openssl.git
8 years agoBackport of password based CMS support from HEAD.
Dr. Stephen Henson [Sun, 9 Oct 2011 15:28:02 +0000 (15:28 +0000)]
Backport of password based CMS support from HEAD.

8 years agoPR: 2482
Dr. Stephen Henson [Sun, 9 Oct 2011 00:56:43 +0000 (00:56 +0000)]
PR: 2482
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.

8 years agouse client version when eliminating TLS v1.2 ciphersuites in client hello
Dr. Stephen Henson [Fri, 7 Oct 2011 15:07:36 +0000 (15:07 +0000)]
use client version when eliminating TLS v1.2 ciphersuites in client hello

8 years ago? crypto/aes/aes-armv4.S
Dr. Stephen Henson [Thu, 6 Oct 2011 20:45:08 +0000 (20:45 +0000)]
? crypto/aes/aes-armv4.S
? crypto/aes/aesni-sha1-x86_64.s
? crypto/aes/aesni-x86_64.s
? crypto/aes/foo.pl
? crypto/aes/vpaes-x86_64.s
? crypto/bn/.bn_lib.c.swp
? crypto/bn/armv4-gf2m.S
? crypto/bn/diffs
? crypto/bn/modexp512-x86_64.s
? crypto/bn/x86_64-gf2m.s
? crypto/bn/x86_64-mont5.s
? crypto/ec/bc.txt
? crypto/ec/diffs
? crypto/modes/a.out
? crypto/modes/diffs
? crypto/modes/ghash-armv4.S
? crypto/modes/ghash-x86_64.s
? crypto/modes/op.h
? crypto/modes/tst.c
? crypto/modes/x.h
? crypto/objects/.obj_xref.txt.swp
? crypto/rand/diffs
? crypto/sha/sha-512
? crypto/sha/sha1-armv4-large.S
? crypto/sha/sha256-armv4.S
? crypto/sha/sha512-armv4.S
Index: crypto/objects/obj_xref.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v
retrieving revision 1.9
diff -u -r1.9 obj_xref.c
--- crypto/objects/obj_xref.c 5 Nov 2008 18:38:58 -0000 1.9
+++ crypto/objects/obj_xref.c 6 Oct 2011 20:30:21 -0000
@@ -110,8 +110,10 @@
 #endif
  if (rv == NULL)
  return 0;
- *pdig_nid = rv->hash_id;
- *ppkey_nid = rv->pkey_id;
+ if (pdig_nid)
+ *pdig_nid = rv->hash_id;
+ if (ppkey_nid)
+ *ppkey_nid = rv->pkey_id;
  return 1;
  }

@@ -144,7 +146,8 @@
 #endif
  if (rv == NULL)
  return 0;
- *psignid = (*rv)->sign_id;
+ if (psignid)
+ *psignid = (*rv)->sign_id;
  return 1;
  }

Index: crypto/x509/x509type.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v
retrieving revision 1.10
diff -u -r1.10 x509type.c
--- crypto/x509/x509type.c 26 Oct 2007 12:06:33 -0000 1.10
+++ crypto/x509/x509type.c 6 Oct 2011 20:36:04 -0000
@@ -100,20 +100,26 @@
  break;
  }

- i=X509_get_signature_type(x);
- switch (i)
+ i=OBJ_obj2nid(x->sig_alg->algorithm);
+ if (i && OBJ_find_sigid_algs(i, NULL, &i))
  {
- case EVP_PKEY_RSA:
- ret|=EVP_PKS_RSA;
- break;
- case EVP_PKEY_DSA:
- ret|=EVP_PKS_DSA;
- break;
- case EVP_PKEY_EC:
- ret|=EVP_PKS_EC;
- break;
- default:
- break;
+
+ switch (i)
+ {
+ case NID_rsaEncryption:
+ case NID_rsa:
+ ret|=EVP_PKS_RSA;
+ break;
+ case NID_dsa:
+ case NID_dsa_2:
+ ret|=EVP_PKS_DSA;
+ break;
+ case NID_X9_62_id_ecPublicKey:
+ ret|=EVP_PKS_EC;
+ break;
+ default:
+ break;
+ }
  }

  if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look

8 years agofix signed/unsigned warning
Dr. Stephen Henson [Mon, 26 Sep 2011 17:04:41 +0000 (17:04 +0000)]
fix signed/unsigned warning

8 years agomake sure eivlen is initialised
Dr. Stephen Henson [Sat, 24 Sep 2011 23:06:35 +0000 (23:06 +0000)]
make sure eivlen is initialised

8 years agouse keyformat for -x509toreq, don't hard code PEM
Dr. Stephen Henson [Fri, 23 Sep 2011 21:48:50 +0000 (21:48 +0000)]
use keyformat for -x509toreq, don't hard code PEM

8 years agoPR: 2606
Dr. Stephen Henson [Fri, 23 Sep 2011 13:39:35 +0000 (13:39 +0000)]
PR: 2606
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de>
Reviewed by: steve

Handle timezones correctly in UTCTime.

