wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
23801 commits 20 branches 302 tags 153 MiB
Commit graph

548 commits

Author SHA1 Message Date
Rich Salz
86885c2895 Use "==0" instead of "!strcmp" etc 
For the various string-compare routines (strcmp, strcasecmp, str.*cmp)
use "strcmp()==0" instead of "!strcmp()"

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-05-06 22:37:53 -04:00
Rich Salz
16f8d4ebf0 memset, memcpy, sizeof consistency fixes 
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr)
for memset and memcpy.  Remove needless casts for those functions.
For memset, replace alternative forms of zero with 0.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-05-05 22:18:59 -04:00
Rich Salz
b4faea50c3 Use safer sizeof variant in malloc 
For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-05-04 15:00:13 -04:00
Richard Levitte
31ff45aa97 Remove obsolete make variables 
ONEDIRS, EDIRS and WDIRS aren't used anywhere.  Most probably remains
from a build system of the past, it's time they get put to rest.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-05-02 21:51:45 +02:00
Rich Salz
25aaa98aa2 free NULL cleanup -- coda 
After the finale, the "real" final part. :)  Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" check that can be removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-05-01 14:37:16 -04:00
Rich Salz
efa7dd6444 free NULL cleanup 11 
Don't check for NULL before calling free functions. This gets:
        ERR_STATE_free
        ENGINE_free
        DSO_free
        CMAC_CTX_free
        COMP_CTX_free
        CONF_free
        NCONF_free NCONF_free_data _CONF_free_data
        A sk_free use within OBJ_sigid_free
        TS_TST_INFO_free (rest of TS_ API was okay)
        Doc update for UI_free (all uses were fine)
        X509V3_conf_free
        X509V3_section_free
        X509V3_string_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-05-01 10:15:18 -04:00
Rich Salz
b548a1f11c free null cleanup finale 
Don't check for NULL before calling OPENSSL_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-05-01 10:02:07 -04:00
Rich Salz
23a1d5e97c free NULL cleanup 7 
This gets BN_.*free:
    BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free
    BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free

Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd
dead code in engines/e_ubsec.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-04-30 21:37:06 -04:00
Rich Salz
4b45c6e52b free cleanup almost the finale 
Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
        CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-04-30 17:57:32 -04:00
Rich Salz
b196e7d936 remove malloc casts 
Following ANSI C rules, remove the casts from calls to
OPENSSL_malloc and OPENSSL_realloc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-04-28 15:28:14 -04:00
Viktor Dukhovni
61986d32f3 Code style: space after 'if' 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-04-16 13:44:59 -04:00
Emilia Kasper
6824941440 Initialize variable 
newsig may be used (freed) uninitialized on a malloc error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-04-15 14:19:12 +02:00
Richard Levitte
a80e33b991 Remove EXHEADER, TEST, APPS, links:, install: and uninstall: where relevant 
With no more symlinks, there's no need for those variables, or the links
target.  This also goes for all install: and uninstall: targets that do
nothing but copy $(EXHEADER) files, since that's now taken care of by the
top Makefile.

Also, removed METHTEST from test/Makefile.  It looks like an old test that's
forgotten...

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-03-31 20:16:01 +02:00
Richard Levitte
dee502be89 Stop symlinking, move files to intended directory 
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.

Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.

Originally-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-03-31 20:16:01 +02:00
Richard Levitte
06affe3dac Initialised 'ok' and redo the logic. 
The logic with how 'ok' was calculated didn't quite convey what's "ok",
so the logic is slightly redone to make it less confusing.

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2015-03-30 05:31:58 +02:00
Rich Salz
c5ba2d9904 free NULL cleanup 
EVP_.*free; this gets:
        EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free
        EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it
        EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-03-28 10:54:15 -04:00
Rich Salz
8fdc3734c0 free NULL cleanup. 
This gets EC_GROUP_clear_free EC_GROUP_free, EC_KEY_free,
EC_POINT_clear_free, EC_POINT_free

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-03-25 18:35:24 -04:00
Rich Salz
ca3a82c3b3 free NULL cleanup 
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-03-25 11:31:18 -04:00
Matt Caswell
8817e2e0c9 Fix return checks in GOST engine 
Filled in lots of return value checks that were missing the GOST engine, and
added appropriate error handling.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-03-25 12:33:37 +00:00
Matt Caswell
7b611e5fe8 Fix misc NULL derefs in sureware engine 
Fix miscellaneous NULL pointer derefs in the sureware engine.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-03-25 12:33:31 +00:00
Rich Salz
d64070838e free NULL cleanup 
Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets DH_free, DSA_free, RSA_free

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-03-24 23:17:16 -04:00
Dr. Stephen Henson
2e43027757 make ASN1_OBJECT opaque 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-03-24 17:35:58 +00:00
Edgar Pek
bcfa19a8d1 Fix null-pointer dereference 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-02-22 13:20:10 +01:00
Richard Levitte
774ccae63c Transfer a fix from 1.0.1 
manually picked from e7b85bc402
Reviewed-by: Stephen Henson <steve@openssl.org>
 2015-02-13 13:39:05 +01:00
Rich Salz
fbf08b79ff Remove X509_PAIR 
Unused type; a pair X509 certificates. Intended for LDAP support.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-02-06 10:55:31 -05:00
Rich Salz
6f91b017bb Live code cleanup: remove #if 1 stuff 
For code bracketed by "#if 1" then remove the alternate
"#else .. #endif" lines.

