wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11405 commits 20 branches 302 tags 153 MiB
Commit graph

5868 commits

Author SHA1 Message Date
Andy Polyakov
a8f3b8b519 sha512-x86_64.pl: add SIMD code paths. 2012-06-24 19:22:06 +00:00
Andy Polyakov
ad880dc469 sha512-x86_64.pl: fix typo. 2012-06-19 07:50:10 +00:00
Andy Polyakov
42a36658c1 sha256-586.pl: fix linking error. 2012-06-19 07:49:36 +00:00
Dr. Stephen Henson
dfcf48f499 New functions to retrieve certificate signatures and signature OID NID. 2012-06-13 13:08:12 +00:00
Andy Polyakov
0bf8f110e0 sha256t.c: make sure unrolled loop is tested. 2012-06-12 14:40:41 +00:00
Andy Polyakov
f3eac74bc5 sha256-586.pl: add AVX and XOP code paths. 2012-06-12 14:40:11 +00:00
Andy Polyakov
3a9b3852c6 sha256-586.pl: squeeze some more, most notably ~10% on Nehalem. 2012-06-12 14:38:01 +00:00
Andy Polyakov
d2e1803197 x86[_64] assembly pack: update benchmark results. 2012-06-12 14:18:21 +00:00
Dr. Stephen Henson
4b9e0b5f74 print out issuer and subject unique identifier fields in certificates 2012-06-12 13:41:18 +00:00
Andy Polyakov
447e1319b1 bss_dgram.c: add BIO_CTRL_DGRAM_SET_DONT_FRAG. 
PR: 2830
Submitted by: Robin Seggelmann
 2012-06-11 14:56:25 +00:00
Andy Polyakov
e77ec2ba6f bss_dgram.c: make getsockopt work in cases when optlen is 64-bit value. 2012-06-11 14:27:56 +00:00
Andy Polyakov
80c42f3e0c b_sock.c: make getsockopt work in cases when optlen is 64-bit value. 2012-06-11 08:52:11 +00:00
Andy Polyakov
8d1b199d26 Revert random changes from commit#22606. 2012-06-04 22:12:10 +00:00
Ben Laurie
71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Ben Laurie
03c1d9f99d Build on FreeBSD with gcc 4.6. 2012-05-30 09:34:44 +00:00
Andy Polyakov
f889bb0384 sha256-586.pl: full unroll to deliver additional ~16%, add Sandy Bridge- 
specific code path.
 2012-05-28 17:50:57 +00:00
Andy Polyakov
83698d3191 sha512-x86_64.pl: >5% better performance. 2012-05-28 17:47:15 +00:00
Andy Polyakov
6a40ebe86b aesni-x86_64.pl: make it possibel to use in Linux kernel. 2012-05-24 07:39:44 +00:00
Andy Polyakov
d4bb6bddf8 sha256-586.pl: tune away regression on Nehalem core and incidentally 
improve performance on Atom and P4.
 2012-05-24 07:39:04 +00:00
Andy Polyakov
ee9bf3eb6c sha256-586.pl optimization. 2012-05-19 10:10:30 +00:00
Andy Polyakov
fd05495748 ppccap.c: assume no features under 32-bit AIX kernel. 
PR: 2810
 2012-05-16 12:42:32 +00:00
Dr. Stephen Henson
4242a090c7 PR: 2813 
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.
 2012-05-11 13:53:37 +00:00
Ben Laurie
5762f7778d Fix warning. 2012-05-10 20:29:00 +00:00
Dr. Stephen Henson
225055c30b Reported by: Solar Designer of Openwall 
Make sure tkeylen is initialised properly when encrypting CMS messages.
 2012-05-10 13:46:09 +00:00
Andy Polyakov
f9c5e5d92e perlasm: fix symptom-less bugs, missing semicolons and 'my' declarations. 2012-04-28 10:36:58 +00:00
Andy Polyakov
9474483ab7 ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance 
of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA,
why slower algorithm are affected more...
PR: 2794
Submitted by: Ashley Lai
 2012-04-27 20:17:45 +00:00
Andy Polyakov
71fa3bc5ec objxref.pl: improve portability. 2012-04-22 21:18:30 +00:00
Dr. Stephen Henson
e2f53b675a correct error code 2012-04-22 13:31:09 +00:00
Dr. Stephen Henson
b36bab7812 PR: 2239 
Submitted by: Dominik Oepen <oepen@informatik.hu-berlin.de>

Add Brainpool curves from RFC5639.

