wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9867 commits 20 branches 302 tags 153 MiB
Commit graph

9867 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ben Laurie
68b33cc5c7 Add Next Protocol Negotiation. 2011-11-13 21:55:42 +00:00
Ben Laurie
4c02cf8ecc make depend. 2011-11-13 20:23:34 +00:00
Ben Laurie
271daaf768 Fix one of the no-tlsext build errors (there are more). 2011-11-13 20:19:21 +00:00
Dr. Stephen Henson
efbb7ee432 PR: 1794 
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
 2011-11-13 13:13:14 +00:00
Andy Polyakov
6471ec71aa x86cpuid.pl: compensate for imaginary virtual machines [from HEAD]. 
PR: 2633
 2011-11-08 21:28:14 +00:00
Andy Polyakov
cb45708061 x86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs. 
PR: 2633
 2011-11-05 10:44:25 +00:00
Andy Polyakov
02597f2885 ppc.pl: fix bug in bn_mul_comba4 [from HEAD]. 
PR: 2636
Submitted by: Charles Bryant
 2011-11-05 10:16:30 +00:00
Richard Levitte
8c6a514edf Add missing algorithms to disable, and in particular, disable 
EC_NISTP_64_GCC_128 by default, as GCC isn't currently supported on
VMS.  Add CMAC to the modules to build, and synchronise with Unix.
 2011-10-30 11:45:30 +00:00
Richard Levitte
7f3fdab793 Teach mkshared.com to have a look for disabled algorithms in opensslconf.h 2011-10-30 11:40:56 +00:00
Dr. Stephen Henson
5372f5f989 PR: 2628 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
 2011-10-27 13:06:43 +00:00
Dr. Stephen Henson
6d24c09a69 PR: 2628 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix for ECC keys and DTLS.
 2011-10-27 13:01:20 +00:00
Dr. Stephen Henson
a8d72c79db PR: 2632 
Submitted by: emmanuel.azencot@bull.net
Reviewed by: steve

Return -1 immediately if not affine coordinates as BN_CTX has not been
set up.
 2011-10-26 16:43:23 +00:00
Dr. Stephen Henson
1f713e0106 Use correct tag for SRP username. 2011-10-25 12:52:47 +00:00
Dr. Stephen Henson
03f84c8260 Update error codes for FIPS. 
Add support for authentication in FIPS_mode_set().
 2011-10-21 13:04:27 +00:00
Dr. Stephen Henson
6d5eb464c9 Recognise new ECC option (from HEAD). 2011-10-21 12:53:07 +00:00
Bodo Möller
67f8de9ab8 "make update" 2011-10-19 15:24:44 +00:00
Bodo Möller
2d95ceedc5 BN_BLINDING multi-threading fix. 
Submitted by: Emilia Kasper (Google)
 2011-10-19 14:58:59 +00:00
Bodo Möller
6526d765fc Fix indentation 2011-10-19 09:24:05 +00:00
Bodo Möller
3d520f7c2d Fix warnings. 
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
 2011-10-19 08:58:35 +00:00
Bodo Möller
9c37519b55 Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and 
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.
 2011-10-18 19:43:54 +00:00
Dr. Stephen Henson
7e9cfcd0dc Recognise no-rsax option. 2011-10-15 13:22:26 +00:00
Andy Polyakov
a99ce1f5b1 e_aes.c: fix bug in aesni_gcm_tls_cipher [in HEAD]. 2011-10-14 09:34:14 +00:00
Andy Polyakov
42660b3cf1 aesni-x86[_64].pl: pull from HEAD. 2011-10-14 09:21:03 +00:00
Bodo Möller
f30258c439 use -no_ecdhe when using -no_dhe 2011-10-13 15:07:05 +00:00
Bodo Möller
93ff4c69f7 Make CTR mode behaviour consistent with other modes: 
clear ctx->num in EVP_CipherInit_ex

