summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2014-09-25Prepare for 1.0.2-beta3 releaseOpenSSL_1_0_2-beta3Matt Caswell
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-09-25make updateMatt Caswell
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-09-25Added 1.0.1i CHANGES and NEWS updatesMatt Caswell
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-25Add missing testsEmilia Kasper
Accidentally omitted from commit 455b65dfab0de51c9f67b3c909311770f2b3f801 Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit fdc35a9d3e8cf4cfd9330d5df9883f42cf5648ad)
2014-09-25Add constant_time_locl.h to HEADERS,Tim Hudson
so the Win32 compile picks it up correctly. Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-09-25Add the constant time test to the VMS build and testsRichard Levitte
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-25Include "constant_time_locl.h" rather than "../constant_time_locl.h".Richard Levitte
The different -I compiler parameters will take care of the rest... Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-25Don't allow non-FIPS curves in FIPS mode.Dr. Stephen Henson
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-25Use correct function name: CMS_add1_signer()Dr. Stephen Henson
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 5886354dcca4f8445ed35b6995a035b75409590c)
2014-09-25crypto/bn/bn_nist.c: work around MSC ARM compiler bug.Andy Polyakov
RT: 3541 Reviewed-by: Emilia Kasper <emilia@openssl.org> (cherry picked from commit 8b07c005fe006044d0e4a795421447deca3c9f2c)
2014-09-25e_os.h: allow inline functions to be compiled by legacy compilers.Andy Polyakov
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 40155f408985aff2e9f1b61b7cb04a3e518633a1)
2014-09-24RT3425: constant-time evp_encEmilia Kasper
Do the final padding check in EVP_DecryptFinal_ex in constant time to avoid a timing leak from padding failure. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e) Conflicts: crypto/evp/evp_enc.c
2014-09-24RT3067: simplify patchEmilia Kasper
(Original commit adb46dbc6dd7347750df2468c93e8c34bcb93a4b) Use the new constant-time methods consistently in s3_srvr.c Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 455b65dfab0de51c9f67b3c909311770f2b3f801)
2014-09-24This change alters the processing of invalid, RSA pre-master secrets soAdam Langley
that bad encryptions are treated like random session keys in constant time. (cherry picked from commit adb46dbc6dd7347750df2468c93e8c34bcb93a4b) Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-24RT3066: rewrite RSA padding checks to be slightly more constant time.Emilia Kasper
Also tweak s3_cbc.c to use new constant-time methods. Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1 This patch is based on the original RT submission by Adam Langley <agl@chromium.org>, as well as code from BoringSSL and OpenSSL. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Conflicts: crypto/rsa/rsa_oaep.c crypto/rsa/rsa_pk1.c ssl/s3_cbc.c
2014-09-23Note i2d_re_X509_tbs and related changes in CHANGESEmilia Kasper
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-23make updateEmilia Kasper
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-09-23Add i2d_re_X509_tbsEmilia Kasper
i2d_re_X509_tbs re-encodes the TBS portion of the certificate. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit 95b1752cc7531e4b609aea166f2db1c155ab5bdd)
2014-09-23Revert "Add accessor for x509.cert_info."Emilia Kasper
This reverts commit 519ad9b3845c475d29db8b84b59bde7edecb4e70. Reviewed-by: Dr Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-23Revert "Add more accessors."Emilia Kasper
This reverts commit cacdfcb2479984d9bfcc79b623118d8af6fea169. Conflicts: crypto/x509/x509.h Reviewed-by: Dr Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-23CHANGES: mention ECP_NISTZ256.Andy Polyakov
Reviewed-by: Bodo Moeller <bodo@openssl.org> (cherry picked from commit 507efe737243d7c74a839ea90b3d7eec5eac22e7)
2014-09-22crypto/ecp_nistz256.c: harmonize error codes.Andy Polyakov
Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit be07ae9b10ea57242baa1f15291af162442531d6)
2014-09-22Fix warning.Dr. Stephen Henson
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 16e5b45f72cd69b71ca28e84044d2354e068888c)
2014-09-22crypto/ec: harmonize new code with FIPS module.Andy Polyakov
RT: 3149 Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-22Configure: engage ECP_NISTZ256.Andy Polyakov
RT: 3149 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 847147908bc7596195debb48a554a8cade2075f7) Resolved conflicts: Configure TABLE
2014-09-22Add ECP_NISTZ256 by Shay Gueron, Intel Corp.Andy Polyakov
RT: 3149 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4d3fa06fce52682bfbc503c7ded2d0289e3f8cde)
2014-09-22Reserve option to use BN_mod_exp_mont_consttime in ECDSA.Andy Polyakov
Submitted by Shay Gueron, Intel Corp. RT: 3149 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f54be179aa4cbbd944728771d7d59ed588158a12)
2014-09-22perlasm/x86_64-xlate.pl: handle inter-bank movd.Andy Polyakov
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 902b30df193afc3417a96ba72a81ed390bd50de3)