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2015-02-06 10:54:20 -05:00
Ben Laurie
4de8385796 Build correctly for me on FreeBSD 10. 
Reviewed-by: Rich Salz

Don't debug.
 2015-01-30 22:23:17 +00:00
Rich Salz
d6fbb19409 Dead code removal #if 0 engines 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-01-30 13:24:35 -05:00
Richard Levitte
132536f96e VMS adjustments: 
catch up with the Unix build.
A number of new tests, among others test/tocsp.com
Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"'

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2015-01-30 14:43:57 +01:00
Rich Salz
33fc38ff8e Make output consistency: remove blank line 
When you use "-s" in the make flag, you see that engines outputs
a blank line because EDIRS isn't set.  This is a debug echo that
isn't needed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-01-29 12:09:14 -05:00
Richard Levitte
c6ef15c494 clang on Linux x86_64 complains about unreachable code. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-01-29 01:54:09 +01:00
Rich Salz
474e469bbd OPENSSL_NO_xxx cleanup: SHA 
Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
	GENUINE_DSA         OPENSSL_NO_SHA0
	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-01-27 12:34:45 -05:00
Matt Caswell
35a1cc90bc More comment realignment 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:10 +00:00
Matt Caswell
50e735f9e5 Re-align some comments after running the reformat script. 
This should be a one off operation (subsequent invokation of the
script should not move them)

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:10 +00:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:09 +00:00
Matt Caswell
68d39f3ce6 Move more comments that confuse indent 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:09 +00:00
Matt Caswell
b853717fc4 Fix strange formatting by indent 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:08 +00:00
Andy Polyakov
aec4b334f0 engines/e_ubsec.c: make it indent-friendly. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:07 +00:00
Matt Caswell
23a22b4cf7 More comments 
Conflicts:
	crypto/dsa/dsa_vrf.c
	crypto/ec/ec2_smpl.c
	crypto/ec/ecp_smpl.c

Conflicts:
	demos/bio/saccept.c
	ssl/d1_clnt.c

Conflicts:
	bugs/dggccbug.c
	demos/tunala/cb.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:20:06 +00:00
Rich Salz
4b618848f9 Cleanup OPENSSL_NO_xxx, part 1 
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
	OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
	OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-01-14 15:57:28 -05:00
Dr. Stephen Henson
98b3b116ab For master windows build dsa.h is now needed. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-01-13 15:39:37 +00:00
Rich Salz
fcf64ba0ac RT3548: Remove some unsupported platforms. 
This commit removes NCR, Tandem, Cray.
Regenerates TABLE.
Removes another missing BEOS fluff.
The last platform remaining on this ticket is WIN16.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-01-12 10:40:00 -05:00
Matt Caswell
3a83462dfe Further comment amendments to preserve formatting prior to source reformat 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-06 15:45:25 +00:00
Tim Hudson
1d97c84351 mark all block comments that need format preserving so that 
indent will not alter them when reformatting comments

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-30 22:10:26 +00:00
Matt Caswell
ad500fdc49 Rename gost2814789t.c to gost2814789test.c. The old name caused problems 
for dummytest if gost is compiled out, since the name of the test is not
standard (dummytest segfaults). Also the old name caused problems for git
because the executable was not in the .gitignore file

Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2014-12-16 14:14:03 +00:00
Matt Caswell
fd0ba77717 make update 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-11 23:52:47 +00:00
Kurt Roeckx
5b17b79a89 capi_ctrl, capi_vtrace: check for NULL after allocating and free it 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-10 18:35:18 +01:00
Matt Caswell
29e7a56d54 Disable engines that will fail to build when bn is made opaque 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 21:41:12 +00:00
Emilia Kasper
f50ffd10fa Fix broken build 
Add includes missing from commit 33eab3f6af

Reviewed-by: Geoff Thorpe <geoff@openssl.org>
 2014-12-05 16:18:20 +01:00
Kurt Roeckx
33eab3f6af Replace GOST_R_MALLOC_FAILURE and GOST_R_NO_MEMORY with ERR_R_MALLOC_FAILURE 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Kurt Roeckx
f6fa7c5347 capi_get_provname: Check return values 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
b1a08ac71f capi_get_key: check for NULL after allocating key 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
8607322765 capi_cert_get_fname: check for NULL after allocating wfname 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
e2140501fd capi_get_provname: free name on error if it was malloc'ed 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
0716f9e405 pkey_gost_mac_keygen: check for NULL after allocating keydata 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
787e992965 pkey_gost_ctrl: check for NULL after allocating pctx->shared_ukm 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:43 +01:00
Rich Salz
8cfe08b4ec Remove all .cvsignore files 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-11-28 18:32:43 -05:00
Rich Salz
92c7846372 RT3544: Remove MWERKS support 
The following #ifdef tests were all removed:
	__MWERKS__
	MAC_OS_pre_X
	MAC_OS_GUSI_SOURCE
	MAC_OS_pre_X
	OPENSSL_SYS_MACINTOSH_CLASSIC
	OPENSSL_SYS_MACOSX_RHAPSODY

