Dr. Stephen Henson
3b3674ae58
Merge branch 'OpenSSL_1_0_1-stable' of openssl.net:openssl into OpenSSL_1_0_1-stable
2013-01-13 23:01:43 +00:00
Ben Laurie
9d75e765bc
Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955).
2013-01-13 23:00:46 +00:00
Ben Laurie
bf07bd4d61
Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955).
2013-01-12 15:13:40 +00:00
Dr. Stephen Henson
296cc7f4b8
Update debug-steve64
2013-01-07 16:24:58 +00:00
Dr. Stephen Henson
3d92984689
Add .gitignore
2013-01-07 16:23:00 +00:00
Dr. Stephen Henson
51447d5db5
In FIPS mode use PKCS#8 format when writing private keys:
...
traditional format uses MD5 which is prohibited in FIPS mode.
2013-01-07 16:19:28 +00:00
Dr. Stephen Henson
1dcf520fe2
Change default bits to 1024
2013-01-07 16:18:57 +00:00
Dr. Stephen Henson
fca84dabe6
make no-comp compile
2012-12-30 16:05:11 +00:00
Dr. Stephen Henson
3ea1e13569
add missing \n
2012-12-23 18:19:28 +00:00
Andy Polyakov
dd6639bd3a
VC-32.pl: fix typo [from HEAD].
...
Submitted by: Pierre Delaage
2012-12-16 19:41:57 +00:00
Ben Laurie
bee0550397
Documentation improvements by Chris Palmer (Google).
2012-12-14 13:29:51 +00:00
Ben Laurie
fc57c58c81
Document -pubkey option.
2012-12-13 16:08:17 +00:00
Ben Laurie
5bb6d96558
Make verify return errors.
2012-12-13 15:48:42 +00:00
Ben Laurie
28e1bd35bd
Add 64 bit target.
2012-12-13 15:46:46 +00:00
Dr. Stephen Henson
dd83cc298d
Fix two bugs which affect delta CRL handling:
...
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
2012-12-06 18:25:03 +00:00
Andy Polyakov
ea00598596
aes-s390x.pl: fix XTS bugs in z196-specific code path [from HEAD].
2012-12-05 17:45:24 +00:00
Dr. Stephen Henson
a650314f72
check mval for NULL too
2012-12-04 17:26:13 +00:00
Dr. Stephen Henson
54fdc39a08
fix leak
2012-12-03 16:33:24 +00:00
Andy Polyakov
7dc98a62b2
aes-s389x.pl: harmonize software-only code path [from HEAD].
2012-12-01 11:11:12 +00:00
Dr. Stephen Henson
f20ba1c9bb
PR: 2803
...
Submitted by: jean-etienne.schwartz@bull.net
In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
2012-11-29 19:15:36 +00:00
Dr. Stephen Henson
7c3562947a
reject zero length point format list or supported curves extensions
2012-11-22 14:15:25 +00:00
Dr. Stephen Henson
eb3a3911fc
PR: 2908
...
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>
Fix DH double free if parameter generation fails.
2012-11-21 14:02:21 +00:00
Dr. Stephen Henson
540f7c75ef
fix leaks
2012-11-20 00:28:56 +00:00
Dr. Stephen Henson
d6342aab08
correct docs
2012-11-19 20:07:05 +00:00
Dr. Stephen Henson
e7b85bc402
PR: 2880
...
Submitted by: "Florian Rüchel" <florian.ruechel@ruhr-uni-bochum.de>
Correctly handle local machine keys in the capi ENGINE.
2012-11-18 15:21:02 +00:00
Dr. Stephen Henson
07eaaab2f6
add "missing" TLSv1.2 cipher alias
2012-11-15 19:15:20 +00:00
Dr. Stephen Henson
96f7fafa24
Don't require tag before ciphertext in AESGCM mode
2012-10-16 22:46:40 +00:00
Andy Polyakov
487a0df700
aix[64]-cc: get MT support right [from HEAD].
...
PR: 2896
2012-10-16 08:16:25 +00:00
Bodo Möller
09ef5f6258
Fix EC_KEY initialization race.
...
