Dr. Stephen Henson [Wed, 12 Mar 2008 13:05:07 +0000 (13:05 +0000)]
Update year.
Dr. Stephen Henson [Wed, 12 Mar 2008 00:37:31 +0000 (00:37 +0000)]
#undef X509_EXTENSIONS to avoid conflict with CryptoAPI.
Dr. Stephen Henson [Fri, 29 Feb 2008 14:24:52 +0000 (14:24 +0000)]
We already have an object for "zlib compression" but it was a place
holder and its actual encoding never used.
Just as well because it's value looks like it was made up in the mists of
time...
Now there is a registered value for zlib compression (used in S/MIME
compressedData content type) use that instead.
Dr. Stephen Henson [Thu, 28 Feb 2008 14:05:01 +0000 (14:05 +0000)]
Avoid warnings.
Dr. Stephen Henson [Thu, 28 Feb 2008 13:45:06 +0000 (13:45 +0000)]
Fix error code function name mismatches in GOST engine, rebuild errors.
Dr. Stephen Henson [Thu, 28 Feb 2008 13:18:26 +0000 (13:18 +0000)]
Fix typo and avoid warning.
Andy Polyakov [Wed, 27 Feb 2008 20:09:28 +0000 (20:09 +0000)]
Make x86_64-mont.pl work with debug Win64 build.
Bodo Möller [Wed, 27 Feb 2008 06:01:28 +0000 (06:01 +0000)]
fix BIGNUM flag handling
Dr. Stephen Henson [Mon, 25 Feb 2008 18:11:47 +0000 (18:11 +0000)]
Clarification and fix typo.
Dr. Stephen Henson [Mon, 25 Feb 2008 13:14:06 +0000 (13:14 +0000)]
Use default value for $dir if it is empty.
Bodo Möller [Thu, 21 Feb 2008 07:24:12 +0000 (07:24 +0000)]
Make sure to set indent-tabs-mode so that we get tabs, not spaces.
Andy Polyakov [Wed, 13 Feb 2008 13:07:52 +0000 (13:07 +0000)]
Support for NASM>=2 in Win64/x64 build.
Dr. Stephen Henson [Tue, 12 Feb 2008 13:48:10 +0000 (13:48 +0000)]
Add OIDs for compressedData content type and zlib compression.
Dr. Stephen Henson [Tue, 12 Feb 2008 01:24:50 +0000 (01:24 +0000)]
Typo.
Dr. Stephen Henson [Mon, 11 Feb 2008 17:52:38 +0000 (17:52 +0000)]
Utility attribute function to retrieve attribute data from an expected
type. Useful for many attributes which are single valued and can only
have one type.
Dr. Stephen Henson [Mon, 11 Feb 2008 13:59:33 +0000 (13:59 +0000)]
Extend attribute setting routines to support non-string types.
Andy Polyakov [Mon, 11 Feb 2008 13:04:39 +0000 (13:04 +0000)]
Ad-hockery for Platform SDK ml64.
Dr. Stephen Henson [Fri, 8 Feb 2008 13:07:04 +0000 (13:07 +0000)]
Support custom primitive type printing routines and add one to LONG type.
Andy Polyakov [Wed, 6 Feb 2008 10:18:19 +0000 (10:18 +0000)]
Micro-profiling assisted "optimization" for Power6. Essentially it's so
to say educational commit. Reordering instructions doesn't improve
performance much, rather exhibits Power6 limitations.
Andy Polyakov [Tue, 5 Feb 2008 13:10:14 +0000 (13:10 +0000)]
ppc64-mont optimization.
Lutz Jänicke [Wed, 30 Jan 2008 08:26:59 +0000 (08:26 +0000)]
Add missing colon in manpage
Submitted by: Richard Hartmann <richih.mailinglist@gmail.com>
Dr. Stephen Henson [Sat, 26 Jan 2008 23:42:58 +0000 (23:42 +0000)]
Add Global Sign root CA.
Dr. Stephen Henson [Wed, 23 Jan 2008 19:21:00 +0000 (19:21 +0000)]
Clarify FAQ.
Dr. Stephen Henson [Wed, 23 Jan 2008 19:10:53 +0000 (19:10 +0000)]
Clarify BITLIST format and include an example.
Andy Polyakov [Thu, 17 Jan 2008 19:48:01 +0000 (19:48 +0000)]
rc5/asm/rc5-586.pl was erroneously omitted from last perlasm unification.
Andy Polyakov [Tue, 15 Jan 2008 11:27:06 +0000 (11:27 +0000)]
crypto/rc5/Makefile was erroneously omitted from last perlasm unification.
Also remove obsolete and now misleading comments.
Dr. Stephen Henson [Mon, 14 Jan 2008 18:10:55 +0000 (18:10 +0000)]
<strings.h> does not exist under WIN32.