Original patch by Annie Yousar <a.yousar@informatik.hu-berlin.de>
 2012-04-22 13:06:51 +00:00
Andy Polyakov
8ea92ddd13 e_rc4_hmac_md5.c: last commit was inappropriate for non-x86[_64] platforms. 
PR: 2792
 2012-04-19 20:38:05 +00:00
Dr. Stephen Henson
d9a9d10f4f Check for potentially exploitable overflows in asn1_d2i_read_bio 
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
 2012-04-19 16:19:56 +00:00
Dr. Stephen Henson
b214184160 recognise X9.42 DH certificates on servers 2012-04-18 17:03:29 +00:00
Andy Polyakov
6dd9b0fc43 e_rc4_hmac_md5.c: harmonize zero-length fragment handling with 
e_aes_cbc_hmac_sha1.c (mostly for aesthetic reasons).
 2012-04-18 14:55:39 +00:00
Andy Polyakov
e36f6b9cfa e_rc4_hmac_md5.c: oops, can't use rc4_hmac_md5_cipher on legacy Intel CPUs. 
PR: 2792
 2012-04-18 14:50:28 +00:00
Andy Polyakov
3e181369dd C64x+ assembler pack. linux-c64xplus build is *not* tested nor can it be 
tested, because kernel is not in shape to handle it *yet*. The code is
committed mostly to stimulate the kernel development.
 2012-04-18 13:01:36 +00:00
Andy Polyakov
4a1fbd13ee OPENSSL_NO_SOCK fixes. 
PR: 2791
Submitted by: Ben Noordhuis
 2012-04-16 17:42:36 +00:00
Andy Polyakov
9eba5614fe Minor compatibility fixes. 
PR: 2790
Submitted by: Alexei Khlebnikov
 2012-04-16 17:35:30 +00:00
Andy Polyakov
fc90e42c86 e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag 
countermeasure.

PR: 2778
 2012-04-15 14:14:22 +00:00
Andy Polyakov
26e6bac143 ghash-s390x.pl: fix typo [that can induce SEGV in 31-bit build]. 2012-04-12 06:44:34 +00:00
Dr. Stephen Henson
80eb43519e fix reset fix 2012-04-11 15:05:07 +00:00
Dr. Stephen Henson
bbe0c8c5be make reinitialisation work for CMAC 2012-04-11 12:26:41 +00:00
Andy Polyakov
b1fd0ccb38 aes-s390x.pl: fix crash in AES_set_decrypt_key in linux32-s390x build. 2012-04-09 15:12:13 +00:00
Andy Polyakov
45cd45bbbc aes-armv4.pl: make it more foolproof [inspired by aes-s390x.pl in 1.0.1]. 2012-04-05 08:30:22 +00:00
Andy Polyakov
bc9583efa2 aes-s390x.pl: make it more foolproof [inspired by 1.0.1]. 2012-04-05 08:22:09 +00:00
Andy Polyakov
f62f792057 modes_lcl.h: make it work on i386. 
PR: 2780
 2012-03-31 17:02:46 +00:00
Andy Polyakov
5db9645f1b vpaes-x86[_64].pl: handle zero length in vpaes_cbc_encrypt. 
PR: 2775
 2012-03-31 16:53:34 +00:00
Dr. Stephen Henson
d3379de5a9 don't shadow 2012-03-30 15:43:32 +00:00
Andy Polyakov
4736eab947 bn/bn_gf2m.c: make new BN_GF2m_mod_inv work with BN_DEBUG_RAND. 2012-03-29 21:35:28 +00:00
Andy Polyakov
23a05fa0c1 modes/gcm128.c: fix self-test. 2012-03-29 18:25:38 +00:00
Andy Polyakov
482a7d80cf sha512-armv4.pl: optimize NEON code path by utilizing vbsl, bitwise select. 2012-03-29 18:20:11 +00:00
Andy Polyakov
ee743dca53 perlasm/x86masm.pl: fix last fix. 2012-03-29 18:09:36 +00:00
Andy Polyakov
6da165c631 ans1/tasn_prn.c: avoid bool in variable names. 
PR: 2776
 2012-03-29 17:48:19 +00:00
Dr. Stephen Henson
751e26cb9b fix leak 2012-03-22 16:28:07 +00:00
Dr. Stephen Henson
f404acfa2c Submitted by: Markus Friedl <mfriedl@gmail.com> 
Fix memory leaks in 'goto err' cases.
 2012-03-22 15:44:51 +00:00
Andy Polyakov
884c580e05 eng_all.c: revert previous "disable Padlock" commit, which was unjustified. 2012-03-19 20:20:41 +00:00
Andy Polyakov
df27a35137 vpaes-x86_64.pl: out-of-date Apple assembler fails to calculate 
distance between local labels.
PR: 2762
 2012-03-17 16:06:31 +00:00
Andy Polyakov
f9ef874a21 bsaes-x86_64.pl: optimize key conversion. 2012-03-16 21:44:19 +00:00
Andy Polyakov
442c9f13d4 bsaes-armv7.pl: optmize Sbox and key conversion. 2012-03-16 21:41:48 +00:00
Andy Polyakov
5c88dcca5b ghash-x86.pl: omit unreferenced rem_8bit from no-sse2 build. 2012-03-13 19:43:42 +00:00
Andy Polyakov
b2ae61ecf2 x86_64-xlate.pl: remove old kludge. 
PR: 2435,2440
 2012-03-13 19:19:08 +00:00
Dr. Stephen Henson
78dfd43955 corrected fix to PR#2711 and also cover mime_param_cmp 2012-03-12 16:32:19 +00:00
Dr. Stephen Henson
146b52edd1 Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and 
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
 2012-03-12 16:31:39 +00:00
Dr. Stephen Henson
34b61f5a25 check return value of BIO_write in PKCS7_decrypt 2012-03-08 14:10:23 +00:00
Dr. Stephen Henson
62b6948a27 PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
 2012-03-06 13:47:43 +00:00
Dr. Stephen Henson
d895f7f060 don't do loop check for single self signed certificate 2012-03-05 15:48:13 +00:00
Andy Polyakov
358c372d16 bsaes-armv7.pl: change preferred contact. 2012-03-03 13:04:53 +00:00
Andy Polyakov
c4a52a6dca Add bit-sliced AES for ARM NEON. This initial version is effectively 
reference implementation, it does not interface to OpenSSL yet.
 2012-03-03 12:33:28 +00:00
Dr. Stephen Henson
3c6a7cd44b PR: 2742 
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