8 years agoPR: 2602
Dr. Stephen Henson [Fri, 23 Sep 2011 13:35:05 +0000 (13:35 +0000)]
PR: 2602
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting

8 years agoPR: 2347
Dr. Stephen Henson [Fri, 23 Sep 2011 13:12:41 +0000 (13:12 +0000)]
PR: 2347
Submitted by: Tomas Mraz <tmraz@redhat.com>
Reviewed by: steve

Fix usage message.

8 years agomake depend
Dr. Stephen Henson [Fri, 16 Sep 2011 23:15:22 +0000 (23:15 +0000)]
make depend

8 years agoImproved error checking for DRBG calls.
Dr. Stephen Henson [Fri, 16 Sep 2011 23:12:34 +0000 (23:12 +0000)]
Improved error checking for DRBG calls.

New functionality to allow default DRBG type to be set during compilation or during runtime.

8 years agoImproved error checking for DRBG calls.
Dr. Stephen Henson [Fri, 16 Sep 2011 23:08:57 +0000 (23:08 +0000)]
Improved error checking for DRBG calls.

New functionality to allow default DRBG type to be set during compilation
or during runtime.

8 years agoTypo.
Dr. Stephen Henson [Fri, 16 Sep 2011 23:04:07 +0000 (23:04 +0000)]
Typo.

8 years agoFix warnings (from HEAD).
Dr. Stephen Henson [Sat, 10 Sep 2011 21:18:37 +0000 (21:18 +0000)]
Fix warnings (from HEAD).

8 years agoInitialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
Dr. Stephen Henson [Tue, 6 Sep 2011 15:14:41 +0000 (15:14 +0000)]
Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
produce an error (CVE-2011-3207)

8 years agoconfig: don't add -Wa options with no-asm [from HEAD].
Andy Polyakov [Mon, 5 Sep 2011 16:33:48 +0000 (16:33 +0000)]
config: don't add -Wa options with no-asm [from HEAD].

8 years agooops
Bodo Möller [Mon, 5 Sep 2011 13:43:53 +0000 (13:43 +0000)]
oops

8 years agoFix session handling.
Bodo Möller [Mon, 5 Sep 2011 13:36:55 +0000 (13:36 +0000)]
Fix session handling.

8 years agoFix d2i_SSL_SESSION.
Bodo Möller [Mon, 5 Sep 2011 13:31:07 +0000 (13:31 +0000)]
Fix d2i_SSL_SESSION.

8 years ago(EC)DH memory handling fixes.
Bodo Möller [Mon, 5 Sep 2011 10:25:27 +0000 (10:25 +0000)]
(EC)DH memory handling fixes.

Submitted by: Adam Langley

8 years agoFix memory leak on bad inputs.
Bodo Möller [Mon, 5 Sep 2011 09:57:15 +0000 (09:57 +0000)]
Fix memory leak on bad inputs.

8 years agomake update
Bodo Möller [Mon, 5 Sep 2011 09:44:54 +0000 (09:44 +0000)]
make update

8 years agoFix expected DEFFLAG for default config.
Bodo Möller [Mon, 5 Sep 2011 09:43:56 +0000 (09:43 +0000)]
Fix expected DEFFLAG for default config.

8 years agoFix error codes.
Bodo Möller [Mon, 5 Sep 2011 09:42:55 +0000 (09:42 +0000)]
Fix error codes.

8 years agoDon't use *from++ in tolower as this is implemented as a macro on some
Dr. Stephen Henson [Fri, 2 Sep 2011 11:28:18 +0000 (11:28 +0000)]
Don't use *from++ in tolower as this is implemented as a macro on some
platforms. Thanks to Shayne Murray <Shayne.Murray@Polycom.com> for
reporting this issue.

8 years agoPR: 2576
Dr. Stephen Henson [Fri, 2 Sep 2011 11:20:32 +0000 (11:20 +0000)]
PR: 2576
Submitted by: Doug Goldstein <cardoe@gentoo.org>
Reviewed by: steve

Include header file stdlib.h which is needed on some platforms to get
getenv() declaration.

