| e5641d7 | Bodo Möller | 19 October 2011, 14:59:27 UTC | BN_BLINDING multi-threading fix. Submitted by: Emilia Kasper (Google) | 19 October 2011, 14:59:27 UTC |
| 6d4c658 | Dr. Stephen Henson | 19 October 2011, 12:05:08 UTC | Typo (?) | 19 October 2011, 12:05:08 UTC |
| 0a7fcce | Dr. Stephen Henson | 19 October 2011, 11:47:21 UTC | Build fipscanister.o only by default. Utility build now needs make build_tests | 19 October 2011, 11:47:21 UTC |
| 6b0ac88 | Dr. Stephen Henson | 19 October 2011, 11:44:25 UTC | Recognise new option. | 19 October 2011, 11:44:25 UTC |
| 7d8bb91 | Bodo Möller | 19 October 2011, 09:24:22 UTC | Fix indentation | 19 October 2011, 09:24:22 UTC |
| e0d6132 | Bodo Möller | 19 October 2011, 08:59:53 UTC | Fix warnings. Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code. | 19 October 2011, 08:59:53 UTC |
| e3fed9f | Dr. Stephen Henson | 18 October 2011, 22:11:11 UTC | Update premain fingerprint. | 18 October 2011, 22:11:11 UTC |
| 3e00b4c | Bodo Möller | 18 October 2011, 19:43:16 UTC | Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these; -DEC_NISTP224_64_GCC_128 no longer works.) Submitted by: Google Inc. | 18 October 2011, 19:43:16 UTC |
| 4c3a7a0 | Andy Polyakov | 18 October 2011, 18:59:33 UTC | fipssyms.h: assign alias to newly introduced bn_gather5. | 18 October 2011, 18:59:33 UTC |
| 10db9f9 | Andy Polyakov | 18 October 2011, 18:56:09 UTC | fips/*: extend fipsro segmenting to all _MSC_VER builds (including WinCE). | 18 October 2011, 18:56:09 UTC |
| 9f0d2e1 | Andy Polyakov | 18 October 2011, 18:52:05 UTC | fips_enc.c: assign minimal block size to bad_cipher [to avoid arithmetic exceptions in TLS layer]. | 18 October 2011, 18:52:05 UTC |
| 5d77cdc | Andy Polyakov | 18 October 2011, 13:39:47 UTC | engines/.cvsignore: stop whining about e_padlock-*.s. | 18 October 2011, 13:39:47 UTC |
| 07904e0 | Andy Polyakov | 18 October 2011, 13:37:26 UTC | evp/e_aes.c: fold AES-NI modes that heavily rely on indirect calls (trade 2% small-block performance), engage bit-sliced AES in GCM. | 18 October 2011, 13:37:26 UTC |
| 4010b34 | Andy Polyakov | 18 October 2011, 09:50:23 UTC | x86_64-xlate.pl: make vpaes-x86_64.pl and rc4-md5-x86_64 work with ml64, fix bug in .crt section alignment. PR: 2620, 2624 | 18 October 2011, 09:50:23 UTC |
| 5a32646 | Andy Polyakov | 18 October 2011, 09:22:04 UTC | bsaes-x86_64.pl: make it work with ml64. | 18 October 2011, 09:22:04 UTC |
| 3b7c14b | Andy Polyakov | 18 October 2011, 08:03:02 UTC | [bs|vp]aes-x86[_64].pl: typos and clarifications. | 18 October 2011, 08:03:02 UTC |
| e2473dc | Andy Polyakov | 18 October 2011, 07:53:50 UTC | c_allc.c: add aes-xts to loop. | 18 October 2011, 07:53:50 UTC |
| 1db4a63 | Dr. Stephen Henson | 18 October 2011, 00:02:42 UTC | Do global replace to remove assembly language object files. | 18 October 2011, 00:02:42 UTC |
| 78f288d | Andy Polyakov | 17 October 2011, 23:35:00 UTC | bn_mont.c: get corner cases right in updated BN_from_montgomery_word. | 17 October 2011, 23:35:00 UTC |
