Commit graph

5948 commits

Author SHA1 Message Date
Bodo Moeller
d5213519c0 Simplify and fix ec_GFp_simple_points_make_affine
(which didn't always handle value 0 correctly).

Reviewed-by: emilia@openssl.org
2014-08-01 17:27:59 +02:00
Dr. Stephen Henson
a3efe1b6e9 Avoid multiple lock using FIPS DRBG.
Don't use multiple locks when SP800-90 DRBG is used outside FIPS mode.

PR#3176
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-07-30 21:08:07 +01:00
Matt Caswell
371d9a627b Prepare for 1.0.2-beta3-dev
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-07-22 21:31:04 +01:00
Matt Caswell
2f63ad1c6d Prepare for 1.0.2-beta2 release
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-07-22 21:30:33 +01:00
Matt Caswell
0e32035292 make update
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-07-22 21:30:33 +01:00
Billy Brumley
4ccc2c19e2 "EC_POINT_invert" was checking "dbl" function pointer instead of "invert".
PR#2569

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit cba11f57ce)
2014-07-21 22:28:09 +01:00
Andy Polyakov
a2f34441ab sha1-ppc.pl: shave off one cycle from BODY_20_39
and improve performance by 10% on POWER[78].

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 5c3598307e)
2014-07-21 15:30:59 +02:00
Andy Polyakov
c991d8ae8b Initial POWER8 support from development branch.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-20 14:36:49 +02:00
Dr. Stephen Henson
4c05b1f8d6 Make *Final work for key wrap again.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 58f4698f67)
2014-07-17 23:31:11 +01:00
Dr. Stephen Henson
6e1e5996df Sanity check lengths for AES wrap algorithm.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit d12eef1501)
2014-07-17 12:58:42 +01:00
Matt Caswell
14b5d0d029 Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415

(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
2014-07-13 22:20:15 +01:00
Richard Levitte
5b9188454b * crypto/ui/ui_lib.c: misplaced brace in switch statement.
Detected by dcruette@qualitesys.com

(cherry picked from commit 8b5dd34091)
2014-07-13 19:13:38 +02:00
Ben Laurie
5e189b4b8d Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259).
(cherry picked from commit c1d1b0114e)
2014-07-10 17:49:53 +01:00
Matt Caswell
23bd628735 Fix memory leak in BIO_free if there is no destroy function.
Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com>

PR#3439

(cherry picked from commit 66816c53be)
2014-07-09 23:32:18 +01:00
Andy Polyakov
371feee876 x86_64 assembly pack: improve masm support.
(cherry picked from commit 1b0fe79f3e)
2014-07-09 22:46:13 +02:00
Andy Polyakov
f50f0c6aa3 Please Clang's sanitizer, addendum.
(cherry picked from commit d11c70b2c2)
2014-07-09 22:45:52 +02:00
Andy Polyakov
2064e2db08 Please Clang's sanitizer.
PR: #3424,#3423,#3422
(cherry picked from commit 021e5043e5)
2014-07-09 22:45:38 +02:00
Andy Polyakov
0ad2a0a303 sha[1|512]-x86_64.pl: fix logical errors with $shaext=0.
(cherry picked from commit 07b635cceb)
2014-07-07 17:02:00 +02:00
David Lloyd
2cb761c1f4 Prevent infinite loop loading config files.
PR#2985
(cherry picked from commit 9d23f422a3)
2014-07-07 13:54:11 +01:00
Viktor Dukhovni
e83c913723 Update API to use (char *) for email addresses and hostnames
Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().

(cherry picked from commit 297c67fcd8)
2014-07-07 19:20:34 +10:00
Viktor Dukhovni
55fe56837a Set optional peername when X509_check_host() succeeds.
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.

(cherry picked from commit ced3d9158a)
2014-07-07 19:20:34 +10:00
Viktor Dukhovni
1eb57ae2b7 New peername element in X509_VERIFY_PARAM_ID
Declaration, memory management, accessor and documentation.

(cherry picked from commit 6e661d458f)
2014-07-07 19:20:34 +10:00
Viktor Dukhovni
41e3ebd5ab One more typo when changing !result to result <= 0
(cherry picked from commit eef1827f89)
2014-07-07 19:19:13 +10:00
Viktor Dukhovni
9624b50d51 Fix typo in last commit
(cherry picked from commit 90b70a6a6b)
2014-07-07 19:19:13 +10:00
Viktor Dukhovni
449d864515 Multiple verifier reference identities.
Implemented as STACK_OF(OPENSSL_STRING).

(cherry picked from commit 8abffa4a73)
2014-07-07 19:19:13 +10:00
Viktor Dukhovni
7f7e11ee5c Implement sk_deep_copy.
(cherry picked from commit 66d884f067)
2014-07-07 19:19:13 +10:00
Dr. Stephen Henson
5c1b373be6 Sanity check keylength in PVK files.
PR#2277
(cherry picked from commit 733a6c882e92f8221bd03a51643bb47f5f81bb81)
2014-07-06 00:36:14 +01:00
Andy Polyakov
6ce295a301 sha512-x86_64.pl: fix typo.
PR: #3431
(cherry picked from commit 7eb9680ae1)
2014-07-06 00:00:34 +02:00
Alan Hryngle
ff5b11f547 Return smaller of ret and f.
PR#3418.
(cherry picked from commit fdea4fff8f)
2014-07-05 22:38:17 +01:00
Dr. Stephen Henson
534656a997 Add license info.
(cherry picked from commit 55707a36cc)
2014-07-04 18:43:06 +01:00
Andy Polyakov
47b9e06cfd bn_exp.c: fix x86_64-specific crash with one-word modulus.
PR: #3397
(cherry picked from commit eca441b2b4)
2014-07-02 21:16:45 +02:00
Dr. Stephen Henson
9223a31eb7 ASN1 sanity check.
Primitive encodings shouldn't use indefinite length constructed
form.