Andy Polyakov [Sun, 13 Jan 2008 22:01:30 +0000 (22:01 +0000)]
Unify ppc assembler make rules.
Andy Polyakov [Sun, 13 Jan 2008 17:56:02 +0000 (17:56 +0000)]
Automate assembler support for Win64 targets (more work is needed).
Andy Polyakov [Sun, 13 Jan 2008 17:43:11 +0000 (17:43 +0000)]
Allow to specify filename on sha1-ia64.pl command line.
Andy Polyakov [Sun, 13 Jan 2008 17:42:04 +0000 (17:42 +0000)]
Make all x86_64 modules independent on current working directory.
Andy Polyakov [Sat, 12 Jan 2008 11:29:45 +0000 (11:29 +0000)]
rc4-x86_64 portability fix.
Ben Laurie [Sat, 12 Jan 2008 11:22:31 +0000 (11:22 +0000)]
Missing headers.
Andy Polyakov [Fri, 11 Jan 2008 13:15:11 +0000 (13:15 +0000)]
Unify x86 perlasm make rules.
Andy Polyakov [Fri, 11 Jan 2008 11:59:37 +0000 (11:59 +0000)]
Automate assembler support in mk1mf even further.
Dr. Stephen Henson [Sun, 6 Jan 2008 00:36:22 +0000 (00:36 +0000)]
Experimental support for import of more options from Configure
(via top level Makefile) into mk1mf builds. This avoids the need
to duplicate the CFLAG handling and can auto build assembly language
source files from perl scripts.
Extend VC-WIN32 Configure entry to include new options.
Dr. Stephen Henson [Sat, 5 Jan 2008 22:28:38 +0000 (22:28 +0000)]
Update perl asm scripts include paths for perlasm.
Andy Polyakov [Sat, 5 Jan 2008 21:35:34 +0000 (21:35 +0000)]
Fix unsigned/signed warnings in ssl.
Andy Polyakov [Sat, 5 Jan 2008 21:32:29 +0000 (21:32 +0000)]
Cygwin compatibility fix to apps/ocsp.c.
Andy Polyakov [Sat, 5 Jan 2008 21:30:59 +0000 (21:30 +0000)]
Compensate for BSDi shell bug.
Andy Polyakov [Sat, 5 Jan 2008 21:28:53 +0000 (21:28 +0000)]
engine/ccgost Win32 portability fixes.
Andy Polyakov [Sat, 5 Jan 2008 18:17:20 +0000 (18:17 +0000)]
Make aes-x86_64 work with debug Win64 build.
Andy Polyakov [Sat, 5 Jan 2008 08:58:18 +0000 (08:58 +0000)]
Make AES_T[ed] private to aes-586 module.
Dr. Stephen Henson [Sat, 5 Jan 2008 00:45:27 +0000 (00:45 +0000)]
Include Mont asm files in WIN32 build.
Dr. Stephen Henson [Sat, 5 Jan 2008 00:44:33 +0000 (00:44 +0000)]
Add extra SHA2 defines.
Andy Polyakov [Fri, 4 Jan 2008 23:03:23 +0000 (23:03 +0000)]
Last dso_dlfcn.c check-in said "Use Dl_info only on systems where it is
known to exist. It does not exist on AIX 4.3.3, AIX 5.1, SCO 5, or Cygwin"
and disabled it on banch of systems it's known to exists, such as FreeBSD,
Solaris, 64-bit HP-UX, MacOS X. Get it straight.
Andy Polyakov [Fri, 4 Jan 2008 22:58:50 +0000 (22:58 +0000)]
x86gas.pl update.
Dr. Stephen Henson [Fri, 4 Jan 2008 16:32:39 +0000 (16:32 +0000)]
Add sha2 defines.
Dr. Stephen Henson [Fri, 4 Jan 2008 13:18:09 +0000 (13:18 +0000)]
Update netware to use new SHA2 assembly language modules.
Dr. Stephen Henson [Fri, 4 Jan 2008 00:48:14 +0000 (00:48 +0000)]
Update WIN32 nasm build to use new asm files.
Dr. Stephen Henson [Fri, 4 Jan 2008 00:37:23 +0000 (00:37 +0000)]
Avoid WIN32 signed/unsigned warnings.
Dr. Stephen Henson [Thu, 3 Jan 2008 22:57:50 +0000 (22:57 +0000)]
Move CHANGES entry. Revert include file install line.
Dr. Stephen Henson [Thu, 3 Jan 2008 22:43:04 +0000 (22:43 +0000)]
Netware support.
Submitted by: Guenter Knauf <eflash@gmx.net>
Andy Polyakov [Thu, 3 Jan 2008 17:09:56 +0000 (17:09 +0000)]
NASM has recently changed name of win32 pre-compiled binary.