| 8329e2e | Andy Polyakov | 17 October 2011, 17:41:49 UTC | bn_exp.c: further optimizations using more ideas from http://eprint.iacr.org/2011/239. | 17 October 2011, 17:41:49 UTC |
| 3f66f20 | Andy Polyakov | 17 October 2011, 17:39:59 UTC | x86_64-mont.pl: minor optimization. | 17 October 2011, 17:39:59 UTC |
| 2534891 | Andy Polyakov | 17 October 2011, 17:24:28 UTC | bn_mont.c: simplify BN_from_montgomery_word. | 17 October 2011, 17:24:28 UTC |
| 79ba545 | Andy Polyakov | 17 October 2011, 17:20:48 UTC | bn_shift.c: minimize reallocations, which allows BN_FLG_STATIC_DATA to be shifted in specific cases. | 17 October 2011, 17:20:48 UTC |
| 993adc0 | Andy Polyakov | 17 October 2011, 17:10:54 UTC | Engage bsaes-x86_64.pl, bit-sliced AES. | 17 October 2011, 17:10:54 UTC |
| bc1b04d | Dr. Stephen Henson | 16 October 2011, 12:31:49 UTC | L=3072, N=256 provides 128 bits of security not 112. | 16 October 2011, 12:31:49 UTC |
| 8fcdb1e | Andy Polyakov | 15 October 2011, 08:32:16 UTC | Add android-x86. | 15 October 2011, 08:32:16 UTC |
| e1db7c4 | Dr. Stephen Henson | 14 October 2011, 23:51:58 UTC | Clarify usage message. | 14 October 2011, 23:51:58 UTC |
| ffbfbef | Dr. Stephen Henson | 14 October 2011, 22:04:14 UTC | more vxworks patches | 14 October 2011, 22:04:14 UTC |
| 1fb2e0f | Dr. Stephen Henson | 14 October 2011, 17:28:10 UTC | Allow override of GCCVER and noexecstack checking from environment. Vxworks support. | 14 October 2011, 17:28:10 UTC |
| 41a846c | Dr. Stephen Henson | 14 October 2011, 15:15:20 UTC | Don't use TPREFIX shell variable for minimal script. | 14 October 2011, 15:15:20 UTC |
| 3335b6f | Dr. Stephen Henson | 14 October 2011, 13:00:08 UTC | Add usage messages. | 14 October 2011, 13:00:08 UTC |
| 027026d | Andy Polyakov | 14 October 2011, 09:32:06 UTC | e_aes.c: fix bug in aesni_gcm_tls_cipher. | 14 October 2011, 09:32:06 UTC |
| 9ee5916 | Andy Polyakov | 14 October 2011, 09:15:19 UTC | aesni-x86[_64].pl: fix bug in CCM code. | 14 October 2011, 09:15:19 UTC |
| af9b610 | Andy Polyakov | 13 October 2011, 19:46:44 UTC | Remove eng_aesni.c as AES-NI support is integrated directly at EVP. | 13 October 2011, 19:46:44 UTC |
| 8bfc647 | Bodo Möller | 13 October 2011, 15:07:08 UTC | use -no_ecdhe when using -no_dhe | 13 October 2011, 15:07:08 UTC |
| 4f20157 | Bodo Möller | 13 October 2011, 14:29:59 UTC | Oops - ectest.c finds further problems beyond those exposed by bntext.c | 13 October 2011, 14:29:59 UTC |
| 0a06ad7 | Bodo Möller | 13 October 2011, 14:21:39 UTC | Avoid failed assertion in BN_DEBUG builds | 13 October 2011, 14:21:39 UTC |
| bf6d2f9 | Bodo Möller | 13 October 2011, 13:41:34 UTC | Make CTR mode behaviour consistent with other modes: - clear ctx->num in EVP_CipherInit_ex - adapt e_eas.c changes from http://cvs.openssl.org/chngview?cn=19816 for eng_aesni.c Submitted by: Emilia Kasper | 13 October 2011, 13:41:34 UTC |
