wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10854 commits 20 branches 302 tags 153 MiB
Commit graph

10854 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jeff Trawick
f9c1f03754 typo 
(cherry picked from commit 4b64e0cbdb)
 2014-01-10 23:02:20 +00:00
Dr. Stephen Henson
50701af9d5 Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling. 
(cherry picked from commit 8f4077ca69)
 2014-01-09 22:53:50 +00:00
Dr. Stephen Henson
1d6af3d430 update NEWS 2014-01-09 22:50:07 +00:00
Andy Polyakov
392fd8f89c bn/asm/x86_64-mont5.pl: fix compilation error on Solaris. 
(cherry picked from commit eedab5241e)
 2014-01-09 13:47:53 +01:00
Dr. Stephen Henson
802db0fab2 Sync CHANGES 2014-01-07 15:41:11 +00:00
Dr. Stephen Henson
2f972419a3 Add fix for CVE-2013-4353 2014-01-07 15:41:11 +00:00
Dr. Stephen Henson
a05a2c67ef Update NEWS. 2014-01-07 15:41:04 +00:00
Andy Polyakov
e34140620e sha/asm/sha256-armv4.pl: add NEON code path. 
(and shave off cycle even from integer-only code)
(cherry picked from commit ad0d2579cf)
 2014-01-04 18:06:36 +01:00
Andy Polyakov
acd9121085 aesni-sha1-x86_64.pl: harmonize [Atom-specific optimizations] with master branch. 2014-01-04 17:42:13 +01:00
Dr. Stephen Henson
b17d6b8d1d Restore SSL_OP_MSIE_SSLV2_RSA_PADDING 
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
0.9.7h but deleting it will break source compatibility with any software
that references it. Restore it but #define to zero.
 2014-01-04 13:58:51 +00:00
Dr. Stephen Henson
b9fa413a08 Use algorithm specific chains for certificates. 
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.

Update docs.
(cherry picked from commit a4339ea3ba)

Conflicts:

	CHANGES
 2014-01-03 22:45:20 +00:00
Andy Polyakov
4abe148444 ssl/t1_enc.c: optimize PRF (suggested by Intel). 
(cherry picked from commit e8b0dd57c0)
 2014-01-03 21:56:03 +01:00
Dr. Stephen Henson
04d6940436 update NEWS 2014-01-02 19:12:47 +00:00
Dr. Stephen Henson
8511b5f594 Don't change version number if session established 
When sending an invalid version number alert don't change the
version number to the client version if a session is already
established.

Thanks to Marek Majkowski for additional analysis of this issue.

PR#3191
(cherry picked from commit b77b58a398)
 2014-01-02 15:07:51 +00:00
Dr. Stephen Henson
546d6760b9 Update curve list size. 2013-12-29 16:30:34 +00:00
Andy Polyakov
ccbb8d5e95 sparcv9cap.c: omit random detection. 
PR: 3202
(cherry picked from commit 926725b3d7)
 2013-12-28 13:32:45 +01:00
Andy Polyakov
d7d7e7b038 ARM assembly pack: make it work with older toolchain. 
(cherry picked from commit 2218c296b4)
 2013-12-28 12:18:11 +01:00
Dr. Stephen Henson
80b6d97585 Fix DTLS retransmission from previous session. 
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1)
 2013-12-20 23:25:41 +00:00
Dr. Stephen Henson
ff64ab32ae Ignore NULL parameter in EVP_MD_CTX_destroy. 
(cherry picked from commit a6c62f0c25)
 2013-12-20 23:24:26 +00:00
Andy Polyakov
fc9c9e47f7 sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes. 
(and ensure stack alignment in the process)
(cherry picked from commit fc0503a25c)
 2013-12-18 22:57:14 +01:00
Andy Polyakov
68e6ac4379 evp/e_[aes|camellia].c: fix typo in CBC subroutine. 
It worked because it was never called.
(cherry picked from commit e9c80e04c1)
 2013-12-18 22:56:24 +01:00
Andy Polyakov
e34b7e99fd sha512.c: fullfull implicit API contract in SHA512_Transform. 
SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.
(cherry picked from commit cdd1acd788)
 2013-12-18 22:56:00 +01:00
Dr. Stephen Henson
a32ba49352 Check EVP errors for handshake digests. 
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f)
 2013-12-18 13:27:15 +00:00
Dr. Stephen Henson
3a0c71541b verify parameter enumeration functions 
(cherry picked from commit 9b3d75706e)

