wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9470 commits 20 branches 302 tags 153 MiB
Commit graph

9470 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andy Polyakov
e5a4de9e44 Add assigned OIDs, as well as "anonymous" ones for AES counter mode. 2010-02-23 16:47:17 +00:00
Dr. Stephen Henson
7d3d1788a5 The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and 
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in
the verify application documentation.
 2010-02-23 14:09:09 +00:00
Bodo Möller
2d9dcd4ff0 Always check bn_wexpend() return values for failure (CVE-2009-3245). 
(The CHANGES entry covers the change from PR #2111 as well, submitted by
Martin Olsson.)

Submitted by: Neel Mehta
 2010-02-23 10:36:35 +00:00
Bodo Möller
a839755329 Fix X509_STORE locking 2010-02-19 18:27:07 +00:00
Dr. Stephen Henson
69582a592e clarify documentation 2010-02-18 12:41:33 +00:00
Dr. Stephen Henson
7512141162 OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved 2010-02-17 19:43:56 +00:00
Dr. Stephen Henson
c2c49969e2 Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:38:31 +00:00
Dr. Stephen Henson
47e0a1c335 PR: 2100 
Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.
 2010-02-17 14:32:41 +00:00
Dr. Stephen Henson
439aab3afc Submitted by: Dmitry Ivanov <vonami@gmail.com> 
Don't leave dangling pointers in GOST engine if calls fail.
 2010-02-16 14:30:29 +00:00
Dr. Stephen Henson
8d934c2585 PR: 2171 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.

Also can now use SSL2 compatible client hello because RFC5746 supports it.
 2010-02-16 14:21:11 +00:00
Dr. Stephen Henson
1458b931eb The "block length" for CFB mode was incorrectly coded as 1 all the time. It 
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
 2010-02-15 19:40:16 +00:00
Dr. Stephen Henson
20eb7238cb Correct ECB mode EVP_CIPHER definition: IV length is 0 2010-02-15 19:26:02 +00:00
Dr. Stephen Henson
79cfc3ac54 add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable 2010-02-15 19:20:13 +00:00
Dr. Stephen Henson
918a5d04e4 PR: 2164 
Submitted by: "Noszticzius, Istvan" <inoszticzius@rightnow.com>

Don't clear the output buffer: ciphers should correctly the same input
and output buffers.
 2010-02-15 19:00:12 +00:00
Dr. Stephen Henson
f959598866 update references to new RI RFC 2010-02-12 21:59:31 +00:00
Dr. Stephen Henson
5a9e3f05ff PR: 2170 
Submitted by: Magnus Lilja <lilja.magnus@gmail.com>

Make -c option in dgst work again.
 2010-02-12 17:07:16 +00:00
Dr. Stephen Henson
29e722f031 Fix memory leak in ENGINE autoconfig code. Improve error logging. 2010-02-09 14:17:14 +00:00
Dr. Stephen Henson
05566760da update year 2010-02-09 14:12:49 +00:00
Dr. Stephen Henson
e3e31ff482 Use supplied ENGINE when initialising CMAC. Restore pctx setting. 2010-02-08 16:31:28 +00:00
Dr. Stephen Henson
bae060c06a add cvsignore 2010-02-08 15:34:02 +00:00
Dr. Stephen Henson
0ff907caf8 Make update. 2010-02-08 15:33:23 +00:00
Dr. Stephen Henson
c8ef656df2 Make CMAC API similar to HMAC API. Add methods for CMAC. 2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
8c968e0355 Initial experimental CMAC implementation. 2010-02-07 18:01:07 +00:00
Dr. Stephen Henson
cc0661374f make update 2010-02-07 13:54:30 +00:00
Dr. Stephen Henson
089f02c577 oops, use new value for new flag 2010-02-07 13:50:36 +00:00
Dr. Stephen Henson
c2bf720842 Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy 
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
 2010-02-07 13:39:39 +00:00
Dr. Stephen Henson
c95bf51167 don't assume 0x is at start of string 2010-02-03 18:19:22 +00:00
Dr. Stephen Henson
2712a2f625 tolerate broken CMS/PKCS7 implementations using signature OID instead of digest 2010-02-02 14:30:39 +00:00
Dr. Stephen Henson
17ebc10ffa PR: 2161 
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.

Make no-dsa, no-ecdsa and no-rsa compile again.
 2010-02-02 13:35:27 +00:00
Dr. Stephen Henson
434745dc19 PR: 2160 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Make session tickets work with DTLS.
 2010-02-01 16:51:09 +00:00
Dr. Stephen Henson
b380f9b884 PR: 2159 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Typo in PR#1949 bug, oops!
 2010-02-01 12:43:45 +00:00
Richard Levitte
749af8cb61 Typo. 2010-01-29 12:07:46 +00:00
Richard Levitte
1d62de0395 The previous take went wrong, try again. 2010-01-29 12:02:50 +00:00
Richard Levitte
d7b99700c0 Architecture specific header files need special handling. 2010-01-29 11:44:36 +00:00
Richard Levitte
cd6bc02b29 If opensslconf.h and buildinf.h are to be in an architecture specific 
directory, place it in the same tree as the other architecture
specific things.
 2010-01-29 11:43:50 +00:00
Dr. Stephen Henson
da454e4c67 typo 2010-01-29 00:09:33 +00:00
Dr. Stephen Henson
08c239701b Experimental renegotiation support in s_server test -www server. 2010-01-28 19:48:36 +00:00
Dr. Stephen Henson
92714455af In engine_table_select() don't clear out entire error queue: just clear 
out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise
errors from other sources (e.g. SSL library) can be wiped.
 2010-01-28 17:49:25 +00:00
Dr. Stephen Henson
00b525781b oops revert test code accidentally committed 2010-01-28 16:48:39 +00:00
Dr. Stephen Henson
891d3c7a60 revert previous change 2010-01-28 14:17:39 +00:00
Dr. Stephen Henson
9fb6fd34f8 reword RI description 2010-01-27 18:53:33 +00:00
Dr. Stephen Henson
c2963f5b87 revert wrongly committed test code 2010-01-27 17:49:33 +00:00
Dr. Stephen Henson
99b36a8c31 update documentation to reflect new renegotiation options 2010-01-27 17:46:24 +00:00
Dr. Stephen Henson
89e56aebef Some shells print out the directory name if CDPATH is set breaking the 
pod2man test. Use ./util instead to avoid this.
 2010-01-27 16:07:17 +00:00
Dr. Stephen Henson
4ba1aa393b typo 2010-01-27 14:05:39 +00:00
Dr. Stephen Henson
1e27847d4e PR: 2157 
Submitted by: "Green, Paul" <Paul.Green@stratus.com>

Typo.
 2010-01-27 12:54:58 +00:00
Richard Levitte
407a410136 Have the VMS build system catch up with the 1.0.0-stable branch. 2010-01-27 09:18:42 +00:00
Richard Levitte
9921f865e4 Apparently, test/testtsa.com was only half done 2010-01-27 01:19:07 +00:00
Richard Levitte
c8c07be883 size_t doesn't compare less than zero... 2010-01-27 01:18:21 +00:00
Dr. Stephen Henson
d5e7f2f2c3 PR: 1949 
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
 2010-01-26 19:47:37 +00:00