oweals/openssl.git
13 years agoSkip ECDH sanity check. Add --compare-all to run comparison tests on
Dr. Stephen Henson [Wed, 12 Oct 2011 17:18:38 +0000 (17:18 +0000)]
Skip ECDH sanity check. Add --compare-all to run comparison tests on
all files instead of sanity checks.

13 years agoHandle partial test where H is absent: needed to check g generation.
Dr. Stephen Henson [Wed, 12 Oct 2011 17:03:15 +0000 (17:03 +0000)]
Handle partial test where H is absent: needed to check g generation.

13 years agoUpdate instructions.
Dr. Stephen Henson [Wed, 12 Oct 2011 15:35:34 +0000 (15:35 +0000)]
Update instructions.

13 years agoUpdates to handle some verification of v2 tests.
Dr. Stephen Henson [Wed, 12 Oct 2011 15:33:54 +0000 (15:33 +0000)]
Updates to handle some verification of v2 tests.

Now enable v2 by default and require a --disable-v2 option to run the
old v1 tests.

13 years agoHandle broken test on verify too.
Dr. Stephen Henson [Wed, 12 Oct 2011 15:32:57 +0000 (15:32 +0000)]
Handle broken test on verify too.

13 years agoECDH POST selftest failure inducing support.
Dr. Stephen Henson [Wed, 12 Oct 2011 13:17:19 +0000 (13:17 +0000)]
ECDH POST selftest failure inducing support.

13 years agoFix warnings.
Dr. Stephen Henson [Wed, 12 Oct 2011 13:06:45 +0000 (13:06 +0000)]
Fix warnings.

13 years agoOnly include one ECDH selftest.
Dr. Stephen Henson [Wed, 12 Oct 2011 12:55:58 +0000 (12:55 +0000)]
Only include one ECDH selftest.

13 years agoe_padlock-x86[_64].pl: protection against prefetch errata.
Andy Polyakov [Tue, 11 Oct 2011 21:07:53 +0000 (21:07 +0000)]
e_padlock-x86[_64].pl: protection against prefetch errata.

13 years agoupdate pkey method initialisation and copy
Dr. Stephen Henson [Tue, 11 Oct 2011 18:15:31 +0000 (18:15 +0000)]
update pkey method initialisation and copy

13 years agoprint out subgroup order if present
Dr. Stephen Henson [Tue, 11 Oct 2011 17:44:26 +0000 (17:44 +0000)]
print out subgroup order if present

13 years agodef_rsa_finish not used any more.
Dr. Stephen Henson [Mon, 10 Oct 2011 20:35:09 +0000 (20:35 +0000)]
def_rsa_finish not used any more.

13 years agoremove some debugging code
Dr. Stephen Henson [Mon, 10 Oct 2011 19:09:01 +0000 (19:09 +0000)]
remove some debugging code

13 years agofix leak properly this time...
Dr. Stephen Henson [Mon, 10 Oct 2011 14:08:55 +0000 (14:08 +0000)]
fix leak properly this time...

13 years agoadd GCM ciphers in SSL_library_init
Dr. Stephen Henson [Mon, 10 Oct 2011 12:56:18 +0000 (12:56 +0000)]
add GCM ciphers in SSL_library_init

13 years agodisable GCM if not available
Dr. Stephen Henson [Mon, 10 Oct 2011 12:41:11 +0000 (12:41 +0000)]
disable GCM if not available

13 years agoDon't disable TLS v1.2 by default now.
Dr. Stephen Henson [Sun, 9 Oct 2011 23:26:39 +0000 (23:26 +0000)]
Don't disable TLS v1.2 by default now.

13 years agoSynv ordinals with 1.0.1-stable.
Dr. Stephen Henson [Sun, 9 Oct 2011 23:16:20 +0000 (23:16 +0000)]
Synv ordinals with 1.0.1-stable.

13 years agofix CHANGES entry
Dr. Stephen Henson [Sun, 9 Oct 2011 23:11:55 +0000 (23:11 +0000)]
fix CHANGES entry

13 years agofix memory leaks
Dr. Stephen Henson [Sun, 9 Oct 2011 23:08:15 +0000 (23:08 +0000)]
fix memory leaks

13 years agoe_padlock-x86_64.pl: brown-bag bug in stack pointer handling.
Andy Polyakov [Sun, 9 Oct 2011 21:53:53 +0000 (21:53 +0000)]
e_padlock-x86_64.pl: brown-bag bug in stack pointer handling.

