Dr. Stephen Henson
5356ea7cde
reserve a few more bits for future cipher modes
2010-03-08 23:47:57 +00:00
Dr. Stephen Henson
06226df1a9
The OID sanity check was incorrect. It should only disallow *leading* 0x80
...
values.
2010-03-07 16:40:19 +00:00
Dr. Stephen Henson
bf638ef026
don't add digest alias if signature algorithm is undefined
2010-03-06 20:47:45 +00:00
Dr. Stephen Henson
07973d5db8
Fix memory leak: free up ENGINE functional reference if digest is not
...
found in an ENGINE.
2010-03-05 13:33:43 +00:00
Dr. Stephen Henson
d92138f703
don't mix definitions and code
2010-03-03 15:30:26 +00:00
Andy Polyakov
b2bf335327
Fix s390x-specific HOST_l2c|c2l [from HEAD].
...
Submitted by: Andreas Krebbel
2010-03-02 16:25:10 +00:00
Dr. Stephen Henson
33bec62a20
PR: 2178
...
Submitted by: "Kennedy, Brendan" <brendan.kennedy@intel.com>
Handle error codes correctly: cryptodev returns 0 for success whereas OpenSSL
returns 1.
2010-03-01 23:54:34 +00:00
Dr. Stephen Henson
002d3fe863
use correct prototype as in HEAD
2010-03-01 03:01:56 +00:00
Dr. Stephen Henson
fb24311e7c
'typo'
2010-03-01 01:52:47 +00:00
Dr. Stephen Henson
90278430d9
make USE_CRYPTODEV_DIGESTS work
2010-03-01 01:19:36 +00:00
Ben Laurie
bcd9d12a8d
Fix warning.
2010-02-28 13:38:16 +00:00
Dr. Stephen Henson
fc11f47229
Revert CFB block length change. Despite what SP800-38a says the input to
...
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
2010-02-26 14:41:48 +00:00
Bodo Möller
7fe747d1eb
Always check bn_wexpend() return values for failure (CVE-2009-3245).
...
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)
Submitted by: Neel Mehta
2010-02-23 10:36:30 +00:00
Bodo Möller
32567c9f3b
Fix X509_STORE locking
2010-02-19 18:26:23 +00:00
Dr. Stephen Henson
9051fc538f
PR: 2100
...
Submitted by: James Baker <jbaker@tableausoftware.com> et al.
Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:25 +00:00
Dr. Stephen Henson
6c6ca18664
The "block length" for CFB mode was incorrectly coded as 1 all the time. It
...
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
2010-02-15 19:40:30 +00:00
Dr. Stephen Henson
97fe2b40c1
Correct ECB mode EVP_CIPHER definition: IV length is 0
2010-02-15 19:25:52 +00:00
Dr. Stephen Henson
f689ab5017
add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable
2010-02-15 19:17:55 +00:00
Dr. Stephen Henson
edb7cac271
PR: 2164
...
Submitted by: "Noszticzius, Istvan" <inoszticzius@rightnow.com>
Don't clear the output buffer: ciphers should correctly the same input
and output buffers.
2010-02-15 19:01:56 +00:00
Dr. Stephen Henson
1d8fa09c80
Make assembly language versions of OPENSSL_cleanse() accept zero length
...
parameter. Backport from HEAD, orginal by appro.
2010-02-12 17:02:13 +00:00
Dr. Stephen Henson
e085e6c84c
Fix memory leak in ENGINE autoconfig code. Improve error logging.
2010-02-09 14:17:57 +00:00
Dr. Stephen Henson
c8c49133d9
oops, use new value for new flag
2010-02-07 13:54:54 +00:00
Dr. Stephen Henson
961f1dea06
make update
2010-02-07 13:47:08 +00:00
Dr. Stephen Henson
1700426256
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
...
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
2010-02-07 13:41:23 +00:00
Dr. Stephen Henson
aa7f5baad2
don't assume 0x is at start of string
2010-02-03 18:19:05 +00:00
Dr. Stephen Henson
45acdd6f6d
tolerate broken CMS/PKCS7 implementations using signature OID instead of digest
2010-02-02 14:26:32 +00:00
Dr. Stephen Henson
8b354e776b
PR: 2161
...
