Commit graph

12404 commits

Author SHA1 Message Date
Andy Polyakov
569e2d1257 crypto/bn/asm/x86_64-mont*.pl: add missing clang detection.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:44:51 +02:00
Andy Polyakov
847147908b Configure: engage ECP_NISTZ256.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:38:57 +02:00
Andy Polyakov
4d3fa06fce Add ECP_NISTZ256 by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:37:41 +02:00
Andy Polyakov
f54be179aa Reserve option to use BN_mod_exp_mont_consttime in ECDSA.
Submitted by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:13:20 +02:00
Andy Polyakov
902b30df19 perlasm/x86_64-xlate.pl: handle inter-bank movd.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:06:00 +02:00
Rich Salz
6f46c3c3b0 RT2772 update: c_rehash was broken
Move the readdir() lines out of the if statement, so
that flist is available globally.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-11 13:08:30 -04:00
Rich Salz
cb4bb56bae RT3271 update; extra; semi-colon; confuses; some;
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2014-09-10 15:08:40 -04:00
Rich Salz
b2aa38a980 RT2560: missing NULL check in ocsp_req_find_signer
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-10 12:18:50 -04:00
Rich Salz
468ab1c20d RT2196: Clear up some README wording
Say where to email bug reports.
Mention general RT tracker info in a separate paragraph.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-09 17:48:27 -04:00
Matt Caswell
eb63bce040 RT3192: spurious error in DSA verify
This is funny; Ben commented in the source, Matt opend a ticket,
and Rich is doing the submit.  Need more code-review? :)

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-09 17:10:15 -04:00
Rich Salz
c939cca1a3 Merge branch 'master' of git.openssl.org:openssl
Previous commit was reviewed by Geoff, not Stephen:
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-09-09 17:06:50 -04:00
Rich Salz
843921f298 RT3271: Don't use "if !" in shell lines
For portability don't use "if ! expr"

Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-09-09 17:06:14 -04:00
Rich Salz
b999f66e34 RT3271: Don't use "if !" in shell lines
For portability don't use "if ! expr"

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-09 17:05:28 -04:00
Geoff Keating
1f18f50c4b RT1909: Omit version for v1 certificates
When calling X509_set_version to set v1 certificate, that
should mean that the version number field is omitted.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-09 15:15:45 -04:00
Kurt Cancemi
4eadd11cd9 RT3506: typo's in ssltest
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-09 13:57:58 -04:00
Paul Suhler
4cd1119df3 RT2841: Extra return in check_issued
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 18:50:07 -04:00
Kurt Roeckx
44e0c2bae4 RT2626: Change default_bits from 1K to 2K
This is a more comprehensive fix.  It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1.  This is from
Kurt's upstream Debian changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2014-09-08 17:21:04 -04:00
Rich Salz
5f855569c4 RT2600: Change Win line-endings to Unix.
For consistency.

Reviewed-by: Bodo Moeller <bodo@openssl.org>
2014-09-08 16:40:24 -04:00
Matthias Andree
a787c2590e RT2272: Add old-style hash to c_rehash
In addition to Matthias's change, I also added -n to
not remove links. And updated the manpage.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-08 11:34:44 -04:00
Bjoern Zeeb
6452a139fe RT671: export(i2s|s2i|i2v|v2i)_ASN1_(IA5|BIT)STRING
The EXT_BITSTRING and EXT_IA5STRING are defined in x509v3.h, but
the low-level functions are not public. They are useful, no need
to make them static. Note that BITSTRING already was exposed since
this RT was created, so now we just export IA5STRING functions.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-08 11:27:07 -04:00
Rich Salz
e9edfc4196 RT468: SSL_CTX_sess_set_cache_size wrong
The documentation is wrong about what happens when the
session cache fills up.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-08 11:26:03 -04:00
Erik Auerswald
af4c6e348e RT3301: Discard too-long heartbeat requests
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-08 11:22:35 -04:00
Dario B
98ecf60ba6 RT3291: Add -crl and -revoke options to CA.pl
I added some error-checking while integrating this patch.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-08 11:21:17 -04:00
Scott Schaefer
fe7573042f RT2518: fix pod2man errors
pod2man now complains when item tags are not sequential.
Also complains about missing =back and other tags.
Silence the warnings; most were already done.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-08 11:18:30 -04:00
Rich Salz
2afb29b480 RT992: RSA_check_key should have a callback arg
The original RT request included a patch.  By the time
we got around to doing it, however, the callback scheme
had changed. So I wrote a new function RSA_check_key_ex()
that uses the BN_GENCB callback.  But thanks very much
to Vinet Sharma <vineet.sharma@gmail.com> for the
initial implementation.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 11:11:49 -04:00
Rich Salz
be0bd11d69 RT3108: OPENSSL_NO_SOCK should imply OPENSSL_NO_DGRAM
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 11:07:45 -04:00
Robin Lee
83e4e03eeb RT3031: Need to #undef some names for win32
Copy the ifdef/undef stanza from x509.h to x509v3.h

