Dr. Stephen Henson
546d6760b9
Update curve list size.
2013-12-29 16:30:34 +00:00
Andy Polyakov
ccbb8d5e95
sparcv9cap.c: omit random detection.
...
PR: 3202
(cherry picked from commit 926725b3d7
)
2013-12-28 13:32:45 +01:00
Andy Polyakov
d7d7e7b038
ARM assembly pack: make it work with older toolchain.
...
(cherry picked from commit 2218c296b4
)
2013-12-28 12:18:11 +01:00
Dr. Stephen Henson
80b6d97585
Fix DTLS retransmission from previous session.
...
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1
)
2013-12-20 23:25:41 +00:00
Dr. Stephen Henson
ff64ab32ae
Ignore NULL parameter in EVP_MD_CTX_destroy.
...
(cherry picked from commit a6c62f0c25
)
2013-12-20 23:24:26 +00:00
Andy Polyakov
fc9c9e47f7
sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes.
...
(and ensure stack alignment in the process)
(cherry picked from commit fc0503a25c
)
2013-12-18 22:57:14 +01:00
Andy Polyakov
68e6ac4379
evp/e_[aes|camellia].c: fix typo in CBC subroutine.
...
It worked because it was never called.
(cherry picked from commit e9c80e04c1
)
2013-12-18 22:56:24 +01:00
Andy Polyakov
e34b7e99fd
sha512.c: fullfull implicit API contract in SHA512_Transform.
...
SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.
(cherry picked from commit cdd1acd788
)
2013-12-18 22:56:00 +01:00
Dr. Stephen Henson
a32ba49352
Check EVP errors for handshake digests.
...
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f
)
2013-12-18 13:27:15 +00:00
Dr. Stephen Henson
3a0c71541b
verify parameter enumeration functions
...
(cherry picked from commit 9b3d75706e
)
Conflicts:
crypto/x509/x509_vpm.c
2013-12-13 15:52:27 +00:00
Dr. Stephen Henson
adc6bd73e3
Add opaque ID structure.
...
Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
2013-12-13 15:36:31 +00:00
Dr. Stephen Henson
8c6d8c2a49
Backport TLS padding extension from master.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
53a8f8c26d
Fix for partial chain notification.
...
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
bf4863b3f5
Verify parameter retrieval functions.
...
New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
8f68678989
Don't use rdrand engine as default unless explicitly requested.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
57c4e42d75
Get FIPS checking logic right.
...
We need to lock when *not* in FIPS mode.
2013-12-10 12:52:27 +00:00
Dr. Stephen Henson
ff672cf8dd
remove obsolete STATUS file
2013-12-10 00:10:41 +00:00
Dr. Stephen Henson
d43b040773
Add release dates to NEWS
2013-12-10 00:08:33 +00:00
Andy Polyakov
422c8c36e5
ARM assembly pack: SHA update from master.
2013-12-09 23:53:42 +01:00
Andy Polyakov
b76310ba74
ARM assembly pack: AES update from master (including bit-sliced module).
2013-12-09 23:44:45 +01:00
Andy Polyakov
c012f6e576
bn/asm/armv4-mont.pl: add NEON code path.
...
(cherry picked from commit d1671f4f1a
)
2013-12-09 22:46:29 +01:00
Andy Polyakov
cf6d55961c
crypto/bn/asm/x86_64-mont*.pl: update from master.
...
Add MULX/AD*X code paths and optimize even original code path.
2013-12-09 22:40:53 +01:00
Andy Polyakov
3aa1b1ccbb
x86_64-xlate.pl: fix jrcxz in nasm case.
...
(cherry picked from commit 667053a2f3
)
2013-12-09 22:19:34 +01:00
Andy Polyakov
3dcae82fa9
x86_64-xlate.pl: minor update.
...
(cherry picked from commit 41965a84c4
)
2013-12-09 21:53:41 +01:00
Dr. Stephen Henson
86b81ecb73
update $default_depflags
2013-12-08 13:21:02 +00:00
Dr. Stephen Henson
c43dc3dd77
Avoid multiple locks in FIPS mode.
...
PR: 3176.
In FIPS mode ssleay_rand_bytes is only used for PRNG seeding and is
performed in either a single threaded context (when the PRNG is first
initialised) or under a lock (reseeding). To avoid multiple locks disable
use of CRYPTO_LOCK_RAND in FIPS mode in ssleay_rand_bytes.
2013-12-08 13:21:02 +00:00
Andy Polyakov
e5eab8a199
bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
...
