Commit graph

10725 commits

Author SHA1 Message Date
Andy Polyakov
729d334106 crypto/sha/asm/sha1-x86_64.pl: jumbo update from master. 2014-02-01 21:24:55 +01:00
Ben Laurie
cacdfcb247 Add more accessors. 2014-02-01 18:30:23 +00:00
Ben Laurie
519ad9b384 Add accessor for x509.cert_info. 2014-02-01 18:30:23 +00:00
Ben Laurie
7b2d785d20 Fix warning. 2014-01-29 17:57:32 +01:00
Dr. Stephen Henson
f2d678e6e8 Clarify docs.
Remove reference to ERR_TXT_MALLOCED in the error library as that is
only used internally. Indicate that returned error data must not be
freed.
2014-01-29 00:59:35 +00:00
Dr. Stephen Henson
448e9b7cf1 typo
(cherry picked from commit cb2182676b)
2014-01-28 15:36:15 +00:00
Dr. Stephen Henson
2c4c9867e7 Fix demo comment: 0.9.9 never released.
(cherry picked from commit 717cc85895)
2014-01-28 15:17:32 +00:00
Dr. Stephen Henson
a99540a6de Check i before r[i].
PR#3244
(cherry picked from commit 9614d2c676)
2014-01-28 15:14:47 +00:00
Dr. Stephen Henson
9614ed695d Add loaded dynamic ENGINEs to list.
Always add a dynamically loaded ENGINE to list. Otherwise it can cause
problems when multiply loaded, especially if it adds new public key methods.
For all current engines we only want a single implementation anyway.
(cherry picked from commit e933f91f50)
2014-01-28 13:57:14 +00:00
Dr. Stephen Henson
aabfee601e Certificate callback doc.
(cherry picked from commit 46ab9bbd7f)
2014-01-28 13:38:55 +00:00
Dr. Stephen Henson
cee1d9e02f make update 2014-01-27 14:59:46 +00:00
Dr. Stephen Henson
285f7fb0f9 Add cert callback retry test.
(cherry picked from commit 3323314fc1)
2014-01-27 14:41:38 +00:00
Dr. Stephen Henson
ede90b1121 Support retries in certificate callback
(cherry picked from commit 0ebc965b9c)

Conflicts:

	ssl/s3_srvr.c
	ssl/ssl3.h
2014-01-27 14:41:38 +00:00
Dr. Stephen Henson
5e7329d156 Compare encodings in X509_cmp as well as hash.
(cherry picked from commit ec492c8a5a)
2014-01-27 14:33:10 +00:00
Dr. Stephen Henson
9f1979b94a New function to set compression methods so they can be safely freed.
(cherry picked from commit cbb6744827)
2014-01-27 14:32:44 +00:00
Dr. Stephen Henson
3fcf327e26 Add -engine_impl option to dgst which will use an implementation of
an algorithm from the supplied engine instead of just the default one.
(cherry picked from commit bb845ee044)
2014-01-23 18:35:42 +00:00
Dr. Stephen Henson
3f4742b48c make update 2014-01-23 17:13:37 +00:00
Dr. Stephen Henson
c4f01c533b Add new function SSL_CTX_get_ssl_method().
Partial fix for PR#3183.
(cherry picked from commit ba168244a1)
2014-01-16 14:08:42 +00:00
Kaspar Brand
b7a8550988 Omit initial status request callback check.
PR#3178
(cherry picked from commit d0b039d4a3)
2014-01-16 13:48:23 +00:00
Zoltan Arpadffy
e775891708 VMS fixes 2014-01-11 22:44:04 +00:00
Jeff Trawick
ae6fbb5df0 typo
(cherry picked from commit 5edce5685f)
2014-01-10 23:02:46 +00:00
Jeff Trawick
f9c1f03754 typo
(cherry picked from commit 4b64e0cbdb)
2014-01-10 23:02:20 +00:00
Dr. Stephen Henson
50701af9d5 Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling.
(cherry picked from commit 8f4077ca69)
2014-01-09 22:53:50 +00:00
Dr. Stephen Henson
1d6af3d430 update NEWS 2014-01-09 22:50:07 +00:00
Andy Polyakov
392fd8f89c bn/asm/x86_64-mont5.pl: fix compilation error on Solaris.
(cherry picked from commit eedab5241e)
2014-01-09 13:47:53 +01:00
Dr. Stephen Henson
802db0fab2 Sync CHANGES 2014-01-07 15:41:11 +00:00
Dr. Stephen Henson
2f972419a3 Add fix for CVE-2013-4353 2014-01-07 15:41:11 +00:00
Dr. Stephen Henson
a05a2c67ef Update NEWS. 2014-01-07 15:41:04 +00:00
Andy Polyakov
e34140620e sha/asm/sha256-armv4.pl: add NEON code path.
(and shave off cycle even from integer-only code)
(cherry picked from commit ad0d2579cf)
2014-01-04 18:06:36 +01:00
Andy Polyakov
acd9121085 aesni-sha1-x86_64.pl: harmonize [Atom-specific optimizations] with master branch. 2014-01-04 17:42:13 +01:00
Dr. Stephen Henson
b17d6b8d1d Restore SSL_OP_MSIE_SSLV2_RSA_PADDING
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
0.9.7h but deleting it will break source compatibility with any software
that references it. Restore it but #define to zero.
2014-01-04 13:58:51 +00:00
Dr. Stephen Henson
b9fa413a08 Use algorithm specific chains for certificates.
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.

