wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12198 commits 20 branches 302 tags 153 MiB
Commit graph

12198 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dr. Stephen Henson
d31fed73e2 RFC 5649 support. 
Add support for RFC5649 key wrapping with padding.

Add RFC5649 tests to evptests.txt

Based on PR#3434 contribution by Petr Spacek <pspacek@redhat.com>.

EVP support and minor changes added by Stephen Henson.

Doxygen comment block updates by Tim Hudson.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-07-18 21:37:13 +01:00
Dr. Stephen Henson
58f4698f67 Make *Final work for key wrap again. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-07-17 23:29:14 +01:00
Dr. Stephen Henson
d12eef1501 Sanity check lengths for AES wrap algorithm. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-07-17 12:57:40 +01:00
Jeffrey Walton
d48e78f0cf Fix typo, add reference. 
PR#3456
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-07-17 12:07:37 +01:00
Matt Caswell
2097a17c57 Disabled XTS mode in enc utility as it is not supported 
PR#3442

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-07-16 20:59:35 +01:00
Andy Polyakov
e91718e80d Revert "Add GHASH for PowerISA 2.07." 
This reverts commit 927f2e5dea.
 2014-07-16 13:38:15 +02:00
Andy Polyakov
6cd13f70bb Revert "Engage GHASH for PowerISA 2.07." 
This reverts commit 14aaf883d9.
 2014-07-16 13:37:37 +02:00
Andy Polyakov
14aaf883d9 Engage GHASH for PowerISA 2.07. 2014-07-16 08:03:34 +02:00
Andy Polyakov
927f2e5dea Add GHASH for PowerISA 2.07. 2014-07-16 08:01:41 +02:00
Matt Caswell
3bd548192a Add Matt Caswell's fingerprint, and general update on the fingerprints file to bring it up to date 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-07-15 23:13:37 +01:00
Dr. Stephen Henson
ca2015a617 Clarify -Verify and PSK. 
PR#3452
 2014-07-15 20:22:39 +01:00
Dr. Stephen Henson
c8d710dc5f Fix DTLS certificate requesting code. 
Use same logic when determining when to expect a client
certificate for both TLS and DTLS.

PR#3452
 2014-07-15 18:23:13 +01:00
Dr. Stephen Henson
199772e534 Don't allow -www etc options with DTLS. 
The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.

PR#3453
 2014-07-15 12:32:41 +01:00
Rich Salz
6c0a1e2f8c Merge branch 'master' of git.openssl.org:openssl 2014-07-15 00:05:43 -04:00
Dr. Stephen Henson
1c3e9a7c67 Use case insensitive compare for servername. 
PR#3445
 2014-07-14 23:59:13 +01:00
Hubert Kario
7efd0e777e document -nextprotoneg option in man pages 
Add description of the option to advertise support of
Next Protocol Negotiation extension (-nextprotoneg) to
man pages of s_client and s_server.

PR#3444
 2014-07-14 23:42:59 +01:00
Dr. Stephen Henson
ec5a992cde Use more common name for GOST key exchange. 2014-07-14 18:31:55 +01:00
Dr. Stephen Henson
aa224e9719 Fix typo. 2014-07-14 18:31:55 +01:00
Rich Salz
9d6253cfd3 Add tags/TAGS; approved by tjh 2014-07-14 11:27:16 -04:00
Matt Caswell
f8571ce822 Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data. 
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415
 2014-07-13 22:17:39 +01:00
Peter Mosmans
924e5eda2c Add names of GOST algorithms. 
PR#3440
 2014-07-13 18:30:07 +01:00
Richard Levitte
8b5dd34091 * crypto/ui/ui_lib.c: misplaced brace in switch statement. 
Detected by dcruette@qualitesys.com
 2014-07-13 19:11:46 +02:00
Ben Laurie
c1d1b0114e Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259). 2014-07-10 17:49:02 +01:00
Matt Caswell
66816c53be Fix memory leak in BIO_free if there is no destroy function. 
Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com>

