wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10989 commits 20 branches 302 tags 153 MiB
Commit graph

10989 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andy Polyakov
ccbb8d5e95 sparcv9cap.c: omit random detection. 
PR: 3202
(cherry picked from commit 926725b3d7)
 2013-12-28 13:32:45 +01:00
Andy Polyakov
d7d7e7b038 ARM assembly pack: make it work with older toolchain. 
(cherry picked from commit 2218c296b4)
 2013-12-28 12:18:11 +01:00
Dr. Stephen Henson
80b6d97585 Fix DTLS retransmission from previous session. 
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1)
 2013-12-20 23:25:41 +00:00
Dr. Stephen Henson
ff64ab32ae Ignore NULL parameter in EVP_MD_CTX_destroy. 
(cherry picked from commit a6c62f0c25)
 2013-12-20 23:24:26 +00:00
Andy Polyakov
fc9c9e47f7 sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes. 
(and ensure stack alignment in the process)
(cherry picked from commit fc0503a25c)
 2013-12-18 22:57:14 +01:00
Andy Polyakov
68e6ac4379 evp/e_[aes|camellia].c: fix typo in CBC subroutine. 
It worked because it was never called.
(cherry picked from commit e9c80e04c1)
 2013-12-18 22:56:24 +01:00
Andy Polyakov
e34b7e99fd sha512.c: fullfull implicit API contract in SHA512_Transform. 
SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.
(cherry picked from commit cdd1acd788)
 2013-12-18 22:56:00 +01:00
Dr. Stephen Henson
a32ba49352 Check EVP errors for handshake digests. 
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f)
 2013-12-18 13:27:15 +00:00
Dr. Stephen Henson
3a0c71541b verify parameter enumeration functions 
(cherry picked from commit 9b3d75706e)

Conflicts:

	crypto/x509/x509_vpm.c
 2013-12-13 15:52:27 +00:00
Dr. Stephen Henson
adc6bd73e3 Add opaque ID structure. 
Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
 2013-12-13 15:36:31 +00:00
Dr. Stephen Henson
8c6d8c2a49 Backport TLS padding extension from master. 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
53a8f8c26d Fix for partial chain notification. 
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
bf4863b3f5 Verify parameter retrieval functions. 
New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
8f68678989 Don't use rdrand engine as default unless explicitly requested. 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
57c4e42d75 Get FIPS checking logic right. 
We need to lock when *not* in FIPS mode.
 2013-12-10 12:52:27 +00:00
Dr. Stephen Henson
ff672cf8dd remove obsolete STATUS file 2013-12-10 00:10:41 +00:00
Dr. Stephen Henson
d43b040773 Add release dates to NEWS 2013-12-10 00:08:33 +00:00
Andy Polyakov
422c8c36e5 ARM assembly pack: SHA update from master. 2013-12-09 23:53:42 +01:00
Andy Polyakov
b76310ba74 ARM assembly pack: AES update from master (including bit-sliced module). 2013-12-09 23:44:45 +01:00
Andy Polyakov
c012f6e576 bn/asm/armv4-mont.pl: add NEON code path. 
(cherry picked from commit d1671f4f1a)
 2013-12-09 22:46:29 +01:00
Andy Polyakov
cf6d55961c crypto/bn/asm/x86_64-mont*.pl: update from master. 
Add MULX/AD*X code paths and optimize even original code path.
 2013-12-09 22:40:53 +01:00
Andy Polyakov
3aa1b1ccbb x86_64-xlate.pl: fix jrcxz in nasm case. 
(cherry picked from commit 667053a2f3)
 2013-12-09 22:19:34 +01:00
Andy Polyakov
3dcae82fa9 x86_64-xlate.pl: minor update. 
(cherry picked from commit 41965a84c4)
 2013-12-09 21:53:41 +01:00
Dr. Stephen Henson
86b81ecb73 update $default_depflags 2013-12-08 13:21:02 +00:00
Dr. Stephen Henson
c43dc3dd77 Avoid multiple locks in FIPS mode. 
PR: 3176.

