Dr. Stephen Henson
ce25c7207b
New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier)
...
from a digest algorithm.
2010-03-11 13:27:05 +00:00
Dr. Stephen Henson
77163b6234
don't leave bogus errors in the queue
2010-03-10 13:48:09 +00:00
Andy Polyakov
e3a510f8a6
Add GHASH x86 assembler.
2010-03-09 23:03:33 +00:00
Dr. Stephen Henson
b17bdc7734
PR: 2188
...
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>
Add "missing" functions to get and set prompt constructor.
2010-03-09 17:24:33 +00:00
Dr. Stephen Henson
a0e4a8e10a
PR: 2186
...
Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch@tecsys.com>
Detect aix64-gcc
2010-03-09 17:08:48 +00:00
Dr. Stephen Henson
d6eebf6d8a
reserve a few more bits for future cipher modes
2010-03-08 23:48:21 +00:00
Andy Polyakov
2262beef2e
gcm128.c: add option for streamed GHASH, simple benchmark, minor naming
...
change.
2010-03-08 22:44:37 +00:00
Dr. Stephen Henson
31904ecdf3
RSA PSS verification support including certificates and certificate
...
requests. Add new ASN1 signature initialisation function to handle this
case.
2010-03-08 18:10:35 +00:00
Dr. Stephen Henson
a4d9c12f99
correct error code
2010-03-08 18:07:05 +00:00
Dr. Stephen Henson
809cd0a22d
print outermost signature algorithm parameters too
2010-03-07 17:02:47 +00:00
Dr. Stephen Henson
bea29921a8
oops
2010-03-07 16:41:54 +00:00
Dr. Stephen Henson
7ed485bc9f
The OID sanity check was incorrect. It should only disallow *leading* 0x80
...
values.
2010-03-07 16:40:05 +00:00
Dr. Stephen Henson
069d4cfea5
although AES is a variable length cipher, AES EVP methods have a fixed key length
2010-03-07 15:54:26 +00:00
Dr. Stephen Henson
49436b59b5
oops, make EVP ctr mode work again
2010-03-07 15:52:41 +00:00
Dr. Stephen Henson
9ef6fe8c2e
typo
2010-03-07 15:37:37 +00:00
Dr. Stephen Henson
63b825c9d4
add separate PSS decode function, rename PSS parameters to RSA_PSS_PARAMS
2010-03-07 13:34:51 +00:00
Dr. Stephen Henson
77f4b6ba4f
add MGF1 digest ctrl
2010-03-07 13:34:15 +00:00
Dr. Stephen Henson
a5667732b9
update ASN1 sign/verify to use EVP_DigestSign and EVP_DigestVerify
2010-03-07 12:05:45 +00:00
Dr. Stephen Henson
1708456220
don't add digest alias if signature algorithm is undefined
2010-03-06 20:47:30 +00:00
Dr. Stephen Henson
ff04bbe363
Add PSS algorithm printing. This is an initial step towards full PSS support.
...
Uses ASN1 module in Martin Kaiser's PSS patch.
2010-03-06 19:55:25 +00:00
Dr. Stephen Henson
148924c1f4
fix indent, newline
2010-03-06 18:14:13 +00:00
Dr. Stephen Henson
fa1ba589f3
Add algorithm specific signature printing. An individual ASN1 method can
...
now print out signatures instead of the standard hex dump.
More complex signatures (e.g. PSS) can print out more meaningful information.
Sample DSA version included that prints out the signature parameters r, s.
[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
new fields in the middle has no compatibility issues]
2010-03-06 18:05:05 +00:00
Dr. Stephen Henson
8c4ce7bab2
Fix memory leak: free up ENGINE functional reference if digest is not
...
found in an ENGINE.
2010-03-05 13:33:21 +00:00
Dr. Stephen Henson
bb845ee044
Add -engine_impl option to dgst which will use an implementation of
...
an algorithm from the supplied engine instead of just the default one.
