Commit graph

8321 commits

Author SHA1 Message Date
Andy Polyakov
ca64056836 Engage x86 assembler in Mac OS X build. 2007-12-18 17:33:49 +00:00
Andy Polyakov
df77428443 Mac OS X x86 assembler support. 2007-12-18 17:28:22 +00:00
Andy Polyakov
3e583572b3 Disable support for Metrowerks assembler. Assembler itself is broken,
specifically it incorrectly encodes EA offsets between 128 and 255.
2007-12-18 09:32:20 +00:00
Andy Polyakov
43d8f27dca x86 perlasm overhaul. 2007-12-18 09:18:49 +00:00
Dr. Stephen Henson
b045299113 Avoid aliasing warning. 2007-12-16 13:57:44 +00:00
Dr. Stephen Henson
13baedc55b Update ordinals 2007-12-16 13:16:58 +00:00
Dr. Stephen Henson
9400d9ac83 Initialize sigsize. 2007-12-14 16:53:50 +00:00
Dr. Stephen Henson
341e18b497 Handle non-SHA1 digests for certids in OCSP test responder. 2007-12-14 12:43:50 +00:00
Andy Polyakov
339a1820fd gmp engine was non-operational. 2007-12-04 20:28:52 +00:00
Dr. Stephen Henson
cec2538ca9 Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
2007-12-04 12:41:28 +00:00
Richard Levitte
28f7e60d47 Change submitted by Doug Kaufman. He writes:
I just compiled the 9.9-dev version from the 12022007 tarball under
  DJGPP. There were only 2 changes needed, one for b_sock.c, since
  DJGPP with WATT32 doesn't define socklen_t and one for testtsa to
  handle DOS style path separators. I also noted what seems to be a
  typographical error in ts.pod. The test suite passes. The patch is
  attached.

  Since I am in the US, I have sent notifications to the Bureau of
  Industry and Security and to the NSA.
2007-12-03 09:02:29 +00:00
Andy Polyakov
544b82e493 Some assembler are allergic to lea reg,BYTE PTR[...].
Submitted by: Guenter Knauf
2007-12-02 21:32:03 +00:00
Andy Polyakov
8789af8db8 Structure symbol decorations, optimize label handling... 2007-11-24 16:03:57 +00:00
Dr. Stephen Henson
1ad6a1b5e9 Rebuild OID database: duplicates got in there somehow?? 2007-11-23 00:34:00 +00:00
Dr. Stephen Henson
6e150083bb Fix from stable branch. 2007-11-23 00:19:24 +00:00
Dr. Stephen Henson
98d8baabbd Add caRepository OID and sync object NIDs with OpenSSL 0.9.8. 2007-11-23 00:14:59 +00:00
Andy Polyakov
c1d2e00ec5 Synchronize x86nasm.pl with x86unix.pl. 2007-11-22 21:21:35 +00:00
Andy Polyakov
ad8bd4ece8 Combat [bogus] relocations in some assember modules. 2007-11-22 20:51:48 +00:00
Dr. Stephen Henson
2f0550c4c1 Lookup public key ASN1 methods by string by iterating through all
implementations instead of all added ENGINEs to cover case where an
ENGINE is not added.
2007-11-21 17:25:58 +00:00
Dr. Stephen Henson
98057eba77 Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Update gost algorithm print routines.
2007-11-21 12:39:12 +00:00
Dr. Stephen Henson
097f9d8c52 Avoid warning. 2007-11-20 17:52:02 +00:00
Dr. Stephen Henson
60447e59ef Update debug-steve targets. 2007-11-20 17:51:45 +00:00
Dr. Stephen Henson
94e6ae7a69 Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Make {d2i,i2d}_PrivateKey() fall back to PKCS#8 format if no legacy format
supported. Add support in d2i_AutoPrivateKey().
2007-11-20 13:37:51 +00:00
Dr. Stephen Henson
f670738987 Rebuild object cross reference table. 2007-11-20 13:04:45 +00:00
Lutz Jänicke
b6a338cb29 Typos in man pages: dependant->dependent
Submitted by: Tobias Stoeckmann <tobias@bugol.de>
2007-11-19 09:18:03 +00:00
Bodo Möller
4726fcfc25 Should reject signatures that we can't properly verify
and couldn't generate
(as pointed out by Ernst G Giessmann)
2007-11-19 07:25:55 +00:00
Bodo Möller
15bd07e923 fix typos
Submitted by: Ernst G. Giessmann
2007-11-19 07:24:08 +00:00
Ben Laurie
fdf355878c Fix buffer overflow. 2007-11-16 14:41:09 +00:00
Bodo Möller
da989402f2 The hash length check wasn't strict enough,
as pointed out by Ernst G Giessmann
2007-11-16 13:01:14 +00:00
Ben Laurie
10f0c85cfc Fix warnings. 2007-11-16 03:03:01 +00:00
Andy Polyakov
70ba4ee5d5 Commit #16325 fixed one thing but broke DH with certain moduli. 2007-11-03 20:09:04 +00:00
Dr. Stephen Henson
31f528b15d Fix from stable branch. 2007-11-03 13:09:34 +00:00
Lutz Jänicke
86140095b5 Add OIDs by CMP (RFC 4210) and CRMF (RFC 4211)
Submitted by: Martin Peylo <martinmeis@googlemail.com>
2007-11-01 08:24:56 +00:00
Dr. Stephen Henson
8e1d3ba50e Fix duplicate error codes. 2007-10-26 23:54:46 +00:00
Dr. Stephen Henson
37210fe7e2 GOST ENGINE information. 2007-10-26 23:50:40 +00:00
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Lutz Jänicke
11d01d371f Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f 2007-10-19 08:26:03 +00:00
Dr. Stephen Henson
76c3ef7446 Fix from stable branch. 2007-10-18 11:42:47 +00:00
Andy Polyakov
659f7f3168 Don't let DTLS ChangeCipherSpec increment handshake sequence number.
PR: 1587
2007-10-17 21:15:48 +00:00
Dr. Stephen Henson
3d3bf9c730 Don't lookup zero length session ID.
PR: 1591
2007-10-17 17:31:57 +00:00
Dr. Stephen Henson
4017e8706c Fix from stable branch. 2007-10-17 11:49:27 +00:00
Andy Polyakov
3ce54f35b3 Make ssl compile [from 098-stable, bug is masked by default]. 2007-10-14 14:09:13 +00:00
Andy Polyakov
ebc06fba67 Bunch of constifications. 2007-10-13 15:51:32 +00:00
Andy Polyakov
e979c039f9 Fix warnings in d1_both.c [from 0.9.8-stable]. 2007-10-13 11:00:52 +00:00
Andy Polyakov
90acf770b5 DTLS fixes from 0.9.8-stable. 2007-10-13 10:57:02 +00:00
Andy Polyakov
0d89e45690 Synchronize CHANGES between 0.9.8 and HEAD. 2007-10-13 10:55:30 +00:00
Ben Laurie
1948c7e6dd 0.9.8f. 2007-10-12 10:56:10 +00:00
Dr. Stephen Henson
a6db6a0070 Update CHANGES. Keep ordinals consistent. 2007-10-12 00:15:09 +00:00
Ben Laurie
fdb2fe6dc2 New release. 2007-10-11 19:31:29 +00:00
Andy Polyakov
a2115c5d17 Respect cookie length set by app_gen_cookie_cb.
Submitted by: Alex Lam
2007-10-09 19:31:18 +00:00