levitte
407a410136
Have the VMS build system catch up with the 1.0.0-stable branch.
2010-01-27 09:18:42 +00:00
Dr. Stephen Henson
1bfdbd8e75
PR: 2138
...
Submitted by: Kevin Regan <k.regan@f5.com>
Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.
2010-01-26 18:07:26 +00:00
Dr. Stephen Henson
e92f9f45e8
Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and
...
later.
2010-01-26 14:29:06 +00:00
Dr. Stephen Henson
8c02119e39
OPENSSL_isservice is now defined on all platforms not just WIN32
2010-01-26 13:59:32 +00:00
Dr. Stephen Henson
ca9f55f710
export OPENSSL_isservice and make update
2010-01-26 13:52:36 +00:00
Andy Polyakov
964ed94649
parisc-mont.pl: PA-RISC 2.0 code path optimization based on intruction-
...
level profiling data resulted in almost 50% performance improvement.
PA-RISC 1.1 is also reordered in same manner, mostly to be consistent,
as no gain was observed, not on PA-7100LC.
2010-01-25 23:12:00 +00:00
Dr. Stephen Henson
cab6de03a2
PR: 2149
...
Submitted by: Douglas Stebila <douglas@stebila.ca>
Fix wap OIDs.
2010-01-25 16:07:42 +00:00
Richard Levitte
6fa0608eaf
A few more macros for long symbols.
...
Submitted by Steven M. Schweda <sms@antinode.info>
2010-01-25 00:18:29 +00:00
Andy Polyakov
3f2a98acbf
ia64cpuid.S: OPENSSL_cleanse to accept zero length parameter.
2010-01-24 17:08:52 +00:00
Andy Polyakov
82a66ce313
pariscid.pl: OPENSSL_cleanse to compile on PA-RISC 2.0W and to accept zero
...
length parameter.
2010-01-24 15:04:28 +00:00
Andy Polyakov
7676eebf42
OPENSSL_cleanse to accept zero length parameter [matching C implementation].
2010-01-24 14:54:24 +00:00
Dr. Stephen Henson
ba64ae6cd1
Tolerate PKCS#8 DSA format with negative private key.
2010-01-22 20:17:12 +00:00
Andy Polyakov
b3020393f2
rand_win.c: fix time limit logic.
2010-01-19 20:35:22 +00:00
Andy Polyakov
ee2b8ed2f5
x86_64-xlate.pl: refine sign extension logic when handling lea.
...
PR: 2094,2095
2010-01-19 16:15:23 +00:00
Andy Polyakov
7a6e0901ff
rand_win.c: handle GetTickCount wrap-around.
2010-01-19 13:48:18 +00:00
Andy Polyakov
91fdacb2c3
s390x assembler update: add support for run-time facility detection.
2010-01-19 12:24:59 +00:00
Andy Polyakov
78a533cb93
Minor updates to ppccap.c and ppccpuid.pl.
2010-01-17 13:44:14 +00:00
Andy Polyakov
4f38565204
bn_lcl.h: add MIPS III-specific BN_UMULT_LOHI as alternative to porting
...
crypto/bn/asm/mips3.s from IRIX. Performance improvement is not as
impressive as with complete assembler, but still... it's almost 2.5x
[on R5000].
2010-01-17 12:08:24 +00:00
Andy Polyakov
4407700c40
ia64-mont.pl: add shorter vector support ("shorter" refers to 512 bits and
...
less).
2010-01-17 11:33:59 +00:00
Dr. Stephen Henson
031c78901b
make update
2010-01-15 15:24:19 +00:00
Dr. Stephen Henson
1b31b5ad56
Modify compression code so it avoids using ex_data free functions. This
...
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
2010-01-13 18:57:40 +00:00
Dr. Stephen Henson
0e0c6821fa
PR: 2136
...
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>
Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
2010-01-12 17:29:34 +00:00
Andy Polyakov
74f2260694
ia64-mont.pl: addp4 is not needed when referring to stack (this is 32-bit
...
HP-UX thing).
2010-01-07 15:36:59 +00:00
Andy Polyakov
25d1d62275
http://cvs.openssl.org/chngview?cn=19053 made me wonder if bind() and
...
connect() are as finicky as sendto() when it comes to socket address
length. As it turned out they are, therefore the fix. Note that you
can't reproduce the problem on Linux, it was failing on Solaris,
FreeBSD, most likely on more...