13 years agoSync ordinals with 1.0.1-stable.
Dr. Stephen Henson [Sun, 9 Oct 2011 15:29:43 +0000 (15:29 +0000)]
Sync ordinals with 1.0.1-stable.

13 years agoPR: 2482
Dr. Stephen Henson [Sun, 9 Oct 2011 00:56:52 +0000 (00:56 +0000)]
PR: 2482
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.

13 years agoe_padlock-x86[_64].pl: SHA fixes, comply with specification and fix bug.
Andy Polyakov [Sat, 8 Oct 2011 21:37:44 +0000 (21:37 +0000)]
e_padlock-x86[_64].pl: SHA fixes, comply with specification and fix bug.

13 years agoAdd fips/ecdh directory.
Dr. Stephen Henson [Fri, 7 Oct 2011 18:18:50 +0000 (18:18 +0000)]
Add fips/ecdh directory.

13 years agoNew -force_pubkey option to x509 utility to supply a different public
Dr. Stephen Henson [Fri, 7 Oct 2011 15:18:09 +0000 (15:18 +0000)]
New -force_pubkey option to x509 utility to supply a different public
key to the one in a request. This is useful for cases where the public
key cannot be used for signing e.g. DH.

13 years agouse client version when eliminating TLS v1.2 ciphersuites in client hello
Dr. Stephen Henson [Fri, 7 Oct 2011 15:07:19 +0000 (15:07 +0000)]
use client version when eliminating TLS v1.2 ciphersuites in client hello

13 years ago? crypto/aes/aes-armv4.S
Dr. Stephen Henson [Thu, 6 Oct 2011 20:44:02 +0000 (20:44 +0000)]
? crypto/aes/aes-armv4.S
? crypto/aes/aesni-sha1-x86_64.s
? crypto/aes/aesni-x86_64.s
? crypto/aes/foo.pl
? crypto/aes/vpaes-x86_64.s
? crypto/bn/.bn_lib.c.swp
? crypto/bn/armv4-gf2m.S
? crypto/bn/diffs
? crypto/bn/modexp512-x86_64.s
? crypto/bn/x86_64-gf2m.s
? crypto/bn/x86_64-mont5.s
? crypto/ec/bc.txt
? crypto/ec/diffs
? crypto/modes/a.out
? crypto/modes/diffs
? crypto/modes/ghash-armv4.S
? crypto/modes/ghash-x86_64.s
? crypto/modes/op.h
? crypto/modes/tst.c
? crypto/modes/x.h
? crypto/objects/.obj_xref.txt.swp
? crypto/rand/diffs
? crypto/sha/sha-512
? crypto/sha/sha1-armv4-large.S
? crypto/sha/sha256-armv4.S
? crypto/sha/sha512-armv4.S
Index: crypto/objects/obj_xref.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v
retrieving revision 1.9
diff -u -r1.9 obj_xref.c
--- crypto/objects/obj_xref.c 5 Nov 2008 18:38:58 -0000 1.9
+++ crypto/objects/obj_xref.c 6 Oct 2011 20:30:21 -0000
@@ -110,8 +110,10 @@
 #endif
  if (rv == NULL)
  return 0;
- *pdig_nid = rv->hash_id;
- *ppkey_nid = rv->pkey_id;
+ if (pdig_nid)
+ *pdig_nid = rv->hash_id;
+ if (ppkey_nid)
+ *ppkey_nid = rv->pkey_id;
  return 1;
  }

@@ -144,7 +146,8 @@
 #endif
  if (rv == NULL)
  return 0;
- *psignid = (*rv)->sign_id;
+ if (psignid)
+ *psignid = (*rv)->sign_id;
  return 1;
  }

Index: crypto/x509/x509type.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v
retrieving revision 1.10
diff -u -r1.10 x509type.c
--- crypto/x509/x509type.c 26 Oct 2007 12:06:33 -0000 1.10
+++ crypto/x509/x509type.c 6 Oct 2011 20:36:04 -0000
@@ -100,20 +100,26 @@
  break;
  }

