Andy Polyakov
729d334106
crypto/sha/asm/sha1-x86_64.pl: jumbo update from master.
2014-02-01 21:24:55 +01:00
Ben Laurie
cacdfcb247
Add more accessors.
2014-02-01 18:30:23 +00:00
Ben Laurie
519ad9b384
Add accessor for x509.cert_info.
2014-02-01 18:30:23 +00:00
Ben Laurie
7b2d785d20
Fix warning.
2014-01-29 17:57:32 +01:00
Dr. Stephen Henson
f2d678e6e8
Clarify docs.
...
Remove reference to ERR_TXT_MALLOCED in the error library as that is
only used internally. Indicate that returned error data must not be
freed.
2014-01-29 00:59:35 +00:00
Dr. Stephen Henson
448e9b7cf1
typo
...
(cherry picked from commit cb2182676b
)
2014-01-28 15:36:15 +00:00
Dr. Stephen Henson
2c4c9867e7
Fix demo comment: 0.9.9 never released.
...
(cherry picked from commit 717cc85895
)
2014-01-28 15:17:32 +00:00
Dr. Stephen Henson
a99540a6de
Check i before r[i].
...
PR#3244
(cherry picked from commit 9614d2c676
)
2014-01-28 15:14:47 +00:00
Dr. Stephen Henson
9614ed695d
Add loaded dynamic ENGINEs to list.
...
Always add a dynamically loaded ENGINE to list. Otherwise it can cause
problems when multiply loaded, especially if it adds new public key methods.
For all current engines we only want a single implementation anyway.
(cherry picked from commit e933f91f50
)
2014-01-28 13:57:14 +00:00
Dr. Stephen Henson
aabfee601e
Certificate callback doc.
...
(cherry picked from commit 46ab9bbd7f
)
2014-01-28 13:38:55 +00:00
Dr. Stephen Henson
cee1d9e02f
make update
2014-01-27 14:59:46 +00:00
Dr. Stephen Henson
285f7fb0f9
Add cert callback retry test.
...
(cherry picked from commit 3323314fc1
)
2014-01-27 14:41:38 +00:00
Dr. Stephen Henson
ede90b1121
Support retries in certificate callback
...
(cherry picked from commit 0ebc965b9c
)
Conflicts:
ssl/s3_srvr.c
ssl/ssl3.h
2014-01-27 14:41:38 +00:00
Dr. Stephen Henson
5e7329d156
Compare encodings in X509_cmp as well as hash.
...
(cherry picked from commit ec492c8a5a
)
2014-01-27 14:33:10 +00:00
Dr. Stephen Henson
9f1979b94a
New function to set compression methods so they can be safely freed.
...
(cherry picked from commit cbb6744827
)
2014-01-27 14:32:44 +00:00
Dr. Stephen Henson
3fcf327e26
Add -engine_impl option to dgst which will use an implementation of
...
an algorithm from the supplied engine instead of just the default one.
(cherry picked from commit bb845ee044
)
2014-01-23 18:35:42 +00:00
Dr. Stephen Henson
3f4742b48c
make update
2014-01-23 17:13:37 +00:00
Dr. Stephen Henson
c4f01c533b
Add new function SSL_CTX_get_ssl_method().
...
Partial fix for PR#3183.
(cherry picked from commit ba168244a1
)
2014-01-16 14:08:42 +00:00
Kaspar Brand
b7a8550988
Omit initial status request callback check.
...
PR#3178
(cherry picked from commit d0b039d4a3
)
2014-01-16 13:48:23 +00:00
Zoltan Arpadffy
e775891708
VMS fixes
2014-01-11 22:44:04 +00:00
Jeff Trawick
ae6fbb5df0
typo
...
(cherry picked from commit 5edce5685f
)
2014-01-10 23:02:46 +00:00
Jeff Trawick
f9c1f03754
typo
...
(cherry picked from commit 4b64e0cbdb
)
2014-01-10 23:02:20 +00:00
Dr. Stephen Henson
50701af9d5
Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling.
...
(cherry picked from commit 8f4077ca69
)
2014-01-09 22:53:50 +00:00
Dr. Stephen Henson
1d6af3d430
update NEWS
2014-01-09 22:50:07 +00:00
Andy Polyakov
392fd8f89c
bn/asm/x86_64-mont5.pl: fix compilation error on Solaris.
...
