wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10898 commits 20 branches 302 tags 153 MiB
Commit graph

10898 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andy Polyakov
0208ab2e3f bn_nist.c: make new optimized code dependent on BN_LLONG. 2012-02-02 07:46:05 +00:00
Andy Polyakov
faed798c32 hpux-parisc2-*: engage assembler. 2012-02-02 07:41:29 +00:00
Dr. Stephen Henson
f71c6e52f7 Add support for distinct certificate chains per key type and per SSL 
structure.

Before this the only way to add a custom chain was in the parent SSL_CTX
(which is shared by all key types and SSL structures) or rely on auto
chain building (which is performed on each handshake) from the trust store.
 2012-01-31 14:00:10 +00:00
Dr. Stephen Henson
9ade64dedf code tidy 2012-01-27 14:21:38 +00:00
Dr. Stephen Henson
c526ed410c Revise ssl code to use a CERT_PKEY structure when outputting a 
certificate chain instead of an X509 structure.

This makes it easier to enhance code in future and the chain
output functions have access to the CERT_PKEY structure being
used.
 2012-01-26 16:00:34 +00:00
Dr. Stephen Henson
4379d0e457 Tidy/enhance certificate chain output code. 
New function ssl_add_cert_chain which adds a certificate chain to
SSL internal BUF_MEM. Use this function in ssl3_output_cert_chain
and dtls1_output_cert_chain instead of partly duplicating code.
 2012-01-26 15:47:32 +00:00
Dr. Stephen Henson
7568d15acd allow key agreement for SSL/TLS certificates 2012-01-26 14:57:45 +00:00
Dr. Stephen Henson
08e4ea4884 initialise dh_clnt 2012-01-26 14:37:46 +00:00
Andy Polyakov
98909c1d5b ghash-x86.pl: engage original MMX version in no-sse2 builds. 2012-01-25 17:56:08 +00:00
Dr. Stephen Henson
ccd395cbcc add example for DH certificate generation 2012-01-25 16:33:39 +00:00
Dr. Stephen Henson
0d60939515 add support for use of fixed DH client certificates 2012-01-25 14:51:49 +00:00
Dr. Stephen Henson
2ff5ac55c5 oops revert debug change 2012-01-22 13:52:39 +00:00
Dr. Stephen Henson
1db5f356f5 return error if md is NULL 2012-01-22 13:12:14 +00:00
Andy Polyakov
e6903980af x86_64-xlate.pl: proper solution for RT#2620. 2012-01-21 11:34:53 +00:00
Dr. Stephen Henson
855d29184e Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. 
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
 2012-01-18 18:15:27 +00:00
Dr. Stephen Henson
ac07bc8602 fix CHANGES entry 2012-01-17 14:20:32 +00:00
Dr. Stephen Henson
8e1dc4d7ca Support for fixed DH ciphersuites. 
The cipher definitions of these ciphersuites have been around since SSLeay
but were always disabled. Now OpenSSL supports DH certificates they can be
finally enabled.