If resigning with detached content in CMS just copy data across.
 2012-02-29 14:02:02 +00:00
Dr. Stephen Henson
dc4f678cdc Fix memory leak cause by race condition when creating public keys. 
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
 2012-02-28 14:47:02 +00:00
Andy Polyakov
0f2ece872d x86cpuid.pl: fix processor capability detection on pre-586. 2012-02-28 14:20:21 +00:00
Dr. Stephen Henson
68a7b5ae1e PR: 2736 
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
 2012-02-27 18:45:28 +00:00
Dr. Stephen Henson
161c9b4262 PR: 2737 
Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Fix double free in PKCS12_parse if we run out of memory.
 2012-02-27 16:46:34 +00:00
Dr. Stephen Henson
d441e6d8db PR: 2735 
Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.
 2012-02-27 16:33:34 +00:00
Dr. Stephen Henson
228a8599ff free headers after use in error message 2012-02-27 16:27:17 +00:00
Dr. Stephen Henson
d16bb406d4 Detect symmetric crypto errors in PKCS7_decrypt. 
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
 2012-02-27 15:22:41 +00:00
Andy Polyakov
d0e68a98c5 seed.c: incredibly enough seed.c can fail to compile on Solaris with certain 
flags, because SS is defined after inclusion of <stdlib.h>, in <sys/regset.h>
 2012-02-26 21:52:43 +00:00
Dr. Stephen Henson
a36fb72584 PR: 2730 
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

VMS fixes: disable SCTP by default.
 2012-02-25 17:59:40 +00:00
Dr. Stephen Henson
6941b7b918 PR: 2711 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.
 2012-02-23 21:50:44 +00:00
Dr. Stephen Henson
ef570cc869 PR: 2696 
Submitted by: Rob Austein <sra@hactrn.net>

Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.
 2012-02-23 21:31:37 +00:00
Dr. Stephen Henson
4d3670fa50 PR: 2727 
Submitted by: Bruce Stephens <bruce.stephens@isode.com>

Use same construct for EXHEADER in srp/Makefile as other makefiles to cope
with possibly empty EXHEADER.
 2012-02-23 13:49:35 +00:00
Dr. Stephen Henson
64095ce9d7 Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert 
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
 2012-02-21 14:41:13 +00:00
Dr. Stephen Henson
5863163732 Additional compatibility fix for MDC2 signature format. 
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
 2012-02-15 14:27:25 +00:00
Dr. Stephen Henson
83cb7c4635 An incompatibility has always existed between the format used for RSA 
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.

This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.

Add detection in RSA_verify so either format works.

Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
 2012-02-15 14:04:00 +00:00
Dr. Stephen Henson
fc7dae5229 PR: 2717 
Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7
 2012-02-11 23:41:19 +00:00
Dr. Stephen Henson
f94cfe6a12 only cleanup ctx if we need to, save ctx flags when we do 2012-02-10 16:55:17 +00:00
Andy Polyakov
0208ab2e3f bn_nist.c: make new optimized code dependent on BN_LLONG. 2012-02-02 07:46:05 +00:00
Dr. Stephen Henson
7568d15acd allow key agreement for SSL/TLS certificates 2012-01-26 14:57:45 +00:00
Andy Polyakov
98909c1d5b ghash-x86.pl: engage original MMX version in no-sse2 builds. 2012-01-25 17:56:08 +00:00
Andy Polyakov
e6903980af x86_64-xlate.pl: proper solution for RT#2620. 2012-01-21 11:34:53 +00:00
Andy Polyakov
a985410d2d cryptlib.c: sscanf warning. 2012-01-15 17:13:57 +00:00
Andy Polyakov
0ecedec82d Fix OPNESSL vs. OPENSSL typos. 
PR: 2613
Submitted by: Leena Heino
 2012-01-15 13:39:10 +00:00
Dr. Stephen Henson
9bd20155ba fix warning 2012-01-15 13:30:41 +00:00
Andy Polyakov
5d13669a2c cryptlib.c: make even non-Windows builds "strtoull-agnostic". 2012-01-14 18:46:15 +00:00
Andy Polyakov
adb5a2694a sha512-sparcv9.pl: work around V8+ warning. 2012-01-13 09:18:05 +00:00
Andy Polyakov
23b93b587b aes-ppc.pl, sha512-ppc.pl: comply even with Embedded ABI specification 
(most restrictive about r2 and r13 usage).
 2012-01-13 09:16:52 +00:00
Andy Polyakov
a50bce82ec Sanitize usage of <ctype.h> functions. It's important that characters 
are passed zero-extended, not sign-extended.
PR: 2682
 2012-01-12 16:21:35 +00:00
Andy Polyakov
713f49119f ec_pmeth.c: fix typo in commentary. 
PR: 2677
Submitted by: Annue Yousar
 2012-01-12 13:22:51 +00:00
Andy Polyakov
6e913f9901 asn1/t_x509.c: fix serial number print, harmonize with a_int.c. 
PR: 2675
Submitted by: Annie Yousar
 2012-01-11 21:12:22 +00:00
Andy Polyakov
e255024bf7 aes-sparcv9.pl: clean up regexp 
PR: 2685
 2012-01-11 15:30:53 +00:00
Dr. Stephen Henson
8fa397a6bc fix warning (revert original patch) 2012-01-10 14:36:41 +00:00
Andy Polyakov
03cf7e784c cmac.c: optimize make_kn and move zero_iv to const segment. 2012-01-06 13:19:16 +00:00
Andy Polyakov
ce0727f9bd bn_nist.c: harmonize buf in BN_nist_mod_256 with other mod functions. 2012-01-06 13:17:47 +00:00
Dr. Stephen Henson
be71c37296 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 23:01:54 +00:00
Dr. Stephen Henson
6074fb0979 fix warnings 2012-01-04 14:45:47 +00:00
Dr. Stephen Henson
b333905011 incomplete provisional OAEP CMS decrypt support 2012-01-02 18:25:37 +00:00
Dr. Stephen Henson
84b6e277d4 make update 2011-12-27 14:46:03 +00:00
Dr. Stephen Henson
ffdfce8d14 fix error code 2011-12-27 14:40:21 +00:00
Dr. Stephen Henson
7e159e0133 PR: 2535 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Add SCTP support for DTLS (RFC 6083).
 2011-12-25 14:45:15 +00:00
Dr. Stephen Henson
ad89bf7894 PR: 2563 
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve

