Dr. Stephen Henson [Sat, 8 Jul 2006 10:45:08 +0000 (10:45 +0000)]
Add some EVP_PKEY_METHOD docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 10:01:33 +0000 (10:01 +0000)]
Update docs with algorithm options.
Dr. Stephen Henson [Sat, 8 Jul 2006 00:50:25 +0000 (00:50 +0000)]
Typo.
Dr. Stephen Henson [Sat, 8 Jul 2006 00:47:04 +0000 (00:47 +0000)]
Initial docs for pkeyutl.
Dr. Stephen Henson [Sat, 8 Jul 2006 00:24:47 +0000 (00:24 +0000)]
Docs for new utilities.
Dr. Stephen Henson [Fri, 7 Jul 2006 21:44:23 +0000 (21:44 +0000)]
Add documentation for new smime options.
Andy Polyakov [Tue, 4 Jul 2006 20:29:50 +0000 (20:29 +0000)]
Fix compiler warnings.
Andy Polyakov [Tue, 4 Jul 2006 20:29:14 +0000 (20:29 +0000)]
Unsigned vs signed comparison warning.
Andy Polyakov [Tue, 4 Jul 2006 20:27:44 +0000 (20:27 +0000)]
Typos(?) in HEAD/crypto/evp/p_lib.c.
Dr. Stephen Henson [Sun, 2 Jul 2006 21:13:39 +0000 (21:13 +0000)]
dsa_pub_cmp() doesn't need to check parameters because that is done in
EVP_PKEY_cmp().
Dr. Stephen Henson [Sun, 2 Jul 2006 21:12:40 +0000 (21:12 +0000)]
Make return value from EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() consistent.
Andy Polyakov [Sun, 2 Jul 2006 09:18:00 +0000 (09:18 +0000)]
Prepare playground for AES experimental code.
Bodo Möller [Fri, 30 Jun 2006 22:00:13 +0000 (22:00 +0000)]
documentation for "HIGH" vs. "MEDIUM" was not up-to-date
Bodo Möller [Fri, 30 Jun 2006 08:14:39 +0000 (08:14 +0000)]
use <poll.h> as by Single Unix Specification
Bodo Möller [Wed, 28 Jun 2006 14:50:12 +0000 (14:50 +0000)]
always read in RAND_poll() if we can't use select because of a too
large FD: it's non-blocking mode anyway
Andy Polyakov [Wed, 28 Jun 2006 08:52:16 +0000 (08:52 +0000)]
Mitigate the hazard of cache-collision timing attack on last round. The
only chance for T[ed]4 to get evicted in this module is when its cache
"overlaps" with last 128 bits of key schedule.
Andy Polyakov [Wed, 28 Jun 2006 08:48:54 +0000 (08:48 +0000)]
Mitigate the hazard of cache-collision timing attack on last round. Well,
prefetch could have been moved closer to Td4 references. Something for
later consideration...
Andy Polyakov [Wed, 28 Jun 2006 08:39:06 +0000 (08:39 +0000)]
Mitigate cache-collision timing attack on last round.
Dr. Stephen Henson [Tue, 27 Jun 2006 17:23:24 +0000 (17:23 +0000)]
Fix EVP_PKEY_CTX_dup() to return correct value and handle NULL keys in
the source.
Richard Levitte [Tue, 27 Jun 2006 06:31:34 +0000 (06:31 +0000)]
Use poll() when possible to gather Unix randomness entropy
Bodo Möller [Fri, 23 Jun 2006 15:21:36 +0000 (15:21 +0000)]
New functions CRYPTO_set_idptr_callback(),
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.
Bodo Möller [Thu, 22 Jun 2006 12:37:28 +0000 (12:37 +0000)]
Change in 0.9.8 branch:
Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)
Bodo Möller [Tue, 20 Jun 2006 08:50:42 +0000 (08:50 +0000)]
Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)
Bodo Möller [Sun, 18 Jun 2006 22:00:57 +0000 (22:00 +0000)]
Change array representation of binary polynomials to make GF2m part of
the BN library more generally useful.
Submitted by: Douglas Stebila
Bodo Möller [Fri, 16 Jun 2006 01:00:47 +0000 (01:00 +0000)]
another thread-safety fix
Bodo Möller [Thu, 15 Jun 2006 19:58:22 +0000 (19:58 +0000)]
Error messages for client ECC cert verification.