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2014-09-24 18:07:29 -04:00
Rich Salz
cb4bb56bae RT3271 update; extra; semi-colon; confuses; some; 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2014-09-10 15:08:40 -04:00
Rich Salz
843921f298 RT3271: Don't use "if !" in shell lines 
For portability don't use "if ! expr"

Reviewed-by: Geoff Thorpe <geoff@openssl.org>
 2014-09-09 17:06:14 -04:00
Martin Olsson
1afd7fa97c RT2513: Fix typo's paramter-->parameter 
I also found a couple of others (padlock and signinit)
and fixed them.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
 2014-08-19 11:09:33 -04:00
Justin Blanchard
f756fb430e RT1815: More const'ness improvements 
Add a dozen more const declarations where appropriate.
These are from Justin; while adding his patch, I noticed
ASN1_BIT_STRING_check could be fixed, too.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2014-08-18 11:49:16 -04:00
Jonas Maebe
defe438d47 pub_decode_gost94, pub_decode_gost01: check for NULL after allocating databuf pub_encode_gost94, pub_encode_gost01: check for NULL after allocating databuf and octet 
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-08-17 18:56:52 +02:00
Rich Salz
f642ebc1e2 Undo a90081576c 
Undo unapproved commit that removed DJGPP and WATT32
 2014-08-09 08:02:20 -04:00
Rich Salz
a90081576c Remove DJGPP (and therefore WATT32) #ifdef's. 
DJGPP is no longer a supported platform.  Remove all #ifdef, etc.,
cases that refer to it.  DJGPP also #define'd WATT32, so that
is now removed as well.
 2014-08-08 16:54:14 -04:00
Dr. Stephen Henson
8e55e6de45 Don't call setenv in gost2814789t.c 
The call to setenv in gost2814789t.c is not portable and may
not reflect the location of the GOST ENGINE on all platforms anyway.
Instead set OPENSSL_ENGINES in test/Makefile
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
 2014-07-24 18:18:54 +01:00
Andy Polyakov
021e5043e5 Please Clang's sanitizer. 
PR: #3424,#3423,#3422
 2014-07-08 22:24:44 +02:00
Libor Krystek
a5ff18bf90 Add support for SHA2 in CAPI ENGINE. 
PR#2706 though patch is from PR#3366.
 2014-07-02 00:33:10 +01:00
David Ramos
7e2c6f7eb0 Initialise alg. 
PR#3313
 2014-06-01 13:04:10 +01:00
Andy Polyakov
ea38f02049 engines/ccgost/gosthash.c: simplify and avoid SEGV. 
PR: 3275
 2014-03-07 11:02:25 +01:00
Andy Polyakov
96180cac04 engines/ccgost/gost89.h: make word32 defintion unconditional. 
Original definition depended on __LONG_MAX__ that is not guaranteed to
be present. As we don't support platforms with int narrower that 32 bits
it's appropriate to make defition inconditional.

PR: 3165
 2013-11-08 23:00:35 +01:00
Dr. Stephen Henson
3f9b187bae Fix warning. 2013-11-01 21:41:52 +00:00
Andy Polyakov
e6e29bc4c9 engines/e_aep.c: make it BN_ULONG-size and endian "neutral". 2013-10-28 22:18:48 +01:00
Andy Polyakov
b3ef742cbb Add support for Cygwin-x86_64. 
PR: 3110
Submitted by Corinna Vinschen.
 2013-09-15 22:01:23 +02:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
810639536c Add control to retrieve signature MD. 2013-06-21 21:33:00 +01:00
Andy Polyakov
db05b447a5 Fix Windows linking error in GOST test case. 2013-04-13 23:03:31 +02:00
Ben Laurie
95dd301861 Missing MINFO generation. 2013-03-04 14:31:18 +00:00
Ben Laurie
0850f11855 Fix ignored return value warnings. 
Not sure why I am getting these now and not before.
 2013-02-21 18:30:04 +00:00
Dr. Stephen Henson
e511c64a24 Don't use C++ style comments. 2013-01-24 23:22:33 +00:00
Andy Polyakov
46bf83f07a x86_64 assembly pack: make Windows build more robust. 
PR: 2963 and a number of others
 2013-01-22 22:27:28 +01:00
Andy Polyakov
06b3b640eb gost2814789t.c: portability fixes. 2013-01-22 14:37:03 +01:00
Ben Laurie
5bdf1f1a89 Fix warnings. 2013-01-21 23:02:17 +00:00
Andy Polyakov
a0dcb8d821 gost_crypt.c: add assertions. 
Submitted by: Seguei Leontiev
PR: 2821
 2013-01-19 18:10:05 +01:00
Andy Polyakov
26906f2d93 engines/ccgost: add test case. 
Submitted by: Serguei Leontiev
PR: 2821
 2013-01-19 17:56:56 +01:00
Andy Polyakov
3a3f964eda gost_crypt.c: more intuitive ceiling. 2012-12-19 17:24:46 +00:00
Andy Polyakov
8cfb6411ff engines/cchost/gost_crypt.c: fix typo. 2012-12-19 11:06:00 +00:00
Andy Polyakov
2c0093d294 engines/e_capi.c: fix typo. 
Submitted by: Pierre Delaage
 2012-12-19 10:54:47 +00:00
Andy Polyakov
947e129219 engine/cchost: fix bugs. 
PR: 2821
Submitted by: Dmitry Belyavsky, Serguei Leontiev
 2012-12-19 10:45:13 +00:00
Dr. Stephen Henson
c4fc172240 PR: 2880 
Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de>

