oweals/openssl.git
12 years agoIndent.
Ben Laurie [Thu, 24 Nov 2011 16:51:15 +0000 (16:51 +0000)]
Indent.

13 years agoupdate ordinals
Dr. Stephen Henson [Tue, 22 Nov 2011 14:45:27 +0000 (14:45 +0000)]
update ordinals

13 years agoadd cryptlib.h to mkdef.pl
Dr. Stephen Henson [Tue, 22 Nov 2011 14:44:42 +0000 (14:44 +0000)]
add cryptlib.h to mkdef.pl

13 years agoWorkaround so "make depend" works for fips builds.
Dr. Stephen Henson [Tue, 22 Nov 2011 12:50:59 +0000 (12:50 +0000)]
Workaround so "make depend" works for fips builds.

13 years agoupdate ordinals
Dr. Stephen Henson [Mon, 21 Nov 2011 22:56:33 +0000 (22:56 +0000)]
update ordinals

13 years agoadd strp.h to mkdef.pl headers
Dr. Stephen Henson [Mon, 21 Nov 2011 22:55:12 +0000 (22:55 +0000)]
add strp.h to mkdef.pl headers

13 years agomove internal functions to ssl_locl.h
Dr. Stephen Henson [Mon, 21 Nov 2011 22:52:01 +0000 (22:52 +0000)]
move internal functions to ssl_locl.h

13 years agorecognise NEXTPROTONEG
Dr. Stephen Henson [Mon, 21 Nov 2011 22:35:35 +0000 (22:35 +0000)]
recognise NEXTPROTONEG

13 years agobcmp doesn't exist on all platforms, replace with memcmp
Dr. Stephen Henson [Mon, 21 Nov 2011 22:29:16 +0000 (22:29 +0000)]
bcmp doesn't exist on all platforms, replace with memcmp

13 years agobsaes-x86_64.pl: fix buffer overrun in tail processing [from HEAD].
Andy Polyakov [Wed, 16 Nov 2011 23:36:40 +0000 (23:36 +0000)]
bsaes-x86_64.pl: fix buffer overrun in tail processing [from HEAD].

13 years agoAdd TLS exporter.
Ben Laurie [Tue, 15 Nov 2011 23:51:22 +0000 (23:51 +0000)]
Add TLS exporter.

13 years agoAdd DTLS-SRTP.
Ben Laurie [Tue, 15 Nov 2011 23:02:16 +0000 (23:02 +0000)]
Add DTLS-SRTP.

13 years agoaes-armv4.pl: make it link.
Andy Polyakov [Tue, 15 Nov 2011 13:55:52 +0000 (13:55 +0000)]
aes-armv4.pl: make it link.

13 years agoe_rc4_hmac_md5.c: make it work on darwin64, which is configured with RC4_CHAR.
Andy Polyakov [Tue, 15 Nov 2011 12:39:48 +0000 (12:39 +0000)]
e_rc4_hmac_md5.c: make it work on darwin64, which is configured with RC4_CHAR.

13 years agoaes-s390x.pl: make it link.
Andy Polyakov [Tue, 15 Nov 2011 12:20:55 +0000 (12:20 +0000)]
aes-s390x.pl: make it link.

13 years agoConfigure, e_aes.c: allow for XTS assembler implementation [from HEAD].
Andy Polyakov [Tue, 15 Nov 2011 12:19:56 +0000 (12:19 +0000)]
Configure, e_aes.c: allow for XTS assembler implementation [from HEAD].

13 years agoe_aes.c: jumbo update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:17:08 +0000 (21:17 +0000)]
e_aes.c: jumbo update from HEAD.

13 years agoec_cvt.c: performance update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:14:53 +0000 (21:14 +0000)]
ec_cvt.c: performance update from HEAD.

13 years agoc_allc.c: add XTS ciphers [from HEAD].
Andy Polyakov [Mon, 14 Nov 2011 21:13:35 +0000 (21:13 +0000)]
c_allc.c: add XTS ciphers [from HEAD].