- i=X509_get_signature_type(x);
- switch (i)
+ i=OBJ_obj2nid(x->sig_alg->algorithm);
+ if (i && OBJ_find_sigid_algs(i, NULL, &i))
  {
- case EVP_PKEY_RSA:
- ret|=EVP_PKS_RSA;
- break;
- case EVP_PKEY_DSA:
- ret|=EVP_PKS_DSA;
- break;
- case EVP_PKEY_EC:
- ret|=EVP_PKS_EC;
- break;
- default:
- break;
+
+ switch (i)
+ {
+ case NID_rsaEncryption:
+ case NID_rsa:
+ ret|=EVP_PKS_RSA;
+ break;
+ case NID_dsa:
+ case NID_dsa_2:
+ ret|=EVP_PKS_DSA;
+ break;
+ case NID_X9_62_id_ecPublicKey:
+ ret|=EVP_PKS_EC;
+ break;
+ default:
+ break;
+ }
  }

  if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look

13 years agoe_padlock: add CTR mode.
Andy Polyakov [Wed, 5 Oct 2011 17:03:44 +0000 (17:03 +0000)]
e_padlock: add CTR mode.

13 years agoe_padlock-x86_64.pl: fix typo.
Andy Polyakov [Tue, 4 Oct 2011 11:21:33 +0000 (11:21 +0000)]
e_padlock-x86_64.pl: fix typo.

13 years agoe_padlock-x86*.pl: Nano-related update.
Andy Polyakov [Tue, 4 Oct 2011 11:05:16 +0000 (11:05 +0000)]
e_padlock-x86*.pl: Nano-related update.

13 years agoMake fips algorithm test utilities use RESP_EOL for end of line character(s).
Dr. Stephen Henson [Sat, 1 Oct 2011 20:42:52 +0000 (20:42 +0000)]
Make fips algorithm test utilities use RESP_EOL for end of line character(s).
This should be CRLF even under *nix.

13 years agoe_padlock-x86.pl: previous C3-specific fix was incomplete.
Andy Polyakov [Sat, 1 Oct 2011 10:44:51 +0000 (10:44 +0000)]
e_padlock-x86.pl: previous C3-specific fix was incomplete.

13 years agoe_padlock-x86.pl: make it work on VIA C3 (which doesn't support SSE2).
Andy Polyakov [Sat, 1 Oct 2011 10:16:13 +0000 (10:16 +0000)]
e_padlock-x86.pl: make it work on VIA C3 (which doesn't support SSE2).

13 years agoNever echo Num lines for PQGGen DSA2 test.
Dr. Stephen Henson [Fri, 30 Sep 2011 11:58:59 +0000 (11:58 +0000)]
Never echo Num lines for PQGGen DSA2 test.

13 years agomake depend
Dr. Stephen Henson [Thu, 29 Sep 2011 23:17:59 +0000 (23:17 +0000)]
make depend

13 years agoAdd FIPS selftests for ECDH algorithm.
Dr. Stephen Henson [Thu, 29 Sep 2011 23:08:23 +0000 (23:08 +0000)]
Add FIPS selftests for ECDH algorithm.

13 years agoRemove s = s * P deferral.
Dr. Stephen Henson [Thu, 29 Sep 2011 18:22:37 +0000 (18:22 +0000)]
Remove s = s * P deferral.

13 years agoCheck return codes properly.
Dr. Stephen Henson [Thu, 29 Sep 2011 16:24:00 +0000 (16:24 +0000)]
Check return codes properly.

13 years agoFix output format for DSA2 parameter generation.
Dr. Stephen Henson [Wed, 28 Sep 2011 22:35:30 +0000 (22:35 +0000)]
Fix output format for DSA2 parameter generation.

13 years agobsaes-x86_64.pl: add due credit.
Andy Polyakov [Tue, 27 Sep 2011 19:34:40 +0000 (19:34 +0000)]
bsaes-x86_64.pl: add due credit.

13 years agofix signed/unsigned warning
Dr. Stephen Henson [Mon, 26 Sep 2011 17:04:32 +0000 (17:04 +0000)]
fix signed/unsigned warning

13 years agoAdd a --disable-all option to disable all tests.
Dr. Stephen Henson [Sun, 25 Sep 2011 22:12:39 +0000 (22:12 +0000)]
Add a --disable-all option to disable all tests.

13 years agoHandle provable prime parameters for canonical g generation which are
Dr. Stephen Henson [Sun, 25 Sep 2011 22:04:43 +0000 (22:04 +0000)]
Handle provable prime parameters for canonical g generation which are
sometimes erroneously included.

13 years agoAdd bit-sliced AES x86_64 assembler, see http://homes.esat.kuleuven.be/~ekasper/...
Andy Polyakov [Sun, 25 Sep 2011 15:31:51 +0000 (15:31 +0000)]
Add bit-sliced AES x86_64 assembler, see homes.esat.kuleuven.be/~ekasper/#software for background information. It's not integrated into build system yet.