Correctly handle local machine keys in the capi ENGINE.
 2012-11-18 15:24:37 +00:00
Dr. Stephen Henson
d21bf10dea Don't load GOST ENGINE if it is already loaded. 
Multiple copies of the ENGINE will cause problems when it is cleaned up as
the methods are stored in static structures which will be overwritten and
freed up more than once.

Set static methods to NULL when the ENGINE is freed so it can be reloaded.
 2012-09-01 11:30:53 +00:00
Andy Polyakov
99e59d634a gosthash.c: use memmove in circle_xor8, as input pointers can be equal. 
PR: 2858
 2012-08-13 16:36:51 +00:00
Andy Polyakov
6251989eb6 x86_64 assembly pack: make it possible to compile with Perl located on 
path with spaces.

PR: 2835
 2012-06-27 10:08:23 +00:00
Ben Laurie
71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Andy Polyakov
ed998634cd e_padlock-x86[_64].pl: better understanding of prefetch errata and proper 
workaround.
 2012-03-19 20:23:32 +00:00
Andy Polyakov
884c580e05 eng_all.c: revert previous "disable Padlock" commit, which was unjustified. 2012-03-19 20:20:41 +00:00
Dr. Stephen Henson
174b07be93 PR: 2744 
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

CMS support for ccgost engine
 2012-03-11 13:40:17 +00:00
Dr. Stephen Henson
797a2a102d PR: 2743 
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

