oweals/openssl.git
12 years agoThe default CN prompt message can be confusing when often the CN needs to
Dr. Stephen Henson [Tue, 6 Dec 2011 00:00:51 +0000 (00:00 +0000)]
The default CN prompt message can be confusing when often the CN needs to
 be the server FQDN: change it.
[Reported by PSW Group]

12 years agoFix exporter.
Ben Laurie [Fri, 2 Dec 2011 16:49:32 +0000 (16:49 +0000)]
Fix exporter.

12 years agoFix warnings.
Ben Laurie [Fri, 2 Dec 2011 14:39:41 +0000 (14:39 +0000)]
Fix warnings.

12 years agoResolve a stack set-up race condition (if the list of compression
Bodo Möller [Fri, 2 Dec 2011 12:51:41 +0000 (12:51 +0000)]
Resolve a stack set-up race condition (if the list of compression
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley

12 years agoFix ecdsatest.c.
Bodo Möller [Fri, 2 Dec 2011 12:40:42 +0000 (12:40 +0000)]
Fix ecdsatest.c.

Submitted by: Emilia Kasper

12 years agoFix BIO_f_buffer().
Bodo Möller [Fri, 2 Dec 2011 12:24:48 +0000 (12:24 +0000)]
Fix BIO_f_buffer().

Submitted by: Adam Langley
Reviewed by: Bodo Moeller

12 years agobn/asm/mips.pl: fix typos [from HEAD].
Andy Polyakov [Thu, 1 Dec 2011 12:17:20 +0000 (12:17 +0000)]
bn/asm/mips.pl: fix typos [from HEAD].

13 years agoPR: 1794
Dr. Stephen Henson [Fri, 25 Nov 2011 00:18:10 +0000 (00:18 +0000)]
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Make SRP conformant to rfc 5054.

Changes are:

- removal of the addition state after client hello
- removal of all pre-rfc srp alert ids
- sending a fatal alert when there is no srp extension but when the
server wants SRP
- removal of unnecessary code in the client.

13 years agoDon't send NPN during renegotiation.
Ben Laurie [Thu, 24 Nov 2011 18:22:06 +0000 (18:22 +0000)]
Don't send NPN during renegotiation.

13 years agoIndent.
Ben Laurie [Thu, 24 Nov 2011 16:51:15 +0000 (16:51 +0000)]
Indent.

13 years agoupdate ordinals
Dr. Stephen Henson [Tue, 22 Nov 2011 14:45:27 +0000 (14:45 +0000)]
update ordinals

13 years agoadd cryptlib.h to mkdef.pl
Dr. Stephen Henson [Tue, 22 Nov 2011 14:44:42 +0000 (14:44 +0000)]
add cryptlib.h to mkdef.pl

13 years agoWorkaround so "make depend" works for fips builds.
Dr. Stephen Henson [Tue, 22 Nov 2011 12:50:59 +0000 (12:50 +0000)]
Workaround so "make depend" works for fips builds.

13 years agoupdate ordinals
Dr. Stephen Henson [Mon, 21 Nov 2011 22:56:33 +0000 (22:56 +0000)]
update ordinals

13 years agoadd strp.h to mkdef.pl headers
Dr. Stephen Henson [Mon, 21 Nov 2011 22:55:12 +0000 (22:55 +0000)]
add strp.h to mkdef.pl headers

13 years agomove internal functions to ssl_locl.h
Dr. Stephen Henson [Mon, 21 Nov 2011 22:52:01 +0000 (22:52 +0000)]
move internal functions to ssl_locl.h

13 years agorecognise NEXTPROTONEG
Dr. Stephen Henson [Mon, 21 Nov 2011 22:35:35 +0000 (22:35 +0000)]
recognise NEXTPROTONEG

13 years agobcmp doesn't exist on all platforms, replace with memcmp
Dr. Stephen Henson [Mon, 21 Nov 2011 22:29:16 +0000 (22:29 +0000)]
bcmp doesn't exist on all platforms, replace with memcmp

13 years agobsaes-x86_64.pl: fix buffer overrun in tail processing [from HEAD].
Andy Polyakov [Wed, 16 Nov 2011 23:36:40 +0000 (23:36 +0000)]
bsaes-x86_64.pl: fix buffer overrun in tail processing [from HEAD].

