openssl.git
13 years agoAdd -timeout option to ocsp utility.
Dr. Stephen Henson [Mon, 17 Jul 2006 13:26:54 +0000 (13:26 +0000)]
Add -timeout option to ocsp utility.

13 years agoNew non-blocking OCSP functionality.
Dr. Stephen Henson [Mon, 17 Jul 2006 12:18:28 +0000 (12:18 +0000)]
New non-blocking OCSP functionality.

13 years agoAdd option for "compact" rounds to aes_x86core.c. "Compact" rounds are
Andy Polyakov [Fri, 14 Jul 2006 09:57:55 +0000 (09:57 +0000)]
Add option for "compact" rounds to aes_x86core.c. "Compact" rounds are
those referencing compact, 256-byte, S-boxes.

13 years agoThere is should be no need to rewind the input stream any more.
Dr. Stephen Henson [Thu, 13 Jul 2006 20:29:55 +0000 (20:29 +0000)]
There is should be no need to rewind the input stream any more.

For S/MIME multipart/signed type the signature is calculated on the fly.

For other detached data forms the stream isn't used after the single pass to
calculate signatures.

For non-detached the data is stored in a memory BIO.

13 years agoIn genpkey, also look for algorithm string name in any supplied ENGINE.
Dr. Stephen Henson [Wed, 12 Jul 2006 18:00:20 +0000 (18:00 +0000)]
In genpkey, also look for algorithm string name in any supplied ENGINE.

13 years agoBugfix: don't look in internal table for signature if found in application
Dr. Stephen Henson [Wed, 12 Jul 2006 16:30:40 +0000 (16:30 +0000)]
Bugfix: don't look in internal table for signature if found in application
supplied list.

13 years agoTypo.
Dr. Stephen Henson [Wed, 12 Jul 2006 13:28:44 +0000 (13:28 +0000)]
Typo.

13 years agoNew docs for EVP_Digest{Sign,Verify}*() function. Update existing docs.
Dr. Stephen Henson [Wed, 12 Jul 2006 12:31:30 +0000 (12:31 +0000)]
New docs for EVP_Digest{Sign,Verify}*() function. Update existing docs.

13 years agoAdd docs for pkeyparam. Update some existing docs.
Dr. Stephen Henson [Mon, 10 Jul 2006 23:10:26 +0000 (23:10 +0000)]
Add docs for pkeyparam. Update some existing docs.

13 years agoUpdate some usage messages.
Dr. Stephen Henson [Mon, 10 Jul 2006 22:49:08 +0000 (22:49 +0000)]
Update some usage messages.

13 years agomake update
Dr. Stephen Henson [Mon, 10 Jul 2006 18:40:42 +0000 (18:40 +0000)]
make update

13 years agoAllow digests to supply S/MIME micalg values from a ctrl.
Dr. Stephen Henson [Mon, 10 Jul 2006 18:36:55 +0000 (18:36 +0000)]
Allow digests to supply S/MIME micalg values from a ctrl.

Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.

13 years agoNew functions to add and free up application defined signature OIDs.
Dr. Stephen Henson [Sun, 9 Jul 2006 16:05:43 +0000 (16:05 +0000)]
New functions to add and free up application defined signature OIDs.

13 years agoSet detached flag in PKCS7 structure earlier to avoid eating up memory.
Dr. Stephen Henson [Sun, 9 Jul 2006 12:02:08 +0000 (12:02 +0000)]
Set detached flag in PKCS7 structure earlier to avoid eating up memory.

PR: 1071

13 years agoPublic key comparison and printing routine functions.
Dr. Stephen Henson [Sun, 9 Jul 2006 11:26:13 +0000 (11:26 +0000)]
Public key comparison and printing routine functions.

13 years agoEVP_PKEY_get_default_digest() manual page.
Dr. Stephen Henson [Sun, 9 Jul 2006 11:01:49 +0000 (11:01 +0000)]
EVP_PKEY_get_default_digest() manual page.

13 years agoEVP_PKEY_CTX_ctrl() docs.
Dr. Stephen Henson [Sun, 9 Jul 2006 10:51:03 +0000 (10:51 +0000)]
EVP_PKEY_CTX_ctrl() docs.

13 years agoUpdate docs.
Dr. Stephen Henson [Sun, 9 Jul 2006 01:59:30 +0000 (01:59 +0000)]
Update docs.

13 years agoNew functions to enumerate digests and ciphers.
Dr. Stephen Henson [Sun, 9 Jul 2006 00:53:45 +0000 (00:53 +0000)]
New functions to enumerate digests and ciphers.

