openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	66fdb1c0d4	check return value of BIO_write in PKCS7_decrypt	2012-03-08 14:02:51 +00:00
Dr. Stephen Henson	25bfdca16a	PR: 2755 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions.	2012-03-06 13:47:27 +00:00
Richard Levitte	70505bc334	For OpenVMS, use inttypes.h instead of stdint.h	2012-03-01 21:29:16 +00:00
Dr. Stephen Henson	a8595879ec	PR: 2742 Reported by: Dmitry Belyavsky <beldmit@gmail.com> If resigning with detached content in CMS just copy data across.	2012-02-29 14:01:53 +00:00
Dr. Stephen Henson	33a688e806	Fix memory leak cause by race condition when creating public keys. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.	2012-02-28 14:47:16 +00:00
Andy Polyakov	5c2bfad9b4	x86cpuid.pl: fix processor capability detection on pre-586 [from HEAD].	2012-02-28 14:20:34 +00:00
Dr. Stephen Henson	250f979237	PR: 2736 Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr> Preserve unused bits value in non-canonicalised ASN1_STRING structures by using ASN1_STRING_copy which preseves flags.	2012-02-27 18:45:18 +00:00
Dr. Stephen Henson	b527b6e8ff	PR: 2737 Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr> Fix double free in PKCS12_parse if we run out of memory.	2012-02-27 16:46:45 +00:00
Dr. Stephen Henson	4ed1f3490e	PR: 2735 Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for this fix.	2012-02-27 16:33:25 +00:00
Dr. Stephen Henson	0a082e9b37	free headers after use in error message	2012-02-27 16:27:09 +00:00
Dr. Stephen Henson	236a99a409	Detect symmetric crypto errors in PKCS7_decrypt. Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.	2012-02-27 15:22:54 +00:00
Andy Polyakov	37ebc20093	seed.c: Solaris portability fix from HEAD.	2012-02-26 21:53:28 +00:00
Dr. Stephen Henson	cef781cc87	PR: 2730 Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se> VMS fixes: disable SCTP by default.	2012-02-25 17:58:03 +00:00
Dr. Stephen Henson	08e4c7a967	correct CHANGES	2012-02-23 22:13:59 +00:00
Dr. Stephen Henson	697e4edcad	PR: 2711 Submitted by: Tomas Mraz <tmraz@redhat.com> Tolerate bad MIME headers in parser.	2012-02-23 21:50:32 +00:00
Dr. Stephen Henson	b26297ca51	PR: 2696 Submitted by: Rob Austein <sra@hactrn.net> Fix inverted range problem in RFC3779 code. Thanks to Andrew Chi for generating test cases for this bug.	2012-02-23 21:31:22 +00:00
Dr. Stephen Henson	6ca7dba0cf	PR: 2727 Submitted by: Bruce Stephens <bruce.stephens@isode.com> Use same construct for EXHEADER in srp/Makefile as other makefiles to cope with possibly empty EXHEADER.	2012-02-23 13:49:22 +00:00
Dr. Stephen Henson	0cd7a0325f	Additional compatibility fix for MDC2 signature format. Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature: this will make all versions of MDC2 signature equivalent.	2012-02-15 14:14:01 +00:00
Dr. Stephen Henson	16b7c81d55	An incompatibility has always existed between the format used for RSA signatures and MDC2 using EVP or RSA_sign. This has become more apparent when the dgst utility in OpenSSL 1.0.0 and later switched to using the EVP_DigestSign functions which call RSA_sign. This means that the signature format OpenSSL 1.0.0 and later used with dgst -sign and MDC2 is incompatible with previous versions. Add detection in RSA_verify so either format works. Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.	2012-02-15 14:00:09 +00:00
Dr. Stephen Henson	c714e43c8d	PR: 2717 Submitted by: Tim Rice <tim@multitalents.net> Make compilation work on OpenServer 5.0.7	2012-02-11 23:38:49 +00:00
Dr. Stephen Henson	8705846710	only cleanup ctx if we need to, save ctx flags when we do	2012-02-10 16:54:56 +00:00
Andy Polyakov	d06f047b04	bn_nist.c: make new optimized code dependent on BN_LLONG [from HEAD].	2012-02-02 07:46:19 +00:00
Andy Polyakov	ddc899bada	hpux-parisc2-*: engage assembler [from HEAD] and make it link.	2012-02-02 07:42:31 +00:00
Andy Polyakov	bd479e25c7	ghash-x86.pl: engage original MMX version in no-sse2 builds [from HEAD].	2012-01-25 17:56:25 +00:00
Andy Polyakov	eaf5bd168e	x86_64-xlate.pl: 1.0.1-specific typo.	2012-01-25 17:50:23 +00:00
Dr. Stephen Henson	11ea212e8c	only include evp.h once	2012-01-24 22:59:46 +00:00
Dr. Stephen Henson	cb29d8c11f	only include string.h once	2012-01-24 22:58:46 +00:00
Andy Polyakov	f02f7c2c4a	cryptlib.c: make even non-Windows builds "strtoull-agnostic" [from HEAD].	2012-01-21 12:18:29 +00:00
Andy Polyakov	a1e44cc14f	x86_64-xlate.pl: proper solution for RT#2620 [from HEAD].	2012-01-21 11:35:20 +00:00