| 9d74bef | Bodo Möller | 13 October 2011, 13:27:09 UTC | Clarify warning | 13 October 2011, 13:27:09 UTC |
| 8b37d33 | Bodo Möller | 13 October 2011, 13:20:33 UTC | typo | 13 October 2011, 13:20:33 UTC |
| 3ddc06f | Bodo Möller | 13 October 2011, 13:05:58 UTC | In ssl3_clear, preserve s3->init_extra along with s3->rbuf. Submitted by: Bob Buckholz <bbuckholz@google.com> | 13 October 2011, 13:05:58 UTC |
| cdfe0fd | Bodo Möller | 13 October 2011, 12:35:10 UTC | Fix OPENSSL_BN_ASM_MONT5 for corner cases; add a test. Submitted by: Emilia Kasper | 13 October 2011, 12:35:10 UTC |
| 5936521 | Dr. Stephen Henson | 12 October 2011, 22:41:33 UTC | Print curve type for signature tests. | 12 October 2011, 22:41:33 UTC |
| 35882b6 | Dr. Stephen Henson | 12 October 2011, 21:55:03 UTC | increase test RSA key size to 1024 bits | 12 October 2011, 21:55:03 UTC |
| ce01482 | Dr. Stephen Henson | 12 October 2011, 18:48:01 UTC | Update README.FIPS for new FIPS 2.0 testvectors. | 12 October 2011, 18:48:01 UTC |
| 7fc78f1 | Dr. Stephen Henson | 12 October 2011, 17:27:08 UTC | Remove o_init.o special case from Makefile: this doesn't work. | 12 October 2011, 17:27:08 UTC |
| 98bc806 | Dr. Stephen Henson | 12 October 2011, 17:18:38 UTC | Skip ECDH sanity check. Add --compare-all to run comparison tests on all files instead of sanity checks. | 12 October 2011, 17:18:38 UTC |
| a2b6dc9 | Dr. Stephen Henson | 12 October 2011, 17:03:15 UTC | Handle partial test where H is absent: needed to check g generation. | 12 October 2011, 17:03:15 UTC |
| df36faa | Dr. Stephen Henson | 12 October 2011, 15:35:34 UTC | Update instructions. | 12 October 2011, 15:35:34 UTC |
| e15acd9 | Dr. Stephen Henson | 12 October 2011, 15:33:54 UTC | Updates to handle some verification of v2 tests. Now enable v2 by default and require a --disable-v2 option to run the old v1 tests. | 12 October 2011, 15:33:54 UTC |
| a854818 | Dr. Stephen Henson | 12 October 2011, 15:32:57 UTC | Handle broken test on verify too. | 12 October 2011, 15:32:57 UTC |
| c1f63b5 | Dr. Stephen Henson | 12 October 2011, 13:17:19 UTC | ECDH POST selftest failure inducing support. | 12 October 2011, 13:17:19 UTC |
| cf61940 | Dr. Stephen Henson | 12 October 2011, 13:06:45 UTC | Fix warnings. | 12 October 2011, 13:06:45 UTC |
| dafd5b5 | Dr. Stephen Henson | 12 October 2011, 12:55:58 UTC | Only include one ECDH selftest. | 12 October 2011, 12:55:58 UTC |
| 6c8ce3c | Andy Polyakov | 11 October 2011, 21:07:53 UTC | e_padlock-x86[_64].pl: protection against prefetch errata. | 11 October 2011, 21:07:53 UTC |
| 3231e42 | Dr. Stephen Henson | 11 October 2011, 18:15:31 UTC | update pkey method initialisation and copy | 11 October 2011, 18:15:31 UTC |
| cd366cf | Dr. Stephen Henson | 11 October 2011, 17:44:26 UTC | print out subgroup order if present | 11 October 2011, 17:44:26 UTC |
| a59163f | Dr. Stephen Henson | 10 October 2011, 20:35:09 UTC | def_rsa_finish not used any more. | 10 October 2011, 20:35:09 UTC |