In FIPS mode ssleay_rand_bytes is only used for PRNG seeding and is
performed in either a single threaded context (when the PRNG is first
initialised) or under a lock (reseeding). To avoid multiple locks disable
use of CRYPTO_LOCK_RAND in FIPS mode in ssleay_rand_bytes.
 2013-12-08 13:21:02 +00:00
Andy Polyakov
e5eab8a199 bn/asm/x86_64-mont5.pl: comply with Win64 ABI. 
PR: 3189
Submitted by: Oscar Ciurana
(cherry picked from commit c5d5f5bd0f)
 2013-12-04 00:02:18 +01:00
Andy Polyakov
7bab6eb6f0 crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64. 
(cherry picked from commit 8bd7ca9996)
 2013-12-03 22:30:00 +01:00
Andy Polyakov
87d9526d0c crypto/bn/rsaz*: fix licensing note. 
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
asm/rsaz-x86_64.pl: sync from master.
(cherry picked from commit 31ed9a2131)
 2013-12-03 22:17:55 +01:00
Andy Polyakov
36982f056a bn/asm/rsaz-x86_64.pl: fix prototype. 
(cherry picked from commit 6efef384c6)
 2013-12-03 09:44:24 +01:00
Dr. Stephen Henson
c97ec5631b Fix warning. 2013-12-01 23:30:21 +00:00
Dr. Stephen Henson
fdb0d5dd8f Change header order to pick up OPENSSL_SYS_WIN32 2013-12-01 23:29:40 +00:00
Dr. Stephen Henson
81b6dfe40d Recongnise no-dane and no-libunbound 2013-12-01 23:12:27 +00:00
Dr. Stephen Henson
bc35b8e435 make update 2013-12-01 23:09:44 +00:00
Dr. Stephen Henson
6859f3fc12 Fix warnings. 2013-12-01 23:08:13 +00:00
Dr. Stephen Henson
8b2d5cc4a7 WIN32 fixes. 2013-12-01 23:07:18 +00:00
Dr. Stephen Henson
74184b6f21 RSAX no longer compiled. 2013-12-01 23:06:33 +00:00
Dr. Stephen Henson
6416aed586 Simplify and update openssl.spec 2013-11-27 15:35:02 +00:00
Dr. Stephen Henson
2a1b7bd380 New functions to retrieve certificate from SSL_CTX 
New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().
(cherry picked from commit a25f9adc77)
 2013-11-18 18:59:18 +00:00
Dr. Stephen Henson
4bba0bda61 Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set 
(cherry picked from commit 60aeb18750)
 2013-11-18 18:59:03 +00:00
Dr. Stephen Henson
27baa8317a Use correct header length in ssl3_send_certifcate_request 
(cherry picked from commit fdeaf55bf9)
 2013-11-17 17:50:11 +00:00
Dr. Stephen Henson
1abfa78a8b Constify. 2013-11-14 21:00:40 +00:00
Piotr Sikora
edc687ba0f Fix compilation with no-nextprotoneg. 
PR#3106
 2013-11-14 01:20:58 +00:00
Dr. Stephen Henson
ff0bdbed85 Allow match selecting of current certificate. 
If pointer comparison for current certificate fails check
to see if a match using X509_cmp succeeds for the current
certificate: this is useful for cases where the certificate
pointer is not available.
(cherry picked from commit 6856b288a6e66edd23907b7fa264f42e05ac9fc7)
 2013-11-13 23:47:49 +00:00
Rob Stradling
dc4bdf592f Additional "chain_cert" functions. 
PR#3169

This patch, which currently applies successfully against master and
1_0_2, adds the following functions:

SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.

SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.

SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.

The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.
(cherry picked from commit 2f56c9c015dbca45379c9a725915b3b8e765a119)
 2013-11-13 23:47:37 +00:00
Krzysztof Kwiatkowski
b03d0513d0 Delete duplicate entry. 
PR#3172
(cherry picked from commit 4f055e34c3598cad00fca097d812fa3e6436d967)
 2013-11-13 23:47:26 +00:00
Andy Polyakov
0de70011ad srp/srp_grps.h: make it Compaq C-friendly. 
PR: 3165
Submitted by: Daniel Richard G.
(cherry picked from commit 2df9ec01d5)
 2013-11-12 22:19:40 +01:00
Andy Polyakov
220d1e5353 modes/asm/ghash-alpha.pl: update from HEAD. 
PR: 3165
 2013-11-12 21:59:01 +01:00
Andy Polyakov
ca44f72938 Make Makefiles OSF-make-friendly. 
PR: 3165
(cherry picked from commit d1cf23ac86)
 2013-11-12 21:53:39 +01:00
Dr. Stephen Henson
18f49508a5 Fix memory leak. 
(cherry picked from commit 16bc45ba95)
 2013-11-11 23:55:18 +00:00
Dr. Stephen Henson
5c50462e1e Typo. 2013-11-11 22:24:08 +00:00