openssl

Author	SHA1	Message	Date
Matt Caswell	13270477f4	Move more comments that confuse indent Conflicts: crypto/dsa/dsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl_locl.h Conflicts: crypto/bn/rsaz_exp.c crypto/evp/e_aes_cbc_hmac_sha1.c crypto/evp/e_aes_cbc_hmac_sha256.c ssl/ssl_locl.h Conflicts: crypto/ec/ec2_oct.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ecp_nistputil.c crypto/ec/ecp_oct.c crypto/modes/gcm128.c ssl/ssl_locl.h Conflicts: apps/apps.c crypto/crypto.h crypto/rand/md_rand.c ssl/d1_pkt.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_enc.c Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:52:21 +00:00
Matt Caswell	c7c7a432df	indent has problems with comments that are on the right hand side of a line. Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Conflicts: crypto/bn/bn.h crypto/ec/ec_lcl.h crypto/rsa/rsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl.h ssl/ssl3.h Conflicts: crypto/ec/ec_lcl.h ssl/tls1.h Conflicts: crypto/ec/ecp_nistp224.c crypto/evp/evp.h ssl/d1_both.c ssl/ssl.h ssl/ssl_lib.c Conflicts: crypto/bio/bss_file.c crypto/ec/ec_lcl.h crypto/evp/evp.h crypto/store/str_mem.c crypto/whrlpool/wp_block.c crypto/x509/x509_vfy.h ssl/ssl.h ssl/ssl3.h ssl/ssltest.c ssl/t1_lib.c ssl/tls1.h Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:50:57 +00:00
Matt Caswell	3e8042c38f	Additional comment changes for reformat of 0.9.8 Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:49:06 +00:00
Tim Hudson	b558c8d597	mark all block comments that need format preserving so that indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Conflicts: crypto/rc4/rc4_enc.c crypto/x509v3/v3_scts.c crypto/x509v3/v3nametest.c ssl/d1_both.c ssl/s3_srvr.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_lib.c Conflicts: crypto/asn1/a_sign.c crypto/bn/bn_div.c crypto/dsa/dsa_asn1.c crypto/ec/ecp_nistp224.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ecp_nistputil.c crypto/modes/gcm128.c crypto/opensslv.h ssl/d1_both.c ssl/heartbeat_test.c ssl/s3_clnt.c ssl/s3_srvr.c ssl/ssl_sess.c ssl/t1_lib.c test/testutil.h Conflicts: apps/openssl.c apps/ts.c apps/vms_decc_init.c crypto/aes/aes_core.c crypto/aes/aes_x86core.c crypto/dsa/dsa_ameth.c crypto/ec/ec2_mult.c crypto/evp/evp.h crypto/objects/objects.h crypto/rsa/rsa_pss.c crypto/stack/safestack.h crypto/ts/ts.h crypto/ts/ts_rsp_verify.c crypto/whrlpool/wp_dgst.c crypto/x509v3/v3_ncons.c e_os2.h engines/ccgost/gost89.c engines/ccgost/gost_ctl.c engines/ccgost/gost_keywrap.c engines/ccgost/gost_keywrap.h engines/ccgost/gost_sign.c ssl/kssl.c ssl/s3_srvr.c Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-01-22 09:48:44 +00:00
Dr. Stephen Henson	ec2fede946	Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 208a6012be3077d83df4475f32dd1b1446f3a02e) Conflicts: crypto/dsa/dsa_vrf.c	2015-01-05 16:37:10 +00:00
Dr. Stephen Henson	c22e2dd6e5	Add ASN1_TYPE_cmp and X509_ALGOR_cmp. (these are needed for certificate fingerprint fixes) Reviewed-by: Emilia Käsper <emilia@openssl.org>	2015-01-05 15:34:49 +00:00
Dr. Stephen Henson	85e776885b	PR: 2606 Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de> Reviewed by: steve Handle timezones correctly in UTCTime.	2011-09-23 13:40:06 +00:00
Dr. Stephen Henson	3e8b8b8990	Submitted by: Jonathan Dixon <joth@chromium.org> Reviewed by: steve If store is NULL set flags correctly.	2010-11-02 15:57:00 +00:00
Dr. Stephen Henson	6cb5746b65	Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), this means that some implementations will be used automatically, e.g. aesni, we do this for cryptodev anyway. Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.	2010-10-03 18:55:57 +00:00
Ben Laurie	d886975835	Fix gcc 4.6 warnings. Check TLS server hello extension length.	2010-06-12 13:18:58 +00:00
Bodo Möller	739e0e934a	Fix X509_STORE locking	2010-02-19 18:25:39 +00:00
Dr. Stephen Henson	9e5dea0ffd	PR: 2124 Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM> Check for memory allocation failures.	2009-12-09 13:41:50 +00:00
Dr. Stephen Henson	f67f815624	Update from 1.0.0-stable.	2009-06-30 11:22:25 +00:00
Dr. Stephen Henson	9aecc3e5ff	Update from 1.0.0-stable.	2009-06-26 11:34:22 +00:00