Fix memory leak if invalid GOST MAC key given.
 2012-02-29 14:13:00 +00:00
Dr. Stephen Henson
e626c77808 PR: 2703 
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Fix some memory and resource leaks in CAPI ENGINE.
 2012-02-11 23:13:10 +00:00
Dr. Stephen Henson
da2a5a79ef PR: 2705 
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Only create ex_data indices once for CAPI engine.
 2012-02-11 23:08:08 +00:00
Andy Polyakov
a50bce82ec Sanitize usage of <ctype.h> functions. It's important that characters 
are passed zero-extended, not sign-extended.
PR: 2682
 2012-01-12 16:21:35 +00:00
Dr. Stephen Henson
6bf896d9b1 Check GOST parameters are not NULL (CVE-2012-0027) 2012-01-04 23:03:40 +00:00
Ben Laurie
b9ef708e40 Padlock engine doesn't build (the asm parts are not built for some reason), 
so remove for now.
 2011-12-13 15:56:40 +00:00
Andy Polyakov
dce7f142a6 Configure: reimplement commit#21695. 2011-11-15 12:32:18 +00:00
Ben Laurie
ae55176091 Fix some warnings caused by __owur. Temporarily (I hope) remove the more 
aspirational __owur annotations.
 2011-11-14 00:36:10 +00:00
Andy Polyakov
f9542a4231 engines/: get rid of cvs warnings on MacOS X, proper clean in ccgost. 2011-11-12 12:13:13 +00:00
Bodo Möller
f391750205 "make update" (partial) 2011-10-19 15:29:14 +00:00
Andy Polyakov
5d77cdc591 engines/.cvsignore: stop whining about e_padlock-*.s. 2011-10-18 13:39:47 +00:00
Andy Polyakov
6c8ce3c2ff e_padlock-x86[_64].pl: protection against prefetch errata. 2011-10-11 21:07:53 +00:00
Andy Polyakov
b1d3e9de63 e_padlock-x86_64.pl: brown-bag bug in stack pointer handling. 2011-10-09 21:53:53 +00:00
Andy Polyakov
08d62e9f1a e_padlock-x86[_64].pl: SHA fixes, comply with specification and fix bug. 2011-10-08 21:37:44 +00:00
Andy Polyakov
50452b2e60 e_padlock: add CTR mode. 2011-10-05 17:03:44 +00:00
Andy Polyakov
d18762f7c9 e_padlock-x86_64.pl: fix typo. 2011-10-04 11:21:33 +00:00
Andy Polyakov
149ca7128c e_padlock-x86*.pl: Nano-related update. 2011-10-04 11:05:16 +00:00
Andy Polyakov
04c3aa5c1a e_padlock-x86.pl: previous C3-specific fix was incomplete. 2011-10-01 10:44:51 +00:00
Andy Polyakov
3edc26a256 e_padlock-x86.pl: make it work on VIA C3 (which doesn't support SSE2). 2011-10-01 10:16:13 +00:00
Andy Polyakov
2b1f17f83f Make latest assembler additions (vpaes and e_padlock) work in Windows build. 2011-09-18 15:40:11 +00:00
Andy Polyakov
33987f2f45 engines/asm/e_padlock-x86_64.pl: name it right and fix small bug. 2011-09-06 22:53:34 +00:00
Andy Polyakov
ed28aef8b4 Padlock engine: make it independent of inline assembler. 2011-09-06 20:45:36 +00:00
Dr. Stephen Henson
f7924634d4 PR: 2586 
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Zero structure fields properly.
 2011-09-01 13:45:46 +00:00
Dr. Stephen Henson
d3f6a5a01d PR: 2586 
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Fix brace mismatch.
 2011-09-01 13:37:37 +00:00
Andy Polyakov
87f6b97e89 e_padlock.c: fix typo. 2011-05-25 10:02:20 +00:00
Andy Polyakov
67d8487bb8 e_padlock.c: last x86_64 commit didn't work with some optimizers. 2011-05-24 17:18:19 +00:00
Andy Polyakov
b50842036f e_padlock.c: make it compile on MacOS X. 2011-05-18 16:21:54 +00:00
Dr. Stephen Henson
b9b0a177f8 new flag to stop ENGINE methods being registered 2011-05-15 15:56:49 +00:00
Dr. Stephen Henson
9609ea869d NULL is a valid cspname 2011-05-15 11:44:14 +00:00
Richard Levitte
3a660e7364 Corrections to the VMS build system. 
Submitted by Steven M. Schweda <sms@antinode.info>
 2011-03-25 16:20:35 +00:00
Richard Levitte
4ec3e8ca51 For VMS, implement the possibility to choose 64-bit pointers with 
different options:
"64"		The build system will choose /POINTER_SIZE=64=ARGV if
		the compiler supports it, otherwise /POINTER_SIZE=64.
"64="		The build system will force /POINTER_SIZE=64.
"64=ARGV"	The build system will force /POINTER_SIZE=64=ARGV.
 2011-03-25 09:40:48 +00:00
Richard Levitte
537c982306 After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS 
submitted by Steven M. Schweda <sms@antinode.info>
 2011-03-19 10:58:14 +00:00
Dr. Stephen Henson
a3654f0586 Include openssl/crypto.h first in several other files so FIPS renaming 
is picked up.
 2011-02-16 17:25:01 +00:00
Bodo Möller
9d0397e977 make update 2011-02-03 10:17:53 +00:00
Dr. Stephen Henson
eb164d0b12 stop warnings about no previous prototype when compiling shared engines 2011-01-30 01:30:48 +00:00
Richard Levitte
5b301b2fe3 PR: 2407 
Fix fault include.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
 2011-01-06 20:56:02 +00:00
Andy Polyakov
c329c6bac7 e_capi.c: rearrange #include-s to improve portability. 
PR: 2394
 2010-12-14 20:39:17 +00:00
Richard Levitte
b7ef916c38 First attempt at adding the possibility to set the pointer size for the builds on VMS. 
PR: 2393
 2010-12-14 19:19:04 +00:00
Andy Polyakov
cc4c230653 e_capi.c: change from ANSI to TCHAR domain. This makes it compilable on 
Windows CE/Mobile, yet keeps it normal Windows loop.
PR: 2350
 2010-12-12 20:26:09 +00:00
Richard Levitte
c8f0610d99 Synchronise with Unix and do all other needed modifications to have it 
build on VMS again.
 2010-11-22 22:04:41 +00:00
Dr. Stephen Henson
9ac0708f37 PR: 2375 
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve

cleanup/fix e_aep.c for OpenWatcom
 2010-11-18 23:00:02 +00:00
Dr. Stephen Henson
6b02f9fafb PR: 2374 
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve

Don't compile capi ENGINE on mingw32
 2010-11-18 22:57:02 +00:00
Andy Polyakov
f2c88f5282 engine/Makefile: harmonize engine install rule for .dylib extension on MacOS X. 
PR: 2319
 2010-08-24 21:45:41 +00:00
Ben Laurie
c8bbd98a2b Fix warnings. 2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
19a45b8d47 Avoid use of ex_data free function in Chil ENGINE so it can be safely 
reloaded.
 2010-05-26 16:17:16 +00:00
Dr. Stephen Henson
ae7c67cace PR: 2254 
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Check for <= 0 i2d return value.
 2010-05-22 00:40:38 +00:00
Dr. Stephen Henson
e855d538de PR: 2255 
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Place RSA dependent variable under #ifndef OPENSSL_NO_RSA
 2010-05-15 00:19:44 +00:00
Dr. Stephen Henson
5d1a50ac2a fix bug in ccgost CFB mode code 2010-04-14 00:33:06 +00:00
Dr. Stephen Henson
af73b08ac0 check ASN1 type before using it 2010-04-14 00:30:32 +00:00
Dr. Stephen Henson
172f6b2d62 make GOST MAC work again 2010-04-08 10:55:04 +00:00
Dr. Stephen Henson
f2e8488b85 initialise buf if wrong_info not used 2010-03-24 23:42:05 +00:00
Andy Polyakov
82f385d71d e_capi.c: fix typo. 2010-03-15 22:28:48 +00:00
Dr. Stephen Henson
6c6bdd543d workaround for missing definition in some headers 2010-03-15 13:10:08 +00:00
Dr. Stephen Henson
00947cea0c PR: 2192 
Submitted By: Jaroslav Imrich <jaroslav.imrich@disig.sk>

