Commit graph

12255 commits

Author SHA1 Message Date
Andy Polyakov
f5b798f50c Add GHASH for PowerISA 2.0.7.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-20 14:14:26 +02:00
Dr. Stephen Henson
03c075e572 Windows build fixes.
Add cmac.h to mkdef.pl
Remove ENGINE_load_rsax from engine.h: no longer built.
Update ordinals
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-19 22:57:37 +01:00
Dr. Stephen Henson
f8c03d4dbf Fix documentation for RSA_set_method(3)
PR#1675
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-07-19 22:57:37 +01:00
Mike Bland
b2e50bcd0e Check the test registry size during add_test()
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-19 19:24:36 +01:00
Mike Bland
50bba6852d Update heartbeat_test #includes
ssl/ssl_locl.h now comes first to ensure that it will compile standalone.
test/testutil.h is considered to be in the same directory as the test file,
since the test file will be linked into test/ and built there.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-19 19:24:35 +01:00
Mike Bland
6017a55143 Use testutil registry in heartbeat_test
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-19 19:24:35 +01:00
Mike Bland
5e3de8e609 test/testutil.c test registry functions.
These help standardize the structure of main() and result reporting.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-19 19:24:35 +01:00
Dr. Stephen Henson
d31fed73e2 RFC 5649 support.
Add support for RFC5649 key wrapping with padding.

Add RFC5649 tests to evptests.txt

Based on PR#3434 contribution by Petr Spacek <pspacek@redhat.com>.

EVP support and minor changes added by Stephen Henson.

Doxygen comment block updates by Tim Hudson.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-18 21:37:13 +01:00
Dr. Stephen Henson
58f4698f67 Make *Final work for key wrap again.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-17 23:29:14 +01:00
Dr. Stephen Henson
d12eef1501 Sanity check lengths for AES wrap algorithm.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-17 12:57:40 +01:00
Jeffrey Walton
d48e78f0cf Fix typo, add reference.
PR#3456
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-07-17 12:07:37 +01:00
Matt Caswell
2097a17c57 Disabled XTS mode in enc utility as it is not supported
PR#3442

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-07-16 20:59:35 +01:00
Andy Polyakov
e91718e80d Revert "Add GHASH for PowerISA 2.07."
This reverts commit 927f2e5dea.
2014-07-16 13:38:15 +02:00
Andy Polyakov
6cd13f70bb Revert "Engage GHASH for PowerISA 2.07."
This reverts commit 14aaf883d9.
2014-07-16 13:37:37 +02:00
Andy Polyakov
14aaf883d9 Engage GHASH for PowerISA 2.07. 2014-07-16 08:03:34 +02:00
Andy Polyakov
927f2e5dea Add GHASH for PowerISA 2.07. 2014-07-16 08:01:41 +02:00
Matt Caswell
3bd548192a Add Matt Caswell's fingerprint, and general update on the fingerprints file to bring it up to date
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-15 23:13:37 +01:00
Dr. Stephen Henson
ca2015a617 Clarify -Verify and PSK.
PR#3452
2014-07-15 20:22:39 +01:00
Dr. Stephen Henson
c8d710dc5f Fix DTLS certificate requesting code.
Use same logic when determining when to expect a client
certificate for both TLS and DTLS.

PR#3452
2014-07-15 18:23:13 +01:00
Dr. Stephen Henson
199772e534 Don't allow -www etc options with DTLS.
The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.

PR#3453
2014-07-15 12:32:41 +01:00
Rich Salz
6c0a1e2f8c Merge branch 'master' of git.openssl.org:openssl 2014-07-15 00:05:43 -04:00
Dr. Stephen Henson
1c3e9a7c67 Use case insensitive compare for servername.
PR#3445
2014-07-14 23:59:13 +01:00
Hubert Kario
7efd0e777e document -nextprotoneg option in man pages
Add description of the option to advertise support of
Next Protocol Negotiation extension (-nextprotoneg) to
man pages of s_client and s_server.

