Dr. Stephen Henson [Wed, 26 Jan 2011 01:15:54 +0000 (01:15 +0000)]
add fips_premain.c.sha1
Dr. Stephen Henson [Wed, 26 Jan 2011 01:11:12 +0000 (01:11 +0000)]
add fips_sha1_selftest.c
Dr. Stephen Henson [Wed, 26 Jan 2011 01:09:52 +0000 (01:09 +0000)]
add fips/sha files
Dr. Stephen Henson [Wed, 26 Jan 2011 01:05:48 +0000 (01:05 +0000)]
add fips/aes/Makefile
Dr. Stephen Henson [Wed, 26 Jan 2011 01:04:53 +0000 (01:04 +0000)]
add fips/des/Makefile
Dr. Stephen Henson [Wed, 26 Jan 2011 01:03:54 +0000 (01:03 +0000)]
add fips/Makefile
Dr. Stephen Henson [Wed, 26 Jan 2011 00:58:09 +0000 (00:58 +0000)]
add some missing fips files
Dr. Stephen Henson [Wed, 26 Jan 2011 00:56:19 +0000 (00:56 +0000)]
And so it begins... again.
Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have
missing files, extraneous files and other nastiness.
In other words: it's experimental ATM, OK?
Dr. Stephen Henson [Tue, 25 Jan 2011 17:35:10 +0000 (17:35 +0000)]
Move RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate
crypto and ENGINE dependencies in RSA library.
Dr. Stephen Henson [Tue, 25 Jan 2011 17:10:30 +0000 (17:10 +0000)]
Move BN_options function to bn_print.c to remove dependency for BIO printf
routines from bn_lib.c
Dr. Stephen Henson [Tue, 25 Jan 2011 16:55:15 +0000 (16:55 +0000)]
Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of
DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().
Dr. Stephen Henson [Tue, 25 Jan 2011 16:01:29 +0000 (16:01 +0000)]
recalculate DSA signature if r or s is zero (FIPS 186-3 requirement)
Dr. Stephen Henson [Tue, 25 Jan 2011 12:15:10 +0000 (12:15 +0000)]
revert Makefile change
Dr. Stephen Henson [Mon, 24 Jan 2011 16:19:52 +0000 (16:19 +0000)]
PR: 2433
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve
Constify ASN1_STRING_set_default_mask_asc().
Dr. Stephen Henson [Mon, 24 Jan 2011 16:07:40 +0000 (16:07 +0000)]
New function EC_KEY_set_affine_coordinates() this performs all the
NIST PKV tests.
Dr. Stephen Henson [Mon, 24 Jan 2011 15:04:34 +0000 (15:04 +0000)]
check EC public key isn't point at infinity
Dr. Stephen Henson [Mon, 24 Jan 2011 14:41:34 +0000 (14:41 +0000)]
PR: 1612
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve
Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
Dr. Stephen Henson [Wed, 19 Jan 2011 14:42:42 +0000 (14:42 +0000)]
oops, revert mistakenly committed EC changes
Dr. Stephen Henson [Wed, 19 Jan 2011 14:35:53 +0000 (14:35 +0000)]
Add additional parameter to dsa_builtin_paramgen to output the generated
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.
The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
Dr. Stephen Henson [Fri, 14 Jan 2011 15:13:37 +0000 (15:13 +0000)]
add va_list version of ERR_add_error_data
Dr. Stephen Henson [Thu, 13 Jan 2011 15:41:58 +0000 (15:41 +0000)]
stop warning with no-engine
Richard Levitte [Mon, 10 Jan 2011 20:55:21 +0000 (20:55 +0000)]
PR: 2425
Synchronise VMS build with Unixly build.
Ben Laurie [Sun, 9 Jan 2011 17:50:18 +0000 (17:50 +0000)]
Constify.
Ben Laurie [Sun, 9 Jan 2011 17:50:06 +0000 (17:50 +0000)]
Fix warning.
Dr. Stephen Henson [Sun, 9 Jan 2011 13:37:09 +0000 (13:37 +0000)]
missed change in ACKNOWLEDGEMENTS file
Dr. Stephen Henson [Sun, 9 Jan 2011 13:32:57 +0000 (13:32 +0000)]
move some string utilities to buf_str.c to reduce some dependencies (from 0.9.8 branch).
Dr. Stephen Henson [Sun, 9 Jan 2011 13:02:14 +0000 (13:02 +0000)]
add X9.31 prime generation routines from 0.9.8 branch
Richard Levitte [Thu, 6 Jan 2011 20:56:02 +0000 (20:56 +0000)]
PR: 2407
Fix fault include.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
Dr. Stephen Henson [Tue, 4 Jan 2011 19:39:27 +0000 (19:39 +0000)]
Don't use decryption_failed alert for TLS v1.1 or later.
