wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10811 commits 20 branches 302 tags 153 MiB
Commit graph

10811 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
bbbe61c958 Always use SSLv23_{client,server}_method in s_client.c and s_server.c, 
the old code came from SSLeay days before TLS was even supported.
 2012-03-18 18:16:46 +00:00
Andy Polyakov
df27a35137 vpaes-x86_64.pl: out-of-date Apple assembler fails to calculate 
distance between local labels.
PR: 2762
 2012-03-17 16:06:31 +00:00
Andy Polyakov
f9ef874a21 bsaes-x86_64.pl: optimize key conversion. 2012-03-16 21:44:19 +00:00
Andy Polyakov
442c9f13d4 bsaes-armv7.pl: optmize Sbox and key conversion. 2012-03-16 21:41:48 +00:00
Dr. Stephen Henson
156421a2af oops, revert unrelated patches 2012-03-14 13:46:50 +00:00
Dr. Stephen Henson
61ad8262a0 update FAQ, NEWS 2012-03-14 13:44:57 +00:00
Andy Polyakov
5c88dcca5b ghash-x86.pl: omit unreferenced rem_8bit from no-sse2 build. 2012-03-13 19:43:42 +00:00
Andy Polyakov
d2add2efaa ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER. 2012-03-13 19:20:55 +00:00
Andy Polyakov
b2ae61ecf2 x86_64-xlate.pl: remove old kludge. 
PR: 2435,2440
 2012-03-13 19:19:08 +00:00
Dr. Stephen Henson
78dfd43955 corrected fix to PR#2711 and also cover mime_param_cmp 2012-03-12 16:32:19 +00:00
Dr. Stephen Henson
146b52edd1 Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and 
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
 2012-03-12 16:31:39 +00:00
Dr. Stephen Henson
13747c6fda update NEWS 2012-03-12 16:23:00 +00:00
Dr. Stephen Henson
174b07be93 PR: 2744 
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

CMS support for ccgost engine
 2012-03-11 13:40:17 +00:00
Dr. Stephen Henson
15a40af2ed Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> 
Add more extension names in s_cb.c extension printing code.
 2012-03-09 18:38:35 +00:00
Dr. Stephen Henson
ea6e386008 PR: 2756 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
 2012-03-09 15:52:33 +00:00
Dr. Stephen Henson
34b61f5a25 check return value of BIO_write in PKCS7_decrypt 2012-03-08 14:10:23 +00:00
Dr. Stephen Henson
e7f8ff4382 New ctrls to retrieve supported signature algorithms and curves and 
extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.
 2012-03-06 14:28:21 +00:00
Dr. Stephen Henson
62b6948a27 PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
 2012-03-06 13:47:43 +00:00
Dr. Stephen Henson
0fbf8b9cea PR: 2748 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
 2012-03-06 13:26:15 +00:00
Dr. Stephen Henson
d895f7f060 don't do loop check for single self signed certificate 2012-03-05 15:48:13 +00:00
Andy Polyakov
ce0ed3b778 Configure: make no-whirlpool work. 2012-03-03 13:17:47 +00:00
Andy Polyakov
358c372d16 bsaes-armv7.pl: change preferred contact. 2012-03-03 13:04:53 +00:00
Andy Polyakov
c4a52a6dca Add bit-sliced AES for ARM NEON. This initial version is effectively 
reference implementation, it does not interface to OpenSSL yet.
 2012-03-03 12:33:28 +00:00
Dr. Stephen Henson
797a2a102d PR: 2743 
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

Fix memory leak if invalid GOST MAC key given.
 2012-02-29 14:13:00 +00:00
Dr. Stephen Henson
3c6a7cd44b PR: 2742 
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