Also, change the default ciphersuite to give some prefererence to
ciphersuites with forwared secrecy (rather than using a random order).
Bodo Möller [Thu, 15 Jun 2006 19:00:34 +0000 (19:00 +0000)]
Call 'print_stuff' even if a handshake failed.
Bodo Möller [Thu, 15 Jun 2006 18:28:00 +0000 (18:28 +0000)]
Fix algorithm handling for ECC ciphersuites: Adapt to recent changes,
and allow more general RSA OIDs for ECC certs with RSA CA sig.
Bodo Möller [Thu, 15 Jun 2006 17:17:06 +0000 (17:17 +0000)]
Fix another new bug in the cipherstring logic.
Bodo Möller [Thu, 15 Jun 2006 16:54:20 +0000 (16:54 +0000)]
Fix another bug introduced yesterday when deleting Fortezza stuff:
make sure 'mask' is initialized in ssl_cipher_get_disabled().
Also simplify code by removing some unused arguments in static functions.
Bodo Möller [Thu, 15 Jun 2006 16:07:10 +0000 (16:07 +0000)]
Oops ... deleted too much in the previous commit when I deleted
the Fortezza stuff
Bodo Möller [Wed, 14 Jun 2006 17:51:46 +0000 (17:51 +0000)]
Disable invalid ciphersuites
Bodo Möller [Wed, 14 Jun 2006 17:40:31 +0000 (17:40 +0000)]
Ciphersuite string bugfixes, and ECC-related (re-)definitions.
Bodo Möller [Wed, 14 Jun 2006 13:58:48 +0000 (13:58 +0000)]
Make sure that AES ciphersuites get priority over Camellia
ciphersuites in the default cipher string.
Bodo Möller [Wed, 14 Jun 2006 08:55:23 +0000 (08:55 +0000)]
Thread-safety fixes
Bodo Möller [Wed, 14 Jun 2006 01:16:22 +0000 (01:16 +0000)]
Fix a bug recently introduced when updating this file to use the new
keygen API: make sure that 'pkey_type' is actually visible to MAIN().
Richard Levitte [Mon, 12 Jun 2006 06:46:18 +0000 (06:46 +0000)]
Keep synchronised with Unix
Bodo Möller [Sun, 11 Jun 2006 01:09:07 +0000 (01:09 +0000)]
Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
Richard Levitte [Sat, 10 Jun 2006 05:38:23 +0000 (05:38 +0000)]
Keep synchronised with the Unix build
Bodo Möller [Fri, 9 Jun 2006 22:29:40 +0000 (22:29 +0000)]
Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
Bodo Möller [Fri, 9 Jun 2006 15:44:59 +0000 (15:44 +0000)]
Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
Dr. Stephen Henson [Tue, 6 Jun 2006 13:27:36 +0000 (13:27 +0000)]
Output MIME parameter micalg according to RFC3851 and RFC4490 instead of hard
coding it to "sha1".
Dr. Stephen Henson [Tue, 6 Jun 2006 12:35:05 +0000 (12:35 +0000)]
Add AES and GOST S/MIME capabilities if algorithms are supported.
Andy Polyakov [Mon, 5 Jun 2006 16:04:09 +0000 (16:04 +0000)]
Fix obvious typo.
Dr. Stephen Henson [Mon, 5 Jun 2006 12:38:22 +0000 (12:38 +0000)]
Clarify comment and add #ifdef.
Dr. Stephen Henson [Mon, 5 Jun 2006 11:52:46 +0000 (11:52 +0000)]
Complete EVP_PKEY_ASN1_METHOD ENGINE support.
Andy Polyakov [Mon, 5 Jun 2006 10:43:41 +0000 (10:43 +0000)]
Sync aes.h with cvs.openssl.org/chngview?cn=15336.
Andy Polyakov [Mon, 5 Jun 2006 10:40:54 +0000 (10:40 +0000)]
Reimplement AES_ofb128_encrypt.
Andy Polyakov [Mon, 5 Jun 2006 10:40:28 +0000 (10:40 +0000)]
Correct logical error in STRICT_ALIGNMENT check and remove copy of
eay licence, as module is practically rewritten from scratch [well,
even original submission was obviously "almost, but not quite,
entirely unlike" any other eay *_cfb.c module, not to mention new
functions].