| fe4394c | Dr. Stephen Henson | 10 October 2011, 19:09:01 UTC | remove some debugging code | 10 October 2011, 19:09:01 UTC |
| 84a75ba | Dr. Stephen Henson | 10 October 2011, 14:08:55 UTC | fix leak properly this time... | 10 October 2011, 14:08:55 UTC |
| eb47b2f | Dr. Stephen Henson | 10 October 2011, 12:56:18 UTC | add GCM ciphers in SSL_library_init | 10 October 2011, 12:56:18 UTC |
| a0f2130 | Dr. Stephen Henson | 10 October 2011, 12:41:11 UTC | disable GCM if not available | 10 October 2011, 12:41:11 UTC |
| 7d7c13c | Dr. Stephen Henson | 09 October 2011, 23:26:39 UTC | Don't disable TLS v1.2 by default now. | 09 October 2011, 23:26:39 UTC |
| 0feb83e | Dr. Stephen Henson | 09 October 2011, 23:16:20 UTC | Synv ordinals with 1.0.1-stable. | 09 October 2011, 23:16:20 UTC |
| ccbb9ba | Dr. Stephen Henson | 09 October 2011, 23:11:55 UTC | fix CHANGES entry | 09 October 2011, 23:11:55 UTC |
| 42753a4 | Dr. Stephen Henson | 09 October 2011, 23:08:15 UTC | fix memory leaks | 09 October 2011, 23:08:15 UTC |
| b1d3e9d | Andy Polyakov | 09 October 2011, 21:53:53 UTC | e_padlock-x86_64.pl: brown-bag bug in stack pointer handling. | 09 October 2011, 21:53:53 UTC |
| 7bd4095 | Dr. Stephen Henson | 09 October 2011, 15:29:43 UTC | Sync ordinals with 1.0.1-stable. | 09 October 2011, 15:29:43 UTC |
| 58b75e9 | Dr. Stephen Henson | 09 October 2011, 00:56:52 UTC | PR: 2482 Submitted by: Rob Austein <sra@hactrn.net> Reviewed by: steve Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann. | 09 October 2011, 00:56:52 UTC |
| 08d62e9 | Andy Polyakov | 08 October 2011, 21:37:44 UTC | e_padlock-x86[_64].pl: SHA fixes, comply with specification and fix bug. | 08 October 2011, 21:37:44 UTC |
| 549cd65 | Dr. Stephen Henson | 07 October 2011, 18:18:50 UTC | Add fips/ecdh directory. | 07 October 2011, 18:18:50 UTC |
| 43206a2 | Dr. Stephen Henson | 07 October 2011, 15:18:09 UTC | New -force_pubkey option to x509 utility to supply a different public key to the one in a request. This is useful for cases where the public key cannot be used for signing e.g. DH. | 07 October 2011, 15:18:09 UTC |
| 6dd5473 | Dr. Stephen Henson | 07 October 2011, 15:07:19 UTC | use client version when eliminating TLS v1.2 ciphersuites in client hello | 07 October 2011, 15:07:19 UTC |
| 66bb328 | Dr. Stephen Henson | 06 October 2011, 20:44:02 UTC | ? crypto/aes/aes-armv4.S ? crypto/aes/aesni-sha1-x86_64.s ? crypto/aes/aesni-x86_64.s ? crypto/aes/foo.pl ? crypto/aes/vpaes-x86_64.s ? crypto/bn/.bn_lib.c.swp ? crypto/bn/armv4-gf2m.S ? crypto/bn/diffs ? crypto/bn/modexp512-x86_64.s ? crypto/bn/x86_64-gf2m.s ? crypto/bn/x86_64-mont5.s ? crypto/ec/bc.txt ? crypto/ec/diffs ? crypto/modes/a.out ? crypto/modes/diffs ? crypto/modes/ghash-armv4.S ? crypto/modes/ghash-x86_64.s ? crypto/modes/op.h ? crypto/modes/tst.c ? crypto/modes/x.h ? crypto/objects/.obj_xref.txt.swp ? crypto/rand/diffs ? crypto/sha/sha-512 ? crypto/sha/sha1-armv4-large.S ? crypto/sha/sha256-armv4.S ? crypto/sha/sha512-armv4.S Index: crypto/objects/obj_xref.c =================================================================== RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v retrieving revision 1.9 diff -u -r1.9 obj_xref.c --- crypto/objects/obj_xref.c 5 Nov 2008 18:38:58 -0000 1.9 +++ crypto/objects/obj_xref.c 6 Oct 2011 20:30:21 -0000 @@ -110,8 +110,10 @@ #endif if (rv == NULL) return 0; - *pdig_nid = rv->hash_id; - *ppkey_nid = rv->pkey_id; + if (pdig_nid) + *pdig_nid = rv->hash_id; + if (ppkey_nid) + *ppkey_nid = rv->pkey_id; return 1; } @@ -144,7 +146,8 @@ #endif if (rv == NULL) return 0; - *psignid = (*rv)->sign_id; + if (psignid) + *psignid = (*rv)->sign_id; return 1; } Index: crypto/x509/x509type.c =================================================================== RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v retrieving revision 1.10 diff -u -r1.10 x509type.c --- crypto/x509/x509type.c 26 Oct 2007 12:06:33 -0000 1.10 +++ crypto/x509/x509type.c 6 Oct 2011 20:36:04 -0000 @@ -100,20 +100,26 @@ break; } - i=X509_get_signature_type(x); - switch (i) + i=OBJ_obj2nid(x->sig_alg->algorithm); + if (i && OBJ_find_sigid_algs(i, NULL, &i)) { - case EVP_PKEY_RSA: - ret|=EVP_PKS_RSA; - break; - case EVP_PKEY_DSA: - ret|=EVP_PKS_DSA; - break; - case EVP_PKEY_EC: - ret|=EVP_PKS_EC; - break; - default: - break; + + switch (i) + { + case NID_rsaEncryption: + case NID_rsa: + ret|=EVP_PKS_RSA; + break; + case NID_dsa: + case NID_dsa_2: + ret|=EVP_PKS_DSA; + break; + case NID_X9_62_id_ecPublicKey: + ret|=EVP_PKS_EC; + break; + default: + break; + } } if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look | 06 October 2011, 20:44:02 UTC |
| 50452b2 | Andy Polyakov | 05 October 2011, 17:03:44 UTC | e_padlock: add CTR mode. | 05 October 2011, 17:03:44 UTC |
| d18762f | Andy Polyakov | 04 October 2011, 11:21:33 UTC | e_padlock-x86_64.pl: fix typo. | 04 October 2011, 11:21:33 UTC |
| 149ca71 | Andy Polyakov | 04 October 2011, 11:05:16 UTC | e_padlock-x86*.pl: Nano-related update. | 04 October 2011, 11:05:16 UTC |
| 4cc2bba | Dr. Stephen Henson | 01 October 2011, 20:42:52 UTC | Make fips algorithm test utilities use RESP_EOL for end of line character(s). This should be CRLF even under *nix. | 01 October 2011, 20:42:52 UTC |
| 04c3aa5 | Andy Polyakov | 01 October 2011, 10:44:51 UTC | e_padlock-x86.pl: previous C3-specific fix was incomplete. | 01 October 2011, 10:44:51 UTC |
| 3edc26a | Andy Polyakov | 01 October 2011, 10:16:13 UTC | e_padlock-x86.pl: make it work on VIA C3 (which doesn't support SSE2). | 01 October 2011, 10:16:13 UTC |
| 10465ac | Dr. Stephen Henson | 30 September 2011, 11:58:59 UTC | Never echo Num lines for PQGGen DSA2 test. | 30 September 2011, 11:58:59 UTC |
| 3f1ebb8 | Dr. Stephen Henson | 29 September 2011, 23:17:59 UTC | make depend | 29 September 2011, 23:17:59 UTC |
| 2bfeb7d | Dr. Stephen Henson | 29 September 2011, 23:08:23 UTC | Add FIPS selftests for ECDH algorithm. | 29 September 2011, 23:08:23 UTC |