PR#3444
2014-07-14 23:42:59 +01:00
Dr. Stephen Henson
ec5a992cde Use more common name for GOST key exchange. 2014-07-14 18:31:55 +01:00
Dr. Stephen Henson
aa224e9719 Fix typo. 2014-07-14 18:31:55 +01:00
Rich Salz
9d6253cfd3 Add tags/TAGS; approved by tjh 2014-07-14 11:27:16 -04:00
Matt Caswell
f8571ce822 Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415
2014-07-13 22:17:39 +01:00
Peter Mosmans
924e5eda2c Add names of GOST algorithms.
PR#3440
2014-07-13 18:30:07 +01:00
Richard Levitte
8b5dd34091 * crypto/ui/ui_lib.c: misplaced brace in switch statement.
Detected by dcruette@qualitesys.com
2014-07-13 19:11:46 +02:00
Ben Laurie
c1d1b0114e Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259). 2014-07-10 17:49:02 +01:00
Matt Caswell
66816c53be Fix memory leak in BIO_free if there is no destroy function.
Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com>

PR#3439
2014-07-09 23:29:17 +01:00
Andy Polyakov
1b0fe79f3e x86_64 assembly pack: improve masm support. 2014-07-09 20:08:01 +02:00
Andy Polyakov
d11c70b2c2 Please Clang's sanitizer, addendum. 2014-07-08 23:06:59 +02:00
Andy Polyakov
021e5043e5 Please Clang's sanitizer.
PR: #3424,#3423,#3422
2014-07-08 22:24:44 +02:00
Andy Polyakov
c4f8efab34 apps/speed.c: fix compiler warnings in multiblock_speed(). 2014-07-07 17:02:26 +02:00
Andy Polyakov
07b635cceb sha[1|512]-x86_64.pl: fix logical errors with $shaext=0. 2014-07-07 17:01:07 +02:00
David Lloyd
9d23f422a3 Prevent infinite loop loading config files.
PR#2985
2014-07-07 13:19:57 +01:00
Viktor Dukhovni
b73ac02735 Improve X509_check_host() documentation.
Based on feedback from Jeffrey Walton.
2014-07-07 20:34:06 +10:00
Viktor Dukhovni
297c67fcd8 Update API to use (char *) for email addresses and hostnames
Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
2014-07-07 19:11:38 +10:00
Dr. Stephen Henson
ee724df75d Usage for -hack and -prexit -verify_return_error 2014-07-06 22:42:50 +01:00
Dr. Stephen Henson
cba3f1c739 Document certificate status request options. 2014-07-06 22:40:01 +01:00
Dr. Stephen Henson
a44f219c00 s_server usage for certificate status requests 2014-07-06 22:40:01 +01:00
Dr. Stephen Henson
5ecf1141a5 Sanity check keylength in PVK files.
PR#2277
2014-07-06 00:36:16 +01:00
Jeffrey Walton
75b7606881 Added reference to platform specific cryptographic acceleration such as AES-NI 2014-07-06 00:03:13 +01:00
Matt Caswell
fd9e244370 Fixed error in pod files with latest versions of pod2man 2014-07-06 00:03:13 +01:00
Andy Polyakov
7eb9680ae1 sha512-x86_64.pl: fix typo.
PR: #3431
2014-07-05 23:59:57 +02:00
Andy Polyakov
0e7a32b55e s3_pkt.c: fix typo. 2014-07-05 23:56:54 +02:00
Andy Polyakov
375a64e349 apps/speed.c: add multi-block benchmark. 2014-07-05 23:53:55 +02:00
Alan Hryngle
fdea4fff8f Return smaller of ret and f.
PR#3418.
2014-07-05 22:37:41 +01:00
Viktor Dukhovni
ced3d9158a Set optional peername when X509_check_host() succeeds.
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.
2014-07-06 01:50:50 +10:00