13 years agoconfig: platform and poratbility updates from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:12:53 +0000 (21:12 +0000)]
config: platform and poratbility updates from HEAD.

13 years agoConfigure, etc.: engage additional assembler modules.
Andy Polyakov [Mon, 14 Nov 2011 21:12:05 +0000 (21:12 +0000)]
Configure, etc.: engage additional assembler modules.

13 years agospeed.c: add ghash benchmark [from HEAD].
Andy Polyakov [Mon, 14 Nov 2011 21:09:30 +0000 (21:09 +0000)]
speed.c: add ghash benchmark [from HEAD].

13 years agox86 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:06:50 +0000 (21:06 +0000)]
x86 assembler pack update from HEAD.

13 years agoBN update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:05:42 +0000 (21:05 +0000)]
BN update from HEAD.

13 years agox86_64 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:01:21 +0000 (21:01 +0000)]
x86_64 assembler pack update from HEAD.

13 years agoARM assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:58:01 +0000 (20:58 +0000)]
ARM assembler pack update from HEAD.

13 years agoAlpha assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:56:15 +0000 (20:56 +0000)]
Alpha assembler pack update from HEAD.

13 years agoMIPS assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:55:24 +0000 (20:55 +0000)]
MIPS assembler pack update from HEAD.

13 years agoPPC assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:54:17 +0000 (20:54 +0000)]
PPC assembler pack update from HEAD.

13 years agoPA-RISC assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:50:15 +0000 (20:50 +0000)]
PA-RISC assembler pack update from HEAD.

13 years agoSPARCv9 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:48:35 +0000 (20:48 +0000)]
SPARCv9 assembler pack update from HEAD.

13 years agos390x assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:47:22 +0000 (20:47 +0000)]
s390x assembler pack update from HEAD.

13 years agoIA64 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:45:57 +0000 (20:45 +0000)]
IA64 assembler pack update from HEAD.

13 years agoperlasm update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:44:20 +0000 (20:44 +0000)]
perlasm update from HEAD.

13 years agoMafiles updates to accomodate assembler update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:42:22 +0000 (20:42 +0000)]
Mafiles updates to accomodate assembler update from HEAD.

13 years agoDH keys have an (until now) unused 'q' parameter. When creating from DSA copy
Dr. Stephen Henson [Mon, 14 Nov 2011 14:16:09 +0000 (14:16 +0000)]
DH keys have an (until now) unused 'q' parameter. When creating from DSA copy
q across and if q present generate DH key in the correct range. (from HEAD)

13 years agoCall OPENSSL_init after we've checked to see if customisation is permissible.
Dr. Stephen Henson [Mon, 14 Nov 2011 14:15:29 +0000 (14:15 +0000)]
Call OPENSSL_init after we've checked to see if customisation is permissible.

13 years agoIgnorance.
Ben Laurie [Mon, 14 Nov 2011 02:42:26 +0000 (02:42 +0000)]
Ignorance.

13 years agoNext Protocol Negotiation.
Ben Laurie [Mon, 14 Nov 2011 02:25:04 +0000 (02:25 +0000)]
Next Protocol Negotiation.

13 years agoAdd Next Protocol Negotiation.
Ben Laurie [Sun, 13 Nov 2011 21:55:42 +0000 (21:55 +0000)]
Add Next Protocol Negotiation.

13 years agomake depend.
Ben Laurie [Sun, 13 Nov 2011 20:23:34 +0000 (20:23 +0000)]
make depend.

13 years agoFix one of the no-tlsext build errors (there are more).
Ben Laurie [Sun, 13 Nov 2011 20:19:21 +0000 (20:19 +0000)]
Fix one of the no-tlsext build errors (there are more).