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 11:05:48 -04:00
Rich Salz
3173622ef6 RT2849: Redundant check of "dsa" variable.
In the current code, the check isn't redundant.
And in fact the REAL check was missing.
This avoids a NULL-deref crash.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 10:53:59 -04:00
Martin Olsson
683cd7c948 RT2843: Remove another spurious close-comment token
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 10:52:00 -04:00
Martin Olsson
6b0dc6eff1 RT2842: Remove spurious close-comment marker.
Also, I (rsalz) changed "#ifdef undef" to "#if 0"

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 10:50:08 -04:00
Rich Salz
76e8671c5a Merge branch 'master' of git.openssl.org:openssl
empty merge; script hiccup.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 10:46:05 -04:00
Rich Salz
4f13dabe72 RT1834: Fix PKCS7_verify return value
The function returns 0 or 1, only.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 10:43:08 -04:00
Rich Salz
b0e659cfac RT1832: Fix PKCS7_verify return value
The function returns 0 or 1, only.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 10:38:29 -04:00
Alon Bar-Lev
8842987e5a RT1771: Add string.h include.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 10:37:28 -04:00
Viktor Dkhovni
5a8addc432 RT1325,2973: Add more extensions to c_rehash
Regexp was bracketed wrong.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-07 18:24:15 -04:00
Emilia Kasper
2f32016bb9 make update
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-09-05 17:19:36 +02:00
Emilia Kasper
95b1752cc7 Add i2d_re_X509_tbs
i2d_re_X509_tbs re-encodes the TBS portion of the certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-09-05 17:18:06 +02:00
Dr. Stephen Henson
b2774f6e17 Add CHANGES entry for SCT viewer code.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-09-05 13:44:18 +01:00
Dr. Stephen Henson
b0bbe49360 sync ordinals with 1.0.2
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-05 13:44:18 +01:00
Adam Langley
be0d851732 psk_client_callback, 128-byte id bug.
Fix a bug in handling of 128 byte long PSK identity in
psk_client_callback.

OpenSSL supports PSK identities of up to (and including) 128 bytes in
length. PSK identity is obtained via the psk_client_callback,
implementors of which are expected to provide a NULL-terminated
identity. However, the callback is invoked with only 128 bytes of
storage thus making it impossible to return a 128 byte long identity and
the required additional NULL byte.

This CL fixes the issue by passing in a 129 byte long buffer into the
psk_client_callback. As a safety precaution, this CL also zeroes out the
buffer before passing it into the callback, uses strnlen for obtaining
the length of the identity returned by the callback, and aborts the
handshake if the identity (without the NULL terminator) is longer than
128 bytes.

(Original patch amended to achieve strnlen in a different way.)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-05 12:21:44 +02:00
Richard Levitte
360928b7d0 Followup on RT3334 fix: make sure that a directory that's the empty
string returns 0 with errno = ENOENT.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-09-03 21:57:44 +02:00
Phil Mesnier
6a14fe7576 RT3334: Fix crypto/LPdir_win.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-09-03 21:56:40 +02:00
Clang via Jeffrey Walton
0ff3687eab RT3140: Possibly-unit variable in pem_lib.c
Can't really happen, but the flow of control isn't obvious.
Add an initializer.

Reviewed-by: Matt Caswell <matt@openssl.org>
2014-09-02 23:37:17 -04:00
Emilia Kasper
86f50b36e6 Make the inline const-time functions static.
"inline" without static is not correct as the compiler may choose to ignore it
and will then either emit an external definition, or expect one.

Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-09-02 15:21:01 +02:00
Kurt Cancemi
b0426a0f8c RT3508: Remove unused variable introduced by b09eb24
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-31 23:43:37 -04:00
Adam Williamson
3aba132d61 RT3511: doc fix; req default serial is random
RT842, closed back in 2004, changed the default serial number
to be a random number rather than zero.  Finally time to update
the doc

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-31 23:40:56 -04:00
Rich Salz
9fc8dc5469 Add explanatory note to crypto/store/README
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-08-31 15:27:17 -04:00
TANABE Hiroyasu
80ec8d4e3e RT1325,2973: Add more extensions to c_rehash
Add .crt/.cer/.crl to the filenames parsed.

I also updated the podpage (since it didn't exist when
this ticket was first created, nor when it was re-created
seven years later).

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-31 00:36:09 -04:00
Andy Polyakov
6019cdd327 Configure: add configuration for crypto/ec/asm extensions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-30 19:22:51 +02:00
Andy Polyakov
4d86e8df6b md5-x86_64.pl: work around warning.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-30 19:17:09 +02:00