wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
10405 commits 20 branches 302 tags 153 MiB
Commit graph

10405 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andy Polyakov
ef4b9f001a bn_nist.c: cumulative update from master. 
PR: 2981, 2837
 2013-02-16 11:40:35 +01:00
Nick Alcock
08f8933fa3 Fix POD errors to stop make install_docs dying with pod2man 2.5.0+ 
podlators 2.5.0 has switched to dying on POD syntax errors. This means
that a bunch of long-standing erroneous POD in the openssl documentation
now leads to fatal errors from pod2man, halting installation.

Unfortunately POD constraints mean that you have to sort numeric lists
in ascending order if they start with 1: you cannot do 1, 0, 2 even if
you want 1 to appear first. I've reshuffled such (alas, I wish there
were a better way but I don't know of one).
(cherry picked from commit 5cc2707742)
 2013-02-15 19:40:09 +01:00
Andy Polyakov
41958376b5 cms-test.pl: make it work with not-so-latest perl. 
(cherry picked from commit 9c437e2fad)
 2013-02-14 16:39:33 +01:00
David Woodhouse
9fe4603b82 Check DTLS_BAD_VER for version number. 
The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.

PR:2984
(cherry picked from commit d980abb22e)
 2013-02-12 15:16:05 +00:00
Dr. Stephen Henson
147dbb2fe3 Fix for SSL_get_certificate 
Now we set the current certificate to the one used by a server
there is no need to call ssl_get_server_send_cert which will
fail if we haven't sent a certificate yet.
 2013-02-11 18:24:03 +00:00
Dr. Stephen Henson
cbf9b4aed3 Fix in ssltest is no-ssl2 configured 2013-02-11 18:17:50 +00:00
Dr. Stephen Henson
625a55324f update CHANGES 2013-02-11 16:35:10 +00:00
Dr. Stephen Henson
3151e328e0 prepare for next version 2013-02-11 16:14:11 +00:00
Dr. Stephen Henson
46ebd9e3bb use 10240 for record size 
Workaround for non-compliant tar files sometimes created by "make dist".
 2013-02-11 15:21:21 +00:00
Dr. Stephen Henson
f66db68e1f prepare for release 2013-02-11 11:57:46 +00:00
Dr. Stephen Henson
0c4b72e9c0 Update NEWS 2013-02-11 11:54:10 +00:00
Lutz Jaenicke
f88dbb8385 FAQ/README: we are now using Git instead of CVS 2013-02-11 11:29:05 +01:00
Andy Polyakov
1113fc31ba sparccpuid.S: work around emulator bug on T1. 
(cherry picked from commit 3caeef94bd)
 2013-02-11 10:41:57 +01:00
Andy Polyakov
0898147090 ssl/*: fix linking errors with no-srtp. 2013-02-09 19:52:07 +01:00
Andy Polyakov
4d8da30fc1 ssl/s3_[clnt|srvr].c: fix warnings. 2013-02-09 19:50:34 +01:00
Andy Polyakov
579f3a631e s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal. 
(cherry picked from commit f93a41877d)
 2013-02-08 21:37:07 +01:00
Andy Polyakov
47061af106 s3_cbc.c: get rid of expensive divisions [from master]. 
(cherry picked from commit e9baceab5a)
 2013-02-08 17:00:46 +01:00
Andy Polyakov
13e225300f e_aes_cbc_hmac_sha1.c: fine-tune cache line alignment. 
With previous commit it also ensures that valgrind is happy.
 2013-02-08 09:45:09 +01:00
Ben Laurie
26bc56d014 Add clang target. 2013-02-07 16:17:43 -08:00
Ben Laurie
496681cd51 Remove extraneous brackets (clang doesn't like them). 2013-02-07 16:17:43 -08:00
Andy Polyakov
746c6f3a53 e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line. 2013-02-07 23:04:31 +01:00
Andy Polyakov
8545f73b89 ssl/[d1|s3]_pkt.c: harmomize orig_len handling. 2013-02-07 22:47:05 +01:00
Dr. Stephen Henson
32cc2479b4 Fix IV check and padding removal. 
Fix the calculation that checks there is enough room in a record
after removing padding and optional explicit IV. (by Steve)

