Commit graph

10511 commits

Author SHA1 Message Date
Bodo Möller
9d74befd23 Clarify warning 2011-10-13 13:27:09 +00:00
Bodo Möller
8b37d33a94 typo 2011-10-13 13:20:33 +00:00
Bodo Möller
3ddc06f082 In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-13 13:05:58 +00:00
Bodo Möller
cdfe0fdde6 Fix OPENSSL_BN_ASM_MONT5 for corner cases; add a test.
Submitted by: Emilia Kasper
2011-10-13 12:35:10 +00:00
Dr. Stephen Henson
5936521495 Print curve type for signature tests. 2011-10-12 22:41:33 +00:00
Dr. Stephen Henson
35882b60d8 increase test RSA key size to 1024 bits 2011-10-12 21:55:03 +00:00
Dr. Stephen Henson
ce01482e0f Update README.FIPS for new FIPS 2.0 testvectors. 2011-10-12 18:48:01 +00:00
Dr. Stephen Henson
7fc78f11e8 Remove o_init.o special case from Makefile: this doesn't work. 2011-10-12 17:27:08 +00:00
Dr. Stephen Henson
98bc806749 Skip ECDH sanity check. Add --compare-all to run comparison tests on
all files instead of sanity checks.
2011-10-12 17:18:38 +00:00
Dr. Stephen Henson
a2b6dc97f6 Handle partial test where H is absent: needed to check g generation. 2011-10-12 17:03:15 +00:00
Dr. Stephen Henson
df36faaaa2 Update instructions. 2011-10-12 15:35:34 +00:00
Dr. Stephen Henson
e15acd9d9e Updates to handle some verification of v2 tests.
Now enable v2 by default and require a --disable-v2 option to run the
old v1 tests.
2011-10-12 15:33:54 +00:00
Dr. Stephen Henson
a854818ea9 Handle broken test on verify too. 2011-10-12 15:32:57 +00:00
Dr. Stephen Henson
c1f63b5cb3 ECDH POST selftest failure inducing support. 2011-10-12 13:17:19 +00:00
Dr. Stephen Henson
cf61940534 Fix warnings. 2011-10-12 13:06:45 +00:00
Dr. Stephen Henson
dafd5b5d74 Only include one ECDH selftest. 2011-10-12 12:55:58 +00:00
Andy Polyakov
6c8ce3c2ff e_padlock-x86[_64].pl: protection against prefetch errata. 2011-10-11 21:07:53 +00:00
Dr. Stephen Henson
3231e42d72 update pkey method initialisation and copy 2011-10-11 18:15:31 +00:00
Dr. Stephen Henson
cd366cf7ec print out subgroup order if present 2011-10-11 17:44:26 +00:00
Dr. Stephen Henson
a59163f6b6 def_rsa_finish not used any more. 2011-10-10 20:35:09 +00:00
Dr. Stephen Henson
fe4394cf1d remove some debugging code 2011-10-10 19:09:01 +00:00
Dr. Stephen Henson
84a75ba38c fix leak properly this time... 2011-10-10 14:08:55 +00:00
Dr. Stephen Henson
eb47b2fb13 add GCM ciphers in SSL_library_init 2011-10-10 12:56:18 +00:00
Dr. Stephen Henson
a0f21307e0 disable GCM if not available 2011-10-10 12:41:11 +00:00
Dr. Stephen Henson
7d7c13cbab Don't disable TLS v1.2 by default now. 2011-10-09 23:26:39 +00:00
Dr. Stephen Henson
0feb83e222 Synv ordinals with 1.0.1-stable. 2011-10-09 23:16:20 +00:00
Dr. Stephen Henson
ccbb9badba fix CHANGES entry 2011-10-09 23:11:55 +00:00
Dr. Stephen Henson
42753a4f67 fix memory leaks 2011-10-09 23:08:15 +00:00
Andy Polyakov
b1d3e9de63 e_padlock-x86_64.pl: brown-bag bug in stack pointer handling. 2011-10-09 21:53:53 +00:00
Dr. Stephen Henson
7bd4095b12 Sync ordinals with 1.0.1-stable. 2011-10-09 15:29:43 +00:00
Dr. Stephen Henson
58b75e9c26 PR: 2482
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
2011-10-09 00:56:52 +00:00
Andy Polyakov
08d62e9f1a e_padlock-x86[_64].pl: SHA fixes, comply with specification and fix bug. 2011-10-08 21:37:44 +00:00
Dr. Stephen Henson
549cd657fd Add fips/ecdh directory. 2011-10-07 18:18:50 +00:00
Dr. Stephen Henson
43206a2d7c New -force_pubkey option to x509 utility to supply a different public
key to the one in a request. This is useful for cases where the public
key cannot be used for signing e.g. DH.
2011-10-07 15:18:09 +00:00
Dr. Stephen Henson
6dd547398a use client version when eliminating TLS v1.2 ciphersuites in client hello 2011-10-07 15:07:19 +00:00
Dr. Stephen Henson
66bb328e11 ? crypto/aes/aes-armv4.S
? crypto/aes/aesni-sha1-x86_64.s
? crypto/aes/aesni-x86_64.s
? crypto/aes/foo.pl
? crypto/aes/vpaes-x86_64.s
? crypto/bn/.bn_lib.c.swp
? crypto/bn/armv4-gf2m.S
? crypto/bn/diffs
? crypto/bn/modexp512-x86_64.s
? crypto/bn/x86_64-gf2m.s
? crypto/bn/x86_64-mont5.s
? crypto/ec/bc.txt
? crypto/ec/diffs
? crypto/modes/a.out
? crypto/modes/diffs
? crypto/modes/ghash-armv4.S
? crypto/modes/ghash-x86_64.s
? crypto/modes/op.h
? crypto/modes/tst.c
? crypto/modes/x.h
? crypto/objects/.obj_xref.txt.swp
? crypto/rand/diffs
? crypto/sha/sha-512
? crypto/sha/sha1-armv4-large.S
? crypto/sha/sha256-armv4.S
? crypto/sha/sha512-armv4.S
Index: crypto/objects/obj_xref.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v
retrieving revision 1.9
diff -u -r1.9 obj_xref.c
--- crypto/objects/obj_xref.c	5 Nov 2008 18:38:58 -0000	1.9
+++ crypto/objects/obj_xref.c	6 Oct 2011 20:30:21 -0000
@@ -110,8 +110,10 @@
 #endif
 	if (rv == NULL)
 		return 0;
-	*pdig_nid = rv->hash_id;
-	*ppkey_nid = rv->pkey_id;
+	if (pdig_nid)
+		*pdig_nid = rv->hash_id;
+	if (ppkey_nid)
+		*ppkey_nid = rv->pkey_id;
 	return 1;
 	}