Andy Polyakov [Mon, 5 Jun 2006 09:42:31 +0000 (09:42 +0000)]
Minor ppc-xlate.pl update.
Andy Polyakov [Mon, 5 Jun 2006 09:37:55 +0000 (09:37 +0000)]
Add sha512-ppc.pl module.
Andy Polyakov [Mon, 5 Jun 2006 09:35:50 +0000 (09:35 +0000)]
Minor sha1-ppc.pl update.
Richard Levitte [Sun, 4 Jun 2006 08:22:25 +0000 (08:22 +0000)]
A few more ENGINE strings that need shortening.
Richard Levitte [Sat, 3 Jun 2006 02:17:49 +0000 (02:17 +0000)]
Synchronise with Unix
Dr. Stephen Henson [Fri, 2 Jun 2006 17:54:47 +0000 (17:54 +0000)]
Make update.
Dr. Stephen Henson [Fri, 2 Jun 2006 17:52:27 +0000 (17:52 +0000)]
Initial public key ASN1 method engine support. Not integrated yet.
Dr. Stephen Henson [Fri, 2 Jun 2006 17:09:17 +0000 (17:09 +0000)]
Automatically free up dynamically allocated public key methods when
and ENGINE is destroyed.
Dr. Stephen Henson [Fri, 2 Jun 2006 13:09:59 +0000 (13:09 +0000)]
Extend default method string to include public key methods.
Add missing prototypes.
Fix engine method lookup.
Dr. Stephen Henson [Fri, 2 Jun 2006 12:37:02 +0000 (12:37 +0000)]
Typo.
Dr. Stephen Henson [Fri, 2 Jun 2006 12:33:39 +0000 (12:33 +0000)]
Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE
implementations and functional reference counting when a context
is allocated, free or copied.
Richard Levitte [Thu, 1 Jun 2006 12:50:56 +0000 (12:50 +0000)]
Synchronise with the Unixly build.
Dr. Stephen Henson [Thu, 1 Jun 2006 12:43:39 +0000 (12:43 +0000)]
Fix error code. make update
Dr. Stephen Henson [Thu, 1 Jun 2006 12:38:22 +0000 (12:38 +0000)]
Add missing prototype. Extend engine utility to print public key algorithms.
Dr. Stephen Henson [Thu, 1 Jun 2006 11:38:50 +0000 (11:38 +0000)]
Add engine table for EVP_PKEY_METHOD. Doesn't do much yet.
Richard Levitte [Thu, 1 Jun 2006 10:24:47 +0000 (10:24 +0000)]
Because all object files are now in a file, we don't need to mention
any of them on the linker command line. Besides, OBJECT_FILE now
represents the last compiled file, and using it here only results in
getting warnings about multiple definitions of the symbols in that
file.
Dr. Stephen Henson [Wed, 31 May 2006 17:34:14 +0000 (17:34 +0000)]
New pkey functions for keygen callbacks and retrieving operation type.
Andy Polyakov [Tue, 30 May 2006 07:20:13 +0000 (07:20 +0000)]
Tune up AES CFB. Performance improvement varies from 10% to 50% from
platform to platform. Its absolute value is within few percents
marginal from that of ECB.
Richard Levitte [Sun, 28 May 2006 19:44:27 +0000 (19:44 +0000)]
Use a new signed int ii instead of j (which is unsigned) to handle the
return value from sk_SSL_CIPHER_find().
Richard Levitte [Sun, 28 May 2006 19:39:36 +0000 (19:39 +0000)]
Deal with another name that's longer than 31 characters.
Richard Levitte [Sun, 28 May 2006 19:36:29 +0000 (19:36 +0000)]
rslen is unsigned, so it can never go below 0.
Dr. Stephen Henson [Sun, 28 May 2006 00:49:49 +0000 (00:49 +0000)]
Install openssl.cnf to OPENSSLDIR in mk1mf.pl
Dr. Stephen Henson [Fri, 26 May 2006 17:14:23 +0000 (17:14 +0000)]
Flush p7bio when all data has been copied.
Dr. Stephen Henson [Fri, 26 May 2006 13:27:58 +0000 (13:27 +0000)]
Fix warnings.
Dr. Stephen Henson [Fri, 26 May 2006 12:24:49 +0000 (12:24 +0000)]
Update pkeyutl to use size_t for pkey functions.
