Matt Caswell
03e1b3a153
Make binary curve ASN.1 work in FIPS mode.
...
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
(cherry picked from commit 94782e0e9c
)
2013-03-26 16:58:40 +00:00
Dr. Stephen Henson
9c95ff968a
Disable compression for DTLS.
...
The only standard compression method is stateful and is incompatible with
DTLS.
(cherry picked from commit e14b8410ca
)
2013-03-19 13:47:29 +00:00
Andy Polyakov
96b680f210
x86cpuid.pl: make it work with older CPUs.
...
PR: 3005
(cherry picked from commit 5702e965d7
)
2013-03-18 19:50:23 +01:00
Andy Polyakov
9ab3ce1246
e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms.
...
PR: 3002
(cherry picked from commit 5c60046553
)
2013-03-18 19:35:48 +01:00
Michael Tuexen
3972dbe462
Avoid unnecessary fragmentation.
...
(cherry picked from commit 80ccc66d7e
)
2013-03-18 14:33:09 +00:00
Dr. Stephen Henson
85615e33e5
Encode INTEGER correctly.
...
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit 1643edc63c
)
2013-03-18 14:21:56 +00:00
Dr. Stephen Henson
f4cfc3444a
Merge branch 'OpenSSL_1_0_1-stable' of ../openssl into OpenSSL_1_0_1-stable
2013-03-18 14:00:13 +00:00
Dr. Stephen Henson
24f599af21
Typo.
...
(cherry picked from commit 1546fb780b
)
2013-03-18 13:59:44 +00:00
Andy Polyakov
bca0d7fdb5
x86_64-gf2m.pl: fix typo.
...
(cherry picked from commit 342dbbbe4e
)
2013-03-01 22:38:11 +01:00
Andy Polyakov
bc4ae2cb0b
x86_64-gf2m.pl: add missing Windows build fix for #2963 .
...
PR: 3004
(cherry picked from commit 7c43601d44
)
2013-03-01 21:58:08 +01:00
Andy Polyakov
ef4b9f001a
bn_nist.c: cumulative update from master.
...
PR: 2981, 2837
2013-02-16 11:40:35 +01:00
Nick Alcock
08f8933fa3
Fix POD errors to stop make install_docs dying with pod2man 2.5.0+
...
podlators 2.5.0 has switched to dying on POD syntax errors. This means
that a bunch of long-standing erroneous POD in the openssl documentation
now leads to fatal errors from pod2man, halting installation.
Unfortunately POD constraints mean that you have to sort numeric lists
in ascending order if they start with 1: you cannot do 1, 0, 2 even if
you want 1 to appear first. I've reshuffled such (alas, I wish there
were a better way but I don't know of one).
(cherry picked from commit 5cc2707742
)
2013-02-15 19:40:09 +01:00
Andy Polyakov
41958376b5
cms-test.pl: make it work with not-so-latest perl.
...
(cherry picked from commit 9c437e2fad
)
2013-02-14 16:39:33 +01:00
David Woodhouse
9fe4603b82
Check DTLS_BAD_VER for version number.
...
The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.
PR:2984
(cherry picked from commit d980abb22e
)
2013-02-12 15:16:05 +00:00
Dr. Stephen Henson
147dbb2fe3
Fix for SSL_get_certificate
...
Now we set the current certificate to the one used by a server
there is no need to call ssl_get_server_send_cert which will
fail if we haven't sent a certificate yet.
2013-02-11 18:24:03 +00:00
Dr. Stephen Henson
cbf9b4aed3
Fix in ssltest is no-ssl2 configured
2013-02-11 18:17:50 +00:00
Dr. Stephen Henson
625a55324f
update CHANGES
2013-02-11 16:35:10 +00:00
Dr. Stephen Henson
3151e328e0
prepare for next version
2013-02-11 16:14:11 +00:00
Dr. Stephen Henson
46ebd9e3bb
use 10240 for record size
...
Workaround for non-compliant tar files sometimes created by "make dist".
2013-02-11 15:21:21 +00:00
Dr. Stephen Henson
f66db68e1f
prepare for release
2013-02-11 11:57:46 +00:00
Dr. Stephen Henson
0c4b72e9c0
Update NEWS
2013-02-11 11:54:10 +00:00
Lutz Jaenicke
f88dbb8385
FAQ/README: we are now using Git instead of CVS
2013-02-11 11:29:05 +01:00
Andy Polyakov
1113fc31ba
sparccpuid.S: work around emulator bug on T1.