13 years agomake sure eivlen is initialised
Dr. Stephen Henson [Sat, 24 Sep 2011 23:06:20 +0000 (23:06 +0000)]
make sure eivlen is initialised

13 years agouse keyformat for -x509toreq, don't hard code PEM
Dr. Stephen Henson [Fri, 23 Sep 2011 21:48:34 +0000 (21:48 +0000)]
use keyformat for -x509toreq, don't hard code PEM

13 years agoPR: 2606
Dr. Stephen Henson [Fri, 23 Sep 2011 13:39:23 +0000 (13:39 +0000)]
PR: 2606
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve

Handle timezones correctly in UTCTime.

13 years agoPR: 2602
Dr. Stephen Henson [Fri, 23 Sep 2011 13:34:48 +0000 (13:34 +0000)]
PR: 2602
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting

13 years agoPR: 2347
Dr. Stephen Henson [Fri, 23 Sep 2011 13:12:25 +0000 (13:12 +0000)]
PR: 2347
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve

Fix usage message.

13 years agoRun PQGVer test before DSA2 tests.
Dr. Stephen Henson [Fri, 23 Sep 2011 01:03:37 +0000 (01:03 +0000)]
Run PQGVer test before DSA2 tests.

13 years agoTypo.
Dr. Stephen Henson [Thu, 22 Sep 2011 14:15:07 +0000 (14:15 +0000)]
Typo.

13 years agoUse function name FIPS_drbg_health_check() for health check function.
Dr. Stephen Henson [Thu, 22 Sep 2011 14:01:25 +0000 (14:01 +0000)]
Use function name FIPS_drbg_health_check() for health check function.

Add explanatory comments to health check code.

13 years agoDon't print out errors in cases where errors are expected: testing
Dr. Stephen Henson [Wed, 21 Sep 2011 18:42:12 +0000 (18:42 +0000)]
Don't print out errors in cases where errors are expected: testing
DSA parameter validity and EC public key validity.

13 years agoRemove unused variable.
Dr. Stephen Henson [Wed, 21 Sep 2011 18:36:53 +0000 (18:36 +0000)]
Remove unused variable.

13 years agoPerform health check on all reseed operations not associated with
Dr. Stephen Henson [Wed, 21 Sep 2011 18:24:12 +0000 (18:24 +0000)]
Perform health check on all reseed operations not associated with
prediction resistance requests. Although SP 800-90 is arguably unclear
on whether this is necessary adding an additional check has minimal
penalty (very few applications will make an explicit reseed request).

13 years agoRevise DRBG to split between internal and external flags.
Dr. Stephen Henson [Wed, 21 Sep 2011 17:04:56 +0000 (17:04 +0000)]
Revise DRBG to split between internal and external flags.

One demand health check function.

Perform generation test in fips_test_suite.

Option to skip dh test if fips_test_suite.

13 years agoUpdate error codes.
Dr. Stephen Henson [Wed, 21 Sep 2011 16:17:18 +0000 (16:17 +0000)]
Update error codes.

13 years agoAllow reseed interval to be set.
Dr. Stephen Henson [Sun, 18 Sep 2011 19:36:27 +0000 (19:36 +0000)]
Allow reseed interval to be set.

13 years agoMake latest assembler additions (vpaes and e_padlock) work in Windows build.
Andy Polyakov [Sun, 18 Sep 2011 15:40:11 +0000 (15:40 +0000)]
Make latest assembler additions (vpaes and e_padlock) work in Windows build.

13 years agosha256-586.pl: minor optimization, +0-2% on all CPUs, +7% on Westmere.
Andy Polyakov [Sat, 17 Sep 2011 12:57:33 +0000 (12:57 +0000)]
sha256-586.pl: minor optimization, +0-2% on all CPUs, +7% on Westmere.

13 years agosha512-x86_64.pl: +15% better performance on Westmere and incidentally Atom.
Andy Polyakov [Sat, 17 Sep 2011 11:30:28 +0000 (11:30 +0000)]
sha512-x86_64.pl: +15% better performance on Westmere and incidentally Atom.
Other Intel processors +5%, Opteron -2%.

13 years agoSync error codes with 1.0.1-stable.
Dr. Stephen Henson [Sat, 17 Sep 2011 00:17:46 +0000 (00:17 +0000)]
Sync error codes with 1.0.1-stable.

