Dr. Stephen Henson
8d65fdb62e
Add fix for CVE-2013-4353
...
(cherry picked from commit 6b42ed4e7104898f4b5b69337589719913b36404)
2014-01-07 15:39:21 +00:00
Dr. Stephen Henson
9bd1e2b54a
Sync NEWS.
2014-01-06 21:55:15 +00:00
Andy Polyakov
ad0d2579cf
sha/asm/sha256-armv4.pl: add NEON code path.
...
(and shave off cycle even from integer-only code)
2014-01-04 18:04:53 +01:00
Andy Polyakov
25f7117f0e
aesni-sha1-x86_64.pl: refine Atom-specific optimization.
...
(and update performance data, and fix typo)
2014-01-04 17:13:57 +01:00
Dr. Stephen Henson
5b7f36e857
Add ServerInfoFile to SSL_CONF, update docs.
2014-01-03 23:14:23 +00:00
Dr. Stephen Henson
a4339ea3ba
Use algorithm specific chains for certificates.
...
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.
Update docs.
2014-01-03 22:39:49 +00:00
Andy Polyakov
e8b0dd57c0
ssl/t1_enc.c: optimize PRF (suggested by Intel).
2014-01-03 21:52:49 +01:00
Andy Polyakov
2f3af3dc36
aesni-sha1-x86_64.pl: add stiched decrypt procedure,
...
but keep it disabled, too little gain... Add some Atom-specific
optimization.
2014-01-03 21:40:08 +01:00
Dr. Stephen Henson
b77b58a398
Don't change version number if session established
...
When sending an invalid version number alert don't change the
version number to the client version if a session is already
established.
Thanks to Marek Majkowski for additional analysis of this issue.
PR#3191
2014-01-02 15:05:44 +00:00
Dr. Stephen Henson
f6dfbeed3c
Update curve list size.
...
(cherry picked from commit cfa86987a8d9d2b8cc5e5fea2d3260c46542cdb9)
2013-12-29 16:30:35 +00:00
Andy Polyakov
926725b3d7
sparcv9cap.c: omit random detection.
...
PR: 3202
2013-12-28 13:31:14 +01:00
Andy Polyakov
e796666d34
FAQ: why SIGILL?
2013-12-28 13:20:14 +01:00
Andy Polyakov
2218c296b4
ARM assembly pack: make it work with older toolchain.
2013-12-28 12:17:08 +01:00
Dr. Stephen Henson
cd30f03ac5
Canonicalise input in CMS_verify.
...
If content is detached and not binary mode translate the input to
CRLF format. Before this change the input was verified verbatim
which lead to a discrepancy between sign and verify.
2013-12-22 00:35:29 +00:00
Dr. Stephen Henson
20b82b514d
Fix DTLS retransmission from previous session.
...
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1
)
2013-12-20 23:46:16 +00:00
Dr. Stephen Henson
560b34f2b0
Ignore NULL parameter in EVP_MD_CTX_destroy.
...
(cherry picked from commit a6c62f0c25
)
2013-12-20 23:32:25 +00:00
Andy Polyakov
fc0503a25c
sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes.
...
(and ensure stack alignment in the process)
2013-12-18 22:12:08 +01:00
Andy Polyakov
e9c80e04c1
evp/e_[aes|camellia].c: fix typo in CBC subroutine.
...
It worked because it was never called.
2013-12-18 21:42:46 +01:00
Andy Polyakov
f0f4b8f126
PPC assembly pack update addendum.
2013-12-18 21:39:15 +01:00
Andy Polyakov
cdd1acd788
sha512.c: fullfull implicit API contract in SHA512_Transform.
...
SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.
2013-12-18 21:27:35 +01:00
Andy Polyakov
128e1d101b
PPC assembly pack: improve AIX support (enable vpaes-ppc).
2013-12-18 21:19:08 +01:00
Dr. Stephen Henson
ed496b3d42
Check EVP errors for handshake digests.
...
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f
)
2013-12-18 13:29:07 +00:00
Dr. Stephen Henson
88c21c47a3
Update demo.
2013-12-18 13:28:44 +00:00
Dr. Stephen Henson
4a253652ee
Add opaque ID structure.
...
Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
(cherry picked from commit adc6bd73e3
)
Conflicts:
crypto/x509/x509_vpm.c
2013-12-13 15:42:16 +00:00
Dr. Stephen Henson
4fcdd66fff
Update to pad extension.
...
Fix padding calculation for different SSL_METHOD types. Use the
standard name as used in draft-agl-tls-padding-02
2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
102302b05b
Fix for partial chain notification.
...
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
(cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)
2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
7af31968dd
Verify parameter retrieval functions.
...
New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
(cherry picked from commit be0c9270690ed9c1799900643cab91de146de857)
2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
8a1956f3ea
Don't use rdrand engine as default unless explicitly requested.
...
(cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)
2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
e3bc1f4955
remove obsolete STATUS file
2013-12-10 00:10:05 +00:00
Dr. Stephen Henson
57d7ee3a91
Add release dates to NEWS
2013-12-10 00:08:34 +00:00
Andy Polyakov
41965a84c4
x86_64-xlate.pl: minor update.
2013-12-09 21:23:19 +01:00
Andy Polyakov
ec9cc70f72
bn/asm/x86_64-mont5.pl: add MULX/AD*X code path.
...
This also eliminates code duplication between x86_64-mont and x86_64-mont
and optimizes even original non-MULX code.
2013-12-09 21:02:24 +01:00
Andy Polyakov
d1671f4f1a
bn/asm/armv4-mont.pl: add NEON code path.
2013-12-04 22:37:49 +01:00
Andy Polyakov
26e18383ef
perlasm/ppc-xlate.pl: add support for AltiVec/VMX and VSX.
...
Suggested by: Marcello Cerri
2013-12-04 22:01:31 +01:00
Andy Polyakov
f586d97191
perlasm/ppc-xlate.pl: improve linux64le support.
...
Suggested by: Marcello Cerri
2013-12-04 21:47:43 +01:00
Andy Polyakov
a61e51220f
aes/asm/vpaes-ppc.pl: comply with ABI.
2013-12-04 21:46:40 +01:00
Andy Polyakov
34b1008c93
Configure: remove vpaes-ppc from aix targets.
...
AIX assembler doesn't hanle .align, which is essential for vpaes module.
2013-12-04 21:45:20 +01:00
Andy Polyakov
c5d5f5bd0f
bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
...
PR: 3189
Submitted by: Oscar Ciurana
2013-12-03 23:59:55 +01:00
Andy Polyakov
8bd7ca9996
crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64.
2013-12-03 22:28:48 +01:00
Andy Polyakov
31ed9a2131
crypto/bn/rsaz*: fix licensing note.
...
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
2013-12-03 22:08:29 +01:00
Andy Polyakov
6efef384c6
bn/asm/rsaz-x86_64.pl: fix prototype.
2013-12-03 09:43:06 +01:00
Dr. Stephen Henson
4b27bab993
Simplify and update openssl.spec
2013-11-30 14:11:05 +00:00
Andy Polyakov
89bb96e51d
vpaes-ppc.pl: fix bug in IV handling and comply with ABI.
2013-11-29 14:40:51 +01:00
Andy Polyakov
b9e87d07cb
ppc64-mont.pl: eliminate dependency on GPRs' upper halves.
2013-11-27 22:50:00 +01:00
Andy Polyakov
07f3e4f3f9
Take vpaes-ppc module into loop.
2013-11-27 22:39:13 +01:00
Andy Polyakov
b5c54c914f
Add Vector Permutation AES for PPC.
2013-11-27 22:32:56 +01:00
Dr. Stephen Henson
a25f9adc77
New functions to retrieve certificate from SSL_CTX
...
New functions to retrieve current certificate or private key
from an SSL_CTX.
Constify SSL_get_private_key().
2013-11-18 18:56:48 +00:00
Dr. Stephen Henson
60aeb18750
Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set
2013-11-18 16:52:10 +00:00
Dr. Stephen Henson
fdeaf55bf9
Use correct header length in ssl3_send_certifcate_request
2013-11-17 17:48:18 +00:00
Dr. Stephen Henson
0f7fa1b190
Constify.
...
(cherry picked from commit 1abfa78a8b
)
2013-11-14 21:05:36 +00:00