openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	03f84c8260	Update error codes for FIPS. Add support for authentication in FIPS_mode_set().	2011-10-21 13:04:27 +00:00
Dr. Stephen Henson	6d5eb464c9	Recognise new ECC option (from HEAD).	2011-10-21 12:53:07 +00:00
Bodo Möller	67f8de9ab8	"make update"	2011-10-19 15:24:44 +00:00
Bodo Möller	2d95ceedc5	BN_BLINDING multi-threading fix. Submitted by: Emilia Kasper (Google)	2011-10-19 14:58:59 +00:00
Bodo Möller	6526d765fc	Fix indentation	2011-10-19 09:24:05 +00:00
Bodo Möller	3d520f7c2d	Fix warnings. Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.	2011-10-19 08:58:35 +00:00
Bodo Möller	9c37519b55	Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these; -DEC_NISTP224_64_GCC_128 no longer works.) Submitted by: Google Inc.	2011-10-18 19:43:54 +00:00
Dr. Stephen Henson	7e9cfcd0dc	Recognise no-rsax option.	2011-10-15 13:22:26 +00:00
Andy Polyakov	a99ce1f5b1	e_aes.c: fix bug in aesni_gcm_tls_cipher [in HEAD].	2011-10-14 09:34:14 +00:00
Andy Polyakov	42660b3cf1	aesni-x86[_64].pl: pull from HEAD.	2011-10-14 09:21:03 +00:00
Bodo Möller	f30258c439	use -no_ecdhe when using -no_dhe	2011-10-13 15:07:05 +00:00
Bodo Möller	93ff4c69f7	Make CTR mode behaviour consistent with other modes: clear ctx->num in EVP_CipherInit_ex Submitted by: Emilia Kasper	2011-10-13 13:42:29 +00:00
Bodo Möller	79571bb1ca	Clarify warning	2011-10-13 13:25:03 +00:00
Bodo Möller	f72c1a58cb	In ssl3_clear, preserve s3->init_extra along with s3->rbuf. Submitted by: Bob Buckholz <bbuckholz@google.com>	2011-10-13 13:05:35 +00:00
Dr. Stephen Henson	2461396f69	For now disable RSAX ENGINE for FIPS builds: it sets a non-FIPS RSA method which stops FIPS mode working.	2011-10-13 11:43:44 +00:00
Dr. Stephen Henson	81a071df2f	increase test RSA key size to 1024 bits	2011-10-12 21:55:42 +00:00
Dr. Stephen Henson	6841abe842	update pkey method initialisation and copy	2011-10-11 18:16:02 +00:00
Dr. Stephen Henson	cb70355d87	Backport ossl_ssize_t type from HEAD.	2011-10-10 22:33:50 +00:00
Dr. Stephen Henson	b17442bb04	def_rsa_finish not used anymore.	2011-10-10 20:34:17 +00:00
Dr. Stephen Henson	4874e235fb	fix leak properly this time...	2011-10-10 14:09:05 +00:00
Dr. Stephen Henson	06afa6eb94	add GCM ciphers in SSL_library_init	2011-10-10 12:56:11 +00:00
Dr. Stephen Henson	58e4205d6c	disable GCM if not available	2011-10-10 12:40:13 +00:00
Dr. Stephen Henson	733394d6dd	Add some entries for 1.0.1 in NEWS.	2011-10-10 00:27:52 +00:00
Dr. Stephen Henson	2de9558dea	sync NEWS with 1.0.0 branch	2011-10-10 00:23:14 +00:00
Dr. Stephen Henson	6bd173fced	Don't disable TLS v1.2 by default any more.	2011-10-09 23:28:25 +00:00
Dr. Stephen Henson	6b00cd746a	Update ordinals.	2011-10-09 23:14:20 +00:00
Dr. Stephen Henson	9309ea6617	Backport PSS signature support from HEAD.	2011-10-09 23:13:50 +00:00
Dr. Stephen Henson	05c9e3aea5	fix CHANGES entry	2011-10-09 23:11:09 +00:00
Dr. Stephen Henson	88bac3e664	fix memory leaks	2011-10-09 23:09:22 +00:00
Dr. Stephen Henson	5473b6bc2f	Fix memory leak. From HEAD.	2011-10-09 16:04:17 +00:00
Dr. Stephen Henson	38e408076e	Update ordinals.	2011-10-09 15:28:52 +00:00
Dr. Stephen Henson	dc100d87b5	Backport of password based CMS support from HEAD.	2011-10-09 15:28:02 +00:00
Dr. Stephen Henson	6f6b31dadc	PR: 2482 Submitted by: Rob Austein <sra@hactrn.net> Reviewed by: steve Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.	2011-10-09 00:56:43 +00:00
Dr. Stephen Henson	b08b158b44	use client version when eliminating TLS v1.2 ciphersuites in client hello	2011-10-07 15:07:36 +00:00
