Bodo Möller [Fri, 8 Sep 2006 06:00:40 +0000 (06:00 +0000)]
Make sure the int_rsa_verify() prototype matches the implementation
(m_len currently is 'unsigned int', not 'size_t')
Submitted by: Gisle Vanem
Dr. Stephen Henson [Wed, 6 Sep 2006 11:59:04 +0000 (11:59 +0000)]
Additional detail.
Bodo Möller [Wed, 6 Sep 2006 11:54:19 +0000 (11:54 +0000)]
update information on "current version" ...
Dr. Stephen Henson [Wed, 6 Sep 2006 11:53:50 +0000 (11:53 +0000)]
Add an FAQ.
Bodo Möller [Wed, 6 Sep 2006 06:43:11 +0000 (06:43 +0000)]
Remove non-functional part of recent patch, after discussion with
Colin Percival (this would have caused more problems than solved,
and isn't really necessary anyway)
Bodo Möller [Wed, 6 Sep 2006 06:42:11 +0000 (06:42 +0000)]
Make consistent with 0.9.8-branch version of this file
Bodo Möller [Wed, 6 Sep 2006 06:34:52 +0000 (06:34 +0000)]
Every change so far that is in the 0.9.8 branch is (or should be) in HEAD
Mark J. Cox [Tue, 5 Sep 2006 08:58:03 +0000 (08:58 +0000)]
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
Andy Polyakov [Thu, 31 Aug 2006 21:27:30 +0000 (21:27 +0000)]
Rewrite sha1-586.pl.
Andy Polyakov [Thu, 31 Aug 2006 21:15:38 +0000 (21:15 +0000)]
Fix bug in aes-586.pl.
Andy Polyakov [Thu, 31 Aug 2006 21:12:17 +0000 (21:12 +0000)]
Fix bug in x86unix.pl introduced in latest update.
PR: 1380
Dr. Stephen Henson [Thu, 31 Aug 2006 21:01:15 +0000 (21:01 +0000)]
Kill more C++ comments.
Dr. Stephen Henson [Thu, 31 Aug 2006 20:56:20 +0000 (20:56 +0000)]
Fix C++ style comments, change assert to OPENSSL_assert, stop warning with
pedantic mode.
Dr. Stephen Henson [Thu, 31 Aug 2006 20:10:37 +0000 (20:10 +0000)]
Fix leak
Ben Laurie [Thu, 31 Aug 2006 14:04:04 +0000 (14:04 +0000)]
Forward port of IGE mode.
Ben Laurie [Mon, 28 Aug 2006 17:01:04 +0000 (17:01 +0000)]
Make things static that should be. Declare stuff in headers that should be.
Fix warnings.
Richard Levitte [Sun, 20 Aug 2006 05:54:35 +0000 (05:54 +0000)]
According to documentation, including time.h declares select() on
OpenVMS, and possibly more.
Ref: http://h71000.www7.hp.com/doc/82final/6529/6529pro_019.html#r_select
Richard Levitte [Sun, 20 Aug 2006 05:18:12 +0000 (05:18 +0000)]
Correct warnings about signedness.
Ulf Möller [Sun, 13 Aug 2006 09:03:38 +0000 (09:03 +0000)]
Use gmtime on cygwin
Submitted by: Corinna Vinschen
Andy Polyakov [Wed, 9 Aug 2006 15:40:30 +0000 (15:40 +0000)]
+20% tune-up for Power5.
Andy Polyakov [Mon, 7 Aug 2006 09:05:52 +0000 (09:05 +0000)]
Revised AES_cbc_encrypt in x86 assembler module.
Ulf Möller [Sat, 5 Aug 2006 20:45:06 +0000 (20:45 +0000)]
Correct punctuation.
PR: 1367
Andy Polyakov [Wed, 2 Aug 2006 22:38:16 +0000 (22:38 +0000)]
Agressively prefetch S-box in SSE codepatch, relax alignment requirement,
check for SSE bit instead of MMX, as pshufw was introduces in PIII, minor
optimization, typos...
Andy Polyakov [Wed, 2 Aug 2006 07:46:56 +0000 (07:46 +0000)]
Switch to compact S-box when generating AES key schedule.
Andy Polyakov [Tue, 1 Aug 2006 22:10:39 +0000 (22:10 +0000)]
Switch to compact S-box when generating AES key schedule.