2014-09-22Configure: add configuration for crypto/ec/asm extensions.Andy Polyakov
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 6019cdd327526beb25a4c31c1ef63e72f5f8a4b0) Resolved conflicts: Configure Makefile.org TABLE
2014-09-22Fixed error introduced in commit f2be92b94dad3c6cbdf79d99a324804094cf1617Tim Hudson
that fixed PR#3450 where an existing cast masked an issue when i was changed from int to long in that commit Picked up on z/linux (s390) where sizeof(int)!=sizeof(long) Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit b5ff559ff90124c6fd53bbb49dae5edb4e821e0a)
2014-09-20Harmonize Tru64 and Linux make rules.Andy Polyakov
RT: 3333,3165 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit d475b2a3bfde8d4aceefb41b21acc3711893d2a8)
2014-09-18RT2301: GetDIBits, not GetBitmapBits in rand_winJake Goulding
GetDIBits has been around since Windows2000 and BitBitmapBits is an old Win16 compatibility function that is much slower. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 99b00fd99330afb0be46265c3e28f25f938d3221)
2014-09-11RT2772 update: c_rehash was brokenRich Salz
Move the readdir() lines out of the if statement, so that flist is available globally. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 6f46c3c3b007f1aed77bbb4d1657fab8521e2e08)
2014-09-10RT3271 update; extra; semi-colon; confuses; some;Rich Salz
Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit cb4bb56bae9404572571e8ce573ba9e48d6f7717)
2014-09-10RT2560: missing NULL check in ocsp_req_find_signerRich Salz
If we don't find a signer in the internal list, then fall through and look at the internal list; don't just return NULL. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit b2aa38a980e9fbf158aafe487fb729c492b241fb)
2014-09-09RT2196: Clear up some README wordingRich Salz
Say where to email bug reports. Mention general RT tracker info in a separate paragraph. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 468ab1c20d1f3a43a63d0516fed6c9fefb3ccf71)
2014-09-09RT3192: spurious error in DSA verifyMatt Caswell
This is funny; Ben commented in the source, Matt opend a ticket, and Rich is doing the submit. Need more code-review? :) Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit eb63bce040d1cc6147d256f516b59552c018e29b)
2014-09-09RT3271: Don't use "if !" in shell linesRich Salz
For portability don't use "if ! expr" Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit b999f66e34d19ae4d81263bc96b8b8d548d2e13c)
2014-09-09RT1909: Omit version for v1 certificatesGeoff Keating
When calling X509_set_version to set v1 certificate, that should mean that the version number field is omitted. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 1f18f50c4b0711ebe4a20038d324c0de5dce4512)
2014-09-09RT3506: typo's in ssltestKurt Cancemi
Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 4eadd11cd97ad359a2207e8e554d9fc84fce1110)
2014-09-08RT2841: Extra return in check_issuedPaul Suhler
Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 4cd1119df38b095b6981dfee993195f18ed3c619)
2014-09-08RT2626: Change default_bits from 1K to 2KKurt Roeckx
This is a more comprehensive fix. It changes all keygen apps to use 2K keys. It also changes the default to use SHA256 not SHA1. This is from Kurt's upstream Debian changes. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 44e0c2bae4bfd87d770480902618dbccde84fd81)
2014-09-08RT2272: Add old-style hash to c_rehashMatthias Andree
In addition to Matthias's change, I also added -n to not remove links. And updated the manpage. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit a787c2590e468585a1a19738e0c7f481ec91b762)
2014-09-08RT468: SSL_CTX_sess_set_cache_size wrongRich Salz
The documentation is wrong about what happens when the session cache fills up. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit e9edfc419674f20b482a9beff9c246519f9c503e)
2014-09-08RT3301: Discard too-long heartbeat requestsErik Auerswald
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit af4c6e348e4bad6303e7d214cdcf2536487aabe4)
2014-09-08RT2518: fix pod2man errorsScott Schaefer
pod2man now complains when item tags are not sequential. Also complains about missing =back and other tags. Silence the warnings; most were already done. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit fe7573042fa7f406fedb78d959659b39a7a1dcfb)
2014-09-08RT3108: OPENSSL_NO_SOCK should imply OPENSSL_NO_DGRAMRich Salz
Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit be0bd11d698677bb7dde14cde73af098da94da18)
2014-09-08RT3031: Need to #undef some names for win32Robin Lee
Copy the ifdef/undef stanza from x509.h to x509v3.h Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 83e4e03eeb22d2fbaec516a466330f2ccab22864)
2014-09-08RT2843: Remove another spurious close-comment tokenMartin Olsson
Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 683cd7c9485009efcd5b522357519f0c7e1d4c47)
2014-09-08RT2842: Remove spurious close-comment marker.Martin Olsson
Also, I (rsalz) changed "#ifdef undef" to "#if 0" Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 6b0dc6eff1a59274730802db923d55802378d011)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-15 10:19:53 +0000