wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10873 commits 20 branches 302 tags 153 MiB
Commit graph

10873 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ben Laurie
519ad9b384 Add accessor for x509.cert_info. 2014-02-01 18:30:23 +00:00
Ben Laurie
7b2d785d20 Fix warning. 2014-01-29 17:57:32 +01:00
Dr. Stephen Henson
f2d678e6e8 Clarify docs. 
Remove reference to ERR_TXT_MALLOCED in the error library as that is
only used internally. Indicate that returned error data must not be
freed.
 2014-01-29 00:59:35 +00:00
Dr. Stephen Henson
448e9b7cf1 typo 
(cherry picked from commit cb2182676b)
 2014-01-28 15:36:15 +00:00
Dr. Stephen Henson
2c4c9867e7 Fix demo comment: 0.9.9 never released. 
(cherry picked from commit 717cc85895)
 2014-01-28 15:17:32 +00:00
Dr. Stephen Henson
a99540a6de Check i before r[i]. 
PR#3244
(cherry picked from commit 9614d2c676)
 2014-01-28 15:14:47 +00:00
Dr. Stephen Henson
9614ed695d Add loaded dynamic ENGINEs to list. 
Always add a dynamically loaded ENGINE to list. Otherwise it can cause
problems when multiply loaded, especially if it adds new public key methods.
For all current engines we only want a single implementation anyway.
(cherry picked from commit e933f91f50)
 2014-01-28 13:57:14 +00:00
Dr. Stephen Henson
aabfee601e Certificate callback doc. 
(cherry picked from commit 46ab9bbd7f)
 2014-01-28 13:38:55 +00:00
Dr. Stephen Henson
cee1d9e02f make update 2014-01-27 14:59:46 +00:00
Dr. Stephen Henson
285f7fb0f9 Add cert callback retry test. 
(cherry picked from commit 3323314fc1)
 2014-01-27 14:41:38 +00:00
Dr. Stephen Henson
ede90b1121 Support retries in certificate callback 
(cherry picked from commit 0ebc965b9c)

Conflicts:

	ssl/s3_srvr.c
	ssl/ssl3.h
 2014-01-27 14:41:38 +00:00
Dr. Stephen Henson
5e7329d156 Compare encodings in X509_cmp as well as hash. 
(cherry picked from commit ec492c8a5a)
 2014-01-27 14:33:10 +00:00
Dr. Stephen Henson
9f1979b94a New function to set compression methods so they can be safely freed. 
(cherry picked from commit cbb6744827)
 2014-01-27 14:32:44 +00:00
Dr. Stephen Henson
3fcf327e26 Add -engine_impl option to dgst which will use an implementation of 
an algorithm from the supplied engine instead of just the default one.
(cherry picked from commit bb845ee044)
 2014-01-23 18:35:42 +00:00
Dr. Stephen Henson
3f4742b48c make update 2014-01-23 17:13:37 +00:00
Dr. Stephen Henson
c4f01c533b Add new function SSL_CTX_get_ssl_method(). 
Partial fix for PR#3183.
(cherry picked from commit ba168244a1)
 2014-01-16 14:08:42 +00:00
Kaspar Brand
b7a8550988 Omit initial status request callback check. 
PR#3178
(cherry picked from commit d0b039d4a3)
 2014-01-16 13:48:23 +00:00
Zoltan Arpadffy
e775891708 VMS fixes 2014-01-11 22:44:04 +00:00
Jeff Trawick
ae6fbb5df0 typo 
(cherry picked from commit 5edce5685f)
 2014-01-10 23:02:46 +00:00
Jeff Trawick
f9c1f03754 typo 
(cherry picked from commit 4b64e0cbdb)
 2014-01-10 23:02:20 +00:00
Dr. Stephen Henson
50701af9d5 Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling. 
(cherry picked from commit 8f4077ca69)
 2014-01-09 22:53:50 +00:00
Dr. Stephen Henson
1d6af3d430 update NEWS 2014-01-09 22:50:07 +00:00
Andy Polyakov
392fd8f89c bn/asm/x86_64-mont5.pl: fix compilation error on Solaris. 
(cherry picked from commit eedab5241e)
 2014-01-09 13:47:53 +01:00
Dr. Stephen Henson
802db0fab2 Sync CHANGES 2014-01-07 15:41:11 +00:00
Dr. Stephen Henson
2f972419a3 Add fix for CVE-2013-4353 2014-01-07 15:41:11 +00:00
Dr. Stephen Henson
a05a2c67ef Update NEWS. 2014-01-07 15:41:04 +00:00
Andy Polyakov
e34140620e sha/asm/sha256-armv4.pl: add NEON code path. 
(and shave off cycle even from integer-only code)
(cherry picked from commit ad0d2579cf)
 2014-01-04 18:06:36 +01:00
Andy Polyakov
acd9121085 aesni-sha1-x86_64.pl: harmonize [Atom-specific optimizations] with master branch. 2014-01-04 17:42:13 +01:00
Dr. Stephen Henson
b17d6b8d1d Restore SSL_OP_MSIE_SSLV2_RSA_PADDING 
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
0.9.7h but deleting it will break source compatibility with any software
that references it. Restore it but #define to zero.
 2014-01-04 13:58:51 +00:00
Dr. Stephen Henson
b9fa413a08 Use algorithm specific chains for certificates. 
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.