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.
Make no-dsa, no-ecdsa and no-rsa compile again.
2010-02-02 13:36:05 +00:00
Richard Levitte
d023b4e2dd
The previous take went wrong, try again.
2010-01-29 12:02:54 +00:00
Richard Levitte
fa79cc9c23
Architecture specific header files need special handling.
2010-01-29 11:44:40 +00:00
Dr. Stephen Henson
df21765a3e
In engine_table_select() don't clear out entire error queue: just clear
...
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
2010-01-28 17:50:23 +00:00
Dr. Stephen Henson
1cdb7854a5
PR: 2138
...
Submitted by: Kevin Regan <k.regan@f5.com>
Clear stat structure if -DPURIFY is set to avoid problems on some
platforms which include unitialised fields.
2010-01-26 18:07:41 +00:00
Dr. Stephen Henson
704d33b347
Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and
...
later.
2010-01-26 14:33:52 +00:00
Dr. Stephen Henson
b2a7515ee8
OPENSSL_isservice is now defined on all platforms not just WIN32
2010-01-26 13:58:49 +00:00
Dr. Stephen Henson
c7d5edbf5e
export OPENSSL_isservice and make update
2010-01-26 13:55:33 +00:00
Dr. Stephen Henson
78bfb45b07
PR: 2149
...
Submitted by: Douglas Stebila <douglas@stebila.ca>
Fix wap OIDs.
2010-01-25 16:07:51 +00:00
Richard Levitte
25d42c17e3
A few more macros for long symbols.
...
Submitted by Steven M. Schweda <sms@antinode.info>
2010-01-25 00:18:31 +00:00
Dr. Stephen Henson
1699389a46
Tolerate PKCS#8 DSA format with negative private key.
2010-01-22 20:17:30 +00:00
Dr. Stephen Henson
53e97e7433
update version for next beta if we have one...
2010-01-20 15:40:27 +00:00
Dr. Stephen Henson
bc0ecd202a
make update
2010-01-20 15:05:52 +00:00
Dr. Stephen Henson
b307daa23f
Prepare for beta5 release
2010-01-20 15:00:49 +00:00
Andy Polyakov
a238d7d1eb
rand_win.c: handel GetTickCount wrap-around [from HEAD].
2010-01-19 21:44:07 +00:00
Andy Polyakov
0e92313331
x86_64-xlate.pl: refine sign extension logic when handling lea [from HEAD].
...
PR: 2094,2095
2010-01-19 21:43:05 +00:00
Andy Polyakov
3e719c99f5
s390x assembler update: add support for run-time facility detection [from HEAD].
2010-01-19 21:40:58 +00:00
Dr. Stephen Henson
28dc54f6d9
Reverted patch for PR#2095. Addressed by Andy now in x86_64-xlate.pl
2010-01-17 16:58:56 +00:00
Ben Laurie
9e198c4bd0
Fix type-checking/casting issue.
2010-01-16 13:32:14 +00:00
Dr. Stephen Henson
2c627637c5
Modify compression code so it avoids using ex_data free functions. This
...
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
2010-01-13 18:46:01 +00:00
Dr. Stephen Henson
93fac08ec3
PR: 2136
...
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>
Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
2010-01-12 17:27:11 +00:00
Andy Polyakov
0d8ffc2007
b_sock.c: bind/connect are picky about socket address length [from HEAD].
2010-01-07 13:15:39 +00:00
Andy Polyakov
a32f7fb832
sendto is reportedly picky about destination socket address length [from HEAD].
...
PR: 2114
Submitted by: Robin Seggelmann
2010-01-07 10:44:21 +00:00
Andy Polyakov
496cf69e40
Fix compilation on older Linux [from HEAD].
2010-01-06 21:25:22 +00:00
Dr. Stephen Henson
2708603bb4
ENGINE_load_capi() now exists on all platforms (but no op on non-WIN32)
2010-01-06 13:20:52 +00:00
Dr. Stephen Henson
e4f1cda7de
PR: 2102
...
