wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
14609 commits 20 branches 302 tags 153 MiB
Commit graph

14609 commits

This branch
This branch
All branches
Author SHA1 Message Date
Emilia Kasper
d911097d7c Fix a ** 0 mod 1 = 0 for real this time. 
Commit 2b0180c37f attempted to do this but
only hit one of many BN_mod_exp codepaths. Fix remaining variants and add
a test for each method.

Thanks to Hanno Boeck for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2015-12-14 17:39:39 +01:00
Andy Polyakov
81eae077ce crpyto/ppccpuid.pl: add FPU probe and fix OPENSSL_rdtsc. 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-12-14 16:09:25 +01:00
Andy Polyakov
2688d99989 crypto/ppccap.c: add SIGILL-free processor capability detection code. 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-12-14 16:08:49 +01:00
Hongze Zhu
f562aedae4 add malloc fail check & fix memory leak 
Signed-off-by: Hongze Zhu <hongze.zhu@gmail.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-14 17:38:56 +08:00
Viktor Dukhovni
b311b74d78 Fix erroneous SO suffix in darwin64-debug-test-64-clang target 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-13 22:43:29 -05:00
Ben Kaduk
3903e1c334 Fix typo 
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-13 22:19:22 -05:00
Viktor Dukhovni
a465ca7841 Fix option value parsing in crl2pkcs7 -certfile 
Reviewed-by: Rich Saltz <rsalz@openssl.org>
 2015-12-13 21:31:03 -05:00
Viktor Dukhovni
7eff6aa0d6 Avoid erroneous "assert(private)" failures. 
When processing a public key input via "-pubin", "private" was
sometimes erroneously set, or else not set and incorrectly asserted.

Reviewed-by: Rich salz <rsalz@openssl.org>
 2015-12-13 20:13:49 -05:00
Andy Polyakov
b974943234 x86_64 assembly pack: tune clang version detection even further. 
RT#4171

