openssl

Author	SHA1	Message	Date
David Brodski	8cbb153357	Fixed problem with multiple load-unload of comp zlib Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-08-26 17:34:52 -04:00
Viktor Dukhovni	208b2d541d	GH correct organizationalUnitName Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-08-26 17:31:10 -04:00
Matt Caswell	95cdad6344	Clean up reset of read/write sequences Use sizeof instead of an explicit size, and use the functions for the purpose. Reviewed-by: Rich Salz <rsalz@openssl.org>	2015-08-26 16:22:45 +01:00
Emilia Kasper	ec30e8566e	PACKET: add methods for reading length-prefixed TLS vectors. Rewrite ssl3_get_client_hello to use the new methods. Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-26 13:25:48 +02:00
Emilia Kasper	9cc3e8f1f2	Fix SSLv2-compatible ClientHello processing. If the client challenge is less than 32 bytes, it is padded with leading - not trailing - zero bytes. Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-26 13:23:24 +02:00
Emilia Kasper	2aa815c343	PACKET: constify where possible The PACKET should hold a 'const unsigned char' underneath as well but the legacy code passes the record buffer around as 'unsigned char' (to callbacks, too) so that's a bigger refactor. Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-26 13:19:12 +02:00
Alessandro Ghedini	b48357d995	GH371: Print debug info for ALPN extension Also known as RT 4106 Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-26 07:07:47 -04:00
Rich Salz	4c42ebd2f3	Remove _locked memory functions. Undocumented, unused, unnecessary (replaced by secure arena). Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-08-26 07:02:33 -04:00
Rich Salz	22dc08d00a	BN_bin2bn handle leading zero's If a binary sequence is all zero's, call BN_zero. Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-26 07:00:43 -04:00
Matt Caswell	ddcc5e5b60	Add NewSessionTicket test suite Add a set of tests for checking that NewSessionTicket messages are behaving as expected. Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-08-26 10:38:02 +01:00
Matt Caswell	8af538e5c5	Fix TLSProxy end of test detection Previously TLSProxy would detect a successful handshake once it saw the server Finished message. This causes problems with abbreviated handshakes, or if the client fails to process a message from the last server flight. This change additionally sends some application data and finishes when the client sends a CloseNotify. Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-08-26 10:38:02 +01:00
Matt Caswell	ee4ffd6fcc	Fix DTLS session ticket renewal A DTLS client will abort a handshake if the server attempts to renew the session ticket. This is caused by a state machine discrepancy between DTLS and TLS discovered during the state machine rewrite work. The bug can be demonstrated as follows: Start a DTLS s_server instance: openssl s_server -dtls Start a client and obtain a session but no ticket: openssl s_client -dtls -sess_out session.pem -no_ticket Now start a client reusing the session, but allow a ticket: openssl s_client -dtls -sess_in session.pem The client will abort the handshake. Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-08-26 10:17:49 +01:00
Chris Watts	d6dfa55038	Ignore generated *.S ARM assembly files Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Emilia Käsper <emilia@openssl.org>	2015-08-25 12:19:40 -04:00
Markus Rinne	fe50cd7ad4	RT4019: Duplicate -hmac flag in dgst.pod Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>	2015-08-25 12:15:53 -04:00
Rich Salz	32c5e0ba0f	GH372: Remove duplicate flags Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>	2015-08-25 12:10:54 -04:00
Rich Salz	2c4969708c	Small cleanup of crypto.pod Came up on the mailing list, from Ken Goldman. Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-08-24 18:21:54 -04:00
Peter Mosmans	e0d26bb36d	GH337: Need backslash before leading # Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-08-24 15:58:26 -04:00
janpopan	a847130696	RT4015: Add missing date to CHANGES Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-08-24 15:54:27 -04:00
Dr. Stephen Henson	80eab79de0	More test cases. Add DSA tests. Add tests to verify signatures against public keys. This will also check that a public key is read in correctly. Reviewed-by: Ben Laurie <ben@openssl.org>	2015-08-24 15:12:52 +01:00
Dr. Stephen Henson	9d04f83410	Add DSA digest length checks. Reviewed-by: Ben Laurie <ben@openssl.org>	2015-08-24 15:12:52 +01:00
Rich Salz	9b86974e0c	Fix L<> content in manpages L<foo\|foo> is sub-optimal If the xref is the same as the title, which is what we do, then you only need L<foo>. This fixes all 1457 occurrences in 349 files. Approximately. (And pod used to need both.) Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-08-21 15:11:50 -04:00
Richard Levitte	3da9505dc0	Add new types to indent.pro Reviewed-by: Rich Salz <rsalz@openssl.org>	2015-08-17 18:21:53 +02:00