13 years agoPR: 1794
Dr. Stephen Henson [Sun, 13 Nov 2011 13:13:14 +0000 (13:13 +0000)]
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c

13 years agox86cpuid.pl: compensate for imaginary virtual machines [from HEAD].
Andy Polyakov [Tue, 8 Nov 2011 21:28:14 +0000 (21:28 +0000)]
x86cpuid.pl: compensate for imaginary virtual machines [from HEAD].
PR: 2633

13 years agox86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs.
Andy Polyakov [Sat, 5 Nov 2011 10:44:25 +0000 (10:44 +0000)]
x86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs.
PR: 2633

13 years agoppc.pl: fix bug in bn_mul_comba4 [from HEAD].
Andy Polyakov [Sat, 5 Nov 2011 10:16:30 +0000 (10:16 +0000)]
ppc.pl: fix bug in bn_mul_comba4 [from HEAD].
PR: 2636
Submitted by: Charles Bryant

13 years agoAdd missing algorithms to disable, and in particular, disable
Richard Levitte [Sun, 30 Oct 2011 11:45:30 +0000 (11:45 +0000)]
Add missing algorithms to disable, and in particular, disable
EC_NISTP_64_GCC_128 by default, as GCC isn't currently supported on
VMS.  Add CMAC to the modules to build, and synchronise with Unix.

13 years agoTeach mkshared.com to have a look for disabled algorithms in opensslconf.h
Richard Levitte [Sun, 30 Oct 2011 11:40:56 +0000 (11:40 +0000)]
Teach mkshared.com to have a look for disabled algorithms in opensslconf.h

13 years agoPR: 2628
Dr. Stephen Henson [Thu, 27 Oct 2011 13:06:43 +0000 (13:06 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.

13 years agoPR: 2628
Dr. Stephen Henson [Thu, 27 Oct 2011 13:01:20 +0000 (13:01 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix for ECC keys and DTLS.

13 years agoPR: 2632
Dr. Stephen Henson [Wed, 26 Oct 2011 16:43:23 +0000 (16:43 +0000)]
PR: 2632
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.

13 years agoUse correct tag for SRP username.
Dr. Stephen Henson [Tue, 25 Oct 2011 12:52:47 +0000 (12:52 +0000)]
Use correct tag for SRP username.

13 years agoUpdate error codes for FIPS.
Dr. Stephen Henson [Fri, 21 Oct 2011 13:04:27 +0000 (13:04 +0000)]
Update error codes for FIPS.
Add support for authentication in FIPS_mode_set().

13 years agoRecognise new ECC option (from HEAD).
Dr. Stephen Henson [Fri, 21 Oct 2011 12:53:07 +0000 (12:53 +0000)]
Recognise new ECC option (from HEAD).

13 years ago"make update"
Bodo Möller [Wed, 19 Oct 2011 15:24:44 +0000 (15:24 +0000)]
"make update"

13 years agoBN_BLINDING multi-threading fix.
Bodo Möller [Wed, 19 Oct 2011 14:58:59 +0000 (14:58 +0000)]
BN_BLINDING multi-threading fix.

Submitted by: Emilia Kasper (Google)

13 years agoFix indentation
Bodo Möller [Wed, 19 Oct 2011 09:24:05 +0000 (09:24 +0000)]
Fix indentation

13 years agoFix warnings.
Bodo Möller [Wed, 19 Oct 2011 08:58:35 +0000 (08:58 +0000)]
Fix warnings.
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.

13 years agoImprove optional 64-bit NIST-P224 implementation, and add NIST-P256 and
Bodo Möller [Tue, 18 Oct 2011 19:43:54 +0000 (19:43 +0000)]
Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.

13 years agoRecognise no-rsax option.
Dr. Stephen Henson [Sat, 15 Oct 2011 13:22:26 +0000 (13:22 +0000)]
Recognise no-rsax option.

