Commit graph

11268 commits

Author SHA1 Message Date
Emilia Kasper
972868b23d make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-09-23 18:20:26 +02:00
Emilia Kasper
e774a3055b Add i2d_re_X509_tbs
i2d_re_X509_tbs re-encodes the TBS portion of the certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 95b1752cc7)
2014-09-23 18:20:26 +02:00
Emilia Kasper
d9f99d4ef3 Revert "Add accessor for x509.cert_info."
This reverts commit 519ad9b384.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-23 18:20:26 +02:00
Emilia Kasper
6ce2a64191 Revert "Add more accessors."
This reverts commit cacdfcb247.

Conflicts:
	crypto/x509/x509.h

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-23 18:20:26 +02:00
Andy Polyakov
d2a1226b81 CHANGES: mention ECP_NISTZ256.
Reviewed-by: Bodo Moeller <bodo@openssl.org>
(cherry picked from commit 507efe7372)
2014-09-23 14:56:46 +02:00
Andy Polyakov
9fa9370b6f crypto/ecp_nistz256.c: harmonize error codes.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit be07ae9b10)
2014-09-22 00:11:04 +02:00
Dr. Stephen Henson
12f14b1d8f Fix warning.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 16e5b45f72)
2014-09-22 00:10:53 +02:00
Andy Polyakov
27918b7c25 crypto/ec: harmonize new code with FIPS module.
RT: 3149
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-22 00:07:44 +02:00
Andy Polyakov
2e31c47adb Configure: engage ECP_NISTZ256.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 847147908b)

Resolved conflicts:

	Configure
	TABLE
2014-09-22 00:07:44 +02:00
Andy Polyakov
3842a64d36 Add ECP_NISTZ256 by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4d3fa06fce)
2014-09-22 00:07:44 +02:00
Andy Polyakov
8aed2a7548 Reserve option to use BN_mod_exp_mont_consttime in ECDSA.
Submitted by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f54be179aa)
2014-09-22 00:07:44 +02:00
Andy Polyakov
f7835e1c20 perlasm/x86_64-xlate.pl: handle inter-bank movd.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 902b30df19)
2014-09-22 00:07:44 +02:00
Andy Polyakov
11d8abb331 Configure: add configuration for crypto/ec/asm extensions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6019cdd327)

Resolved conflicts:

	Configure
	Makefile.org
	TABLE
2014-09-22 00:07:44 +02:00
Tim Hudson
320d949781 Fixed error introduced in commit f2be92b94d
that fixed PR#3450 where an existing cast masked an issue when i was changed
from int to long in that commit

Picked up on z/linux (s390) where sizeof(int)!=sizeof(long)

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit b5ff559ff9)
2014-09-22 06:35:57 +10:00
Andy Polyakov
dfb5de6fc0 Harmonize Tru64 and Linux make rules.
RT: 3333,3165
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d475b2a3bf)
2014-09-20 10:22:13 +02:00
Jake Goulding
5015a93ded RT2301: GetDIBits, not GetBitmapBits in rand_win
GetDIBits has been around since Windows2000 and
BitBitmapBits is an old Win16 compatibility function
that is much slower.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 99b00fd993)
2014-09-18 16:42:07 -04:00
Rich Salz
478b3470ff RT2772 update: c_rehash was broken
Move the readdir() lines out of the if statement, so
that flist is available globally.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6f46c3c3b0)
2014-09-11 13:09:56 -04:00
Rich Salz
3258429883 RT3271 update; extra; semi-colon; confuses; some;
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit cb4bb56bae)
2014-09-10 15:09:53 -04:00
Rich Salz
a9d928a8b6 RT2560: missing NULL check in ocsp_req_find_signer
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b2aa38a980)
2014-09-10 12:20:15 -04:00
Rich Salz
3aa2d2d08f RT2196: Clear up some README wording
Say where to email bug reports.
Mention general RT tracker info in a separate paragraph.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 468ab1c20d)
2014-09-09 17:49:04 -04:00
Matt Caswell
f33ce36aff RT3192: spurious error in DSA verify
This is funny; Ben commented in the source, Matt opend a ticket,
and Rich is doing the submit.  Need more code-review? :)

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit eb63bce040)
2014-09-09 17:10:57 -04:00
Rich Salz
e61c648fd6 RT3271: Don't use "if !" in shell lines
For portability don't use "if ! expr"

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b999f66e34)
2014-09-09 17:05:50 -04:00
Geoff Keating
8c0d19d857 RT1909: Omit version for v1 certificates
When calling X509_set_version to set v1 certificate, that
should mean that the version number field is omitted.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 1f18f50c4b)
2014-09-09 15:16:42 -04:00
Kurt Cancemi
283a8fd1aa RT3506: typo's in ssltest
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 4eadd11cd9)
2014-09-09 13:58:33 -04:00
Paul Suhler
b8d687bb56 RT2841: Extra return in check_issued
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 4cd1119df3)
2014-09-08 18:50:40 -04:00
Kurt Roeckx
57c932dafd RT2626: Change default_bits from 1K to 2K
This is a more comprehensive fix.  It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1.  This is from
Kurt's upstream Debian changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 44e0c2bae4)
2014-09-08 17:23:37 -04:00
Matthias Andree
ef720a67ab RT2272: Add old-style hash to c_rehash
In addition to Matthias's change, I also added -n to
not remove links. And updated the manpage.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a787c2590e)
2014-09-08 11:35:25 -04:00
Rich Salz
f28c48d07e RT468: SSL_CTX_sess_set_cache_size wrong
The documentation is wrong about what happens when the
session cache fills up.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit e9edfc4196)
2014-09-08 11:26:19 -04:00
Erik Auerswald
ff89be854e RT3301: Discard too-long heartbeat requests
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit af4c6e348e)
2014-09-08 11:23:02 -04:00
Scott Schaefer
61a44b76a0 RT2518: fix pod2man errors
pod2man now complains when item tags are not sequential.
Also complains about missing =back and other tags.
Silence the warnings; most were already done.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit fe7573042f)
2014-09-08 11:18:58 -04:00
Rich Salz
45236ed6a4 RT3108: OPENSSL_NO_SOCK should imply OPENSSL_NO_DGRAM
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit be0bd11d69)
2014-09-08 11:08:01 -04:00
Robin Lee
240635c0b2 RT3031: Need to #undef some names for win32
Copy the ifdef/undef stanza from x509.h to x509v3.h

