Commit graph

11351 commits

Author SHA1 Message Date
Dr. Stephen Henson
789b12599d Add conditional unit testing interface.
Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.

By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit e0fc7961c4)

Conflicts:

	ssl/heartbeat_test.c
	ssl/ssl.h
	util/mkdef.pl
2014-07-24 19:42:26 +01:00
Matt Caswell
371d9a627b Prepare for 1.0.2-beta3-dev
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-07-22 21:31:04 +01:00
Matt Caswell
2f63ad1c6d Prepare for 1.0.2-beta2 release
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-07-22 21:30:33 +01:00
Matt Caswell
0e32035292 make update
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-07-22 21:30:33 +01:00
Dr. Stephen Henson
f5ce8d6a61 update $default_depflags
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-07-22 21:12:25 +01:00
Andy Polyakov
0ae6ba18ab CHANGES: mention new platforms.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-07-22 20:18:06 +02:00
Billy Brumley
4ccc2c19e2 "EC_POINT_invert" was checking "dbl" function pointer instead of "invert".
PR#2569

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit cba11f57ce)
2014-07-21 22:28:09 +01:00
Tim Hudson
b5e611a973 Remove old unused and unmaintained demonstration code.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 62352b8138)
2014-07-22 07:26:55 +10:00
Andy Polyakov
a2f34441ab sha1-ppc.pl: shave off one cycle from BODY_20_39
and improve performance by 10% on POWER[78].

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 5c3598307e)
2014-07-21 15:30:59 +02:00
Tim Hudson
2be9425514 Minor documentation update removing "really" and a
statement of opinion rather than a fact.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit c8d133e4b6)
2014-07-21 20:25:14 +10:00
Dr. Stephen Henson
f284fc7cc3 Add test header to Makefile, update ordinals
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-20 20:50:38 +01:00
Andy Polyakov
c991d8ae8b Initial POWER8 support from development branch.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-20 14:36:49 +02:00
Dr. Stephen Henson
be12cb3e24 Fix documentation for RSA_set_method(3)
PR#1675
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 197400c3f0d617d71ad8167b52fb73046d334320)
2014-07-19 18:25:53 +01:00
Dr. Stephen Henson
4c05b1f8d6 Make *Final work for key wrap again.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 58f4698f67)
2014-07-17 23:31:11 +01:00
Dr. Stephen Henson
6e1e5996df Sanity check lengths for AES wrap algorithm.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit d12eef1501)
2014-07-17 12:58:42 +01:00
Jeffrey Walton
6ccd120f5f Fix typo, add reference.
PR#3456
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit d48e78f0cf)
2014-07-17 12:08:26 +01:00
Matt Caswell
ca818b322d Disabled XTS mode in enc utility as it is not supported
PR#3442

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2097a17c57)
2014-07-16 21:01:38 +01:00
Matt Caswell
b11c24110c Add Matt Caswell's fingerprint, and general update on the fingerprints file to bring it up to date
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 3bd548192a)
2014-07-15 23:22:49 +01:00
Dr. Stephen Henson
beac6cb5aa Clarify -Verify and PSK.
PR#3452
(cherry picked from commit ca2015a617)
2014-07-15 20:23:25 +01:00
Dr. Stephen Henson
666a597ffb Fix DTLS certificate requesting code.
Use same logic when determining when to expect a client
certificate for both TLS and DTLS.

PR#3452
(cherry picked from commit c8d710dc5f)
2014-07-15 18:23:35 +01:00
Dr. Stephen Henson
d4dbabb814 Don't allow -www etc options with DTLS.
The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.

PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)
2014-07-15 12:25:19 +01:00
Dr. Stephen Henson
c71e37aa6c Use case insensitive compare for servername.
PR#3445
(cherry picked from commit 1c3e9a7c67)
2014-07-14 23:59:58 +01:00
Hubert Kario
cdae9a58e6 document -nextprotoneg option in man pages
Add description of the option to advertise support of
Next Protocol Negotiation extension (-nextprotoneg) to
man pages of s_client and s_server.

