Commit graph

11797 commits

Author SHA1 Message Date
Dr. Stephen Henson
8d65fdb62e Add fix for CVE-2013-4353
(cherry picked from commit 6b42ed4e7104898f4b5b69337589719913b36404)
2014-01-07 15:39:21 +00:00
Dr. Stephen Henson
9bd1e2b54a Sync NEWS. 2014-01-06 21:55:15 +00:00
Andy Polyakov
ad0d2579cf sha/asm/sha256-armv4.pl: add NEON code path.
(and shave off cycle even from integer-only code)
2014-01-04 18:04:53 +01:00
Andy Polyakov
25f7117f0e aesni-sha1-x86_64.pl: refine Atom-specific optimization.
(and update performance data, and fix typo)
2014-01-04 17:13:57 +01:00
Dr. Stephen Henson
5b7f36e857 Add ServerInfoFile to SSL_CONF, update docs. 2014-01-03 23:14:23 +00:00
Dr. Stephen Henson
a4339ea3ba Use algorithm specific chains for certificates.
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.

Update docs.
2014-01-03 22:39:49 +00:00
Andy Polyakov
e8b0dd57c0 ssl/t1_enc.c: optimize PRF (suggested by Intel). 2014-01-03 21:52:49 +01:00
Andy Polyakov
2f3af3dc36 aesni-sha1-x86_64.pl: add stiched decrypt procedure,
but keep it disabled, too little gain... Add some Atom-specific
optimization.
2014-01-03 21:40:08 +01:00
Dr. Stephen Henson
b77b58a398 Don't change version number if session established
When sending an invalid version number alert don't change the
version number to the client version if a session is already
established.

Thanks to Marek Majkowski for additional analysis of this issue.

PR#3191
2014-01-02 15:05:44 +00:00
Dr. Stephen Henson
f6dfbeed3c Update curve list size.
(cherry picked from commit cfa86987a8d9d2b8cc5e5fea2d3260c46542cdb9)
2013-12-29 16:30:35 +00:00
Andy Polyakov
926725b3d7 sparcv9cap.c: omit random detection.
PR: 3202
2013-12-28 13:31:14 +01:00
Andy Polyakov
e796666d34 FAQ: why SIGILL? 2013-12-28 13:20:14 +01:00
Andy Polyakov
2218c296b4 ARM assembly pack: make it work with older toolchain. 2013-12-28 12:17:08 +01:00
Dr. Stephen Henson
cd30f03ac5 Canonicalise input in CMS_verify.
If content is detached and not binary mode translate the input to
CRLF format. Before this change the input was verified verbatim
which lead to a discrepancy between sign and verify.
2013-12-22 00:35:29 +00:00
Dr. Stephen Henson
20b82b514d Fix DTLS retransmission from previous session.
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1)
2013-12-20 23:46:16 +00:00
Dr. Stephen Henson
560b34f2b0 Ignore NULL parameter in EVP_MD_CTX_destroy.
(cherry picked from commit a6c62f0c25)
2013-12-20 23:32:25 +00:00
Andy Polyakov
fc0503a25c sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes.
(and ensure stack alignment in the process)
2013-12-18 22:12:08 +01:00
Andy Polyakov
e9c80e04c1 evp/e_[aes|camellia].c: fix typo in CBC subroutine.
It worked because it was never called.
2013-12-18 21:42:46 +01:00
Andy Polyakov
f0f4b8f126 PPC assembly pack update addendum. 2013-12-18 21:39:15 +01:00
Andy Polyakov
cdd1acd788 sha512.c: fullfull implicit API contract in SHA512_Transform.
SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.
2013-12-18 21:27:35 +01:00
Andy Polyakov
128e1d101b PPC assembly pack: improve AIX support (enable vpaes-ppc). 2013-12-18 21:19:08 +01:00
Dr. Stephen Henson
ed496b3d42 Check EVP errors for handshake digests.
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f)
2013-12-18 13:29:07 +00:00
Dr. Stephen Henson
88c21c47a3 Update demo. 2013-12-18 13:28:44 +00:00
Dr. Stephen Henson
4a253652ee Add opaque ID structure.
Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
(cherry picked from commit adc6bd73e3)

