Bodo Möller
45d63a5408
Synchronize with 1.0.0 branch
2011-02-08 08:48:34 +00:00
Dr. Stephen Henson
decef971f4
add -stripcr option to copy.pl from 0.9.8
2011-02-03 14:58:02 +00:00
Bodo Möller
a288aaefc4
Assorted bugfixes:
...
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check
Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
2011-02-03 12:03:57 +00:00
Bodo Möller
eed56c77b4
fix omission
2011-02-03 11:19:52 +00:00
Bodo Möller
346601bc32
CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)
2011-02-03 10:42:00 +00:00
Dr. Stephen Henson
5080fbbef0
Since FIPS 186-3 specifies we use the leftmost bits of the digest
...
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
2011-02-01 12:53:47 +00:00
Dr. Stephen Henson
b5b724348d
stop warnings about no previous prototype when compiling shared engines
2011-01-30 01:55:29 +00:00
Dr. Stephen Henson
c3ee90d8ca
FIPS mode changes to make RNG compile (this will need updating later as we
...
need a whole new PRNG for FIPS).
1. avoid use of ERR_peek().
2. If compiling with FIPS use small FIPS EVP and disable ENGINE
2011-01-26 14:55:23 +00:00
Dr. Stephen Henson
e1435034ae
FIPS_allow_md5() no longer exists and is no longer required
2011-01-26 12:25:51 +00:00
Richard Levitte
bf35c5dc7f
Add rsa_crpt
2011-01-26 06:32:22 +00:00
Dr. Stephen Henson
c42d223ac2
Move RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate
...
crypto and ENGINE dependencies in RSA library.
2011-01-25 17:43:20 +00:00
Dr. Stephen Henson
d5654d2b20
Move BN_options function to bn_print.c to remove dependency for BIO printf
...
routines from bn_lib.c
2011-01-25 17:10:42 +00:00
Dr. Stephen Henson
a7508fec1a
Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of
...
DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().
2011-01-25 16:55:27 +00:00
Dr. Stephen Henson
c31945e682
recalculate DSA signature if r or s is zero (FIPS 186-3 requirement)
2011-01-25 16:02:27 +00:00
Dr. Stephen Henson
d3203b931e
PR: 2433
...
Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve
Constify ASN1_STRING_set_default_mask_asc().
2011-01-24 16:20:05 +00:00
Dr. Stephen Henson
947f4e90c3
New function EC_KEY_set_affine_coordinates() this performs all the
...
NIST PKV tests.
2011-01-24 16:09:57 +00:00
Dr. Stephen Henson
d184c7b271
check EC public key isn't point at infinity
2011-01-24 15:07:47 +00:00
Dr. Stephen Henson
913488c066
PR: 1612
...
Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve
Fix EC_POINT_cmp function for case where b but not a is the point at infinity.
2011-01-24 14:41:49 +00:00
Dr. Stephen Henson
7fa27d9ac6
Add additional parameter to dsa_builtin_paramgen to output the generated
...
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.
The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
2011-01-19 14:46:42 +00:00
Dr. Stephen Henson
c341b9cce5
add va_list version of ERR_add_error_data
2011-01-14 15:13:59 +00:00
Dr. Stephen Henson
bbbf0d45ba
stop warning with no-engine
2011-01-13 15:42:47 +00:00
Richard Levitte
114c402d9e
PR: 2425
...
Synchronise VMS build with Unixly build.
2011-01-10 20:55:27 +00:00
Dr. Stephen Henson
d51519eba4
add buf_str.c file
2011-01-09 13:30:58 +00:00
Dr. Stephen Henson
e650f9988b
move some string utilities to buf_str.c to reduce some dependencies (from 0.9.8 branch).
2011-01-09 13:30:34 +00:00
Dr. Stephen Henson
8ed8454115
add X9.31 prime generation routines from 0.9.8 branch
2011-01-09 13:22:47 +00:00
Richard Levitte
6e101bebb1
PR: 2407
...
