Andy Polyakov
56eeb1b28c
Makefile.org: clear yet another environment variable [from HEAD].
...
PR: 2793
2012-04-19 06:40:21 +00:00
Dr. Stephen Henson
068fc255ac
only call FIPS_cipherinit in FIPS mode
2012-04-18 22:42:06 +00:00
Andy Polyakov
cc8f2fb917
e_rc4_hmac_md5.c: update from HEAD, fixes crash on legacy Intel CPUs.
...
PR: 2792
2012-04-18 17:51:26 +00:00
Dr. Stephen Henson
b583ebb7dd
recognise X9.42 DH certificates on servers
2012-04-18 17:03:45 +00:00
Dr. Stephen Henson
f897fe4146
correct error code
2012-04-18 15:17:39 +00:00
Bodo Möller
bb3add20f3
Disable SHA-2 ciphersuites in < TLS 1.2 connections.
...
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)
Submitted by: Adam Langley
2012-04-17 15:21:29 +00:00
Dr. Stephen Henson
48e0f6667b
Additional workaround for PR#2771
...
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.
Document workarounds in CHANGES.
2012-04-17 14:47:14 +00:00
Dr. Stephen Henson
32213fb25a
Partial workaround for PR#2771.
...
Some servers hang when presented with a client hello record length exceeding
255 bytes but will work with longer client hellos if the TLS record version
in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all
cases...
2012-04-17 13:20:37 +00:00
Andy Polyakov
f6a1939f0f
OPENSSL_NO_SOCK fixes [from HEAD].
...
PR: 2791
Submitted by: Ben Noordhuis
2012-04-16 17:43:02 +00:00
Andy Polyakov
94c666479d
Minor compatibility fixes [from HEAD].
...
PR: 2790
Submitted by: Alexei Khlebnikov
2012-04-16 17:35:48 +00:00
Andy Polyakov
09f17419a6
s3_srvr.c: fix typo [from HEAD].
...
PR: 2538
2012-04-15 17:23:54 +00:00
Andy Polyakov
eb8a65db16
e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag
...
countermeasure [from HEAD].
PR: 2778
2012-04-15 14:23:26 +00:00
Andy Polyakov
e6255a7d1e
s390x asm pack: fix typos.
2012-04-12 06:46:49 +00:00
Dr. Stephen Henson
65a0f68484
Add options to set additional type specific certificate chains to
...
s_server.
2012-04-11 16:54:07 +00:00
Dr. Stephen Henson
e1a7db8fdd
use different variable for chain iteration
2012-04-11 16:01:20 +00:00
Dr. Stephen Henson
65331f225a
oops, macro not present in OpenSSL 1.0.2
2012-04-11 15:10:48 +00:00
Dr. Stephen Henson
64e8dc7981
fix reset fix
2012-04-11 15:05:33 +00:00
Dr. Stephen Henson
737fe7ea29
make reinitialisation work for CMAC
2012-04-11 12:26:27 +00:00
Dr. Stephen Henson
b344a826ad
update rather ancient EVP digest documentation
2012-04-10 22:28:13 +00:00
Andy Polyakov
bc0f56d6d7
aes-s390x.pl: fix crash in AES_set_decrypt_key in linux32-s390x build [from HEAD].
2012-04-09 15:12:30 +00:00
Dr. Stephen Henson
3a89e9f106
update year
2012-04-07 22:14:16 +00:00
Dr. Stephen Henson
79e75e04ea
recognise DECLARE_PEM_write_const, update ordinals
...
(backport from HEAD)
2012-04-07 20:48:12 +00:00
Dr. Stephen Henson
c3cb069108
transparently handle X9.42 DH parameters
...
(backport from HEAD)
2012-04-07 20:42:44 +00:00
Dr. Stephen Henson
cdb41713a4
Document RFC5114 "generation" options.
...
(backport from HEAD)
2012-04-07 20:42:17 +00:00
Dr. Stephen Henson
491734eb21
Initial experimental support for X9.42 DH parameter format to handle
...
RFC5114 parameters and X9.42 DH public and private keys.
(backport from HEAD)
2012-04-07 20:22:11 +00:00
Dr. Stephen Henson
4e891a191d
branches: 1.2.2;
...
Correct some parameter values.
(backport from HEAD)
2012-04-07 17:41:51 +00:00
Dr. Stephen Henson
b73a69a9c2
Update DH_check() to peform sensible checks when q parameter is present.
...