8 years agoPR: 2340
Dr. Stephen Henson [Thu, 1 Sep 2011 15:01:55 +0000 (15:01 +0000)]
PR: 2340
Submitted by: "Mauro H. Leggieri" <mxmauro@caiman.com.ar>
Reviewed by: steve

Stop warnings if OPENSSL_NO_DGRAM is defined.

8 years agomake timing attack protection unconditional
Dr. Stephen Henson [Thu, 1 Sep 2011 14:23:22 +0000 (14:23 +0000)]
make timing attack protection unconditional

8 years agoPR: 2573
Dr. Stephen Henson [Thu, 1 Sep 2011 14:02:14 +0000 (14:02 +0000)]
PR: 2573
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS buffering and decryption bug.

8 years agoPR: 2589
Dr. Stephen Henson [Thu, 1 Sep 2011 13:52:38 +0000 (13:52 +0000)]
PR: 2589
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Initialise p pointer.

8 years agoPR: 2588
Dr. Stephen Henson [Thu, 1 Sep 2011 13:49:08 +0000 (13:49 +0000)]
PR: 2588
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Close file pointer.

8 years agoPR: 2586
Dr. Stephen Henson [Thu, 1 Sep 2011 13:45:35 +0000 (13:45 +0000)]
PR: 2586
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Zero structure fields properly.

8 years agoPR: 2586
Dr. Stephen Henson [Thu, 1 Sep 2011 13:37:28 +0000 (13:37 +0000)]
PR: 2586
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Fix brace mismatch.

8 years agoUpdate ordinals.
Dr. Stephen Henson [Fri, 26 Aug 2011 10:45:17 +0000 (10:45 +0000)]
Update ordinals.

8 years agoAdd RC4-MD5 and AESNI-SHA1 "stitched" implementations [from HEAD].
Andy Polyakov [Tue, 23 Aug 2011 20:53:34 +0000 (20:53 +0000)]
Add RC4-MD5 and AESNI-SHA1 "stitched" implementations [from HEAD].

8 years agoeng_rsax.c: improve portability [from HEAD].
Andy Polyakov [Mon, 22 Aug 2011 19:01:41 +0000 (19:01 +0000)]
eng_rsax.c: improve portability [from HEAD].

8 years agomodexp512-x86_64.pl: make it work with ml64 [from HEAD].
Andy Polyakov [Fri, 19 Aug 2011 06:31:27 +0000 (06:31 +0000)]
modexp512-x86_64.pl: make it work with ml64 [from HEAD].

8 years agoRemove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
Dr. Stephen Henson [Sun, 14 Aug 2011 13:47:30 +0000 (13:47 +0000)]
Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.

8 years agoeng_rsax.c: make it work on Win64.
Andy Polyakov [Sun, 14 Aug 2011 08:38:04 +0000 (08:38 +0000)]
eng_rsax.c: make it work on Win64.

8 years agoeng_rdrand.c: make it link in './config 386' case [from HEAD].
Andy Polyakov [Sun, 14 Aug 2011 08:31:14 +0000 (08:31 +0000)]
eng_rdrand.c: make it link in './config 386' case [from HEAD].

8 years agox86_64-xlate.pl: fix movzw [from HEAD].
Andy Polyakov [Fri, 12 Aug 2011 21:25:23 +0000 (21:25 +0000)]
x86_64-xlate.pl: fix movzw [from HEAD].

8 years agoAlpha assembler fixed from HEAD.
Andy Polyakov [Fri, 12 Aug 2011 12:31:08 +0000 (12:31 +0000)]
Alpha assembler fixed from HEAD.
PR: 2577

8 years agoaesni TLS GCM support
Dr. Stephen Henson [Thu, 11 Aug 2011 23:06:37 +0000 (23:06 +0000)]
aesni TLS GCM support

8 years agoSync EVP AES modes from HEAD.
Dr. Stephen Henson [Thu, 11 Aug 2011 22:52:06 +0000 (22:52 +0000)]
Sync EVP AES modes from HEAD.

8 years agoAdd XTS OIDs from HEAD.
Dr. Stephen Henson [Thu, 11 Aug 2011 22:51:37 +0000 (22:51 +0000)]
Add XTS OIDs from HEAD.