2010-03-05 13:28:21 +00:00
Dr. Stephen Henson
b5cfc2f590
option to replace extensions with new ones: mainly for creating cross-certificates
2010-03-03 20:13:30 +00:00
Dr. Stephen Henson
ebaa2cf5b2
PR: 2183
...
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
2010-03-03 19:56:34 +00:00
Dr. Stephen Henson
cca1cd9a34
Submitted by: Tomas Hoger <thoger@redhat.com>
...
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
2010-03-03 15:41:18 +00:00
Dr. Stephen Henson
2c772c8700
don't mix definitions and code
2010-03-03 15:30:42 +00:00
Andy Polyakov
e7f5b1cd42
Initial version of Galois Counter Mode implementation. Interface is still
...
subject to change...
2010-03-02 16:33:25 +00:00
Andy Polyakov
80dfadfdf3
ppccap.c: portability fix.
2010-03-02 16:28:29 +00:00
Andy Polyakov
d8c7bd6e11
Fix s390x-specific HOST_l2c|c2l.
...
Submitted by: Andreas Krebbel
2010-03-02 16:23:40 +00:00
Dr. Stephen Henson
f84c85b0e3
PR: 2178
...
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>
Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.
2010-03-01 23:54:47 +00:00
Dr. Stephen Henson
a05b8d0ede
use supplied ENGINE in genrsa
2010-03-01 14:22:21 +00:00
Dr. Stephen Henson
ff2fdbf2f8
oops, reinstate correct prototype
2010-03-01 03:01:27 +00:00
Dr. Stephen Henson
da3955256d
'typo'
2010-03-01 01:53:34 +00:00
Dr. Stephen Henson
5e28ccb798
make USE_CRYPTODEV_DIGESTS work
2010-03-01 01:19:18 +00:00
Dr. Stephen Henson
a6575572c6
load cryptodev if HAVE_CRYPTODEV is set too
2010-03-01 00:40:10 +00:00
Dr. Stephen Henson
c3951d8973
update cryptodev to match 1.0.0 stable branch version
2010-03-01 00:37:58 +00:00
Ben Laurie
19ec2f4194
Fix warnings (note that gcc 4.2 has a bug that makes one of its
...
warnings hard to fix without major surgery).
2010-02-28 14:22:56 +00:00
Dr. Stephen Henson
2b13f80360
algorithms field has changed in 1.0.0 and later: update
2010-02-28 00:24:04 +00:00
Dr. Stephen Henson
40c5eaeeec
oops, revert verify.c change
2010-02-27 23:03:26 +00:00
Dr. Stephen Henson
c1ca9d3238
Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and
...
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."
2010-02-27 23:02:41 +00:00
Dr. Stephen Henson
48435b2098
include TVS 1.1 version string
2010-02-26 19:38:33 +00:00
Dr. Stephen Henson
37c541faed
Revert CFB block length change. Despite what SP800-38a says the input to
...
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
2010-02-26 14:41:58 +00:00
Dr. Stephen Henson
0f776277bc
oops, use correct date
2010-02-26 12:13:36 +00:00
Dr. Stephen Henson
5814d829e6
update NEWS
2010-02-25 18:20:30 +00:00
Dr. Stephen Henson
f6bb465f87
update FAQ
2010-02-25 18:18:46 +00:00
Dr. Stephen Henson
db28aa86e0
add -trusted_first option and verify flag
2010-02-25 12:21:48 +00:00
Dr. Stephen Henson
2da2ff5065
tidy verify code. xn not used any more and check for self signed more efficiently
2010-02-25 11:18:26 +00:00
Dr. Stephen Henson
fbd2164044
Experimental support for partial chain verification: if an intermediate
...
certificate is explicitly trusted (using -addtrust option to x509 utility
for example) the verification is sucessful even if the chain is not complete.
2010-02-25 00:17:22 +00:00