| 55831cd | Dr. Stephen Henson | 29 September 2011, 18:22:37 UTC | Remove s = s * P deferral. | 29 September 2011, 18:22:37 UTC |
| 884c33b | Dr. Stephen Henson | 29 September 2011, 16:24:00 UTC | Check return codes properly. | 29 September 2011, 16:24:00 UTC |
| 54bb3f6 | Dr. Stephen Henson | 28 September 2011, 22:35:30 UTC | Fix output format for DSA2 parameter generation. | 28 September 2011, 22:35:30 UTC |
| 1127264 | Andy Polyakov | 27 September 2011, 19:34:40 UTC | bsaes-x86_64.pl: add due credit. | 27 September 2011, 19:34:40 UTC |
| fca38e3 | Dr. Stephen Henson | 26 September 2011, 17:04:32 UTC | fix signed/unsigned warning | 26 September 2011, 17:04:32 UTC |
| a846a7f | Dr. Stephen Henson | 25 September 2011, 22:12:39 UTC | Add a --disable-all option to disable all tests. | 25 September 2011, 22:12:39 UTC |
| bac3db9 | Dr. Stephen Henson | 25 September 2011, 22:04:43 UTC | Handle provable prime parameters for canonical g generation which are sometimes erroneously included. | 25 September 2011, 22:04:43 UTC |
| 4ec93a1 | Andy Polyakov | 25 September 2011, 15:31:51 UTC | Add bit-sliced AES x86_64 assembler, see http://homes.esat.kuleuven.be/~ekasper/#software for background information. It's not integrated into build system yet. | 25 September 2011, 15:31:51 UTC |
| d18a0df | Dr. Stephen Henson | 24 September 2011, 23:06:20 UTC | make sure eivlen is initialised | 24 September 2011, 23:06:20 UTC |
| 1579e65 | Dr. Stephen Henson | 23 September 2011, 21:48:34 UTC | use keyformat for -x509toreq, don't hard code PEM | 23 September 2011, 21:48:34 UTC |
| c2035bf | Dr. Stephen Henson | 23 September 2011, 13:39:23 UTC | PR: 2606 Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de> Reviewed by: steve Handle timezones correctly in UTCTime. | 23 September 2011, 13:39:23 UTC |
| 1d7392f | Dr. Stephen Henson | 23 September 2011, 13:34:48 UTC | PR: 2602 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS bug which prevents manual MTU setting | 23 September 2011, 13:34:48 UTC |
| 07dda89 | Dr. Stephen Henson | 23 September 2011, 13:12:25 UTC | PR: 2347 Submitted by: Tomas Mraz <tmraz@redhat.com> Reviewed by: steve Fix usage message. | 23 September 2011, 13:12:25 UTC |
| af70f1a | Dr. Stephen Henson | 23 September 2011, 01:03:37 UTC | Run PQGVer test before DSA2 tests. | 23 September 2011, 01:03:37 UTC |
| ddf00ff | Dr. Stephen Henson | 22 September 2011, 14:15:07 UTC | Typo. | 22 September 2011, 14:15:07 UTC |
| cb71870 | Dr. Stephen Henson | 22 September 2011, 14:01:25 UTC | Use function name FIPS_drbg_health_check() for health check function. Add explanatory comments to health check code. | 22 September 2011, 14:01:25 UTC |
| 456d883 | Dr. Stephen Henson | 21 September 2011, 18:42:12 UTC | Don't print out errors in cases where errors are expected: testing DSA parameter validity and EC public key validity. | 21 September 2011, 18:42:12 UTC |