Dr. Stephen Henson	d2d09bf68c	change version to beta3-dev	2012-01-19 17:14:17 +00:00
Dr. Stephen Henson	463e76b63c	prepare for beta2	2012-01-19 15:37:57 +00:00
Dr. Stephen Henson	7b23c126e6	undef some symbols that cause problems with make depend for fips builds	2012-01-18 01:40:36 +00:00
Andy Polyakov	4fb7e2b445	Fix OPNESSL vs. OPENSSL typos [from HEAD]. PR: 2613 Submitted by: Leena Heino	2012-01-15 13:40:21 +00:00
Dr. Stephen Henson	9138e3c061	fix warning	2012-01-15 13:30:52 +00:00
Andy Polyakov	9b2a29660b	Sanitize usage of <ctype.h> functions. It's important that characters are passed zero-extended, not sign-extended [from HEAD]. PR: 2682	2012-01-12 16:28:03 +00:00
Andy Polyakov	b7b4a9fa57	sparcv9cap.c: omit unused variable.	2012-01-12 14:19:52 +00:00
Andy Polyakov	958e6a75a1	asn1/t_x509.c: fix serial number print, harmonize with a_int.c [from HEAD]. PR: 2675 Submitted by: Annie Yousar	2012-01-11 21:12:47 +00:00
Andy Polyakov	397977726c	aes-sparcv9.pl: clean up regexp [from HEAD]. PR: 2685	2012-01-11 15:32:08 +00:00
Dr. Stephen Henson	285d9189c7	PR: 2652 Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se> OpenVMS fixes.	2012-01-05 14:30:08 +00:00
Dr. Stephen Henson	2f97765bc3	Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)	2012-01-04 23:01:19 +00:00
Dr. Stephen Henson	3205ca8deb	fix warnings	2012-01-04 14:46:04 +00:00
Dr. Stephen Henson	ab585551c0	prepare for 1.0.1-beta1	2012-01-03 13:30:28 +00:00
Dr. Stephen Henson	6cf0d7b999	OpenSSL 1.0.1 is now in beta.	2012-01-02 18:28:28 +00:00
Dr. Stephen Henson	9d972207f0	incomplete provisional OAEP CMS decrypt support	2012-01-02 18:16:40 +00:00
Dr. Stephen Henson	5c05f69450	make update	2011-12-27 14:38:27 +00:00
Dr. Stephen Henson	f529dca488	fix error code	2011-12-27 14:37:43 +00:00
Dr. Stephen Henson	e065e6cda2	PR: 2535 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Add SCTP support for DTLS (RFC 6083).	2011-12-25 14:45:40 +00:00
Dr. Stephen Henson	62308f3f4a	PR: 2563 Submitted by: Paul Green <Paul.Green@stratus.com> Reviewed by: steve Improved PRNG seeding for VOS.	2011-12-19 17:02:35 +00:00
Andy Polyakov	700384be8e	vpaes-x86.pl: revert previous commit and solve the problem through x86masm.pl [from HEAD]. PR: 2657	2011-12-15 22:20:26 +00:00
Dr. Stephen Henson	b8a22c40e0	PR: 1794 Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve Remove unnecessary code for srp and to add some comments to s_client. - the callback to provide a user during client connect is no longer necessary since rfc 5054 a connection attempt with an srp cipher and no user is terminated when the cipher is acceptable - comments to indicate in s_client the (non-)usefulness of th primalaty tests for non known group parameters.	2011-12-14 22:18:03 +00:00
Andy Polyakov	3918de9ad1	vpaes-x86.pl: portability fix. PR: 2657	2011-12-14 21:30:25 +00:00
Andy Polyakov	7b467c6b81	modexp512-x86_64.pl: Solaris portability fix [from HEAD]. PR: 2656	2011-12-12 15:12:09 +00:00
Dr. Stephen Henson	e559febaf1	typo	2011-12-10 01:37:55 +00:00
Ben Laurie	6a4b87eb9d	Fix warning.	2011-12-09 20:15:48 +00:00
Andy Polyakov	edcba19c23	perlasm/x86gas.pl: give a hand old assemblers assembling loop instruction [from HEAD].	2011-12-09 19:16:35 +00:00
Andy Polyakov	b140ae9137	cryptlib.c: allow for OPENSSL_ia32cap=~0x????? syntax for environment value in question.	2011-12-09 15:46:41 +00:00
Andy Polyakov	8ee0591f28	x86-mont.pl: fix bug in integer-only squaring path. PR: 2648	2011-12-09 14:26:28 +00:00
Ben Laurie	825e1a7c56	Fix warnings.	2011-12-02 14:39:41 +00:00
Bodo Möller	a0dce9be76	Fix ecdsatest.c. Submitted by: Emilia Kasper	2011-12-02 12:40:42 +00:00
Bodo Möller	cf2b938529	Fix BIO_f_buffer(). Submitted by: Adam Langley Reviewed by: Bodo Moeller	2011-12-02 12:24:48 +00:00
Andy Polyakov	62f685a9cd	bn/asm/mips.pl: fix typos [from HEAD].	2011-12-01 12:17:20 +00:00
Dr. Stephen Henson	a310428527	Workaround so "make depend" works for fips builds.	2011-11-22 12:50:59 +00:00
Andy Polyakov	0a8f00af34	bsaes-x86_64.pl: fix buffer overrun in tail processing [from HEAD].	2011-11-16 23:36:40 +00:00
Ben Laurie	060a38a2c0	Add DTLS-SRTP.	2011-11-15 23:02:16 +00:00
Andy Polyakov	58402976b4	aes-armv4.pl: make it link.	2011-11-15 13:55:52 +00:00
Andy Polyakov	cd7b854bbb	e_rc4_hmac_md5.c: make it work on darwin64, which is configured with RC4_CHAR.	2011-11-15 12:39:48 +00:00
Andy Polyakov	aecc0756e8	aes-s390x.pl: make it link.	2011-11-15 12:20:55 +00:00
Andy Polyakov	e6ccc6ed70	Configure, e_aes.c: allow for XTS assembler implementation [from HEAD].	2011-11-15 12:19:56 +00:00
