Dr. Stephen Henson
6006e352ad
Make EVP_Digest* work again.
2014-06-30 13:59:29 +01:00
Dr. Stephen Henson
2af68ef774
Don't core dump when using CMAC with dgst.
...
We can't unfortunately print the CMAC cipher used without extending the API.
PR#2579
(cherry picked from commit 79e31a2842e10271581cbfdaae0145dd4bd35107)
2014-06-29 23:44:44 +01:00
Dr. Stephen Henson
df401f4796
Make CMAC work with EVP_PKEY.
...
Add patch originally accidentally omitted to allow CMAC to work with
EVP_PKEY APIs.
2014-06-29 23:44:44 +01:00
Jeffrey Walton
3875ee59ba
Clarified that the signature's buffer size, s
, is not used as an
...
IN parameter.
Under the old docs, the only thing stated was "at most
EVP_PKEY_size(pkey) bytes will be written". It was kind of misleading
since it appears EVP_PKEY_size(pkey) WILL be written regardless of the
signature's buffer size.
(cherry picked from commit 6e6ba36d98
)
2014-06-29 23:36:22 +01:00
ZNV
14183e50e7
Make EVP_CIPHER_CTX_copy work in GCM mode.
...
PR#3272
(cherry picked from commit 370bf1d708
)
2014-06-29 22:02:23 +01:00
Dr. Stephen Henson
15de0f609c
Fix memory leak.
...
PR#2531
(cherry picked from commit 44724beead
)
2014-06-29 13:51:57 +01:00
Ken Ballou
4824e7d6e9
Typo.
...
PR#3173
(cherry picked from commit 76ed5a42ea
)
2014-06-29 13:39:20 +01:00
Dr. Stephen Henson
a3b8cd242a
Show errors on CSR verification failure.
...
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.
PR#2875
(cherry picked from commit a30bdb55d1
)
2014-06-29 13:34:25 +01:00
Dr. Stephen Henson
d1cc95f781
Make no-ssl3 no-ssl2 do more sensible things.
...
(cherry picked from commit 7ae6a4b659
)
2014-06-29 03:05:21 +01:00
Dr. Stephen Henson
6d02baf6ab
Clarify protocols supported.
...
Update protocols supported and note that SSLv2 is effectively disabled
by default.
PR#3184
(cherry picked from commit 1b13a4f38dfc385d5e776f6b3e06c5795874cf9b)
2014-06-29 00:07:07 +01:00
Andy Polyakov
377551b9c4
x86_64 assembly pack: refine clang detection.
...
(cherry picked from commit a356e488ad
)
Resolved conflicts:
crypto/bn/asm/rsaz-avx2.pl
2014-06-28 17:26:03 +02:00
Dr. Stephen Henson
361fd136e9
Typo.
...
PR#3107
(cherry picked from commit 7c206db928
)
2014-06-28 12:42:59 +01:00
Dr. Stephen Henson
4950a528ce
Don't disable state strings with no-ssl2
...
Some state strings were erronously not compiled when no-ssl2
was set.
PR#3295
(cherry picked from commit 0518a3e19e
)
2014-06-28 00:56:27 +01:00
yogesh nagarkar
00ab230a3f
Fix compilation with -DSSL_DEBUG -DTLS_DEBUG -DKSSL_DEBUG
...
PR#3141
(cherry picked from commit d183545d45
)
2014-06-28 00:41:31 +01:00
Andreas Westfeld
e99980e8fd
Fix typo in ideatest.c
...
(cherry picked from commit d1d4382dcb
)
2014-06-28 00:06:32 +01:00
Ken Ballou
ec77f276e1
Remove redundant check.
...
PR#3174
(cherry picked from commit fd331c0bb9b557903dd2ce88398570a3327b5ef0)
2014-06-27 23:19:37 +01:00
Dr. Stephen Henson
d0ba994483
Fix for EVP_PBE_alg_add().
...
In EVP_PBE_alg_add don't use the underlying NID for the cipher
as it may have a non-standard key size.
PR#3206
(cherry picked from commit efb7caef637a1de8468ca109efd355a9d0e73a45)
2014-06-27 23:19:37 +01:00
Andy Polyakov
52f856526c
x86_64 assembly pack: addendum to last clang commit.
...
(cherry picked from commit 7eb0488280
)
2014-06-27 22:55:22 +02:00
Andy Polyakov
912f08dd5e
x86_64 assembly pack: allow clang to compile AVX code.
...
(cherry picked from commit ac171925ab
)
2014-06-27 22:55:07 +02:00
Andy Polyakov
1067663d85
bn/asm/rsaz-avx2.pl: fix occasional failures.
...
(cherry picked from commit 406d4af050
)
2014-06-27 22:43:43 +02:00
Dr. Stephen Henson
22228d2d40
Tolerate critical AKID in CRLs.
...
PR#3014
(cherry picked from commit 11da66f8b1
)
2014-06-27 18:50:19 +01:00
Tom Greenslade
c57745596c
Handle IPv6 addresses in OCSP_parse_url.
...
PR#2783
(cherry picked from commit b36f35cda9
)
2014-06-27 17:31:37 +01:00
Dr. Stephen Henson
65e4dca40c
Rebuild OID table.
2014-06-27 16:58:41 +01:00
Dr. Stephen Henson
ff4cfc4c58
Fix OID encoding for one component.
...
OIDs with one component don't have an encoding.
PR#2556 (Bug#1)
(cherry picked from commit 95791bf941
)
2014-06-27 16:58:16 +01:00
Tomas Mraz
f4623ab996
Don't advertise ECC ciphersuits in SSLv2 compatible client hello.