2010-01-07 13:12:30 +00:00
Andy Polyakov
9b5ca55695
sendto is reportedly picky about destination socket address length.
...
PR: 2114
Submitted by: Robin Seggelmann
2010-01-07 10:42:39 +00:00
Andy Polyakov
cba9ffc32a
Fix compilation on older Linux. Linux didn't always have sockaddr_storage,
...
not to mention that first sockaddr_storage had __ss_family, not ss_family.
In other words it makes more sense to avoid sockaddr_storage...
2010-01-06 21:22:56 +00:00
Dr. Stephen Henson
f8e1ab79f5
ENGINE_load_capi() now exists on all platforms (but no op on non-WIN32)
2010-01-06 13:21:08 +00:00
Andy Polyakov
1f23001d07
ppc64-mont.pl: commentary update.
2010-01-06 10:58:59 +00:00
Andy Polyakov
dacdcf3c15
Add Montgomery multiplication module for IA-64.
2010-01-06 10:57:55 +00:00
Dr. Stephen Henson
60c52245e1
PR: 2102
...
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>
Remove duplicate definitions.
2010-01-05 17:57:33 +00:00
Andy Polyakov
2f4c1dc86c
b_sock.c: correct indirect calls on WinSock platforms.
...
PR: 2130
Submitted by: Eugeny Gostyukhin
2009-12-30 12:55:23 +00:00
Andy Polyakov
70b76d392f
ppccap.c: fix compiler warning and perform sanity check outside signal masking.
...
ppc64-mont.pl: clarify comment and fix spelling.
2009-12-29 11:18:16 +00:00
Andy Polyakov
3fc2efd241
PA-RISC assembler: missing symbol and typos.
2009-12-28 16:13:35 +00:00
Andy Polyakov
b57599b70c
Update sha512-parisc.pl and add make rules.
2009-12-27 21:05:19 +00:00
Andy Polyakov
cb3b9b1323
Throw in more PA-RISC assembler.
2009-12-27 20:49:40 +00:00
Andy Polyakov
beef714599
Switch to new uplink assembler.
2009-12-27 20:38:32 +00:00
Andy Polyakov
d741cf2267
ppccap.c: tidy up.
...
ppc64-mont.pl: missing predicate in commentary.
2009-12-27 11:25:24 +00:00
Andy Polyakov
b4b48a107c
ppc64-mont.pl: adapt for 32-bit and engage for all builds.
2009-12-26 21:30:13 +00:00
Dr. Stephen Henson
7e765bf29a
Traditional Yuletide commit ;-)
...
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:13:11 +00:00
Bodo Möller
f21516075f
Constify crypto/cast.
2009-12-22 11:46:00 +00:00
Bodo Möller
7427379e9b
Constify crypto/cast.
2009-12-22 10:58:33 +00:00
Dr. Stephen Henson
e50858c559
PR: 2127
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check for lookup failures in EVP_PBE_CipherInit().
2009-12-17 15:27:57 +00:00
Dr. Stephen Henson
338a61b94e
Add patch to crypto/evp which didn't apply from PR#2124
2009-12-09 15:01:39 +00:00
Dr. Stephen Henson
e4bcadb302
Revert lhash patch for PR#2124
2009-12-09 14:59:47 +00:00
Dr. Stephen Henson
fdb2c6e4e5
PR: 2124
...
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>
Check for memory allocation failures.
2009-12-09 13:38:05 +00:00
Dr. Stephen Henson
7e4cae1d2f
PR: 2111
...
Submitted by: Martin Olsson <molsson@opera.com>
Check for bn_wexpand errors in bn_mul.c
2009-12-02 15:28:42 +00:00
Dr. Stephen Henson
ec7d16ffdd
Check it actually compiles this time ;-)
2009-12-02 14:25:40 +00:00
Dr. Stephen Henson
5656f33cea
PR: 2120
...
Submitted by: steve@openssl.org
Initialize fields correctly if pem_str or info are NULL in EVP_PKEY_asn1_new().
2009-12-02 13:56:45 +00:00
Dr. Stephen Henson
6732e14278
check DSA_sign() return value properly
2009-12-01 18:39:33 +00:00
Dr. Stephen Henson
606c46fb6f
PR: 1432
...
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org
Truncate hash if it is too large: as required by FIPS 186-3.