Andy Polyakov	e959a01fac	e_aes.c: jumbo update from HEAD.	2011-11-14 21:17:08 +00:00
Andy Polyakov	17674bfdf7	ec_cvt.c: performance update from HEAD.	2011-11-14 21:14:53 +00:00
Andy Polyakov	d807d4c21f	c_allc.c: add XTS ciphers [from HEAD].	2011-11-14 21:13:35 +00:00
Andy Polyakov	2357ae17e7	x86 assembler pack update from HEAD.	2011-11-14 21:06:50 +00:00
Andy Polyakov	9f1c5491d2	BN update from HEAD.	2011-11-14 21:05:42 +00:00
Andy Polyakov	70b52222f5	x86_64 assembler pack update from HEAD.	2011-11-14 21:01:21 +00:00
Andy Polyakov	88cb59727c	ARM assembler pack update from HEAD.	2011-11-14 20:58:01 +00:00
Andy Polyakov	781bfdc314	Alpha assembler pack update from HEAD.	2011-11-14 20:56:15 +00:00
Andy Polyakov	b66723b23e	MIPS assembler pack update from HEAD.	2011-11-14 20:55:24 +00:00
Andy Polyakov	cf96d71c22	PPC assembler pack update from HEAD.	2011-11-14 20:54:17 +00:00
Andy Polyakov	1a111921da	PA-RISC assembler pack update from HEAD.	2011-11-14 20:50:15 +00:00
Andy Polyakov	5d9bb428bb	SPARCv9 assembler pack update from HEAD.	2011-11-14 20:48:35 +00:00
Andy Polyakov	9833757b5d	s390x assembler pack update from HEAD.	2011-11-14 20:47:22 +00:00
Andy Polyakov	4195343c0d	IA64 assembler pack update from HEAD.	2011-11-14 20:45:57 +00:00
Andy Polyakov	042bee4e5c	perlasm update from HEAD.	2011-11-14 20:44:20 +00:00
Andy Polyakov	4afba1f3d9	Mafiles updates to accomodate assembler update from HEAD.	2011-11-14 20:42:22 +00:00
Dr. Stephen Henson	5999d45a5d	DH keys have an (until now) unused 'q' parameter. When creating from DSA copy q across and if q present generate DH key in the correct range. (from HEAD)	2011-11-14 14:16:09 +00:00
Dr. Stephen Henson	f69e5d6a19	Call OPENSSL_init after we've checked to see if customisation is permissible.	2011-11-14 14:15:29 +00:00
Ben Laurie	3517637702	Ignorance.	2011-11-14 02:42:26 +00:00
Ben Laurie	4c02cf8ecc	make depend.	2011-11-13 20:23:34 +00:00
Andy Polyakov	6471ec71aa	x86cpuid.pl: compensate for imaginary virtual machines [from HEAD]. PR: 2633	2011-11-08 21:28:14 +00:00
Andy Polyakov	cb45708061	x86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs. PR: 2633	2011-11-05 10:44:25 +00:00
Andy Polyakov	02597f2885	ppc.pl: fix bug in bn_mul_comba4 [from HEAD]. PR: 2636 Submitted by: Charles Bryant	2011-11-05 10:16:30 +00:00
Richard Levitte	8c6a514edf	Add missing algorithms to disable, and in particular, disable EC_NISTP_64_GCC_128 by default, as GCC isn't currently supported on VMS. Add CMAC to the modules to build, and synchronise with Unix.	2011-10-30 11:45:30 +00:00
Dr. Stephen Henson	a8d72c79db	PR: 2632 Submitted by: emmanuel.azencot@bull.net Reviewed by: steve Return -1 immediately if not affine coordinates as BN_CTX has not been set up.	2011-10-26 16:43:23 +00:00
Dr. Stephen Henson	03f84c8260	Update error codes for FIPS. Add support for authentication in FIPS_mode_set().	2011-10-21 13:04:27 +00:00
Bodo Möller	67f8de9ab8	"make update"	2011-10-19 15:24:44 +00:00
Bodo Möller	2d95ceedc5	BN_BLINDING multi-threading fix. Submitted by: Emilia Kasper (Google)	2011-10-19 14:58:59 +00:00
Bodo Möller	3d520f7c2d	Fix warnings. Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.	2011-10-19 08:58:35 +00:00
Bodo Möller	9c37519b55	Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these; -DEC_NISTP224_64_GCC_128 no longer works.) Submitted by: Google Inc.	2011-10-18 19:43:54 +00:00
Andy Polyakov	a99ce1f5b1	e_aes.c: fix bug in aesni_gcm_tls_cipher [in HEAD].	2011-10-14 09:34:14 +00:00
Andy Polyakov	42660b3cf1	aesni-x86[_64].pl: pull from HEAD.	2011-10-14 09:21:03 +00:00
Bodo Möller	93ff4c69f7	Make CTR mode behaviour consistent with other modes: clear ctx->num in EVP_CipherInit_ex Submitted by: Emilia Kasper	2011-10-13 13:42:29 +00:00
Dr. Stephen Henson	6841abe842	update pkey method initialisation and copy	2011-10-11 18:16:02 +00:00
Dr. Stephen Henson	cb70355d87	Backport ossl_ssize_t type from HEAD.	2011-10-10 22:33:50 +00:00
Dr. Stephen Henson	b17442bb04	def_rsa_finish not used anymore.	2011-10-10 20:34:17 +00:00
Dr. Stephen Henson	4874e235fb	fix leak properly this time...	2011-10-10 14:09:05 +00:00
Dr. Stephen Henson	9309ea6617	Backport PSS signature support from HEAD.	2011-10-09 23:13:50 +00:00
Dr. Stephen Henson	88bac3e664	fix memory leaks	2011-10-09 23:09:22 +00:00
Dr. Stephen Henson	5473b6bc2f	Fix memory leak. From HEAD.	2011-10-09 16:04:17 +00:00
Dr. Stephen Henson	dc100d87b5	Backport of password based CMS support from HEAD.	2011-10-09 15:28:02 +00:00
