Commit Graph

1461 Commits

Author SHA1 Message Date
Geoff Thorpe
5ee6f96cea Paul Sheer optimised the OpenSSL to/from libGMP conversions for the case
where they both use the same limb size. I've tweaked his patch slightly, so
blame me if it breaks.

Submitted by: Paul Sheer
Reviewed by: Geoff Thorpe
2008-04-27 18:41:23 +00:00
Dr. Stephen Henson
3df9357103 Update CHANGES. 2008-04-02 11:44:00 +00:00
Dr. Stephen Henson
992e92a46e Update CHANGES. 2008-04-02 11:24:22 +00:00
Dr. Stephen Henson
eb9d8d8cd4 Support for verification of signed receipts. 2008-03-28 13:15:39 +00:00
Geoff Thorpe
f7ccba3edf There was a need to support thread ID types that couldn't be reliably cast
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
fd47c36136 Return error if no cipher set for encrypted data type.
Update CHANGES.
2008-03-15 00:02:23 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins...
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Bodo Möller
7c9882eb24 fix BIGNUM flag handling 2008-02-27 06:01:28 +00:00
Dr. Stephen Henson
7398053149 Experimental support for import of more options from Configure
(via top level Makefile) into mk1mf builds. This avoids the need
to duplicate the CFLAG handling and can auto build assembly language
source files from perl scripts.

Extend VC-WIN32 Configure entry to include new options.
2008-01-06 00:36:22 +00:00
Dr. Stephen Henson
76d761ccd3 Move CHANGES entry. Revert include file install line. 2008-01-03 22:57:50 +00:00
Dr. Stephen Henson
eef0c1f34c Netware support.
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Lutz Jänicke
11d01d371f Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f 2007-10-19 08:26:03 +00:00
Andy Polyakov
0d89e45690 Synchronize CHANGES between 0.9.8 and HEAD. 2007-10-13 10:55:30 +00:00
Dr. Stephen Henson
a6db6a0070 Update CHANGES. Keep ordinals consistent. 2007-10-12 00:15:09 +00:00
Andy Polyakov
0023adb47a Switch to bn-s390x (it's faster on keys longer than 512 bits) and mention
s390x assembler pack in CHANAGES.
2007-10-01 07:38:32 +00:00
Andy Polyakov
4c7c5ff667 ARMv4 assembler pack. 2007-09-27 07:09:46 +00:00
Dr. Stephen Henson
67c8e7f414 Support for certificate status TLS extension. 2007-09-26 21:56:59 +00:00
Bodo Möller
761772d7e1 Implement the Opaque PRF Input TLS extension
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way.  In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().

Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
2007-09-21 06:54:24 +00:00
Dr. Stephen Henson
a6fbcb4220 Change safestack reimplementation to match 0.9.8.
Fix additional gcc 4.2 value not used warnings.
2007-09-07 13:25:15 +00:00
Dr. Stephen Henson
81025661a9 Update ssl code to support digests other than MD5+SHA1 in handshake.
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
2007-08-31 12:42:53 +00:00
Dr. Stephen Henson
ec5d747328 Add Google sponsorship note. 2007-08-27 23:41:36 +00:00
Dr. Stephen Henson
ba0e826d83 Update from stable branch. 2007-08-23 22:59:09 +00:00
Dr. Stephen Henson
6434abbfc6 RFC4507 (including RFC4507bis) TLS stateless session resumption support
for OpenSSL.
2007-08-11 23:18:29 +00:00
Andy Polyakov
85a5668dba CHANGES update from 098-stable. 2007-06-20 17:46:43 +00:00
Dr. Stephen Henson
3c07d3a3d3 Finish gcc 4.2 changes. 2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
297e6f1917 Avoid use of function pointer casts in pem library. Modify safestack to
always use inline functions.
2007-06-04 17:53:04 +00:00
Dr. Stephen Henson
b948e2c59e Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. 2007-06-04 17:04:40 +00:00
Bodo Möller
19f6c524bf Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 2007-05-22 09:47:43 +00:00
Ben Laurie
69ab085290 More IGE speedup. 2007-05-13 15:14:38 +00:00
Ben Laurie
5f09d0ecc2 AES IGE mode speedup. 2007-05-13 12:57:59 +00:00
Bodo Möller
96afc1cfd5 Add SEED encryption algorithm.
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
9cfc8a9d5c Update smime utility to support streaming for -encrypt and -sign -nodetach
options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.