13 years agoclarify comment
Dr. Stephen Henson [Fri, 16 Sep 2011 17:40:16 +0000 (17:40 +0000)]
clarify comment

13 years agoMinor code tidy and bug fix: need to set t = s after first pass and
Dr. Stephen Henson [Fri, 16 Sep 2011 17:35:40 +0000 (17:35 +0000)]
Minor code tidy and bug fix: need to set t = s after first pass and
t and s do not need to have independent values after the first pass
so set t = s.

13 years agoDon't use vpaes in fips builds and exclude from restricted tarball.
Dr. Stephen Henson [Thu, 15 Sep 2011 21:06:37 +0000 (21:06 +0000)]
Don't use vpaes in fips builds and exclude from restricted tarball.

13 years agoIntegrate Vector Permutation AES into build system.
Andy Polyakov [Thu, 15 Sep 2011 20:22:59 +0000 (20:22 +0000)]
Integrate Vector Permutation AES into build system.

13 years agoMake HMAC kat symbols static.
Dr. Stephen Henson [Thu, 15 Sep 2011 14:28:46 +0000 (14:28 +0000)]
Make HMAC kat symbols static.

13 years agoFix warning.
Dr. Stephen Henson [Thu, 15 Sep 2011 14:08:24 +0000 (14:08 +0000)]
Fix warning.

13 years agoAllow for dynamic base in Win64 FIPS module.
Andy Polyakov [Wed, 14 Sep 2011 20:48:49 +0000 (20:48 +0000)]
Allow for dynamic base in Win64 FIPS module.

13 years agoUpdate CMAC/HMAC sefltests to use NIDs instead of function pointers.
Dr. Stephen Henson [Wed, 14 Sep 2011 15:49:50 +0000 (15:49 +0000)]
Update CMAC/HMAC sefltests to use NIDs instead of function pointers.

Simplify HMAC selftest as each test currently uses the same key and
hash data.

13 years agoRemove fipsdso target: it isn't supported in the 2.0 module.
Dr. Stephen Henson [Wed, 14 Sep 2011 15:20:59 +0000 (15:20 +0000)]
Remove fipsdso target: it isn't supported in the 2.0 module.

13 years agonew function to lookup FIPS supported ciphers by NID
Dr. Stephen Henson [Wed, 14 Sep 2011 13:25:48 +0000 (13:25 +0000)]
new function to lookup FIPS supported ciphers by NID

13 years agoMore extensive DRBG health check. New function to call health check
Dr. Stephen Henson [Mon, 12 Sep 2011 18:47:39 +0000 (18:47 +0000)]
More extensive DRBG health check. New function to call health check
for all DRBG combinations.

13 years agoCheck length of additional input in DRBG generate function.
Dr. Stephen Henson [Mon, 12 Sep 2011 18:45:05 +0000 (18:45 +0000)]
Check length of additional input in DRBG generate function.

13 years agoDelete strength parameter from FIPS_drbg_generate. It isn't very useful
Dr. Stephen Henson [Mon, 12 Sep 2011 13:20:57 +0000 (13:20 +0000)]
Delete strength parameter from FIPS_drbg_generate. It isn't very useful
(strength can be queried using FIPS_drbg_get_strength ) and adds a
substantial extra overhead to health check (need to check every combination
of parameters).

13 years agoCheck we recognise DRBG type in fips_drbgvs.c initialised DRBG_CTX if we
Dr. Stephen Henson [Mon, 12 Sep 2011 12:56:20 +0000 (12:56 +0000)]
Check we recognise DRBG type in fips_drbgvs.c initialised DRBG_CTX if we
don't set type in FIPS_drbg_new().

13 years agovpaes-x86[_64]*.pl: fix typo.
Andy Polyakov [Mon, 12 Sep 2011 12:50:00 +0000 (12:50 +0000)]
vpaes-x86[_64]*.pl: fix typo.

13 years agoAdd so called Vector Permutation AES x86[_64] assembler, see
Andy Polyakov [Mon, 12 Sep 2011 08:25:14 +0000 (08:25 +0000)]
Add so called Vector Permutation AES x86[_64] assembler, see
http://crypto.stanford.edu/vpaes/ for background information.
It's not integrated into build system yet.