13 years agoKeygen docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 21:42:49 +0000 (21:42 +0000)]
Keygen docs.

13 years agoEVP_PKEY_derive() docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 12:47:52 +0000 (12:47 +0000)]
EVP_PKEY_derive() docs.

13 years agoAdd some examples.
Dr. Stephen Henson [Sat, 8 Jul 2006 12:46:51 +0000 (12:46 +0000)]
Add some examples.

13 years agoEVP_PKEY_verify() docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 11:22:23 +0000 (11:22 +0000)]
EVP_PKEY_verify() docs.

13 years agoNew docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 11:13:01 +0000 (11:13 +0000)]
New docs.

13 years agoUpdate docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 10:55:03 +0000 (10:55 +0000)]
Update docs.

13 years agoAdd some EVP_PKEY_METHOD docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 10:45:08 +0000 (10:45 +0000)]
Add some EVP_PKEY_METHOD docs.

13 years agoUpdate docs with algorithm options.
Dr. Stephen Henson [Sat, 8 Jul 2006 10:01:33 +0000 (10:01 +0000)]
Update docs with algorithm options.

13 years agoTypo.
Dr. Stephen Henson [Sat, 8 Jul 2006 00:50:25 +0000 (00:50 +0000)]
Typo.

13 years agoInitial docs for pkeyutl.
Dr. Stephen Henson [Sat, 8 Jul 2006 00:47:04 +0000 (00:47 +0000)]
Initial docs for pkeyutl.

13 years agoDocs for new utilities.
Dr. Stephen Henson [Sat, 8 Jul 2006 00:24:47 +0000 (00:24 +0000)]
Docs for new utilities.

13 years agoAdd documentation for new smime options.
Dr. Stephen Henson [Fri, 7 Jul 2006 21:44:23 +0000 (21:44 +0000)]
Add documentation for new smime options.

13 years agoFix compiler warnings.
Andy Polyakov [Tue, 4 Jul 2006 20:29:50 +0000 (20:29 +0000)]
Fix compiler warnings.

13 years agoUnsigned vs signed comparison warning.
Andy Polyakov [Tue, 4 Jul 2006 20:29:14 +0000 (20:29 +0000)]
Unsigned vs signed comparison warning.

13 years agoTypos(?) in HEAD/crypto/evp/p_lib.c.
Andy Polyakov [Tue, 4 Jul 2006 20:27:44 +0000 (20:27 +0000)]
Typos(?) in HEAD/crypto/evp/p_lib.c.

13 years agodsa_pub_cmp() doesn't need to check parameters because that is done in
Dr. Stephen Henson [Sun, 2 Jul 2006 21:13:39 +0000 (21:13 +0000)]
dsa_pub_cmp() doesn't need to check parameters because that is done in
EVP_PKEY_cmp().

13 years agoMake return value from EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() consistent.
Dr. Stephen Henson [Sun, 2 Jul 2006 21:12:40 +0000 (21:12 +0000)]
Make return value from EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() consistent.

13 years agoPrepare playground for AES experimental code.
Andy Polyakov [Sun, 2 Jul 2006 09:18:00 +0000 (09:18 +0000)]
Prepare playground for AES experimental code.

13 years agodocumentation for "HIGH" vs. "MEDIUM" was not up-to-date
Bodo Möller [Fri, 30 Jun 2006 22:00:13 +0000 (22:00 +0000)]
documentation for "HIGH" vs. "MEDIUM" was not up-to-date

13 years agouse <poll.h> as by Single Unix Specification
Bodo Möller [Fri, 30 Jun 2006 08:14:39 +0000 (08:14 +0000)]
use <poll.h> as by Single Unix Specification

13 years agoalways read in RAND_poll() if we can't use select because of a too
Bodo Möller [Wed, 28 Jun 2006 14:50:12 +0000 (14:50 +0000)]
always read in RAND_poll() if we can't use select because of a too
large FD: it's non-blocking mode anyway

13 years agoMitigate the hazard of cache-collision timing attack on last round. The
Andy Polyakov [Wed, 28 Jun 2006 08:52:16 +0000 (08:52 +0000)]
Mitigate the hazard of cache-collision timing attack on last round. The
only chance for T[ed]4 to get evicted in this module is when its cache
"overlaps" with last 128 bits of key schedule.

13 years agoMitigate the hazard of cache-collision timing attack on last round. Well,
Andy Polyakov [Wed, 28 Jun 2006 08:48:54 +0000 (08:48 +0000)]
Mitigate the hazard of cache-collision timing attack on last round. Well,
prefetch could have been moved closer to Td4 references. Something for
later consideration...