Dr. Stephen Henson	6f6b31dadc	PR: 2482 Submitted by: Rob Austein <sra@hactrn.net> Reviewed by: steve Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.	2011-10-09 00:56:43 +00:00
Dr. Stephen Henson	177f27d71e	? crypto/aes/aes-armv4.S ? crypto/aes/aesni-sha1-x86_64.s ? crypto/aes/aesni-x86_64.s ? crypto/aes/foo.pl ? crypto/aes/vpaes-x86_64.s ? crypto/bn/.bn_lib.c.swp ? crypto/bn/armv4-gf2m.S ? crypto/bn/diffs ? crypto/bn/modexp512-x86_64.s ? crypto/bn/x86_64-gf2m.s ? crypto/bn/x86_64-mont5.s ? crypto/ec/bc.txt ? crypto/ec/diffs ? crypto/modes/a.out ? crypto/modes/diffs ? crypto/modes/ghash-armv4.S ? crypto/modes/ghash-x86_64.s ? crypto/modes/op.h ? crypto/modes/tst.c ? crypto/modes/x.h ? crypto/objects/.obj_xref.txt.swp ? crypto/rand/diffs ? crypto/sha/sha-512 ? crypto/sha/sha1-armv4-large.S ? crypto/sha/sha256-armv4.S ? crypto/sha/sha512-armv4.S Index: crypto/objects/obj_xref.c =================================================================== RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v retrieving revision 1.9 diff -u -r1.9 obj_xref.c --- crypto/objects/obj_xref.c 5 Nov 2008 18:38:58 -0000 1.9 +++ crypto/objects/obj_xref.c 6 Oct 2011 20:30:21 -0000 @@ -110,8 +110,10 @@ #endif if (rv == NULL) return 0; - pdig_nid = rv->hash_id; - ppkey_nid = rv->pkey_id; + if (pdig_nid) + pdig_nid = rv->hash_id; + if (ppkey_nid) + ppkey_nid = rv->pkey_id; return 1; } @@ -144,7 +146,8 @@ #endif if (rv == NULL) return 0; - psignid = (rv)->sign_id; + if (psignid) + psignid = (rv)->sign_id; return 1; } Index: crypto/x509/x509type.c =================================================================== RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v retrieving revision 1.10 diff -u -r1.10 x509type.c --- crypto/x509/x509type.c 26 Oct 2007 12:06:33 -0000 1.10 +++ crypto/x509/x509type.c 6 Oct 2011 20:36:04 -0000 @@ -100,20 +100,26 @@ break; } - i=X509_get_signature_type(x); - switch (i) + i=OBJ_obj2nid(x->sig_alg->algorithm); + if (i && OBJ_find_sigid_algs(i, NULL, &i)) { - case EVP_PKEY_RSA: - ret\|=EVP_PKS_RSA; - break; - case EVP_PKEY_DSA: - ret\|=EVP_PKS_DSA; - break; - case EVP_PKEY_EC: - ret\|=EVP_PKS_EC; - break; - default: - break; + + switch (i) + { + case NID_rsaEncryption: + case NID_rsa: + ret\|=EVP_PKS_RSA; + break; + case NID_dsa: + case NID_dsa_2: + ret\|=EVP_PKS_DSA; + break; + case NID_X9_62_id_ecPublicKey: + ret\|=EVP_PKS_EC; + break; + default: + break; + } } if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look	2011-10-06 20:45:08 +00:00
Dr. Stephen Henson	e8f31f80d1	PR: 2606 Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de> Reviewed by: steve Handle timezones correctly in UTCTime.	2011-09-23 13:39:35 +00:00
Dr. Stephen Henson	e34a303ce1	make depend	2011-09-16 23:15:22 +00:00
Dr. Stephen Henson	36f120cd20	Improved error checking for DRBG calls. New functionality to allow default DRBG type to be set during compilation or during runtime.	2011-09-16 23:12:34 +00:00
Dr. Stephen Henson	0ae7c43fa5	Improved error checking for DRBG calls. New functionality to allow default DRBG type to be set during compilation or during runtime.	2011-09-16 23:08:57 +00:00
Dr. Stephen Henson	c0d2943952	Typo.	2011-09-16 23:04:07 +00:00
Dr. Stephen Henson	7d453a3b49	Fix warnings (from HEAD).	2011-09-10 21:18:37 +00:00
Dr. Stephen Henson	cd447875e6	Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past produce an error (CVE-2011-3207)	2011-09-06 15:14:41 +00:00
Bodo Möller	7f1022a8b1	Fix memory leak on bad inputs.	2011-09-05 09:57:15 +00:00
Bodo Möller	edf6b025b1	make update	2011-09-05 09:44:54 +00:00
Bodo Möller	9e96812934	Fix error codes.	2011-09-05 09:42:55 +00:00
Dr. Stephen Henson	91e97cbe4c	Don't use *from++ in tolower as this is implemented as a macro on some platforms. Thanks to Shayne Murray <Shayne.Murray@Polycom.com> for reporting this issue.	2011-09-02 11:28:18 +00:00
Dr. Stephen Henson	63ee3b32fe	PR: 2576 Submitted by: Doug Goldstein <cardoe@gentoo.org> Reviewed by: steve Include header file stdlib.h which is needed on some platforms to get getenv() declaration.	2011-09-02 11:20:32 +00:00
Dr. Stephen Henson	4ff1a2da10	PR: 2340 Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar> Reviewed by: steve Stop warnings if OPENSSL_NO_DGRAM is defined.	2011-09-01 15:01:55 +00:00
Dr. Stephen Henson	4c3c975066	make timing attack protection unconditional	2011-09-01 14:23:22 +00:00
Dr. Stephen Henson	be0853358c	PR: 2589 Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com> Reviewed by: steve Initialise p pointer.	2011-09-01 13:52:38 +00:00