13 years agoe_aes.c: fix bug in aesni_gcm_tls_cipher [in HEAD].
Andy Polyakov [Fri, 14 Oct 2011 09:34:14 +0000 (09:34 +0000)]
e_aes.c: fix bug in aesni_gcm_tls_cipher [in HEAD].

13 years agoaesni-x86[_64].pl: pull from HEAD.
Andy Polyakov [Fri, 14 Oct 2011 09:21:03 +0000 (09:21 +0000)]
aesni-x86[_64].pl: pull from HEAD.

13 years agouse -no_ecdhe when using -no_dhe
Bodo Möller [Thu, 13 Oct 2011 15:07:05 +0000 (15:07 +0000)]
use -no_ecdhe when using -no_dhe

13 years agoMake CTR mode behaviour consistent with other modes:
Bodo Möller [Thu, 13 Oct 2011 13:42:29 +0000 (13:42 +0000)]
Make CTR mode behaviour consistent with other modes:
clear ctx->num in EVP_CipherInit_ex

Submitted by: Emilia Kasper

13 years agoClarify warning
Bodo Möller [Thu, 13 Oct 2011 13:25:03 +0000 (13:25 +0000)]
Clarify warning

13 years agoIn ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Bodo Möller [Thu, 13 Oct 2011 13:05:35 +0000 (13:05 +0000)]
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.

Submitted by: Bob Buckholz <bbuckholz@google.com>

13 years agoFor now disable RSAX ENGINE for FIPS builds: it sets a non-FIPS RSA
Dr. Stephen Henson [Thu, 13 Oct 2011 11:43:44 +0000 (11:43 +0000)]
For now disable RSAX ENGINE for FIPS builds: it sets a non-FIPS RSA
method which stops FIPS mode working.

13 years agoincrease test RSA key size to 1024 bits
Dr. Stephen Henson [Wed, 12 Oct 2011 21:55:42 +0000 (21:55 +0000)]
increase test RSA key size to 1024 bits

13 years agoupdate pkey method initialisation and copy
Dr. Stephen Henson [Tue, 11 Oct 2011 18:16:02 +0000 (18:16 +0000)]
update pkey method initialisation and copy

13 years agoBackport ossl_ssize_t type from HEAD.
Dr. Stephen Henson [Mon, 10 Oct 2011 22:33:50 +0000 (22:33 +0000)]
Backport ossl_ssize_t type from HEAD.

13 years agodef_rsa_finish not used anymore.
Dr. Stephen Henson [Mon, 10 Oct 2011 20:34:17 +0000 (20:34 +0000)]
def_rsa_finish not used anymore.

13 years agofix leak properly this time...
Dr. Stephen Henson [Mon, 10 Oct 2011 14:09:05 +0000 (14:09 +0000)]
fix leak properly this time...

13 years agoadd GCM ciphers in SSL_library_init
Dr. Stephen Henson [Mon, 10 Oct 2011 12:56:11 +0000 (12:56 +0000)]
add GCM ciphers in SSL_library_init

13 years agodisable GCM if not available
Dr. Stephen Henson [Mon, 10 Oct 2011 12:40:13 +0000 (12:40 +0000)]
disable GCM if not available

13 years agoAdd some entries for 1.0.1 in NEWS.
Dr. Stephen Henson [Mon, 10 Oct 2011 00:27:52 +0000 (00:27 +0000)]
Add some entries for 1.0.1 in NEWS.

13 years agosync NEWS with 1.0.0 branch
Dr. Stephen Henson [Mon, 10 Oct 2011 00:23:14 +0000 (00:23 +0000)]
sync NEWS with 1.0.0 branch

13 years agoDon't disable TLS v1.2 by default any more.
Dr. Stephen Henson [Sun, 9 Oct 2011 23:28:25 +0000 (23:28 +0000)]
Don't disable TLS v1.2 by default any more.

13 years agoUpdate ordinals.
Dr. Stephen Henson [Sun, 9 Oct 2011 23:14:20 +0000 (23:14 +0000)]
Update ordinals.