PR: 1627
Dr. Stephen Henson [Thu, 3 Jan 2008 16:37:00 +0000 (16:37 +0000)]
Add quotes to Win32 install directories.
Submitted by: Mladen Turk <mturk@apache.org>
Andy Polyakov [Thu, 3 Jan 2008 16:21:06 +0000 (16:21 +0000)]
perlasm/x86*.pl updates.
Andy Polyakov [Sat, 29 Dec 2007 20:30:09 +0000 (20:30 +0000)]
Final (for this commit series) optimized version and with commentary section.
Andy Polyakov [Sat, 29 Dec 2007 20:28:01 +0000 (20:28 +0000)]
This is also informational commit exposing loop modulo scheduling "factor."
Andy Polyakov [Sat, 29 Dec 2007 20:26:46 +0000 (20:26 +0000)]
New Montgomery multiplication module, ppc64-mont.pl. Reference, non-optimized
implementation. This is essentially informational commit.
Andy Polyakov [Sat, 29 Dec 2007 18:50:44 +0000 (18:50 +0000)]
ppc-xlate.pl update.
Andy Polyakov [Sat, 29 Dec 2007 18:32:34 +0000 (18:32 +0000)]
Source readability fix, which incidentally works around XLC compiler bug.
Andy Polyakov [Tue, 18 Dec 2007 17:33:49 +0000 (17:33 +0000)]
Engage x86 assembler in Mac OS X build.
Andy Polyakov [Tue, 18 Dec 2007 17:28:22 +0000 (17:28 +0000)]
Mac OS X x86 assembler support.
Andy Polyakov [Tue, 18 Dec 2007 09:32:20 +0000 (09:32 +0000)]
Disable support for Metrowerks assembler. Assembler itself is broken,
specifically it incorrectly encodes EA offsets between 128 and 255.
Andy Polyakov [Tue, 18 Dec 2007 09:18:49 +0000 (09:18 +0000)]
x86 perlasm overhaul.
Dr. Stephen Henson [Sun, 16 Dec 2007 13:57:44 +0000 (13:57 +0000)]
Avoid aliasing warning.
Dr. Stephen Henson [Sun, 16 Dec 2007 13:16:58 +0000 (13:16 +0000)]
Update ordinals
Dr. Stephen Henson [Fri, 14 Dec 2007 16:53:50 +0000 (16:53 +0000)]
Initialize sigsize.
Dr. Stephen Henson [Fri, 14 Dec 2007 12:43:50 +0000 (12:43 +0000)]
Handle non-SHA1 digests for certids in OCSP test responder.
Andy Polyakov [Tue, 4 Dec 2007 20:28:52 +0000 (20:28 +0000)]
gmp engine was non-operational.
Dr. Stephen Henson [Tue, 4 Dec 2007 12:41:28 +0000 (12:41 +0000)]
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
Richard Levitte [Mon, 3 Dec 2007 09:02:29 +0000 (09:02 +0000)]
Change submitted by Doug Kaufman. He writes:
I just compiled the 9.9-dev version from the
12022007 tarball under
DJGPP. There were only 2 changes needed, one for b_sock.c, since
DJGPP with WATT32 doesn't define socklen_t and one for testtsa to
handle DOS style path separators. I also noted what seems to be a
typographical error in ts.pod. The test suite passes. The patch is
attached.
Since I am in the US, I have sent notifications to the Bureau of
Industry and Security and to the NSA.
Andy Polyakov [Sun, 2 Dec 2007 21:32:03 +0000 (21:32 +0000)]
Some assembler are allergic to lea reg,BYTE PTR[...].
Submitted by: Guenter Knauf
Andy Polyakov [Sat, 24 Nov 2007 16:03:57 +0000 (16:03 +0000)]
Structure symbol decorations, optimize label handling...
Dr. Stephen Henson [Fri, 23 Nov 2007 00:34:00 +0000 (00:34 +0000)]
Rebuild OID database: duplicates got in there somehow??
Dr. Stephen Henson [Fri, 23 Nov 2007 00:19:24 +0000 (00:19 +0000)]
Fix from stable branch.
Dr. Stephen Henson [Fri, 23 Nov 2007 00:14:59 +0000 (00:14 +0000)]
Add caRepository OID and sync object NIDs with OpenSSL 0.9.8.
Andy Polyakov [Thu, 22 Nov 2007 21:21:35 +0000 (21:21 +0000)]
Synchronize x86nasm.pl with x86unix.pl.
Andy Polyakov [Thu, 22 Nov 2007 20:51:48 +0000 (20:51 +0000)]
Combat [bogus] relocations in some assember modules.
Dr. Stephen Henson [Wed, 21 Nov 2007 17:25:58 +0000 (17:25 +0000)]
Lookup public key ASN1 methods by string by iterating through all
implementations instead of all added ENGINEs to cover case where an
ENGINE is not added.