Improved PRNG seeding for VOS.
 2011-12-19 17:01:37 +00:00
Andy Polyakov
0e1467a64c vpaes-x86.pl: revert previous commit and solve the problem through x86masm.pl. 
PR: 2657
 2011-12-15 22:20:05 +00:00
Dr. Stephen Henson
f2fc30751e PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Remove unnecessary code for srp and to add some comments to
s_client.

- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable

- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
 2011-12-14 22:17:06 +00:00
Andy Polyakov
405edfdcab vpaes-x86.pl: portability fix. 
PR: 2657
 2011-12-14 21:29:32 +00:00
Ben Laurie
b9ef708e40 Padlock engine doesn't build (the asm parts are not built for some reason), 
so remove for now.
 2011-12-13 15:56:40 +00:00
Ben Laurie
e166891e0d Fix warning. 2011-12-13 15:55:35 +00:00
Andy Polyakov
8c98b2591f modexp512-x86_64.pl: Solaris protability fix. 
PR: 2656
 2011-12-12 15:10:14 +00:00
Dr. Stephen Henson
a3a2e3a43d add cofactor ECDH support from fips branch 2011-12-10 13:35:11 +00:00
Andy Polyakov
7ffa48ad38 perlasm/x86gas.pl: give a hand old assemblers assembling loop instruction. 2011-12-09 19:16:20 +00:00
Andy Polyakov
5711dd8eac x86-mont.pl: fix bug in integer-only squaring path. 
PR: 2648
 2011-12-09 14:21:25 +00:00
Dr. Stephen Henson
2ca873e8d8 transparently handle X9.42 DH parameters 2011-12-07 12:44:03 +00:00
Dr. Stephen Henson
afb14cda8c Initial experimental support for X9.42 DH parameter format to handle 
RFC5114 parameters and X9.42 DH public and private keys.
 2011-12-07 00:32:34 +00:00
Bodo Möller
ea8c77a55b Fix ecdsatest.c. 
Submitted by: Emilia Kasper
 2011-12-02 12:41:17 +00:00
Bodo Möller
390c579568 Fix BIO_f_buffer(). 
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
 2011-12-02 12:25:03 +00:00
Dr. Stephen Henson
0798170966 Update DH_check() to peform sensible checks when q parameter is present. 2011-12-01 17:27:36 +00:00
Dr. Stephen Henson
28ff14779e Correct some parameter values. 2011-12-01 17:26:58 +00:00
Andy Polyakov
6600126825 bn/asm/mips.pl: fix typos. 2011-12-01 12:16:09 +00:00
Dr. Stephen Henson
f6c0bd641c return error if counter exceeds limit and seed value supplied 2011-11-25 16:03:42 +00:00
Dr. Stephen Henson
ea7fe214c4 check counter value against 4 * L, not 4096 2011-11-25 15:01:23 +00:00
Andy Polyakov
d127ef78ad bsaes-x86_64.pl: fix buffer overrun in tail processing. 2011-11-16 23:34:01 +00:00
Dr. Stephen Henson
d674bb4bc8 In EC_KEY_set_public_key_affine_coordinates include explicit check to see passed components do not exceed field order 2011-11-16 13:28:35 +00:00
Ben Laurie
333f926d67 Add DTLS-SRTP. 2011-11-15 22:59:20 +00:00
Andy Polyakov
dce7f142a6 Configure: reimplement commit#21695. 2011-11-15 12:32:18 +00:00
Andy Polyakov
77aae9654f Configure, e_aes.c: allow for XTS assembler implementation. 2011-11-15 12:18:40 +00:00
Ben Laurie
ae55176091 Fix some warnings caused by __owur. Temporarily (I hope) remove the more 
aspirational __owur annotations.
 2011-11-14 00:36:10 +00:00
Andy Polyakov
fe06864836 bsaes-x86_64.pl: add Win64 SEH and "hadrware" calls to aes-x86_64.pl. 2011-11-13 20:33:41 +00:00
Andy Polyakov
0985bd4f80 bn_nist.c: fix strict-aliasing compiler warning. 2011-11-13 17:31:03 +00:00
Dr. Stephen Henson
20bee9684d Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest. 2011-11-13 14:07:36 +00:00
Andy Polyakov
6a828b7a8e rc4test.c: commit#21684 broke x86_64 shared Linux build. This is temporary 
solution so that one can build rc4test...
 2011-11-12 13:37:20 +00:00
Andy Polyakov
32268b183f e_aes.c: additional sanity check in aes_xts_cipher. 2011-11-12 13:26:36 +00:00
Andy Polyakov
ff6f9f96fd cryptlib.c, etc.: fix linker warnings in 64-bit Darwin build. 2011-11-12 13:10:00 +00:00
Andy Polyakov
4a5397fb68 Configure, x86gas.pl: fix linker warnings in 32-bit Darwin build. 2011-11-12 12:16:11 +00:00
Andy Polyakov
60d4e99cf3 bsaes-x86_64.pl: add bsaes_xts_[en|de]crypt. 2011-11-10 22:41:31 +00:00
Andy Polyakov
3c075bf07f arm_arch.h: allow to specify __ARM_ARCH__ elsewhere. 2011-11-09 20:08:44 +00:00
Andy Polyakov
bdf40fd251 x86cpuid.pl: compensate for imaginary virtual machines. 2011-11-08 21:27:44 +00:00
Andy Polyakov
9a480169cd e_aes.c: fold aesni_xts_cipher and [most importantly] fix aes_xts_cipher's 
return value after custom flag was rightly reverted.
 2011-11-06 19:48:39 +00:00
Andy Polyakov
29fd6746f5 armv4cpuid.S, armv4-gf2m.pl: make newest code compilable by older assembler. 2011-11-05 13:07:18 +00:00
Andy Polyakov
e879dd4386 x86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs. 
PR: 2633
 2011-11-05 10:44:12 +00:00
Andy Polyakov
09f40a3cb9 ppc.pl: fix bug in bn_mul_comba4. 
PR: 2636
Submitted by: Charles Bryant
 2011-11-05 10:16:04 +00:00
Dr. Stephen Henson
f4324e51dd Add single call public key sign and verify functions. 2011-11-05 01:34:36 +00:00
Richard Levitte
92064785ec Typo... 2011-10-30 14:43:53 +00:00
Andy Polyakov