Conflicts:

	crypto/x509/x509_vpm.c
2013-12-13 15:42:16 +00:00
Dr. Stephen Henson
4fcdd66fff Update to pad extension.
Fix padding calculation for different SSL_METHOD types. Use the
standard name as used in draft-agl-tls-padding-02
2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
102302b05b Fix for partial chain notification.
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
(cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)
2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
7af31968dd Verify parameter retrieval functions.
New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
(cherry picked from commit be0c9270690ed9c1799900643cab91de146de857)
2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
8a1956f3ea Don't use rdrand engine as default unless explicitly requested.
(cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)
2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
e3bc1f4955 remove obsolete STATUS file 2013-12-10 00:10:05 +00:00
Dr. Stephen Henson
57d7ee3a91 Add release dates to NEWS 2013-12-10 00:08:34 +00:00
Andy Polyakov
41965a84c4 x86_64-xlate.pl: minor update. 2013-12-09 21:23:19 +01:00
Andy Polyakov
ec9cc70f72 bn/asm/x86_64-mont5.pl: add MULX/AD*X code path.
This also eliminates code duplication between x86_64-mont and x86_64-mont
and optimizes even original non-MULX code.
2013-12-09 21:02:24 +01:00
Andy Polyakov
d1671f4f1a bn/asm/armv4-mont.pl: add NEON code path. 2013-12-04 22:37:49 +01:00
Andy Polyakov
26e18383ef perlasm/ppc-xlate.pl: add support for AltiVec/VMX and VSX.
Suggested by: Marcello Cerri
2013-12-04 22:01:31 +01:00
Andy Polyakov
f586d97191 perlasm/ppc-xlate.pl: improve linux64le support.
Suggested by: Marcello Cerri
2013-12-04 21:47:43 +01:00
Andy Polyakov
a61e51220f aes/asm/vpaes-ppc.pl: comply with ABI. 2013-12-04 21:46:40 +01:00
Andy Polyakov
34b1008c93 Configure: remove vpaes-ppc from aix targets.
AIX assembler doesn't hanle .align, which is essential for vpaes module.
2013-12-04 21:45:20 +01:00
Andy Polyakov
c5d5f5bd0f bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
PR: 3189
Submitted by: Oscar Ciurana
2013-12-03 23:59:55 +01:00
Andy Polyakov
8bd7ca9996 crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64. 2013-12-03 22:28:48 +01:00
Andy Polyakov
31ed9a2131 crypto/bn/rsaz*: fix licensing note.
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
2013-12-03 22:08:29 +01:00
Andy Polyakov
6efef384c6 bn/asm/rsaz-x86_64.pl: fix prototype. 2013-12-03 09:43:06 +01:00
Dr. Stephen Henson
4b27bab993 Simplify and update openssl.spec 2013-11-30 14:11:05 +00:00
Andy Polyakov
89bb96e51d vpaes-ppc.pl: fix bug in IV handling and comply with ABI. 2013-11-29 14:40:51 +01:00
Andy Polyakov
b9e87d07cb ppc64-mont.pl: eliminate dependency on GPRs' upper halves. 2013-11-27 22:50:00 +01:00
Andy Polyakov
07f3e4f3f9 Take vpaes-ppc module into loop. 2013-11-27 22:39:13 +01:00
Andy Polyakov
b5c54c914f Add Vector Permutation AES for PPC. 2013-11-27 22:32:56 +01:00
Dr. Stephen Henson
a25f9adc77 New functions to retrieve certificate from SSL_CTX
New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().
2013-11-18 18:56:48 +00:00
Dr. Stephen Henson
60aeb18750 Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set 2013-11-18 16:52:10 +00:00
Dr. Stephen Henson
fdeaf55bf9 Use correct header length in ssl3_send_certifcate_request 2013-11-17 17:48:18 +00:00
Dr. Stephen Henson
0f7fa1b190 Constify.
(cherry picked from commit 1abfa78a8b)
2013-11-14 21:05:36 +00:00