13 years agoAdd TLS exporter.
Ben Laurie [Tue, 15 Nov 2011 23:51:22 +0000 (23:51 +0000)]
Add TLS exporter.

13 years agoAdd DTLS-SRTP.
Ben Laurie [Tue, 15 Nov 2011 23:02:16 +0000 (23:02 +0000)]
Add DTLS-SRTP.

13 years agoaes-armv4.pl: make it link.
Andy Polyakov [Tue, 15 Nov 2011 13:55:52 +0000 (13:55 +0000)]
aes-armv4.pl: make it link.

13 years agoe_rc4_hmac_md5.c: make it work on darwin64, which is configured with RC4_CHAR.
Andy Polyakov [Tue, 15 Nov 2011 12:39:48 +0000 (12:39 +0000)]
e_rc4_hmac_md5.c: make it work on darwin64, which is configured with RC4_CHAR.

13 years agoaes-s390x.pl: make it link.
Andy Polyakov [Tue, 15 Nov 2011 12:20:55 +0000 (12:20 +0000)]
aes-s390x.pl: make it link.

13 years agoConfigure, e_aes.c: allow for XTS assembler implementation [from HEAD].
Andy Polyakov [Tue, 15 Nov 2011 12:19:56 +0000 (12:19 +0000)]
Configure, e_aes.c: allow for XTS assembler implementation [from HEAD].

13 years agoe_aes.c: jumbo update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:17:08 +0000 (21:17 +0000)]
e_aes.c: jumbo update from HEAD.

13 years agoec_cvt.c: performance update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:14:53 +0000 (21:14 +0000)]
ec_cvt.c: performance update from HEAD.

13 years agoc_allc.c: add XTS ciphers [from HEAD].
Andy Polyakov [Mon, 14 Nov 2011 21:13:35 +0000 (21:13 +0000)]
c_allc.c: add XTS ciphers [from HEAD].

13 years agoconfig: platform and poratbility updates from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:12:53 +0000 (21:12 +0000)]
config: platform and poratbility updates from HEAD.

13 years agoConfigure, etc.: engage additional assembler modules.
Andy Polyakov [Mon, 14 Nov 2011 21:12:05 +0000 (21:12 +0000)]
Configure, etc.: engage additional assembler modules.

13 years agospeed.c: add ghash benchmark [from HEAD].
Andy Polyakov [Mon, 14 Nov 2011 21:09:30 +0000 (21:09 +0000)]
speed.c: add ghash benchmark [from HEAD].

13 years agox86 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:06:50 +0000 (21:06 +0000)]
x86 assembler pack update from HEAD.

13 years agoBN update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:05:42 +0000 (21:05 +0000)]
BN update from HEAD.

13 years agox86_64 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:01:21 +0000 (21:01 +0000)]
x86_64 assembler pack update from HEAD.

13 years agoARM assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:58:01 +0000 (20:58 +0000)]
ARM assembler pack update from HEAD.

13 years agoAlpha assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:56:15 +0000 (20:56 +0000)]
Alpha assembler pack update from HEAD.

13 years agoMIPS assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:55:24 +0000 (20:55 +0000)]
MIPS assembler pack update from HEAD.

13 years agoPPC assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:54:17 +0000 (20:54 +0000)]
PPC assembler pack update from HEAD.

13 years agoPA-RISC assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:50:15 +0000 (20:50 +0000)]
PA-RISC assembler pack update from HEAD.

13 years agoSPARCv9 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:48:35 +0000 (20:48 +0000)]
SPARCv9 assembler pack update from HEAD.

13 years agos390x assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:47:22 +0000 (20:47 +0000)]
s390x assembler pack update from HEAD.

