wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10017 commits 20 branches 302 tags 153 MiB
Commit graph

10017 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
97f336f25d Fix documentation for RSA_set_method(3) 
PR#1675
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 197400c3f0d617d71ad8167b52fb73046d334320)
 2014-07-19 18:26:31 +01:00
Jeffrey Walton
5e05728ace Fix typo, add reference. 
PR#3456
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit d48e78f0cf)
 2014-07-17 12:09:02 +01:00
Matt Caswell
061a5bdba2 Add Matt Caswell's fingerprint, and general update on the fingerprints file to bring it up to date 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 3bd548192a)
 2014-07-15 23:24:48 +01:00
Dr. Stephen Henson
e6ed83fb74 Clarify -Verify and PSK. 
PR#3452
(cherry picked from commit ca2015a617)
 2014-07-15 20:23:41 +01:00
Dr. Stephen Henson
c3f2fc419b Fix DTLS certificate requesting code. 
Use same logic when determining when to expect a client
certificate for both TLS and DTLS.

PR#3452
(cherry picked from commit c8d710dc5f)
 2014-07-15 18:23:52 +01:00
Dr. Stephen Henson
ec9cb40da5 Add ECC extensions with DTLS. 
PR#3449
(cherry picked from commit 2054eb771e)
 2014-07-15 12:29:20 +01:00
Dr. Stephen Henson
ed1de3810d Don't allow -www etc options with DTLS. 
The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.

PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)
 2014-07-15 12:27:03 +01:00
Dr. Stephen Henson
df35da266d Use case insensitive compare for servername. 
PR#3445
(cherry picked from commit 1c3e9a7c67)
 2014-07-15 00:00:14 +01:00
Dr. Stephen Henson
26d60e29e3 Use more common name for GOST key exchange. 
(cherry picked from commit 7aabd9c92fe6f0ea2a82869e5171dcc4518cee85)
 2014-07-14 18:31:54 +01:00
Matt Caswell
5a0df377ac Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data. 
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415

(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
 2014-07-13 22:25:53 +01:00
Peter Mosmans
f7123634a5 Add names of GOST algorithms. 
PR#3440
(cherry picked from commit 924e5eda2c)

Conflicts:

	ssl/ssl_ciph.c
 2014-07-13 18:35:14 +01:00
Richard Levitte
7aeb3d7937 * crypto/ui/ui_lib.c: misplaced brace in switch statement. 
Detected by dcruette@qualitesys.com

(cherry picked from commit 8b5dd34091)
 2014-07-13 19:16:06 +02:00
Matt Caswell
182f1ad8a1 Fix memory leak in BIO_free if there is no destroy function. 
Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com>

PR#3439

(cherry picked from commit 66816c53be)
 2014-07-09 23:37:04 +01:00
David Lloyd
0819130188 Prevent infinite loop loading config files. 
PR#2985
(cherry picked from commit 9d23f422a3)
 2014-07-07 13:50:52 +01:00
Dr. Stephen Henson
3fe4fc4774 Usage for -hack and -prexit -verify_return_error 
(cherry picked from commit a07f514fc0)
 2014-07-06 22:59:03 +01:00
Dr. Stephen Henson
1326733457 Document certificate status request options. 
Conflicts:

	doc/apps/s_client.pod
	doc/apps/s_server.pod
(cherry picked from commit b197c770a6)
 2014-07-06 22:59:03 +01:00
Dr. Stephen Henson
d8426e6b7d s_server usage for certificate status requests 2014-07-06 22:58:58 +01:00
Dr. Stephen Henson
aa90ff7d8e Update ticket callback docs. 
(cherry picked from commit a23a6e85d8)
 2014-07-06 12:42:58 +01:00
Dr. Stephen Henson
aeae79951c Sanity check keylength in PVK files. 
PR#2277
(cherry picked from commit 733a6c882e92f8221bd03a51643bb47f5f81bb81)
 2014-07-06 00:36:10 +01:00
Matt Caswell
cf3792b3e4 Fixed error in pod files with latest versions of pod2man 
(cherry picked from commit 07255f0a76d9d349d915e14f969b9ff2ee0d1953)
 2014-07-06 00:05:01 +01:00
Alan Hryngle
e6b98d5a40 Return smaller of ret and f. 
PR#3418.
(cherry picked from commit fdea4fff8f)
 2014-07-05 22:38:56 +01:00
Dr. Stephen Henson
4054d95eb9 Don't limit message sizes in ssl3_get_cert_verify. 
PR#319 (reoponed version).
(cherry picked from commit 7f6e957864)

Conflicts:

	ssl/s3_srvr.c
 2014-07-05 13:31:53 +01:00
Dr. Stephen Henson
a05e954b66 Add license info. 
(cherry picked from commit 55707a36cc)
 2014-07-04 18:44:24 +01:00
Dr. Stephen Henson
ca4a339eeb typo 
(cherry picked from commit 2cfbec1cae)
(cherry picked from commit a9661e45ac)
 2014-07-04 18:44:18 +01:00
Rich Salz
835e32f9f6 Merge branch 'rsalz-docfixes' 2014-07-03 12:50:06 -04:00
Rich Salz
23396f5500 Close 3170, remove reference to Ariel Glenn's old 0.9.8 doc 
(cherry picked from commit f1112985e8)
 2014-07-03 12:44:41 -04:00
Dr. Stephen Henson
1c9b82a91f update release notes 2014-07-02 18:31:56 +01:00
Matt Smart
99657430c0 Fix doc typo. 
ERR_get_error(3) references the non-existent
ERR_get_last_error_line_data instead of the one that does exist,
ERR_peek_last_error_line_data.

