Commit graph

11284 commits

Author SHA1 Message Date
Matt Caswell
b11c24110c Add Matt Caswell's fingerprint, and general update on the fingerprints file to bring it up to date
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 3bd548192a)
2014-07-15 23:22:49 +01:00
Dr. Stephen Henson
beac6cb5aa Clarify -Verify and PSK.
PR#3452
(cherry picked from commit ca2015a617)
2014-07-15 20:23:25 +01:00
Dr. Stephen Henson
666a597ffb Fix DTLS certificate requesting code.
Use same logic when determining when to expect a client
certificate for both TLS and DTLS.

PR#3452
(cherry picked from commit c8d710dc5f)
2014-07-15 18:23:35 +01:00
Dr. Stephen Henson
d4dbabb814 Don't allow -www etc options with DTLS.
The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.

PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)
2014-07-15 12:25:19 +01:00
Dr. Stephen Henson
c71e37aa6c Use case insensitive compare for servername.
PR#3445
(cherry picked from commit 1c3e9a7c67)
2014-07-14 23:59:58 +01:00
Hubert Kario
cdae9a58e6 document -nextprotoneg option in man pages
Add description of the option to advertise support of
Next Protocol Negotiation extension (-nextprotoneg) to
man pages of s_client and s_server.

PR#3444
(cherry picked from commit 7efd0e777e)
2014-07-14 23:43:21 +01:00
Dr. Stephen Henson
fa2b54c83a Use more common name for GOST key exchange.
(cherry picked from commit 7aabd9c92fe6f0ea2a82869e5171dcc4518cee85)
2014-07-14 18:31:55 +01:00
Matt Caswell
14b5d0d029 Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415

(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
2014-07-13 22:20:15 +01:00
Peter Mosmans
2fbd94252a Add names of GOST algorithms.
PR#3440
(cherry picked from commit 924e5eda2c)
2014-07-13 18:31:09 +01:00
Richard Levitte
5b9188454b * crypto/ui/ui_lib.c: misplaced brace in switch statement.
Detected by dcruette@qualitesys.com

(cherry picked from commit 8b5dd34091)
2014-07-13 19:13:38 +02:00
Ben Laurie
5e189b4b8d Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259).
(cherry picked from commit c1d1b0114e)
2014-07-10 17:49:53 +01:00
Matt Caswell
23bd628735 Fix memory leak in BIO_free if there is no destroy function.
Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com>

PR#3439

(cherry picked from commit 66816c53be)
2014-07-09 23:32:18 +01:00
Andy Polyakov
371feee876 x86_64 assembly pack: improve masm support.
(cherry picked from commit 1b0fe79f3e)
2014-07-09 22:46:13 +02:00
Andy Polyakov
f50f0c6aa3 Please Clang's sanitizer, addendum.
(cherry picked from commit d11c70b2c2)
2014-07-09 22:45:52 +02:00
Andy Polyakov
2064e2db08 Please Clang's sanitizer.
PR: #3424,#3423,#3422
(cherry picked from commit 021e5043e5)
2014-07-09 22:45:38 +02:00
Andy Polyakov
de222838fe apps/speed.c: fix compiler warnings in multiblock_speed().
(cherry picked from commit c4f8efab34)
2014-07-07 17:03:27 +02:00
Andy Polyakov
0ad2a0a303 sha[1|512]-x86_64.pl: fix logical errors with $shaext=0.
(cherry picked from commit 07b635cceb)
2014-07-07 17:02:00 +02:00
David Lloyd
2cb761c1f4 Prevent infinite loop loading config files.
PR#2985
(cherry picked from commit 9d23f422a3)
2014-07-07 13:54:11 +01:00
Viktor Dukhovni
3ebcecf5c4 Improve X509_check_host() documentation.
Based on feedback from Jeffrey Walton.

(cherry picked from commit b73ac02735)
2014-07-07 20:35:49 +10:00
Viktor Dukhovni
e83c913723 Update API to use (char *) for email addresses and hostnames
Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().

(cherry picked from commit 297c67fcd8)
2014-07-07 19:20:34 +10:00
Viktor Dukhovni
55fe56837a Set optional peername when X509_check_host() succeeds.
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.

(cherry picked from commit ced3d9158a)
2014-07-07 19:20:34 +10:00
Viktor Dukhovni
1eb57ae2b7 New peername element in X509_VERIFY_PARAM_ID
Declaration, memory management, accessor and documentation.

(cherry picked from commit 6e661d458f)
2014-07-07 19:20:34 +10:00
Viktor Dukhovni
41e3ebd5ab One more typo when changing !result to result <= 0
(cherry picked from commit eef1827f89)
2014-07-07 19:19:13 +10:00
Viktor Dukhovni
9624b50d51 Fix typo in last commit
(cherry picked from commit 90b70a6a6b)
2014-07-07 19:19:13 +10:00
Viktor Dukhovni
449d864515 Multiple verifier reference identities.
Implemented as STACK_OF(OPENSSL_STRING).