Dr. Stephen Henson	1e53b797f6	Don't check self-signed signature in X509_verify_cert(), the check just wastes processing time and doesn't add any security.	2009-06-15 14:52:38 +00:00
Dr. Stephen Henson	a78ded0b61	PR: 1700 Submitted by: "Robbins, Aharon" <aharon.robbins@intel.com> Approved by: steve@openssl.org #undef X509_EXTENSIONS for WIN32 too.	2009-04-03 16:54:04 +00:00
Dr. Stephen Henson	37afdc953e	Don't force S/MIME signing purpose: allow it to be overridden by store settings. Don't set default values in X509_VERIFY_PARAM_new(): it stops parameters being inherited properly.	2009-03-15 13:36:01 +00:00
Dr. Stephen Henson	6e7559ac7f	Update from HEAD.	2009-02-16 23:24:06 +00:00
Dr. Stephen Henson	9a6401acdf	PR: 1422 Fix return value of X509_NAME_cmp() so it works with qsort/bsearch again.	2009-02-15 12:10:39 +00:00
Andy Polyakov	f17c45611e	Backport http://cvs.openssl.org/chngview?cn=17710 from HEAD. PR: 1230	2008-12-30 13:30:57 +00:00
Dr. Stephen Henson	3795297af8	Change old obsolete email address...	2008-11-05 18:36:57 +00:00
Dr. Stephen Henson	e852835da6	Make update: delete duplicate error code.	2008-09-17 17:11:09 +00:00
Dr. Stephen Henson	d83dde6180	Merge changes to build system from fips branch.	2008-09-16 21:44:57 +00:00
Dr. Stephen Henson	8ec86dcf04	Merge minor FIPS branch changes: buffer, objects, pem, x509.	2008-09-15 19:56:12 +00:00
Dr. Stephen Henson	811e08a2c5	Update from HEAD.	2008-07-13 14:33:16 +00:00
Dr. Stephen Henson	dd6e90465d	Add support for Local Machine Keyset attribute in PKCS#12 files.	2008-06-26 23:26:52 +00:00
Dr. Stephen Henson	feb200bbb3	Don't set extended type is mbstring flag set.	2008-05-30 10:57:13 +00:00
Dr. Stephen Henson	9e7459fc5d	Backport some useful ASN1 utility functions from HEAD.	2008-04-02 11:11:51 +00:00
Dr. Stephen Henson	a523276786	Backport certificate status request TLS extension support to 0.9.8.	2007-10-12 00:00:36 +00:00
Dr. Stephen Henson	927a28ba3b	gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL. Fix various "computed value not used" warnings too.	2007-09-06 12:43:54 +00:00
Andy Polyakov	81fc4c93ef	Typo in x509_txt.c [from HEAD].	2007-05-19 18:04:21 +00:00
Dr. Stephen Henson	d1049ad93e	Fix Win32 warnings.	2007-02-18 17:23:20 +00:00
Richard Levitte	53707e2eec	After objects have been freed, NULLify the pointers so there will be no double free of those objects	2007-02-07 01:42:51 +00:00
Dr. Stephen Henson	4a0d3530e0	Update from HEAD.	2007-01-21 13:16:49 +00:00
Dr. Stephen Henson	9b945233b1	Update from HEAD.	2006-12-06 13:38:59 +00:00
Nils Larsch	66c4bb1a70	avoid duplicate entries in add_cert_dir() PR: 1407 Submitted by: Tomas Mraz <tmraz@redhat.com>	2006-12-05 21:21:10 +00:00
Nils Larsch	3c786aa6c8	allocate a new attributes entry in X509_REQ_add_extensions() if it's NULL (in case of a malformed pkcs10 request) PR: 1347 Submitted by: Remo Inverardi <invi@your.toilet.ch>	2006-12-04 19:10:58 +00:00
Ben Laurie	4636341b05	Add RFC 3779 support, contributed by ARIN.	2006-11-27 13:36:55 +00:00
Dr. Stephen Henson	115fc340cb	Rebuild error file C source files.	2006-11-21 20:14:46 +00:00
Dr. Stephen Henson	db0edc3273	Inherit check time if appropriate.	2006-05-03 13:16:02 +00:00
Nils Larsch	22d1087e16	backport recent changes from the cvs head	2006-02-08 19:16:33 +00:00
Dr. Stephen Henson	9f85fcefdc	Update filenames in makefiles	2006-02-04 01:49:36 +00:00
Dr. Stephen Henson	0fce007b8e	Add two extra verify flags functions.	2005-09-02 22:48:21 +00:00
Nils Larsch	3de6d65ea3	improved error checking and some fixes PR: 1170 Submitted by: Yair Elharrar Reviewed and edited by: Nils Larsch	2005-07-26 20:55:17 +00:00
Nils Larsch	4913b88f70	make ./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa] make all test work again (+ make update) PR: 1159	2005-07-16 11:13:10 +00:00
Andy Polyakov	2e39604021	Fix bugs in bug-fix to x509/by_dir.c [from HEAD]. PR: 1131	2005-07-03 13:15:53 +00:00
Richard Levitte	46e7a9797e	Initialise dir to avoid a compiler warning.	2005-06-23 21:49:18 +00:00
Richard Levitte	40ba0257de	Change dir_ctrl to check for the environment variable before using the default directory instead of the other way around. PR: 1131	2005-06-23 21:14:10 +00:00
Dr. Stephen Henson	ce2c19e357	Update from head.	2005-06-16 02:05:57 +00:00
Richard Levitte	8a41bcc934	Old typo... PR: 1097	2005-06-05 21:55:09 +00:00

1 2 3 4 5 ...

374 Commits