PR#3444
(cherry picked from commit 7efd0e777e)
2014-07-14 23:43:21 +01:00
Dr. Stephen Henson
fa2b54c83a Use more common name for GOST key exchange.
(cherry picked from commit 7aabd9c92fe6f0ea2a82869e5171dcc4518cee85)
2014-07-14 18:31:55 +01:00
Matt Caswell
14b5d0d029 Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415

(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
2014-07-13 22:20:15 +01:00
Peter Mosmans
2fbd94252a Add names of GOST algorithms.
PR#3440
(cherry picked from commit 924e5eda2c)
2014-07-13 18:31:09 +01:00
Richard Levitte
5b9188454b * crypto/ui/ui_lib.c: misplaced brace in switch statement.
Detected by dcruette@qualitesys.com

(cherry picked from commit 8b5dd34091)
2014-07-13 19:13:38 +02:00
Ben Laurie
5e189b4b8d Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259).
(cherry picked from commit c1d1b0114e)
2014-07-10 17:49:53 +01:00
Matt Caswell
23bd628735 Fix memory leak in BIO_free if there is no destroy function.
Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com>

PR#3439

(cherry picked from commit 66816c53be)
2014-07-09 23:32:18 +01:00
Andy Polyakov
371feee876 x86_64 assembly pack: improve masm support.
(cherry picked from commit 1b0fe79f3e)
2014-07-09 22:46:13 +02:00
Andy Polyakov
f50f0c6aa3 Please Clang's sanitizer, addendum.
(cherry picked from commit d11c70b2c2)
2014-07-09 22:45:52 +02:00
Andy Polyakov
2064e2db08 Please Clang's sanitizer.
PR: #3424,#3423,#3422
(cherry picked from commit 021e5043e5)
2014-07-09 22:45:38 +02:00
Andy Polyakov
de222838fe apps/speed.c: fix compiler warnings in multiblock_speed().
(cherry picked from commit c4f8efab34)
2014-07-07 17:03:27 +02:00
Andy Polyakov
0ad2a0a303 sha[1|512]-x86_64.pl: fix logical errors with $shaext=0.
(cherry picked from commit 07b635cceb)
2014-07-07 17:02:00 +02:00
David Lloyd
2cb761c1f4 Prevent infinite loop loading config files.
PR#2985
(cherry picked from commit 9d23f422a3)
2014-07-07 13:54:11 +01:00
Viktor Dukhovni
3ebcecf5c4 Improve X509_check_host() documentation.
Based on feedback from Jeffrey Walton.

(cherry picked from commit b73ac02735)
2014-07-07 20:35:49 +10:00
Viktor Dukhovni
e83c913723 Update API to use (char *) for email addresses and hostnames
Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().

(cherry picked from commit 297c67fcd8)
2014-07-07 19:20:34 +10:00
Viktor Dukhovni
55fe56837a Set optional peername when X509_check_host() succeeds.
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.

(cherry picked from commit ced3d9158a)
2014-07-07 19:20:34 +10:00
Viktor Dukhovni
1eb57ae2b7 New peername element in X509_VERIFY_PARAM_ID
Declaration, memory management, accessor and documentation.

(cherry picked from commit 6e661d458f)
2014-07-07 19:20:34 +10:00
Viktor Dukhovni
41e3ebd5ab One more typo when changing !result to result <= 0
(cherry picked from commit eef1827f89)
2014-07-07 19:19:13 +10:00
Viktor Dukhovni
9624b50d51 Fix typo in last commit
(cherry picked from commit 90b70a6a6b)
2014-07-07 19:19:13 +10:00
Viktor Dukhovni
449d864515 Multiple verifier reference identities.
Implemented as STACK_OF(OPENSSL_STRING).

(cherry picked from commit 8abffa4a73)
2014-07-07 19:19:13 +10:00
Viktor Dukhovni
7f7e11ee5c Implement sk_deep_copy.
(cherry picked from commit 66d884f067)
2014-07-07 19:19:13 +10:00
Dr. Stephen Henson
43f534b986 Usage for -hack and -prexit -verify_return_error
(cherry picked from commit ee724df75d)
2014-07-06 22:45:20 +01:00
Dr. Stephen Henson
fbe8ea3abe Document certificate status request options.
(cherry picked from commit cba3f1c739)
2014-07-06 22:45:20 +01:00
Dr. Stephen Henson
affc941ea6 s_server usage for certificate status requests
(cherry picked from commit a44f219c00)
2014-07-06 22:45:20 +01:00
Dr. Stephen Henson
012f7474f7 Update ticket callback docs.
(cherry picked from commit a23a6e85d8)
2014-07-06 12:40:16 +01:00
Dr. Stephen Henson
5c1b373be6 Sanity check keylength in PVK files.
PR#2277
(cherry picked from commit 733a6c882e92f8221bd03a51643bb47f5f81bb81)
2014-07-06 00:36:14 +01:00
Jeffrey Walton
648a9f7c2f Added reference to platform specific cryptographic acceleration such as AES-NI 2014-07-06 00:04:09 +01:00
Matt Caswell
623acb90cc Fixed error in pod files with latest versions of pod2man
(cherry picked from commit 07255f0a76d9d349d915e14f969b9ff2ee0d1953)
2014-07-06 00:04:09 +01:00