PR#2438 (partial).
(cherry picked from commit 398e99fe5e)
2014-07-02 00:59:44 +01:00
Dr. Stephen Henson
654ae3d6ad Accessor functions for app_data in ECDSA_METHOD
(cherry picked from commit 387b844ffd)
2014-07-02 00:59:43 +01:00
Andy Polyakov
daa96141d3 sha512-x86_64.pl: fix linking problem under Windows.
(cherry picked from commit 29be3f6411)
2014-07-01 17:12:41 +02:00
Dr. Stephen Henson
802fdcda1e Fix copy for CCM, GCM and XTS.
Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.
(cherry picked from commit c2fd5d79ff)
2014-06-30 13:59:38 +01:00
Dr. Stephen Henson
6006e352ad Make EVP_Digest* work again. 2014-06-30 13:59:29 +01:00
Dr. Stephen Henson
df401f4796 Make CMAC work with EVP_PKEY.
Add patch originally accidentally omitted to allow CMAC to work with
EVP_PKEY APIs.
2014-06-29 23:44:44 +01:00
ZNV
14183e50e7 Make EVP_CIPHER_CTX_copy work in GCM mode.
PR#3272
(cherry picked from commit 370bf1d708)
2014-06-29 22:02:23 +01:00
Andy Polyakov
377551b9c4 x86_64 assembly pack: refine clang detection.
(cherry picked from commit a356e488ad)

Resolved conflicts:

	crypto/bn/asm/rsaz-avx2.pl
2014-06-28 17:26:03 +02:00
Andreas Westfeld
e99980e8fd Fix typo in ideatest.c
(cherry picked from commit d1d4382dcb)
2014-06-28 00:06:32 +01:00
Dr. Stephen Henson
d0ba994483 Fix for EVP_PBE_alg_add().
In EVP_PBE_alg_add don't use the underlying NID for the cipher
as it may have a non-standard key size.

PR#3206
(cherry picked from commit efb7caef637a1de8468ca109efd355a9d0e73a45)
2014-06-27 23:19:37 +01:00
Andy Polyakov
52f856526c x86_64 assembly pack: addendum to last clang commit.
(cherry picked from commit 7eb0488280)
2014-06-27 22:55:22 +02:00
Andy Polyakov
912f08dd5e x86_64 assembly pack: allow clang to compile AVX code.
(cherry picked from commit ac171925ab)
2014-06-27 22:55:07 +02:00
Andy Polyakov
1067663d85 bn/asm/rsaz-avx2.pl: fix occasional failures.
(cherry picked from commit 406d4af050)
2014-06-27 22:43:43 +02:00
Dr. Stephen Henson
22228d2d40 Tolerate critical AKID in CRLs.
PR#3014
(cherry picked from commit 11da66f8b1)
2014-06-27 18:50:19 +01:00
Tom Greenslade
c57745596c Handle IPv6 addresses in OCSP_parse_url.
PR#2783
(cherry picked from commit b36f35cda9)
2014-06-27 17:31:37 +01:00
Dr. Stephen Henson
65e4dca40c Rebuild OID table. 2014-06-27 16:58:41 +01:00
Dr. Stephen Henson
ff4cfc4c58 Fix OID encoding for one component.
OIDs with one component don't have an encoding.

PR#2556 (Bug#1)
(cherry picked from commit 95791bf941)
2014-06-27 16:58:16 +01:00
Dr. Stephen Henson
e42c208235 Memory leak and NULL dereference fixes.
PR#3403
(cherry picked from commit d2aea03829)
2014-06-27 14:52:36 +01:00
Dr. Stephen Henson
e86951ca2a Remove ancient obsolete files under pkcs7.
(cherry picked from commit 7be6b27aaf)
2014-06-27 13:53:23 +01:00
Huzaifa Sidhpurwala
b7a4f98b15 Make sure BN_sqr can never return a negative value.
PR#3410
(cherry picked from commit e14e764c0d5d469da63d0819c6ffc0e1e9e7f0bb)
2014-06-26 23:56:32 +01:00
Andy Polyakov
82a9dafe32 bn_exp.c: move check for AD*X to rsaz-avx2.pl.
This ensures high performance is situations when assembler supports
AVX2, but not AD*X.
(cherry picked from commit f3f620e1e0)

Resolved conflicts:

	crypto/bn/asm/rsaz-avx2.pl
2014-06-27 00:36:05 +02:00
Andy Polyakov
1536bcfd56 aesv8-armx.pl: rigid input verification in key setup.
(cherry picked from commit 7b8c8c4d79)
2014-06-25 22:12:08 +02:00
Viktor Dukhovni
3fc0b1edad X509_check_mumble() failure is <= 0, not just 0
(cherry picked from commit a48fb0400c)
2014-06-25 18:21:36 +01:00
Viktor Dukhovni
3d15d58e55 More complete input validation of X509_check_mumble
(cherry picked from commit 29edebe95c)
2014-06-25 18:21:35 +01:00
Viktor Dukhovni
d93edc0aab Drop hostlen from X509_VERIFY_PARAM_ID.
Just store NUL-terminated strings.  This works better when we add
support for multiple hostnames.
(cherry picked from commit b3012c698a)
2014-06-25 18:21:35 +01:00
Andy Polyakov
a073ceeff4 aesv8-armx.pl: inclrease interleave factor.
This is to compensate for higher aes* instruction latency on Cortex-A57.
(cherry picked from commit 015364baf3)
2014-06-24 08:10:37 +02:00
Andy Polyakov
5cd8ce42ec ARMv8 assembly pack: add Cortex performance numbers.
(cherry picked from commit 0f777aeb50)
2014-06-24 08:07:04 +02:00
Richard Levitte
a61e509e9b Adjust VMS build to Unix build. Most of all, make it so the disabled
algorithms MD2 and RC5 don't get built.
Also, disable building the test apps in crypto/des and crypto/pkcs7, as
they have no support at all.
2014-06-18 13:43:09 +02:00
Felix Laurie von Massenbach
1b823494de Fix signed/unsigned comparisons.
(cherry picked from commit 50cc4f7b3d)
2014-06-17 18:38:36 +01:00
Felix Laurie von Massenbach
6657e68bf2 Fix shadow declaration.
(cherry picked from commit 1f61d8b5b1)
2014-06-17 18:36:48 +01:00
Richard Levitte
b9c0dae28e Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces 2014-06-16 13:25:16 +02:00
Andy Polyakov
d940b3b9c7 aesni-sha[1|256]-x86_64.pl: fix logical error and MacOS X build.
(cherry picked from commit 9024b84b7c)
2014-06-16 10:12:56 +02:00
Viktor Dukhovni
cfbc10fb32 Enforce _X509_CHECK_FLAG_DOT_SUBDOMAINS internal-only
(cherry picked from commit d435e23959f1c2cb4feadbfba9ad884c59f37db9)
2014-06-14 22:31:28 +01:00
Andy Polyakov
79b960c046 evp/e_aes_cbc_sha[1|256].c: fix -DPEDANTIC build.
(cherry picked from commit ce00c64df9)
2014-06-14 23:16:29 +02:00
Richard Levitte
66a6e2b2b6 Adjust VMS build files to the Unix ones 2014-06-14 16:58:11 +02:00
Richard Levitte
1be1d05184 Make sure that disabling the MAYLOSEDATA3 warning is only done when the
compiler supports it.  Otherwise, there are warnings about it lacking
everywhere, which is quite tedious to read through while trying to check
for other warnings.
2014-06-14 16:58:11 +02:00
Andy Polyakov
8301245a5e aesni-sha256-x86_64.pl: add missing rex in shaext.
PR: 3405
(cherry picked from commit 91a6bf80f8)
2014-06-14 16:04:04 +02:00
Andy Polyakov
1f6d207625 sha1-x86_64.pl: add missing rex prefix in shaext.
PR: 3405
(cherry picked from commit c9cf29cca2)
2014-06-14 15:28:38 +02:00
Viktor Dukhovni
3cc8a3f234 Client-side namecheck wildcards.
A client reference identity of ".example.com" matches a server
certificate presented identity that is any sub-domain of "example.com"
(e.g. "www.sub.example.com).