Dr. Stephen Henson [Tue, 4 Jan 2011 19:34:20 +0000 (19:34 +0000)]
Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
alert.
Dr. Stephen Henson [Mon, 3 Jan 2011 12:54:08 +0000 (12:54 +0000)]
oops missed an assert
Dr. Stephen Henson [Mon, 3 Jan 2011 01:40:53 +0000 (01:40 +0000)]
PR: 2411
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Fix corner cases in RFC3779 code.
Dr. Stephen Henson [Mon, 3 Jan 2011 01:31:24 +0000 (01:31 +0000)]
Fix escaping code for string printing. If *any* escaping is enabled we
must escape the escape character itself (backslash).
Dr. Stephen Henson [Mon, 3 Jan 2011 01:22:41 +0000 (01:22 +0000)]
PR: 2410
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Use OPENSSL_assert() instead of assert().
Dr. Stephen Henson [Mon, 3 Jan 2011 01:07:35 +0000 (01:07 +0000)]
PR: 2413
Submitted by: Michael Bergandi <mbergandi@gmail.com>
Reviewed by: steve
Fix typo in crypto/bio/bss_dgram.c
Dr. Stephen Henson [Sat, 25 Dec 2010 20:45:59 +0000 (20:45 +0000)]
avoid verification loops in trusted store when path building
Richard Levitte [Tue, 14 Dec 2010 21:44:31 +0000 (21:44 +0000)]
Part of the IF structure didn't get pasted here...
PR: 2393
Andy Polyakov [Tue, 14 Dec 2010 20:39:17 +0000 (20:39 +0000)]
e_capi.c: rearrange #include-s to improve portability.
PR: 2394
Richard Levitte [Tue, 14 Dec 2010 19:19:04 +0000 (19:19 +0000)]
First attempt at adding the possibility to set the pointer size for the builds on VMS.
PR: 2393
Dr. Stephen Henson [Mon, 13 Dec 2010 18:15:28 +0000 (18:15 +0000)]
Support routines for ASN1 scanning function, doesn't do much yet.
Andy Polyakov [Sun, 12 Dec 2010 20:26:09 +0000 (20:26 +0000)]
e_capi.c: change from ANSI to TCHAR domain. This makes it compilable on
Windows CE/Mobile, yet keeps it normal Windows loop.
PR: 2350
Andy Polyakov [Sun, 12 Dec 2010 10:52:56 +0000 (10:52 +0000)]
apps/x590.c: harmonize usage of STDout and out_err.
PR: 2323
Andy Polyakov [Sat, 11 Dec 2010 14:53:14 +0000 (14:53 +0000)]
bss_file.c: refine UTF8 logic.
PR: 2382
Dr. Stephen Henson [Fri, 3 Dec 2010 19:31:34 +0000 (19:31 +0000)]
ignore leading null fields
Dr. Stephen Henson [Thu, 2 Dec 2010 19:55:56 +0000 (19:55 +0000)]
update FAQ
Dr. Stephen Henson [Thu, 2 Dec 2010 18:02:29 +0000 (18:02 +0000)]
PR: 2386
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve
Correct SKM_ASN1_SET_OF_d2i macro.
Dr. Stephen Henson [Thu, 2 Dec 2010 13:44:53 +0000 (13:44 +0000)]
fix doc typos
Dr. Stephen Henson [Thu, 2 Dec 2010 00:08:12 +0000 (00:08 +0000)]
use right version this time in FAQ
Dr. Stephen Henson [Thu, 2 Dec 2010 00:01:44 +0000 (00:01 +0000)]
update FAQ
Andy Polyakov [Tue, 30 Nov 2010 22:18:02 +0000 (22:18 +0000)]
Configure: make -mno-cygwin optional on mingw platforms.
PR: 2381
Dr. Stephen Henson [Tue, 30 Nov 2010 19:37:21 +0000 (19:37 +0000)]
PR: 2385
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve
Zero key->pkey.ptr after it is freed so the structure can be reused.
Richard Levitte [Mon, 29 Nov 2010 22:27:15 +0000 (22:27 +0000)]
Better method for creating SSLROOT:.
Make sure to include the path to evptest.txt.
Andy Polyakov [Mon, 29 Nov 2010 21:17:54 +0000 (21:17 +0000)]
TABLE update.
Andy Polyakov [Mon, 29 Nov 2010 20:52:43 +0000 (20:52 +0000)]
s390x assembler pack: adapt for -m31 build, see commentary in Configure
for more details.
