Commit Graph

12069 Commits

Author SHA1 Message Date
Dr. Stephen Henson
3009244da4 Set default global mask to UTF8 only. 2014-06-01 15:03:00 +01:00
David Ramos
92d81ba622 Allocate extra space when NETSCAPE_HANG_BUG defined.
Make sure there is an extra 4 bytes for server done message when
NETSCAPE_HANG_BUG is defined.

PR#3361
2014-06-01 14:27:22 +01:00
David Ramos
7e2c6f7eb0 Initialise alg.
PR#3313
2014-06-01 13:04:10 +01:00
Dr. Stephen Henson
4fdf91742e Use correct digest when exporting keying material.
PR#3319
2014-05-31 13:43:02 +01:00
Dr. Stephen Henson
7ce79a5bfd Don't compile heartbeat test code on Windows (for now). 2014-05-31 13:43:02 +01:00
Hubert Kario
9ed03faac4 add description of -attime to man page
the verify app man page didn't describe the usage of attime option
even though it was listed as a valid option in the -help message.

This patch fixes this omission.
2014-05-30 23:26:35 +01:00
Hubert Kario
08bef7be1e add description of -no_ecdhe option to s_server man page
While the -help message references this option, the man page
doesn't mention the -no_ecdhe option.
This patch fixes this omission.
2014-05-30 22:59:43 +01:00
Andy Polyakov
e09ea622bb aesv8-armx.pl: add CTR implementation.
Submitted by: Ard Biesheuvel.
2014-05-29 22:45:35 +02:00
Dr. Stephen Henson
46d889f33e Set version number correctly.
PR#3249
2014-05-29 14:33:32 +01:00
František Bořánek
4da0ddc47e Fix memory leak.
PR#3278
2014-05-29 14:33:32 +01:00
Martin Kaiser
1c4575ebc3 remove duplicate 0x for default RSASSA-PSS salt len 2014-05-29 14:33:32 +01:00
Andy Polyakov
7cbdb975c2 aesp8-ppc.pl: optimize CBC decrypt even further.
10-19% improvement depending on key length and endianness.
2014-05-29 15:10:12 +02:00
Peter Mosmans
028bac0670 Fix for test_bn regular expression to work on Windows using MSYS. PR#3346 2014-05-27 23:29:32 +01:00
Matt Caswell
3d9243f1b6 Changed -strictpem to use PEM_read_bio 2014-05-26 23:31:37 +01:00
Matt Caswell
6b5c1d940b Added -strictpem parameter to enable processing of PEM files with data prior to the BEGIN marker 2014-05-26 17:24:11 +01:00
Juli Mallett
487dac87e3 Fix cast of boolean where cast of LHS intended.
Closes #74.
2014-05-26 13:16:12 +01:00
Matt Caswell
15658d0cbf Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg 2014-05-25 23:45:12 +01:00
Ben Laurie
ba4477d649 Make it build.
Closes #31.
2014-05-25 17:35:04 +01:00
Christian Heimes
56431240ae add test case to makefiles 2014-05-25 17:35:04 +01:00
Christian Heimes
4d4a535dcf Implement tests for PKCS#5 PBKDF2 HMAC 2014-05-25 17:35:04 +01:00
Dr. Stephen Henson
0930251df8 Don't use expired certificates if possible.
When looking for the issuer of a certificate, if current candidate is
expired, continue looking. Only return an expired certificate if no valid
certificates are found.

PR#3359
2014-05-25 04:50:15 +01:00
Dr. Stephen Henson
6c21b860ba Rename vpm_int.h to x509_lcl.h 2014-05-25 04:50:14 +01:00
Matt Caswell
955376fde3 Fix for non compilation with TLS_DEBUG defined 2014-05-24 23:55:27 +01:00
Ben Laurie
894172f207 Only copy opensslconf.h at init time. 2014-05-24 15:42:18 +01:00
Martin Kaiser
c5f0b9bd86 Modify the description of -noout to match the manpage. PR#3364 2014-05-24 00:04:25 +01:00
Martin Kaiser
189ae368d9 Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352 2014-05-24 00:02:24 +01:00
Luiz Angelo Daros de Luca
dd36fce023 OpenSSL is able to generate a certificate with name constraints with any possible
subjectAltName field. The Name Contraint example in x509v3_config(5) even use IP
as an example:

	nameConstraints=permitted;IP:192.168.0.0/255.255.0.0

However, until now, the verify code for IP name contraints did not exist. Any
check with a IP Address Name Constraint results in a "unsupported name constraint
type" error.