The prompt_info and wrong_info parameters can be empty strings which
can produce confusing prompts. Treat empty string same as NULL.
 2010-03-12 12:48:32 +00:00
Bodo Möller
2d9dcd4ff0 Always check bn_wexpend() return values for failure (CVE-2009-3245). 
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
 2010-02-23 10:36:35 +00:00
Dr. Stephen Henson
439aab3afc Submitted by: Dmitry Ivanov <vonami@gmail.com> 
Don't leave dangling pointers in GOST engine if calls fail.
 2010-02-16 14:30:29 +00:00
Richard Levitte
407a410136 Have the VMS build system catch up with the 1.0.0-stable branch. 2010-01-27 09:18:42 +00:00
Richard Levitte
c8c07be883 size_t doesn't compare less than zero... 2010-01-27 01:18:21 +00:00
Dr. Stephen Henson
d5e8d8b547 PR: 2141 
Submitted by: "NARUSE, Yui" <naruse@airemix.jp>

Remove non-ASCII comment which causes compilation errors on some versions
of VC++.
 2010-01-19 19:28:18 +00:00
Dr. Stephen Henson
72a9776abc PR: 2135 
Submitted by: Mike Frysinger <vapier@gentoo.org>

Change missed references to lib to $(LIBDIR)
 2010-01-16 20:05:59 +00:00
Andy Polyakov
f87e307875 Adapt mingw config for newer mingw environment. Note modified conditional 
compilation in e_capi.c.
PR: 2113
 2009-12-30 11:46:54 +00:00
Bodo Möller
8580f8015f Use properly local variables for thread-safety. 
Submitted by: Martin Rex
 2009-12-22 11:52:17 +00:00
Dr. Stephen Henson
0f6e21385e PR: 1686 
Submitted by: Hanno Böck <hanno@hboeck.de>
Approved by: steve@openssl.org

Create engines dir if it doesn't already exist.
 2009-11-10 01:52:41 +00:00
Dr. Stephen Henson
4a1b71fb0c PR: 2070 
Submitted by: Alexander Nikitovskiy <Nikitovski@ya.ru>
Approved by: steve@openssl.org

Fix wrong cast.
 2009-10-19 13:16:01 +00:00
Dr. Stephen Henson
a0b3e0de6c Fixup sureware ENGINE to handle new RAND_METHOD 2009-09-23 23:49:04 +00:00
Dr. Stephen Henson
6727565a84 PR: 2003 
Make it possible to install OpenSSL in directories with name other
than "lib" for example "lib64". Based on patch from Jeremy Utley.
 2009-08-10 14:48:40 +00:00
Dr. Stephen Henson
c55d27ac33 Make update. 2009-07-08 09:19:53 +00:00
Dr. Stephen Henson
9458530d45 Update from 1.0.0-stable 2009-07-01 11:29:25 +00:00
Dr. Stephen Henson
f0288f05b9 Submitted by: Artem Chuprina <ran@cryptocom.ru> 
Reviewed by: steve@openssl.org

Various GOST ciphersuite and ENGINE fixes. Including...

Allow EVP_PKEY_set_derive_peerkey() in encryption operations.