13 years agoIA64 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:45:57 +0000 (20:45 +0000)]
IA64 assembler pack update from HEAD.

13 years agoperlasm update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:44:20 +0000 (20:44 +0000)]
perlasm update from HEAD.

13 years agoMafiles updates to accomodate assembler update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:42:22 +0000 (20:42 +0000)]
Mafiles updates to accomodate assembler update from HEAD.

13 years agoDH keys have an (until now) unused 'q' parameter. When creating from DSA copy
Dr. Stephen Henson [Mon, 14 Nov 2011 14:16:09 +0000 (14:16 +0000)]
DH keys have an (until now) unused 'q' parameter. When creating from DSA copy
q across and if q present generate DH key in the correct range. (from HEAD)

13 years agoCall OPENSSL_init after we've checked to see if customisation is permissible.
Dr. Stephen Henson [Mon, 14 Nov 2011 14:15:29 +0000 (14:15 +0000)]
Call OPENSSL_init after we've checked to see if customisation is permissible.

13 years agoIgnorance.
Ben Laurie [Mon, 14 Nov 2011 02:42:26 +0000 (02:42 +0000)]
Ignorance.

13 years agoNext Protocol Negotiation.
Ben Laurie [Mon, 14 Nov 2011 02:25:04 +0000 (02:25 +0000)]
Next Protocol Negotiation.

13 years agoAdd Next Protocol Negotiation.
Ben Laurie [Sun, 13 Nov 2011 21:55:42 +0000 (21:55 +0000)]
Add Next Protocol Negotiation.

13 years agomake depend.
Ben Laurie [Sun, 13 Nov 2011 20:23:34 +0000 (20:23 +0000)]
make depend.

13 years agoFix one of the no-tlsext build errors (there are more).
Ben Laurie [Sun, 13 Nov 2011 20:19:21 +0000 (20:19 +0000)]
Fix one of the no-tlsext build errors (there are more).

13 years agoPR: 1794
Dr. Stephen Henson [Sun, 13 Nov 2011 13:13:14 +0000 (13:13 +0000)]
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c

13 years agox86cpuid.pl: compensate for imaginary virtual machines [from HEAD].
Andy Polyakov [Tue, 8 Nov 2011 21:28:14 +0000 (21:28 +0000)]
x86cpuid.pl: compensate for imaginary virtual machines [from HEAD].
PR: 2633

13 years agox86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs.
Andy Polyakov [Sat, 5 Nov 2011 10:44:25 +0000 (10:44 +0000)]
x86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs.
PR: 2633

13 years agoppc.pl: fix bug in bn_mul_comba4 [from HEAD].
Andy Polyakov [Sat, 5 Nov 2011 10:16:30 +0000 (10:16 +0000)]
ppc.pl: fix bug in bn_mul_comba4 [from HEAD].
PR: 2636
Submitted by: Charles Bryant

13 years agoAdd missing algorithms to disable, and in particular, disable
Richard Levitte [Sun, 30 Oct 2011 11:45:30 +0000 (11:45 +0000)]
Add missing algorithms to disable, and in particular, disable
EC_NISTP_64_GCC_128 by default, as GCC isn't currently supported on
VMS.  Add CMAC to the modules to build, and synchronise with Unix.

13 years agoTeach mkshared.com to have a look for disabled algorithms in opensslconf.h
Richard Levitte [Sun, 30 Oct 2011 11:40:56 +0000 (11:40 +0000)]
Teach mkshared.com to have a look for disabled algorithms in opensslconf.h

13 years agoPR: 2628
Dr. Stephen Henson [Thu, 27 Oct 2011 13:06:43 +0000 (13:06 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.

13 years agoPR: 2628
Dr. Stephen Henson [Thu, 27 Oct 2011 13:01:20 +0000 (13:01 +0000)]
PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix for ECC keys and DTLS.

