openssl.git
13 years agoUnsigned vs signed comparison warning.
Andy Polyakov [Tue, 4 Jul 2006 20:29:14 +0000 (20:29 +0000)]
Unsigned vs signed comparison warning.

13 years agoTypos(?) in HEAD/crypto/evp/p_lib.c.
Andy Polyakov [Tue, 4 Jul 2006 20:27:44 +0000 (20:27 +0000)]
Typos(?) in HEAD/crypto/evp/p_lib.c.

13 years agodsa_pub_cmp() doesn't need to check parameters because that is done in
Dr. Stephen Henson [Sun, 2 Jul 2006 21:13:39 +0000 (21:13 +0000)]
dsa_pub_cmp() doesn't need to check parameters because that is done in
EVP_PKEY_cmp().

13 years agoMake return value from EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() consistent.
Dr. Stephen Henson [Sun, 2 Jul 2006 21:12:40 +0000 (21:12 +0000)]
Make return value from EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() consistent.

13 years agoPrepare playground for AES experimental code.
Andy Polyakov [Sun, 2 Jul 2006 09:18:00 +0000 (09:18 +0000)]
Prepare playground for AES experimental code.

13 years agodocumentation for "HIGH" vs. "MEDIUM" was not up-to-date
Bodo Möller [Fri, 30 Jun 2006 22:00:13 +0000 (22:00 +0000)]
documentation for "HIGH" vs. "MEDIUM" was not up-to-date

13 years agouse <poll.h> as by Single Unix Specification
Bodo Möller [Fri, 30 Jun 2006 08:14:39 +0000 (08:14 +0000)]
use <poll.h> as by Single Unix Specification

13 years agoalways read in RAND_poll() if we can't use select because of a too
Bodo Möller [Wed, 28 Jun 2006 14:50:12 +0000 (14:50 +0000)]
always read in RAND_poll() if we can't use select because of a too
large FD: it's non-blocking mode anyway

13 years agoMitigate the hazard of cache-collision timing attack on last round. The
Andy Polyakov [Wed, 28 Jun 2006 08:52:16 +0000 (08:52 +0000)]
Mitigate the hazard of cache-collision timing attack on last round. The
only chance for T[ed]4 to get evicted in this module is when its cache
"overlaps" with last 128 bits of key schedule.

13 years agoMitigate the hazard of cache-collision timing attack on last round. Well,
Andy Polyakov [Wed, 28 Jun 2006 08:48:54 +0000 (08:48 +0000)]
Mitigate the hazard of cache-collision timing attack on last round. Well,
prefetch could have been moved closer to Td4 references. Something for
later consideration...

13 years agoMitigate cache-collision timing attack on last round.
Andy Polyakov [Wed, 28 Jun 2006 08:39:06 +0000 (08:39 +0000)]
Mitigate cache-collision timing attack on last round.

13 years agoFix EVP_PKEY_CTX_dup() to return correct value and handle NULL keys in
Dr. Stephen Henson [Tue, 27 Jun 2006 17:23:24 +0000 (17:23 +0000)]
Fix EVP_PKEY_CTX_dup() to return correct value and handle NULL keys in
the source.

13 years agoUse poll() when possible to gather Unix randomness entropy
Richard Levitte [Tue, 27 Jun 2006 06:31:34 +0000 (06:31 +0000)]
Use poll() when possible to gather Unix randomness entropy

13 years agoNew functions CRYPTO_set_idptr_callback(),
Bodo Möller [Fri, 23 Jun 2006 15:21:36 +0000 (15:21 +0000)]
New functions CRYPTO_set_idptr_callback(),
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.

13 years agoChange in 0.9.8 branch:
Bodo Möller [Thu, 22 Jun 2006 12:37:28 +0000 (12:37 +0000)]
Change in 0.9.8 branch:
Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)

13 years agoRemove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)
Bodo Möller [Tue, 20 Jun 2006 08:50:42 +0000 (08:50 +0000)]
Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)

13 years agoChange array representation of binary polynomials to make GF2m part of
Bodo Möller [Sun, 18 Jun 2006 22:00:57 +0000 (22:00 +0000)]
Change array representation of binary polynomials to make GF2m part of
the BN library more generally useful.