13 years agoMitigate cache-collision timing attack on last round.
Andy Polyakov [Wed, 28 Jun 2006 08:39:06 +0000 (08:39 +0000)]
Mitigate cache-collision timing attack on last round.

13 years agoFix EVP_PKEY_CTX_dup() to return correct value and handle NULL keys in
Dr. Stephen Henson [Tue, 27 Jun 2006 17:23:24 +0000 (17:23 +0000)]
Fix EVP_PKEY_CTX_dup() to return correct value and handle NULL keys in
the source.

13 years agoUse poll() when possible to gather Unix randomness entropy
Richard Levitte [Tue, 27 Jun 2006 06:31:34 +0000 (06:31 +0000)]
Use poll() when possible to gather Unix randomness entropy

13 years agoNew functions CRYPTO_set_idptr_callback(),
Bodo Möller [Fri, 23 Jun 2006 15:21:36 +0000 (15:21 +0000)]
New functions CRYPTO_set_idptr_callback(),
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.

13 years agoChange in 0.9.8 branch:
Bodo Möller [Thu, 22 Jun 2006 12:37:28 +0000 (12:37 +0000)]
Change in 0.9.8 branch:
Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)

13 years agoRemove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)
Bodo Möller [Tue, 20 Jun 2006 08:50:42 +0000 (08:50 +0000)]
Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)

13 years agoChange array representation of binary polynomials to make GF2m part of
Bodo Möller [Sun, 18 Jun 2006 22:00:57 +0000 (22:00 +0000)]
Change array representation of binary polynomials to make GF2m part of
the BN library more generally useful.

Submitted by: Douglas Stebila

13 years agoanother thread-safety fix
Bodo Möller [Fri, 16 Jun 2006 01:00:47 +0000 (01:00 +0000)]
another thread-safety fix

13 years agoError messages for client ECC cert verification.
Bodo Möller [Thu, 15 Jun 2006 19:58:22 +0000 (19:58 +0000)]
Error messages for client ECC cert verification.

Also, change the default ciphersuite to give some prefererence to
ciphersuites with forwared secrecy (rather than using a random order).

13 years agoCall 'print_stuff' even if a handshake failed.
Bodo Möller [Thu, 15 Jun 2006 19:00:34 +0000 (19:00 +0000)]
Call 'print_stuff' even if a handshake failed.

13 years agoFix algorithm handling for ECC ciphersuites: Adapt to recent changes,
Bodo Möller [Thu, 15 Jun 2006 18:28:00 +0000 (18:28 +0000)]
Fix algorithm handling for ECC ciphersuites: Adapt to recent changes,
and allow more general RSA OIDs for ECC certs with RSA CA sig.

13 years agoFix another new bug in the cipherstring logic.
Bodo Möller [Thu, 15 Jun 2006 17:17:06 +0000 (17:17 +0000)]
Fix another new bug in the cipherstring logic.

13 years agoFix another bug introduced yesterday when deleting Fortezza stuff:
Bodo Möller [Thu, 15 Jun 2006 16:54:20 +0000 (16:54 +0000)]
Fix another bug introduced yesterday when deleting Fortezza stuff:
make sure 'mask' is initialized in ssl_cipher_get_disabled().

Also simplify code by removing some unused arguments in static functions.

13 years agoOops ... deleted too much in the previous commit when I deleted
Bodo Möller [Thu, 15 Jun 2006 16:07:10 +0000 (16:07 +0000)]
Oops ... deleted too much in the previous commit when I deleted
the Fortezza stuff

13 years agoDisable invalid ciphersuites
Bodo Möller [Wed, 14 Jun 2006 17:51:46 +0000 (17:51 +0000)]
Disable invalid ciphersuites

13 years agoCiphersuite string bugfixes, and ECC-related (re-)definitions.
Bodo Möller [Wed, 14 Jun 2006 17:40:31 +0000 (17:40 +0000)]
Ciphersuite string bugfixes, and ECC-related (re-)definitions.

13 years agoMake sure that AES ciphersuites get priority over Camellia
Bodo Möller [Wed, 14 Jun 2006 13:58:48 +0000 (13:58 +0000)]
Make sure that AES ciphersuites get priority over Camellia
ciphersuites in the default cipher string.

13 years agoThread-safety fixes
Bodo Möller [Wed, 14 Jun 2006 08:55:23 +0000 (08:55 +0000)]
Thread-safety fixes

13 years agoFix a bug recently introduced when updating this file to use the new
Bodo Möller [Wed, 14 Jun 2006 01:16:22 +0000 (01:16 +0000)]
Fix a bug recently introduced when updating this file to use the new
keygen API: make sure that 'pkey_type' is actually visible to MAIN().

