Commit graph

9998 commits

Author SHA1 Message Date
Matt Caswell
cf3792b3e4 Fixed error in pod files with latest versions of pod2man
(cherry picked from commit 07255f0a76d9d349d915e14f969b9ff2ee0d1953)
2014-07-06 00:05:01 +01:00
Alan Hryngle
e6b98d5a40 Return smaller of ret and f.
PR#3418.
(cherry picked from commit fdea4fff8f)
2014-07-05 22:38:56 +01:00
Dr. Stephen Henson
4054d95eb9 Don't limit message sizes in ssl3_get_cert_verify.
PR#319 (reoponed version).
(cherry picked from commit 7f6e957864)

Conflicts:

	ssl/s3_srvr.c
2014-07-05 13:31:53 +01:00
Dr. Stephen Henson
a05e954b66 Add license info.
(cherry picked from commit 55707a36cc)
2014-07-04 18:44:24 +01:00
Dr. Stephen Henson
ca4a339eeb typo
(cherry picked from commit 2cfbec1cae)
(cherry picked from commit a9661e45ac)
2014-07-04 18:44:18 +01:00
Rich Salz
835e32f9f6 Merge branch 'rsalz-docfixes' 2014-07-03 12:50:06 -04:00
Rich Salz
23396f5500 Close 3170, remove reference to Ariel Glenn's old 0.9.8 doc
(cherry picked from commit f1112985e8)
2014-07-03 12:44:41 -04:00
Dr. Stephen Henson
1c9b82a91f update release notes 2014-07-02 18:31:56 +01:00
Matt Smart
99657430c0 Fix doc typo.
ERR_get_error(3) references the non-existent
ERR_get_last_error_line_data instead of the one that does exist,
ERR_peek_last_error_line_data.

PR#3283
(cherry picked from commit 5cc99c6cf5)
2014-07-02 03:45:14 +01:00
Thijs Alkemade
ce20ac72b4 Make disabling last cipher work.
(cherry picked from commit 7cb472bd0d)
2014-07-02 03:33:12 +01:00
Geoff Thorpe
525b6c7585 util/mkerr.pl: fix perl warning
Gets rid of this;

defined(@array) is deprecated at ../util/mkerr.pl line 792.
        (Maybe you should just omit the defined()?)
defined(@array) is deprecated at ../util/mkerr.pl line 800.
        (Maybe you should just omit the defined()?)

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit 647f360e2e)
2014-07-02 01:50:58 +01:00
Dr. Stephen Henson
29ed482ffc ASN1 sanity check.
Primitive encodings shouldn't use indefinite length constructed
form.

PR#2438 (partial).
(cherry picked from commit 398e99fe5e)
2014-07-02 01:01:41 +01:00
Jeffrey Walton
b38db8803f Clarified that the signature's buffer size, s, is not used as an
IN parameter.

Under the old docs, the only thing stated was "at most
EVP_PKEY_size(pkey) bytes will be written". It was kind of misleading
since it appears EVP_PKEY_size(pkey) WILL be written regardless of the
signature's buffer size.

(cherry picked from commit 6e6ba36d98)
2014-06-29 23:37:12 +01:00
Dr. Stephen Henson
59899c4d1b Fix memory leak.
PR#2531.
2014-06-29 13:53:06 +01:00
Ken Ballou
eec4cc8878 Typo.
PR#3173
(cherry picked from commit 76ed5a42ea)
2014-06-29 13:39:28 +01:00
Dr. Stephen Henson
2e7124497d Show errors on CSR verification failure.
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.

PR#2875
(cherry picked from commit a30bdb55d1)
2014-06-29 13:35:01 +01:00
Dr. Stephen Henson
c0eae35b3d Make no-ssl3 no-ssl2 do more sensible things.
(cherry picked from commit 7ae6a4b659)
2014-06-29 03:05:54 +01:00
Dr. Stephen Henson
50c9141d00 Typo.
PR#3107
(cherry picked from commit 7c206db928)
2014-06-28 12:43:36 +01:00
Dr. Stephen Henson
2617a3c44d Don't disable state strings with no-ssl2
Some state strings were erronously not compiled when no-ssl2
was set.

PR#3295
(cherry picked from commit 0518a3e19e)
2014-06-28 00:56:59 +01:00
Andreas Westfeld
a7da2b8e17 Fix typo in ideatest.c
(cherry picked from commit d1d4382dcb)
2014-06-28 00:06:47 +01:00
Ken Ballou
e617a506ff Remove redundant check.
PR#3174
(cherry picked from commit fd331c0bb9b557903dd2ce88398570a3327b5ef0)
2014-06-27 23:18:25 +01:00
Dr. Stephen Henson
80640bf0bc Fix for EVP_PBE_alg_add().
In EVP_PBE_alg_add don't use the underlying NID for the cipher
as it may have a non-standard key size.

PR#3206
(cherry picked from commit efb7caef637a1de8468ca109efd355a9d0e73a45)
2014-06-27 22:59:13 +01:00
Dr. Stephen Henson
f05bce4f2f Tolerate critical AKID in CRLs.
PR#3014
(cherry picked from commit 11da66f8b1)
2014-06-27 18:50:45 +01:00
Tom Greenslade
5cd3ae9f18 Handle IPv6 addresses in OCSP_parse_url.
PR#2783
(cherry picked from commit b36f35cda9)
2014-06-27 17:31:50 +01:00
Tomas Mraz
d9d5a12823 Don't advertise ECC ciphersuits in SSLv2 compatible client hello.
PR#3374
(cherry picked from commit 0436369fcc)
2014-06-27 16:52:10 +01:00
Jeffrey Walton
06f3746c62 Clarify docs.
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.