2009-12-01 17:32:44 +00:00
Dr. Stephen Henson
fed8dbf46d
PR: 2118
...
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org
Check return value of ECDSA_sign() properly.
2009-11-30 13:56:04 +00:00
Andy Polyakov
b6bf9e2ea7
bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER.
...
PR: 2110
2009-11-26 20:52:08 +00:00
Dr. Stephen Henson
d2a53c2238
Experimental CMS password based recipient Info support.
2009-11-26 18:57:39 +00:00
Dr. Stephen Henson
f2334630a7
Add OID for PWRI KEK algorithm.
2009-11-25 22:07:49 +00:00
Dr. Stephen Henson
007f7ec1bd
Add PBKFD2 prototype.
2009-11-25 22:07:22 +00:00
Dr. Stephen Henson
3d63b3966f
Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat
...
and is a pre-requisite to adding password based CMS support.
2009-11-25 22:01:06 +00:00
Dr. Stephen Henson
446a6a8af7
PR: 2103
...
Submitted by: Rob Austein <sra@hactrn.net>
Approved by: steve@openssl.org
Initialise atm.flags to 0.
2009-11-17 13:25:53 +00:00
Andy Polyakov
a83f83aac8
Add sha512-parisc.pl.
2009-11-15 17:29:31 +00:00
Andy Polyakov
5727f1f790
SHA1 assembler show off: minor performance updates and new modules for
...
forgotten CPUs.
2009-11-15 17:26:11 +00:00
Andy Polyakov
53f73afc4d
sha512.c: there apparently is ILP32 PowerPC platform, where it is safe to
...
inline 64-bit assembler instructions. Normally it's inappropriate, because
signalling doesn't preserve upper halves of general purpose registers.
Meaning that it's only safe if signals are blocked for the time "wide"
code executes.
PR: 1998
2009-11-15 17:19:49 +00:00
Andy Polyakov
10232bdc0e
x86_64-xlate.pl: new gas requires sign extention in lea instruction.
...
This resolves md5-x86_64.pl and sha1-x86_64.pl bugs, but without modifying
the code.
PR: 2094,2095
2009-11-15 17:11:38 +00:00
Andy Polyakov
55ff3aff8c
x86masm.pl: eliminate linker "multiple sections found with different
...
attributes" warning.
2009-11-15 17:06:44 +00:00
Andy Polyakov
b7cec490fa
bss_dgram.c: more elegant solution to PR#2069. Use socklen_t heuristic
...
from b_sock.c, don't assume that caller always passes pointer to buffer
large enough to hold sockaddr_storage.
PR: 2069
2009-11-15 17:03:33 +00:00
Andy Polyakov
2335e8a9cc
b_sock.c: fix compiler warning.
2009-11-15 16:52:11 +00:00
Andy Polyakov
6f766a4181
aesni-x86.pl: eliminate development comments.
2009-11-15 16:40:22 +00:00
Dr. Stephen Henson
c18e51ba5e
PR: 2088
...
Submitted by: Aleksey Samsonov <s4ms0n0v@gmail.com>
Approved by: steve@openssl.org
Fix memory leak in d2i_PublicKey().
2009-11-12 19:56:56 +00:00
Dr. Stephen Henson
773b63d6f9
set engine to NULL after releasing it
2009-11-12 19:25:37 +00:00
Richard Levitte
0a02d1db34
Update from 1.0.0-stable
2009-11-12 17:03:10 +00:00
Dr. Stephen Henson
709a395d1c
PR: 2091
...
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
If an OID has no short name or long name return the numerical representation.
2009-11-10 01:00:07 +00:00
Dr. Stephen Henson
b599006751
PR: 2090
...
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
Improve error checking in asn1_gen.c
2009-11-10 00:48:07 +00:00
Dr. Stephen Henson
2008e714f3
Add missing functions to allow access to newer X509_STORE_CTX status
...
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
2009-10-31 19:22:18 +00:00
Dr. Stephen Henson
45cd59ac71
If not checking all certificates don't attempt to find a CRL
...
for the leaf certificate of a CRL path.
2009-10-23 12:06:35 +00:00
Dr. Stephen Henson
d11d977da4
Need to check <= 0 here.
2009-10-22 23:12:05 +00:00
Dr. Stephen Henson
19a9d0fcea
make update
2009-10-18 14:53:00 +00:00
Dr. Stephen Henson
a5b37fca0a
Add "missing" function X509_STORE_set_verify_cb().
