wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12590 commits 20 branches 302 tags 153 MiB
Commit graph

12590 commits

This branch
This branch
All branches
Author SHA1 Message Date
Bodo Moeller
cf6da05304 Support TLS_FALLBACK_SCSV. 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2014-10-15 04:03:28 +02:00
Dr. Stephen Henson
ffa08b3242 Remove reference to deleted md4.c 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2014-10-11 13:37:44 +01:00
Dr. Stephen Henson
f3014206a2 Disable encrypt them mac for SSL 3.0 and stream ciphers (RC4 only). 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-10-10 13:23:29 +01:00
Matt Caswell
e0fdea3e49 Removed duplicate definition of PKCS7_type_is_encrypted 
Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also
remove duplicate definition of PKCS7_type_is_digest.

PR#3551

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-10-06 23:42:13 +01:00
Ben Laurie
71614df485 Fix single makefile. 
Reviewed-by: Geoffrey Thorpe <geoff@geoffthorpe.net>
 2014-10-06 18:07:55 +01:00
Rich Salz
5aed169305 RT3462: Document actions when data==NULL 
If data is NULL, return the size needed to hold the
derived key.  No other API to do this, so document
the behavior.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-10-03 10:39:00 -04:00
Bodo Moeller
429a25b97d DTLS 1.2 support has been added to 1.0.2. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-10-02 17:56:40 +02:00
Andy Polyakov
ae4af7a067 crypto/cast/asm/cast-586.pl: +5% on PIII and remove obsolete readme. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-10-01 23:59:14 +02:00
Rich Salz
df8c39d522 RT3549: Remove obsolete files in crypto 
Reviewed-by: Andy Polyakov <appro@openssl.org>
 2014-10-01 16:05:47 -04:00
Rich Salz
d5f34443ad RT2910: Remove des.c and its Makefile target 
Reviewed-by: Andy Polyakov <appro@openssl.org>
 2014-09-30 16:44:10 -04:00
Rich Salz
9208640a36 RT2309: Fix podpage MMNNFFPPS->MNNFFPPS 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-09-30 16:31:11 -04:00
Dr. Stephen Henson
4b6dee2b14 Parse custom extensions after internal extensions. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-09-30 20:10:50 +01:00
Andy Polyakov
55c7a4cf11 e_os.h: refine inline override logic (to address warnings in debug build). 
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
 2014-09-30 21:05:33 +02:00
Andy Polyakov
323154be33 crypto/bn/bn_nist.c: bring original failing code back for reference. 
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
 2014-09-30 21:00:44 +02:00
Dr. Stephen Henson
7c4776251e Add additional explanation to CHANGES entry. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-09-29 12:25:10 +01:00
Dr. Stephen Henson
1cfd255c91 Add additional DigestInfo checks. 
Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.

Note: this is a precautionary measure, there is no known attack
which can exploit this.

Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-09-29 12:01:05 +01:00
Rich Salz
3d81ec5b92 Remove #ifdef's for IRIX_CC_BUG 
Reviewed-by: Andy Polyakov <appro@openssl.org>
 2014-09-25 14:43:24 -04:00
Rich Salz
008bef521c RT3544: Must update TABLE after Configure change 
Also add comment to Configure reminding people to do that.

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2014-09-25 13:18:22 -04:00
Emilia Kasper
fdc35a9d3e Add missing tests 
Accidentally omitted from commit 455b65dfab

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2014-09-25 13:46:08 +02:00
Dr. Stephen Henson
5886354dcc Use correct function name: CMS_add1_signer() 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-09-25 00:03:27 +01:00
Andy Polyakov
8b07c005fe crypto/bn/bn_nist.c: work around MSC ARM compiler bug. 
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
 2014-09-25 00:42:26 +02:00
Andy Polyakov
40155f4089 e_os.h: allow inline functions to be compiled by legacy compilers. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-09-25 00:32:56 +02:00
Rich Salz
92c7846372 RT3544: Remove MWERKS support 
The following #ifdef tests were all removed:
	__MWERKS__
	MAC_OS_pre_X
	MAC_OS_GUSI_SOURCE
	MAC_OS_pre_X
	OPENSSL_SYS_MACINTOSH_CLASSIC
	OPENSSL_SYS_MACOSX_RHAPSODY

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2014-09-24 18:07:29 -04:00
Emilia Kasper
4aac102f75 RT3425: constant-time evp_enc 
Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-09-24 16:19:18 +02:00
Emilia Kasper
455b65dfab RT3067: simplify patch 
(Original commit adb46dbc6d)