Andy Polyakov [Tue, 1 Aug 2006 16:12:10 +0000 (16:12 +0000)]
Real Bourne shell doesn't interpret ==, but =.
Andy Polyakov [Mon, 31 Jul 2006 22:28:40 +0000 (22:28 +0000)]
Engage assembler in solaris64-x86_64-cc.
Andy Polyakov [Mon, 31 Jul 2006 22:26:40 +0000 (22:26 +0000)]
perlasm/x86unix.pl update.
Andy Polyakov [Mon, 31 Jul 2006 20:03:56 +0000 (20:03 +0000)]
Next generation aes-586.pl featuring AES_[en|de]crypt, accessing exclusively
256 byte S-box. AES_cbc_encrypt needs further work as it should also use
slow routines when processing smaller amount of data.
Bodo Möller [Mon, 31 Jul 2006 11:50:01 +0000 (11:50 +0000)]
Camellia IPR information
Dr. Stephen Henson [Tue, 25 Jul 2006 17:39:38 +0000 (17:39 +0000)]
Support for multiple CRLs with same issuer name in X509_STORE. Modify
verify logic to try to use an unexpired CRL if possible.
Dr. Stephen Henson [Mon, 24 Jul 2006 12:39:22 +0000 (12:39 +0000)]
Cache some CRL related extensions.
Dr. Stephen Henson [Fri, 21 Jul 2006 22:46:19 +0000 (22:46 +0000)]
Avoid warning.
Dr. Stephen Henson [Fri, 21 Jul 2006 22:28:48 +0000 (22:28 +0000)]
Avoid WIN32 warning.
Dr. Stephen Henson [Fri, 21 Jul 2006 22:26:31 +0000 (22:26 +0000)]
Avoid warnings.
Dr. Stephen Henson [Thu, 20 Jul 2006 16:56:47 +0000 (16:56 +0000)]
Use correct pointer types for various functions.
Bodo Möller [Wed, 19 Jul 2006 13:38:26 +0000 (13:38 +0000)]
New Camellia implementation (replacing previous version)
Submitted by: NTT
Bodo Möller [Wed, 19 Jul 2006 13:36:40 +0000 (13:36 +0000)]
Camellia information
Dr. Stephen Henson [Tue, 18 Jul 2006 12:36:19 +0000 (12:36 +0000)]
Store canonical encodings of Name structures. Update X509_NAME_cmp() to use
them.
Andy Polyakov [Tue, 18 Jul 2006 10:05:38 +0000 (10:05 +0000)]
Reimplement outer rounds as "compact" in x86 assembler. This has rather
strong impact on decrypt performance, 20-25%. One probably should consider
switching between slower and faster routines depending on how much data
we were asked to process.
Dr. Stephen Henson [Mon, 17 Jul 2006 18:52:51 +0000 (18:52 +0000)]
WIN32 fixes signed/unsigned issues and slightly socket semantics.
Dr. Stephen Henson [Mon, 17 Jul 2006 16:42:06 +0000 (16:42 +0000)]
Update .cvsignore again.
Dr. Stephen Henson [Mon, 17 Jul 2006 16:40:20 +0000 (16:40 +0000)]
Update .cvsignore
Dr. Stephen Henson [Mon, 17 Jul 2006 16:33:31 +0000 (16:33 +0000)]
Fix various error codes to match functions.
Dr. Stephen Henson [Mon, 17 Jul 2006 13:26:54 +0000 (13:26 +0000)]
Add -timeout option to ocsp utility.
Dr. Stephen Henson [Mon, 17 Jul 2006 12:18:28 +0000 (12:18 +0000)]
New non-blocking OCSP functionality.
Andy Polyakov [Fri, 14 Jul 2006 09:57:55 +0000 (09:57 +0000)]
Add option for "compact" rounds to aes_x86core.c. "Compact" rounds are
those referencing compact, 256-byte, S-boxes.
Dr. Stephen Henson [Thu, 13 Jul 2006 20:29:55 +0000 (20:29 +0000)]
There is should be no need to rewind the input stream any more.
For S/MIME multipart/signed type the signature is calculated on the fly.
For other detached data forms the stream isn't used after the single pass to
calculate signatures.
For non-detached the data is stored in a memory BIO.