a75a52a43e bsaes-x86_64.pl: add CBC decrypt and engage it in e_aes.c. 2011-10-30 12:15:56 +00:00
Richard Levitte
ada35f9c2c Add missing algorithms to disable, and in particular, disable 
EC_NISTP_64_GCC_128 by default, as GCC isn't currently supported on
VMS.  Synchronise with Unix.
 2011-10-30 11:46:07 +00:00
Andy Polyakov
0933887112 bn_exp.c: fix corner case in new constant-time code. 
Submitted by: Emilia Kasper
 2011-10-29 19:25:13 +00:00
Andy Polyakov
b08259cdfe bsaes-x86_64.pl: optimize InvMixColumns. 2011-10-29 11:56:21 +00:00
Andy Polyakov
28507577b1 bsaes-x86_64.pl: add decryption procedure (with unoptimized reference 
InvMixColumns).
 2011-10-29 11:47:20 +00:00
Dr. Stephen Henson
32cf5baeae PR: 2632 
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
 2011-10-26 16:43:34 +00:00
Dr. Stephen Henson
482cdf2489 typo 2011-10-24 13:23:51 +00:00
Andy Polyakov
f2784994ec e_aes.c: fold even aesni_ccm_cipher. 2011-10-24 06:00:06 +00:00
Andy Polyakov
507b0d9d38 e_aes.c: prevent potential DoS in aes_gcm_tls_cipher. 2011-10-23 22:58:40 +00:00
Andy Polyakov
181fbb77f3 cryptlib.c: remove stdio dependency in Windows fipscanister.lib. 2011-10-23 19:41:00 +00:00
Dr. Stephen Henson
f59a5d6079 No need for custom flag in XTS mode: block length is 1. 2011-10-23 17:06:28 +00:00
Dr. Stephen Henson
5fd722600b Check for selftest failure in various places. 2011-10-22 17:24:27 +00:00
Andy Polyakov
5b198d5eea x86gas.pl: relax .init segment alignment. 2011-10-22 10:49:52 +00:00
Dr. Stephen Henson
8d742dd561 Update error codes. 2011-10-21 11:46:16 +00:00
Andy Polyakov
033a25cef5 armcap.c: auto-setup processor capability vector. 2011-10-20 20:52:26 +00:00
Andy Polyakov
d528caa725 sha1-mips.pl: fix typo. 2011-10-20 08:39:29 +00:00
Dr. Stephen Henson
5e4eb9954b add authentication parameter to FIPS_module_mode_set 2011-10-19 22:34:53 +00:00
Andy Polyakov
227a822ab6 vxworks-mips: unify and add assembler. 2011-10-19 21:49:20 +00:00
Andy Polyakov
a9cf0b81fa Remove superseded MIPS assembler modules. 2011-10-19 21:42:21 +00:00
Andy Polyakov
3ee4d41fe1 arm_arch.h: add missing pre-defined macro, __ARM_ARCH_5TEJ__. 2011-10-19 18:57:03 +00:00
Bodo Möller
e5641d7f05 BN_BLINDING multi-threading fix. 
Submitted by: Emilia Kasper (Google)
 2011-10-19 14:59:27 +00:00
Bodo Möller
e0d6132b8c Fix warnings. 
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
 2011-10-19 08:59:53 +00:00
Bodo Möller
3e00b4c9db Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and 
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.
 2011-10-18 19:43:16 +00:00
Andy Polyakov
07904e0c6c evp/e_aes.c: fold AES-NI modes that heavily rely on indirect calls 
(trade 2% small-block performance), engage bit-sliced AES in GCM.
 2011-10-18 13:37:26 +00:00
Andy Polyakov
4010b341b7 x86_64-xlate.pl: make vpaes-x86_64.pl and rc4-md5-x86_64 work with ml64, 
fix bug in .crt section alignment.
PR: 2620, 2624
 2011-10-18 09:50:23 +00:00
Andy Polyakov
5a326467dc bsaes-x86_64.pl: make it work with ml64. 2011-10-18 09:22:04 +00:00
Andy Polyakov
3b7c14bb90 [bs|vp]aes-x86[_64].pl: typos and clarifications. 2011-10-18 08:03:02 +00:00
Andy Polyakov
e2473dcc7d c_allc.c: add aes-xts to loop. 2011-10-18 07:53:50 +00:00
Andy Polyakov
78f288d5c9 bn_mont.c: get corner cases right in updated BN_from_montgomery_word. 2011-10-17 23:35:00 +00:00
Andy Polyakov
8329e2e776 bn_exp.c: further optimizations using more ideas from 
http://eprint.iacr.org/2011/239.
 2011-10-17 17:41:49 +00:00
Andy Polyakov
3f66f2040a x86_64-mont.pl: minor optimization. 2011-10-17 17:39:59 +00:00
Andy Polyakov
2534891874 bn_mont.c: simplify BN_from_montgomery_word. 2011-10-17 17:24:28 +00:00
Andy Polyakov
79ba545c09 bn_shift.c: minimize reallocations, which allows BN_FLG_STATIC_DATA to 
be shifted in specific cases.
 2011-10-17 17:20:48 +00:00
Andy Polyakov
993adc0531 Engage bsaes-x86_64.pl, bit-sliced AES. 2011-10-17 17:10:54 +00:00
Dr. Stephen Henson
bc1b04d255 L=3072, N=256 provides 128 bits of security not 112. 2011-10-16 12:31:49 +00:00
Andy Polyakov
8fcdb1e60f Add android-x86. 2011-10-15 08:32:16 +00:00
Dr. Stephen Henson
ffbfbef943 more vxworks patches 2011-10-14 22:04:14 +00:00
Andy Polyakov
027026df9f e_aes.c: fix bug in aesni_gcm_tls_cipher. 2011-10-14 09:32:06 +00:00
Andy Polyakov
9ee5916d97 aesni-x86[_64].pl: fix bug in CCM code. 2011-10-14 09:15:19 +00:00
Andy Polyakov
af9b610cef Remove eng_aesni.c as AES-NI support is integrated directly at EVP. 2011-10-13 19:46:44 +00:00
Bodo Möller
4f2015742d Oops - ectest.c finds further problems beyond those exposed by bntext.c 2011-10-13 14:29:59 +00:00
Bodo Möller
0a06ad76a1 Avoid failed assertion in BN_DEBUG builds 2011-10-13 14:21:39 +00:00
Bodo Möller
bf6d2f986d Make CTR mode behaviour consistent with other modes: 
- clear ctx->num in EVP_CipherInit_ex
- adapt e_eas.c changes from http://cvs.openssl.org/chngview?cn=19816
  for eng_aesni.c