Dr. Stephen Henson	fea15b553d	PR: 2588 Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com> Reviewed by: steve Close file pointer.	2011-09-01 13:49:08 +00:00
Andy Polyakov	84e7485bfb	Add RC4-MD5 and AESNI-SHA1 "stitched" implementations [from HEAD].	2011-08-23 20:53:34 +00:00
Andy Polyakov	f56f72f219	eng_rsax.c: improve portability [from HEAD].	2011-08-22 19:01:41 +00:00
Andy Polyakov	2bfb23f102	modexp512-x86_64.pl: make it work with ml64 [from HEAD].	2011-08-19 06:31:27 +00:00
Dr. Stephen Henson	cf199fec52	Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA using OBJ xref utilities instead of string comparison with OID name. This removes the arbitrary restriction on using SHA1 only with some ECC ciphersuites.	2011-08-14 13:47:30 +00:00
Andy Polyakov	165c20c2c4	eng_rsax.c: make it work on Win64.	2011-08-14 08:38:04 +00:00
Andy Polyakov	625c6ba4c7	eng_rdrand.c: make it link in './config 386' case [from HEAD].	2011-08-14 08:31:14 +00:00
Andy Polyakov	a32bede701	x86_64-xlate.pl: fix movzw [from HEAD].	2011-08-12 21:25:23 +00:00
Andy Polyakov	8ff5c8874f	Alpha assembler fixed from HEAD. PR: 2577	2011-08-12 12:31:08 +00:00
Dr. Stephen Henson	c5d38fc262	aesni TLS GCM support	2011-08-11 23:06:37 +00:00
Dr. Stephen Henson	6b71970520	Sync EVP AES modes from HEAD.	2011-08-11 22:52:06 +00:00
Dr. Stephen Henson	0209e111f6	Add XTS OIDs from HEAD.	2011-08-11 22:51:37 +00:00
Dr. Stephen Henson	dc01af7723	Sync ASM/modes to add CCM and XTS modes and assembly language optimisation (from HEAD, original by Andy).	2011-08-11 22:36:19 +00:00
Dr. Stephen Henson	5435d0412f	prevent compilation errors and warnings	2011-08-11 21:12:01 +00:00
Andy Polyakov	922ac25f64	Add provisory support for RDRAND [from HEAD].	2011-08-10 18:53:13 +00:00
Dr. Stephen Henson	61cdb9f36a	Backport GCM support from HEAD. Minimal support at present: no assembly language optimisation. [original by Andy]	2011-08-04 11:12:38 +00:00
Dr. Stephen Henson	1acd042c85	fix memory leak	2011-08-03 16:40:14 +00:00
Dr. Stephen Henson	572712d82a	recognise ecdsaWithSHA1 OID	2011-07-28 14:42:53 +00:00
Dr. Stephen Henson	d1697a7556	Disable rsax for Windows: it doesn't currently work.	2011-07-25 23:45:49 +00:00
Andy Polyakov	90f3e4cf05	Back-port TLS AEAD framework [from HEAD].	2011-07-21 19:22:57 +00:00
Dr. Stephen Henson	7bd8bf58bb	stop warnings	2011-07-21 13:45:17 +00:00
Andy Polyakov	1190d3f442	Add RSAX builtin engine [from HEAD].	2011-07-20 21:51:33 +00:00
Dr. Stephen Henson	0e4f5cfbab	PR: 2559 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS socket error bug	2011-07-20 15:22:02 +00:00
Dr. Stephen Henson	2305ae5d8c	PR: 2556 (partial) Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de> Reviewed by: steve Fix OID routines. Check on encoding leading zero rejection should start at beginning of encoding. Allow for initial digit when testing when to use BIGNUMs which can increase first value by 2 * 40.	2011-07-14 12:01:36 +00:00
Andy Polyakov	2a5e042c70	perlasm/cbc.pl: fix tail processing bug [from HEAD]. PR: 2557	2011-07-13 06:22:46 +00:00
Andy Polyakov	a460c42f94	x86_64-xlate.pl: update from HEAD.	2011-07-04 13:11:55 +00:00
Andy Polyakov	d16743e728	sha1-x86_64.pl: nasm-related update from HEAD.	2011-07-04 13:01:42 +00:00
Andy Polyakov	4a29fa8caf	sha1-x86_64.pl: fix win64-specific typos and add masm support [from HEAD].	2011-07-01 21:24:39 +00:00
Andy Polyakov	250bb54dba	x86_64-xlate.pl: masm-specific update.	2011-07-01 21:22:13 +00:00
Dr. Stephen Henson	8315aa03fc	Fix assembly language function renaming so it works on WIN64.	2011-07-01 14:13:52 +00:00
Andy Polyakov	9a35faaa29	rc4-x86[_64].pl: back-sync with original 1.0.1.	2011-06-28 15:04:31 +00:00
Andy Polyakov	fbe2e28911	AES-NI backport from HEAD. Note that e_aes.c doesn't implement all modes from HEAD yet, more will be back-ported later.	2011-06-28 14:49:35 +00:00
Andy Polyakov	84968e25f3	x86[_64] assembler pack: back-port SHA1 and RC4 from HEAD.	2011-06-28 13:53:50 +00:00
Andy Polyakov	10fd0b7b55	x86[_64]cpuid.pl: harmonize OPENSSL_ia32_cpuid [from HEAD].	2011-06-28 13:40:19 +00:00
Andy Polyakov	4a46dc6e5c	x86[_64] perlasm: pull-in from HEAD.	2011-06-28 13:33:47 +00:00