Conflicts:

	crypto/x509/x509_vpm.c
 2013-12-13 15:52:27 +00:00
Dr. Stephen Henson
adc6bd73e3 Add opaque ID structure. 
Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
 2013-12-13 15:36:31 +00:00
Dr. Stephen Henson
8c6d8c2a49 Backport TLS padding extension from master. 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
53a8f8c26d Fix for partial chain notification. 
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
bf4863b3f5 Verify parameter retrieval functions. 
New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
8f68678989 Don't use rdrand engine as default unless explicitly requested. 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
57c4e42d75 Get FIPS checking logic right. 
We need to lock when *not* in FIPS mode.
 2013-12-10 12:52:27 +00:00
Dr. Stephen Henson
ff672cf8dd remove obsolete STATUS file 2013-12-10 00:10:41 +00:00
Dr. Stephen Henson
d43b040773 Add release dates to NEWS 2013-12-10 00:08:33 +00:00
Andy Polyakov
422c8c36e5 ARM assembly pack: SHA update from master. 2013-12-09 23:53:42 +01:00
Andy Polyakov
b76310ba74 ARM assembly pack: AES update from master (including bit-sliced module). 2013-12-09 23:44:45 +01:00
Andy Polyakov
c012f6e576 bn/asm/armv4-mont.pl: add NEON code path. 
(cherry picked from commit d1671f4f1a)
 2013-12-09 22:46:29 +01:00
Andy Polyakov
cf6d55961c crypto/bn/asm/x86_64-mont*.pl: update from master. 
Add MULX/AD*X code paths and optimize even original code path.
 2013-12-09 22:40:53 +01:00
Andy Polyakov
3aa1b1ccbb x86_64-xlate.pl: fix jrcxz in nasm case. 
(cherry picked from commit 667053a2f3)
 2013-12-09 22:19:34 +01:00
Andy Polyakov
3dcae82fa9 x86_64-xlate.pl: minor update. 
(cherry picked from commit 41965a84c4)
 2013-12-09 21:53:41 +01:00
Dr. Stephen Henson
86b81ecb73 update $default_depflags 2013-12-08 13:21:02 +00:00
Dr. Stephen Henson
c43dc3dd77 Avoid multiple locks in FIPS mode. 
PR: 3176.

In FIPS mode ssleay_rand_bytes is only used for PRNG seeding and is
performed in either a single threaded context (when the PRNG is first
initialised) or under a lock (reseeding). To avoid multiple locks disable
use of CRYPTO_LOCK_RAND in FIPS mode in ssleay_rand_bytes.
 2013-12-08 13:21:02 +00:00
Andy Polyakov
e5eab8a199 bn/asm/x86_64-mont5.pl: comply with Win64 ABI. 
PR: 3189
Submitted by: Oscar Ciurana
(cherry picked from commit c5d5f5bd0f)
 2013-12-04 00:02:18 +01:00
Andy Polyakov
7bab6eb6f0 crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64. 
(cherry picked from commit 8bd7ca9996)
 2013-12-03 22:30:00 +01:00
Andy Polyakov
87d9526d0c crypto/bn/rsaz*: fix licensing note. 
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
asm/rsaz-x86_64.pl: sync from master.
(cherry picked from commit 31ed9a2131)
 2013-12-03 22:17:55 +01:00
Andy Polyakov
36982f056a bn/asm/rsaz-x86_64.pl: fix prototype. 
(cherry picked from commit 6efef384c6)
 2013-12-03 09:44:24 +01:00
Dr. Stephen Henson
c97ec5631b Fix warning. 2013-12-01 23:30:21 +00:00
Dr. Stephen Henson
fdb0d5dd8f Change header order to pick up OPENSSL_SYS_WIN32 2013-12-01 23:29:40 +00:00
Dr. Stephen Henson
81b6dfe40d Recongnise no-dane and no-libunbound 2013-12-01 23:12:27 +00:00
Dr. Stephen Henson
bc35b8e435 make update 2013-12-01 23:09:44 +00:00
Dr. Stephen Henson
6859f3fc12 Fix warnings. 2013-12-01 23:08:13 +00:00
Dr. Stephen Henson
8b2d5cc4a7 WIN32 fixes. 2013-12-01 23:07:18 +00:00