13 years agoPR: 2632
Dr. Stephen Henson [Wed, 26 Oct 2011 16:43:23 +0000 (16:43 +0000)]
PR: 2632
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.

13 years agoUse correct tag for SRP username.
Dr. Stephen Henson [Tue, 25 Oct 2011 12:52:47 +0000 (12:52 +0000)]
Use correct tag for SRP username.

13 years agoUpdate error codes for FIPS.
Dr. Stephen Henson [Fri, 21 Oct 2011 13:04:27 +0000 (13:04 +0000)]
Update error codes for FIPS.
Add support for authentication in FIPS_mode_set().

13 years agoRecognise new ECC option (from HEAD).
Dr. Stephen Henson [Fri, 21 Oct 2011 12:53:07 +0000 (12:53 +0000)]
Recognise new ECC option (from HEAD).

13 years ago"make update"
Bodo Möller [Wed, 19 Oct 2011 15:24:44 +0000 (15:24 +0000)]
"make update"

13 years agoBN_BLINDING multi-threading fix.
Bodo Möller [Wed, 19 Oct 2011 14:58:59 +0000 (14:58 +0000)]
BN_BLINDING multi-threading fix.

Submitted by: Emilia Kasper (Google)

13 years agoFix indentation
Bodo Möller [Wed, 19 Oct 2011 09:24:05 +0000 (09:24 +0000)]
Fix indentation

13 years agoFix warnings.
Bodo Möller [Wed, 19 Oct 2011 08:58:35 +0000 (08:58 +0000)]
Fix warnings.
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.

13 years agoImprove optional 64-bit NIST-P224 implementation, and add NIST-P256 and
Bodo Möller [Tue, 18 Oct 2011 19:43:54 +0000 (19:43 +0000)]
Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.

13 years agoRecognise no-rsax option.
Dr. Stephen Henson [Sat, 15 Oct 2011 13:22:26 +0000 (13:22 +0000)]
Recognise no-rsax option.

13 years agoe_aes.c: fix bug in aesni_gcm_tls_cipher [in HEAD].
Andy Polyakov [Fri, 14 Oct 2011 09:34:14 +0000 (09:34 +0000)]
e_aes.c: fix bug in aesni_gcm_tls_cipher [in HEAD].

13 years agoaesni-x86[_64].pl: pull from HEAD.
Andy Polyakov [Fri, 14 Oct 2011 09:21:03 +0000 (09:21 +0000)]
aesni-x86[_64].pl: pull from HEAD.

13 years agouse -no_ecdhe when using -no_dhe
Bodo Möller [Thu, 13 Oct 2011 15:07:05 +0000 (15:07 +0000)]
use -no_ecdhe when using -no_dhe

13 years agoMake CTR mode behaviour consistent with other modes:
Bodo Möller [Thu, 13 Oct 2011 13:42:29 +0000 (13:42 +0000)]
Make CTR mode behaviour consistent with other modes:
clear ctx->num in EVP_CipherInit_ex

Submitted by: Emilia Kasper

13 years agoClarify warning
Bodo Möller [Thu, 13 Oct 2011 13:25:03 +0000 (13:25 +0000)]
Clarify warning

13 years agoIn ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Bodo Möller [Thu, 13 Oct 2011 13:05:35 +0000 (13:05 +0000)]
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.

Submitted by: Bob Buckholz <bbuckholz@google.com>

13 years agoFor now disable RSAX ENGINE for FIPS builds: it sets a non-FIPS RSA
Dr. Stephen Henson [Thu, 13 Oct 2011 11:43:44 +0000 (11:43 +0000)]
For now disable RSAX ENGINE for FIPS builds: it sets a non-FIPS RSA
method which stops FIPS mode working.