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-12-13 22:18:18 +01:00
Andy Polyakov
22c2e80f89 Configure: add framework for ChaCha and Poly1305 assembly. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-13 20:56:50 +01:00
Andy Polyakov
0c14d44254 Configure: 'reconf' to respect CROSS_COMPILE and CC. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-13 20:54:22 +01:00
Ben Laurie
d25aeabca8 Don't use EC when no-ec. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-13 16:14:35 +00:00
Ben Laurie
6c3b566497 Remove no longer existant structure member and direct references to EVP_MD_CTX internals. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-13 14:59:10 +00:00
Ben Laurie
4eacfadedc Fix (incorrect) uninitialised variable warning. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-13 12:44:46 +00:00
Dr. Stephen Henson
14e8e4d3e6 fix warning 
Reviewed-by: Ben Laurie <ben@openssl.org>
 2015-12-13 03:02:52 +00:00
Dr. Stephen Henson
7538cb82f9 remove ancient SSLeay bug workaround 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-13 00:43:43 +00:00
tjmao
3e166c136e Allow ChaCha20-Poly1305 in DTLS 
GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305
operates in neither of them but it is AEAD. This change also enables future
AEAD ciphers to be available for use with DTLS.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-12 19:30:16 -05:00
Rich Salz
5320c07193 Revert "Allow ChaCha20-Poly1305 in DTLS" 
This reverts commit 777f482d99.
Author credit missing.  Reverting this and re-committing with
an Author line.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-12 19:28:31 -05:00
Rich Salz
9e8b6f0427 Use SHA256 not MD5 as default digest. 
(Documentation update was in the MR but not the commit.  Oops.)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
 2015-12-12 19:25:25 -05:00
Ben Laurie
40abdf8e39 Support ccache. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-12-12 23:05:41 +00:00
Matt Caswell
7a93c85826 Fix compile failure with no-threads 
The async code was causing a compile failure if no-threads was used.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-12-12 14:26:22 +00:00
Dr. Stephen Henson
9391ba1b51 Add extension utility documentation. 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-12-12 14:11:20 +00:00
Dr. Stephen Henson
3a59ad98e9 add X509_up_ref() documentation 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-12-12 14:11:20 +00:00
Dr. Stephen Henson
e989e54f66 extension documentation 
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2015-12-12 14:11:20 +00:00
Kurt Roeckx
a5ecdc6af8 Use OPENSSL_NO_DTLS instead of OPENSSL_NO_DTLS1 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-12 12:07:14 +01:00
Matt Caswell
8ca8fc4804 Fix compile failure 
Fix compile failure introduced by commit 94d6151236 due to a typo.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-11 22:18:00 +00:00
Andy Polyakov
30a5f32227 evp/e_chacha20_poly1305.c: TLS interop fixes. 
Thanks to: David Benjamin of Chromuim.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 21:07:51 +01:00
Andy Polyakov
80b1247fe6 Configurations/10-main.conf: fix typos in mingw/cygwin configs. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 21:04:02 +01:00
Rich Salz
777f482d99 Allow ChaCha20-Poly1305 in DTLS 
GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305
operates in neither of them but it is AEAD. This change also enables future
AEAD ciphers to be available for use with DTLS.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-11 14:48:09 -05:00
Ben Laurie
94d6151236 Make no-dh work, plus other no-dh problems found by Richard. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 18:38:38 +00:00
Richard Levitte
ea11c6e920 make update, missed file 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-11 18:07:05 +01:00
Rich Salz
f8547f62c2 Use SHA256 not MD5 as default digest. 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
 2015-12-11 11:59:59 -05:00
Richard Levitte
6ebe8dac3e make update 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 16:18:35 +01:00
Richard Levitte
254b26af20 Adapt EVP tests to the opaque EVP_ENCODE_CTX 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 16:18:01 +01:00
Richard Levitte
601ab3151f Adapt PEM routines to the opaque EVP_ENCODE_CTX 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 16:18:01 +01:00
Richard Levitte
b518d2d5f8 Adapt BIO_f_base64 to the opaque EVP_ENCODE_CTX 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 16:18:01 +01:00
Richard Levitte
a0be4fd17b Make EVP_ENCODE_CTX opaque 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 16:18:01 +01:00
Matt Caswell
1ee3b17fa0 Fix OCB link 
The link to the OCB patent pdf changed, so the link in CHANGES needs to be
updated.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-12-11 14:15:20 +00:00
Rob Stradling
ba67253db1 Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633). 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

GH: #495, MR: #1435
 2015-12-10 19:27:40 +01:00
Viktor Dukhovni
f8137a62d9 Restore full support for EVP_CTX_create() etc. 
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 11:05:07 -05:00
Matt Caswell
278d6b3663 Prepare for 1.1.0-pre2-dev 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 14:24:22 +00:00
Matt Caswell
22c21b60af Prepare for 1.1.0-pre1 release 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 14:23:10 +00:00
Matt Caswell
ac7f47dce1 OpenSSL 1.1.0 is now in pre release 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 14:21:59 +00:00
Matt Caswell
b0cae88cc2 make update 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 14:21:59 +00:00
Richard Levitte
e798664726 Don't run rehash as part of building the openssl app 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-12-10 15:03:52 +01:00
Matt Caswell
7c31419693 Update CHANGES and NEWS for alpha release 
Misc updates to the CHANGES and NEWS files ready for the alpha release.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 13:10:32 +00:00
Matt Caswell
67f60be8c9 Ensure |rwstate| is set correctly on BIO_flush 
A BIO_flush call in the DTLS code was not correctly setting the |rwstate|
variable to SSL_WRITING. This means that SSL_get_error() will not return
SSL_ERROR_WANT_WRITE in the event of an IO retry.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 12:44:07 +00:00
Matt Caswell
2ad226e88b Fix DTLS handshake fragment retries 
If using DTLS and NBIO then if a second or subsequent handshake message
fragment hits a retry, then the retry attempt uses the wrong fragment
offset value. This commit restores the fragment offset from the last
attempt.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 12:44:07 +00:00
Andy Polyakov
02dc0b82ab evp/e_aes.c: wire hardware-assisted block function to OCB. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 13:11:46 +01:00
Andy Polyakov
bd30091c97 x86[_64] assembly pack: add optimized AES-NI OCB subroutines. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-12-10 13:11:26 +01:00