8 years agoSync ASM/modes to add CCM and XTS modes and assembly language optimisation
Dr. Stephen Henson [Thu, 11 Aug 2011 22:36:19 +0000 (22:36 +0000)]
Sync ASM/modes to add CCM and XTS modes and assembly language optimisation
(from HEAD, original by Andy).

8 years agoprevent compilation errors and warnings
Dr. Stephen Henson [Thu, 11 Aug 2011 21:12:01 +0000 (21:12 +0000)]
prevent compilation errors and warnings

8 years agoAdd provisory support for RDRAND [from HEAD].
Andy Polyakov [Wed, 10 Aug 2011 18:53:13 +0000 (18:53 +0000)]
Add provisory support for RDRAND [from HEAD].

8 years agoBackport GCM support from HEAD.
Dr. Stephen Henson [Thu, 4 Aug 2011 11:13:28 +0000 (11:13 +0000)]
Backport GCM support from HEAD.

8 years agoBackport GCM support from HEAD. Minimal support at present: no assembly
Dr. Stephen Henson [Thu, 4 Aug 2011 11:12:38 +0000 (11:12 +0000)]
Backport GCM support from HEAD. Minimal support at present: no assembly
language optimisation. [original by Andy]

8 years agofix memory leak
Dr. Stephen Henson [Wed, 3 Aug 2011 16:40:14 +0000 (16:40 +0000)]
fix memory leak

8 years agorecognise ecdsaWithSHA1 OID
Dr. Stephen Henson [Thu, 28 Jul 2011 14:42:53 +0000 (14:42 +0000)]
recognise ecdsaWithSHA1 OID

8 years agoDisable rsax for Windows: it doesn't currently work.
Dr. Stephen Henson [Mon, 25 Jul 2011 23:45:49 +0000 (23:45 +0000)]
Disable rsax for Windows: it doesn't currently work.

8 years agoAdd HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and
Dr. Stephen Henson [Mon, 25 Jul 2011 21:45:17 +0000 (21:45 +0000)]
Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and
prohibit use of these ciphersuites for TLS < 1.2

8 years agoBack-port TLS AEAD framework [from HEAD].
Andy Polyakov [Thu, 21 Jul 2011 19:22:57 +0000 (19:22 +0000)]
Back-port TLS AEAD framework [from HEAD].

8 years agostop warnings
Dr. Stephen Henson [Thu, 21 Jul 2011 13:45:17 +0000 (13:45 +0000)]
stop warnings

8 years agoAdd RSAX builtin engine [from HEAD].
Andy Polyakov [Wed, 20 Jul 2011 21:51:33 +0000 (21:51 +0000)]
Add RSAX builtin engine [from HEAD].

8 years agoPR: 2559
Dr. Stephen Henson [Wed, 20 Jul 2011 15:22:02 +0000 (15:22 +0000)]
PR: 2559
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS socket error bug

8 years agoPR: 2555
Dr. Stephen Henson [Wed, 20 Jul 2011 15:17:42 +0000 (15:17 +0000)]
PR: 2555
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS sequence number bug

8 years agoPR: 2550
Dr. Stephen Henson [Wed, 20 Jul 2011 15:13:43 +0000 (15:13 +0000)]
PR: 2550
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS HelloVerifyRequest Timer bug

8 years agoPR: 2556 (partial)
Dr. Stephen Henson [Thu, 14 Jul 2011 12:01:36 +0000 (12:01 +0000)]
PR: 2556 (partial)
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve

Fix OID routines.

Check on encoding leading zero rejection should start at beginning of
encoding.

Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.

8 years agoms/uplink.c: fix Visual Studio 2010 warning [from HEAD].
Andy Polyakov [Wed, 13 Jul 2011 14:54:56 +0000 (14:54 +0000)]
ms/uplink.c: fix Visual Studio 2010 warning [from HEAD].

8 years agoconfig: config: detect if assembler supports --noexecstack and pass it down
Andy Polyakov [Wed, 13 Jul 2011 14:25:22 +0000 (14:25 +0000)]
config: config: detect if assembler supports --noexecstack and pass it down
[from HEAD].

8 years agoperlasm/cbc.pl: fix tail processing bug [from HEAD].
Andy Polyakov [Wed, 13 Jul 2011 06:22:46 +0000 (06:22 +0000)]
perlasm/cbc.pl: fix tail processing bug [from HEAD].
PR: 2557

8 years agoFix typo.
Bodo Möller [Mon, 11 Jul 2011 12:13:56 +0000 (12:13 +0000)]
Fix typo.