2009-10-18 13:24:16 +00:00
Dr. Stephen Henson
636b6b450d
PR: 2069
...
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org
IPv6 support for DTLS.
2009-10-15 17:41:31 +00:00
Andy Polyakov
b34d449c42
Combat gcc 4.4.1 aliasing rules.
2009-10-06 07:17:57 +00:00
Dr. Stephen Henson
04f9095d9e
Fix unitialized warnings
2009-10-04 16:52:51 +00:00
Dr. Stephen Henson
0e039aa797
Fix warnings about ignoring fgets return value
2009-10-04 16:42:56 +00:00
Dr. Stephen Henson
c21869fb07
Prevent ignored return value warning
2009-10-04 14:04:27 +00:00
Dr. Stephen Henson
9a0c776c60
Prevent aliasing warning
2009-10-04 14:02:22 +00:00
Dr. Stephen Henson
77db140f94
Typo.
2009-10-02 18:20:22 +00:00
Dr. Stephen Henson
fecef70773
Yes it is a typo ;-)
2009-10-01 12:17:44 +00:00
Dr. Stephen Henson
e8a682f223
PR: 2062
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BN_rand error handling in bntest.c
2009-10-01 00:21:20 +00:00
Dr. Stephen Henson
98fbfff417
PR: 2059
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_SealInit error handling in pem_seal.c
2009-10-01 00:17:59 +00:00
Dr. Stephen Henson
78ca13a272
PR: 2056
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_wirte error handling in asn1_par.c
2009-10-01 00:11:04 +00:00
Dr. Stephen Henson
aec13c1a9f
PR: 2063
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write error handling in ocsp_prn.c
2009-09-30 23:58:37 +00:00
Dr. Stephen Henson
64f0f80eb6
PR: 2057
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT
error handling in OCSP print routines.
2009-09-30 23:55:53 +00:00
Dr. Stephen Henson
d71061122c
PR: 2058
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_DigestVerifyFinal error handling.
2009-09-30 23:49:11 +00:00
Dr. Stephen Henson
18e503f30f
PR: 2064, 728
...
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
2009-09-30 21:40:55 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
cd4f7cddc7
Add more return value checking attributes to evp.h and hmac.h
2009-09-23 23:40:13 +00:00
Dr. Stephen Henson
acf20c7dbd
Add attribute to check if return value of certain functions is incorrectly
...
ignored.
2009-09-23 16:27:10 +00:00
Dr. Stephen Henson
7c75f462e8
PR: 2050
...
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org
Fix handling of ENOTCONN and EMSGSIZE for dgram BIOs.
2009-09-22 11:34:45 +00:00
Dr. Stephen Henson
d636aa7109
PR: 2047
...
Submitted by: David Lee <live4thee@gmail.com>, steve@openssl.org
Approved by: steve@openssl.org
Fix for IPv6 handling in BIO_get_accept_socket().
2009-09-20 16:41:27 +00:00
Dr. Stephen Henson
44c8b81eea
Don't use __try+__except unless on VC++
2009-09-20 12:39:32 +00:00
Andy Polyakov
282feebab3
cmll-x86_64.pl: small buglet in CBC subroutine.
...
PR: 2035
2009-09-17 19:35:13 +00:00
Dr. Stephen Henson
a25f33d28a
Submitted by: Julia Lawall <julia@diku.dk>
...
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:29:29 +00:00
Dr. Stephen Henson
8c7168698e
Seed PRNG with DSA and ECDSA digests for additional protection against
...
possible PRNG state duplication.
2009-09-09 12:15:08 +00:00
Dr. Stephen Henson
f4274da164
PR: 1644
...
Submitted by: steve@openssl.org
Fix to make DHparams_dup() et al work in C++.
For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.
2009-09-06 15:49:46 +00:00
Dr. Stephen Henson
07a9d1a2c2
PR: 2028
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Fix DTLS cookie management bugs.
2009-09-04 17:42:53 +00:00
Dr. Stephen Henson
4f59432c06
Oops, s can be NULL
2009-09-04 11:30:59 +00:00
Dr. Stephen Henson
fc68056917
PR: 2029
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org
Fix so that the legacy digest EVP_dss1() still works.
2009-09-02 15:51:19 +00:00