wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9691 commits 20 branches 302 tags 153 MiB
Commit graph

9691 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
decef971f4 add -stripcr option to copy.pl from 0.9.8 2011-02-03 14:58:02 +00:00
Bodo Möller
a288aaefc4 Assorted bugfixes: 
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check

Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
 2011-02-03 12:03:57 +00:00
Bodo Möller
eed56c77b4 fix omission 2011-02-03 11:19:52 +00:00
Bodo Möller
346601bc32 CVE-2010-4180 fix (from OpenSSL_1_0_0-stable) 2011-02-03 10:42:00 +00:00
Dr. Stephen Henson
5080fbbef0 Since FIPS 186-3 specifies we use the leftmost bits of the digest 
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
 2011-02-01 12:53:47 +00:00
Dr. Stephen Henson
b5b724348d stop warnings about no previous prototype when compiling shared engines 2011-01-30 01:55:29 +00:00
Dr. Stephen Henson
c3ee90d8ca FIPS mode changes to make RNG compile (this will need updating later as we 
need a whole new PRNG for FIPS).

1. avoid use of ERR_peek().

2. If compiling with FIPS use small FIPS EVP and disable ENGINE
 2011-01-26 14:55:23 +00:00
Dr. Stephen Henson
e1435034ae FIPS_allow_md5() no longer exists and is no longer required 2011-01-26 12:25:51 +00:00
Richard Levitte
bf35c5dc7f Add rsa_crpt 2011-01-26 06:32:22 +00:00
Dr. Stephen Henson
c42d223ac2 Move RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate 
crypto and ENGINE dependencies in RSA library.
 2011-01-25 17:43:20 +00:00
Dr. Stephen Henson
d5654d2b20 Move BN_options function to bn_print.c to remove dependency for BIO printf 
routines from bn_lib.c
 2011-01-25 17:10:42 +00:00
Dr. Stephen Henson
a7508fec1a Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of 
DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().
 2011-01-25 16:55:27 +00:00
Dr. Stephen Henson
c31945e682 recalculate DSA signature if r or s is zero (FIPS 186-3 requirement) 2011-01-25 16:02:27 +00:00
Dr. Stephen Henson
d3203b931e PR: 2433 
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve

Constify ASN1_STRING_set_default_mask_asc().
 2011-01-24 16:20:05 +00:00
Dr. Stephen Henson
947f4e90c3 New function EC_KEY_set_affine_coordinates() this performs all the 
NIST PKV tests.
 2011-01-24 16:09:57 +00:00
Dr. Stephen Henson
d184c7b271 check EC public key isn't point at infinity 2011-01-24 15:07:47 +00:00
Dr. Stephen Henson
913488c066 PR: 1612 
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve

Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
 2011-01-24 14:41:49 +00:00
Dr. Stephen Henson
7fa27d9ac6 Add additional parameter to dsa_builtin_paramgen to output the generated 
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.

The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
 2011-01-19 14:46:42 +00:00
Dr. Stephen Henson
c341b9cce5 add va_list version of ERR_add_error_data 2011-01-14 15:13:59 +00:00
Dr. Stephen Henson
bbbf0d45ba stop warning with no-engine 2011-01-13 15:42:47 +00:00
Richard Levitte
114c402d9e PR: 2425 
Synchronise VMS build with Unixly build.
 2011-01-10 20:55:27 +00:00
Dr. Stephen Henson
d51519eba4 add buf_str.c file 2011-01-09 13:30:58 +00:00
Dr. Stephen Henson
e650f9988b move some string utilities to buf_str.c to reduce some dependencies (from 0.9.8 branch). 2011-01-09 13:30:34 +00:00
Dr. Stephen Henson
8ed8454115 add X9.31 prime generation routines from 0.9.8 branch 2011-01-09 13:22:47 +00:00
Richard Levitte
6e101bebb1 PR: 2407 
Fix fault include.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
 2011-01-06 20:56:04 +00:00
Dr. Stephen Henson
4577b38d22 Don't use decryption_failed alert for TLS v1.1 or later. 2011-01-04 19:39:42 +00:00
Dr. Stephen Henson
a8515e2d28 Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed 
alert.
 2011-01-04 19:33:30 +00:00
Dr. Stephen Henson
964e91052e oops missed an assert 2011-01-03 12:52:11 +00:00
Dr. Stephen Henson
4e55e69bff PR: 2411 
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Fix corner cases in RFC3779 code.
 2011-01-03 01:40:45 +00:00
Dr. Stephen Henson
e501dbb658 Fix escaping code for string printing. If *any* escaping is enabled we 
must escape the escape character itself (backslash).
 2011-01-03 01:30:58 +00:00
Dr. Stephen Henson
20e505e4b7 PR: 2410 
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Use OPENSSL_assert() instead of assert().
 2011-01-03 01:22:27 +00:00
Dr. Stephen Henson
291a26e6e3 PR: 2413 
Submitted by: Michael Bergandi <mbergandi@gmail.com>
Reviewed by: steve