Fix fault include.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
2011-01-06 20:56:04 +00:00
Dr. Stephen Henson
4577b38d22
Don't use decryption_failed alert for TLS v1.1 or later.
2011-01-04 19:39:42 +00:00
Dr. Stephen Henson
a8515e2d28
Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
...
alert.
2011-01-04 19:33:30 +00:00
Dr. Stephen Henson
964e91052e
oops missed an assert
2011-01-03 12:52:11 +00:00
Dr. Stephen Henson
4e55e69bff
PR: 2411
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Fix corner cases in RFC3779 code.
2011-01-03 01:40:45 +00:00
Dr. Stephen Henson
e501dbb658
Fix escaping code for string printing. If *any* escaping is enabled we
...
must escape the escape character itself (backslash).
2011-01-03 01:30:58 +00:00
Dr. Stephen Henson
20e505e4b7
PR: 2410
...
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Use OPENSSL_assert() instead of assert().
2011-01-03 01:22:27 +00:00
Dr. Stephen Henson
291a26e6e3
PR: 2413
...
Submitted by: Michael Bergandi <mbergandi@gmail.com>
Reviewed by: steve
Fix typo in crypto/bio/bss_dgram.c
2011-01-03 01:07:20 +00:00
Dr. Stephen Henson
0383911887
PR: 2416
...
Submitted by: Mark Phalan <mark.phalan@oracle.com>
Reviewed by: steve
Use L suffix in version number.
2011-01-03 00:26:21 +00:00
Richard Levitte
a5c5eb77b5
Part of the IF structure didn't get pasted here...
...
PR: 2393
2010-12-14 21:44:33 +00:00
Richard Levitte
90d02be7c5
First attempt at adding the possibility to set the pointer size for the builds on VMS.
...
PR: 2393
2010-12-14 19:18:58 +00:00
Andy Polyakov
04221983ac
bss_file.c: refine UTF8 logic [from HEAD].
...
PR: 2382
2010-12-11 14:54:48 +00:00
Dr. Stephen Henson
dfda027ae8
ignore leading null fields
2010-12-03 19:31:23 +00:00
Dr. Stephen Henson
21b5a79121
update FAQ
2010-12-02 19:56:03 +00:00
Dr. Stephen Henson
411a388c62
PR: 2386
...
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve
Correct SKM_ASN1_SET_OF_d2i macro.
2010-12-02 18:02:14 +00:00
Dr. Stephen Henson
61c10d42f6
fix doc typos
2010-12-02 13:45:25 +00:00
Dr. Stephen Henson
68ecfb69a5
use consistent FAQ between version
2010-12-02 00:11:21 +00:00
Andy Polyakov
e62fee8eb3
Configure: make -mno-cygwin optional on mingw platforms [from HEAD].
...
PR: 2381
2010-11-30 22:18:46 +00:00
Dr. Stephen Henson
5566d49103
PR: 2385
...
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve
Zero key->pkey.ptr after it is freed so the structure can be reused.
2010-11-30 19:45:31 +00:00
Richard Levitte
48337a4a35
Better method for creating SSLROOT:.
...
Make sure to include the path to evptest.txt.
2010-11-29 22:27:18 +00:00
Dr. Stephen Henson
2c5c4fca14
apply J-PKAKE fix to HEAD (original by Ben)
2010-11-29 18:33:28 +00:00
Dr. Stephen Henson
4fab95ed20
Some of the MS_STATIC use in crypto/evp is a legacy from the days when
...
EVP_MD_CTX was much larger: it isn't needed anymore.
2010-11-27 17:35:56 +00:00
Dr. Stephen Henson
6c36ca4628
PR: 2240
...
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve
As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.
2010-11-25 12:27:39 +00:00
Dr. Stephen Henson
9c61c57896
using_ecc doesn't just apply to TLSv1
2010-11-25 11:51:46 +00:00
Dr. Stephen Henson
a618011ca1
add "missing" functions to copy EVP_PKEY_METHOD and examine info
2010-11-24 16:07:45 +00:00