Submitted by: Emilia Kasper
 2011-10-13 13:42:29 +00:00
Bodo Möller
79571bb1ca Clarify warning 2011-10-13 13:25:03 +00:00
Bodo Möller
f72c1a58cb In ssl3_clear, preserve s3->init_extra along with s3->rbuf. 
Submitted by: Bob Buckholz <bbuckholz@google.com>
 2011-10-13 13:05:35 +00:00
Dr. Stephen Henson
2461396f69 For now disable RSAX ENGINE for FIPS builds: it sets a non-FIPS RSA 
method which stops FIPS mode working.
 2011-10-13 11:43:44 +00:00
Dr. Stephen Henson
81a071df2f increase test RSA key size to 1024 bits 2011-10-12 21:55:42 +00:00
Dr. Stephen Henson
6841abe842 update pkey method initialisation and copy 2011-10-11 18:16:02 +00:00
Dr. Stephen Henson
cb70355d87 Backport ossl_ssize_t type from HEAD. 2011-10-10 22:33:50 +00:00
Dr. Stephen Henson
b17442bb04 def_rsa_finish not used anymore. 2011-10-10 20:34:17 +00:00
Dr. Stephen Henson
4874e235fb fix leak properly this time... 2011-10-10 14:09:05 +00:00
Dr. Stephen Henson
06afa6eb94 add GCM ciphers in SSL_library_init 2011-10-10 12:56:11 +00:00
Dr. Stephen Henson
58e4205d6c disable GCM if not available 2011-10-10 12:40:13 +00:00
Dr. Stephen Henson
733394d6dd Add some entries for 1.0.1 in NEWS. 2011-10-10 00:27:52 +00:00
Dr. Stephen Henson
2de9558dea sync NEWS with 1.0.0 branch 2011-10-10 00:23:14 +00:00
Dr. Stephen Henson
6bd173fced Don't disable TLS v1.2 by default any more. 2011-10-09 23:28:25 +00:00
Dr. Stephen Henson
6b00cd746a Update ordinals. 2011-10-09 23:14:20 +00:00
Dr. Stephen Henson
9309ea6617 Backport PSS signature support from HEAD. 2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
05c9e3aea5 fix CHANGES entry 2011-10-09 23:11:09 +00:00
Dr. Stephen Henson
88bac3e664 fix memory leaks 2011-10-09 23:09:22 +00:00
Dr. Stephen Henson
5473b6bc2f Fix memory leak. From HEAD. 2011-10-09 16:04:17 +00:00
Dr. Stephen Henson
38e408076e Update ordinals. 2011-10-09 15:28:52 +00:00
Dr. Stephen Henson
dc100d87b5 Backport of password based CMS support from HEAD. 2011-10-09 15:28:02 +00:00
Dr. Stephen Henson
6f6b31dadc PR: 2482 
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
 2011-10-09 00:56:43 +00:00
Dr. Stephen Henson
b08b158b44 use client version when eliminating TLS v1.2 ciphersuites in client hello 2011-10-07 15:07:36 +00:00
Dr. Stephen Henson
177f27d71e ? crypto/aes/aes-armv4.S 
? crypto/aes/aesni-sha1-x86_64.s
? crypto/aes/aesni-x86_64.s
? crypto/aes/foo.pl
? crypto/aes/vpaes-x86_64.s
? crypto/bn/.bn_lib.c.swp
? crypto/bn/armv4-gf2m.S
? crypto/bn/diffs
? crypto/bn/modexp512-x86_64.s
? crypto/bn/x86_64-gf2m.s
? crypto/bn/x86_64-mont5.s
? crypto/ec/bc.txt
? crypto/ec/diffs
? crypto/modes/a.out
? crypto/modes/diffs
? crypto/modes/ghash-armv4.S
? crypto/modes/ghash-x86_64.s
? crypto/modes/op.h
? crypto/modes/tst.c
? crypto/modes/x.h
? crypto/objects/.obj_xref.txt.swp
? crypto/rand/diffs
? crypto/sha/sha-512
? crypto/sha/sha1-armv4-large.S
? crypto/sha/sha256-armv4.S
? crypto/sha/sha512-armv4.S
Index: crypto/objects/obj_xref.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v
retrieving revision 1.9
diff -u -r1.9 obj_xref.c
--- crypto/objects/obj_xref.c	5 Nov 2008 18:38:58 -0000	1.9
+++ crypto/objects/obj_xref.c	6 Oct 2011 20:30:21 -0000
@@ -110,8 +110,10 @@
 #endif
 	if (rv == NULL)
 		return 0;
-	*pdig_nid = rv->hash_id;
-	*ppkey_nid = rv->pkey_id;
+	if (pdig_nid)
+		*pdig_nid = rv->hash_id;
+	if (ppkey_nid)
+		*ppkey_nid = rv->pkey_id;
 	return 1;
 	}

@@ -144,7 +146,8 @@
 #endif
 	if (rv == NULL)
 		return 0;
-	*psignid = (*rv)->sign_id;
+	if (psignid)
+		*psignid = (*rv)->sign_id;
 	return 1;
 	}

Index: crypto/x509/x509type.c
===================================================================
RCS file: /v/openssl/cvs/openssl/crypto/x509/x509type.c,v
retrieving revision 1.10
diff -u -r1.10 x509type.c
--- crypto/x509/x509type.c	26 Oct 2007 12:06:33 -0000	1.10
+++ crypto/x509/x509type.c	6 Oct 2011 20:36:04 -0000
@@ -100,20 +100,26 @@
 		break;
 		}

-	i=X509_get_signature_type(x);
-	switch (i)
+	i=OBJ_obj2nid(x->sig_alg->algorithm);
+	if (i && OBJ_find_sigid_algs(i, NULL, &i))
 		{
-	case EVP_PKEY_RSA:
-		ret|=EVP_PKS_RSA;
-		break;
-	case EVP_PKEY_DSA:
-		ret|=EVP_PKS_DSA;
-		break;
-	case EVP_PKEY_EC:
-		ret|=EVP_PKS_EC;
-		break;
-	default:
-		break;
+
+		switch (i)
+			{
+		case NID_rsaEncryption:
+		case NID_rsa:
+			ret|=EVP_PKS_RSA;
+			break;
+		case NID_dsa:
+		case NID_dsa_2:
+			ret|=EVP_PKS_DSA;
+			break;
+		case NID_X9_62_id_ecPublicKey:
+			ret|=EVP_PKS_EC;
+			break;
+		default:
+			break;
+			}
 		}

 	if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
 2011-10-06 20:45:08 +00:00
Dr. Stephen Henson
928bd9a149 fix signed/unsigned warning 2011-09-26 17:04:41 +00:00
Dr. Stephen Henson
e53113b8ac make sure eivlen is initialised 2011-09-24 23:06:35 +00:00