Dr. Stephen Henson	177f27d71e	? crypto/aes/aes-armv4.S ? crypto/aes/aesni-sha1-x86_64.s ? crypto/aes/aesni-x86_64.s ? crypto/aes/foo.pl ? crypto/aes/vpaes-x86_64.s ? crypto/bn/.bn_lib.c.swp ? crypto/bn/armv4-gf2m.S ? crypto/bn/diffs ? crypto/bn/modexp512-x86_64.s ? crypto/bn/x86_64-gf2m.s ? crypto/bn/x86_64-mont5.s ? crypto/ec/bc.txt ? crypto/ec/diffs ? crypto/modes/a.out ? crypto/modes/diffs ? crypto/modes/ghash-armv4.S ? crypto/modes/ghash-x86_64.s ? crypto/modes/op.h ? crypto/modes/tst.c ? crypto/modes/x.h ? crypto/objects/.obj_xref.txt.swp ? crypto/rand/diffs ? crypto/sha/sha-512 ? crypto/sha/sha1-armv4-large.S ? crypto/sha/sha256-armv4.S ? crypto/sha/sha512-armv4.S Index: crypto/objects/obj_xref.c =================================================================== RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v retrieving revision 1.9 diff -u -r1.9 obj_xref.c --- crypto/objects/obj_xref.c 5 Nov 2008 18:38:58 -0000 1.9 +++ crypto/objects/obj_xref.c 6 Oct 2011 20:30:21 -0000 @@ -110,8 +110,10 @@ #endif if (rv == NULL) return 0; - pdig_nid = rv->hash_id; - ppkey_nid = rv->pkey_id; + if (pdig_nid) + pdig_nid = rv->hash_id; + if (ppkey_nid) + ppkey_nid = rv->pkey_id; return 1; } @@ -144,7 +146,8 @@ #endif if (rv == NULL) return 0; - psignid = (rv)->sign_id; + if (psignid) + psignid = (rv)->sign_id; return 1; } Index: crypto/x509/x509type.c =================================================================== RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v retrieving revision 1.10 diff -u -r1.10 x509type.c --- crypto/x509/x509type.c 26 Oct 2007 12:06:33 -0000 1.10 +++ crypto/x509/x509type.c 6 Oct 2011 20:36:04 -0000 @@ -100,20 +100,26 @@ break; } - i=X509_get_signature_type(x); - switch (i) + i=OBJ_obj2nid(x->sig_alg->algorithm); + if (i && OBJ_find_sigid_algs(i, NULL, &i)) { - case EVP_PKEY_RSA: - ret\|=EVP_PKS_RSA; - break; - case EVP_PKEY_DSA: - ret\|=EVP_PKS_DSA; - break; - case EVP_PKEY_EC: - ret\|=EVP_PKS_EC; - break; - default: - break; + + switch (i) + { + case NID_rsaEncryption: + case NID_rsa: + ret\|=EVP_PKS_RSA; + break; + case NID_dsa: + case NID_dsa_2: + ret\|=EVP_PKS_DSA; + break; + case NID_X9_62_id_ecPublicKey: + ret\|=EVP_PKS_EC; + break; + default: + break; + } } if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look	2011-10-06 20:45:08 +00:00
Dr. Stephen Henson	928bd9a149	fix signed/unsigned warning	2011-09-26 17:04:41 +00:00
Dr. Stephen Henson	e53113b8ac	make sure eivlen is initialised	2011-09-24 23:06:35 +00:00
Dr. Stephen Henson	1fe83b4afe	use keyformat for -x509toreq, don't hard code PEM	2011-09-23 21:48:50 +00:00
Dr. Stephen Henson	e8f31f80d1	PR: 2606 Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de> Reviewed by: steve Handle timezones correctly in UTCTime.	2011-09-23 13:39:35 +00:00
Dr. Stephen Henson	56f5ab43c2	PR: 2602 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS bug which prevents manual MTU setting	2011-09-23 13:35:05 +00:00
Dr. Stephen Henson	370385571c	PR: 2347 Submitted by: Tomas Mraz <tmraz@redhat.com> Reviewed by: steve Fix usage message.	2011-09-23 13:12:41 +00:00
Dr. Stephen Henson	e34a303ce1	make depend	2011-09-16 23:15:22 +00:00
Dr. Stephen Henson	36f120cd20	Improved error checking for DRBG calls. New functionality to allow default DRBG type to be set during compilation or during runtime.	2011-09-16 23:12:34 +00:00
Dr. Stephen Henson	0ae7c43fa5	Improved error checking for DRBG calls. New functionality to allow default DRBG type to be set during compilation or during runtime.	2011-09-16 23:08:57 +00:00
Dr. Stephen Henson	c0d2943952	Typo.	2011-09-16 23:04:07 +00:00
Dr. Stephen Henson	7d453a3b49	Fix warnings (from HEAD).	2011-09-10 21:18:37 +00:00
Dr. Stephen Henson	cd447875e6	Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past produce an error (CVE-2011-3207)	2011-09-06 15:14:41 +00:00
Andy Polyakov	692a94293c	config: don't add -Wa options with no-asm [from HEAD].	2011-09-05 16:33:48 +00:00
Bodo Möller	efebb10829	oops	2011-09-05 13:43:53 +00:00
Bodo Möller	3c3f025923	Fix session handling.	2011-09-05 13:36:55 +00:00

... 3 4 5 6 7 ...

10054 commits