@@ -144,7 +146,8 @@
 #endif
 	if (rv == NULL)
 		return 0;
-	*psignid = (*rv)->sign_id;
+	if (psignid)
+		*psignid = (*rv)->sign_id;
 	return 1;
 	}

Index: crypto/x509/x509type.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v
retrieving revision 1.10
diff -u -r1.10 x509type.c
--- crypto/x509/x509type.c	26 Oct 2007 12:06:33 -0000	1.10
+++ crypto/x509/x509type.c	6 Oct 2011 20:36:04 -0000
@@ -100,20 +100,26 @@
 		break;
 		}

-	i=X509_get_signature_type(x);
-	switch (i)
+	i=OBJ_obj2nid(x->sig_alg->algorithm);
+	if (i && OBJ_find_sigid_algs(i, NULL, &i))
 		{
-	case EVP_PKEY_RSA:
-		ret|=EVP_PKS_RSA;
-		break;
-	case EVP_PKEY_DSA:
-		ret|=EVP_PKS_DSA;
-		break;
-	case EVP_PKEY_EC:
-		ret|=EVP_PKS_EC;
-		break;
-	default:
-		break;
+
+		switch (i)
+			{
+		case NID_rsaEncryption:
+		case NID_rsa:
+			ret|=EVP_PKS_RSA;
+			break;
+		case NID_dsa:
+		case NID_dsa_2:
+			ret|=EVP_PKS_DSA;
+			break;
+		case NID_X9_62_id_ecPublicKey:
+			ret|=EVP_PKS_EC;
+			break;
+		default:
+			break;
+			}
 		}

 	if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
2011-10-06 20:44:02 +00:00
Andy Polyakov
50452b2e60 e_padlock: add CTR mode. 2011-10-05 17:03:44 +00:00
Andy Polyakov
d18762f7c9 e_padlock-x86_64.pl: fix typo. 2011-10-04 11:21:33 +00:00
Andy Polyakov
149ca7128c e_padlock-x86*.pl: Nano-related update. 2011-10-04 11:05:16 +00:00
Dr. Stephen Henson
4cc2bbab67 Make fips algorithm test utilities use RESP_EOL for end of line character(s).
This should be CRLF even under *nix.
2011-10-01 20:42:52 +00:00
Andy Polyakov
04c3aa5c1a e_padlock-x86.pl: previous C3-specific fix was incomplete. 2011-10-01 10:44:51 +00:00
Andy Polyakov
3edc26a256 e_padlock-x86.pl: make it work on VIA C3 (which doesn't support SSE2). 2011-10-01 10:16:13 +00:00
Dr. Stephen Henson
10465aca60 Never echo Num lines for PQGGen DSA2 test. 2011-09-30 11:58:59 +00:00
Dr. Stephen Henson
3f1ebb8f42 make depend 2011-09-29 23:17:59 +00:00
Dr. Stephen Henson
2bfeb7dc83 Add FIPS selftests for ECDH algorithm. 2011-09-29 23:08:23 +00:00
Dr. Stephen Henson
55831cd6ee Remove s = s * P deferral. 2011-09-29 18:22:37 +00:00
Dr. Stephen Henson
884c33b5c4 Check return codes properly. 2011-09-29 16:24:00 +00:00
Dr. Stephen Henson
54bb3f68e1 Fix output format for DSA2 parameter generation. 2011-09-28 22:35:30 +00:00
Andy Polyakov
112726486d bsaes-x86_64.pl: add due credit. 2011-09-27 19:34:40 +00:00
Dr. Stephen Henson
fca38e350b fix signed/unsigned warning 2011-09-26 17:04:32 +00:00