(cherry picked from commit eedab5241e
)
2014-01-09 13:47:53 +01:00
Dr. Stephen Henson
802db0fab2
Sync CHANGES
2014-01-07 15:41:11 +00:00
Dr. Stephen Henson
2f972419a3
Add fix for CVE-2013-4353
2014-01-07 15:41:11 +00:00
Dr. Stephen Henson
a05a2c67ef
Update NEWS.
2014-01-07 15:41:04 +00:00
Andy Polyakov
e34140620e
sha/asm/sha256-armv4.pl: add NEON code path.
...
(and shave off cycle even from integer-only code)
(cherry picked from commit ad0d2579cf
)
2014-01-04 18:06:36 +01:00
Andy Polyakov
acd9121085
aesni-sha1-x86_64.pl: harmonize [Atom-specific optimizations] with master branch.
2014-01-04 17:42:13 +01:00
Dr. Stephen Henson
b17d6b8d1d
Restore SSL_OP_MSIE_SSLV2_RSA_PADDING
...
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
0.9.7h but deleting it will break source compatibility with any software
that references it. Restore it but #define to zero.
2014-01-04 13:58:51 +00:00
Dr. Stephen Henson
b9fa413a08
Use algorithm specific chains for certificates.
...
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.
Update docs.
(cherry picked from commit a4339ea3ba
)
Conflicts:
CHANGES
2014-01-03 22:45:20 +00:00
Andy Polyakov
4abe148444
ssl/t1_enc.c: optimize PRF (suggested by Intel).
...
(cherry picked from commit e8b0dd57c0
)
2014-01-03 21:56:03 +01:00
Dr. Stephen Henson
04d6940436
update NEWS
2014-01-02 19:12:47 +00:00
Dr. Stephen Henson
8511b5f594
Don't change version number if session established
...
When sending an invalid version number alert don't change the
version number to the client version if a session is already
established.
Thanks to Marek Majkowski for additional analysis of this issue.
PR#3191
(cherry picked from commit b77b58a398
)
2014-01-02 15:07:51 +00:00
Dr. Stephen Henson
546d6760b9
Update curve list size.
2013-12-29 16:30:34 +00:00
Andy Polyakov
ccbb8d5e95
sparcv9cap.c: omit random detection.
...
PR: 3202
(cherry picked from commit 926725b3d7
)
2013-12-28 13:32:45 +01:00
Andy Polyakov
d7d7e7b038
ARM assembly pack: make it work with older toolchain.
...
(cherry picked from commit 2218c296b4
)
2013-12-28 12:18:11 +01:00
Dr. Stephen Henson
80b6d97585
Fix DTLS retransmission from previous session.
...
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1
)
2013-12-20 23:25:41 +00:00
Dr. Stephen Henson
ff64ab32ae
Ignore NULL parameter in EVP_MD_CTX_destroy.
...
(cherry picked from commit a6c62f0c25
)
2013-12-20 23:24:26 +00:00
Andy Polyakov
fc9c9e47f7
sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes.
...
(and ensure stack alignment in the process)
(cherry picked from commit fc0503a25c
)
2013-12-18 22:57:14 +01:00
Andy Polyakov
68e6ac4379
evp/e_[aes|camellia].c: fix typo in CBC subroutine.
...
It worked because it was never called.
(cherry picked from commit e9c80e04c1
)
2013-12-18 22:56:24 +01:00
Andy Polyakov
e34b7e99fd
sha512.c: fullfull implicit API contract in SHA512_Transform.
...
SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.
(cherry picked from commit cdd1acd788
)
2013-12-18 22:56:00 +01:00
Dr. Stephen Henson
a32ba49352
Check EVP errors for handshake digests.
...
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f
)
2013-12-18 13:27:15 +00:00
Dr. Stephen Henson
3a0c71541b
verify parameter enumeration functions
...
(cherry picked from commit 9b3d75706e
)
Conflicts:
crypto/x509/x509_vpm.c
2013-12-13 15:52:27 +00:00
Dr. Stephen Henson
adc6bd73e3
Add opaque ID structure.
...
Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
2013-12-13 15:36:31 +00:00
Dr. Stephen Henson
8c6d8c2a49
Backport TLS padding extension from master.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
53a8f8c26d
Fix for partial chain notification.
...
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
bf4863b3f5
Verify parameter retrieval functions.
...
New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
8f68678989
Don't use rdrand engine as default unless explicitly requested.
2013-12-13 15:29:26 +00:00