Various additional changes were needed to make them work properly: many
unused fixed DH sections of code were untested.
 2012-01-16 18:19:14 +00:00
Andy Polyakov
a985410d2d cryptlib.c: sscanf warning. 2012-01-15 17:13:57 +00:00
Andy Polyakov
0ecedec82d Fix OPNESSL vs. OPENSSL typos. 
PR: 2613
Submitted by: Leena Heino
 2012-01-15 13:39:10 +00:00
Dr. Stephen Henson
9bd20155ba fix warning 2012-01-15 13:30:41 +00:00
Andy Polyakov
5d13669a2c cryptlib.c: make even non-Windows builds "strtoull-agnostic". 2012-01-14 18:46:15 +00:00
Andy Polyakov
adb5a2694a sha512-sparcv9.pl: work around V8+ warning. 2012-01-13 09:18:05 +00:00
Andy Polyakov
23b93b587b aes-ppc.pl, sha512-ppc.pl: comply even with Embedded ABI specification 
(most restrictive about r2 and r13 usage).
 2012-01-13 09:16:52 +00:00
Andy Polyakov
a50bce82ec Sanitize usage of <ctype.h> functions. It's important that characters 
are passed zero-extended, not sign-extended.
PR: 2682
 2012-01-12 16:21:35 +00:00
Andy Polyakov
713f49119f ec_pmeth.c: fix typo in commentary. 
PR: 2677
Submitted by: Annue Yousar
 2012-01-12 13:22:51 +00:00
Andy Polyakov
677741f87a doc/apps: formatting fixes. 
PR: 2683
Submitted by: Annie Yousar
 2012-01-11 21:58:19 +00:00
Andy Polyakov
5beb93e114 speed.c: typo in pkey_print_message. 
PR: 2681
Submitted by: Annie Yousar
 2012-01-11 21:48:31 +00:00
Andy Polyakov
62d7dd5ffd ecdsa.pod: typo. 
PR: 2678
Submitted by: Annie Yousar
 2012-01-11 21:41:32 +00:00
Andy Polyakov
6e913f9901 asn1/t_x509.c: fix serial number print, harmonize with a_int.c. 
PR: 2675
Submitted by: Annie Yousar
 2012-01-11 21:12:22 +00:00
Andy Polyakov
e255024bf7 aes-sparcv9.pl: clean up regexp 
PR: 2685
 2012-01-11 15:30:53 +00:00
Dr. Stephen Henson
8fa397a6bc fix warning (revert original patch) 2012-01-10 14:36:41 +00:00
Andy Polyakov
03cf7e784c cmac.c: optimize make_kn and move zero_iv to const segment. 2012-01-06 13:19:16 +00:00
Andy Polyakov
ce0727f9bd bn_nist.c: harmonize buf in BN_nist_mod_256 with other mod functions. 2012-01-06 13:17:47 +00:00
Bodo Möller
8e85545284 Update for 0.9.8s and 1.0.0f, and for 1.0.1 branch. 
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in HEAD, the actual code is here already.)
 2012-01-05 13:48:55 +00:00
Bodo Möller
6620bf3444 Fix usage indentation 2012-01-05 13:16:30 +00:00
Bodo Möller
7bb1cc9505 Fix for builds without DTLS support. 
Submitted by: Brian Carlstrom
 2012-01-05 10:22:41 +00:00
Dr. Stephen Henson
59e68615ce PR: 2671 
Submitted by: steve

Update maximum message size for certifiate verify messages to support
4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.
 2012-01-05 00:28:43 +00:00
Dr. Stephen Henson
192540b522 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> 
Reviewed by: steve

Send fatal alert if heartbeat extension has an illegal value.
 2012-01-05 00:23:17 +00:00
Dr. Stephen Henson
e2ca32fc2b disable heartbeats if tlsext disabled 2012-01-05 00:07:46 +00:00
Dr. Stephen Henson
4d0bafb4ae update CHANGES 2012-01-04 23:54:17 +00:00
Dr. Stephen Henson
e745572493 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> 
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
 2012-01-04 23:52:26 +00:00
Dr. Stephen Henson
27dfffd5b7 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 23:16:15 +00:00
Dr. Stephen Henson
d0dc991c62 Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 23:15:51 +00:00
Dr. Stephen Henson
2ec0497f08 fix CHANGES 2012-01-04 23:10:44 +00:00
Dr. Stephen Henson
6bf896d9b1 Check GOST parameters are not NULL (CVE-2012-0027) 2012-01-04 23:03:40 +00:00
Dr. Stephen Henson
be71c37296 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 23:01:54 +00:00
Dr. Stephen Henson
0015572372 update FAQ 2012-01-04 20:05:58 +00:00
Dr. Stephen Henson
6074fb0979 fix warnings 2012-01-04 14:45:47 +00:00
Dr. Stephen Henson
25536ea6a7 Submitted by: Adam Langley <agl@chromium.org> 
Reviewed by: steve

Fix memory leaks.
 2012-01-04 14:25:42 +00:00
Dr. Stephen Henson
b3720c34e5 oops, revert wrong patch 2012-01-03 22:06:21 +00:00