Update docs.
(cherry picked from commit a4339ea3ba)

Conflicts:

	CHANGES
2014-01-03 22:45:20 +00:00
Andy Polyakov
4abe148444 ssl/t1_enc.c: optimize PRF (suggested by Intel).
(cherry picked from commit e8b0dd57c0)
2014-01-03 21:56:03 +01:00
Dr. Stephen Henson
04d6940436 update NEWS 2014-01-02 19:12:47 +00:00
Dr. Stephen Henson
8511b5f594 Don't change version number if session established
When sending an invalid version number alert don't change the
version number to the client version if a session is already
established.

Thanks to Marek Majkowski for additional analysis of this issue.

PR#3191
(cherry picked from commit b77b58a398)
2014-01-02 15:07:51 +00:00
Dr. Stephen Henson
546d6760b9 Update curve list size. 2013-12-29 16:30:34 +00:00
Andy Polyakov
ccbb8d5e95 sparcv9cap.c: omit random detection.
PR: 3202
(cherry picked from commit 926725b3d7)
2013-12-28 13:32:45 +01:00
Andy Polyakov
d7d7e7b038 ARM assembly pack: make it work with older toolchain.
(cherry picked from commit 2218c296b4)
2013-12-28 12:18:11 +01:00
Dr. Stephen Henson
80b6d97585 Fix DTLS retransmission from previous session.
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1)
2013-12-20 23:25:41 +00:00
Dr. Stephen Henson
ff64ab32ae Ignore NULL parameter in EVP_MD_CTX_destroy.
(cherry picked from commit a6c62f0c25)
2013-12-20 23:24:26 +00:00
Andy Polyakov
fc9c9e47f7 sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes.
(and ensure stack alignment in the process)
(cherry picked from commit fc0503a25c)
2013-12-18 22:57:14 +01:00
Andy Polyakov
68e6ac4379 evp/e_[aes|camellia].c: fix typo in CBC subroutine.
It worked because it was never called.
(cherry picked from commit e9c80e04c1)
2013-12-18 22:56:24 +01:00
Andy Polyakov
e34b7e99fd sha512.c: fullfull implicit API contract in SHA512_Transform.
SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.
(cherry picked from commit cdd1acd788)
2013-12-18 22:56:00 +01:00
Dr. Stephen Henson
a32ba49352 Check EVP errors for handshake digests.
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f)
2013-12-18 13:27:15 +00:00
Dr. Stephen Henson
3a0c71541b verify parameter enumeration functions
(cherry picked from commit 9b3d75706e)

Conflicts:

	crypto/x509/x509_vpm.c
2013-12-13 15:52:27 +00:00
Dr. Stephen Henson
adc6bd73e3 Add opaque ID structure.
Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
2013-12-13 15:36:31 +00:00
Dr. Stephen Henson
8c6d8c2a49 Backport TLS padding extension from master. 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
53a8f8c26d Fix for partial chain notification.
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
bf4863b3f5 Verify parameter retrieval functions.
New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
8f68678989 Don't use rdrand engine as default unless explicitly requested. 2013-12-13 15:29:26 +00:00