Submitted by: Douglas Stebila

13 years agoanother thread-safety fix
Bodo Möller [Fri, 16 Jun 2006 01:00:47 +0000 (01:00 +0000)]
another thread-safety fix

13 years agoError messages for client ECC cert verification.
Bodo Möller [Thu, 15 Jun 2006 19:58:22 +0000 (19:58 +0000)]
Error messages for client ECC cert verification.

Also, change the default ciphersuite to give some prefererence to
ciphersuites with forwared secrecy (rather than using a random order).

13 years agoCall 'print_stuff' even if a handshake failed.
Bodo Möller [Thu, 15 Jun 2006 19:00:34 +0000 (19:00 +0000)]
Call 'print_stuff' even if a handshake failed.

13 years agoFix algorithm handling for ECC ciphersuites: Adapt to recent changes,
Bodo Möller [Thu, 15 Jun 2006 18:28:00 +0000 (18:28 +0000)]
Fix algorithm handling for ECC ciphersuites: Adapt to recent changes,
and allow more general RSA OIDs for ECC certs with RSA CA sig.

13 years agoFix another new bug in the cipherstring logic.
Bodo Möller [Thu, 15 Jun 2006 17:17:06 +0000 (17:17 +0000)]
Fix another new bug in the cipherstring logic.

13 years agoFix another bug introduced yesterday when deleting Fortezza stuff:
Bodo Möller [Thu, 15 Jun 2006 16:54:20 +0000 (16:54 +0000)]
Fix another bug introduced yesterday when deleting Fortezza stuff:
make sure 'mask' is initialized in ssl_cipher_get_disabled().

Also simplify code by removing some unused arguments in static functions.

13 years agoOops ... deleted too much in the previous commit when I deleted
Bodo Möller [Thu, 15 Jun 2006 16:07:10 +0000 (16:07 +0000)]
Oops ... deleted too much in the previous commit when I deleted
the Fortezza stuff

13 years agoDisable invalid ciphersuites
Bodo Möller [Wed, 14 Jun 2006 17:51:46 +0000 (17:51 +0000)]
Disable invalid ciphersuites

13 years agoCiphersuite string bugfixes, and ECC-related (re-)definitions.
Bodo Möller [Wed, 14 Jun 2006 17:40:31 +0000 (17:40 +0000)]
Ciphersuite string bugfixes, and ECC-related (re-)definitions.

13 years agoMake sure that AES ciphersuites get priority over Camellia
Bodo Möller [Wed, 14 Jun 2006 13:58:48 +0000 (13:58 +0000)]
Make sure that AES ciphersuites get priority over Camellia
ciphersuites in the default cipher string.

13 years agoThread-safety fixes
Bodo Möller [Wed, 14 Jun 2006 08:55:23 +0000 (08:55 +0000)]
Thread-safety fixes

13 years agoFix a bug recently introduced when updating this file to use the new
Bodo Möller [Wed, 14 Jun 2006 01:16:22 +0000 (01:16 +0000)]
Fix a bug recently introduced when updating this file to use the new
keygen API: make sure that 'pkey_type' is actually visible to MAIN().

13 years agoKeep synchronised with Unix
Richard Levitte [Mon, 12 Jun 2006 06:46:18 +0000 (06:46 +0000)]
Keep synchronised with Unix

13 years agoCamellia cipher, contributed by NTT
Bodo Möller [Sun, 11 Jun 2006 01:09:07 +0000 (01:09 +0000)]
Camellia cipher, contributed by NTT

Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller

13 years agoKeep synchronised with the Unix build
Richard Levitte [Sat, 10 Jun 2006 05:38:23 +0000 (05:38 +0000)]
Keep synchronised with the Unix build