13 years agoKeep synchronised with Unix
Richard Levitte [Mon, 12 Jun 2006 06:46:18 +0000 (06:46 +0000)]
Keep synchronised with Unix

13 years agoCamellia cipher, contributed by NTT
Bodo Möller [Sun, 11 Jun 2006 01:09:07 +0000 (01:09 +0000)]
Camellia cipher, contributed by NTT

Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller

13 years agoKeep synchronised with the Unix build
Richard Levitte [Sat, 10 Jun 2006 05:38:23 +0000 (05:38 +0000)]
Keep synchronised with the Unix build

13 years agoCamellia cipher, contributed by NTT
Bodo Möller [Fri, 9 Jun 2006 22:29:40 +0000 (22:29 +0000)]
Camellia cipher, contributed by NTT

Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller

13 years agoCamellia cipher, contributed by NTT
Bodo Möller [Fri, 9 Jun 2006 15:44:59 +0000 (15:44 +0000)]
Camellia cipher, contributed by NTT

Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller

13 years agoOutput MIME parameter micalg according to RFC3851 and RFC4490 instead of hard
Dr. Stephen Henson [Tue, 6 Jun 2006 13:27:36 +0000 (13:27 +0000)]
Output MIME parameter micalg according to RFC3851 and RFC4490 instead of hard
coding it to "sha1".

13 years agoAdd AES and GOST S/MIME capabilities if algorithms are supported.
Dr. Stephen Henson [Tue, 6 Jun 2006 12:35:05 +0000 (12:35 +0000)]
Add AES and GOST S/MIME capabilities if algorithms are supported.

13 years agoFix obvious typo.
Andy Polyakov [Mon, 5 Jun 2006 16:04:09 +0000 (16:04 +0000)]
Fix obvious typo.

13 years agoClarify comment and add #ifdef.
Dr. Stephen Henson [Mon, 5 Jun 2006 12:38:22 +0000 (12:38 +0000)]
Clarify comment and add #ifdef.

13 years agoComplete EVP_PKEY_ASN1_METHOD ENGINE support.
Dr. Stephen Henson [Mon, 5 Jun 2006 11:52:46 +0000 (11:52 +0000)]
Complete EVP_PKEY_ASN1_METHOD ENGINE support.

13 years agoSync aes.h with http://cvs.openssl.org/chngview?cn=15336.
Andy Polyakov [Mon, 5 Jun 2006 10:43:41 +0000 (10:43 +0000)]
Sync aes.h with cvs.openssl.org/chngview?cn=15336.

13 years agoReimplement AES_ofb128_encrypt.
Andy Polyakov [Mon, 5 Jun 2006 10:40:54 +0000 (10:40 +0000)]
Reimplement AES_ofb128_encrypt.

13 years agoCorrect logical error in STRICT_ALIGNMENT check and remove copy of
Andy Polyakov [Mon, 5 Jun 2006 10:40:28 +0000 (10:40 +0000)]
Correct logical error in STRICT_ALIGNMENT check and remove copy of
eay licence, as module is practically rewritten from scratch [well,
even original submission was obviously "almost, but not quite,
entirely unlike" any other eay *_cfb.c module, not to mention new
functions].

13 years agoMinor ppc-xlate.pl update.
Andy Polyakov [Mon, 5 Jun 2006 09:42:31 +0000 (09:42 +0000)]
Minor ppc-xlate.pl update.

13 years agoAdd sha512-ppc.pl module.
Andy Polyakov [Mon, 5 Jun 2006 09:37:55 +0000 (09:37 +0000)]
Add sha512-ppc.pl module.

13 years agoMinor sha1-ppc.pl update.
Andy Polyakov [Mon, 5 Jun 2006 09:35:50 +0000 (09:35 +0000)]
Minor sha1-ppc.pl update.

13 years agoA few more ENGINE strings that need shortening.
Richard Levitte [Sun, 4 Jun 2006 08:22:25 +0000 (08:22 +0000)]
A few more ENGINE strings that need shortening.

13 years agoSynchronise with Unix
Richard Levitte [Sat, 3 Jun 2006 02:17:49 +0000 (02:17 +0000)]
Synchronise with Unix

13 years agoMake update.
Dr. Stephen Henson [Fri, 2 Jun 2006 17:54:47 +0000 (17:54 +0000)]
Make update.

13 years agoInitial public key ASN1 method engine support. Not integrated yet.
Dr. Stephen Henson [Fri, 2 Jun 2006 17:52:27 +0000 (17:52 +0000)]
Initial public key ASN1 method engine support. Not integrated yet.