With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches
only direct child sub-domains (e.g. "www.sub.example.com").
(cherry picked from commit e52c52f10bb8e34aaf8f28f3e5b56939e8f6b357)
2014-06-12 23:19:24 +01:00
Andy Polyakov
56ba280ccd Facilitate back-porting of AESNI and SHA modules.
Fix SEH and stack handling in Win64 build.
(cherry picked from commit 977f32e852)
2014-06-12 21:51:35 +02:00
Dr. Stephen Henson
fa7a0efbac make update 2014-06-12 10:52:49 +01:00
Andy Polyakov
66aeaec067 ghash-x86_64.pl: optimize for upcoming Atom.
(cherry picked from commit 1cf8f57b43)
2014-06-11 11:35:23 +02:00
Andy Polyakov
70fddbe32a Add support for Intel SHA extension.
(cherry picked from commit 619b94667c)
2014-06-11 10:30:31 +02:00
Rob Stradling
5fc3d333c7 Separate the SCT List parser from the SCT List viewer
(cherry picked from commit fd2309aa29)
2014-06-11 00:10:45 +01:00
Andy Polyakov
77fb5a303b Engage GHASH for ARMv8.
(cherry picked from commit 82741e9c89)
2014-06-11 00:10:00 +02:00
Andy Polyakov
7344089dc3 Add GHASH for ARMv8 Crypto Extension.
Result of joint effort with Ard Biesheuvel.
(cherry picked from commit 2d5a799d27)
2014-06-11 00:09:35 +02:00
Andy Polyakov
7e03acf2be Engage ARMv8 AES support [from HEAD]. 2014-06-11 00:08:03 +02:00
Andy Polyakov
9af4cb3d3b Add AES module for ARMv8 Crypto Extension [from HEAD]. 2014-06-11 00:06:27 +02:00
Andy Polyakov
a00caa0257 sha[1|512]-armv8.pl: get instruction endianness right.
Submitted by: Ard Biesheuvel.
(cherry picked from commit cd91fd7c32)
2014-06-10 23:34:53 +02:00
Andy Polyakov
4672acfa7d linux-aarch64: engage SHA modules.
(cherry picked from commit f8aab6174c)
2014-06-10 23:32:26 +02:00
Andy Polyakov
ea61b32719 Add SHA for ARMv8.
(cherry picked from commit ddb6b965da)
2014-06-10 23:32:16 +02:00
Andy Polyakov
dabfbea7d9 Add linux-aarch64 taget.
armcap.c is shared between 32- and 64-bit builds and features link-time
detection of getauxval.

Submitted by: Ard Biesheuvel.
(cherry picked from commit e8d93e342b)
2014-06-10 23:20:55 +02:00
Andy Polyakov
56d973709c aesni-mb-x86_64.pl: add Win64 SEH.
(cherry picked from commit e2eabed110)
2014-06-10 23:09:04 +02:00
Andy Polyakov
3a97ebb16b ARM assembly pack: get ARMv7 instruction endianness right.
Pointer out and suggested by: Ard Biesheuvel.
(cherry picked from commit 5dcf70a1c5)
2014-06-10 22:51:15 +02:00
Andy Polyakov
16f4d2e32f armv4cpuid.S: switch to CNTVCT tick counter.
(cherry picked from commit 723463282f)
2014-06-10 22:50:18 +02:00
Andy Polyakov
1f72a76f98 sha[1|256]-armv4: harmonize with arm_arch.h.
(cherry picked from commit 797d24bee9)
2014-06-10 22:49:54 +02:00
Andy Polyakov
f5247cea39 sha/asm/sha1-armv4-large.pl: add NEON and ARMv8 code paths.
sha/asm/sha256-armv4.pl: add ARMv8 code path.
(cherry picked from commit 9250a30692)
2014-06-10 22:48:27 +02:00
Andy Polyakov
3da2c3df78 crypto/armcap.c: detect ARMv8 capabilities [in 32-bit build].
(cherry picked from commit 4afa9f033d)
2014-06-10 22:47:19 +02:00
Dr. Stephen Henson
cea5a1d5f2 Fix null pointer errors.
PR#3394
(cherry picked from commit 7a9d59c148)
2014-06-10 14:48:02 +01:00
Jakub Wilk
38956b071a Create ~/.rnd with mode 0600 instead of 0666
Because of a missing include <fcntl.h> we don't have O_CREATE and don't create
the file with open() using mode 0600 but fall back to using fopen() with the
default umask followed by a chmod().