Fix typo in crypto/bio/bss_dgram.c
 2011-01-03 01:07:20 +00:00
Dr. Stephen Henson
0383911887 PR: 2416 
Submitted by: Mark Phalan <mark.phalan@oracle.com>
Reviewed by: steve

Use L suffix in version number.
 2011-01-03 00:26:21 +00:00
Richard Levitte
a5c5eb77b5 Part of the IF structure didn't get pasted here... 
PR: 2393
 2010-12-14 21:44:33 +00:00
Richard Levitte
90d02be7c5 First attempt at adding the possibility to set the pointer size for the builds on VMS. 
PR: 2393
 2010-12-14 19:18:58 +00:00
Andy Polyakov
04221983ac bss_file.c: refine UTF8 logic [from HEAD]. 
PR: 2382
 2010-12-11 14:54:48 +00:00
Dr. Stephen Henson
dfda027ae8 ignore leading null fields 2010-12-03 19:31:23 +00:00
Dr. Stephen Henson
21b5a79121 update FAQ 2010-12-02 19:56:03 +00:00
Dr. Stephen Henson
411a388c62 PR: 2386 
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Correct SKM_ASN1_SET_OF_d2i macro.
 2010-12-02 18:02:14 +00:00
Dr. Stephen Henson
61c10d42f6 fix doc typos 2010-12-02 13:45:25 +00:00
Dr. Stephen Henson
68ecfb69a5 use consistent FAQ between version 2010-12-02 00:11:21 +00:00
Andy Polyakov
e62fee8eb3 Configure: make -mno-cygwin optional on mingw platforms [from HEAD]. 
PR: 2381
 2010-11-30 22:18:46 +00:00
Dr. Stephen Henson
5566d49103 PR: 2385 
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Zero key->pkey.ptr after it is freed so the structure can be reused.
 2010-11-30 19:45:31 +00:00
Richard Levitte
48337a4a35 Better method for creating SSLROOT:. 
Make sure to include the path to evptest.txt.
 2010-11-29 22:27:18 +00:00
Dr. Stephen Henson
2c5c4fca14 apply J-PKAKE fix to HEAD (original by Ben) 2010-11-29 18:33:28 +00:00
Dr. Stephen Henson
4fab95ed20 Some of the MS_STATIC use in crypto/evp is a legacy from the days when 
EVP_MD_CTX was much larger: it isn't needed anymore.
 2010-11-27 17:35:56 +00:00
Dr. Stephen Henson
6c36ca4628 PR: 2240 
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve

As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.
 2010-11-25 12:27:39 +00:00
Dr. Stephen Henson
9c61c57896 using_ecc doesn't just apply to TLSv1 2010-11-25 11:51:46 +00:00
Dr. Stephen Henson
a618011ca1 add "missing" functions to copy EVP_PKEY_METHOD and examine info 2010-11-24 16:07:45 +00:00
Dr. Stephen Henson
95eef4df79 use generalised mac API for SSL key generation 2010-11-24 13:17:48 +00:00