Dmitry Belyavsky	31001f8131	Add new GOST OIDs Add new OIDs for latest GOST updates Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-17 15:34:30 +01:00
Tim Hudson	dfba17b4f3	Restore previous behaviour of only running one algorithm when -evp alg is used. Submitted by: Eric Young <eay@pobox.com> Reviewed-by: Ben Laurie <ben@openssl.org>	2015-08-17 22:20:06 +10:00
Tim Hudson	686e344918	restore usage of -elapsed that was disabled in the ifdef reorg Reviewed-by: Ben Laurie <ben@openssl.org>	2015-08-17 22:16:39 +10:00
Rich Salz	eb647452eb	GH345: Remove stderr output Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-08-16 21:08:25 -04:00
Rich Salz	4f46473a86	Move FAQ to the web. Best hope of keeping current. Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-08-16 19:02:29 -04:00
Matt Caswell	ac11233201	PACKETise CertificateRequest Process CertificateRequest messages using the PACKET API Reviewed-by: Emilia Käsper <emilia@openssl.org>	2015-08-14 17:29:21 +01:00
Matt Caswell	efcdbcbeda	PACKETise ClientKeyExchange processing Use the new PACKET code to process the CKE message Reviewed-by: Stephen Henson <steve@openssl.org>	2015-08-14 17:19:57 +01:00
Matt Caswell	561e12bbb0	PACKETise NewSessionTicket Process NewSessionTicket messages using the new PACKET API Reviewed-by: Emilia Käsper <emilia@openssl.org>	2015-08-14 17:05:46 +01:00
Matt Caswell	c83eda8c22	Fix session tickets Commit 9ceb2426b0 (PACKETise ClientHello) broke session tickets by failing to detect the session ticket extension in an incoming ClientHello. This commit fixes the bug. Reviewed-by: Emilia Käsper <emilia@openssl.org>	2015-08-14 17:00:11 +01:00
Dr. Stephen Henson	f8f5f8369d	add CCM docs Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-08-14 06:57:32 +01:00
Dr. Stephen Henson	176f85a28e	Add CCM ciphersuites from RFC6655 and RFC7251 Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-08-14 06:57:32 +01:00
Dr. Stephen Henson	3d3701ea20	ccm8 support Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-08-14 06:56:11 +01:00
Dr. Stephen Henson	e75c5a794e	CCM support. Reviewed-by: Tim Hudson <tjh@openssl.org>	2015-08-14 06:56:11 +01:00
Dr. Stephen Henson	2fd7fb99db	Update docs. Clarify and update documention for extra chain certificates. PR#3878. Reviewed-by: Rich Salz <rsalz@openssl.org>	2015-08-14 06:28:00 +01:00
Dr. Stephen Henson	6d5f8265ce	Documentation for SSL_check_chain() Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-14 06:24:38 +01:00
Richard Levitte	00bf5001f7	for test_sslvertol, add a value to display SSL version < 3 in debug Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-13 22:05:25 +02:00
Richard Levitte	4deefd6567	Fixups in libssl test harness - select an actual file handle for devnull - do not declare $msgdata twice - SKE records sometimes seem to come without sig - in SKE parsing, use and use $pub_key_len when parsing $pub_key Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-13 22:05:25 +02:00
Richard Levitte	b3a231db49	Use -I to add to @INC, and use -w to produce warnings Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-13 22:05:25 +02:00
Rich Salz	f25825c218	Fix FAQ formatting for new website. Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-13 15:47:37 -04:00
Matt Caswell	ac63710a3d	PACKETise Certificate Status message Process the Certificate Status message using the PACKET API Reviewed-by: Emilia Käsper <emilia@openssl.org>	2015-08-13 20:41:06 +01:00
Matt Caswell	bc6616a434	Enhance PACKET readability Enhance the PACKET code readability, and fix a stale comment. Thanks to Ben Kaduk (bkaduk@akamai.com) for pointing this out. Reviewed-by: Emilia Käsper <emilia@openssl.org>	2015-08-13 20:34:51 +01:00
Matt Caswell	f9f6053442	Add missing return check for PACKET_buf_init The new ClientHello PACKET code is missing a return value check. Reviewed-by: Emilia Käsper <emilia@openssl.org>	2015-08-13 20:34:51 +01:00
Ismo Puustinen	cc2829e664	GH364: Free memory on an error path Part of RT 3997 Per Ben, just jump to common exit code. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Richard Levitte <levitte@openssl.org>	2015-08-13 12:13:49 -04:00
Matt Caswell	df758a8569	PACKETise Server Certificate processing Use the PACKET API to process an incoming server Certificate message. Reviewed-by: Emilia Käsper <emilia@openssl.org>	2015-08-13 09:29:17 +01:00
Dr. Stephen Henson	2acdef5e97	Return error for unsupported modes. PR#3974 PR#3975 Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-12 13:54:56 +01:00
Dr. Stephen Henson	891eac4604	Fix memory leak if setup fails. Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-12 13:54:56 +01:00
Dr. Stephen Henson	a187e08d85	Err isn't always malloc failure. Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-12 13:54:56 +01:00
Rich Salz	ade44dcb16	Remove Gost94 signature algorithm. This was obsolete in 2001. This is not the same as Gost94 digest. Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice. Reviewed-by: Matt Caswell <matt@openssl.org>	2015-08-11 18:23:29 -04:00

... 2 3 4 5 6 ...

13945 Commits