For AEAD remove the correct number of padding bytes (by Andy)
 2013-02-07 21:06:37 +00:00
Adam Langley
f306b87d76 Fix for EXP-RC2-CBC-MD5 
MD5 should use little endian order. Fortunately the only ciphersuite
affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which
is a rarely used export grade ciphersuite.
 2013-02-06 16:05:40 +00:00
Dr. Stephen Henson
41cf07f0ec prepare for next version 2013-02-06 02:26:24 +00:00
Dr. Stephen Henson
62f4033381 typo 2013-02-04 23:12:58 +00:00
Dr. Stephen Henson
f9f6a8f96c Prepare for release. 2013-02-04 22:40:10 +00:00
Dr. Stephen Henson
df0d93564e typo 2013-02-04 22:39:37 +00:00
Dr. Stephen Henson
0d589ac150 make update 2013-02-04 21:29:41 +00:00
Dr. Stephen Henson
35d732fc2e Fix error codes. 2013-02-04 21:13:18 +00:00
Dr. Stephen Henson
896ddb9851 Reword NEWS entry. 2013-02-04 20:48:45 +00:00
Dr. Stephen Henson
e630b3c218 Update NEWS 2013-02-04 20:47:36 +00:00
Dr. Stephen Henson
f1ca56a69f Add CHANGES entries. 2013-02-04 20:37:46 +00:00
Andy Polyakov
529d27ea47 e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret. 2013-02-03 20:04:39 +01:00
Andy Polyakov
b2226c6c83 bn_word.c: fix overflow bug in BN_add_word. 
(cherry picked from commit 134c00659a)
 2013-02-02 22:39:00 +01:00
Andy Polyakov
024de2174b x86_64 assembly pack: keep making Windows build more robust. 
PR: 2963 and a number of others
(cherry picked from commit 4568182a8b)
 2013-02-02 22:26:20 +01:00
Andy Polyakov
125093b59f e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues. 
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
 2013-02-02 19:35:09 +01:00
Ben Laurie
f3e99ea072 Merge remote-tracking branch 'origin/OpenSSL_1_0_1-stable' into OpenSSL_1_0_1-stable 2013-02-01 19:04:26 +00:00
Andy Polyakov
8bfd4c659f ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. 
Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
 2013-02-01 15:54:37 +01:00
Andy Polyakov
ec07246a08 ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. 2013-02-01 15:34:09 +01:00
Dr. Stephen Henson
04e45b52ee Don't access EVP_MD_CTX internals directly. 2013-02-01 14:12:27 +00:00
Andy Polyakov
d5371324d9 s3/s3_cbc.c: allow for compilations with NO_SHA256|512. 2013-02-01 10:31:59 +01:00
Andy Polyakov
36260233e7 ssl/s3_cbc.c: md_state alignment portability fix. 
RISCs are picky and alignment granted by compiler for md_state can be
insufficient for SHA512.
 2013-02-01 10:31:52 +01:00
Andy Polyakov
cab13fc847 ssl/s3_cbc.c: uint64_t portability fix. 
Break dependency on uint64_t. It's possible to declare bits as
unsigned int, because TLS packets are limited in size and 32-bit
value can't overflow.
 2013-02-01 10:31:23 +01:00
Dr. Stephen Henson
34ab3c8c71 typo. 2013-01-31 23:04:39 +00:00
Dr. Stephen Henson
25c93fd240 Merge branch 'ben/timing-1.0.1' into OpenSSL_1_0_1-stable 2013-01-31 17:04:41 +00:00
Dr. Stephen Henson
428c1064c3 Update NEWS 2013-01-31 16:39:40 +00:00
Dr. Stephen Henson
81ce0e14e7 Add ordinal for CRYPTO_memcmp: since this will affect multiple 
branches it needs to be in a "gap".
 2013-01-31 15:31:57 +00:00
Dr. Stephen Henson
b908e88ec1 Timing fix mitigation for FIPS mode. 
We have to use EVP in FIPS mode so we can only partially mitigate
timing differences.

Make an extra call to EVP_DigestSignUpdate to hash additonal blocks
to cover any timing differences caused by removal of padding.
 2013-01-31 12:34:10 +00:00
Dr. Stephen Henson
62e4506a7d Don't try and verify signatures if key is NULL (CVE-2013-0166) 
Add additional check to catch this in ASN1_item_verify too.
 2013-01-29 16:49:24 +00:00