Use the new constant-time methods consistently in s3_srvr.c

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2014-09-24 15:35:02 +02:00
Emilia Kasper
294d1e36c2 RT3066: rewrite RSA padding checks to be slightly more constant time. 
Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2014-09-24 12:45:42 +02:00
Emilia Kasper
51b7be8d5f make update 
Sync libeay.num from 1.0.2

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
 2014-09-23 18:37:23 +02:00
Emilia Kasper
5f85f64f7e Note i2d_re_X509_tbs and related changes in CHANGES 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit e9128d9401)
 2014-09-23 18:28:10 +02:00
Andy Polyakov
507efe7372 CHANGES: mention ECP_NISTZ256. 
Reviewed-by: Bodo Moeller <bodo@openssl.org>
 2014-09-23 14:54:34 +02:00
Andy Polyakov
4513b1b641 crypto/rsa/rsa_chk.c: harmonize error codes. 
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2014-09-21 23:05:13 +02:00
Andy Polyakov
be07ae9b10 crypto/ecp_nistz256.c: harmonize error codes. 
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2014-09-21 15:56:02 +02:00
Tim Hudson
b5ff559ff9 Fixed error introduced in commit f2be92b94d 
that fixed PR#3450 where an existing cast masked an issue when i was changed
from int to long in that commit

Picked up on z/linux (s390) where sizeof(int)!=sizeof(long)

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-09-21 21:54:31 +10:00
Andy Polyakov
d475b2a3bf Harmonize Tru64 and Linux make rules. 
RT: 3333,3165
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-09-20 10:20:38 +02:00
Dr. Stephen Henson
16e5b45f72 Fix warning. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-09-20 00:08:56 +01:00
Rich Salz
e8185aea87 RT3291: Add -crl and -revoke options to CA.pl 
Document the new features

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-09-18 21:45:41 -04:00
Jake Goulding
99b00fd993 RT2301: GetDIBits, not GetBitmapBits in rand_win 
GetDIBits has been around since Windows2000 and
BitBitmapBits is an old Win16 compatibility function
that is much slower.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-09-18 16:41:31 -04:00
Andy Polyakov
569e2d1257 crypto/bn/asm/x86_64-mont*.pl: add missing clang detection. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-09-12 00:44:51 +02:00
Andy Polyakov
847147908b Configure: engage ECP_NISTZ256. 
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-09-12 00:38:57 +02:00
Andy Polyakov
4d3fa06fce Add ECP_NISTZ256 by Shay Gueron, Intel Corp. 
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-09-12 00:37:41 +02:00
Andy Polyakov
f54be179aa Reserve option to use BN_mod_exp_mont_consttime in ECDSA. 
Submitted by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-09-12 00:13:20 +02:00
Andy Polyakov
902b30df19 perlasm/x86_64-xlate.pl: handle inter-bank movd. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-09-12 00:06:00 +02:00
Rich Salz
6f46c3c3b0 RT2772 update: c_rehash was broken 
Move the readdir() lines out of the if statement, so
that flist is available globally.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-09-11 13:08:30 -04:00
Rich Salz
cb4bb56bae RT3271 update; extra; semi-colon; confuses; some; 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2014-09-10 15:08:40 -04:00
Rich Salz
b2aa38a980 RT2560: missing NULL check in ocsp_req_find_signer 
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2014-09-10 12:18:50 -04:00
Rich Salz
468ab1c20d RT2196: Clear up some README wording 
Say where to email bug reports.
Mention general RT tracker info in a separate paragraph.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-09-09 17:48:27 -04:00
Matt Caswell
eb63bce040 RT3192: spurious error in DSA verify 
This is funny; Ben commented in the source, Matt opend a ticket,
and Rich is doing the submit.  Need more code-review? :)

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2014-09-09 17:10:15 -04:00
Rich Salz
c939cca1a3 Merge branch 'master' of git.openssl.org:openssl 
Previous commit was reviewed by Geoff, not Stephen:
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
 2014-09-09 17:06:50 -04:00
Rich Salz
843921f298 RT3271: Don't use "if !" in shell lines 
For portability don't use "if ! expr"

Reviewed-by: Geoff Thorpe <geoff@openssl.org>
 2014-09-09 17:06:14 -04:00
Rich Salz
b999f66e34 RT3271: Don't use "if !" in shell lines 
For portability don't use "if ! expr"

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2014-09-09 17:05:28 -04:00
Geoff Keating
1f18f50c4b RT1909: Omit version for v1 certificates 
When calling X509_set_version to set v1 certificate, that
should mean that the version number field is omitted.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2014-09-09 15:15:45 -04:00