New flag when certificate verify should be omitted in client key exchange.
 2009-06-16 16:38:47 +00:00
Dr. Stephen Henson
512cab0128 Fix error codes. 2009-06-15 11:18:31 +00:00
Dr. Stephen Henson
0b36857866 Update from 0.9.8-stable. 2009-05-29 14:02:57 +00:00
Richard Levitte
cc8cc9a3a1 Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda). 
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
 2009-05-15 16:36:56 +00:00
Andy Polyakov
3dccfc1e68 e_padlock.c: fix typo (missing #endif) and switch to __builtin_alloca 
(with introduction of 64-bit support alloca must be  declared and there
is no standard way of doing that, switching to __bultin_alloca is
considered appropriate because code explicitly targets gcc anyway).
 2009-05-12 20:19:09 +00:00
Dr. Stephen Henson
8002e3073b Typo. 2009-05-07 16:40:52 +00:00
Richard Levitte
7da74281d2 Do not try to link the support file(s), as they aren't a complete 
engine ;-)
 2009-05-06 13:56:50 +00:00
Richard Levitte
e6b0c0007f Make sure the padlock code compiles correctly even on hardware that 
doesn't have padlocks.
 2009-05-06 13:55:40 +00:00
Andy Polyakov
01483c269e Make CAPI engine UNICODE aware (it didn't work on Win64). 2009-05-03 13:52:01 +00:00
Richard Levitte
f8a2233457 Stupid typo 2009-04-28 12:48:02 +00:00
Richard Levitte
876708c67d Add padlock data 
Redo the loop so it really compiles all objects for one engine, then
links the engine (until now, it still thought every file was an engine
of its own...).
 2009-04-27 00:04:33 +00:00
Dr. Stephen Henson
d4f0339c66 Update from 1.0.0-stable. 2009-04-26 22:18:22 +00:00
Andy Polyakov
127186bf57 e_padlock: add support for x86_64 gcc. 2009-04-26 18:14:58 +00:00
Richard Levitte
d2617165ad Add local symbol hacks for OpenVMS 2009-04-26 12:26:00 +00:00
Dr. Stephen Henson
ef236ec3b2 Merge from 1.0.0-stable branch. 2009-04-23 16:32:42 +00:00
Dr. Stephen Henson
8711efb498 Updates from 1.0.0-stable branch. 2009-04-20 11:33:12 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
14023fe352 Merge from 1.0.0-stable branch. 2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
70b2186e24 Stop warnings. 2009-03-31 19:54:51 +00:00
Dr. Stephen Henson
b6af2c7e3e Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru> 
Reviewed by: steve@openssl.org

Update ccgost engine to support parameter files.
 2009-03-17 15:38:34 +00:00
Dr. Stephen Henson
2c618ab993 Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru> 
Reviewed by: steve@openssl.org

Change default Gost parameter set to id_Gost28147_89_CryptoPro_A_ParamSet
 2009-02-16 21:52:01 +00:00
Andy Polyakov
e527201f6b This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another 
.DLL, in particular static build. The issue has been discussed in RT#1230
and later on openssl-dev, and mutually exclusive approaches were suggested.
This completes compromise solution suggested in RT#1230.
PR: 1230
 2008-12-22 13:54:12 +00:00
Richard Levitte
26397d2e8c Synchronise VMS build system with the Unixly one 2008-12-16 10:54:28 +00:00
Ben Laurie
19d300d07c Return error if DH_new() fails (Coverity ID 150). 2008-12-13 17:39:53 +00:00
Ben Laurie
071920d9f6 Check for NULL before use (Coverity ID 203). 2008-12-13 17:28:25 +00:00
Geoff Thorpe
71702f7ed0 Clarify a 'chil' engine param that is a little unintuitive. 
Submitted by: Sander Temme <sander@temme.net>
 2008-11-28 22:04:49 +00:00
Geoff Thorpe
31636a3ed1 Allow the CHIL engine to load even if dynamic locks aren't registered. 
Submitted by: Sander Temme
 2008-11-19 14:21:27 +00:00
Ben Laurie
774b2fe700 Aftermath of a clashing size_t fix (now only format changes). 2008-11-13 09:48:47 +00:00
Dr. Stephen Henson
dd9557a8ba Revert another size_t change. 2008-11-12 18:47:24 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more 
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
 2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Andy Polyakov
9be5481297 Add initial support for mingw64. 
PR: 1693
Submitted by: Alon Bar-Lev
 2008-11-03 21:15:07 +00:00
Dr. Stephen Henson
70d71f6185 Fix warnings: printf format mismatches on 64 bit platforms. 
Change assert to OPENSSL_assert().
Fix e_padlock prototype.
 2008-11-02 15:41:30 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Andy Polyakov
09a60c9833 Fix warnings after commit#17578. 2008-10-31 20:20:54 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Andy Polyakov
492279f6f3 AIX build updates. 2008-09-12 14:45:54 +00:00
Bodo Möller
9be8035b11 fix error function codes 2008-08-13 19:44:15 +00:00
Dr. Stephen Henson
a0f3679b52 Update from stable branch. 2008-06-25 10:43:07 +00:00
Dr. Stephen Henson
2836cb3816 Update from stable branch. 2008-06-18 15:08:41 +00:00
Dr. Stephen Henson
46d4782888 Update from stable branch. 2008-06-18 12:06:10 +00:00
Dr. Stephen Henson
1cd504e7be Don't change _WIN32_WINNT and detect GetConsoleWindow() and 
CryptUIDlgSelectCertificateFromStore() at runtime. Add callback function
for selection mechanism.
 2008-06-05 23:19:56 +00:00
Dr. Stephen Henson
11f3cee93b Update from stable branch. 2008-06-05 17:04:16 +00:00
Dr. Stephen Henson
ffc2b3e927 Update from stable branch. 2008-06-05 11:45:25 +00:00
Dr. Stephen Henson
e1451bb51d Update from stable branch. 2008-06-04 23:03:28 +00:00
Dr. Stephen Henson
1381bf90f4 Use an appropriate Window for selection dialog. 2008-06-04 16:45:05 +00:00
Dr. Stephen Henson
e0f7b87227 Add support for Windoes dialog box based certificate selection. 2008-06-04 16:10:09 +00:00
Dr. Stephen Henson
b814c01a76 Tidy up and add comments to selection code. 2008-06-04 12:03:57 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Dr. Stephen Henson
37cf49a3df Avoid name clash. 2008-06-04 10:57:38 +00:00
Ben Laurie
f79262e94b Only include windows headers when under windows. 2008-06-04 05:21:13 +00:00
Dr. Stephen Henson
7d537d4fc7 Add initial support for multiple SSL client certifcate selection in 
CryptoAPI ENGINE.
 2008-06-03 23:54:31 +00:00
Dr. Stephen Henson
ca89fc1fb4 Match empty CA list to anything for ssl client auth in CryptoAPI engine. 2008-06-03 11:37:52 +00:00
Dr. Stephen Henson
b3c8dd4eab Add preliminary SSL client auth callback to CryptoAPI ENGINE. 2008-06-03 10:27:39 +00:00
Dr. Stephen Henson
eac442ddd3 Windows batch file to rebuild error codes for CryptoAPI ENGINE. 2008-06-02 23:10:34 +00:00
Dr. Stephen Henson
2aa2a5775f Fix indentation. 2008-06-02 14:29:32 +00:00
Dr. Stephen Henson
953174f46e Free old store name (if any). 2008-06-01 23:45:11 +00:00
Dr. Stephen Henson
c621c7e432 Add ctrl for alternative certificate store names. 2008-06-01 23:42:49 +00:00
Dr. Stephen Henson
2bbe8f9129 Use keyspec for DSA too. 2008-06-01 23:28:17 +00:00
Dr. Stephen Henson
4be0a5d429 Get and note keyspec when signing. 2008-06-01 23:24:53 +00:00
Dr. Stephen Henson
408f906592 Add CryptoAPI error file too. 2008-05-31 22:50:00 +00:00
Dr. Stephen Henson
7a18ecb2df Add CryptoAPI ENGINE from stable branch. 2008-05-31 22:49:32 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Geoff Thorpe
5ee6f96cea Paul Sheer optimised the OpenSSL to/from libGMP conversions for the case 
where they both use the same limb size. I've tweaked his patch slightly, so
blame me if it breaks.