PR#3409
(cherry picked from commit 0535c2d67c)

Add restrictions section present in other branches.

Conflicts:

	doc/ssl/SSL_CTX_add_extra_chain_cert.pod
(cherry picked from commit 86cac6d3b2)
2014-06-27 16:42:42 +01:00
Dr. Stephen Henson
14247e4f59 Memory leak and NULL dereference fixes.
PR#3403
(cherry picked from commit d2aea03829)
2014-06-27 14:53:21 +01:00
Dr. Stephen Henson
72bc04942a Remove ancient obsolete files under pkcs7.
(cherry picked from commit 7be6b27aaf)
2014-06-27 13:56:53 +01:00
Huzaifa Sidhpurwala
8e28ef0d85 Make sure BN_sqr can never return a negative value.
PR#3410
(cherry picked from commit e14e764c0d5d469da63d0819c6ffc0e1e9e7f0bb)
2014-06-26 23:50:52 +01:00
Jenny Yung
996edff7e1 Memory allocation checks.
PR#3399.
(cherry picked from commit da0d5e78bc)
2014-06-26 23:33:05 +01:00
Miod Vallat
532ee6e056 Fix off-by-one errors in ssl_cipher_get_evp()
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

Bug discovered and fixed by Miod Vallat from the OpenBSD team.

PR#3375
2014-06-22 23:22:49 +01:00
Matt Caswell
08db2cc9c1 Revert "Fix off-by-one errors in ssl_cipher_get_evp()"
This reverts commit 7e98378d15.

Incorrect attribution.
2014-06-22 23:22:33 +01:00
Dr. Stephen Henson
f25e4263fe Accept CCS after sending finished.
Allow CCS after finished has been sent by client: at this point
keys have been correctly set up so it is OK to accept CCS from
server. Without this renegotiation can sometimes fail.

PR#3400
(cherry picked from commit 99cd6a91fcb0931feaebbb4832681d40a66fad41)
2014-06-14 22:26:31 +01:00
Matt Caswell
2dc967ddd0 Fixed incorrect return code handling in ssl3_final_finish_mac.
Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.
2014-06-13 15:56:19 +01:00
Matt Caswell
a357acdd3b Revert "Fixed incorrect return code handling in ssl3_final_finish_mac"
This reverts commit e05282f8b0.

Missing attribution.
2014-06-13 15:55:57 +01:00
Kurt Cancemi
7e98378d15 Fix off-by-one errors in ssl_cipher_get_evp()
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

PR#3375
2014-06-12 21:17:30 +01:00
Ben Laurie
d663f506dc Allow the maximum value.
(Backported as a result of PR#3377 reported by Rainer Jung <rainer.jung@kippdata.de>)
2014-06-12 20:48:40 +01:00
Dr. Stephen Henson
ead6774804 Fix compilation with no-comp
(cherry picked from commit 7239a09c7b5757ed8d0e9869f3e9b03c0e11f4d1)
2014-06-11 14:33:47 +01:00
Matt Caswell
e05282f8b0 Fixed incorrect return code handling in ssl3_final_finish_mac 2014-06-10 23:29:53 +01:00
Dr. Stephen Henson
34b087c9d0 Fix null pointer errors.
PR#3394
(cherry picked from commit 7a9d59c148)
2014-06-10 14:48:12 +01:00
Dr. Stephen Henson
9f81028969 Update strength_bits for 3DES.
Fix strength_bits to 112 for 3DES.
2014-06-09 12:09:47 +01:00
Jakub Wilk
8781538f41 Create ~/.rnd with mode 0600 instead of 0666
Because of a missing include <fcntl.h> we don't have O_CREATE and don't create
the file with open() using mode 0600 but fall back to using fopen() with the
default umask followed by a chmod().

Problem found by Jakub Wilk <jwilk@debian.org>.
2014-06-08 21:29:23 +01:00
Dr. Stephen Henson
8343fdc3c7 update NEWS 2014-06-07 18:19:13 +01:00
Dr. Stephen Henson
e966578d2f Make tls_session_secret_cb work with CVE-2014-0224 fix.
If application uses tls_session_secret_cb for session resumption
set the CCS_OK flag.
(cherry picked from commit 953c592572e8811b7956cc09fbd8e98037068b58)
2014-06-07 15:27:21 +01:00
Matt Caswell
7bab3c16ff Fixed minor duplication in docs 2014-06-07 12:32:30 +01:00
Dr. Stephen Henson
e2d569973c Correct wording for website scripts. 2014-06-06 13:26:03 +01:00
Dr. Stephen Henson
caff6fc593 Add known issue. 2014-06-06 12:31:14 +01:00
Matt Caswell
ccb0398da6 Fixed Windows compilation failure 2014-06-05 20:24:36 +01:00
Dr. Stephen Henson
1f163fce81 Prepare for 1.0.0n-dev 2014-06-05 10:43:52 +01:00
Dr. Stephen Henson
4bee980bb5 Prepare for 1.0.0m release 2014-06-05 10:42:13 +01:00