PR#3439
 2014-07-09 23:29:17 +01:00
Andy Polyakov
1b0fe79f3e x86_64 assembly pack: improve masm support. 2014-07-09 20:08:01 +02:00
Andy Polyakov
d11c70b2c2 Please Clang's sanitizer, addendum. 2014-07-08 23:06:59 +02:00
Andy Polyakov
021e5043e5 Please Clang's sanitizer. 
PR: #3424,#3423,#3422
 2014-07-08 22:24:44 +02:00
Andy Polyakov
c4f8efab34 apps/speed.c: fix compiler warnings in multiblock_speed(). 2014-07-07 17:02:26 +02:00
Andy Polyakov
07b635cceb sha[1|512]-x86_64.pl: fix logical errors with $shaext=0. 2014-07-07 17:01:07 +02:00
David Lloyd
9d23f422a3 Prevent infinite loop loading config files. 
PR#2985
 2014-07-07 13:19:57 +01:00
Viktor Dukhovni
b73ac02735 Improve X509_check_host() documentation. 
Based on feedback from Jeffrey Walton.
 2014-07-07 20:34:06 +10:00
Viktor Dukhovni
297c67fcd8 Update API to use (char *) for email addresses and hostnames 
Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
 2014-07-07 19:11:38 +10:00
Dr. Stephen Henson
ee724df75d Usage for -hack and -prexit -verify_return_error 2014-07-06 22:42:50 +01:00
Dr. Stephen Henson
cba3f1c739 Document certificate status request options. 2014-07-06 22:40:01 +01:00
Dr. Stephen Henson
a44f219c00 s_server usage for certificate status requests 2014-07-06 22:40:01 +01:00
Dr. Stephen Henson
5ecf1141a5 Sanity check keylength in PVK files. 
PR#2277
 2014-07-06 00:36:16 +01:00
Jeffrey Walton
75b7606881 Added reference to platform specific cryptographic acceleration such as AES-NI 2014-07-06 00:03:13 +01:00
Matt Caswell
fd9e244370 Fixed error in pod files with latest versions of pod2man 2014-07-06 00:03:13 +01:00
Andy Polyakov
7eb9680ae1 sha512-x86_64.pl: fix typo. 
PR: #3431
 2014-07-05 23:59:57 +02:00
Andy Polyakov
0e7a32b55e s3_pkt.c: fix typo. 2014-07-05 23:56:54 +02:00
Andy Polyakov
375a64e349 apps/speed.c: add multi-block benchmark. 2014-07-05 23:53:55 +02:00
Alan Hryngle
fdea4fff8f Return smaller of ret and f. 
PR#3418.
 2014-07-05 22:37:41 +01:00
Viktor Dukhovni
ced3d9158a Set optional peername when X509_check_host() succeeds. 
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.
 2014-07-06 01:50:50 +10:00
Viktor Dukhovni
6e661d458f New peername element in X509_VERIFY_PARAM_ID 
Declaration, memory management, accessor and documentation.
 2014-07-06 01:50:50 +10:00
Ben Laurie
d2ab55eb5b Reduce casting nastiness. 2014-07-05 15:00:53 +01:00
Ben Laurie
6835f572a9 Reduce casting nastiness. 2014-07-05 15:00:53 +01:00
Dr. Stephen Henson
7f6e957864 Don't limit message sizes in ssl3_get_cert_verify. 
PR#319 (reoponed version).
 2014-07-05 13:19:12 +01:00
Dr. Stephen Henson
55707a36cc Add license info. 2014-07-04 18:41:45 +01:00
Dr. Stephen Henson
a9661e45ac typo 
(cherry picked from commit 2cfbec1cae)
 2014-07-04 13:50:55 +01:00
Dr. Stephen Henson
b948ee27b0 Remove all RFC5878 code. 
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
 2014-07-04 13:26:35 +01:00