13 years agoCamellia cipher, contributed by NTT
Bodo Möller [Fri, 9 Jun 2006 22:29:40 +0000 (22:29 +0000)]
Camellia cipher, contributed by NTT

Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller

13 years agoCamellia cipher, contributed by NTT
Bodo Möller [Fri, 9 Jun 2006 15:44:59 +0000 (15:44 +0000)]
Camellia cipher, contributed by NTT

Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller

13 years agoOutput MIME parameter micalg according to RFC3851 and RFC4490 instead of hard
Dr. Stephen Henson [Tue, 6 Jun 2006 13:27:36 +0000 (13:27 +0000)]
Output MIME parameter micalg according to RFC3851 and RFC4490 instead of hard
coding it to "sha1".

13 years agoAdd AES and GOST S/MIME capabilities if algorithms are supported.
Dr. Stephen Henson [Tue, 6 Jun 2006 12:35:05 +0000 (12:35 +0000)]
Add AES and GOST S/MIME capabilities if algorithms are supported.

13 years agoFix obvious typo.
Andy Polyakov [Mon, 5 Jun 2006 16:04:09 +0000 (16:04 +0000)]
Fix obvious typo.

13 years agoClarify comment and add #ifdef.
Dr. Stephen Henson [Mon, 5 Jun 2006 12:38:22 +0000 (12:38 +0000)]
Clarify comment and add #ifdef.

13 years agoComplete EVP_PKEY_ASN1_METHOD ENGINE support.
Dr. Stephen Henson [Mon, 5 Jun 2006 11:52:46 +0000 (11:52 +0000)]
Complete EVP_PKEY_ASN1_METHOD ENGINE support.

13 years agoSync aes.h with http://cvs.openssl.org/chngview?cn=15336.
Andy Polyakov [Mon, 5 Jun 2006 10:43:41 +0000 (10:43 +0000)]
Sync aes.h with cvs.openssl.org/chngview?cn=15336.

13 years agoReimplement AES_ofb128_encrypt.
Andy Polyakov [Mon, 5 Jun 2006 10:40:54 +0000 (10:40 +0000)]
Reimplement AES_ofb128_encrypt.

13 years agoCorrect logical error in STRICT_ALIGNMENT check and remove copy of
Andy Polyakov [Mon, 5 Jun 2006 10:40:28 +0000 (10:40 +0000)]
Correct logical error in STRICT_ALIGNMENT check and remove copy of
eay licence, as module is practically rewritten from scratch [well,
even original submission was obviously "almost, but not quite,
entirely unlike" any other eay *_cfb.c module, not to mention new
functions].

13 years agoMinor ppc-xlate.pl update.
Andy Polyakov [Mon, 5 Jun 2006 09:42:31 +0000 (09:42 +0000)]
Minor ppc-xlate.pl update.

13 years agoAdd sha512-ppc.pl module.
Andy Polyakov [Mon, 5 Jun 2006 09:37:55 +0000 (09:37 +0000)]
Add sha512-ppc.pl module.

13 years agoMinor sha1-ppc.pl update.
Andy Polyakov [Mon, 5 Jun 2006 09:35:50 +0000 (09:35 +0000)]
Minor sha1-ppc.pl update.

13 years agoA few more ENGINE strings that need shortening.
Richard Levitte [Sun, 4 Jun 2006 08:22:25 +0000 (08:22 +0000)]
A few more ENGINE strings that need shortening.

13 years agoSynchronise with Unix
Richard Levitte [Sat, 3 Jun 2006 02:17:49 +0000 (02:17 +0000)]
Synchronise with Unix

13 years agoMake update.
Dr. Stephen Henson [Fri, 2 Jun 2006 17:54:47 +0000 (17:54 +0000)]
Make update.

13 years agoInitial public key ASN1 method engine support. Not integrated yet.
Dr. Stephen Henson [Fri, 2 Jun 2006 17:52:27 +0000 (17:52 +0000)]
Initial public key ASN1 method engine support. Not integrated yet.