...
(cherry picked from commit 3caeef94bd
)
2013-02-11 10:41:57 +01:00
Andy Polyakov
0898147090
ssl/*: fix linking errors with no-srtp.
2013-02-09 19:52:07 +01:00
Andy Polyakov
4d8da30fc1
ssl/s3_[clnt|srvr].c: fix warnings.
2013-02-09 19:50:34 +01:00
Andy Polyakov
579f3a631e
s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal.
...
(cherry picked from commit f93a41877d
)
2013-02-08 21:37:07 +01:00
Andy Polyakov
47061af106
s3_cbc.c: get rid of expensive divisions [from master].
...
(cherry picked from commit e9baceab5a
)
2013-02-08 17:00:46 +01:00
Andy Polyakov
13e225300f
e_aes_cbc_hmac_sha1.c: fine-tune cache line alignment.
...
With previous commit it also ensures that valgrind is happy.
2013-02-08 09:45:09 +01:00
Ben Laurie
26bc56d014
Add clang target.
2013-02-07 16:17:43 -08:00
Ben Laurie
496681cd51
Remove extraneous brackets (clang doesn't like them).
2013-02-07 16:17:43 -08:00
Andy Polyakov
746c6f3a53
e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line.
2013-02-07 23:04:31 +01:00
Andy Polyakov
8545f73b89
ssl/[d1|s3]_pkt.c: harmomize orig_len handling.
2013-02-07 22:47:05 +01:00
Dr. Stephen Henson
32cc2479b4
Fix IV check and padding removal.
...
Fix the calculation that checks there is enough room in a record
after removing padding and optional explicit IV. (by Steve)
For AEAD remove the correct number of padding bytes (by Andy)
2013-02-07 21:06:37 +00:00
Adam Langley
f306b87d76
Fix for EXP-RC2-CBC-MD5
...
MD5 should use little endian order. Fortunately the only ciphersuite
affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which
is a rarely used export grade ciphersuite.
2013-02-06 16:05:40 +00:00
Dr. Stephen Henson
41cf07f0ec
prepare for next version
2013-02-06 02:26:24 +00:00
Dr. Stephen Henson
62f4033381
typo
2013-02-04 23:12:58 +00:00
Dr. Stephen Henson
f9f6a8f96c
Prepare for release.
2013-02-04 22:40:10 +00:00
Dr. Stephen Henson
df0d93564e
typo
2013-02-04 22:39:37 +00:00
Dr. Stephen Henson
0d589ac150
make update
2013-02-04 21:29:41 +00:00
Dr. Stephen Henson
35d732fc2e
Fix error codes.
2013-02-04 21:13:18 +00:00
Dr. Stephen Henson
896ddb9851
Reword NEWS entry.
2013-02-04 20:48:45 +00:00
Dr. Stephen Henson
e630b3c218
Update NEWS
2013-02-04 20:47:36 +00:00
Dr. Stephen Henson
f1ca56a69f
Add CHANGES entries.
2013-02-04 20:37:46 +00:00
Andy Polyakov
529d27ea47
e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret.
2013-02-03 20:04:39 +01:00
Andy Polyakov
b2226c6c83
bn_word.c: fix overflow bug in BN_add_word.
...
(cherry picked from commit 134c00659a
)
2013-02-02 22:39:00 +01:00
Andy Polyakov
024de2174b
x86_64 assembly pack: keep making Windows build more robust.
...
PR: 2963 and a number of others
(cherry picked from commit 4568182a8b
)
2013-02-02 22:26:20 +01:00
Andy Polyakov
125093b59f
e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues.
...
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
2013-02-02 19:35:09 +01:00
Ben Laurie
f3e99ea072
Merge remote-tracking branch 'origin/OpenSSL_1_0_1-stable' into OpenSSL_1_0_1-stable
2013-02-01 19:04:26 +00:00
Andy Polyakov
8bfd4c659f
ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.
...
Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
2013-02-01 15:54:37 +01:00
Andy Polyakov
ec07246a08
ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.
2013-02-01 15:34:09 +01:00