Problem found by Jakub Wilk <jwilk@debian.org>.
2014-06-08 21:20:34 +01:00
Libor Krystek
a5d03c54ab Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370 2014-06-03 23:17:21 +01:00
Dr. Stephen Henson
08b172b975 Set default global mask to UTF8 only.
(cherry picked from commit 3009244da4)
2014-06-01 15:04:21 +01:00
Dr. Stephen Henson
1788072b9e Set version number correctly.
PR#3249
(cherry picked from commit 8909bf20269035d295743fca559207ef2eb84eb3)
2014-05-29 14:08:54 +01:00
František Bořánek
5f2b5e3823 Fix memory leak.
PR#3278
(cherry picked from commit de56fe797081fc09ebd1add06d6e2df42a324fd5)
2014-05-29 13:49:50 +01:00
Martin Kaiser
42d73874ed remove duplicate 0x for default RSASSA-PSS salt len
(cherry picked from commit 3820fec3a09faecba7fe9912aa20ef7fcda8337b)
2014-05-29 13:32:41 +01:00
Andy Polyakov
c90c694bc4 vpaes-ppc.pl: comply with ABI.
(cherry picked from commit b83d09f552)
2014-05-23 20:16:21 +02:00
Ben Laurie
d77501d8fd Check length first in BUF_strnlen(). 2014-05-22 10:12:10 +01:00
Ben Laurie
4f7236edc7 Remove redundant test. 2014-05-21 12:03:50 +01:00
Ben Laurie
ed693e4332 Implement BUF_strnlen() and use it instead of strlen(). 2014-05-21 11:56:21 +01:00
Viktor Dukhovni
a2219f6be3 Fixes to host checking.
Fixes to host checking wild card support and add support for
setting host checking flags when verifying a certificate
chain.
(cherry picked from commit 397a8e747d)
2014-05-21 11:32:19 +01:00
Dr. Stephen Henson
03b5b78c09 Fix for PKCS12_create if no-rc2 specified.
Use triple DES for certificate encryption if no-rc2 is
specified.

PR#3357
2014-05-21 11:28:57 +01:00
Ben Laurie
4ceb430a46 Don't allocate more than is needed in BUF_strndup(). 2014-05-20 13:53:35 +01:00
Janpopan
5d8e9f2ae0 Fix a wrong parameter count ERR_add_error_data 2014-05-19 22:15:27 +01:00
Kurt Roeckx
99a3d167d9 Set authkey to NULL and check malloc return value. 2014-05-12 00:22:52 +01:00
Martin Brejcha
c622649513 dgram_sctp_ctrl: authkey memory leak
PR: 3327
2014-05-12 00:22:52 +01:00
Dr. Stephen Henson
2c4144638a Return an error if no recipient type matches.
If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.

PR#3348
(cherry picked from commit bd43b4cf778a53ffa5d77510ecd408a009dc00d2)
2014-05-09 14:24:53 +01:00
Matt Caswell
e0d2139045 Fixed NULL pointer dereference in PKCS7_dataDecode reported by David Ramos in PR#3339 2014-05-07 23:23:15 +01:00
Geoff Thorpe
d60f019321 dso: eliminate VMS code on non-VMS systems
Even though the meat of dso_vms.c is compiled out on non-VMS builds,
the (pre-)compiler still traverses some of the macro handling. This
trips up at least one non-VMS build configuration, so this commit
makes the skip-VMS case more robust.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-06 18:03:52 -04:00
Geoff Thorpe
65402586c0 evp: prevent underflow in base64 decoding
This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-06 18:02:02 -04:00
Geoff Thorpe
bf43446835 bignum: allow concurrent BN_MONT_CTX_set_locked()
The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
noted by Daniel Sands and co at Sandia. This was to handle the case that
2 or more threads race to lazy-init the same context, but stunted all
scalability in the case where 2 or more threads are doing unrelated
things! We favour the latter case by punishing the former. The init work
gets done by each thread that finds the context to be uninitialised, and
we then lock the "set" logic after that work is done - the winning
thread's work gets used, the losing threads throw away what they've done.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-06 18:01:59 -04:00
Dr. Stephen Henson
7169e56d6b Initialize num properly.
PR#3289
PR#3345
(cherry picked from commit 3ba1e406c2)
2014-05-06 14:09:07 +01:00
Dr. Stephen Henson
1047b8c84d Set Enveloped data version to 2 if ktri version not zero.
(cherry picked from commit 546b1b4384)
2014-05-06 14:00:11 +01:00
Tim Hudson
9740a03695 - fix coverity issues 966593-966596 2014-05-06 00:04:59 +01:00
David Ramos
e34af3ec2b Double free in i2o_ECPublicKey
PR: 3338
2014-05-04 00:50:42 +01:00
Geoff Thorpe
3cc546a3bb bignum: fix boundary condition in montgomery logic
It's not clear whether this inconsistency could lead to an actual
computation error, but it involved a BIGNUM being passed around the
montgomery logic in an inconsistent state. This was found using flags
-DBN_DEBUG -DBN_DEBUG_RAND, and working backwards from this assertion
in 'ectest';

ectest: bn_mul.c:960: BN_mul: Assertion `(_bnum2->top == 0) ||
(_bnum2->d[_bnum2->top - 1] != 0)' failed

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit a529261891)
2014-04-30 11:53:09 -04:00
mancha
3f1b3d9675 Fix eckey_priv_encode()
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
2014-04-24 19:31:49 +00:00
Andy Polyakov
0fb3d5b4fd bn/asm/armv4-gf2m.pl, modes/asm/ghash-armv4.pl: faster multiplication
algorithm suggested in following paper:

Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
Polynomial Multiplication on ARM Processors using the NEON Engine.

http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
(cherry picked from commit f8cee9d081)
2014-04-24 10:27:52 +02:00
Andy Polyakov
ffdff9f12f aes/asm/bsaes-x86_64.pl: Atom-specific optimization.
(cherry picked from commit 558ff0f0c1)
2014-04-24 10:14:46 +02:00
Ben Laurie
3b21abfd6c Fix double frees.
Conflicts:
	CHANGES
2014-04-22 17:00:52 +01:00
Dr. Stephen Henson
5cd5e0219d Extension checking fixes.
When looking for an extension we need to set the last found
position to -1 to properly search all extensions.

PR#3309.
(cherry picked from commit 300b9f0b70)
2014-04-15 18:52:50 +01:00
Dr. Stephen Henson
cd29ced6de Return if ssleay_rand_add called with zero num.
Treat a zero length passed to ssleay_rand_add a no op: the existing logic
zeroes the md value which is very bad. OpenSSL itself never does this
internally and the actual call doesn't make sense as it would be passing
zero bytes of entropy.

