wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9541 commits 20 branches 302 tags 153 MiB
Commit graph

9541 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
00947cea0c PR: 2192 
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

The prompt_info and wrong_info parameters can be empty strings which
can produce confusing prompts. Treat empty string same as NULL.
 2010-03-12 12:48:32 +00:00
Dr. Stephen Henson
e45c32fabf missing goto meant signature was never printed out 2010-03-12 12:06:48 +00:00
Mark J. Cox
fb75f349b7 This entry was in 0.9.8m changelog but missing from here, since it's 
security relevent we'd better list it.
 2010-03-12 08:36:44 +00:00
Dr. Stephen Henson
a907165250 Submitted by: Martin Kaiser 
Reject PSS signatures with unsupported trailer value.
 2010-03-11 23:11:36 +00:00
Dr. Stephen Henson
e62774c3b9 alg2 can be NULL 2010-03-11 19:27:03 +00:00
Andy Polyakov
f093794e55 Add GHASH x86_64 assembler. 2010-03-11 16:19:46 +00:00
Dr. Stephen Henson
f26cf9957f typo 2010-03-11 14:19:46 +00:00
Dr. Stephen Henson
17c63d1cca RSA PSS ASN1 signing method 2010-03-11 14:06:46 +00:00
Dr. Stephen Henson
877669d69c typo 2010-03-11 14:04:54 +00:00
Dr. Stephen Henson
1c8d92997d ctrl operations to retrieve RSA algorithm settings 2010-03-11 13:55:18 +00:00
Dr. Stephen Henson
bf8883b351 Add support for new PSS functions in RSA EVP_PKEY_METHOD 2010-03-11 13:45:42 +00:00
Dr. Stephen Henson
e8254d406f Extend PSS padding code to support different digests for MGF1 and message. 2010-03-11 13:40:42 +00:00
Dr. Stephen Henson
85522a074c Algorithm specific ASN1 signing functions. 2010-03-11 13:32:38 +00:00
Dr. Stephen Henson
31d66c2a98 update cms code to use X509_ALGOR_set_md instead of internal function 2010-03-11 13:29:39 +00:00
Dr. Stephen Henson
ce25c7207b New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier) 
from a digest algorithm.
 2010-03-11 13:27:05 +00:00
Dr. Stephen Henson
77163b6234 don't leave bogus errors in the queue 2010-03-10 13:48:09 +00:00
Andy Polyakov
e3a510f8a6 Add GHASH x86 assembler. 2010-03-09 23:03:33 +00:00
Dr. Stephen Henson
b17bdc7734 PR: 2188 
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

Add "missing" functions to get and set prompt constructor.
 2010-03-09 17:24:33 +00:00
Dr. Stephen Henson
a0e4a8e10a PR: 2186 
Submitted By: "Joel Rabinovitch" <Joel.Rabinovitch@tecsys.com>