Submitted by: Adam Langley
2012-10-05 20:51:12 +00:00
Bodo Möller
bcc0e4ca7c
Fix Valgrind warning.
...
Submitted by: Adam Langley
2012-09-24 19:49:42 +00:00
Richard Levitte
caac8fefdc
* Configure: make the debug-levitte-linux{elf,noasm} less extreme.
2012-09-24 18:49:04 +00:00
Dr. Stephen Henson
353e845120
Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate
...
change the current certificate (in s->cert->key) to the one used and then
SSL_get_certificate and SSL_get_privatekey will automatically work.
Note for 1.0.1 and earlier also includes backport of the function
ssl_get_server_send_pkey.
2012-09-21 14:01:59 +00:00
Richard Levitte
d1451f18d9
* ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug. Fortunately in
...
debugging code that's seldom used.
2012-09-21 13:08:28 +00:00
Bodo Möller
c3a5b7b82a
Fix warning.
...
Submitted by: Chromium Authors
2012-09-17 17:24:44 +00:00
Ben Laurie
70d91d60bc
Call OCSP Stapling callback after ciphersuite has been chosen, so the
...
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent.
See http://rt.openssl.org/Ticket/Display.html?id=2836 .
2012-09-17 14:39:38 +00:00
Andy Polyakov
bc78883017
e_aes.c: uninitialized variable in aes_ccm_init_key [from HEAD].
...
PR: 2874
Submitted by: Tomas Mraz
2012-09-15 08:46:31 +00:00
Dr. Stephen Henson
f929f201fb
fix memory leak
2012-09-11 13:44:38 +00:00
Andy Polyakov
554cf97f03
bn_lcl.h: gcc removed support for "h" constraint, which broke inline
...
assembler [from HEAD].
2012-09-01 13:23:05 +00:00
Dr. Stephen Henson
48ccbeefda
Don't load GOST ENGINE if it is already loaded.
...
Multiple copies of the ENGINE will cause problems when it is cleaned up as
the methods are stored in static structures which will be overwritten and
freed up more than once.
Set static methods to NULL when the ENGINE is freed so it can be reloaded.
2012-09-01 11:29:52 +00:00
Dr. Stephen Henson
7a217076d9
PR: 2786
...
Reported by: Tomas Mraz <tmraz@redhat.com>
Treat a NULL value passed to drbg_free_entropy callback as non-op. This
can happen if the call to fips_get_entropy fails.
2012-08-22 22:42:04 +00:00
Andy Polyakov
0720bf7df1
sha1-armv4-large.pl: comply with ABI [from HEAD].
2012-08-17 19:59:49 +00:00
Andy Polyakov
9d6727781d
aes-mips.pl: harmonize with fips module.
...
PR: 2863
Submitted by: Duane Sand
2012-08-17 09:02:40 +00:00
Bodo Möller
12c1621523
Enable message names for TLS 1.1, 1.2 with -msg.
2012-08-16 13:43:37 +00:00
Andy Polyakov
f9b48d60f2
gosthash.c: use memmove in circle_xor8, as input pointers can be equal
...
[from HEAD].
PR: 2858
2012-08-13 16:38:43 +00:00
Andy Polyakov
5c29127666
./Configure: libcrypto.a can grow to many GB on Solaris 10, because of ar bug
...
[from HEAD].
PR: 2838
2012-08-13 16:18:59 +00:00
Andy Polyakov
78d767f5ec
gcm128.c: fix AAD-only case with AAD length not divisible by 16 [from HEAD].
...
PR: 2859
Submitted by: John Foley
2012-08-13 15:32:18 +00:00
Richard Levitte
c8b979e929
Add evp_cnf in the build.
2012-07-05 12:58:27 +00:00
Dr. Stephen Henson
2beaa91ca7
update NEWS
2012-07-05 11:49:56 +00:00
Richard Levitte
efa288ceac
Have the new names start in column 48, that makes it easy to see when
...
the 31 character limit is reached (on a 80 column display, do the math)
2012-07-05 09:00:49 +00:00
Richard Levitte
ad3bbd4a16
Cosmetics: remove duplicate symbol in crypto/symhacks.h
2012-07-05 08:49:30 +00:00