Dr. Stephen Henson [Wed, 12 Jul 2006 18:00:20 +0000 (18:00 +0000)]
In genpkey, also look for algorithm string name in any supplied ENGINE.
Dr. Stephen Henson [Wed, 12 Jul 2006 16:30:40 +0000 (16:30 +0000)]
Bugfix: don't look in internal table for signature if found in application
supplied list.
Dr. Stephen Henson [Wed, 12 Jul 2006 13:28:44 +0000 (13:28 +0000)]
Typo.
Dr. Stephen Henson [Wed, 12 Jul 2006 12:31:30 +0000 (12:31 +0000)]
New docs for EVP_Digest{Sign,Verify}*() function. Update existing docs.
Dr. Stephen Henson [Mon, 10 Jul 2006 23:10:26 +0000 (23:10 +0000)]
Add docs for pkeyparam. Update some existing docs.
Dr. Stephen Henson [Mon, 10 Jul 2006 22:49:08 +0000 (22:49 +0000)]
Update some usage messages.
Dr. Stephen Henson [Mon, 10 Jul 2006 18:40:42 +0000 (18:40 +0000)]
make update
Dr. Stephen Henson [Mon, 10 Jul 2006 18:36:55 +0000 (18:36 +0000)]
Allow digests to supply S/MIME micalg values from a ctrl.
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
Dr. Stephen Henson [Sun, 9 Jul 2006 16:05:43 +0000 (16:05 +0000)]
New functions to add and free up application defined signature OIDs.
Dr. Stephen Henson [Sun, 9 Jul 2006 12:02:08 +0000 (12:02 +0000)]
Set detached flag in PKCS7 structure earlier to avoid eating up memory.
PR: 1071
Dr. Stephen Henson [Sun, 9 Jul 2006 11:26:13 +0000 (11:26 +0000)]
Public key comparison and printing routine functions.
Dr. Stephen Henson [Sun, 9 Jul 2006 11:01:49 +0000 (11:01 +0000)]
EVP_PKEY_get_default_digest() manual page.
Dr. Stephen Henson [Sun, 9 Jul 2006 10:51:03 +0000 (10:51 +0000)]
EVP_PKEY_CTX_ctrl() docs.
Dr. Stephen Henson [Sun, 9 Jul 2006 01:59:30 +0000 (01:59 +0000)]
Update docs.
Dr. Stephen Henson [Sun, 9 Jul 2006 00:53:45 +0000 (00:53 +0000)]
New functions to enumerate digests and ciphers.
Dr. Stephen Henson [Sat, 8 Jul 2006 21:42:49 +0000 (21:42 +0000)]
Keygen docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 12:47:52 +0000 (12:47 +0000)]
EVP_PKEY_derive() docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 12:46:51 +0000 (12:46 +0000)]
Add some examples.
Dr. Stephen Henson [Sat, 8 Jul 2006 11:22:23 +0000 (11:22 +0000)]
EVP_PKEY_verify() docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 11:13:01 +0000 (11:13 +0000)]
New docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 10:55:03 +0000 (10:55 +0000)]
Update docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 10:45:08 +0000 (10:45 +0000)]
Add some EVP_PKEY_METHOD docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 10:01:33 +0000 (10:01 +0000)]
Update docs with algorithm options.
Dr. Stephen Henson [Sat, 8 Jul 2006 00:50:25 +0000 (00:50 +0000)]
Typo.
Dr. Stephen Henson [Sat, 8 Jul 2006 00:47:04 +0000 (00:47 +0000)]
Initial docs for pkeyutl.
Dr. Stephen Henson [Sat, 8 Jul 2006 00:24:47 +0000 (00:24 +0000)]
Docs for new utilities.
Dr. Stephen Henson [Fri, 7 Jul 2006 21:44:23 +0000 (21:44 +0000)]
Add documentation for new smime options.
Andy Polyakov [Tue, 4 Jul 2006 20:29:50 +0000 (20:29 +0000)]
Fix compiler warnings.
Andy Polyakov [Tue, 4 Jul 2006 20:29:14 +0000 (20:29 +0000)]
Unsigned vs signed comparison warning.
Andy Polyakov [Tue, 4 Jul 2006 20:27:44 +0000 (20:27 +0000)]
Typos(?) in HEAD/crypto/evp/p_lib.c.