Thanks to Marcus Meissner <meissner@suse.de> for reporting this bug.
(cherry picked from commit 5be1ae28ef)
2014-04-07 19:27:46 +01:00
Andy Polyakov
f396e9f4fc crypto/modes/gcm128.c: more strict aliasing fixes.
(cherry picked from commit 997d1aac7c)
2014-04-06 17:22:12 +02:00
Andy Polyakov
dacb698ada vpaes-[x86_64|ppc].pl: fix typo, which for some reason triggers rkhunter.
(cherry picked from commit 6eebcf3459)
2014-04-06 12:53:17 +02:00
Dr. Stephen Henson
686b616ea9 VMS build fix 2014-04-02 21:46:13 +01:00
Eric Young
0bb37c5e23 Fix base64 decoding bug.
A short PEM encoded sequence if passed to the BIO, and the file
had 2 \n following would fail.

PR#3289
(cherry picked from commit 10378fb5f4)
2014-04-02 19:57:06 +01:00
Dr. Stephen Henson
e9b4b8afbd Don't try and verify signatures if key is NULL (CVE-2013-0166)
Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c0b)
2014-04-01 16:39:35 +01:00
Dr. Stephen Henson
66243398bb Workaround for some CMS signature formats.
Some CMS SignedData structure use a signature algorithm OID such
as SHA1WithRSA instead of the RSA algorithm OID. Workaround this
case by tolerating the signature if we recognise the OID.
(cherry picked from commit 3a98f9cf20)
2014-03-19 17:29:55 +00:00
Dr. Stephen Henson
0a9f7780e5 Fix for CVE-2014-0076
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483)

Conflicts:

	CHANGES
2014-03-12 14:23:21 +00:00
Andy Polyakov
cc6dc9b229 SPARC T4 assembly pack: treat zero input length in CBC.
The problem is that OpenSSH calls EVP_Cipher, which is not as
protective as EVP_CipherUpdate. Formally speaking we ought to
do more checks in *_cipher methods, including rejecting
lengths not divisible by block size (unless ciphertext stealing
is in place). But for now I implement check for zero length in
low-level based on precedent.

PR: 3087, 2775
(cherry picked from commit 5e44c144e6)
2014-03-07 10:48:51 +01:00
Andy Polyakov
fe69e6be6e dh_check.c: check BN_CTX_get's return value.
(cherry picked from commit 53e5161231)
2014-03-06 14:21:17 +01:00
Andy Polyakov
25ebd9e3ce bss_dgram.c,d1_lib.c: make it compile with mingw.
Submitted by: Roumen Petrov
(cherry picked from commit 972b0dc350)
2014-03-06 14:07:16 +01:00
Dr. Stephen Henson
bdfc0e284c For self signed root only indicate one error. 2014-03-03 23:33:51 +00:00
Dr. Stephen Henson
1bd4ee1da1 Use nid not cipher type as some ciphers don't have OIDs. 2014-03-02 15:00:21 +00:00
Dr. Stephen Henson
3956bfce60 Make null cipher work in FIPS mode. 2014-03-02 13:50:06 +00:00
Dr. Stephen Henson
8394109c89 Add new VMS hack symbol, update ordinals. 2014-03-02 13:50:06 +00:00
Dr. Stephen Henson
813cfd9c0a Add additional FIPS digests.
Add a few special case digests not returned by FIPS_get_digestbynid().

Thanks to Roumen Petrov <openssl@roumenpetrov.info> for reporting this
issue.
2014-03-01 23:14:08 +00:00
Dr. Stephen Henson
b60272b01f PKCS#8 support for alternative PRFs.
Add option to set an alternative to the default hmacWithSHA1 PRF
for PKCS#8 private key encryptions. This is used automatically
by PKCS8_encrypt if the nid specified is a PRF.

Add option to pkcs8 utility.

Update docs.
2014-03-01 23:14:08 +00:00
Dr. Stephen Henson
124d218889 Fix memory leak. 2014-03-01 23:14:08 +00:00
Dr. Stephen Henson
5f2329b82a Fix fips flag handling.
Don't set the fips flags in cipher and digests as the implementations
aren't suitable for FIPS mode and will be redirected to the FIPS module
versions anyway.

Return EVP_CIPH_FLAG_FIPS or EVP_MD_FLAG_FIPS if a FIPS implementation
exists when calling EVP_CIPHER_flags and EVP_MD_flags repectively.

Remove unused FIPS code from e_aes.c: the 1.0.2 branch will never be
used to build a FIPS module.
2014-02-27 19:18:58 +00:00
Dr. Stephen Henson
01fb5e133f Remove unused file.
The file evp_fips.c isn't used in OpenSSL 1.0.2 as FIPS and non-FIPS
implementations of algorithms can coexist.
2014-02-27 19:08:53 +00:00
Andy Polyakov
fd2c85f6ae evp/e_aes.c: harmonize with 1.0.1. 2014-02-27 17:47:23 +01:00
Andy Polyakov
ca88a1d439 perlasm/x86asm.pl: recognize elf-1 denoting old ELF platforms.
(cherry picked from commit b62a4a1c0e)
2014-02-27 14:30:42 +01:00
Andy Polyakov
5615196f7b perlasm/x86gas.pl: limit special OPENSSL_ia32cap_P treatment to ELF.
(cherry picked from commit ce876d8316)
2014-02-27 14:29:07 +01:00
Andy Polyakov
1f59eb5f11 rc4/asm/rc4-586.pl: allow for 386-only build.
(cherry picked from commit f861b1d433)
2014-02-27 14:28:54 +01:00
Andy Polyakov
4bf6d66e67 des/asm/des-586.pl: shortcut reference to DES_SPtrans.
(cherry picked from commit fd361a67ef)
2014-02-27 14:28:44 +01:00
Andy Polyakov
559e69f9b4 crypto/Makefile: make it OSF-make-friendly
PR: 3165
2014-02-26 16:42:57 +01:00
Rob Stradling
f3b7e522d8 CABForum EV OIDs for Subject Jurisdiction of Incorporation or Registration.
(cherry picked from commit ffcc832ba6e17859d45779eea87e38467561dd5d)
2014-02-26 15:33:10 +00:00
Andy Polyakov
d00ae7cf70 sha/asm/sha256-586.pl: don't try to compile SIMD with no-sse2.
(cherry picked from commit d49135e7ea)
2014-02-26 10:23:56 +01:00
Andy Polyakov
f92926e331 sha/asm/sha512-x86_64.pl: fix compilation error on Solaris.
(cherry picked from commit 147cca8f53)
2014-02-26 09:31:40 +01:00
Andy Polyakov
aa1bb606f3 aes/asm/vpaes-ppc.pl: fix traceback info.
(cherry picked from commit e704741bf3)
2014-02-25 20:13:41 +01:00
Zoltan Arpadffy
dabd4f1986 OpenVMS fixes. 2014-02-25 15:16:03 +00:00
Dr. Stephen Henson
3678161d71 Don't use BN_ULLONG in n2l8 use SCTS_TIMESTAMP. 2014-02-25 15:05:08 +00:00
Dr. Stephen Henson
6634416732 Fix for v3_scts.c
Not all platforms define BN_ULLONG. Define SCTS_TIMESTAMP as a type
which should work on all platforms.
2014-02-25 14:54:09 +00:00
Dr. Stephen Henson
0f9bcf3319 Avoid Windows 8 Getversion deprecated errors.
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c8041)
2014-02-25 13:41:53 +00:00
Rob Stradling
a948732e1c Parse non-v1 SCTs less awkwardly.
(cherry picked from commit 19f65ddbab)
2014-02-25 13:04:21 +00:00
Andy Polyakov
83fe7b9c83 x509/by_dir.c: fix run-away pointer (and potential SEGV)
when adding duplicates in add_cert_dir.