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>
Remove duplicate definitions.
2010-01-05 17:58:15 +00:00
Andy Polyakov
5448e6739c
b_sock.c: correct indirect calls on WinSock platforms [from HEAD].
...
PR: 2130
Submitted by: Eugeny Gostyukhin
2009-12-30 12:56:16 +00:00
Andy Polyakov
a5313cf360
sha512.c update for esoteric PPC platfrom(s) [from HEAD].
...
PR: 1998
2009-12-30 11:53:33 +00:00
Dr. Stephen Henson
aed461b431
Traditional Yuletide commit ;-)
...
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:12:24 +00:00
Bodo Möller
40c45f86d4
Constify crypto/cast.
2009-12-22 11:45:59 +00:00
Bodo Möller
a0b7277724
Constify crypto/cast.
2009-12-22 10:58:01 +00:00
Dr. Stephen Henson
2d3855fc6e
PR: 2127
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check for lookup failures in EVP_PBE_CipherInit().
2009-12-17 15:28:45 +00:00
Dr. Stephen Henson
1cd47f5f6e
Ooops revert stuff which shouldn't have been part of previous commit.
2009-12-16 20:33:11 +00:00
Dr. Stephen Henson
675564835c
New option to enable/disable connection to unpatched servers
2009-12-16 20:28:30 +00:00
Dr. Stephen Henson
a6d204e241
Add patch to crypto/evp which didn't apply from PR#2124
2009-12-09 15:02:14 +00:00
Dr. Stephen Henson
941baf6641
Revert lhash patch for PR#2124
2009-12-09 15:00:20 +00:00
Dr. Stephen Henson
aac751832a
PR: 2124
...
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>
Check for memory allocation failures.
2009-12-09 13:38:20 +00:00
Dr. Stephen Henson
7b1856e5a1
PR: 2111
...
Submitted by: Martin Olsson <molsson@opera.com>
Check for bn_wexpand errors in bn_mul.c
2009-12-02 15:28:05 +00:00
Dr. Stephen Henson
50f06b46f4
Check it actually compiles this time ;-)
2009-12-02 14:25:55 +00:00
Dr. Stephen Henson
be6076c0ad
PR: 2120
...
Submitted by: steve@openssl.org
Initialize fields correctly if pem_str or info are NULL in EVP_PKEY_asn1_new().
2009-12-02 13:57:03 +00:00
Dr. Stephen Henson
6125e07d79
check DSA_sign() return value properly
2009-12-01 18:41:50 +00:00
Dr. Stephen Henson
7805e23588
PR: 1432
...
Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org
Truncate hash if it is too large: as required by FIPS 186-3.
2009-12-01 17:32:33 +00:00
Dr. Stephen Henson
9117b9d17a
PR: 2118
...
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org
Check return value of ECDSA_sign() properly.
2009-11-30 13:53:42 +00:00
Andy Polyakov
8b9b23603f
bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER (from HEAD).
2009-11-26 20:56:05 +00:00
Andy Polyakov
a8c1b19a31
x86_64-xlate.pl: fix typo introduced in last commit.
...
PR: 2109
2009-11-23 19:51:24 +00:00
Andy Polyakov
29c8d2a54a
x86_64-xlate.pl: new gas requires sign extension.
...
x86masm.pl: fix linker warning.
PR: 2094,2095
2009-11-22 12:52:18 +00:00
Andy Polyakov
e4572e5210
bio_sock.c and bss_dgram.c: update from HEAD.
...
PR: 2069
2009-11-22 12:24:43 +00:00
Dr. Stephen Henson
5e8d95f590
PR: 2103
...
Submitted by: Rob Austein <sra@hactrn.net>
Approved by: steve@openssl.org
Initialise atm.flags to 0.
2009-11-17 13:25:35 +00:00
Dr. Stephen Henson
4e49aa0ca3
PR: 2095
...
