aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2015-02-26Fix evp_extra_test.c with no-ecMatt Caswell1-0/+6
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to pass. This change adds appropriate OPENSSL_NO_EC guards around the code. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-26Remove NETSCAPE_HANG_BUGMatt Caswell2-33/+0
NETSCAPE_HANG_BUG is a workaround for a browser bug from many years ago (2000). It predates DTLS, so certainly has no place in d1_srvr.c. In s3_srvr.c it forces the ServerDone to appear in the same record as the CertificateRequest when doing client auth. BoringSSL have already made the same commit: 79ae85e4f777f94d91b7be19e8a62016cb55b3c5 Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-26Removed support for SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. Also removedMatt Caswell5-81/+3
the "-hack" option from s_server that set this option. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-25Update the SHA* documentationMatt Caswell1-15/+49
Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note the restriction on setting md to NULL with regards to thread safety. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-25Fix NAME section of d2i_ECPKParameters to prevent broken symlinks when usingRainer Jung1-1/+1
the extract-names.pl script. RT#3718 Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-25Fix some minor documentation issuesMatt Caswell2-6/+4
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25Remove pointless free, and use preferred way of calling d2i_* functionsMatt Caswell1-7/+1
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25Add dire warnings about the "reuse" capability of the d2i_* functions.Matt Caswell1-5/+13
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKeyMatt Caswell3-19/+79
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25Fix a failure to NULL a pointer freed on error.Matt Caswell1-3/+3
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org> CVE-2015-0209 Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25Import evp_test.c from BoringSSL. Unfortunately we already have a fileMatt Caswell3-20/+520
called evp_test.c, so I have called this one evp_extra_test.c Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25Add documentation for the -no_alt_chains option for various apps, as well asMatt Caswell7-18/+58
the X509_V_FLAG_NO_ALT_CHAINS flag. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-02-25Add -no_alt_chains option to apps to implement the newMatt Caswell7-1/+13
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building certificate chains, the first chain found will be the one used. Without this flag, if the first chain found is not trusted then we will keep looking to see if we can build an alternative chain instead. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-02-25Add flag to inhibit checking for alternate certificate chains. Setting thisMatt Caswell2-2/+10
behaviour will force behaviour as per previous versions of OpenSSL Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-02-25In certain situations the server provided certificate chain may no longer beMatt Caswell1-70/+105
valid. However the issuer of the leaf, or some intermediate cert is in fact in the trust store. When building a trust chain if the first attempt fails, then try to see if alternate chains could be constructed that are trusted. RT3637 RT3621 Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-02-24Remove CVS filtering from find targetsRich Salz1-2/+2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-24Move build config table to separate files.Rich Salz4-476/+513
Move the build configuration table into separate files. The Configurations file is standard configs, and Configurations.team is for openssl-team members. Any other file, Configurations*, found in the same directory as the Configure script, is loaded. To add another file, use --config=FILE flags (which should probably be an absolute path). Written by Stefen Eissing <stefan.eissing@greenbytes.de> and Rich Salz <rsalz@openssl.org>, contributed by Akamai Technologies. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-24Document -no_explicitDr. Stephen Henson1-2/+8
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-24Fix crash in SPARC T4 XTS.Andy Polyakov3-2/+3
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-24aes/asm/bsaes-armv7: fix kernel-side XTS and harmonize with Linux.Andy Polyakov1-1/+3
XTS bug spotted and fix suggested by Adrian Kotelba. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-24Don't set no_protocol if -tls1 selected.Dr. Stephen Henson1-1/+0
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-22perlasm/x86masm.pl: make it work.Andy Polyakov1-6/+6
Though this doesn't mean that masm becomes supported, the script is still provided on don't-ask-in-case-of-doubt-use-nasm basis. See RT#3650 for background. Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-22sha/asm/sha1-586.pl: fix typo.Andy Polyakov1-1/+1
The typo doesn't affect supported configuration, only unsupported masm. Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-22evp/evp_test.c: avoid crashes when referencing uninitialized pointers.Andy Polyakov1-0/+2
For some reason failure surfaced on ARM platforms. Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-22typoDr. Stephen Henson1-1/+1
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-02-22Fix null-pointer dereferenceEdgar Pek1-2/+2
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-22Fix memory leakKurt Roeckx1-0/+1
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-22Avoid a double-free in an error path.Doug Hogan1-0/+1
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-22Restore -DTERMIO/-DTERMIOS on Windows platforms.Richard Levitte1-4/+4
The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a bit too enthusiastically. Windows/DOSish platforms of all sorts get identified as OPENSSL_SYS_MSDOS, and they get a different treatment altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the configuration. The answer is to restore those macro definitions for the affected configuration targets. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-21Assume TERMIOS is default, remove TERMIO on all Linux.Richard Levitte2-97/+90
The rationale for this move is that TERMIOS is default, supported by POSIX-1.2001, and most definitely on Linux. For a few other systems, TERMIO may still be the termnial interface of preference, so we keep -DTERMIO on those in Configure. crypto/ui/ui_openssl.c is simplified in this regard, and will define TERMIOS for all systems except a select few exceptions. Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-21Add additional EC documentation.Dr. Stephen Henson3-15/+60
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-19Use named curve parameter encoding by default.Dr. Stephen Henson2-2/+3
Many applications require named curve parameter encoding instead of explicit parameter encoding (including the TLS library in OpenSSL itself). Set this encoding by default instead of requiring an explicit call to set it. Add OPENSSL_EC_EXPLICT_CURVE define. Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-14More RSA tests.Dr. Stephen Henson1-0/+34
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-13remove unused method declarationDr. Stephen Henson1-1/+1
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13size_t for buffer functions.Dr. Stephen Henson3-5/+5
Change BUF_MEM_grow and BUF_MEM_grow_clean to return size_t. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13Add leak detection, fix leaks.Dr. Stephen Henson1-6/+14
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13Add EVP_PKEY test data.Dr. Stephen Henson1-0/+136
Add some EVP_PKEY test data for sign and verify tests including failure cases. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13EVP_PKEY support for evp_testDr. Stephen Henson1-0/+272
Add two new keywords "PublicKey" and "PrivateKey". These will load a key in PEM format from the lines immediately following the keyword and assign it a name according to the value. These will be used later for public and private key testing operations. Add tests for Sign, Verify, VerifyRecover and Decrypt. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13Add CMAC test data.Dr. Stephen Henson1-0/+26
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13Add HMAC test data.Dr. Stephen Henson1-1/+96
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13MAC support for evp_testDr. Stephen Henson1-2/+166
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13New macro to set mac key.Dr. Stephen Henson2-3/+5
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13Return error code is any tests fail.Dr. Stephen Henson1-0/+2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-13Transfer a fix from 1.0.1Richard Levitte1-0/+4
manually picked from e7b85bc40200961984925604ca444517359a6067 Reviewed-by: Stephen Henson <steve@openssl.org>
2015-02-12RT937: Enable pilotAttributeType uniqueIdentifierRich Salz3-1633/+1641
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-12evp/evp.h: add missing camellia-ctr declarations.Andy Polyakov1-0/+3
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-12RT3670: Check return from BUF_MEM_grow_cleanGraeme Perrow1-1/+5
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-12RT3684: rand_egd needs stddef.hClang via Jeffrey Walton1-4/+1
And remove backup definition of offsetof. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-12Missing OPENSSL_free on error path.Eric Dequin1-0/+1
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-11Engage ecp_nistz256-armv4 module.Andy Polyakov2-3/+3
Reviewed-by: Emilia Käsper <emilia@openssl.org>
generated by cgit v1.1 at 2024-07-14 08:22:59 +0000