13 years agoAutomatically free up dynamically allocated public key methods when
Dr. Stephen Henson [Fri, 2 Jun 2006 17:09:17 +0000 (17:09 +0000)]
Automatically free up dynamically allocated public key methods when
and ENGINE is destroyed.

13 years agoExtend default method string to include public key methods.
Dr. Stephen Henson [Fri, 2 Jun 2006 13:09:59 +0000 (13:09 +0000)]
Extend default method string to include public key methods.

Add missing prototypes.

Fix engine method lookup.

13 years agoTypo.
Dr. Stephen Henson [Fri, 2 Jun 2006 12:37:02 +0000 (12:37 +0000)]
Typo.

13 years agoAdd ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE
Dr. Stephen Henson [Fri, 2 Jun 2006 12:33:39 +0000 (12:33 +0000)]
Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE
implementations and functional reference counting when a context
is allocated, free or copied.

13 years agoSynchronise with the Unixly build.
Richard Levitte [Thu, 1 Jun 2006 12:50:56 +0000 (12:50 +0000)]
Synchronise with the Unixly build.

13 years agoFix error code. make update
Dr. Stephen Henson [Thu, 1 Jun 2006 12:43:39 +0000 (12:43 +0000)]
Fix error code. make update

13 years agoAdd missing prototype. Extend engine utility to print public key algorithms.
Dr. Stephen Henson [Thu, 1 Jun 2006 12:38:22 +0000 (12:38 +0000)]
Add missing prototype. Extend engine utility to print public key algorithms.

13 years agoAdd engine table for EVP_PKEY_METHOD. Doesn't do much yet.
Dr. Stephen Henson [Thu, 1 Jun 2006 11:38:50 +0000 (11:38 +0000)]
Add engine table for EVP_PKEY_METHOD. Doesn't do much yet.

13 years agoBecause all object files are now in a file, we don't need to mention
Richard Levitte [Thu, 1 Jun 2006 10:24:47 +0000 (10:24 +0000)]
Because all object files are now in a file, we don't need to mention
any of them on the linker command line.  Besides, OBJECT_FILE now
represents the last compiled file, and using it here only results in
getting warnings about multiple definitions of the symbols in that
file.

13 years agoNew pkey functions for keygen callbacks and retrieving operation type.
Dr. Stephen Henson [Wed, 31 May 2006 17:34:14 +0000 (17:34 +0000)]
New pkey functions for keygen callbacks and retrieving operation type.

13 years agoTune up AES CFB. Performance improvement varies from 10% to 50% from
Andy Polyakov [Tue, 30 May 2006 07:20:13 +0000 (07:20 +0000)]
Tune up AES CFB. Performance improvement varies from 10% to 50% from
platform to platform. Its absolute value is within few percents
marginal from that of ECB.

13 years agoUse a new signed int ii instead of j (which is unsigned) to handle the
Richard Levitte [Sun, 28 May 2006 19:44:27 +0000 (19:44 +0000)]
Use a new signed int ii instead of j (which is unsigned) to handle the
return value from sk_SSL_CIPHER_find().

13 years agoDeal with another name that's longer than 31 characters.
Richard Levitte [Sun, 28 May 2006 19:39:36 +0000 (19:39 +0000)]
Deal with another name that's longer than 31 characters.

13 years agorslen is unsigned, so it can never go below 0.
Richard Levitte [Sun, 28 May 2006 19:36:29 +0000 (19:36 +0000)]
rslen is unsigned, so it can never go below 0.

13 years agoInstall openssl.cnf to OPENSSLDIR in mk1mf.pl
Dr. Stephen Henson [Sun, 28 May 2006 00:49:49 +0000 (00:49 +0000)]
Install openssl.cnf to OPENSSLDIR in mk1mf.pl

13 years agoFlush p7bio when all data has been copied.
Dr. Stephen Henson [Fri, 26 May 2006 17:14:23 +0000 (17:14 +0000)]
Flush p7bio when all data has been copied.