(backport from HEAD)
2012-04-07 17:40:08 +00:00
Dr. Stephen Henson
e811eff5a9
Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest.
...
(backport from HEAD)
2012-04-07 12:19:50 +00:00
Dr. Stephen Henson
1d0c47fd55
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
...
Localize client hello extension parsing in t1_lib.c
(backport from HEAD)
2012-04-06 20:16:09 +00:00
Dr. Stephen Henson
e46c807e4f
Add support for automatic ECDH temporary key parameter selection. When
...
enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.
(backport from HEAD)
2012-04-06 20:15:50 +00:00
Dr. Stephen Henson
c132ca95c0
Tidy up EC parameter check code: instead of accessing internal structures
...
add utility functions to t1_lib.c to check if EC certificates and parameters
are consistent with peer.
(backport from HEAD)
2012-04-06 20:14:53 +00:00
Dr. Stephen Henson
6b870763ac
Initial revision of ECC extension handling.
...
Tidy some code up.
Don't allocate a structure to handle ECC extensions when it is used for
default values.
Make supported curves configurable.
Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
(backport from HEAD)
2012-04-06 20:12:35 +00:00
Dr. Stephen Henson
5505818199
New ctrls to retrieve supported signature algorithms and curves and
...
extensions to s_client and s_server to print out retrieved valued.
Extend CERT structure to cache supported signature algorithm data.
(backport from HEAD)
2012-04-06 19:29:49 +00:00
Dr. Stephen Henson
7493bcc659
initialise i if n == 0
...
(backport from HEAD)
2012-04-06 17:36:40 +00:00
Dr. Stephen Henson
a068a1d0e3
Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
...
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
(backport from HEAD)
2012-04-06 17:35:01 +00:00
Dr. Stephen Henson
37b16c84bb
Add support for distinct certificate chains per key type and per SSL
...
structure.
Before this the only way to add a custom chain was in the parent SSL_CTX
(which is shared by all key types and SSL structures) or rely on auto
chain building (which is performed on each handshake) from the trust store.
(backport from HEAD)
2012-04-06 17:22:48 +00:00
Dr. Stephen Henson
0ac89e8f54
Backport: code tidy (from HEAD)
2012-04-06 12:02:43 +00:00
Dr. Stephen Henson
7e65b21a24
Backport: Revise ssl code to use CERT_PKEY structure when outputting a certificate chain (from HEAD)
2012-04-06 12:00:24 +00:00
Dr. Stephen Henson
736d69750d
Backport: tidy/enhance certificate chain output code (from HEAD)
2012-04-06 11:58:17 +00:00
Dr. Stephen Henson
0cb9dbed4e
Backport: allow key agreement in SSL/TLS certificates (from HEAD)
2012-04-06 11:36:35 +00:00
Dr. Stephen Henson
6cfccfec33
Backport: initialise dh_clnt (from HEAD)
2012-04-06 11:35:45 +00:00
Dr. Stephen Henson
c523eb98d1
Backport DH client certificate support (from HEAD)
2012-04-06 11:34:42 +00:00
Dr. Stephen Henson
0ffa49970b
Backport support for fixed DH ciphersuites (from HEAD)
2012-04-06 11:33:12 +00:00
Andy Polyakov
8cd2ea552e
aes-armv4.pl: make it more foolproof [inspired by aes-s390x.pl in 1.0.1].
2012-04-05 08:32:08 +00:00
Andy Polyakov
3f0becbf75
aes-s390x.pl: fix endless loop in linux32-s390x build [from 1.0.1].
2012-04-05 08:17:47 +00:00
Andy Polyakov
1b0ae81f4a
ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444) [from HEAD].
...
PR: 2778
2012-04-04 20:50:58 +00:00
Andy Polyakov
54543b954c
CHANGES: harmonize with 1.0.0 and 1.0.1.
2012-03-31 18:56:07 +00:00
Dr. Stephen Henson
5e2187f7ee
PR: 2778(part)
...
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>
Time is always encoded as 4 bytes, not sizeof(Time).
2012-03-31 18:02:53 +00:00
Andy Polyakov
7b087bf4a9
modes_lcl.h: make it work on i386 [from HEAD].
...
PR: 2780
2012-03-31 17:03:43 +00:00
Andy Polyakov
9df9c9d102
vpaes-x86[_64].pl: handle zero length in vpaes_cbc_encrypt [from HEAD].
...
PR: 2775
2012-03-31 16:55:34 +00:00