(cherry picked from commit 8abffa4a73)
2014-07-07 19:19:13 +10:00
Viktor Dukhovni
7f7e11ee5c Implement sk_deep_copy.
(cherry picked from commit 66d884f067)
2014-07-07 19:19:13 +10:00
Dr. Stephen Henson
43f534b986 Usage for -hack and -prexit -verify_return_error
(cherry picked from commit ee724df75d)
2014-07-06 22:45:20 +01:00
Dr. Stephen Henson
fbe8ea3abe Document certificate status request options.
(cherry picked from commit cba3f1c739)
2014-07-06 22:45:20 +01:00
Dr. Stephen Henson
affc941ea6 s_server usage for certificate status requests
(cherry picked from commit a44f219c00)
2014-07-06 22:45:20 +01:00
Dr. Stephen Henson
012f7474f7 Update ticket callback docs.
(cherry picked from commit a23a6e85d8)
2014-07-06 12:40:16 +01:00
Dr. Stephen Henson
5c1b373be6 Sanity check keylength in PVK files.
PR#2277
(cherry picked from commit 733a6c882e92f8221bd03a51643bb47f5f81bb81)
2014-07-06 00:36:14 +01:00
Jeffrey Walton
648a9f7c2f Added reference to platform specific cryptographic acceleration such as AES-NI 2014-07-06 00:04:09 +01:00
Matt Caswell
623acb90cc Fixed error in pod files with latest versions of pod2man
(cherry picked from commit 07255f0a76d9d349d915e14f969b9ff2ee0d1953)
2014-07-06 00:04:09 +01:00
Andy Polyakov
6ce295a301 sha512-x86_64.pl: fix typo.
PR: #3431
(cherry picked from commit 7eb9680ae1)
2014-07-06 00:00:34 +02:00
Andy Polyakov
0359ccfd8b s3_pkt.c: fix typo.
(cherry picked from commit 0e7a32b55e)
2014-07-05 23:57:28 +02:00
Andy Polyakov
9c1cf94f34 apps/speed.c: add multi-block benchmark.
(cherry picked from commit 375a64e349)
2014-07-05 23:54:43 +02:00
Alan Hryngle
ff5b11f547 Return smaller of ret and f.
PR#3418.
(cherry picked from commit fdea4fff8f)
2014-07-05 22:38:17 +01:00
Dr. Stephen Henson
8358302d47 Don't limit message sizes in ssl3_get_cert_verify.
PR#319 (reoponed version).
(cherry picked from commit 7f6e957864)
2014-07-05 13:30:38 +01:00
Dr. Stephen Henson
534656a997 Add license info.
(cherry picked from commit 55707a36cc)
2014-07-04 18:43:06 +01:00
Dr. Stephen Henson
2cfbec1cae typo 2014-07-04 13:50:26 +01:00
Dr. Stephen Henson
22db480daf Remove all RFC5878 code.
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs.
2014-07-04 13:42:05 +01:00
Rich Salz
d107382214 Merge branch 'rsalz-docfixes' 2014-07-03 12:57:16 -04:00
Rich Salz
03ae3ca621 Close 3170, remove reference to Ariel Glenn's old 0.9.8 doc
(cherry picked from commit f1112985e8)
2014-07-03 12:54:31 -04:00
Andy Polyakov
61df34e924 e_os.h: limit _MSC_VER trickery to older compilers.
PR: #3390
(cherry picked from commit aab3560b65)
2014-07-02 22:34:02 +02:00
Andy Polyakov
47b9e06cfd bn_exp.c: fix x86_64-specific crash with one-word modulus.
PR: #3397
(cherry picked from commit eca441b2b4)
2014-07-02 21:16:45 +02:00
Matt Smart
88822622a1 Fix doc typo.
ERR_get_error(3) references the non-existent
ERR_get_last_error_line_data instead of the one that does exist,
ERR_peek_last_error_line_data.

PR#3283
(cherry picked from commit 5cc99c6cf5)
2014-07-02 03:45:01 +01:00
Thijs Alkemade
8f243ab6c1 Make disabling last cipher work.
(cherry picked from commit 7cb472bd0d)
2014-07-02 03:32:42 +01:00
Dr. Stephen Henson
9223a31eb7 ASN1 sanity check.
Primitive encodings shouldn't use indefinite length constructed
form.

PR#2438 (partial).
(cherry picked from commit 398e99fe5e)
2014-07-02 00:59:44 +01:00
Dr. Stephen Henson
654ae3d6ad Accessor functions for app_data in ECDSA_METHOD
(cherry picked from commit 387b844ffd)
2014-07-02 00:59:43 +01:00
Ben Laurie
70c739b8db Fix possible buffer overrun.
(cherry picked from commit 2db3ea2929)

Conflicts:
	ssl/ssl_locl.h
	ssl/t1_lib.c
2014-07-02 00:09:39 +01:00