This patch implements support for IP Address Name Constraint (v4 and v6). This code
validaded correcly certificates with multiple IPv4/IPv6 address checking against
a CA certificate with these constraints:

	permitted;IP.1=10.9.0.0/255.255.0.0
	permitted;IP.2=10.48.0.0/255.255.0.0
	permitted;IP.3=10.148.0.0/255.255.0.0
	permitted;IP.4=fdc8:123f:e31f::/ffff:ffff:ffff::

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2014-05-23 23:05:38 +01:00
Andy Polyakov
fda29b6db0 aesp8-ppc.pl: add optimized CBC decrypt. 2014-05-23 20:15:06 +02:00
Andy Polyakov
b83d09f552 vpaes-ppc.pl: comply with ABI. 2014-05-23 20:14:38 +02:00
Ben Laurie
27da939490 Merge branch 'heartbeat-test' of git://github.com/mbland/openssl 2014-05-22 22:00:17 +01:00
Mike Bland
647c70f765 Fix heartbeat_test for -DOPENSSL_NO_HEARTBEATS
Replaces the entire test with a trivial implementation when
OPENSSL_NO_HEARTBEATS is defined.
2014-05-22 15:23:10 -04:00
Ben Laurie
eb33348879 Check length first in BUF_strnlen(). 2014-05-22 10:13:22 +01:00
Matt Caswell
085ccc542a Fixed minor copy&paste error, and stray space causing rendering problem 2014-05-22 00:07:35 +01:00
Matt Caswell
df24f29ae6 Fixed unterminated B tag, causing build to fail with newer pod2man versions 2014-05-22 00:00:23 +01:00
Ben Laurie
12f1b3e79f Remove redundant test. 2014-05-21 12:03:02 +01:00
Ben Laurie
dea4a18404 Implement BUF_strnlen() and use it instead of strlen(). 2014-05-21 11:58:03 +01:00
Viktor Dukhovni
397a8e747d Fixes to host checking.
Fixes to host checking wild card support and add support for
setting host checking flags when verifying a certificate
chain.
2014-05-21 11:31:28 +01:00
Dr. Stephen Henson
558c94efc0 Fix for PKCS12_create if no-rc2 specified.
Use triple DES for certificate encryption if no-rc2 is
specified.

PR#3357
2014-05-21 11:28:58 +01:00
Dr. Stephen Henson
6f719f063c Change default cipher in smime app to des3.
PR#3357
2014-05-21 11:28:57 +01:00
Andy Polyakov
3e68273326 aesv8-armx.pl: fix typo. 2014-05-20 23:32:12 +02:00
Andy Polyakov
a0a17fcb75 aesv8-armx.pl: optimize by adding 128-bit code paths. 2014-05-20 22:50:28 +02:00
Ben Laurie
d8ac1ea77e Don't allocate more than is needed in BUF_strndup(). 2014-05-20 13:52:31 +01:00
Dr. Stephen Henson
dcca7b13e9 For portability use BUF_strndup instead of strndup. 2014-05-20 11:18:30 +01:00
Dr. Stephen Henson
6db14dbc51 Adding padding extension to trace code. 2014-05-20 11:09:04 +01:00
Dr. Stephen Henson
deffd89af3 Fix bug in signature algorithm copy. 2014-05-20 11:09:04 +01:00
Janpopan
ff626ba5f4 Fix a wrong parameter count ERR_add_error_data 2014-05-19 22:10:14 +01:00
Ben Laurie
814972e1ab Merge branch 'mbland-heartbeat-test' 2014-05-19 17:40:52 +01:00
Ben Laurie
2ec52dc3a1 Fixup for ancient compilers. 2014-05-19 17:39:41 +01:00
Mike Bland
39dd6f4549 Zero-initialize heartbeat test write buffer
The previous calls to memset() were added to tear_down() when I noticed the
test spuriously failing in opt mode, with different results each time. This
appeared to be because the allocator zeros out memory in debug mode, but not
in opt mode. Since the heartbeat functions silently drop the request on error
without modifying the contents of the write buffer, whatever random contents
were in memory before being reallocated to the write buffer used in the test
would cause nondeterministic test failures in the Heartbleed regression cases.
Adding these calls allowed the test to pass in both debug and opt modes.

Ben Laurie notified me offline that the test was aborting in
debug-ben-debug-64-clang mode, configured with GitConfigure and built with
GitMake. Looking into this, I realized the first memset() call was zeroing out
a reference count used by SSL_free() that was checked in
debug-ben-debug-64-clang mode but not in the normal debug mode.

Removing the memset() calls from tear_down() and adding a memset() for the
write buffer in set_up() addresses the issue and allows the test to
successfully execute in debug, opt, and debug-ben-debug-64-clang modes.
2014-05-19 17:39:41 +01:00
Mike Bland
f5ad068b01 More through error checks in set_up
Checks the return values of ssl_init_wbio_buffer() and ssl3_setup_buffers().
2014-05-19 17:39:41 +01:00