13 years agoFix 3DES Monte Carlo test file output which previously outputted
Dr. Stephen Henson [Sun, 11 Sep 2011 18:05:40 +0000 (18:05 +0000)]
Fix 3DES Monte Carlo test file output which previously outputted
extra bogus lines. Update fipsalgtest.pl to tolerate the old format.

13 years agoAdd support for Dual EC DRBG from SP800-90. Include updates to algorithm
Dr. Stephen Henson [Fri, 9 Sep 2011 17:16:43 +0000 (17:16 +0000)]
Add support for Dual EC DRBG from SP800-90. Include updates to algorithm
tests and POST code.

13 years agoAdd /fixed option to linker with fips builds.
Dr. Stephen Henson [Thu, 8 Sep 2011 13:55:47 +0000 (13:55 +0000)]
Add /fixed option to linker with fips builds.

13 years agoPut quick DRBG selftest return after first generate operation.
Dr. Stephen Henson [Wed, 7 Sep 2011 10:26:38 +0000 (10:26 +0000)]
Put quick DRBG selftest return after first generate operation.

13 years agoengines/asm/e_padlock-x86_64.pl: name it right and fix small bug.
Andy Polyakov [Tue, 6 Sep 2011 22:53:34 +0000 (22:53 +0000)]
engines/asm/e_padlock-x86_64.pl: name it right and fix small bug.

13 years agoAdd error codes for DRBG KAT failures.
Dr. Stephen Henson [Tue, 6 Sep 2011 20:46:27 +0000 (20:46 +0000)]
Add error codes for DRBG KAT failures.

Add abbreviated DRBG KAT for POST which only performs a single generate
operations instead of four.

13 years agoPadlock engine: make it independent of inline assembler.
Andy Polyakov [Tue, 6 Sep 2011 20:45:36 +0000 (20:45 +0000)]
Padlock engine: make it independent of inline assembler.

13 years agoInitialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
Dr. Stephen Henson [Tue, 6 Sep 2011 15:15:09 +0000 (15:15 +0000)]
Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
produce an error (CVE-2011-3207)

13 years agoUpdate FAQ.
Dr. Stephen Henson [Tue, 6 Sep 2011 13:55:22 +0000 (13:55 +0000)]
Update FAQ.

13 years agoconfig: don't add -Wa options with no-asm.
Andy Polyakov [Mon, 5 Sep 2011 16:31:51 +0000 (16:31 +0000)]
config: don't add -Wa options with no-asm.

13 years agocrypto/bn/bn_gf2m.c: make it work with BN_DEBUG.
Andy Polyakov [Mon, 5 Sep 2011 16:14:43 +0000 (16:14 +0000)]
crypto/bn/bn_gf2m.c: make it work with BN_DEBUG.

13 years agoCheck reseed interval before generating output.
Dr. Stephen Henson [Mon, 5 Sep 2011 15:45:13 +0000 (15:45 +0000)]
Check reseed interval before generating output.

13 years agoPlace DRBG in error state if health check fails.
Dr. Stephen Henson [Mon, 5 Sep 2011 15:32:32 +0000 (15:32 +0000)]
Place DRBG in error state if health check fails.

13 years agooops
Bodo Möller [Mon, 5 Sep 2011 13:43:56 +0000 (13:43 +0000)]
oops

13 years agoFix session handling.
Bodo Möller [Mon, 5 Sep 2011 13:36:23 +0000 (13:36 +0000)]
Fix session handling.

13 years agoFix d2i_SSL_SESSION.
Bodo Möller [Mon, 5 Sep 2011 13:31:17 +0000 (13:31 +0000)]
Fix d2i_SSL_SESSION.

13 years ago(EC)DH memory handling fixes.
Bodo Möller [Mon, 5 Sep 2011 10:25:31 +0000 (10:25 +0000)]
(EC)DH memory handling fixes.

Submitted by: Adam Langley

13 years agoFix memory leak on bad inputs.
Bodo Möller [Mon, 5 Sep 2011 09:57:20 +0000 (09:57 +0000)]
Fix memory leak on bad inputs.

13 years agomake update
Bodo Möller [Mon, 5 Sep 2011 09:46:15 +0000 (09:46 +0000)]
make update

13 years agoFix expected DEFFLAG for default config.
Bodo Möller [Mon, 5 Sep 2011 09:43:44 +0000 (09:43 +0000)]
Fix expected DEFFLAG for default config.

13 years agoFix error codes.
Bodo Möller [Mon, 5 Sep 2011 09:42:34 +0000 (09:42 +0000)]
Fix error codes.