If resigning with detached content in CMS just copy data across.
 2012-02-29 14:02:02 +00:00
Dr. Stephen Henson
dc4f678cdc Fix memory leak cause by race condition when creating public keys. 
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
 2012-02-28 14:47:02 +00:00
Andy Polyakov
0f2ece872d x86cpuid.pl: fix processor capability detection on pre-586. 2012-02-28 14:20:21 +00:00
Dr. Stephen Henson
68a7b5ae1e PR: 2736 
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
 2012-02-27 18:45:28 +00:00
Dr. Stephen Henson
161c9b4262 PR: 2737 
Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Fix double free in PKCS12_parse if we run out of memory.
 2012-02-27 16:46:34 +00:00
Dr. Stephen Henson
57cb030cea PR: 2739 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix padding bugs in Heartbeat support.
 2012-02-27 16:38:24 +00:00
Dr. Stephen Henson
d441e6d8db PR: 2735 
Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.
 2012-02-27 16:33:34 +00:00
Dr. Stephen Henson
228a8599ff free headers after use in error message 2012-02-27 16:27:17 +00:00
Dr. Stephen Henson
d16bb406d4 Detect symmetric crypto errors in PKCS7_decrypt. 
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
 2012-02-27 15:22:41 +00:00
Andy Polyakov
f7ef20c5ee Configure: I remove adding of -D_XPG4_2 -D__EXTENSIONS__ in sctp builds for 
following reasons:

- it's not the way to engage XPG4v2 mode, defining _XOPEN_SOURCE to
  value less than 500 is (see standards(5));
- we need to work out strategy to handle _XOPEN_SOURCE, current state
  when we define e.g. _XOPEN_SOURCE to 500 in some files is inappropriate;
- sctp implementation on Solaris is incomplete, in sense that bss_dgram.c
  doesn't compile, because not all structures are defined, so that
  enabling sctp doesn't work anyway;
 2012-02-26 22:02:59 +00:00
Andy Polyakov
d0e68a98c5 seed.c: incredibly enough seed.c can fail to compile on Solaris with certain 
flags, because SS is defined after inclusion of <stdlib.h>, in <sys/regset.h>
 2012-02-26 21:52:43 +00:00
Dr. Stephen Henson
a36fb72584 PR: 2730 
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

VMS fixes: disable SCTP by default.
 2012-02-25 17:59:40 +00:00
Dr. Stephen Henson
8f27a92754 ABI fixes from 1.0.1-stable 2012-02-23 22:25:52 +00:00
Dr. Stephen Henson
6941b7b918 PR: 2711 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.
 2012-02-23 21:50:44 +00:00
Dr. Stephen Henson
ef570cc869 PR: 2696 
Submitted by: Rob Austein <sra@hactrn.net>

Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.
 2012-02-23 21:31:37 +00:00
Dr. Stephen Henson
4d3670fa50 PR: 2727 
Submitted by: Bruce Stephens <bruce.stephens@isode.com>

Use same construct for EXHEADER in srp/Makefile as other makefiles to cope
with possibly empty EXHEADER.
 2012-02-23 13:49:35 +00:00
Dr. Stephen Henson
5421196eca ABI compliance fixes. 
Move new structure fields to end of structures.
 2012-02-22 15:39:54 +00:00
Dr. Stephen Henson
74b4b49494 SSL export fixes (from Adam Langley) [original from 1.0.1] 2012-02-22 15:06:56 +00:00
Dr. Stephen Henson
de2b5b7439 initialise i if n == 0 2012-02-22 15:03:44 +00:00
Dr. Stephen Henson
64095ce9d7 Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert 
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
 2012-02-21 14:41:13 +00:00
Dr. Stephen Henson
206310c305 Fix bug in CVE-2011-4619: check we have really received a client hello 
before rejecting multiple SGC restarts.
 2012-02-16 15:26:04 +00:00
Dr. Stephen Henson
5863163732 Additional compatibility fix for MDC2 signature format. 
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
 2012-02-15 14:27:25 +00:00
Dr. Stephen Henson
83cb7c4635 An incompatibility has always existed between the format used for RSA 
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.

This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.

Add detection in RSA_verify so either format works.

Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
 2012-02-15 14:04:00 +00:00
Dr. Stephen Henson
04296664e0 PR: 2713 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Move libraries that are not needed for dynamic linking to Libs.private in
the .pc files
 2012-02-12 18:47:47 +00:00
Dr. Stephen Henson
fc7dae5229 PR: 2717 
Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7
 2012-02-11 23:41:19 +00:00
Dr. Stephen Henson
be81f4dd81 PR: 2716 
Submitted by: Adam Langley <agl@google.com>

Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.
 2012-02-11 23:20:53 +00:00