Submitted by: Jim Morrison

8 years agoUpdate ordinals.
Dr. Stephen Henson [Fri, 8 Jul 2011 12:12:30 +0000 (12:12 +0000)]
Update ordinals.

8 years agox86_64-xlate.pl: update from HEAD.
Andy Polyakov [Mon, 4 Jul 2011 13:11:55 +0000 (13:11 +0000)]
x86_64-xlate.pl: update from HEAD.

8 years agosha1-x86_64.pl: nasm-related update from HEAD.
Andy Polyakov [Mon, 4 Jul 2011 13:01:42 +0000 (13:01 +0000)]
sha1-x86_64.pl: nasm-related update from HEAD.

8 years agosha1-x86_64.pl: fix win64-specific typos and add masm support [from HEAD].
Andy Polyakov [Fri, 1 Jul 2011 21:24:39 +0000 (21:24 +0000)]
sha1-x86_64.pl: fix win64-specific typos and add masm support [from HEAD].

8 years agox86_64-xlate.pl: masm-specific update.
Andy Polyakov [Fri, 1 Jul 2011 21:22:13 +0000 (21:22 +0000)]
x86_64-xlate.pl: masm-specific update.

8 years agoNo need for trailing slash any more.
Dr. Stephen Henson [Fri, 1 Jul 2011 14:15:02 +0000 (14:15 +0000)]
No need for trailing slash any more.

8 years agoFix assembly language function renaming so it works on WIN64.
Dr. Stephen Henson [Fri, 1 Jul 2011 14:13:52 +0000 (14:13 +0000)]
Fix assembly language function renaming so it works on WIN64.

8 years agoConfigure: add aesni-x86_64.o to VC-WIN64A line.
Andy Polyakov [Tue, 28 Jun 2011 18:20:25 +0000 (18:20 +0000)]
Configure: add aesni-x86_64.o to VC-WIN64A line.

8 years agorc4-x86[_64].pl: back-sync with original 1.0.1.
Andy Polyakov [Tue, 28 Jun 2011 15:04:31 +0000 (15:04 +0000)]
rc4-x86[_64].pl: back-sync with original 1.0.1.

8 years agoAES-NI backport from HEAD. Note that e_aes.c doesn't implement all modes
Andy Polyakov [Tue, 28 Jun 2011 14:49:35 +0000 (14:49 +0000)]
AES-NI backport from HEAD. Note that e_aes.c doesn't implement all modes
from HEAD yet, more will be back-ported later.

8 years agox86[_64] assembler pack: back-port SHA1 and RC4 from HEAD.
Andy Polyakov [Tue, 28 Jun 2011 13:53:50 +0000 (13:53 +0000)]
x86[_64] assembler pack: back-port SHA1 and RC4 from HEAD.

8 years agox86[_64]cpuid.pl: harmonize OPENSSL_ia32_cpuid [from HEAD].
Andy Polyakov [Tue, 28 Jun 2011 13:40:19 +0000 (13:40 +0000)]
x86[_64]cpuid.pl: harmonize OPENSSL_ia32_cpuid [from HEAD].

8 years agox86[_64] perlasm: pull-in from HEAD.
Andy Polyakov [Tue, 28 Jun 2011 13:33:47 +0000 (13:33 +0000)]
x86[_64] perlasm: pull-in from HEAD.

8 years agoExpand OPENSSL_ia32cap_P to 64 bits. It might appear controversial, because
Andy Polyakov [Tue, 28 Jun 2011 13:31:58 +0000 (13:31 +0000)]
Expand OPENSSL_ia32cap_P to 64 bits. It might appear controversial, because
such operation can be considered as breaking binary compatibility. However!
OPNESSL_ia32cap_P is accessed by application through pointer returned by
OPENSSL_ia32cap_loc() and such change of *internal* OPENSSL_ia32cap_P
declaration is possible specifically on little-endian platforms, such as
x86[_64] ones in question. In addition, if 32-bit application calls
OPENSSL_ia32cap_loc(), it clears upper half of capability vector maintaining
the illusion that it's still 32 bits wide.

8 years agoauto detect configuration using KERNEL_BITS and CC
Dr. Stephen Henson [Mon, 27 Jun 2011 11:39:01 +0000 (11:39 +0000)]
auto detect configuration using KERNEL_BITS and CC

8 years agoallow KERNEL_BITS to be specified in the environment
Dr. Stephen Henson [Fri, 24 Jun 2011 14:04:18 +0000 (14:04 +0000)]
allow KERNEL_BITS to be specified in the environment

8 years agoPR: 2470
Dr. Stephen Henson [Wed, 22 Jun 2011 15:38:40 +0000 (15:38 +0000)]
PR: 2470
Submitted by: Corinna Vinschen <vinschen@redhat.com>
Reviewed by: steve

Don't call ERR_remove_state from DllMain.