13 years agoFix warnings.
Dr. Stephen Henson [Fri, 26 May 2006 13:27:58 +0000 (13:27 +0000)]
Fix warnings.

13 years agoUpdate pkeyutl to use size_t for pkey functions.
Dr. Stephen Henson [Fri, 26 May 2006 12:24:49 +0000 (12:24 +0000)]
Update pkeyutl to use size_t for pkey functions.

13 years agoSigned vs. unsigned conflict
Richard Levitte [Thu, 25 May 2006 23:40:04 +0000 (23:40 +0000)]
Signed vs. unsigned conflict

13 years agoThere was a problem with too long command lines, so I rebuilt to make
Richard Levitte [Thu, 25 May 2006 23:37:03 +0000 (23:37 +0000)]
There was a problem with too long command lines, so I rebuilt to make
it work better.

13 years agoAllow any supported cipher to be used with smime -encrypt.
Dr. Stephen Henson [Thu, 25 May 2006 16:53:52 +0000 (16:53 +0000)]
Allow any supported cipher to be used with smime -encrypt.

13 years agoAdd prototypes, update Win32 ordinals.
Dr. Stephen Henson [Thu, 25 May 2006 11:44:05 +0000 (11:44 +0000)]
Add prototypes, update Win32 ordinals.

13 years agoKeep in sync with Unix
Richard Levitte [Thu, 25 May 2006 10:40:01 +0000 (10:40 +0000)]
Keep in sync with Unix

13 years agoUpdate EVP_MD_CTX_copy_ex() to use EVP_PKEY_CTX_dup().
Dr. Stephen Henson [Thu, 25 May 2006 00:55:00 +0000 (00:55 +0000)]
Update EVP_MD_CTX_copy_ex() to use EVP_PKEY_CTX_dup().

13 years agoNew function to dup EVP_PKEY_CTX. This will be needed to make new signing
Dr. Stephen Henson [Wed, 24 May 2006 23:49:30 +0000 (23:49 +0000)]
New function to dup EVP_PKEY_CTX. This will be needed to make new signing
functions and EVP_MD_CTX_copy work properly.

13 years agoNew functions for enchanced digest sign/verify.
Dr. Stephen Henson [Wed, 24 May 2006 17:30:09 +0000 (17:30 +0000)]
New functions for enchanced digest sign/verify.

13 years agoFix warnings.
Dr. Stephen Henson [Wed, 24 May 2006 13:29:32 +0000 (13:29 +0000)]
Fix warnings.

13 years agoUse size_t for new crypto size parameters.
Dr. Stephen Henson [Wed, 24 May 2006 12:33:46 +0000 (12:33 +0000)]
Use size_t for new crypto size parameters.

13 years agoFix smime -pk7out.
Dr. Stephen Henson [Mon, 22 May 2006 13:37:16 +0000 (13:37 +0000)]
Fix smime -pk7out.

13 years agoAdd ctrl to EVP_MD and EVP_PKEY_CTX to EVP_MD_CTX. These will be used
Dr. Stephen Henson [Mon, 22 May 2006 13:01:01 +0000 (13:01 +0000)]
Add ctrl to EVP_MD and EVP_PKEY_CTX to EVP_MD_CTX. These will be used
for enhanced sign/verify operations.

13 years agoTiny up hpux targets.
Andy Polyakov [Sat, 20 May 2006 08:52:34 +0000 (08:52 +0000)]
Tiny up hpux targets.

13 years agoAdd -resign and -md options to smime command to support resigning an
Dr. Stephen Henson [Thu, 18 May 2006 23:44:44 +0000 (23:44 +0000)]
Add -resign and -md options to smime command to support resigning an
existing structure and using alternative digest for signing.

13 years agoCode tidy.
Dr. Stephen Henson [Thu, 18 May 2006 18:06:03 +0000 (18:06 +0000)]
Code tidy.

13 years agoTypo.
Dr. Stephen Henson [Thu, 18 May 2006 17:46:56 +0000 (17:46 +0000)]
Typo.

