Jeffrey Walton
6e6ba36d98
Clarified that the signature's buffer size, s
, is not used as an
...
IN parameter.
Under the old docs, the only thing stated was "at most
EVP_PKEY_size(pkey) bytes will be written". It was kind of misleading
since it appears EVP_PKEY_size(pkey) WILL be written regardless of the
signature's buffer size.
2014-06-29 23:34:21 +01:00
Ben Laurie
161e0a617d
More constification.
2014-06-29 22:13:45 +01:00
ZNV
370bf1d708
Make EVP_CIPHER_CTX_copy work in GCM mode.
...
PR#3272
2014-06-29 22:01:28 +01:00
Oscar Jacobsson
7e6a01bdd4
Add 3072, 7680 and 15360 bit RSA tests to openssl speed
...
PR#3412
2014-06-29 21:38:09 +01:00
Ben Laurie
8892ce7714
Constification - mostly originally from Chromium.
2014-06-29 21:05:23 +01:00
Rich Salz
340daf6a06
Merge branch 'master' of git.openssl.org:openssl
2014-06-29 11:40:39 -04:00
Rich Salz
327f3c040e
Fix typo in message (RT 3107)
2014-06-29 11:40:05 -04:00
Dr. Stephen Henson
44724beead
Fix memory leak.
...
PR#2531
2014-06-29 13:51:30 +01:00
Ken Ballou
76ed5a42ea
Typo.
...
PR#3173
2014-06-29 13:38:55 +01:00
Dr. Stephen Henson
a30bdb55d1
Show errors on CSR verification failure.
...
If CSR verify fails in ca utility print out error messages.
Otherwise some errors give misleading output: for example
if the key size exceeds the library limit.
PR#2875
2014-06-29 13:33:44 +01:00
Dr. Stephen Henson
7ae6a4b659
Make no-ssl3 no-ssl2 do more sensible things.
2014-06-29 03:04:45 +01:00
Dr. Stephen Henson
528b1f9a9f
Clarify protocols supported.
...
Update protocols supported and note that SSLv2 is effectively disabled
by default.
PR#3184
2014-06-29 00:07:08 +01:00
Dr. Stephen Henson
0e7bda79a1
Handle BER length encoding.
...
Tolerate BER length encoding which may include leading zeroes.
PR#2746
2014-06-29 00:07:08 +01:00
Andy Polyakov
a356e488ad
x86_64 assembly pack: refine clang detection.
2014-06-28 17:23:21 +02:00
Dr. Stephen Henson
7c206db928
Typo.
...
PR#3107
2014-06-28 12:42:04 +01:00
Dr. Stephen Henson
0518a3e19e
Don't disable state strings with no-ssl2
...
Some state strings were erronously not compiled when no-ssl2
was set.
PR#3295
2014-06-28 00:54:32 +01:00
yogesh nagarkar
d183545d45
Fix compilation with -DSSL_DEBUG -DTLS_DEBUG -DKSSL_DEBUG
...
PR#3141
2014-06-28 00:40:26 +01:00
Andreas Westfeld
d1d4382dcb
Fix typo in ideatest.c
2014-06-28 00:06:13 +01:00
Ken Ballou
0b33bed969
Remove redundant check.
...
PR#3174
2014-06-27 23:19:39 +01:00
Dr. Stephen Henson
59deb33cbe
Fix for EVP_PBE_alg_add().
...
In EVP_PBE_alg_add don't use the underlying NID for the cipher
as it may have a non-standard key size.
PR#3206
2014-06-27 23:19:39 +01:00
Andy Polyakov
406d4af050
bn/asm/rsaz-avx2.pl: fix occasional failures.
2014-06-27 22:41:58 +02:00
Rich Salz
a0490e02c7
RT 487. Mention that generated primes are "at least" B<bits> long.
2014-06-27 15:59:08 -04:00
Dr. Stephen Henson
11da66f8b1
Tolerate critical AKID in CRLs.
...
PR#3014
2014-06-27 18:49:32 +01:00
PK
e633248921
Add SHA256 Camellia ciphersuites from RFC5932
...
PR#2800
2014-06-27 18:24:05 +01:00
Tom Greenslade
b36f35cda9
Handle IPv6 addresses in OCSP_parse_url.