Dr. Stephen Henson [Wed, 21 Nov 2007 12:39:12 +0000 (12:39 +0000)]
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Update gost algorithm print routines.
Dr. Stephen Henson [Tue, 20 Nov 2007 17:52:02 +0000 (17:52 +0000)]
Avoid warning.
Dr. Stephen Henson [Tue, 20 Nov 2007 17:51:45 +0000 (17:51 +0000)]
Update debug-steve targets.
Dr. Stephen Henson [Tue, 20 Nov 2007 13:37:51 +0000 (13:37 +0000)]
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Make {d2i,i2d}_PrivateKey() fall back to PKCS#8 format if no legacy format
supported. Add support in d2i_AutoPrivateKey().
Dr. Stephen Henson [Tue, 20 Nov 2007 13:04:45 +0000 (13:04 +0000)]
Rebuild object cross reference table.
Lutz Jänicke [Mon, 19 Nov 2007 09:18:03 +0000 (09:18 +0000)]
Typos in man pages: dependant->dependent
Submitted by: Tobias Stoeckmann <tobias@bugol.de>
Bodo Möller [Mon, 19 Nov 2007 07:25:55 +0000 (07:25 +0000)]
Should reject signatures that we can't properly verify
and couldn't generate
(as pointed out by Ernst G Giessmann)
Bodo Möller [Mon, 19 Nov 2007 07:24:08 +0000 (07:24 +0000)]
fix typos
Submitted by: Ernst G. Giessmann
Ben Laurie [Fri, 16 Nov 2007 14:41:09 +0000 (14:41 +0000)]
Fix buffer overflow.
Bodo Möller [Fri, 16 Nov 2007 13:01:14 +0000 (13:01 +0000)]
The hash length check wasn't strict enough,
as pointed out by Ernst G Giessmann
Ben Laurie [Fri, 16 Nov 2007 03:03:01 +0000 (03:03 +0000)]
Fix warnings.
Andy Polyakov [Sat, 3 Nov 2007 20:09:04 +0000 (20:09 +0000)]
Commit #16325 fixed one thing but broke DH with certain moduli.
Dr. Stephen Henson [Sat, 3 Nov 2007 13:09:34 +0000 (13:09 +0000)]
Fix from stable branch.
Lutz Jänicke [Thu, 1 Nov 2007 08:24:56 +0000 (08:24 +0000)]
Add OIDs by CMP (RFC 4210) and CRMF (RFC 4211)
Submitted by: Martin Peylo <martinmeis@googlemail.com>
Dr. Stephen Henson [Fri, 26 Oct 2007 23:54:46 +0000 (23:54 +0000)]
Fix duplicate error codes.
Dr. Stephen Henson [Fri, 26 Oct 2007 23:50:40 +0000 (23:50 +0000)]
GOST ENGINE information.
Dr. Stephen Henson [Fri, 26 Oct 2007 12:06:36 +0000 (12:06 +0000)]
1. Changes for s_client.c to make it return non-zero exit code in case
of handshake failure
2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).
3. Changes to EVP
- adding of function EVP_PKEY_CTX_get0_peerkey
- Make function EVP_PKEY_derive_set_peerkey work for context with
ENCRYPT operation, because we use peerkey field in the context to
pass non-ephemeral secret key to GOST encrypt operation.
- added EVP_PKEY_CTRL_SET_IV control command. It is really
GOST-specific, but it is used in SSL code, so it has to go
in some header file, available during libssl compilation
4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data
5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
make debugging output which depends on constants defined there, work
and other KSSL_DEBUG output fixes
6. Declaration of real GOST ciphersuites, two authentication methods
SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST
7. Implementation of these methods.
8. Support for sending unsolicited serverhello extension if GOST
ciphersuite is selected. It is require for interoperability with
CryptoPro CSP 3.0 and 3.6 and controlled by
SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
This constant is added to SSL_OP_ALL, because it does nothing, if
non-GOST ciphersuite is selected, and all implementation of GOST
include compatibility with CryptoPro.
9. Support for CertificateVerify message without length field. It is
another CryptoPro bug, but support is made unconditional, because it
does no harm for draft-conforming implementation.
10. In tls1_mac extra copy of stream mac context is no more done.
When I've written currently commited code I haven't read
EVP_DigestSignFinal manual carefully enough and haven't noticed that
it does an internal digest ctx copying.
This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
Lutz Jänicke [Fri, 19 Oct 2007 08:26:03 +0000 (08:26 +0000)]
Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f
Dr. Stephen Henson [Thu, 18 Oct 2007 11:42:47 +0000 (11:42 +0000)]
Fix from stable branch.
Andy Polyakov [Wed, 17 Oct 2007 21:15:48 +0000 (21:15 +0000)]
Don't let DTLS ChangeCipherSpec increment handshake sequence number.
PR: 1587