Andy Polyakov	0ec55604c0	Expand OPENSSL_ia32cap_P to 64 bits. It might appear controversial, because such operation can be considered as breaking binary compatibility. However! OPNESSL_ia32cap_P is accessed by application through pointer returned by OPENSSL_ia32cap_loc() and such change of internal OPENSSL_ia32cap_P declaration is possible specifically on little-endian platforms, such as x86[_64] ones in question. In addition, if 32-bit application calls OPENSSL_ia32cap_loc(), it clears upper half of capability vector maintaining the illusion that it's still 32 bits wide.	2011-06-28 13:31:58 +00:00
Dr. Stephen Henson	dea113b428	PR: 2470 Submitted by: Corinna Vinschen <vinschen@redhat.com> Reviewed by: steve Don't call ERR_remove_state from DllMain.	2011-06-22 15:38:40 +00:00
Dr. Stephen Henson	dcbe723bc5	PR: 2540 Submitted by: emmanuel.azencot@bull.net Reviewed by: steve Prevent infinite loop in BN_GF2m_mod_inv().	2011-06-22 15:23:40 +00:00
Dr. Stephen Henson	33c98a28ac	correctly encode OIDs near 2^32	2011-06-22 15:15:48 +00:00
Dr. Stephen Henson	b2ddddfb20	allow MD5 use for computing old format hash links	2011-06-22 02:18:06 +00:00
Dr. Stephen Henson	c24367ebb9	Don't set FIPS rand method at same time as RAND method as this can cause the FIPS library to fail. Applications that want to set the FIPS rand method can do so explicitly and presumably they know what they are doing...	2011-06-21 17:08:25 +00:00
Dr. Stephen Henson	7397b35379	Add FIPS error codes.	2011-06-21 16:58:10 +00:00
Dr. Stephen Henson	1f2e4ecc30	Rename all AES_set*() functions using private_ prefix.	2011-06-21 16:23:42 +00:00
Dr. Stephen Henson	955e28006d	make EVP_dss() work for DSA signing	2011-06-20 20:05:13 +00:00
Dr. Stephen Henson	bf0736eb1f	Redirect null cipher to FIPS module.	2011-06-20 20:00:10 +00:00
Dr. Stephen Henson	3a5b97b7f1	Don't set default public key methods in FIPS mode so applications can switch between modes.	2011-06-20 19:41:13 +00:00
Dr. Stephen Henson	ed1bbe2cad	make sure custom cipher flag doesn't use any mode bits	2011-06-13 23:10:34 +00:00
Dr. Stephen Henson	b0b3d09063	Set rand method in FIPS_mode_set() not in rand library.	2011-06-13 21:18:00 +00:00
Dr. Stephen Henson	0ede2af7a0	Redirect RAND to FIPS module in FIPS mode.	2011-06-13 20:40:52 +00:00
Dr. Stephen Henson	e8d23f7811	Redirect HMAC and CMAC operations to module.	2011-06-12 15:07:26 +00:00
Dr. Stephen Henson	7c402e5af3	Disable GCM, CCM, XTS outside FIPS mode this will be updated when backported.	2011-06-10 14:22:42 +00:00
Dr. Stephen Henson	4276908f51	add android support to DSO (from HEAD)	2011-06-09 21:49:24 +00:00
Ben Laurie	f851acbfff	Fix warnings/errors(!).	2011-06-09 17:09:08 +00:00
Ben Laurie	78ef9b0205	Fix warnings.	2011-06-09 16:03:18 +00:00
Dr. Stephen Henson	ed9b0e5cba	Redirect DH key and parameter generation.	2011-06-09 15:21:46 +00:00
Dr. Stephen Henson	752c1a0ce9	Redirect DSA operations to FIPS module in FIPS mode.	2011-06-09 13:54:09 +00:00
Dr. Stephen Henson	cc30415d0c	Use method rsa keygen first if FIPS mode if it is a FIPS method.	2011-06-09 13:18:07 +00:00
Dr. Stephen Henson	03e16611a3	Redirect DH operations to FIPS module. Block non-FIPS methods. Sync DH error codes with HEAD.	2011-06-08 15:58:59 +00:00
Dr. Stephen Henson	b6d63b2516	Check fips method flags for ECDH, ECDSA.	2011-06-08 14:01:00 +00:00
Dr. Stephen Henson	e6b88d02bd	Implement Camellia_set_key properly for FIPS builds.	2011-06-08 13:11:46 +00:00
Andy Polyakov	125060ca63	rc4_skey.c: remove dead/redundant code (it's never compiled) and misleading/obsolete comment [from HEAD].	2011-06-06 20:04:33 +00:00
Dr. Stephen Henson	6342b6e332	Redirection of ECDSA, ECDH operations to FIPS module. Also use FIPS EC methods unconditionally for now: might want to use them only in FIPS mode or with a switch later.	2011-06-06 15:39:17 +00:00
Dr. Stephen Henson	59bc67052b	Add flags field to EC_KEY structure (backport from HEAD).	2011-06-06 13:18:03 +00:00
Dr. Stephen Henson	c090562828	Make no-ec2m work again (backport from HEAD).	2011-06-06 13:00:30 +00:00
Dr. Stephen Henson	69e2ec63c5	Reorganise ECC code so it can use FIPS module. Move compression, point2oct and oct2point functions into separate files. Add a flags field to EC_METHOD. Add a flag EC_FLAGS_DEFAULT_OCT to use the default compession and oct functions (all existing methods do this). This removes dependencies from EC_METHOD while keeping original functionality. Backport from HEAD with minor changes.	2011-06-06 12:54:51 +00:00
Dr. Stephen Henson	f610a516a0	Backport from HEAD: New option to disable characteristic two fields in EC code. Make no-ec2m work on Win32 build.	2011-06-06 11:49:36 +00:00
Dr. Stephen Henson	2e51a4caa3	Function not used outside FIPS builds.	2011-06-06 11:24:47 +00:00