...
PR#2783
2014-06-27 17:30:59 +01:00
Tomas Mraz
0436369fcc
Don't advertise ECC ciphersuits in SSLv2 compatible client hello.
...
PR#3374
2014-06-27 16:51:26 +01:00
Jeffrey Walton
0535c2d67c
Clarify docs.
...
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.
PR#3409
2014-06-27 16:39:11 +01:00
Dr. Stephen Henson
abac8e0e08
Rebuild OID table.
2014-06-27 14:35:07 +01:00
Dr. Stephen Henson
95791bf941
Fix OID encoding for one component.
...
OIDs with one component don't have an encoding.
PR#2556 (Bug#1)
2014-06-27 14:35:07 +01:00
Dr. Stephen Henson
d2aea03829
Memory leak and NULL dereference fixes.
...
PR#3403
2014-06-27 14:35:07 +01:00
Huzaifa Sidhpurwala
3b3b69ab25
Make sure BN_sqr can never return a negative value.
...
PR#3410
2014-06-26 23:56:34 +01:00
Dr. Stephen Henson
7be6b27aaf
Remove ancient obsolete files under pkcs7.
2014-06-26 23:56:34 +01:00
Andy Polyakov
f3f620e1e0
bn_exp.c: move check for AD*X to rsaz-avx2.pl.
...
This ensures high performance is situations when assembler supports
AVX2, but not AD*X.
2014-06-27 00:07:15 +02:00
Andy Polyakov
052ecf91d2
aesp8-ppc.pl: rigid input verification in key setup.
2014-06-25 22:13:17 +02:00
Andy Polyakov
7b8c8c4d79
aesv8-armx.pl: rigid input verification in key setup.
2014-06-25 22:10:45 +02:00
Andy Polyakov
7eb0488280
x86_64 assembly pack: addendum to last clang commit.
2014-06-24 08:37:05 +02:00
Andy Polyakov
ac171925ab
x86_64 assembly pack: allow clang to compile AVX code.
2014-06-24 08:24:25 +02:00
Andy Polyakov
015364baf3
aesv8-armx.pl: inclrease interleave factor.
...
This is to compensate for higher aes* instruction latency on Cortex-A57.
2014-06-24 08:08:58 +02:00
Andy Polyakov
0f777aeb50
ARMv8 assembly pack: add Cortex performance numbers.
2014-06-24 08:06:05 +02:00
Viktor Dukhovni
eef1827f89
One more typo when changing !result to result <= 0
2014-06-23 16:26:34 +01:00
Viktor Dukhovni
90b70a6a6b
Fix typo in last commit
2014-06-22 20:39:52 -04:00
Viktor Dukhovni
8abffa4a73
Multiple verifier reference identities.
...
Implemented as STACK_OF(OPENSSL_STRING).
2014-06-22 20:32:35 -04:00
Viktor Dukhovni
66d884f067
Implement sk_deep_copy.
2014-06-22 20:24:18 -04:00
Viktor Dukhovni
29edebe95c
More complete input validation of X509_check_mumble
2014-06-22 20:18:53 -04:00
Viktor Dukhovni
a48fb0400c
X509_check_mumble() failure is <= 0, not just 0
2014-06-22 20:14:53 -04:00
Viktor Dukhovni
b3012c698a
Drop hostlen from X509_VERIFY_PARAM_ID.
...
Just store NUL-terminated strings. This works better when we add
support for multiple hostnames.
2014-06-22 19:52:44 -04:00
Viktor Dukhovni
d241b80409
More complete X509_check_host documentation.
2014-06-22 19:50:02 -04:00
Miod Vallat
2841d6ca9f
Fix off-by-one errors in ssl_cipher_get_evp()
...
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.
Bug discovered and fixed by Miod Vallat from the OpenBSD team.
PR#3375
2014-06-22 23:14:19 +01:00
Matt Caswell
cf1b08cdd7
Revert "Fix off-by-one errors in ssl_cipher_get_evp()"
...
This reverts commit abfb989fe0
.
Incorrect attribution
2014-06-22 22:35:56 +01:00
Matt Caswell
339da43d6c
Fixed Windows compilation failure
2014-06-22 20:16:47 +02:00