Submitted by: Emilia Kasper
 2011-10-13 13:41:34 +00:00
Bodo Möller
cdfe0fdde6 Fix OPENSSL_BN_ASM_MONT5 for corner cases; add a test. 
Submitted by: Emilia Kasper
 2011-10-13 12:35:10 +00:00
Dr. Stephen Henson
7fc78f11e8 Remove o_init.o special case from Makefile: this doesn't work. 2011-10-12 17:27:08 +00:00
Dr. Stephen Henson
3231e42d72 update pkey method initialisation and copy 2011-10-11 18:15:31 +00:00
Dr. Stephen Henson
cd366cf7ec print out subgroup order if present 2011-10-11 17:44:26 +00:00
Dr. Stephen Henson
a59163f6b6 def_rsa_finish not used any more. 2011-10-10 20:35:09 +00:00
Dr. Stephen Henson
fe4394cf1d remove some debugging code 2011-10-10 19:09:01 +00:00
Dr. Stephen Henson
84a75ba38c fix leak properly this time... 2011-10-10 14:08:55 +00:00
Dr. Stephen Henson
42753a4f67 fix memory leaks 2011-10-09 23:08:15 +00:00
Dr. Stephen Henson
58b75e9c26 PR: 2482 
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
 2011-10-09 00:56:52 +00:00
Dr. Stephen Henson
66bb328e11 ? crypto/aes/aes-armv4.S 
? crypto/aes/aesni-sha1-x86_64.s
? crypto/aes/aesni-x86_64.s
? crypto/aes/foo.pl
? crypto/aes/vpaes-x86_64.s
? crypto/bn/.bn_lib.c.swp
? crypto/bn/armv4-gf2m.S
? crypto/bn/diffs
? crypto/bn/modexp512-x86_64.s
? crypto/bn/x86_64-gf2m.s
? crypto/bn/x86_64-mont5.s
? crypto/ec/bc.txt
? crypto/ec/diffs
? crypto/modes/a.out
? crypto/modes/diffs
? crypto/modes/ghash-armv4.S
? crypto/modes/ghash-x86_64.s
? crypto/modes/op.h
? crypto/modes/tst.c
? crypto/modes/x.h
? crypto/objects/.obj_xref.txt.swp
? crypto/rand/diffs
? crypto/sha/sha-512
? crypto/sha/sha1-armv4-large.S
? crypto/sha/sha256-armv4.S
? crypto/sha/sha512-armv4.S
Index: crypto/objects/obj_xref.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v
retrieving revision 1.9
diff -u -r1.9 obj_xref.c
--- crypto/objects/obj_xref.c	5 Nov 2008 18:38:58 -0000	1.9
+++ crypto/objects/obj_xref.c	6 Oct 2011 20:30:21 -0000
@@ -110,8 +110,10 @@
 #endif
 	if (rv == NULL)
 		return 0;
-	*pdig_nid = rv->hash_id;
-	*ppkey_nid = rv->pkey_id;
+	if (pdig_nid)
+		*pdig_nid = rv->hash_id;
+	if (ppkey_nid)
+		*ppkey_nid = rv->pkey_id;
 	return 1;
 	}