...
PR#3374
(cherry picked from commit 0436369fcc
)
2014-06-27 16:52:00 +01:00
Jeffrey Walton
6ef350952c
Clarify docs.
...
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.
PR#3409
(cherry picked from commit 0535c2d67c
)
2014-06-27 16:39:39 +01:00
Dr. Stephen Henson
e42c208235
Memory leak and NULL dereference fixes.
...
PR#3403
(cherry picked from commit d2aea03829
)
2014-06-27 14:52:36 +01:00
Dr. Stephen Henson
e86951ca2a
Remove ancient obsolete files under pkcs7.
...
(cherry picked from commit 7be6b27aaf
)
2014-06-27 13:53:23 +01:00
Huzaifa Sidhpurwala
b7a4f98b15
Make sure BN_sqr can never return a negative value.
...
PR#3410
(cherry picked from commit e14e764c0d5d469da63d0819c6ffc0e1e9e7f0bb)
2014-06-26 23:56:32 +01:00
Andy Polyakov
82a9dafe32
bn_exp.c: move check for AD*X to rsaz-avx2.pl.
...
This ensures high performance is situations when assembler supports
AVX2, but not AD*X.
(cherry picked from commit f3f620e1e0
)
Resolved conflicts:
crypto/bn/asm/rsaz-avx2.pl
2014-06-27 00:36:05 +02:00
Andy Polyakov
1536bcfd56
aesv8-armx.pl: rigid input verification in key setup.
...
(cherry picked from commit 7b8c8c4d79
)
2014-06-25 22:12:08 +02:00
Viktor Dukhovni
3fc0b1edad
X509_check_mumble() failure is <= 0, not just 0
...
(cherry picked from commit a48fb0400c
)
2014-06-25 18:21:36 +01:00
Viktor Dukhovni
3d15d58e55
More complete input validation of X509_check_mumble
...
(cherry picked from commit 29edebe95c
)
2014-06-25 18:21:35 +01:00
Viktor Dukhovni
d93edc0aab
Drop hostlen from X509_VERIFY_PARAM_ID.
...
Just store NUL-terminated strings. This works better when we add
support for multiple hostnames.
(cherry picked from commit b3012c698a
)
2014-06-25 18:21:35 +01:00
Viktor Dukhovni
609daababb
More complete X509_check_host documentation.
...
(cherry picked from commit d241b80409
)
2014-06-25 18:21:35 +01:00
Andy Polyakov
a073ceeff4
aesv8-armx.pl: inclrease interleave factor.
...
This is to compensate for higher aes* instruction latency on Cortex-A57.
(cherry picked from commit 015364baf3
)
2014-06-24 08:10:37 +02:00
Andy Polyakov
5cd8ce42ec
ARMv8 assembly pack: add Cortex performance numbers.
...
(cherry picked from commit 0f777aeb50
)
2014-06-24 08:07:04 +02:00
Miod Vallat
d15f2d98ef
Fix off-by-one errors in ssl_cipher_get_evp()
...
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.
Bug discovered and fixed by Miod Vallat from the OpenBSD team.
PR#3375
2014-06-22 23:18:15 +01:00
Matt Caswell
00f5ee445b
Revert "Fix off-by-one errors in ssl_cipher_get_evp()"
...
This reverts commit 3d86077427
.
Incorrect attribution.
2014-06-22 23:17:40 +01:00
Matt Caswell
e7911530a9
Fixed Windows compilation failure
2014-06-22 20:18:09 +02:00
Richard Levitte
6ff73426c3
Make sure test/tests.com exit gracefully, even when openssl.exe wasn't
...
properly built.
2014-06-18 13:43:10 +02:00
Richard Levitte
a61e509e9b
Adjust VMS build to Unix build. Most of all, make it so the disabled
...
algorithms MD2 and RC5 don't get built.
Also, disable building the test apps in crypto/des and crypto/pkcs7, as
they have no support at all.
2014-06-18 13:43:09 +02:00
Felix Laurie von Massenbach
1b823494de
Fix signed/unsigned comparisons.
...
(cherry picked from commit 50cc4f7b3d
)
2014-06-17 18:38:36 +01:00
Felix Laurie von Massenbach
6657e68bf2
Fix shadow declaration.
...
(cherry picked from commit 1f61d8b5b1
)
2014-06-17 18:36:48 +01:00
Richard Levitte
23351c607b
Remove unused DANE macros. This should be the last DANE stuff...
2014-06-17 12:38:20 +02:00
Richard Levitte
9a6112d16a
DCL doesn't do well with empty lines, or lines starting with #
2014-06-16 13:25:16 +02:00
Richard Levitte
b9c0dae28e
Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces
2014-06-16 13:25:16 +02:00
Andy Polyakov
d940b3b9c7
aesni-sha[1|256]-x86_64.pl: fix logical error and MacOS X build.
...
(cherry picked from commit 9024b84b7c
)
2014-06-16 10:12:56 +02:00
Viktor Dukhovni
cfbc10fb32
Enforce _X509_CHECK_FLAG_DOT_SUBDOMAINS internal-only
...
(cherry picked from commit d435e23959f1c2cb4feadbfba9ad884c59f37db9)
2014-06-14 22:31:28 +01:00
Dr. Stephen Henson
90d94ce39e
Accept CCS after sending finished.
...
Allow CCS after finished has been sent by client: at this point
keys have been correctly set up so it is OK to accept CCS from
server. Without this renegotiation can sometimes fail.
PR#3400
(cherry picked from commit 99cd6a91fcb0931feaebbb4832681d40a66fad41)
2014-06-14 22:31:28 +01:00