13 years agoBackport PSS signature support from HEAD.
Dr. Stephen Henson [Sun, 9 Oct 2011 23:13:50 +0000 (23:13 +0000)]
Backport PSS signature support from HEAD.

13 years agofix CHANGES entry
Dr. Stephen Henson [Sun, 9 Oct 2011 23:11:09 +0000 (23:11 +0000)]
fix CHANGES entry

13 years agofix memory leaks
Dr. Stephen Henson [Sun, 9 Oct 2011 23:09:22 +0000 (23:09 +0000)]
fix memory leaks

13 years agoFix memory leak. From HEAD.
Dr. Stephen Henson [Sun, 9 Oct 2011 16:04:17 +0000 (16:04 +0000)]
Fix memory leak. From HEAD.

13 years agoUpdate ordinals.
Dr. Stephen Henson [Sun, 9 Oct 2011 15:28:52 +0000 (15:28 +0000)]
Update ordinals.

13 years agoBackport of password based CMS support from HEAD.
Dr. Stephen Henson [Sun, 9 Oct 2011 15:28:02 +0000 (15:28 +0000)]
Backport of password based CMS support from HEAD.

13 years agoPR: 2482
Dr. Stephen Henson [Sun, 9 Oct 2011 00:56:43 +0000 (00:56 +0000)]
PR: 2482
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.

13 years agouse client version when eliminating TLS v1.2 ciphersuites in client hello
Dr. Stephen Henson [Fri, 7 Oct 2011 15:07:36 +0000 (15:07 +0000)]
use client version when eliminating TLS v1.2 ciphersuites in client hello

13 years ago? crypto/aes/aes-armv4.S
Dr. Stephen Henson [Thu, 6 Oct 2011 20:45:08 +0000 (20:45 +0000)]
? crypto/aes/aes-armv4.S
? crypto/aes/aesni-sha1-x86_64.s
? crypto/aes/aesni-x86_64.s
? crypto/aes/foo.pl
? crypto/aes/vpaes-x86_64.s
? crypto/bn/.bn_lib.c.swp
? crypto/bn/armv4-gf2m.S
? crypto/bn/diffs
? crypto/bn/modexp512-x86_64.s
? crypto/bn/x86_64-gf2m.s
? crypto/bn/x86_64-mont5.s
? crypto/ec/bc.txt
? crypto/ec/diffs
? crypto/modes/a.out
? crypto/modes/diffs
? crypto/modes/ghash-armv4.S
? crypto/modes/ghash-x86_64.s
? crypto/modes/op.h
? crypto/modes/tst.c
? crypto/modes/x.h
? crypto/objects/.obj_xref.txt.swp
? crypto/rand/diffs
? crypto/sha/sha-512
? crypto/sha/sha1-armv4-large.S
? crypto/sha/sha256-armv4.S
? crypto/sha/sha512-armv4.S
Index: crypto/objects/obj_xref.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v
retrieving revision 1.9
diff -u -r1.9 obj_xref.c
--- crypto/objects/obj_xref.c 5 Nov 2008 18:38:58 -0000 1.9
+++ crypto/objects/obj_xref.c 6 Oct 2011 20:30:21 -0000
@@ -110,8 +110,10 @@
 #endif
  if (rv == NULL)
  return 0;
- *pdig_nid = rv->hash_id;
- *ppkey_nid = rv->pkey_id;
+ if (pdig_nid)
+ *pdig_nid = rv->hash_id;
+ if (ppkey_nid)
+ *ppkey_nid = rv->pkey_id;
  return 1;
  }

@@ -144,7 +146,8 @@
 #endif
  if (rv == NULL)
  return 0;
- *psignid = (*rv)->sign_id;
+ if (psignid)
+ *psignid = (*rv)->sign_id;
  return 1;
  }