Update docs.
(cherry picked from commit a4339ea3ba)

Conflicts:

	CHANGES
 2014-01-03 22:45:20 +00:00
Andy Polyakov
4abe148444 ssl/t1_enc.c: optimize PRF (suggested by Intel). 
(cherry picked from commit e8b0dd57c0)
 2014-01-03 21:56:03 +01:00
Dr. Stephen Henson
04d6940436 update NEWS 2014-01-02 19:12:47 +00:00
Dr. Stephen Henson
8511b5f594 Don't change version number if session established 
When sending an invalid version number alert don't change the
version number to the client version if a session is already
established.

Thanks to Marek Majkowski for additional analysis of this issue.

PR#3191
(cherry picked from commit b77b58a398)
 2014-01-02 15:07:51 +00:00
Dr. Stephen Henson
546d6760b9 Update curve list size. 2013-12-29 16:30:34 +00:00
Andy Polyakov
ccbb8d5e95 sparcv9cap.c: omit random detection. 
PR: 3202
(cherry picked from commit 926725b3d7)
 2013-12-28 13:32:45 +01:00
Andy Polyakov
d7d7e7b038 ARM assembly pack: make it work with older toolchain. 
(cherry picked from commit 2218c296b4)
 2013-12-28 12:18:11 +01:00
Dr. Stephen Henson
80b6d97585 Fix DTLS retransmission from previous session. 
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1)
 2013-12-20 23:25:41 +00:00
Dr. Stephen Henson
ff64ab32ae Ignore NULL parameter in EVP_MD_CTX_destroy. 
(cherry picked from commit a6c62f0c25)
 2013-12-20 23:24:26 +00:00
Andy Polyakov
fc9c9e47f7 sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes. 
(and ensure stack alignment in the process)
(cherry picked from commit fc0503a25c)
 2013-12-18 22:57:14 +01:00
Andy Polyakov
68e6ac4379 evp/e_[aes|camellia].c: fix typo in CBC subroutine. 
It worked because it was never called.
(cherry picked from commit e9c80e04c1)
 2013-12-18 22:56:24 +01:00
Andy Polyakov
e34b7e99fd sha512.c: fullfull implicit API contract in SHA512_Transform. 
SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.
(cherry picked from commit cdd1acd788)
 2013-12-18 22:56:00 +01:00
Dr. Stephen Henson
a32ba49352 Check EVP errors for handshake digests. 
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f)
 2013-12-18 13:27:15 +00:00
Dr. Stephen Henson
3a0c71541b verify parameter enumeration functions 
(cherry picked from commit 9b3d75706e)

Conflicts:

	crypto/x509/x509_vpm.c
 2013-12-13 15:52:27 +00:00
Dr. Stephen Henson
adc6bd73e3 Add opaque ID structure. 
Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
 2013-12-13 15:36:31 +00:00
Dr. Stephen Henson
8c6d8c2a49 Backport TLS padding extension from master. 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
53a8f8c26d Fix for partial chain notification. 
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
bf4863b3f5 Verify parameter retrieval functions. 
New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
8f68678989 Don't use rdrand engine as default unless explicitly requested. 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
57c4e42d75 Get FIPS checking logic right. 
We need to lock when *not* in FIPS mode.
 2013-12-10 12:52:27 +00:00
Dr. Stephen Henson
ff672cf8dd remove obsolete STATUS file 2013-12-10 00:10:41 +00:00