Matt Caswell
b11c24110c
Add Matt Caswell's fingerprint, and general update on the fingerprints file to bring it up to date
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 3bd548192a
)
2014-07-15 23:22:49 +01:00
Dr. Stephen Henson
beac6cb5aa
Clarify -Verify and PSK.
...
PR#3452
(cherry picked from commit ca2015a617
)
2014-07-15 20:23:25 +01:00
Dr. Stephen Henson
666a597ffb
Fix DTLS certificate requesting code.
...
Use same logic when determining when to expect a client
certificate for both TLS and DTLS.
PR#3452
(cherry picked from commit c8d710dc5f
)
2014-07-15 18:23:35 +01:00
Dr. Stephen Henson
d4dbabb814
Don't allow -www etc options with DTLS.
...
The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.
PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)
2014-07-15 12:25:19 +01:00
Dr. Stephen Henson
c71e37aa6c
Use case insensitive compare for servername.
...
PR#3445
(cherry picked from commit 1c3e9a7c67
)
2014-07-14 23:59:58 +01:00
Hubert Kario
cdae9a58e6
document -nextprotoneg option in man pages
...
Add description of the option to advertise support of
Next Protocol Negotiation extension (-nextprotoneg) to
man pages of s_client and s_server.
PR#3444
(cherry picked from commit 7efd0e777e
)
2014-07-14 23:43:21 +01:00
Dr. Stephen Henson
fa2b54c83a
Use more common name for GOST key exchange.
...
(cherry picked from commit 7aabd9c92fe6f0ea2a82869e5171dcc4518cee85)
2014-07-14 18:31:55 +01:00
Matt Caswell
14b5d0d029
Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.
...
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.
This does have the impact of masking any *real* unitialised data reads in bn though.
Patch based on approach suggested by Rich Salz.
PR#3415
(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
2014-07-13 22:20:15 +01:00
Peter Mosmans
2fbd94252a
Add names of GOST algorithms.
...
PR#3440
(cherry picked from commit 924e5eda2c
)
2014-07-13 18:31:09 +01:00
Richard Levitte
5b9188454b
* crypto/ui/ui_lib.c: misplaced brace in switch statement.
...
Detected by dcruette@qualitesys.com
(cherry picked from commit 8b5dd34091
)
2014-07-13 19:13:38 +02:00
Ben Laurie
5e189b4b8d
Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259).
...
(cherry picked from commit c1d1b0114e
)
2014-07-10 17:49:53 +01:00
Matt Caswell
23bd628735
Fix memory leak in BIO_free if there is no destroy function.
...
Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com>
PR#3439
(cherry picked from commit 66816c53be
)
2014-07-09 23:32:18 +01:00
Andy Polyakov
371feee876
x86_64 assembly pack: improve masm support.
...
(cherry picked from commit 1b0fe79f3e
)
2014-07-09 22:46:13 +02:00
Andy Polyakov
f50f0c6aa3
Please Clang's sanitizer, addendum.
...
(cherry picked from commit d11c70b2c2
)
2014-07-09 22:45:52 +02:00
Andy Polyakov
2064e2db08
Please Clang's sanitizer.
...
PR: #3424,#3423,#3422
(cherry picked from commit 021e5043e5
)
2014-07-09 22:45:38 +02:00
Andy Polyakov
de222838fe
apps/speed.c: fix compiler warnings in multiblock_speed().
...
(cherry picked from commit c4f8efab34
)
2014-07-07 17:03:27 +02:00
Andy Polyakov
0ad2a0a303
sha[1|512]-x86_64.pl: fix logical errors with $shaext=0.
...
(cherry picked from commit 07b635cceb
)
2014-07-07 17:02:00 +02:00
David Lloyd
2cb761c1f4
Prevent infinite loop loading config files.
...
PR#2985
(cherry picked from commit 9d23f422a3
)
2014-07-07 13:54:11 +01:00
Viktor Dukhovni
3ebcecf5c4
Improve X509_check_host() documentation.
...
Based on feedback from Jeffrey Walton.
(cherry picked from commit b73ac02735
)
2014-07-07 20:35:49 +10:00
Viktor Dukhovni
e83c913723
Update API to use (char *) for email addresses and hostnames
...
Reduces number of silly casts in OpenSSL code and likely most
applications. Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
(cherry picked from commit 297c67fcd8
)
2014-07-07 19:20:34 +10:00
Viktor Dukhovni
55fe56837a
Set optional peername when X509_check_host() succeeds.
...
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.
(cherry picked from commit ced3d9158a
)
2014-07-07 19:20:34 +10:00
Viktor Dukhovni
1eb57ae2b7
New peername element in X509_VERIFY_PARAM_ID
...
Declaration, memory management, accessor and documentation.
(cherry picked from commit 6e661d458f
)
2014-07-07 19:20:34 +10:00
Viktor Dukhovni
41e3ebd5ab
One more typo when changing !result to result <= 0
...
(cherry picked from commit eef1827f89
)
2014-07-07 19:19:13 +10:00
Viktor Dukhovni
9624b50d51
Fix typo in last commit
...
(cherry picked from commit 90b70a6a6b
)
2014-07-07 19:19:13 +10:00
Viktor Dukhovni
449d864515
Multiple verifier reference identities.