PR: 3261
Reported by: Marian Done
(cherry picked from commit 758954e0d8)
2014-02-24 15:21:37 +01:00
Dr. Stephen Henson
97654d7e28 Prepare for 1.0.2-beta2-dev 2014-02-24 13:52:51 +00:00
Dr. Stephen Henson
94f4166017 Prepare for 1.0.2-beta1 release 2014-02-24 13:51:34 +00:00
Dr. Stephen Henson
a74c9c9e10 OpenSSL 1.0.2 is now in beta 2014-02-24 13:50:38 +00:00
Dr. Stephen Henson
d2a3c4497f make update 2014-02-24 13:50:38 +00:00
Andy Polyakov
2d4d9623da aes/asm/aesni-x86[_64].pl: minor Atom-specific performance tweak.
(cherry picked from commit 214368ffee)
2014-02-21 12:15:07 +01:00
Dr. Stephen Henson
7743be3aac make update 2014-02-20 22:57:24 +00:00
Dr. Stephen Henson
b709f8ef54 fix WIN32 warnings 2014-02-20 22:41:06 +00:00
Rob Stradling
c74ce24cd2 Show the contents of the RFC6962 Signed Certificate Timestamp List Certificate/OCSP Extensions.
Add the RFC6962 OIDs to the objects table.
(backport from master branch)
2014-02-20 21:43:54 +00:00
Dr. Stephen Henson
612566e752 Don't use CRYPTO_AES_CTR if it isn't defined.
(cherry picked from commit 6ecbc2bb62)
2014-02-18 22:21:41 +00:00
Dr. Stephen Henson
eb70d4407f Remove duplicate statement.
(cherry picked from commit 5a7652c3e5)
2014-02-15 01:29:24 +00:00
Klaus-Peter Junghanns
b335b5440a Add support for aes-128/192/256-ctr to the cryptodev engine.
This can be used to speed up SRTP with libsrtp, e.g. on TI omap/sitara based devices.
(cherry picked from commit be2c4d9bd9)
2014-02-15 00:06:43 +00:00
Scott Schaefer
0413ea5801 Fix various spelling errors
(cherry picked from commit 2b4ffc659e)
2014-02-14 22:35:15 +00:00
Andy Polyakov
aff78bb39a ssl/s3_pkt.c: detect RAND_bytes error in multi-block.
(cherry picked from commit 701134320a)
2014-02-14 17:45:33 +01:00
Andy Polyakov
104c032b7b x86[_64]cpuid.pl: add low-level RDSEED.
(cherry picked from commit f4d456408d)
2014-02-14 17:25:14 +01:00
Andy Polyakov
b347341c75 aes/asm/aesni-x86_64.pl: further optimization for Atom Silvermont.
Improve CBC decrypt and CTR by ~13/16%, which adds up to ~25/33%
improvement over "pre-Silvermont" version. [Add performance table to
aesni-x86.pl].
(cherry picked from commit 5599c7331b)
2014-02-14 17:17:39 +01:00
Dr. Stephen Henson
c00f8d697a Include self-signed flag in certificates by checking SKID/AKID as well
as issuer and subject names. Although this is an incompatible change
it should have little impact in pratice because self-issued certificates
that are not self-signed are rarely encountered.
(cherry picked from commit b1efb7161f)
2014-02-14 15:27:30 +00:00
Dr. Stephen Henson
b07e4f2f46 Include TA in checks/callback with partial chains.
When a chain is complete and ends in a trusted root checks are also
performed on the TA and the callback notified with ok==1. For
consistency do the same for chains where the TA is not self signed.
(cherry picked from commit 385b348666)
2014-02-14 15:12:53 +00:00
Dr. Stephen Henson
ced6dc5cef Add cert_self_signed function to simplify verify
(from master)
2014-02-14 15:12:52 +00:00
Dr. Stephen Henson
bf2d129194 Simplify X509_STORE_CTX_get1_chain (from master). 2014-02-14 15:12:52 +00:00
Andy Polyakov
fcc6f699e3 evp/e_aes_cbc_hmac_sha*.c: improve cache locality.
(cherry picked from commit 9587429fa0)
2014-02-13 14:41:10 +01:00
Andy Polyakov
7078d93307 ghash-x86[_64].pl: ~15% improvement on Atom Silvermont
(other processors unaffected).
(cherry picked from commit 98e143f118)
2014-02-13 14:38:59 +01:00
Scott Deboy
038bec784e Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.