13 years agoincrease test RSA key size to 1024 bits
Dr. Stephen Henson [Wed, 12 Oct 2011 21:55:42 +0000 (21:55 +0000)]
increase test RSA key size to 1024 bits

13 years agoupdate pkey method initialisation and copy
Dr. Stephen Henson [Tue, 11 Oct 2011 18:16:02 +0000 (18:16 +0000)]
update pkey method initialisation and copy

13 years agoBackport ossl_ssize_t type from HEAD.
Dr. Stephen Henson [Mon, 10 Oct 2011 22:33:50 +0000 (22:33 +0000)]
Backport ossl_ssize_t type from HEAD.

13 years agodef_rsa_finish not used anymore.
Dr. Stephen Henson [Mon, 10 Oct 2011 20:34:17 +0000 (20:34 +0000)]
def_rsa_finish not used anymore.

13 years agofix leak properly this time...
Dr. Stephen Henson [Mon, 10 Oct 2011 14:09:05 +0000 (14:09 +0000)]
fix leak properly this time...

13 years agoadd GCM ciphers in SSL_library_init
Dr. Stephen Henson [Mon, 10 Oct 2011 12:56:11 +0000 (12:56 +0000)]
add GCM ciphers in SSL_library_init

13 years agodisable GCM if not available
Dr. Stephen Henson [Mon, 10 Oct 2011 12:40:13 +0000 (12:40 +0000)]
disable GCM if not available

13 years agoAdd some entries for 1.0.1 in NEWS.
Dr. Stephen Henson [Mon, 10 Oct 2011 00:27:52 +0000 (00:27 +0000)]
Add some entries for 1.0.1 in NEWS.

13 years agosync NEWS with 1.0.0 branch
Dr. Stephen Henson [Mon, 10 Oct 2011 00:23:14 +0000 (00:23 +0000)]
sync NEWS with 1.0.0 branch

13 years agoDon't disable TLS v1.2 by default any more.
Dr. Stephen Henson [Sun, 9 Oct 2011 23:28:25 +0000 (23:28 +0000)]
Don't disable TLS v1.2 by default any more.

13 years agoUpdate ordinals.
Dr. Stephen Henson [Sun, 9 Oct 2011 23:14:20 +0000 (23:14 +0000)]
Update ordinals.

13 years agoBackport PSS signature support from HEAD.
Dr. Stephen Henson [Sun, 9 Oct 2011 23:13:50 +0000 (23:13 +0000)]
Backport PSS signature support from HEAD.

13 years agofix CHANGES entry
Dr. Stephen Henson [Sun, 9 Oct 2011 23:11:09 +0000 (23:11 +0000)]
fix CHANGES entry

13 years agofix memory leaks
Dr. Stephen Henson [Sun, 9 Oct 2011 23:09:22 +0000 (23:09 +0000)]
fix memory leaks

13 years agoFix memory leak. From HEAD.
Dr. Stephen Henson [Sun, 9 Oct 2011 16:04:17 +0000 (16:04 +0000)]
Fix memory leak. From HEAD.

13 years agoUpdate ordinals.
Dr. Stephen Henson [Sun, 9 Oct 2011 15:28:52 +0000 (15:28 +0000)]
Update ordinals.

13 years agoBackport of password based CMS support from HEAD.
Dr. Stephen Henson [Sun, 9 Oct 2011 15:28:02 +0000 (15:28 +0000)]
Backport of password based CMS support from HEAD.

13 years agoPR: 2482
Dr. Stephen Henson [Sun, 9 Oct 2011 00:56:43 +0000 (00:56 +0000)]
PR: 2482
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.

13 years agouse client version when eliminating TLS v1.2 ciphersuites in client hello
Dr. Stephen Henson [Fri, 7 Oct 2011 15:07:36 +0000 (15:07 +0000)]
use client version when eliminating TLS v1.2 ciphersuites in client hello