Dr. Stephen Henson [Sun, 2 Jul 2006 21:13:39 +0000 (21:13 +0000)]
dsa_pub_cmp() doesn't need to check parameters because that is done in
EVP_PKEY_cmp().
Dr. Stephen Henson [Sun, 2 Jul 2006 21:12:40 +0000 (21:12 +0000)]
Make return value from EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() consistent.
Andy Polyakov [Sun, 2 Jul 2006 09:18:00 +0000 (09:18 +0000)]
Prepare playground for AES experimental code.
Bodo Möller [Fri, 30 Jun 2006 22:00:13 +0000 (22:00 +0000)]
documentation for "HIGH" vs. "MEDIUM" was not up-to-date
Bodo Möller [Fri, 30 Jun 2006 08:14:39 +0000 (08:14 +0000)]
use <poll.h> as by Single Unix Specification
Bodo Möller [Wed, 28 Jun 2006 14:50:12 +0000 (14:50 +0000)]
always read in RAND_poll() if we can't use select because of a too
large FD: it's non-blocking mode anyway
Andy Polyakov [Wed, 28 Jun 2006 08:52:16 +0000 (08:52 +0000)]
Mitigate the hazard of cache-collision timing attack on last round. The
only chance for T[ed]4 to get evicted in this module is when its cache
"overlaps" with last 128 bits of key schedule.
Andy Polyakov [Wed, 28 Jun 2006 08:48:54 +0000 (08:48 +0000)]
Mitigate the hazard of cache-collision timing attack on last round. Well,
prefetch could have been moved closer to Td4 references. Something for
later consideration...
Andy Polyakov [Wed, 28 Jun 2006 08:39:06 +0000 (08:39 +0000)]
Mitigate cache-collision timing attack on last round.
Dr. Stephen Henson [Tue, 27 Jun 2006 17:23:24 +0000 (17:23 +0000)]
Fix EVP_PKEY_CTX_dup() to return correct value and handle NULL keys in
the source.
Richard Levitte [Tue, 27 Jun 2006 06:31:34 +0000 (06:31 +0000)]
Use poll() when possible to gather Unix randomness entropy
Bodo Möller [Fri, 23 Jun 2006 15:21:36 +0000 (15:21 +0000)]
New functions CRYPTO_set_idptr_callback(),
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.
Bodo Möller [Thu, 22 Jun 2006 12:37:28 +0000 (12:37 +0000)]
Change in 0.9.8 branch:
Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)
Bodo Möller [Tue, 20 Jun 2006 08:50:42 +0000 (08:50 +0000)]
Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)
Bodo Möller [Sun, 18 Jun 2006 22:00:57 +0000 (22:00 +0000)]
Change array representation of binary polynomials to make GF2m part of
the BN library more generally useful.
Submitted by: Douglas Stebila
Bodo Möller [Fri, 16 Jun 2006 01:00:47 +0000 (01:00 +0000)]
another thread-safety fix
Bodo Möller [Thu, 15 Jun 2006 19:58:22 +0000 (19:58 +0000)]
Error messages for client ECC cert verification.
Also, change the default ciphersuite to give some prefererence to
ciphersuites with forwared secrecy (rather than using a random order).
Bodo Möller [Thu, 15 Jun 2006 19:00:34 +0000 (19:00 +0000)]
Call 'print_stuff' even if a handshake failed.
Bodo Möller [Thu, 15 Jun 2006 18:28:00 +0000 (18:28 +0000)]
Fix algorithm handling for ECC ciphersuites: Adapt to recent changes,
and allow more general RSA OIDs for ECC certs with RSA CA sig.
Bodo Möller [Thu, 15 Jun 2006 17:17:06 +0000 (17:17 +0000)]
Fix another new bug in the cipherstring logic.
Bodo Möller [Thu, 15 Jun 2006 16:54:20 +0000 (16:54 +0000)]
Fix another bug introduced yesterday when deleting Fortezza stuff:
make sure 'mask' is initialized in ssl_cipher_get_disabled().
Also simplify code by removing some unused arguments in static functions.
Bodo Möller [Thu, 15 Jun 2006 16:07:10 +0000 (16:07 +0000)]
Oops ... deleted too much in the previous commit when I deleted
the Fortezza stuff