PR#3283
(cherry picked from commit 5cc99c6cf5)
 2014-07-02 03:45:14 +01:00
Thijs Alkemade
ce20ac72b4 Make disabling last cipher work. 
(cherry picked from commit 7cb472bd0d)
 2014-07-02 03:33:12 +01:00
Geoff Thorpe
525b6c7585 util/mkerr.pl: fix perl warning 
Gets rid of this;

defined(@array) is deprecated at ../util/mkerr.pl line 792.
        (Maybe you should just omit the defined()?)
defined(@array) is deprecated at ../util/mkerr.pl line 800.
        (Maybe you should just omit the defined()?)

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit 647f360e2e)
 2014-07-02 01:50:58 +01:00
Dr. Stephen Henson
29ed482ffc ASN1 sanity check. 
Primitive encodings shouldn't use indefinite length constructed
form.

PR#2438 (partial).
(cherry picked from commit 398e99fe5e)
 2014-07-02 01:01:41 +01:00
Jeffrey Walton
b38db8803f Clarified that the signature's buffer size, s, is not used as an 
IN parameter.

Under the old docs, the only thing stated was "at most
EVP_PKEY_size(pkey) bytes will be written". It was kind of misleading
since it appears EVP_PKEY_size(pkey) WILL be written regardless of the
signature's buffer size.

(cherry picked from commit 6e6ba36d98)
 2014-06-29 23:37:12 +01:00
Dr. Stephen Henson
59899c4d1b Fix memory leak. 
PR#2531.
 2014-06-29 13:53:06 +01:00
Ken Ballou
eec4cc8878 Typo. 
PR#3173
(cherry picked from commit 76ed5a42ea)
 2014-06-29 13:39:28 +01:00
Dr. Stephen Henson
2e7124497d Show errors on CSR verification failure. 
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.

PR#2875
(cherry picked from commit a30bdb55d1)
 2014-06-29 13:35:01 +01:00
Dr. Stephen Henson
c0eae35b3d Make no-ssl3 no-ssl2 do more sensible things. 
(cherry picked from commit 7ae6a4b659)
 2014-06-29 03:05:54 +01:00
Dr. Stephen Henson
50c9141d00 Typo. 
PR#3107
(cherry picked from commit 7c206db928)
 2014-06-28 12:43:36 +01:00
Dr. Stephen Henson
2617a3c44d Don't disable state strings with no-ssl2 
Some state strings were erronously not compiled when no-ssl2
was set.

PR#3295
(cherry picked from commit 0518a3e19e)
 2014-06-28 00:56:59 +01:00
Andreas Westfeld
a7da2b8e17 Fix typo in ideatest.c 
(cherry picked from commit d1d4382dcb)
 2014-06-28 00:06:47 +01:00
Ken Ballou
e617a506ff Remove redundant check. 
PR#3174
(cherry picked from commit fd331c0bb9b557903dd2ce88398570a3327b5ef0)
 2014-06-27 23:18:25 +01:00
Dr. Stephen Henson
80640bf0bc Fix for EVP_PBE_alg_add(). 
In EVP_PBE_alg_add don't use the underlying NID for the cipher
as it may have a non-standard key size.

PR#3206
(cherry picked from commit efb7caef637a1de8468ca109efd355a9d0e73a45)
 2014-06-27 22:59:13 +01:00
Dr. Stephen Henson
f05bce4f2f Tolerate critical AKID in CRLs. 
PR#3014
(cherry picked from commit 11da66f8b1)
 2014-06-27 18:50:45 +01:00
Tom Greenslade
5cd3ae9f18 Handle IPv6 addresses in OCSP_parse_url. 
PR#2783
(cherry picked from commit b36f35cda9)
 2014-06-27 17:31:50 +01:00
Tomas Mraz
d9d5a12823 Don't advertise ECC ciphersuits in SSLv2 compatible client hello. 
PR#3374
(cherry picked from commit 0436369fcc)
 2014-06-27 16:52:10 +01:00
Jeffrey Walton
06f3746c62 Clarify docs. 
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.

PR#3409
(cherry picked from commit 0535c2d67c)

Add restrictions section present in other branches.

Conflicts:

	doc/ssl/SSL_CTX_add_extra_chain_cert.pod
(cherry picked from commit 86cac6d3b2)
 2014-06-27 16:42:42 +01:00
Dr. Stephen Henson
14247e4f59 Memory leak and NULL dereference fixes. 
PR#3403
(cherry picked from commit d2aea03829)
 2014-06-27 14:53:21 +01:00
Dr. Stephen Henson
72bc04942a Remove ancient obsolete files under pkcs7. 
(cherry picked from commit 7be6b27aaf)
 2014-06-27 13:56:53 +01:00
Huzaifa Sidhpurwala
8e28ef0d85 Make sure BN_sqr can never return a negative value. 
PR#3410
(cherry picked from commit e14e764c0d5d469da63d0819c6ffc0e1e9e7f0bb)
 2014-06-26 23:50:52 +01:00
Jenny Yung
996edff7e1 Memory allocation checks. 
PR#3399.
(cherry picked from commit da0d5e78bc)
 2014-06-26 23:33:05 +01:00
Miod Vallat
532ee6e056 Fix off-by-one errors in ssl_cipher_get_evp() 
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

Bug discovered and fixed by Miod Vallat from the OpenBSD team.

PR#3375
 2014-06-22 23:22:49 +01:00