Detect aix64-gcc
 2010-03-09 17:08:48 +00:00
Dr. Stephen Henson
d6eebf6d8a reserve a few more bits for future cipher modes 2010-03-08 23:48:21 +00:00
Andy Polyakov
2262beef2e gcm128.c: add option for streamed GHASH, simple benchmark, minor naming 
change.
 2010-03-08 22:44:37 +00:00
Dr. Stephen Henson
31904ecdf3 RSA PSS verification support including certificates and certificate 
requests. Add new ASN1 signature initialisation function to handle this
case.
 2010-03-08 18:10:35 +00:00
Dr. Stephen Henson
a4d9c12f99 correct error code 2010-03-08 18:07:05 +00:00
Dr. Stephen Henson
809cd0a22d print outermost signature algorithm parameters too 2010-03-07 17:02:47 +00:00
Dr. Stephen Henson
bea29921a8 oops 2010-03-07 16:41:54 +00:00
Dr. Stephen Henson
7ed485bc9f The OID sanity check was incorrect. It should only disallow *leading* 0x80 
values.
 2010-03-07 16:40:05 +00:00
Dr. Stephen Henson
069d4cfea5 although AES is a variable length cipher, AES EVP methods have a fixed key length 2010-03-07 15:54:26 +00:00
Dr. Stephen Henson
49436b59b5 oops, make EVP ctr mode work again 2010-03-07 15:52:41 +00:00
Dr. Stephen Henson
9ef6fe8c2e typo 2010-03-07 15:37:37 +00:00
Dr. Stephen Henson
63b825c9d4 add separate PSS decode function, rename PSS parameters to RSA_PSS_PARAMS 2010-03-07 13:34:51 +00:00
Dr. Stephen Henson
77f4b6ba4f add MGF1 digest ctrl 2010-03-07 13:34:15 +00:00
Dr. Stephen Henson
a5667732b9 update ASN1 sign/verify to use EVP_DigestSign and EVP_DigestVerify 2010-03-07 12:05:45 +00:00
Dr. Stephen Henson
1708456220 don't add digest alias if signature algorithm is undefined 2010-03-06 20:47:30 +00:00
Dr. Stephen Henson
ff04bbe363 Add PSS algorithm printing. This is an initial step towards full PSS support. 
Uses ASN1 module in Martin Kaiser's PSS patch.
 2010-03-06 19:55:25 +00:00
Dr. Stephen Henson
148924c1f4 fix indent, newline 2010-03-06 18:14:13 +00:00
Dr. Stephen Henson
fa1ba589f3 Add algorithm specific signature printing. An individual ASN1 method can 
now print out signatures instead of the standard hex dump.

More complex signatures (e.g. PSS) can print out more meaningful information.

Sample DSA version included that prints out the signature parameters r, s.

[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
 new fields in the middle has no compatibility issues]
 2010-03-06 18:05:05 +00:00
Dr. Stephen Henson
8c4ce7bab2 Fix memory leak: free up ENGINE functional reference if digest is not 
found in an ENGINE.
 2010-03-05 13:33:21 +00:00
Dr. Stephen Henson
bb845ee044 Add -engine_impl option to dgst which will use an implementation of 
an algorithm from the supplied engine instead of just the default one.
 2010-03-05 13:28:21 +00:00
Dr. Stephen Henson
b5cfc2f590 option to replace extensions with new ones: mainly for creating cross-certificates 2010-03-03 20:13:30 +00:00
Dr. Stephen Henson
ebaa2cf5b2 PR: 2183 
PR#1999 broke fork detection by assuming HAVE_FORK was set for all platforms.
Include original HAVE_FORK detection logic while allowing it to be
overridden on specific platforms with -DHAVE_FORK=1 or -DHAVE_FORK=0
 2010-03-03 19:56:34 +00:00
Dr. Stephen Henson
cca1cd9a34 Submitted by: Tomas Hoger <thoger@redhat.com> 
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
 2010-03-03 15:41:18 +00:00
Dr. Stephen Henson
2c772c8700 don't mix definitions and code 2010-03-03 15:30:42 +00:00
Andy Polyakov
e7f5b1cd42 Initial version of Galois Counter Mode implementation. Interface is still 
subject to change...
 2010-03-02 16:33:25 +00:00
Andy Polyakov
80dfadfdf3 ppccap.c: portability fix. 2010-03-02 16:28:29 +00:00
Andy Polyakov
d8c7bd6e11 Fix s390x-specific HOST_l2c|c2l. 
Submitted by: Andreas Krebbel
 2010-03-02 16:23:40 +00:00
Dr. Stephen Henson
f84c85b0e3 PR: 2178 
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>

Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.
 2010-03-01 23:54:47 +00:00
Dr. Stephen Henson
a05b8d0ede use supplied ENGINE in genrsa 2010-03-01 14:22:21 +00:00
Dr. Stephen Henson
ff2fdbf2f8 oops, reinstate correct prototype 2010-03-01 03:01:27 +00:00
Dr. Stephen Henson
da3955256d 'typo' 2010-03-01 01:53:34 +00:00
Dr. Stephen Henson
5e28ccb798 make USE_CRYPTODEV_DIGESTS work 2010-03-01 01:19:18 +00:00