Submitted by: Paul Sheer
Reviewed by: Geoff Thorpe
 2008-04-27 18:41:23 +00:00
Lutz Jänicke
0f401ff08b Add missing 'extern "C" {' to some _err.h files in crypto/engines/ 
PR: 1609
 2008-04-18 07:43:26 +00:00
Lutz Jänicke
5558128541 Another minor update from the mingw development 
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>
 2008-04-18 06:35:55 +00:00
Lutz Jänicke
4c1a6e004a Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev 
PR: 1552
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>, "Alon Bar-Lev" <alon.barlev@gmail.com>
 2008-04-17 10:19:16 +00:00
Dr. Stephen Henson
fe591284be Update dependencies. 2008-03-22 18:52:03 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism, 
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
 2008-03-16 21:05:46 +00:00
Dr. Stephen Henson
92e2c81aff Fix error code function name mismatches in GOST engine, rebuild errors. 2008-02-28 13:45:06 +00:00
Andy Polyakov
085ea80371 engine/ccgost Win32 portability fixes. 2008-01-05 21:28:53 +00:00
Dr. Stephen Henson
744ecaa5b6 Avoid WIN32 signed/unsigned warnings. 2008-01-04 00:37:23 +00:00
Dr. Stephen Henson
eef0c1f34c Netware support. 
Submitted by: Guenter Knauf <eflash@gmx.net>
 2008-01-03 22:43:04 +00:00
Andy Polyakov
339a1820fd gmp engine was non-operational. 2007-12-04 20:28:52 +00:00
Dr. Stephen Henson
98057eba77 Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru> 
Update gost algorithm print routines.
 2007-11-21 12:39:12 +00:00
Dr. Stephen Henson
097f9d8c52 Avoid warning. 2007-11-20 17:52:02 +00:00
Ben Laurie
10f0c85cfc Fix warnings. 2007-11-16 03:03:01 +00:00
Dr. Stephen Henson
37210fe7e2 GOST ENGINE information. 2007-10-26 23:50:40 +00:00
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case 
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
 2007-10-26 12:06:36 +00:00
Bodo Möller
1b827d7b6f Clean up error codes a bit. 
(engines/ccgost/ remains utter chaos, though; "make errors" is not happy.)
 2007-09-19 00:58:58 +00:00
Dr. Stephen Henson
3c07d3a3d3 Finish gcc 4.2 changes. 2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
0aa08a2e34 Fix for GOST engine on platforms where sizeof(size_t) != sizeof(int). 2007-05-31 12:32:27 +00:00
Dr. Stephen Henson
7b8b797375 Revert broken change to ccgost. 
Initialize context properly for HMAC pkey method.
 2007-05-22 12:58:39 +00:00
Dr. Stephen Henson
9aba74e55a Fix warning and back out bad modification. 2007-05-21 12:16:36 +00:00
Andy Polyakov
61775daf00 Padlock engine fails to compile with -O0 -fPIC. 2007-05-20 07:13:45 +00:00