- Mar 04, 2015
-
-
Dr. Stephen Henson authored
Add RIPEMD160 and whirlpool test data. Add Count keyword to repeatedly call EVP_DigestUpate. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Mar 02, 2015
-
-
Dr. Stephen Henson authored
CVE-2015-0288 PR#3708 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
The format script didn't correctly recognise some ASN.1 macros and didn't reformat some files as a result. Fix script and reformat affected files. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Rich Salz authored
ACKNOWLEDGEMENTS is now spelled correctly :) README.ASN1 talked about 0.9.6, so it's deleted. I turned doc/standards.txt into a set of one-line summaries of RFCs, and also updated the pointers to original sources (to be web links) Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 01, 2015
-
-
Rich Salz authored
These ciphers are removed: TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA TLS1_CK_DHE_DSS_WITH_RC4_128_SHA They were defined in a long-expired IETF internet-draft: draft-ietf-tls-56-bit-ciphersuites-01.txt Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Feb 27, 2015
-
-
Matt Caswell authored
Some Cisco appliances use a pre-standard version number for DTLS. We support this as DTLS1_BAD_VER within the code. This change fixes d2i_SSL_SESSION for that DTLS version. Based on an original patch by David Woodhouse <dwmw2@infradead.org> RT#3704 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Added various missing return value checks in tls1_change_cipher_state. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Fixed various missing return value checks in ssl3_send_newsession_ticket. Also a mem leak on error. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Add support for skipping disabled algorithms: if an attempt to load a public or private key results in an unknown algorithm error then any test using that key is automatically skipped. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Feb 26, 2015
-
-
Matt Caswell authored
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to pass. This change adds appropriate OPENSSL_NO_EC guards around the code. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
NETSCAPE_HANG_BUG is a workaround for a browser bug from many years ago (2000). It predates DTLS, so certainly has no place in d1_srvr.c. In s3_srvr.c it forces the ServerDone to appear in the same record as the CertificateRequest when doing client auth. BoringSSL have already made the same commit: 79ae85e4f777f94d91b7be19e8a62016cb55b3c5 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
the "-hack" option from s_server that set this option. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Feb 25, 2015
-
-
Matt Caswell authored
Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note the restriction on setting md to NULL with regards to thread safety. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Rainer Jung authored
the extract-names.pl script. RT#3718 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org> CVE-2015-0209 Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
called evp_test.c, so I have called this one evp_extra_test.c Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
the X509_V_FLAG_NO_ALT_CHAINS flag. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building certificate chains, the first chain found will be the one used. Without this flag, if the first chain found is not trusted then we will keep looking to see if we can build an alternative chain instead. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
behaviour will force behaviour as per previous versions of OpenSSL Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
valid. However the issuer of the leaf, or some intermediate cert is in fact in the trust store. When building a trust chain if the first attempt fails, then try to see if alternate chains could be constructed that are trusted. RT3637 RT3621 Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Feb 24, 2015
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Move the build configuration table into separate files. The Configurations file is standard configs, and Configurations.team is for openssl-team members. Any other file, Configurations*, found in the same directory as the Configure script, is loaded. To add another file, use --config=FILE flags (which should probably be an absolute path). Written by Stefen Eissing <stefan.eissing@greenbytes.de> and Rich Salz <rsalz@openssl.org>, contributed by Akamai Technologies. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
XTS bug spotted and fix suggested by Adrian Kotelba. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Feb 22, 2015
-
-
Andy Polyakov authored
Though this doesn't mean that masm becomes supported, the script is still provided on don't-ask-in-case-of-doubt-use-nasm basis. See RT#3650 for background. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
The typo doesn't affect supported configuration, only unsupported masm. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
For some reason failure surfaced on ARM platforms. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-