@@ -144,7 +146,8 @@
 #endif
 	if (rv == NULL)
 		return 0;
-	*psignid = (*rv)->sign_id;
+	if (psignid)
+		*psignid = (*rv)->sign_id;
 	return 1;
 	}

Index: crypto/x509/x509type.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v
retrieving revision 1.10
diff -u -r1.10 x509type.c
--- crypto/x509/x509type.c	26 Oct 2007 12:06:33 -0000	1.10
+++ crypto/x509/x509type.c	6 Oct 2011 20:36:04 -0000
@@ -100,20 +100,26 @@
 		break;
 		}

-	i=X509_get_signature_type(x);
-	switch (i)
+	i=OBJ_obj2nid(x->sig_alg->algorithm);
+	if (i && OBJ_find_sigid_algs(i, NULL, &i))
 		{
-	case EVP_PKEY_RSA:
-		ret|=EVP_PKS_RSA;
-		break;
-	case EVP_PKEY_DSA:
-		ret|=EVP_PKS_DSA;
-		break;
-	case EVP_PKEY_EC:
-		ret|=EVP_PKS_EC;
-		break;
-	default:
-		break;
+
+		switch (i)
+			{
+		case NID_rsaEncryption:
+		case NID_rsa:
+			ret|=EVP_PKS_RSA;
+			break;
+		case NID_dsa:
+		case NID_dsa_2:
+			ret|=EVP_PKS_DSA;
+			break;
+		case NID_X9_62_id_ecPublicKey:
+			ret|=EVP_PKS_EC;
+			break;
+		default:
+			break;
+			}
 		}

 	if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
 2011-10-06 20:44:02 +00:00
Andy Polyakov
112726486d bsaes-x86_64.pl: add due credit. 2011-09-27 19:34:40 +00:00
Andy Polyakov
4ec93a10bd Add bit-sliced AES x86_64 assembler, see http://homes.esat.kuleuven.be/~ekasper/#software for background information. It's not integrated into build system yet. 2011-09-25 15:31:51 +00:00
Dr. Stephen Henson
c2035bffe7 PR: 2606 
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve

Handle timezones correctly in UTCTime.
 2011-09-23 13:39:23 +00:00
Dr. Stephen Henson
e74ac3f830 Update error codes. 2011-09-21 16:17:18 +00:00
Andy Polyakov
2b1f17f83f Make latest assembler additions (vpaes and e_padlock) work in Windows build. 2011-09-18 15:40:11 +00:00
Andy Polyakov
7470276a25 sha256-586.pl: minor optimization, +0-2% on all CPUs, +7% on Westmere. 2011-09-17 12:57:33 +00:00
Andy Polyakov
d2fd65f6f6 sha512-x86_64.pl: +15% better performance on Westmere and incidentally Atom. 
Other Intel processors +5%, Opteron -2%.
 2011-09-17 11:30:28 +00:00
Dr. Stephen Henson
819cf4b886 Sync error codes with 1.0.1-stable. 2011-09-17 00:17:46 +00:00
Andy Polyakov
8ca28da0a7 Integrate Vector Permutation AES into build system. 2011-09-15 20:22:59 +00:00
Andy Polyakov
03e389cf04 Allow for dynamic base in Win64 FIPS module. 2011-09-14 20:48:49 +00:00
Andy Polyakov
543dfa9f0e vpaes-x86[_64]*.pl: fix typo. 2011-09-12 12:50:00 +00:00
Andy Polyakov
a87ff751b7 Add so called Vector Permutation AES x86[_64] assembler, see 
http://crypto.stanford.edu/vpaes/ for background information.
It's not integrated into build system yet.
 2011-09-12 08:25:14 +00:00
Dr. Stephen Henson
bbb19418e6 Add error codes for DRBG KAT failures. 
Add abbreviated DRBG KAT for POST which only performs a single generate
operations instead of four.
 2011-09-06 20:46:27 +00:00
Andy Polyakov
ed28aef8b4 Padlock engine: make it independent of inline assembler. 2011-09-06 20:45:36 +00:00
Dr. Stephen Henson
0486cce653 Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past 
produce an error (CVE-2011-3207)
 2011-09-06 15:15:09 +00:00
Andy Polyakov
dd83d0f4a7 crypto/bn/bn_gf2m.c: make it work with BN_DEBUG. 2011-09-05 16:14:43 +00:00
Bodo Möller
612fcfbd29 Fix d2i_SSL_SESSION. 2011-09-05 13:31:17 +00:00
Bodo Möller
837e1b6812 Fix memory leak on bad inputs. 2011-09-05 09:57:20 +00:00
Bodo Möller
ae53b299fa make update 2011-09-05 09:46:15 +00:00
Bodo Möller
f0ecb86666 Fix error codes. 2011-09-05 09:42:34 +00:00
Dr. Stephen Henson
a60cc6b4f0 Don't use *from++ in tolower as this is implemented as a macro on some 
platforms. Thanks to Shayne Murray <Shayne.Murray@Polycom.com> for
reporting this issue.
 2011-09-02 11:28:27 +00:00
Dr. Stephen Henson
2c1f5ce4b1 PR: 2576 
Submitted by: Doug Goldstein <cardoe@gentoo.org>
Reviewed by: steve

