generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,189 Commits 16 Branches 258 Tags
Commit Graph

5308 Commits

Author SHA1 Message Date
Dr. Stephen Henson
491734eb21 Initial experimental support for X9.42 DH parameter format to handle 
RFC5114 parameters and X9.42 DH public and private keys.
(backport from HEAD)
 2012-04-07 20:22:11 +00:00
Dr. Stephen Henson
4e891a191d branches: 1.2.2; 
Correct some parameter values.
(backport from HEAD)
 2012-04-07 17:41:51 +00:00
Dr. Stephen Henson
b73a69a9c2 Update DH_check() to peform sensible checks when q parameter is present. 
(backport from HEAD)
 2012-04-07 17:40:08 +00:00
Dr. Stephen Henson
e811eff5a9 Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest. 
(backport from HEAD)
 2012-04-07 12:19:50 +00:00
Dr. Stephen Henson
a068a1d0e3 Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert 
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
(backport from HEAD)
 2012-04-06 17:35:01 +00:00
Dr. Stephen Henson
0cb9dbed4e Backport: allow key agreement in SSL/TLS certificates (from HEAD) 2012-04-06 11:36:35 +00:00
Andy Polyakov
8cd2ea552e aes-armv4.pl: make it more foolproof [inspired by aes-s390x.pl in 1.0.1]. 2012-04-05 08:32:08 +00:00
Andy Polyakov
3f0becbf75 aes-s390x.pl: fix endless loop in linux32-s390x build [from 1.0.1]. 2012-04-05 08:17:47 +00:00
Andy Polyakov
7b087bf4a9 modes_lcl.h: make it work on i386 [from HEAD]. 
PR: 2780
 2012-03-31 17:03:43 +00:00
Andy Polyakov
9df9c9d102 vpaes-x86[_64].pl: handle zero length in vpaes_cbc_encrypt [from HEAD]. 
PR: 2775
 2012-03-31 16:55:34 +00:00
Andy Polyakov
265863c6a4 bn/bn_gf2m.c: make new BN_GF2m_mod_inv work with BN_DEBUG_RAND [from HEAD]. 2012-03-30 17:41:00 +00:00
Andy Polyakov
2fee1e0666 ans1/tasn_prn.c: avoid bool in variable names [from HEAD]. 
PR: 2776
 2012-03-29 19:11:59 +00:00
Andy Polyakov
b4ff166cbc perlasm/x86masm.pl: fix last fix [from HEAD]. 2012-03-29 19:11:08 +00:00
Dr. Stephen Henson
861a0722c2 fix leak 2012-03-22 16:28:21 +00:00
Dr. Stephen Henson
b1cef8d984 Submitted by: Markus Friedl <mfriedl@gmail.com> 
Fix memory leaks in 'goto err' cases.
 2012-03-22 15:43:28 +00:00
Dr. Stephen Henson
b911523977 set version to 1.0.2-dev 2012-03-22 15:29:21 +00:00
Andy Polyakov
d68d160cb7 bsaes-x86_64.pl: optimize key conversion [from HEAD]. 2012-03-16 21:45:51 +00:00
Dr. Stephen Henson
f3dcae15ac prepare for 1.0.1 release 2012-03-14 12:04:40 +00:00
Andy Polyakov
bcf9cf89e7 x86_64-xlate.pl: remove old kludge. 
PR: 2435,2440
 2012-03-13 19:19:31 +00:00
Dr. Stephen Henson
f0729fc3e0 corrected fix to PR#2711 and also cover mime_param_cmp 2012-03-12 16:29:47 +00:00
Dr. Stephen Henson
8186c00ef3 Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and 
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
 2012-03-12 16:27:50 +00:00
Dr. Stephen Henson
66fdb1c0d4 check return value of BIO_write in PKCS7_decrypt 2012-03-08 14:02:51 +00:00
Dr. Stephen Henson
25bfdca16a PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
 2012-03-06 13:47:27 +00:00
Richard Levitte
70505bc334 For OpenVMS, use inttypes.h instead of stdint.h 2012-03-01 21:29:16 +00:00
Dr. Stephen Henson
a8595879ec PR: 2742 
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