Dr. Stephen Henson [Mon, 29 Nov 2010 18:32:05 +0000 (18:32 +0000)]
apply J-PKAKE fix to HEAD (original by Ben)
Dr. Stephen Henson [Sat, 27 Nov 2010 17:37:03 +0000 (17:37 +0000)]
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
EVP_MD_CTX was much larger: it isn't needed anymore.
Dr. Stephen Henson [Thu, 25 Nov 2010 12:27:09 +0000 (12:27 +0000)]
PR: 2240
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve
As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.
Dr. Stephen Henson [Thu, 25 Nov 2010 11:51:31 +0000 (11:51 +0000)]
using_ecc doesn't just apply to TLSv1
Dr. Stephen Henson [Wed, 24 Nov 2010 19:14:59 +0000 (19:14 +0000)]
fix typo in HMAC redirection, add HMAC INIT tracing
Dr. Stephen Henson [Wed, 24 Nov 2010 18:32:06 +0000 (18:32 +0000)]
VERY EXPERIMENTAL HMAC redirection example in OpenSSL ENGINE. Untested at this
stage and probably wont work properly.
Dr. Stephen Henson [Wed, 24 Nov 2010 16:08:20 +0000 (16:08 +0000)]
add "missing" functions to copy EVP_PKEY_METHOD and examine info
Dr. Stephen Henson [Wed, 24 Nov 2010 14:03:25 +0000 (14:03 +0000)]
oops, revert invalid change
Dr. Stephen Henson [Wed, 24 Nov 2010 13:16:59 +0000 (13:16 +0000)]
use generalise mac API for SSL key generation
Dr. Stephen Henson [Wed, 24 Nov 2010 13:13:49 +0000 (13:13 +0000)]
constify EVP_PKEY_new_mac_key()
Andy Polyakov [Tue, 23 Nov 2010 22:56:45 +0000 (22:56 +0000)]
INSTALL.W32: document trouble with symlinks under MSYS.
PR: 2377
Richard Levitte [Tue, 23 Nov 2010 02:43:20 +0000 (02:43 +0000)]
Use the same directory for architecture dependent header files as in
the branches OpenSSL-1_0_0-stable and OpenSSL-1_0_1-stable.
Richard Levitte [Tue, 23 Nov 2010 02:12:07 +0000 (02:12 +0000)]
Implement bc test strategy as submitted by Steven M. Schweda <sms@antinode.info>.
Make sure we move to '__here' before trying to use it to build local sslroot:
Richard Levitte [Tue, 23 Nov 2010 01:06:08 +0000 (01:06 +0000)]
Print openssl version information at the end of the tests
Richard Levitte [Tue, 23 Nov 2010 01:05:26 +0000 (01:05 +0000)]
Give the architecture dependent directory higher priority
Richard Levitte [Tue, 23 Nov 2010 01:03:18 +0000 (01:03 +0000)]
Don't define an empty CFLAGS, it's much more honest not to defined it at all.
Make sure to remove any [.CRYTO]BUILDINF.H so it doesn't get used instead of
[.''ARCH'.CRYPTO]BUILDINF.H
Richard Levitte [Mon, 22 Nov 2010 23:42:45 +0000 (23:42 +0000)]
* tests.com: Add the symbol openssl_conf, so the openssl application
stops complaining about a missing configuration file. Define the logical
name PERL_ENV_TABLES with values to Perl considers the DCL symbol table
as part of the environment (see 'man perlvms' for details), so cms-test.pl
can get the value of EXE_DIR from tests.com, among others.
* cms-test.pl: Make changes to have it work on VMS as well. Upper or mixed
case options need to be quoted and the openssl command needs a VMS-specific
treatment. It all should work properly on Unix, I hope it does on Windows
as well...
Richard Levitte [Mon, 22 Nov 2010 22:17:23 +0000 (22:17 +0000)]
Better way to build tests. Taken from OpenSSL-1_0_1-stable
Richard Levitte [Mon, 22 Nov 2010 22:04:41 +0000 (22:04 +0000)]
Synchronise with Unix and do all other needed modifications to have it
build on VMS again.
Andy Polyakov [Mon, 22 Nov 2010 21:55:07 +0000 (21:55 +0000)]
s390x.S: fix typo in bn_mul_words.
PR: 2380
Richard Levitte [Mon, 22 Nov 2010 18:25:04 +0000 (18:25 +0000)]
Taken from OpenSSL_1_0_0-stable:
Include proper header files for time functions.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
Dr. Stephen Henson [Mon, 22 Nov 2010 16:14:56 +0000 (16:14 +0000)]
add pice of PR#2295 not committed to HEAD
Dr. Stephen Henson [Fri, 19 Nov 2010 00:12:01 +0000 (00:12 +0000)]
PR: 2376
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve
Cleanup alloca use, fix Win32 target for OpenWatcom.