Dr. Stephen Henson	c6fa97a6d6	FIPS low level blocking for AES, RC4 and Camellia. This is complicated by use of assembly language routines: rename the assembly language function to the private_* variant unconditionally and perform tests from a small C wrapper.	2011-06-05 17:36:44 +00:00
Dr. Stephen Henson	24d7159abd	Backport libcrypto audit: check return values of EVP functions instead of assuming they will always suceed.	2011-06-03 20:53:00 +00:00
Dr. Stephen Henson	d99e6b5014	New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier) from a digest algorithm (backport from HEAD).	2011-06-03 18:35:49 +00:00
Dr. Stephen Henson	2cf40fc2b8	license correction, no EAY code included in this file	2011-06-03 17:56:51 +00:00
Dr. Stephen Henson	260d08b814	Backport CMAC support from HEAD.	2011-06-03 15:08:42 +00:00
Dr. Stephen Henson	53dd05d8f6	Redirect RSA keygen, sign, verify to FIPS module.	2011-06-03 13:16:16 +00:00
Dr. Stephen Henson	fbe7055370	Redirection of low level APIs to FIPS module. Digest sign, verify operations are not redirected at this stage.	2011-06-02 18:22:42 +00:00
Dr. Stephen Henson	a5b386205f	Backport extended PSS support from HEAD: allow setting of mgf1Hash explicitly. This is needed to handle FIPS redirection fully.	2011-06-02 18:13:33 +00:00
Dr. Stephen Henson	916bcab28e	Prohibit low level cipher APIs in FIPS mode. Not complete: ciphers with assembly language key setup are not covered yet.	2011-06-01 16:54:06 +00:00
Dr. Stephen Henson	c7373c3dee	For consistency define clone digests in evp_fips.c	2011-06-01 15:11:00 +00:00
Dr. Stephen Henson	9f2c8eb2a1	Redirect clone digests to FIPS module for FIPS builds.	2011-06-01 14:28:21 +00:00
Dr. Stephen Henson	65300dcfb0	Prohibit use of low level digest APIs in FIPS mode.	2011-06-01 13:39:45 +00:00
Dr. Stephen Henson	5792219d1d	Redirect cipher operations to FIPS module for FIPS builds.	2011-05-29 16:18:38 +00:00
Dr. Stephen Henson	293c58c1e7	Use approved API for EVP digest operations in FIPS builds. Call OPENSSL_init() in a few more places to make sure it is always called at least once. Initial cipher API redirection (incomplete).	2011-05-29 15:55:13 +00:00
Dr. Stephen Henson	9f375a752e	Add default ASN1 handling to support FIPS.	2011-05-29 02:32:05 +00:00
Dr. Stephen Henson	04dc5a9ca6	Redirect digests to FIPS module for FIPS builds. Use FIPS API when initialising digests. Sync header file evp.h and error codes with HEAD for necessary FIPS definitions.	2011-05-28 23:01:26 +00:00
Dr. Stephen Henson	ae6cb5483e	Use \|\| instead of && so build doesn't fail.	2011-05-26 22:10:28 +00:00
Dr. Stephen Henson	a168ec1d27	Support shared library builds of FIPS capable OpenSSL, add fipscanister.o to libcrypto.a so linking to libcrypto.a works.	2011-05-26 21:23:11 +00:00
Dr. Stephen Henson	7207eca1ee	The first of many changes to make OpenSSL 1.0.1 FIPS capable. Add static build support to openssl utility. Add new "fips" option to Configure. Make use of installed fipsld and fips_standalone_sha1 Initialise FIPS error callbacks, locking and DRBG. Doesn't do anything much yet: no crypto is redirected to the FIPS module. Doesn't completely build either but the openssl utility can enter FIPS mode: which doesn't do anything much either.	2011-05-26 14:19:19 +00:00
Dr. Stephen Henson	ed67f7b7a7	Fix the ECDSA timing attack mentioned in the paper at: http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention.	2011-05-25 14:52:33 +00:00
Dr. Stephen Henson	6ea8d138d3	Fix the ECDSA timing attack mentioned in the paper at: http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention.	2011-05-25 14:42:27 +00:00
Dr. Stephen Henson	419b09b053	PR: 2512 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix BIO_accept so it can be bound to IPv4 or IPv6 sockets consistently.	2011-05-25 12:36:59 +00:00
Richard Levitte	ab08405984	LIBOBJ contained o_fips.c, now o_fips.o.	2011-05-21 09:17:54 +00:00
Dr. Stephen Henson	f98d2e5cc1	Implement FIPS_mode and FIPS_mode_set	2011-05-19 18:19:07 +00:00
Dr. Stephen Henson	f4ddbb5ad1	inherit HMAC flags from MD_CTX	2011-05-19 17:38:57 +00:00
Dr. Stephen Henson	676cd3a283	new flag to stop ENGINE methods being registered	2011-05-15 15:58:38 +00:00
Dr. Stephen Henson	e24b01cc6f	Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have disabled by default. If we don't do it this way, it screws up libeay.num. (update from HEAD, original from levitte).	2011-05-12 13:10:27 +00:00
Dr. Stephen Henson	889c2282a5	allow SHA384, SHA512 with DSA	2011-05-08 12:38:51 +00:00