Include header file stdlib.h which is needed on some platforms to get
getenv() declaration.
 2011-09-02 11:20:15 +00:00
Dr. Stephen Henson
74e056edbc PR: 2340 
Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar>
Reviewed by: steve

Stop warnings if OPENSSL_NO_DGRAM is defined.
 2011-09-01 15:01:35 +00:00
Dr. Stephen Henson
ff7231043f make timing attack protection unconditional 2011-09-01 14:23:09 +00:00
Dr. Stephen Henson
5e92fd244c Stop warnings. 2011-09-01 14:15:47 +00:00
Dr. Stephen Henson
04485c5bc0 PR: 2589 
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Initialise p pointer.
 2011-09-01 13:52:48 +00:00
Dr. Stephen Henson
d77a970669 PR: 2588 
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Close file pointer.
 2011-09-01 13:49:16 +00:00
Andy Polyakov
cfdbff23ab bn_exp.c: improve portability. 2011-08-27 19:38:55 +00:00
Dr. Stephen Henson
2abaa9caaf Add support for DSA2 PQG generation of g parameter. 2011-08-27 12:30:47 +00:00
Dr. Stephen Henson
f55f5f775e Add support for canonical generation of DSA parameter g. 
Modify fips_dssvs to support appropriate file format.
 2011-08-26 14:51:49 +00:00
Dr. Stephen Henson
7daf0efad9 Fix warning. 2011-08-25 19:50:51 +00:00
Andy Polyakov
c608171d9c Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. 2011-08-23 20:51:38 +00:00
Andy Polyakov
c2d4c2867b eng_rsax.c: improve portability. 2011-08-22 19:01:16 +00:00
Andy Polyakov
6c01cbb6a0 modexp512-x86_64.pl: make it work with ml64. 2011-08-19 06:30:32 +00:00
Andy Polyakov
bf3dfe7fee bn_div.c: remove duplicate code by merging BN_div and BN_div_no_branch. 2011-08-14 11:31:35 +00:00
Andy Polyakov
e7d1363d12 x86_64-mont5.pl: add missing Win64 support. 2011-08-14 09:06:06 +00:00
Andy Polyakov
f744bcfd73 eng_rdrand.c: make it link in './config 386' case. 2011-08-14 08:30:56 +00:00
Andy Polyakov
10bd69bf4f armv4-mont.pl: profiler-assisted optimization gives 8%-14% improvement 
(more for longer keys) on RSA/DSA.
 2011-08-13 12:38:41 +00:00
Andy Polyakov
ae8b47f07f SPARC assembler pack: fix FIPS linking errors. 2011-08-12 21:38:19 +00:00
Andy Polyakov
272ba87017 x86_64-xlate.pl: fix movzw. 2011-08-12 21:24:19 +00:00
Andy Polyakov
361512da0d This commit completes recent modular exponentiation optimizations on 
x86_64 platform. It targets specifically RSA1024 sign (using ideas
from http://eprint.iacr.org/2011/239) and adds more than 10% on most
platforms. Overall performance improvement relative to 1.0.0 is ~40%
in average, with best result of 54% on Westmere. Incidentally ~40%
is average improvement even for longer key lengths.
 2011-08-12 16:44:32 +00:00
Andy Polyakov
20735f4c81 alphacpuid.pl: fix alignment bug. 
alpha-mont.pl: fix typo.
PR: 2577
 2011-08-12 12:28:52 +00:00
Dr. Stephen Henson
ab1ec69843 aesni TLS GCM support 2011-08-11 23:06:19 +00:00
Dr. Stephen Henson
19ad345739 prevent compilation errors and warnings 2011-08-11 21:12:17 +00:00
Andy Polyakov
37f010e248 Add provisory support for RDRAND instruction. 2011-08-10 18:52:42 +00:00
Andy Polyakov
85ec54a417 x86_64-mont.pl: futher optimization resulting in up to 48% improvement 
(4096-bit RSA sign benchmark on Core2) in comparison to initial version
from 2005.
 2011-08-09 13:05:05 +00:00
Andy Polyakov
267b481c47 aes/asm/aesni-*.pl: fix CCM and further optimize it. 
modes/ccm128.c: minor branch optimization.
 2011-08-07 17:47:56 +00:00
Dr. Stephen Henson
8a8cc84f74 fix memory leak 2011-08-03 16:39:58 +00:00