Richard Levitte [Thu, 25 May 2006 23:40:04 +0000 (23:40 +0000)]
Signed vs. unsigned conflict
Richard Levitte [Thu, 25 May 2006 23:37:03 +0000 (23:37 +0000)]
There was a problem with too long command lines, so I rebuilt to make
it work better.
Dr. Stephen Henson [Thu, 25 May 2006 16:53:52 +0000 (16:53 +0000)]
Allow any supported cipher to be used with smime -encrypt.
Dr. Stephen Henson [Thu, 25 May 2006 11:44:05 +0000 (11:44 +0000)]
Add prototypes, update Win32 ordinals.
Richard Levitte [Thu, 25 May 2006 10:40:01 +0000 (10:40 +0000)]
Keep in sync with Unix
Dr. Stephen Henson [Thu, 25 May 2006 00:55:00 +0000 (00:55 +0000)]
Update EVP_MD_CTX_copy_ex() to use EVP_PKEY_CTX_dup().
Dr. Stephen Henson [Wed, 24 May 2006 23:49:30 +0000 (23:49 +0000)]
New function to dup EVP_PKEY_CTX. This will be needed to make new signing
functions and EVP_MD_CTX_copy work properly.
Dr. Stephen Henson [Wed, 24 May 2006 17:30:09 +0000 (17:30 +0000)]
New functions for enchanced digest sign/verify.
Dr. Stephen Henson [Wed, 24 May 2006 13:29:32 +0000 (13:29 +0000)]
Fix warnings.
Dr. Stephen Henson [Wed, 24 May 2006 12:33:46 +0000 (12:33 +0000)]
Use size_t for new crypto size parameters.
Dr. Stephen Henson [Mon, 22 May 2006 13:37:16 +0000 (13:37 +0000)]
Fix smime -pk7out.
Dr. Stephen Henson [Mon, 22 May 2006 13:01:01 +0000 (13:01 +0000)]
Add ctrl to EVP_MD and EVP_PKEY_CTX to EVP_MD_CTX. These will be used
for enhanced sign/verify operations.
Andy Polyakov [Sat, 20 May 2006 08:52:34 +0000 (08:52 +0000)]
Tiny up hpux targets.
Dr. Stephen Henson [Thu, 18 May 2006 23:44:44 +0000 (23:44 +0000)]
Add -resign and -md options to smime command to support resigning an
existing structure and using alternative digest for signing.
Dr. Stephen Henson [Thu, 18 May 2006 18:06:03 +0000 (18:06 +0000)]
Code tidy.
Dr. Stephen Henson [Thu, 18 May 2006 17:46:56 +0000 (17:46 +0000)]
Typo.
Dr. Stephen Henson [Thu, 18 May 2006 17:22:31 +0000 (17:22 +0000)]
make update
Dr. Stephen Henson [Thu, 18 May 2006 17:20:23 +0000 (17:20 +0000)]
More S/MIME tidy. Place some common attribute operations in utility
functions.
Dr. Stephen Henson [Thu, 18 May 2006 13:05:20 +0000 (13:05 +0000)]
Remove old digest type hacks for non RSA keys.
Dr. Stephen Henson [Thu, 18 May 2006 12:41:28 +0000 (12:41 +0000)]
Multiple signer support in smime application.
Dr. Stephen Henson [Thu, 18 May 2006 11:54:16 +0000 (11:54 +0000)]
Reformat smime.c utility.
Dr. Stephen Henson [Wed, 17 May 2006 18:46:22 +0000 (18:46 +0000)]
New option to pkcs12 utility to set alternative MAC digest algorithm.
Dr. Stephen Henson [Wed, 17 May 2006 18:24:35 +0000 (18:24 +0000)]
Don't try to print PBE information if it can't be decoded.
Dr. Stephen Henson [Wed, 17 May 2006 18:19:51 +0000 (18:19 +0000)]
PKCS#12 mac key length should equal digest length.
Dr. Stephen Henson [Wed, 17 May 2006 17:17:01 +0000 (17:17 +0000)]
Tidy up of S/MIME code and add new functions which will make is easier
to create S/MIME signed data with multiple signers.
Dr. Stephen Henson [Wed, 17 May 2006 12:47:17 +0000 (12:47 +0000)]
Extended PBES2 function supporting application supplied IV and PRF NID.