Dr. Stephen Henson	dca30c44f5	no need to include memory.h	2011-04-30 23:38:05 +00:00
Dr. Stephen Henson	f2c358c6ce	check buffer is larger enough before overwriting	2011-04-06 18:06:54 +00:00
Richard Levitte	ecff2e5ce1	Corrections to the VMS build system. Submitted by Steven M. Schweda <sms@antinode.info>	2011-03-25 16:21:08 +00:00
Dr. Stephen Henson	c9d630dab6	make some non-VMS builds work again	2011-03-25 15:07:18 +00:00
Richard Levitte	d135906dbc	For VMS, implement the possibility to choose 64-bit pointers with different options: "64" The build system will choose /POINTER_SIZE=64=ARGV if the compiler supports it, otherwise /POINTER_SIZE=64. "64=" The build system will force /POINTER_SIZE=64. "64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.	2011-03-25 09:39:46 +00:00
Richard Levitte	9f427a52cb	make update (1.0.1-stable) This meant a slight renumbering in util/libeay.num due to symbols appearing in 1.0.0-stable. However, since there's been no release on this branch yet, it should be harmless.	2011-03-23 00:06:04 +00:00
Richard Levitte	9ed8dee71b	A few more long symbols needing shortening.	2011-03-19 11:03:41 +00:00
Richard Levitte	4692b3345d	Keep file references in the VMS build files in the same order as they are in the Unix Makefiles, and add SRP tests.	2011-03-19 10:46:21 +00:00
Richard Levitte	e59fb00735	SRP was introduced, add it for OpenVMS.	2011-03-19 09:55:35 +00:00
Richard Levitte	9275853084	A few more symbols that need shorter versions on OpenVMS.	2011-03-19 09:54:47 +00:00
Richard Levitte	01d2e27a2b	Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>	2011-03-19 09:47:47 +00:00
Ben Laurie	a149b2466e	Add SRP.	2011-03-16 11:26:40 +00:00
Andy Polyakov	2bbd82cf24	s390x-mont.pl: optimize for z196.	2011-03-04 13:13:04 +00:00
Andy Polyakov	1bfd3d7f58	dso_dlfcn.c: make it work on Tru64 4.0 [from HEAD].	2011-02-12 16:47:12 +00:00
Bodo Möller	a288aaefc4	Assorted bugfixes: - safestack macro changes for C++ were incomplete - RLE decompression boundary case - SSL 2.0 key arg length check Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)	2011-02-03 12:03:57 +00:00
Dr. Stephen Henson	5080fbbef0	Since FIPS 186-3 specifies we use the leftmost bits of the digest we shouldn't reject digest lengths larger than SHA256: the FIPS algorithm tests include SHA384 and SHA512 tests.	2011-02-01 12:53:47 +00:00
Dr. Stephen Henson	b5b724348d	stop warnings about no previous prototype when compiling shared engines	2011-01-30 01:55:29 +00:00
Dr. Stephen Henson	c3ee90d8ca	FIPS mode changes to make RNG compile (this will need updating later as we need a whole new PRNG for FIPS). 1. avoid use of ERR_peek(). 2. If compiling with FIPS use small FIPS EVP and disable ENGINE	2011-01-26 14:55:23 +00:00
Richard Levitte	bf35c5dc7f	Add rsa_crpt	2011-01-26 06:32:22 +00:00
Dr. Stephen Henson	c42d223ac2	Move RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate crypto and ENGINE dependencies in RSA library.	2011-01-25 17:43:20 +00:00
Dr. Stephen Henson	d5654d2b20	Move BN_options function to bn_print.c to remove dependency for BIO printf routines from bn_lib.c	2011-01-25 17:10:42 +00:00
Dr. Stephen Henson	a7508fec1a	Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign() and DSA_do_verify().	2011-01-25 16:55:27 +00:00
Dr. Stephen Henson	c31945e682	recalculate DSA signature if r or s is zero (FIPS 186-3 requirement)	2011-01-25 16:02:27 +00:00
Dr. Stephen Henson	d3203b931e	PR: 2433 Submitted by: Chris Wilson <chris@qwirx.com> Reviewed by: steve Constify ASN1_STRING_set_default_mask_asc().	2011-01-24 16:20:05 +00:00
Dr. Stephen Henson	947f4e90c3	New function EC_KEY_set_affine_coordinates() this performs all the NIST PKV tests.	2011-01-24 16:09:57 +00:00
Dr. Stephen Henson	d184c7b271	check EC public key isn't point at infinity	2011-01-24 15:07:47 +00:00
Dr. Stephen Henson	913488c066	PR: 1612 Submitted by: Robert Jackson <robert@rjsweb.net> Reviewed by: steve Fix EC_POINT_cmp function for case where b but not a is the point at infinity.	2011-01-24 14:41:49 +00:00
Dr. Stephen Henson	7fa27d9ac6	Add additional parameter to dsa_builtin_paramgen to output the generated seed to: this doesn't introduce any binary compatibility issues as the function is only used internally. The seed output is needed for FIPS 140-2 algorithm testing: the functionality used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0	2011-01-19 14:46:42 +00:00
Dr. Stephen Henson	c341b9cce5	add va_list version of ERR_add_error_data	2011-01-14 15:13:59 +00:00

... 3 4 5 6 7 ...

5437 commits