(cherry picked from commit 36086186a9)
Conflicts:
	Configure
	apps/s_client.c
	apps/s_server.c
	ssl/ssl.h
	ssl/ssl3.h
	ssl/ssltest.c
2014-02-08 16:12:15 -08:00
Dr. Stephen Henson
f407eec799 make update 2014-02-06 14:31:09 +00:00
Andy Polyakov
41cf2d2518 evp/e_aes_cbc_hmac_sha[1|256].c: add multi-block implementations [from master]. 2014-02-05 19:52:38 +01:00
Andy Polyakov
41c373fa3e [aesni|sha*]-mb-x86_64.pl: add multi-block assembly modules [from master]. 2014-02-05 14:33:44 +01:00
Ben Laurie
984a30423d Add extension free function. 2014-02-02 15:22:47 +00:00
Andy Polyakov
0693dd954e modes/asm/ghash-s390x.pl: +15% performance improvement on z10.
(cherry picked from commit d162584b11)
2014-02-02 00:10:41 +01:00
Andy Polyakov
9071b36d9a Add AES-NI+SHA256 stitch registrations (from master). 2014-02-02 00:05:02 +01:00
Andy Polyakov
eb6af20d2e dso/dso_win32.c: fix compiler warning.
(cherry picked from commit 0a2d5003df)
2014-02-01 23:32:19 +01:00
Andy Polyakov
8087969c5b crypto/cryptlib.c: remove stdio dependency (update from master). 2014-02-01 23:27:49 +01:00
Andy Polyakov
cb437c66d1 camellia/asm/cmll-x86_64.pl: fix symptomless bugs (update from master). 2014-02-01 23:14:33 +01:00
Ben Laurie
40b0d0765e Remove redundant accessor (you can do the same thing, and more, with
X509_ALGOR_[gs]et0()).
2014-02-01 22:03:40 +00:00
Andy Polyakov
2cc5142fb1 Improve WINCE support.
Submitted by: Pierre Delaage
(cherry picked from commit a006fef78e)

Resolved conflicts:

	crypto/bio/bss_dgram.c
	ssl/d1_lib.c
	util/pl/VC-32.pl
2014-02-01 22:48:56 +01:00
Andy Polyakov
d451ece4e7 b_sock.c: make getsockopt work in cases when optlen is 64-bit value.
(cherry picked from commit 80c42f3e0c)
2014-02-01 22:33:02 +01:00
Andy Polyakov
1121ba1b74 wp-mmx.pl: ~10% performance improvement.
(cherry picked from commit ae007d4d09)
2014-02-01 22:27:07 +01:00
Andy Polyakov
1fb039fde2 wp-x86_64.pl: ~10% performance improvement.
(cherry picked from commit 701d593f70)
2014-02-01 22:26:45 +01:00
Andy Polyakov
3073927e42 sha512-ia64.pl: 15-20% performance improvement.
(cherry picked from commit 46a2b3387a)
2014-02-01 22:21:57 +01:00
Andy Polyakov
b6c2029931 objxref.pl: improve portability.
(cherry picked from commit 71fa3bc5ec)
2014-02-01 22:17:36 +01:00
Adam Langley
45d010255f Add volatile qualifications to two blocks of inline asm to stop GCC from
eliminating them as dead code.

Both volatile and "memory" are used because of some concern that the compiler
may still cache values across the asm block without it, and because this was
such a painful debugging session that I wanted to ensure that it's never
repeated.
(cherry picked from commit 7753a3a684)
2014-02-01 22:01:46 +01:00
Andy Polyakov
7e569022c5 PPC assembly pack: ppc64-mont update from master. 2014-02-01 21:51:51 +01:00
Andy Polyakov
50f1b47c7f PPC assembly pack: jumbo update from master.
Add Vector Permutation AES and little-endian support.
2014-02-01 21:48:31 +01:00
Andy Polyakov
5572bc4e2f crypto/aes/asm/aesni-x86[_64].pl: jumbo update from master. 2014-02-01 21:27:46 +01:00
Andy Polyakov
729d334106 crypto/sha/asm/sha1-x86_64.pl: jumbo update from master. 2014-02-01 21:24:55 +01:00
Ben Laurie
cacdfcb247 Add more accessors. 2014-02-01 18:30:23 +00:00
Ben Laurie
519ad9b384 Add accessor for x509.cert_info. 2014-02-01 18:30:23 +00:00
Ben Laurie
7b2d785d20 Fix warning. 2014-01-29 17:57:32 +01:00
Dr. Stephen Henson
9614ed695d Add loaded dynamic ENGINEs to list.
Always add a dynamically loaded ENGINE to list. Otherwise it can cause
problems when multiply loaded, especially if it adds new public key methods.
For all current engines we only want a single implementation anyway.
(cherry picked from commit e933f91f50)
2014-01-28 13:57:14 +00:00
Dr. Stephen Henson
5e7329d156 Compare encodings in X509_cmp as well as hash.
(cherry picked from commit ec492c8a5a)
2014-01-27 14:33:10 +00:00
Dr. Stephen Henson
3f4742b48c make update 2014-01-23 17:13:37 +00:00
Zoltan Arpadffy
e775891708 VMS fixes 2014-01-11 22:44:04 +00:00
Dr. Stephen Henson
50701af9d5 Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling.
(cherry picked from commit 8f4077ca69)
2014-01-09 22:53:50 +00:00
Andy Polyakov
392fd8f89c bn/asm/x86_64-mont5.pl: fix compilation error on Solaris.
(cherry picked from commit eedab5241e)
2014-01-09 13:47:53 +01:00
Andy Polyakov
e34140620e sha/asm/sha256-armv4.pl: add NEON code path.
(and shave off cycle even from integer-only code)
(cherry picked from commit ad0d2579cf)
2014-01-04 18:06:36 +01:00
Andy Polyakov
acd9121085 aesni-sha1-x86_64.pl: harmonize [Atom-specific optimizations] with master branch. 2014-01-04 17:42:13 +01:00
Andy Polyakov
ccbb8d5e95 sparcv9cap.c: omit random detection.
PR: 3202
(cherry picked from commit 926725b3d7)
2013-12-28 13:32:45 +01:00
Andy Polyakov
d7d7e7b038 ARM assembly pack: make it work with older toolchain.
(cherry picked from commit 2218c296b4)
2013-12-28 12:18:11 +01:00
Dr. Stephen Henson
ff64ab32ae Ignore NULL parameter in EVP_MD_CTX_destroy.
(cherry picked from commit a6c62f0c25)
2013-12-20 23:24:26 +00:00
Andy Polyakov
fc9c9e47f7 sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes.
(and ensure stack alignment in the process)
(cherry picked from commit fc0503a25c)
2013-12-18 22:57:14 +01:00
Andy Polyakov
68e6ac4379 evp/e_[aes|camellia].c: fix typo in CBC subroutine.
It worked because it was never called.
(cherry picked from commit e9c80e04c1)
2013-12-18 22:56:24 +01:00
Andy Polyakov
e34b7e99fd sha512.c: fullfull implicit API contract in SHA512_Transform.
SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.
(cherry picked from commit cdd1acd788)
2013-12-18 22:56:00 +01:00
Dr. Stephen Henson
3a0c71541b verify parameter enumeration functions
(cherry picked from commit 9b3d75706e)