13 years ago? crypto/aes/aes-armv4.S
Dr. Stephen Henson [Thu, 6 Oct 2011 20:45:08 +0000 (20:45 +0000)]
? crypto/aes/aes-armv4.S
? crypto/aes/aesni-sha1-x86_64.s
? crypto/aes/aesni-x86_64.s
? crypto/aes/foo.pl
? crypto/aes/vpaes-x86_64.s
? crypto/bn/.bn_lib.c.swp
? crypto/bn/armv4-gf2m.S
? crypto/bn/diffs
? crypto/bn/modexp512-x86_64.s
? crypto/bn/x86_64-gf2m.s
? crypto/bn/x86_64-mont5.s
? crypto/ec/bc.txt
? crypto/ec/diffs
? crypto/modes/a.out
? crypto/modes/diffs
? crypto/modes/ghash-armv4.S
? crypto/modes/ghash-x86_64.s
? crypto/modes/op.h
? crypto/modes/tst.c
? crypto/modes/x.h
? crypto/objects/.obj_xref.txt.swp
? crypto/rand/diffs
? crypto/sha/sha-512
? crypto/sha/sha1-armv4-large.S
? crypto/sha/sha256-armv4.S
? crypto/sha/sha512-armv4.S
Index: crypto/objects/obj_xref.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v
retrieving revision 1.9
diff -u -r1.9 obj_xref.c
--- crypto/objects/obj_xref.c 5 Nov 2008 18:38:58 -0000 1.9
+++ crypto/objects/obj_xref.c 6 Oct 2011 20:30:21 -0000
@@ -110,8 +110,10 @@
 #endif
  if (rv == NULL)
  return 0;
- *pdig_nid = rv->hash_id;
- *ppkey_nid = rv->pkey_id;
+ if (pdig_nid)
+ *pdig_nid = rv->hash_id;
+ if (ppkey_nid)
+ *ppkey_nid = rv->pkey_id;
  return 1;
  }

@@ -144,7 +146,8 @@
 #endif
  if (rv == NULL)
  return 0;
- *psignid = (*rv)->sign_id;
+ if (psignid)
+ *psignid = (*rv)->sign_id;
  return 1;
  }

Index: crypto/x509/x509type.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v
retrieving revision 1.10
diff -u -r1.10 x509type.c
--- crypto/x509/x509type.c 26 Oct 2007 12:06:33 -0000 1.10
+++ crypto/x509/x509type.c 6 Oct 2011 20:36:04 -0000
@@ -100,20 +100,26 @@
  break;
  }

- i=X509_get_signature_type(x);
- switch (i)
+ i=OBJ_obj2nid(x->sig_alg->algorithm);
+ if (i && OBJ_find_sigid_algs(i, NULL, &i))
  {
- case EVP_PKEY_RSA:
- ret|=EVP_PKS_RSA;
- break;
- case EVP_PKEY_DSA:
- ret|=EVP_PKS_DSA;
- break;
- case EVP_PKEY_EC:
- ret|=EVP_PKS_EC;
- break;
- default:
- break;
+
+ switch (i)
+ {
+ case NID_rsaEncryption:
+ case NID_rsa:
+ ret|=EVP_PKS_RSA;
+ break;
+ case NID_dsa:
+ case NID_dsa_2:
+ ret|=EVP_PKS_DSA;
+ break;
+ case NID_X9_62_id_ecPublicKey:
+ ret|=EVP_PKS_EC;
+ break;
+ default:
+ break;
+ }
  }

  if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look

13 years agofix signed/unsigned warning
Dr. Stephen Henson [Mon, 26 Sep 2011 17:04:41 +0000 (17:04 +0000)]
fix signed/unsigned warning

13 years agomake sure eivlen is initialised
Dr. Stephen Henson [Sat, 24 Sep 2011 23:06:35 +0000 (23:06 +0000)]
make sure eivlen is initialised

13 years agouse keyformat for -x509toreq, don't hard code PEM
Dr. Stephen Henson [Fri, 23 Sep 2011 21:48:50 +0000 (21:48 +0000)]
use keyformat for -x509toreq, don't hard code PEM

13 years agoPR: 2606
Dr. Stephen Henson [Fri, 23 Sep 2011 13:39:35 +0000 (13:39 +0000)]
PR: 2606
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve

Handle timezones correctly in UTCTime.