8 years agoPR: 2543
Dr. Stephen Henson [Wed, 22 Jun 2011 15:30:04 +0000 (15:30 +0000)]
PR: 2543
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Correctly handle errors in DTLSv1_handle_timeout()

8 years agoPR: 2540
Dr. Stephen Henson [Wed, 22 Jun 2011 15:23:40 +0000 (15:23 +0000)]
PR: 2540
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Prevent infinite loop in BN_GF2m_mod_inv().

8 years agocorrectly encode OIDs near 2^32
Dr. Stephen Henson [Wed, 22 Jun 2011 15:15:48 +0000 (15:15 +0000)]
correctly encode OIDs near 2^32

8 years agoallow MD5 use for computing old format hash links
Dr. Stephen Henson [Wed, 22 Jun 2011 02:18:06 +0000 (02:18 +0000)]
allow MD5 use for computing old format hash links

8 years agoDon't set FIPS rand method at same time as RAND method as this can cause
Dr. Stephen Henson [Tue, 21 Jun 2011 17:08:25 +0000 (17:08 +0000)]
Don't set FIPS rand method at same time as RAND method as this can cause
the FIPS library to fail. Applications that want to set the FIPS rand
method can do so explicitly and presumably they know what they are doing...

8 years agoAdd FIPS error codes.
Dr. Stephen Henson [Tue, 21 Jun 2011 16:58:10 +0000 (16:58 +0000)]
Add FIPS error codes.

8 years agoStop warning.
Dr. Stephen Henson [Tue, 21 Jun 2011 16:42:15 +0000 (16:42 +0000)]
Stop warning.

8 years agoRename all AES_set*() functions using private_ prefix.
Dr. Stephen Henson [Tue, 21 Jun 2011 16:23:42 +0000 (16:23 +0000)]
Rename all AES_set*() functions using private_ prefix.

8 years agomake EVP_dss() work for DSA signing
Dr. Stephen Henson [Mon, 20 Jun 2011 20:05:13 +0000 (20:05 +0000)]
make EVP_dss() work for DSA signing

8 years agoRedirect null cipher to FIPS module.
Dr. Stephen Henson [Mon, 20 Jun 2011 20:00:10 +0000 (20:00 +0000)]
Redirect null cipher to FIPS module.

8 years agoDon't set default public key methods in FIPS mode so applications
Dr. Stephen Henson [Mon, 20 Jun 2011 19:41:13 +0000 (19:41 +0000)]
Don't set default public key methods in FIPS mode so applications
can switch between modes.

8 years agoSet FIPSLINK correctly now trailing slash is removed from FIPSDIR.
Dr. Stephen Henson [Sat, 18 Jun 2011 19:35:03 +0000 (19:35 +0000)]
Set FIPSLINK correctly now trailing slash is removed from FIPSDIR.

8 years agoDon't add trailing slash to FIPSDIR: it causes problems with Windows builds.
Dr. Stephen Henson [Sat, 18 Jun 2011 19:02:12 +0000 (19:02 +0000)]
Don't add trailing slash to FIPSDIR: it causes problems with Windows builds.

8 years agoPreliminary WIN32 support for FIPS capable OpenSSL building.
Dr. Stephen Henson [Fri, 17 Jun 2011 12:50:40 +0000 (12:50 +0000)]
Preliminary WIN32 support for FIPS capable OpenSSL building.

8 years agoFix the version history: given that 1.0.1 has yet to be released,
Bodo Möller [Wed, 15 Jun 2011 14:23:44 +0000 (14:23 +0000)]
Fix the version history: given that 1.0.1 has yet to be released,
we should list "Changes between 1.0.0e and 1.0.1",
not "between 1.0.0d and 1.0.1".

8 years agoUpdate key sizes to 2048 bits.
Dr. Stephen Henson [Tue, 14 Jun 2011 15:35:49 +0000 (15:35 +0000)]
Update key sizes to 2048 bits.

Only build ssltest with fipsld.

Include FIPS mode test for ssltest.

8 years agoset FIPS allow before initialising ctx
Dr. Stephen Henson [Tue, 14 Jun 2011 15:25:41 +0000 (15:25 +0000)]
set FIPS allow before initialising ctx