Submitted by: Arkadiusz Miskiewicz <arekm@maven.pl>
Approved by: steve@openssl.org
Fix for out range of signed 32bit displacement error on newer binutils
in file sha1-x86_64.pl
2009-11-13 14:23:44 +00:00
Dr. Stephen Henson
4434328b0a
PR: 2088
...
Submitted by: Aleksey Samsonov <s4ms0n0v@gmail.com>
Approved by: steve@openssl.org
Fix memory leak in d2i_PublicKey().
2009-11-12 19:57:39 +00:00
Dr. Stephen Henson
9b2cfb890c
set engine to NULL after releasing it
2009-11-12 19:24:34 +00:00
Richard Levitte
b2f364ec62
Compiling vms.mar doesn't work on other than VAX.
2009-11-12 14:05:04 +00:00
Richard Levitte
b7aeb4c9b5
Another symbol longer than 31 characters.
2009-11-12 14:04:26 +00:00
Dr. Stephen Henson
e0031b1c78
Prepare for beta4 release
2009-11-10 13:15:09 +00:00
Dr. Stephen Henson
6757ef89b3
PR: 2091
...
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
If an OID has no short name or long name return the numerical representation.
2009-11-10 01:00:23 +00:00
Dr. Stephen Henson
bf6eea6536
PR: 2090
...
Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org
Improve error checking in asn1_gen.c
2009-11-10 00:47:37 +00:00
Dr. Stephen Henson
f62d1ea3d5
Combat gcc 4.4.1 aliasing rules. (from HEAD)
2009-11-09 14:09:53 +00:00
Dr. Stephen Henson
4a7f7171f5
Add missing functions to allow access to newer X509_STORE_CTX status
...
information. Add more informative message to verify callback to indicate
when CRL path validation is taking place.
2009-10-31 19:21:47 +00:00
Dr. Stephen Henson
0c2c2e71a6
If not checking all certificates don't attempt to find a CRL
...
for the leaf certificate of a CRL path.
2009-10-23 12:05:54 +00:00
Dr. Stephen Henson
d1d746afb4
Need to check <= 0 here.
2009-10-22 23:14:12 +00:00
Dr. Stephen Henson
c90a1ae0c9
make update
2009-10-18 14:44:51 +00:00
Dr. Stephen Henson
c679fb298e
Add new function X509_STORE_set_verify_cb and use it in apps
2009-10-18 14:42:27 +00:00
Dr. Stephen Henson
28418076b2
PR: 2069
...
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org
IPv6 support for DTLS.
2009-10-15 17:41:44 +00:00
Dr. Stephen Henson
ad187f8905
Fix unitialized warnings
2009-10-04 16:52:35 +00:00
Dr. Stephen Henson
2280f82fc6
Fix warnings about ignoring fgets return value
2009-10-04 16:43:21 +00:00
Dr. Stephen Henson
e6714faffb
Prevent ignored return value warning
2009-10-04 14:04:14 +00:00
Dr. Stephen Henson
af8f2bb174
Prevent aliasing warning
2009-10-04 14:02:03 +00:00
Dr. Stephen Henson
d7501c16bf
Yes it is a typo ;-)
2009-10-01 12:17:18 +00:00
Dr. Stephen Henson
50d70c01d6
PR: 2062
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BN_rand error handling in bntest.c
2009-10-01 00:21:55 +00:00
Dr. Stephen Henson
9fc601cfbb
PR: 2059
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_SealInit error handling in pem_seal.c
2009-10-01 00:17:35 +00:00
Dr. Stephen Henson
fed5333248
PR: 2056
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_wirte error handling in asn1_par.c
2009-10-01 00:11:49 +00:00
Dr. Stephen Henson
a3d5cdb07c
PR: 2063
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write error handling in ocsp_prn.c
2009-09-30 23:59:16 +00:00
Dr. Stephen Henson
d99c0f6b4a
PR: 2057
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT
error handling in OCSP print routines.
2009-09-30 23:55:29 +00:00
Dr. Stephen Henson
43f21e62aa
PR: 2058
...
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct EVP_DigestVerifyFinal error handling.
2009-09-30 23:50:10 +00:00