Commit graph

113 commits

Author SHA1 Message Date
Andy Polyakov
085ea80371 engine/ccgost Win32 portability fixes. 2008-01-05 21:28:53 +00:00
Dr. Stephen Henson
744ecaa5b6 Avoid WIN32 signed/unsigned warnings. 2008-01-04 00:37:23 +00:00
Dr. Stephen Henson
eef0c1f34c Netware support.
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Andy Polyakov
339a1820fd gmp engine was non-operational. 2007-12-04 20:28:52 +00:00
Dr. Stephen Henson
98057eba77 Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Update gost algorithm print routines.
2007-11-21 12:39:12 +00:00
Dr. Stephen Henson
097f9d8c52 Avoid warning. 2007-11-20 17:52:02 +00:00
Ben Laurie
10f0c85cfc Fix warnings. 2007-11-16 03:03:01 +00:00
Dr. Stephen Henson
37210fe7e2 GOST ENGINE information. 2007-10-26 23:50:40 +00:00
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Bodo Möller
1b827d7b6f Clean up error codes a bit.
(engines/ccgost/ remains utter chaos, though; "make errors" is not happy.)
2007-09-19 00:58:58 +00:00
Dr. Stephen Henson
3c07d3a3d3 Finish gcc 4.2 changes. 2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
0aa08a2e34 Fix for GOST engine on platforms where sizeof(size_t) != sizeof(int). 2007-05-31 12:32:27 +00:00
Dr. Stephen Henson
7b8b797375 Revert broken change to ccgost.
Initialize context properly for HMAC pkey method.
2007-05-22 12:58:39 +00:00
Dr. Stephen Henson
9aba74e55a Fix warning and back out bad modification. 2007-05-21 12:16:36 +00:00
Andy Polyakov
61775daf00 Padlock engine fails to compile with -O0 -fPIC. 2007-05-20 07:13:45 +00:00
Dr. Stephen Henson
ec06417d52 Updated GOST MAC support.
Submitted by: vitus@cryptocom.ru
2007-05-18 15:55:55 +00:00
Dr. Stephen Henson
a4346646f1 Initial GOST MAC support. Not fully working yet... 2007-05-17 17:44:09 +00:00
Ben Laurie
38e952e8ae Missing config file. 2007-04-05 16:57:07 +00:00
Ben Laurie
2f877235a3 Missing return on error. Coverity ID 115. 2007-04-04 14:38:59 +00:00
Dr. Stephen Henson
9981a51e42 Stage 1 GOST ciphersuite support.
Submitted by: ran@cryptocom.ru
Reviewed by: steve@openssl.org
2007-03-23 17:04:05 +00:00
Richard Levitte
ebb326afe6 Synchronise the VMS build with recent movements in the Unix build. 2007-03-23 09:36:33 +00:00
Dr. Stephen Henson
53ca4761cc PR: 1483
Add support for GOST 28147-89 in Gost ENGINE.
2007-02-09 19:43:04 +00:00
Andy Polyakov
00b4e083fd Move eng_padlock.c to ./engines.
Submitted by: Michal Ludvig <michal@logix.cz>
2006-12-29 10:42:24 +00:00
Richard Levitte
ea46f5e0e5 Replace strdup() with BUF_strdup(). 2006-12-25 09:43:46 +00:00
Nils Larsch
afda1385bd use OPENSSL_NO_DYNAMIC_ENGINE macro, disable debug messages
PR: 1440
Submitted by: Victor B. Wagner" <vitus@cryptocom.ru>
2006-12-22 09:21:29 +00:00
Dr. Stephen Henson
4d7aff707e Update dependencies. 2006-11-30 13:41:47 +00:00
Dr. Stephen Henson
8bd11f3ec2 Add .cvsignore 2006-11-21 21:37:41 +00:00
Ben Laurie
84948b39df Fix various warnings. 2006-11-08 09:45:12 +00:00
Andy Polyakov
d7917c584a Yet another mingw warning. 2006-10-23 07:45:52 +00:00
Andy Polyakov
1e7b6c029c Avoid application relink on every make invocation. 2006-10-20 11:23:35 +00:00
Dr. Stephen Henson
6ec6cfc767 Updated file. 2006-09-21 16:19:10 +00:00
Dr. Stephen Henson
44181ea836 Add missing prototype. Fix various warnings (C++ comments, ; outside function). 2006-09-21 13:24:46 +00:00
Dr. Stephen Henson
ffa5ebf3f4 Compile in gost engine. 2006-09-21 13:07:57 +00:00
Dr. Stephen Henson
926c41bd29 Updated version of gost engine. 2006-09-21 13:04:43 +00:00
Dr. Stephen Henson
a04549cc75 GOST public key algorithm ENGINE donated to the OpenSSL by Cryptocom.
Very early version, doesn't do much yet, not even added to the build system.
2006-09-17 13:00:18 +00:00
Ulf Möller
4700aea951 Add BeOS support.
PR: 1312
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
Reviewed by: Ulf Moeller
2006-04-11 21:34:21 +00:00
Dr. Stephen Henson
4f59b6587f Implementation of pkey_rsa_verify. Some constification. 2006-04-10 01:06:17 +00:00
Nils Larsch
33af4421f2 remove unnecessary code 2006-03-18 14:22:20 +00:00
Nils Larsch
67b6f1ca88 fix problems found by coverity: remove useless code 2006-03-15 17:45:43 +00:00
Ulf Möller
3b408d83fe make update 2006-02-12 23:21:56 +00:00
Ulf Möller
c7235be6e3 RFC 3161 compliant time stamp request creation, response generation
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
2006-02-12 23:11:56 +00:00
Dr. Stephen Henson
15ac971681 Update filenames in makefiles. 2006-02-04 01:45:59 +00:00
Nils Larsch
8c5a2bd6bb add additional checks + cleanup
Submitted by: David Hartman <david_hartman@symantec.com>
2006-01-29 23:12:22 +00:00
Bodo Möller
739a543ea8 Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts) 2006-01-08 19:42:30 +00:00
Andy Polyakov
755c5b3330 Fix install problems on MacOS X and HP-UX.
PR: 1218,1185
2005-10-25 21:58:59 +00:00
Geoff Thorpe
f920c5b590 Fix signed/unsigned warnings. 2005-07-26 04:25:05 +00:00
Nils Larsch
3eeaab4bed make
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
    	make depend all test
work again

PR: 1159
2005-07-16 12:37:36 +00:00
Ben Laurie
45d8574b93 Fix warnings. 2005-06-29 10:25:06 +00:00
Andy Polyakov
02c31fa461 Jumbo Makfiles update.
- eliminate ambiguities between GNU-ish and SysV-ish make flavors;
- switch [back] to -e;
- fold/unify rules;

This is follow-up to the patch introducing common BUILDENV. Idea is
to collect as much parameters in $(TOP) as possible and "strip" lower
Makefiles for most variables [and thus makes them more readable].
2005-06-23 00:03:26 +00:00
Nils Larsch
edb0600583 clear dso pointer in case of an error
PR: 816
2005-06-17 21:26:36 +00:00