PR: 3189
Submitted by: Oscar Ciurana
(cherry picked from commit c5d5f5bd0f
)
2013-12-04 00:02:18 +01:00
Andy Polyakov
7bab6eb6f0
crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64.
...
(cherry picked from commit 8bd7ca9996
)
2013-12-03 22:30:00 +01:00
Andy Polyakov
87d9526d0c
crypto/bn/rsaz*: fix licensing note.
...
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
asm/rsaz-x86_64.pl: sync from master.
(cherry picked from commit 31ed9a2131
)
2013-12-03 22:17:55 +01:00
Andy Polyakov
36982f056a
bn/asm/rsaz-x86_64.pl: fix prototype.
...
(cherry picked from commit 6efef384c6
)
2013-12-03 09:44:24 +01:00
Dr. Stephen Henson
c97ec5631b
Fix warning.
2013-12-01 23:30:21 +00:00
Dr. Stephen Henson
fdb0d5dd8f
Change header order to pick up OPENSSL_SYS_WIN32
2013-12-01 23:29:40 +00:00
Dr. Stephen Henson
81b6dfe40d
Recongnise no-dane and no-libunbound
2013-12-01 23:12:27 +00:00
Dr. Stephen Henson
bc35b8e435
make update
2013-12-01 23:09:44 +00:00
Dr. Stephen Henson
6859f3fc12
Fix warnings.
2013-12-01 23:08:13 +00:00
Dr. Stephen Henson
8b2d5cc4a7
WIN32 fixes.
2013-12-01 23:07:18 +00:00
Dr. Stephen Henson
74184b6f21
RSAX no longer compiled.
2013-12-01 23:06:33 +00:00
Dr. Stephen Henson
6416aed586
Simplify and update openssl.spec
2013-11-27 15:35:02 +00:00
Dr. Stephen Henson
2a1b7bd380
New functions to retrieve certificate from SSL_CTX
...
New functions to retrieve current certificate or private key
from an SSL_CTX.
Constify SSL_get_private_key().
(cherry picked from commit a25f9adc77
)
2013-11-18 18:59:18 +00:00
Dr. Stephen Henson
4bba0bda61
Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set
...
(cherry picked from commit 60aeb18750
)
2013-11-18 18:59:03 +00:00
Dr. Stephen Henson
27baa8317a
Use correct header length in ssl3_send_certifcate_request
...
(cherry picked from commit fdeaf55bf9
)
2013-11-17 17:50:11 +00:00
Dr. Stephen Henson
1abfa78a8b
Constify.
2013-11-14 21:00:40 +00:00
Piotr Sikora
edc687ba0f
Fix compilation with no-nextprotoneg.
...
PR#3106
2013-11-14 01:20:58 +00:00
Dr. Stephen Henson
ff0bdbed85
Allow match selecting of current certificate.
...
If pointer comparison for current certificate fails check
to see if a match using X509_cmp succeeds for the current
certificate: this is useful for cases where the certificate
pointer is not available.
(cherry picked from commit 6856b288a6e66edd23907b7fa264f42e05ac9fc7)
2013-11-13 23:47:49 +00:00
Rob Stradling
dc4bdf592f
Additional "chain_cert" functions.
...
PR#3169
This patch, which currently applies successfully against master and
1_0_2, adds the following functions:
SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.
SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.
SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.
The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.
(cherry picked from commit 2f56c9c015dbca45379c9a725915b3b8e765a119)
2013-11-13 23:47:37 +00:00
Krzysztof Kwiatkowski
b03d0513d0
Delete duplicate entry.
...
PR#3172
(cherry picked from commit 4f055e34c3598cad00fca097d812fa3e6436d967)
2013-11-13 23:47:26 +00:00
Andy Polyakov
0de70011ad
srp/srp_grps.h: make it Compaq C-friendly.
...
PR: 3165
Submitted by: Daniel Richard G.
(cherry picked from commit 2df9ec01d5
)
2013-11-12 22:19:40 +01:00
Andy Polyakov
220d1e5353
modes/asm/ghash-alpha.pl: update from HEAD.
...
PR: 3165
2013-11-12 21:59:01 +01:00
Andy Polyakov
ca44f72938
Make Makefiles OSF-make-friendly.
...
PR: 3165
(cherry picked from commit d1cf23ac86
)
2013-11-12 21:53:39 +01:00
Dr. Stephen Henson
18f49508a5
Fix memory leak.
...
(cherry picked from commit 16bc45ba95
)
2013-11-11 23:55:18 +00:00