...
Implemented as STACK_OF(OPENSSL_STRING).
(cherry picked from commit 8abffa4a73
)
2014-07-07 19:19:13 +10:00
Viktor Dukhovni
7f7e11ee5c
Implement sk_deep_copy.
...
(cherry picked from commit 66d884f067
)
2014-07-07 19:19:13 +10:00
Dr. Stephen Henson
43f534b986
Usage for -hack and -prexit -verify_return_error
...
(cherry picked from commit ee724df75d
)
2014-07-06 22:45:20 +01:00
Dr. Stephen Henson
fbe8ea3abe
Document certificate status request options.
...
(cherry picked from commit cba3f1c739
)
2014-07-06 22:45:20 +01:00
Dr. Stephen Henson
affc941ea6
s_server usage for certificate status requests
...
(cherry picked from commit a44f219c00
)
2014-07-06 22:45:20 +01:00
Dr. Stephen Henson
012f7474f7
Update ticket callback docs.
...
(cherry picked from commit a23a6e85d8
)
2014-07-06 12:40:16 +01:00
Dr. Stephen Henson
5c1b373be6
Sanity check keylength in PVK files.
...
PR#2277
(cherry picked from commit 733a6c882e92f8221bd03a51643bb47f5f81bb81)
2014-07-06 00:36:14 +01:00
Jeffrey Walton
648a9f7c2f
Added reference to platform specific cryptographic acceleration such as AES-NI
2014-07-06 00:04:09 +01:00
Matt Caswell
623acb90cc
Fixed error in pod files with latest versions of pod2man
...
(cherry picked from commit 07255f0a76d9d349d915e14f969b9ff2ee0d1953)
2014-07-06 00:04:09 +01:00
Andy Polyakov
6ce295a301
sha512-x86_64.pl: fix typo.
...
PR: #3431
(cherry picked from commit 7eb9680ae1
)
2014-07-06 00:00:34 +02:00
Andy Polyakov
0359ccfd8b
s3_pkt.c: fix typo.
...
(cherry picked from commit 0e7a32b55e
)
2014-07-05 23:57:28 +02:00
Andy Polyakov
9c1cf94f34
apps/speed.c: add multi-block benchmark.
...
(cherry picked from commit 375a64e349
)
2014-07-05 23:54:43 +02:00
Alan Hryngle
ff5b11f547
Return smaller of ret and f.
...
PR#3418.
(cherry picked from commit fdea4fff8f
)
2014-07-05 22:38:17 +01:00
Dr. Stephen Henson
8358302d47
Don't limit message sizes in ssl3_get_cert_verify.
...
PR#319 (reoponed version).
(cherry picked from commit 7f6e957864
)
2014-07-05 13:30:38 +01:00
Dr. Stephen Henson
534656a997
Add license info.
...
(cherry picked from commit 55707a36cc
)
2014-07-04 18:43:06 +01:00
Dr. Stephen Henson
2cfbec1cae
typo
2014-07-04 13:50:26 +01:00
Dr. Stephen Henson
22db480daf
Remove all RFC5878 code.
...
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs.
2014-07-04 13:42:05 +01:00
Rich Salz
d107382214
Merge branch 'rsalz-docfixes'
2014-07-03 12:57:16 -04:00
Rich Salz
03ae3ca621
Close 3170, remove reference to Ariel Glenn's old 0.9.8 doc
...
(cherry picked from commit f1112985e8
)
2014-07-03 12:54:31 -04:00
Andy Polyakov
61df34e924
e_os.h: limit _MSC_VER trickery to older compilers.
...
PR: #3390
(cherry picked from commit aab3560b65
)
2014-07-02 22:34:02 +02:00
Andy Polyakov
47b9e06cfd
bn_exp.c: fix x86_64-specific crash with one-word modulus.
...
PR: #3397
(cherry picked from commit eca441b2b4
)
2014-07-02 21:16:45 +02:00
Matt Smart
88822622a1
Fix doc typo.
...
ERR_get_error(3) references the non-existent
ERR_get_last_error_line_data instead of the one that does exist,
ERR_peek_last_error_line_data.
PR#3283
(cherry picked from commit 5cc99c6cf5
)
2014-07-02 03:45:01 +01:00
Thijs Alkemade
8f243ab6c1
Make disabling last cipher work.
...
(cherry picked from commit 7cb472bd0d
)
2014-07-02 03:32:42 +01:00
Dr. Stephen Henson
9223a31eb7
ASN1 sanity check.
...
Primitive encodings shouldn't use indefinite length constructed
form.
PR#2438 (partial).
(cherry picked from commit 398e99fe5e
)
2014-07-02 00:59:44 +01:00
Dr. Stephen Henson
654ae3d6ad
Accessor functions for app_data in ECDSA_METHOD
...
(cherry picked from commit 387b844ffd
)
2014-07-02 00:59:43 +01:00
Ben Laurie
70c739b8db
Fix possible buffer overrun.
...
(cherry picked from commit 2db3ea2929
)
Conflicts:
ssl/ssl_locl.h
ssl/t1_lib.c
2014-07-02 00:09:39 +01:00