These all process content on the fly without storing it all in memory.
2007-04-13 01:06:41 +00:00
Dr. Stephen Henson
2022cfe07e New -mac and -macopt options to dgst utility. Reimplement -hmac option in
terms of new API.
2007-04-11 17:20:40 +00:00
Dr. Stephen Henson
47b71e6ee9 Update CHANGES. 2007-04-11 12:33:28 +00:00
Dr. Stephen Henson
d952c79a7b New -sigopt option for dgst utility. 2007-04-08 12:47:18 +00:00
Bodo Möller
b002265ee3 make BN_FLG_CONSTTIME semantics more fool-proof 2007-03-28 18:41:23 +00:00
Bodo Möller
bd31fb2145 Change to mitigate branch prediction attacks
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2007-03-28 00:15:28 +00:00
Bodo Möller
0f32c841a6 stricter session ID context matching 2007-03-21 14:33:16 +00:00
Bodo Möller
dd2b6750db include complete 0.9.7 history
include release date of 0.9.8e
2007-02-26 10:49:59 +00:00
Lutz Jänicke
8d72476e2b Extend SMTP and IMAP protocol handling to perform the required
EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
2007-02-21 18:20:41 +00:00
Dr. Stephen Henson
a2e623c011 Update from 0.9.7-stable. 2007-02-21 13:49:35 +00:00
Bodo Möller
fd5bc65cc8 Improve ciphersuite order stability when disabling ciphersuites.
Change ssl_create_cipher_list() to prefer ephemeral ECDH over
ephemeral DH.
2007-02-20 16:36:58 +00:00
Bodo Möller
0a05123a6c Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.

Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".
2007-02-19 18:41:41 +00:00
Bodo Möller
52b8dad8ec Reorganize the data used for SSL ciphersuite pattern matching.
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).

In some cases the ciphersuite list generated from a given string is
affected by this change.  I hope this is just in those cases where the
previous behaviour did not make sense.
2007-02-17 06:45:38 +00:00
Nils Larsch
357d5de5b9 add support for DSA with SHA2 2007-02-03 14:41:12 +00:00
Dr. Stephen Henson
11d8cdc6ad Experimental streaming PKCS#7 support.
I thought it was about time I dusted this off. This stuff had been sitting on
my hard drive for *ages* (2003 in fact). Hasn't been tested well and may not
work properly.

Nothing uses it at present which is just as well.

Think of this as a traditional Christmas present which looks far more
impressive in the adverts and on the box, some of the bits are missing and
falls to bits if you play with it too much.
2006-12-24 16:22:56 +00:00
Nils Larsch
fec38ca4ed fix typos
PR: 1354, 1355, 1398, 1408
2006-12-21 21:13:27 +00:00
Nils Larsch
06e2dd037e add support for ecdsa-with-sha256 etc. 2006-12-20 08:58:54 +00:00
Bodo Möller
772e3c07b4 Fix the BIT STRING encoding of EC points or parameter seeds
(need to prevent the removal of trailing zero bits).
2006-12-19 15:11:37 +00:00
Bodo Möller
1e24b3a09e fix support for receiving fragmented handshake messages 2006-11-29 14:45:50 +00:00
Ben Laurie
96ea4ae91c Add RFC 3779 support. 2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
de12116417 Initial, incomplete support for typesafe macros without using function
casts.
2006-11-16 00:19:39 +00:00
Andy Polyakov
3189772e07 Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even
recent mingw modifications.
2006-10-23 07:38:30 +00:00
Bodo Möller
3c5406b35c All 0.9.8d patches have been applied to HEAD now, so we no longer need
the redundant entries under the 0.9.9 heading.
2006-09-28 13:50:41 +00:00
Bodo Möller
61118caa86 include 0.9.8d and 0.9.7l information 2006-09-28 13:35:01 +00:00
Mark J. Cox
348be7ec60 Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]
2006-09-28 13:20:44 +00:00
Mark J. Cox
3ff55e9680 Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 13:18:43 +00:00
Dr. Stephen Henson
010fa0b331 Tidy up CRL handling by checking for critical extensions when it is
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.

Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
2006-09-21 12:42:15 +00:00
Dr. Stephen Henson
5d20c4fb35 Overhaul of by_dir code to handle dynamic loading of CRLs. 2006-09-17 17:16:28 +00:00
Dr. Stephen Henson
bc7535bc7f Support for AKID in CRLs and partial support for IDP. Overhaul of CRL
handling to support this.
2006-09-14 17:25:02 +00:00
Bodo Möller
b6699c3f07 Update 2006-09-12 14:42:19 +00:00
Bodo Möller
ed65f7dc34 ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
ciphersuite as well
2006-09-11 09:49:03 +00:00
Bodo Möller
6a2c471077 Every change so far that is in the 0.9.8 branch is (or should be) in HEAD 2006-09-06 06:34:52 +00:00
Mark J. Cox
b79aa05e3b Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)

Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
2006-09-05 08:58:03 +00:00
Ben Laurie
aa6d1a0c19 Forward port of IGE mode. 2006-08-31 14:04:04 +00:00
Dr. Stephen Henson
f6e7d01450 Support for multiple CRLs with same issuer name in X509_STORE. Modify
verify logic to try to use an unexpired CRL if possible.
2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
edc540211c Cache some CRL related extensions. 2006-07-24 12:39:22 +00:00
Dr. Stephen Henson
450ea83495 Store canonical encodings of Name structures. Update X509_NAME_cmp() to use
them.
2006-07-18 12:36:19 +00:00
Dr. Stephen Henson
454dbbc593 Add -timeout option to ocsp utility. 2006-07-17 13:26:54 +00:00
Dr. Stephen Henson
c1c6c0bf45 New non-blocking OCSP functionality. 2006-07-17 12:18:28 +00:00
Dr. Stephen Henson
b7683e3a5d Allow digests to supply S/MIME micalg values from a ctrl.
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
2006-07-10 18:36:55 +00:00
Dr. Stephen Henson
0ee2166cc5 New functions to add and free up application defined signature OIDs. 2006-07-09 16:05:43 +00:00
Dr. Stephen Henson
5ba4bf35c5 New functions to enumerate digests and ciphers. 2006-07-09 00:53:45 +00:00
Bodo Möller
e34aa5a3b3 always read in RAND_poll() if we can't use select because of a too
large FD: it's non-blocking mode anyway
2006-06-28 14:50:12 +00:00
Richard Levitte
27a3d9f9aa Use poll() when possible to gather Unix randomness entropy 2006-06-27 06:31:34 +00:00
Bodo Möller
48fc582f66 New functions CRYPTO_set_idptr_callback(),
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.
2006-06-23 15:21:36 +00:00
Bodo Möller
81de1028bc Change in 0.9.8 branch:
Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)
2006-06-22 12:37:28 +00:00
Bodo Möller
850815cb6e Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch) 2006-06-20 08:50:42 +00:00
Bodo Möller
c4e7870ac1 Change array representation of binary polynomials to make GF2m part of
the BN library more generally useful.

Submitted by: Douglas Stebila
2006-06-18 22:00:57 +00:00
Bodo Möller
5b57fe0a1e Disable invalid ciphersuites 2006-06-14 17:51:46 +00:00
Bodo Möller
89bbe14c50 Ciphersuite string bugfixes, and ECC-related (re-)definitions. 2006-06-14 17:40:31 +00:00
Bodo Möller
675f605d44 Thread-safety fixes 2006-06-14 08:55:23 +00:00
Bodo Möller
f3dea9a595 Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Dr. Stephen Henson
fb7b393278 Output MIME parameter micalg according to RFC3851 and RFC4490 instead of hard
coding it to "sha1".
2006-06-06 13:27:36 +00:00
Dr. Stephen Henson
01b8b3c7d2 Complete EVP_PKEY_ASN1_METHOD ENGINE support. 2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
de9fcfe348 Initial public key ASN1 method engine support. Not integrated yet. 2006-06-02 17:52:27 +00:00
Dr. Stephen Henson
c9777d2659 Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE
implementations and functional reference counting when a context
is allocated, free or copied.
2006-06-02 12:33:39 +00:00
Dr. Stephen Henson
58aa573ac2 Add engine table for EVP_PKEY_METHOD. Doesn't do much yet. 2006-06-01 11:38:50 +00:00
Dr. Stephen Henson
91c9e62123 New functions for enchanced digest sign/verify. 2006-05-24 17:30:09 +00:00
Dr. Stephen Henson
5531192151 Add -resign and -md options to smime command to support resigning an
existing structure and using alternative digest for signing.
2006-05-18 23:44:44 +00:00
Dr. Stephen Henson
a6e7fcd140 Multiple signer support in smime application. 2006-05-18 12:41:28 +00:00
Dr. Stephen Henson
121dd39f9f New option to pkcs12 utility to set alternative MAC digest algorithm. 2006-05-17 18:46:22 +00:00
Dr. Stephen Henson
6d3a1eac3b Add PRF preference ctrl to ciphers. 2006-05-15 18:35:13 +00:00
Dr. Stephen Henson
b8f702a0af Change builting PBE to use static table. Add entries for HMAC and MD5, GOST. 2006-05-15 17:34:36 +00:00
Dr. Stephen Henson
856640b54f Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-14 18:40:53 +00:00
Dr. Stephen Henson
34b3c72e4e Typo. 2006-05-14 16:50:22 +00:00
Dr. Stephen Henson
959e8dfe06 Update 'req' command to use new keygen API. 2006-05-11 21:39:00 +00:00
Dr. Stephen Henson
399a6f0bd1 Update PKCS#7 enveloped data to new API. 2006-05-08 12:44:25 +00:00