Conflicts:

	crypto/x509/x509_vpm.c
2013-12-13 15:52:27 +00:00
Dr. Stephen Henson
adc6bd73e3 Add opaque ID structure.
Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
2013-12-13 15:36:31 +00:00
Dr. Stephen Henson
53a8f8c26d Fix for partial chain notification.
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
8f68678989 Don't use rdrand engine as default unless explicitly requested. 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
57c4e42d75 Get FIPS checking logic right.
We need to lock when *not* in FIPS mode.
2013-12-10 12:52:27 +00:00
Andy Polyakov
422c8c36e5 ARM assembly pack: SHA update from master. 2013-12-09 23:53:42 +01:00
Andy Polyakov
b76310ba74 ARM assembly pack: AES update from master (including bit-sliced module). 2013-12-09 23:44:45 +01:00
Andy Polyakov
c012f6e576 bn/asm/armv4-mont.pl: add NEON code path.
(cherry picked from commit d1671f4f1a)
2013-12-09 22:46:29 +01:00
Andy Polyakov
cf6d55961c crypto/bn/asm/x86_64-mont*.pl: update from master.
Add MULX/AD*X code paths and optimize even original code path.
2013-12-09 22:40:53 +01:00
Andy Polyakov
3aa1b1ccbb x86_64-xlate.pl: fix jrcxz in nasm case.
(cherry picked from commit 667053a2f3)
2013-12-09 22:19:34 +01:00
Andy Polyakov
3dcae82fa9 x86_64-xlate.pl: minor update.
(cherry picked from commit 41965a84c4)
2013-12-09 21:53:41 +01:00
Dr. Stephen Henson
c43dc3dd77 Avoid multiple locks in FIPS mode.
PR: 3176.

In FIPS mode ssleay_rand_bytes is only used for PRNG seeding and is
performed in either a single threaded context (when the PRNG is first
initialised) or under a lock (reseeding). To avoid multiple locks disable
use of CRYPTO_LOCK_RAND in FIPS mode in ssleay_rand_bytes.
2013-12-08 13:21:02 +00:00
Andy Polyakov
e5eab8a199 bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
PR: 3189
Submitted by: Oscar Ciurana
(cherry picked from commit c5d5f5bd0f)
2013-12-04 00:02:18 +01:00
Andy Polyakov
7bab6eb6f0 crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64.
(cherry picked from commit 8bd7ca9996)
2013-12-03 22:30:00 +01:00
Andy Polyakov
87d9526d0c crypto/bn/rsaz*: fix licensing note.
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
asm/rsaz-x86_64.pl: sync from master.
(cherry picked from commit 31ed9a2131)
2013-12-03 22:17:55 +01:00
Andy Polyakov
36982f056a bn/asm/rsaz-x86_64.pl: fix prototype.
(cherry picked from commit 6efef384c6)
2013-12-03 09:44:24 +01:00
Dr. Stephen Henson
bc35b8e435 make update 2013-12-01 23:09:44 +00:00
Dr. Stephen Henson
74184b6f21 RSAX no longer compiled. 2013-12-01 23:06:33 +00:00
Dr. Stephen Henson
1abfa78a8b Constify. 2013-11-14 21:00:40 +00:00
Andy Polyakov
0de70011ad srp/srp_grps.h: make it Compaq C-friendly.
PR: 3165
Submitted by: Daniel Richard G.
(cherry picked from commit 2df9ec01d5)
2013-11-12 22:19:40 +01:00
Andy Polyakov
220d1e5353 modes/asm/ghash-alpha.pl: update from HEAD.
PR: 3165
2013-11-12 21:59:01 +01:00
Andy Polyakov
ca44f72938 Make Makefiles OSF-make-friendly.
PR: 3165
(cherry picked from commit d1cf23ac86)
2013-11-12 21:53:39 +01:00
Dr. Stephen Henson
18f49508a5 Fix memory leak.
(cherry picked from commit 16bc45ba95)
2013-11-11 23:55:18 +00:00
Dr. Stephen Henson
a257865303 Fix for some platforms where "char" is unsigned.
(cherry picked from commit 08b433540416c5bc9a874ba0343e35ba490c65f1)
2013-11-11 22:18:07 +00:00
Dr. Stephen Henson
b5dde6bcc6 Check for missing components in RSA_check.
(cherry picked from commit 01be36ef70525e81fc358d2e559bdd0a0d9427a5)
2013-11-09 15:09:22 +00:00
Dr. Stephen Henson
233069f8db Add CMS_SignerInfo_get0_signature function.
Add function to retrieve the signature from a CMS_SignerInfo structure:
applications can then read or modify it.
(cherry picked from commit e8df6cec4c09b9a94c4c07abcf0402d31ec82cc1)
2013-11-09 15:09:22 +00:00
Andy Polyakov
3241496144 modes/asm/ghash-alpha.pl: make it work with older assembler.
PR: 3165
(cherry picked from commit d24d1d7daf)
2013-11-08 23:10:09 +01:00
Dr. Stephen Henson
a4947e4e06 Initialise context before using it. 2013-11-06 13:16:50 +00:00
Ben Laurie
262f1c524e PBKDF2 should be efficient. Contributed by Christian Heimes
<christian@python.org>.
2013-11-03 17:27:12 +00:00
Robin Seggelmann
f596e3c491 DTLS/SCTP struct authchunks Bug
PR: 2809

DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with
SCTP-AUTH.  It is checked if this has been activated successfully for
the local and remote peer. Due to a bug, however, the
gauth_number_of_chunks field of the authchunks struct is missing on
FreeBSD, and was therefore not considered in the OpenSSL implementation.
This patch sets the corresponding pointer for the check correctly
whether or not this bug is present.
2013-10-30 14:37:22 +00:00
Andy Polyakov
e41a49c625 PPC assembly pack: make new .size directives profiler-friendly.
Suggested by: Anton Blanchard
(cherry picked from commit 76c15d790e)
2013-10-15 23:42:18 +02:00
Dr. Stephen Henson
72550c52ed Fix warning.
(cherry picked from commit f6983769c1bcd6c3c6b6bbfbbc41848f6dccf127)
2013-10-15 11:33:58 +01:00
Dr. Stephen Henson
a9d0c56de1 Add test vectors from RFC7027
(cherry picked from commit 8ba2d4ed7f128e400693562efd35985068c45e4d)
2013-10-15 11:33:58 +01:00