Index: crypto/x509/x509type.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v
retrieving revision 1.10
diff -u -r1.10 x509type.c
--- crypto/x509/x509type.c 26 Oct 2007 12:06:33 -0000 1.10
+++ crypto/x509/x509type.c 6 Oct 2011 20:36:04 -0000
@@ -100,20 +100,26 @@
  break;
  }

- i=X509_get_signature_type(x);
- switch (i)
+ i=OBJ_obj2nid(x->sig_alg->algorithm);
+ if (i && OBJ_find_sigid_algs(i, NULL, &i))
  {
- case EVP_PKEY_RSA:
- ret|=EVP_PKS_RSA;
- break;
- case EVP_PKEY_DSA:
- ret|=EVP_PKS_DSA;
- break;
- case EVP_PKEY_EC:
- ret|=EVP_PKS_EC;
- break;
- default:
- break;
+
+ switch (i)
+ {
+ case NID_rsaEncryption:
+ case NID_rsa:
+ ret|=EVP_PKS_RSA;
+ break;
+ case NID_dsa:
+ case NID_dsa_2:
+ ret|=EVP_PKS_DSA;
+ break;
+ case NID_X9_62_id_ecPublicKey:
+ ret|=EVP_PKS_EC;
+ break;
+ default:
+ break;
+ }
  }

  if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look

13 years agofix signed/unsigned warning
Dr. Stephen Henson [Mon, 26 Sep 2011 17:04:41 +0000 (17:04 +0000)]
fix signed/unsigned warning

13 years agomake sure eivlen is initialised
Dr. Stephen Henson [Sat, 24 Sep 2011 23:06:35 +0000 (23:06 +0000)]
make sure eivlen is initialised

13 years agouse keyformat for -x509toreq, don't hard code PEM
Dr. Stephen Henson [Fri, 23 Sep 2011 21:48:50 +0000 (21:48 +0000)]
use keyformat for -x509toreq, don't hard code PEM

13 years agoPR: 2606
Dr. Stephen Henson [Fri, 23 Sep 2011 13:39:35 +0000 (13:39 +0000)]
PR: 2606
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve

Handle timezones correctly in UTCTime.

13 years agoPR: 2602
Dr. Stephen Henson [Fri, 23 Sep 2011 13:35:05 +0000 (13:35 +0000)]
PR: 2602
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting

13 years agoPR: 2347
Dr. Stephen Henson [Fri, 23 Sep 2011 13:12:41 +0000 (13:12 +0000)]
PR: 2347
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve

Fix usage message.

13 years agomake depend
Dr. Stephen Henson [Fri, 16 Sep 2011 23:15:22 +0000 (23:15 +0000)]
make depend

13 years agoImproved error checking for DRBG calls.
Dr. Stephen Henson [Fri, 16 Sep 2011 23:12:34 +0000 (23:12 +0000)]
Improved error checking for DRBG calls.

New functionality to allow default DRBG type to be set during compilation or during runtime.

13 years agoImproved error checking for DRBG calls.
Dr. Stephen Henson [Fri, 16 Sep 2011 23:08:57 +0000 (23:08 +0000)]
Improved error checking for DRBG calls.

New functionality to allow default DRBG type to be set during compilation
or during runtime.

13 years agoTypo.
Dr. Stephen Henson [Fri, 16 Sep 2011 23:04:07 +0000 (23:04 +0000)]
Typo.

13 years agoFix warnings (from HEAD).
Dr. Stephen Henson [Sat, 10 Sep 2011 21:18:37 +0000 (21:18 +0000)]
Fix warnings (from HEAD).

13 years agoInitialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
Dr. Stephen Henson [Tue, 6 Sep 2011 15:14:41 +0000 (15:14 +0000)]
Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
produce an error (CVE-2011-3207)

13 years agoconfig: don't add -Wa options with no-asm [from HEAD].
Andy Polyakov [Mon, 5 Sep 2011 16:33:48 +0000 (16:33 +0000)]
config: don't add -Wa options with no-asm [from HEAD].