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 83e4e03eeb)
2014-09-08 11:06:07 -04:00
Martin Olsson
610ac0525d RT2843: Remove another spurious close-comment token
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 683cd7c948)
2014-09-08 10:52:19 -04:00
Martin Olsson
9c096d0bbf RT2842: Remove spurious close-comment marker.
Also, I (rsalz) changed "#ifdef undef" to "#if 0"

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 6b0dc6eff1)
2014-09-08 10:50:33 -04:00
Rich Salz
1915744a64 Merge branch 'OpenSSL_1_0_2-stable' of git.openssl.org:openssl into OpenSSL_1_0_2-stable
another empty merge???

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 10:47:03 -04:00
Rich Salz
c387f7d0ea Empty merge
Merge branch 'OpenSSL_1_0_2-stable' of git.openssl.org:openssl into OpenSSL_1_0_2-stable

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 10:45:53 -04:00
Rich Salz
eee95fc64f Empty merge
Merge branch 'OpenSSL_1_0_2-stable' of git.openssl.org:openssl into OpenSSL_1_0_2-stable

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 10:45:31 -04:00
Rich Salz
dd3c21b2d2 RT1834: Fix PKCS7_verify return value
The function returns 0 or 1, only.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b0e659cfac)
2014-09-08 10:43:32 -04:00
Rich Salz
dd13aadf9e RT1832: Fix PKCS7_verify return value
The function returns 0 or 1, only.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b0e659cfac)
2014-09-08 10:39:12 -04:00
Alon Bar-Lev
2a49fef28e RT1771: Add string.h include.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 8842987e5a)
2014-09-08 10:38:08 -04:00
Viktor Dkhovni
c56be26d9f RT1325,2973: Add more extensions to c_rehash
Regexp was bracketed wrong.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 5a8addc432)
2014-09-07 18:25:59 -04:00
Dr. Stephen Henson
2102c53caa Add CHANGES entry for SCT viewer code.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit b2774f6e17)
2014-09-05 13:45:45 +01:00
Adam Langley
e12e875759 psk_client_callback, 128-byte id bug.
Fix a bug in handling of 128 byte long PSK identity in
psk_client_callback.

OpenSSL supports PSK identities of up to (and including) 128 bytes in
length. PSK identity is obtained via the psk_client_callback,
implementors of which are expected to provide a NULL-terminated
identity. However, the callback is invoked with only 128 bytes of
storage thus making it impossible to return a 128 byte long identity and
the required additional NULL byte.

This CL fixes the issue by passing in a 129 byte long buffer into the
psk_client_callback. As a safety precaution, this CL also zeroes out the
buffer before passing it into the callback, uses strnlen for obtaining
the length of the identity returned by the callback, and aborts the
handshake if the identity (without the NULL terminator) is longer than
128 bytes.

(Original patch amended to achieve strnlen in a different way.)

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit be0d851732)
2014-09-05 12:22:33 +02:00
Adam Langley
0600a5cd49 Ensure that x**0 mod 1 = 0.
(cherry picked from commit 2b0180c37f)

Reviewed-by: Ben Laurie <ben@openssl.org>
2014-09-04 16:05:57 +02:00
Richard Levitte
a91b73fd29 Followup on RT3334 fix: make sure that a directory that's the empty
string returns 0 with errno = ENOENT.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 360928b7d0)
2014-09-03 22:23:34 +02:00
Phil Mesnier
02c38e37a6 RT3334: Fix crypto/LPdir_win.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 6a14fe7576)
2014-09-03 22:23:34 +02:00
Clang via Jeffrey Walton
fa2ae04c40 RT3140: Possibly-unit variable in pem_lib.c
Can't really happen, but the flow of control isn't obvious.
Add an initializer.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0ff3687eab)
2014-09-02 23:38:15 -04:00
Emilia Kasper
27739e9265 Make the inline const-time functions static.
"inline" without static is not correct as the compiler may choose to ignore it
and will then either emit an external definition, or expect one.

Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit 86f50b36e6)
2014-09-02 15:24:54 +02:00
Adam Williamson
157c345175 RT3511: doc fix; req default serial is random
RT842, closed back in 2004, changed the default serial number
to be a random number rather than zero.  Finally time to update
the doc

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 3aba132d61)
2014-08-31 23:41:51 -04:00
Richard Levitte
770b98d02e Add t1_ext and ssl_utst to the VMS build as well.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-08-31 18:22:02 +02:00