If resigning with detached content in CMS just copy data across.
 2012-02-29 14:01:53 +00:00
Dr. Stephen Henson
33a688e806 Fix memory leak cause by race condition when creating public keys. 
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
 2012-02-28 14:47:16 +00:00
Andy Polyakov
5c2bfad9b4 x86cpuid.pl: fix processor capability detection on pre-586 [from HEAD]. 2012-02-28 14:20:34 +00:00
Dr. Stephen Henson
250f979237 PR: 2736 
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
 2012-02-27 18:45:18 +00:00
Dr. Stephen Henson
b527b6e8ff PR: 2737 
Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Fix double free in PKCS12_parse if we run out of memory.
 2012-02-27 16:46:45 +00:00
Dr. Stephen Henson
4ed1f3490e PR: 2735 
Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.
 2012-02-27 16:33:25 +00:00
Dr. Stephen Henson
0a082e9b37 free headers after use in error message 2012-02-27 16:27:09 +00:00
Dr. Stephen Henson
236a99a409 Detect symmetric crypto errors in PKCS7_decrypt. 
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
 2012-02-27 15:22:54 +00:00
Andy Polyakov
37ebc20093 seed.c: Solaris portability fix from HEAD. 2012-02-26 21:53:28 +00:00
Dr. Stephen Henson
cef781cc87 PR: 2730 
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

VMS fixes: disable SCTP by default.
 2012-02-25 17:58:03 +00:00
Dr. Stephen Henson
08e4c7a967 correct CHANGES 2012-02-23 22:13:59 +00:00
Dr. Stephen Henson
697e4edcad PR: 2711 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.
 2012-02-23 21:50:32 +00:00
Dr. Stephen Henson
b26297ca51 PR: 2696 
Submitted by: Rob Austein <sra@hactrn.net>

Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.
 2012-02-23 21:31:22 +00:00
Dr. Stephen Henson
6ca7dba0cf PR: 2727 
Submitted by: Bruce Stephens <bruce.stephens@isode.com>

Use same construct for EXHEADER in srp/Makefile as other makefiles to cope
with possibly empty EXHEADER.
 2012-02-23 13:49:22 +00:00
Dr. Stephen Henson
0cd7a0325f Additional compatibility fix for MDC2 signature format. 
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
 2012-02-15 14:14:01 +00:00
Dr. Stephen Henson
16b7c81d55 An incompatibility has always existed between the format used for RSA 
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.

This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.

Add detection in RSA_verify so either format works.

Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
 2012-02-15 14:00:09 +00:00
Dr. Stephen Henson
c714e43c8d PR: 2717 
Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7
 2012-02-11 23:38:49 +00:00
Dr. Stephen Henson
8705846710 only cleanup ctx if we need to, save ctx flags when we do 2012-02-10 16:54:56 +00:00
Andy Polyakov
d06f047b04 bn_nist.c: make new optimized code dependent on BN_LLONG [from HEAD]. 2012-02-02 07:46:19 +00:00
Andy Polyakov
ddc899bada hpux-parisc2-*: engage assembler [from HEAD] and make it link. 2012-02-02 07:42:31 +00:00
Andy Polyakov
bd479e25c7 ghash-x86.pl: engage original MMX version in no-sse2 builds [from HEAD]. 2012-01-25 17:56:25 +00:00
Andy Polyakov
eaf5bd168e x86_64-xlate.pl: 1.0.1-specific typo. 2012-01-25 17:50:23 +00:00
Dr. Stephen Henson
11ea212e8c only include evp.h once 2012-01-24 22:59:46 +00:00
Dr. Stephen Henson
cb29d8c11f only include string.h once 2012-01-24 22:58:46 +00:00
Andy Polyakov
f02f7c2c4a cryptlib.c: make even non-Windows builds "strtoull-agnostic" [from HEAD]. 2012-01-21 12:18:29 +00:00
Andy Polyakov
a1e44cc14f x86_64-xlate.pl: proper solution for RT#2620 [from HEAD]. 2012-01-21 11:35:20 +00:00