13 years agoAutomatically free up dynamically allocated public key methods when
Dr. Stephen Henson [Fri, 2 Jun 2006 17:09:17 +0000 (17:09 +0000)]
Automatically free up dynamically allocated public key methods when
and ENGINE is destroyed.

13 years agoExtend default method string to include public key methods.
Dr. Stephen Henson [Fri, 2 Jun 2006 13:09:59 +0000 (13:09 +0000)]
Extend default method string to include public key methods.

Add missing prototypes.

Fix engine method lookup.

13 years agoTypo.
Dr. Stephen Henson [Fri, 2 Jun 2006 12:37:02 +0000 (12:37 +0000)]
Typo.

13 years agoAdd ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE
Dr. Stephen Henson [Fri, 2 Jun 2006 12:33:39 +0000 (12:33 +0000)]
Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE
implementations and functional reference counting when a context
is allocated, free or copied.

13 years agoSynchronise with the Unixly build.
Richard Levitte [Thu, 1 Jun 2006 12:50:56 +0000 (12:50 +0000)]
Synchronise with the Unixly build.

13 years agoFix error code. make update
Dr. Stephen Henson [Thu, 1 Jun 2006 12:43:39 +0000 (12:43 +0000)]
Fix error code. make update

13 years agoAdd missing prototype. Extend engine utility to print public key algorithms.
Dr. Stephen Henson [Thu, 1 Jun 2006 12:38:22 +0000 (12:38 +0000)]
Add missing prototype. Extend engine utility to print public key algorithms.

13 years agoAdd engine table for EVP_PKEY_METHOD. Doesn't do much yet.
Dr. Stephen Henson [Thu, 1 Jun 2006 11:38:50 +0000 (11:38 +0000)]
Add engine table for EVP_PKEY_METHOD. Doesn't do much yet.

13 years agoBecause all object files are now in a file, we don't need to mention
Richard Levitte [Thu, 1 Jun 2006 10:24:47 +0000 (10:24 +0000)]
Because all object files are now in a file, we don't need to mention
any of them on the linker command line.  Besides, OBJECT_FILE now
represents the last compiled file, and using it here only results in
getting warnings about multiple definitions of the symbols in that
file.

13 years agoNew pkey functions for keygen callbacks and retrieving operation type.
Dr. Stephen Henson [Wed, 31 May 2006 17:34:14 +0000 (17:34 +0000)]
New pkey functions for keygen callbacks and retrieving operation type.

13 years agoTune up AES CFB. Performance improvement varies from 10% to 50% from
Andy Polyakov [Tue, 30 May 2006 07:20:13 +0000 (07:20 +0000)]
Tune up AES CFB. Performance improvement varies from 10% to 50% from
platform to platform. Its absolute value is within few percents
marginal from that of ECB.

13 years agoUse a new signed int ii instead of j (which is unsigned) to handle the
Richard Levitte [Sun, 28 May 2006 19:44:27 +0000 (19:44 +0000)]
Use a new signed int ii instead of j (which is unsigned) to handle the
return value from sk_SSL_CIPHER_find().

13 years agoDeal with another name that's longer than 31 characters.
Richard Levitte [Sun, 28 May 2006 19:39:36 +0000 (19:39 +0000)]
Deal with another name that's longer than 31 characters.

13 years agorslen is unsigned, so it can never go below 0.
Richard Levitte [Sun, 28 May 2006 19:36:29 +0000 (19:36 +0000)]
rslen is unsigned, so it can never go below 0.

13 years agoInstall openssl.cnf to OPENSSLDIR in mk1mf.pl
Dr. Stephen Henson [Sun, 28 May 2006 00:49:49 +0000 (00:49 +0000)]
Install openssl.cnf to OPENSSLDIR in mk1mf.pl

13 years agoFlush p7bio when all data has been copied.
Dr. Stephen Henson [Fri, 26 May 2006 17:14:23 +0000 (17:14 +0000)]
Flush p7bio when all data has been copied.

13 years agoFix warnings.
Dr. Stephen Henson [Fri, 26 May 2006 13:27:58 +0000 (13:27 +0000)]
Fix warnings.

13 years agoUpdate pkeyutl to use size_t for pkey functions.
Dr. Stephen Henson [Fri, 26 May 2006 12:24:49 +0000 (12:24 +0000)]
Update pkeyutl to use size_t for pkey functions.

13 years agoSigned vs. unsigned conflict
Richard Levitte [Thu, 25 May 2006 23:40:04 +0000 (23:40 +0000)]
Signed vs. unsigned conflict