13 years agomake update
Dr. Stephen Henson [Thu, 18 May 2006 17:22:31 +0000 (17:22 +0000)]
make update

13 years agoMore S/MIME tidy. Place some common attribute operations in utility
Dr. Stephen Henson [Thu, 18 May 2006 17:20:23 +0000 (17:20 +0000)]
More S/MIME tidy. Place some common attribute operations in utility
functions.

13 years agoRemove old digest type hacks for non RSA keys.
Dr. Stephen Henson [Thu, 18 May 2006 13:05:20 +0000 (13:05 +0000)]
Remove old digest type hacks for non RSA keys.

13 years agoMultiple signer support in smime application.
Dr. Stephen Henson [Thu, 18 May 2006 12:41:28 +0000 (12:41 +0000)]
Multiple signer support in smime application.

13 years agoReformat smime.c utility.
Dr. Stephen Henson [Thu, 18 May 2006 11:54:16 +0000 (11:54 +0000)]
Reformat smime.c utility.

13 years agoNew option to pkcs12 utility to set alternative MAC digest algorithm.
Dr. Stephen Henson [Wed, 17 May 2006 18:46:22 +0000 (18:46 +0000)]
New option to pkcs12 utility to set alternative MAC digest algorithm.

13 years agoDon't try to print PBE information if it can't be decoded.
Dr. Stephen Henson [Wed, 17 May 2006 18:24:35 +0000 (18:24 +0000)]
Don't try to print PBE information if it can't be decoded.

13 years agoPKCS#12 mac key length should equal digest length.
Dr. Stephen Henson [Wed, 17 May 2006 18:19:51 +0000 (18:19 +0000)]
PKCS#12 mac key length should equal digest length.

13 years agoTidy up of S/MIME code and add new functions which will make is easier
Dr. Stephen Henson [Wed, 17 May 2006 17:17:01 +0000 (17:17 +0000)]
Tidy up of S/MIME code and add new functions which will make is easier
to create S/MIME signed data with multiple signers.

13 years agoExtended PBES2 function supporting application supplied IV and PRF NID.
Dr. Stephen Henson [Wed, 17 May 2006 12:47:17 +0000 (12:47 +0000)]
Extended PBES2 function supporting application supplied IV and PRF NID.

13 years agoOops...
Dr. Stephen Henson [Wed, 17 May 2006 12:29:16 +0000 (12:29 +0000)]
Oops...

13 years agoHMAC OIDs from RFC4231.
Dr. Stephen Henson [Wed, 17 May 2006 12:27:45 +0000 (12:27 +0000)]
HMAC OIDs from RFC4231.

13 years agoGather keygen options in req and only use them after all other options have
Dr. Stephen Henson [Tue, 16 May 2006 12:11:14 +0000 (12:11 +0000)]
Gather keygen options in req and only use them after all other options have
been processed. This allows any ENGINE changing operations to be processed
first (for example a config file).

13 years agoAdd PRF preference ctrl to ciphers.
Dr. Stephen Henson [Mon, 15 May 2006 18:35:13 +0000 (18:35 +0000)]
Add PRF preference ctrl to ciphers.

13 years agoChange builting PBE to use static table. Add entries for HMAC and MD5, GOST.
Dr. Stephen Henson [Mon, 15 May 2006 17:34:36 +0000 (17:34 +0000)]
Change builting PBE to use static table. Add entries for HMAC and MD5, GOST.

13 years agoUpdate old **EVIL** PEM_X509_INFO_read_bio() function to correctly assign
Dr. Stephen Henson [Mon, 15 May 2006 13:28:00 +0000 (13:28 +0000)]
Update old **EVIL** PEM_X509_INFO_read_bio() function to correctly assign
private keys.

FIXME: this function should really be rewritten because it is *horrible*.

13 years agoBugfix: the NONE string for PBE algorithms wasn't working.
Dr. Stephen Henson [Mon, 15 May 2006 13:23:15 +0000 (13:23 +0000)]
Bugfix: the NONE string for PBE algorithms wasn't working.