Dr. Stephen Henson [Thu, 18 Nov 2010 23:00:02 +0000 (23:00 +0000)]
PR: 2375
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve
cleanup/fix e_aep.c for OpenWatcom
Dr. Stephen Henson [Thu, 18 Nov 2010 22:57:02 +0000 (22:57 +0000)]
PR: 2374
Submitted by: Guenter <lists@gknw.net>
Reviewed by: steve
Don't compile capi ENGINE on mingw32
Richard Levitte [Thu, 18 Nov 2010 22:46:46 +0000 (22:46 +0000)]
Tell the user what test is being performed.
Richard Levitte [Thu, 18 Nov 2010 22:44:48 +0000 (22:44 +0000)]
We expect these scripts not to bail on error, so make sure that's what happens.
Richard Levitte [Thu, 18 Nov 2010 22:36:16 +0000 (22:36 +0000)]
Synchronise with Unix tests
Richard Levitte [Thu, 18 Nov 2010 20:03:07 +0000 (20:03 +0000)]
We redid the structure on architecture dependent source files, but
apparently forgot to adapt the copying to the installation directory.
Dr. Stephen Henson [Thu, 18 Nov 2010 17:33:17 +0000 (17:33 +0000)]
remove duplicate statement
Dr. Stephen Henson [Thu, 18 Nov 2010 17:04:18 +0000 (17:04 +0000)]
compile cts128.c on VMS
Dr. Stephen Henson [Thu, 18 Nov 2010 13:22:53 +0000 (13:22 +0000)]
fix no SIGALRM case in speed.c
Dr. Stephen Henson [Thu, 18 Nov 2010 12:30:01 +0000 (12:30 +0000)]
PR: 2372
Submitted by: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Reviewed by: steve
Fix OpenBSD compilation failure.
Dr. Stephen Henson [Wed, 17 Nov 2010 18:17:08 +0000 (18:17 +0000)]
oops, reinstate TLSv1 string
Dr. Stephen Henson [Wed, 17 Nov 2010 17:37:23 +0000 (17:37 +0000)]
Don't assume a decode error if session tlsext_ecpointformatlist is not NULL: it can be legitimately set elsewhere.
Dr. Stephen Henson [Tue, 16 Nov 2010 14:18:51 +0000 (14:18 +0000)]
bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files
Dr. Stephen Henson [Tue, 16 Nov 2010 14:16:00 +0000 (14:16 +0000)]
add TLS v1.1 options to s_server
Dr. Stephen Henson [Tue, 16 Nov 2010 12:11:46 +0000 (12:11 +0000)]
If EVP_PKEY structure contains an ENGINE the key is ENGINE specific and
we should use its method instead of any generic one.
Dr. Stephen Henson [Sun, 14 Nov 2010 17:47:45 +0000 (17:47 +0000)]
Only use explicit IV if cipher is in CBC mode.
Dr. Stephen Henson [Sun, 14 Nov 2010 13:50:55 +0000 (13:50 +0000)]
Get correct GOST private key instead of just assuming the last one is
correct: this isn't always true if we have more than one certificate.
Dr. Stephen Henson [Fri, 12 Nov 2010 20:06:05 +0000 (20:06 +0000)]
preliminary acknowledgments file
Dr. Stephen Henson [Thu, 11 Nov 2010 15:21:45 +0000 (15:21 +0000)]
Submitted By: Bogdan Harjoc <harjoc@gmail.com>
Add missing debug WIN64 targets.
Dr. Stephen Henson [Thu, 11 Nov 2010 14:42:50 +0000 (14:42 +0000)]
PR: 2366
Submitted by: Damien Miller <djm@mindrot.org>
Reviewed by: steve
Stop pkeyutl crashing if some arguments are missing. Also make str2fmt
tolerate NULL parameter.
Dr. Stephen Henson [Tue, 2 Nov 2010 15:58:58 +0000 (15:58 +0000)]
Submitted by: Jonathan Dixon <joth@chromium.org>
Reviewed by: steve
If store is NULL set flags correctly.
Andy Polyakov [Fri, 22 Oct 2010 20:18:15 +0000 (20:18 +0000)]
Configure: update mips[32|64]_asm lines.
Andy Polyakov [Fri, 22 Oct 2010 20:16:22 +0000 (20:16 +0000)]
sha512-mips.pl: add missing 64-bit byte swap.