Commit graph

10950 commits

Author SHA1 Message Date
Dr. Stephen Henson
802db0fab2 Sync CHANGES 2014-01-07 15:41:11 +00:00
Dr. Stephen Henson
2f972419a3 Add fix for CVE-2013-4353 2014-01-07 15:41:11 +00:00
Dr. Stephen Henson
a05a2c67ef Update NEWS. 2014-01-07 15:41:04 +00:00
Andy Polyakov
e34140620e sha/asm/sha256-armv4.pl: add NEON code path.
(and shave off cycle even from integer-only code)
(cherry picked from commit ad0d2579cf)
2014-01-04 18:06:36 +01:00
Andy Polyakov
acd9121085 aesni-sha1-x86_64.pl: harmonize [Atom-specific optimizations] with master branch. 2014-01-04 17:42:13 +01:00
Dr. Stephen Henson
b17d6b8d1d Restore SSL_OP_MSIE_SSLV2_RSA_PADDING
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
0.9.7h but deleting it will break source compatibility with any software
that references it. Restore it but #define to zero.
2014-01-04 13:58:51 +00:00
Dr. Stephen Henson
b9fa413a08 Use algorithm specific chains for certificates.
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.

Update docs.
(cherry picked from commit a4339ea3ba)

Conflicts:

	CHANGES
2014-01-03 22:45:20 +00:00
Andy Polyakov
4abe148444 ssl/t1_enc.c: optimize PRF (suggested by Intel).
(cherry picked from commit e8b0dd57c0)
2014-01-03 21:56:03 +01:00
Dr. Stephen Henson
04d6940436 update NEWS 2014-01-02 19:12:47 +00:00
Dr. Stephen Henson
8511b5f594 Don't change version number if session established
When sending an invalid version number alert don't change the
version number to the client version if a session is already
established.

Thanks to Marek Majkowski for additional analysis of this issue.

PR#3191
(cherry picked from commit b77b58a398)
2014-01-02 15:07:51 +00:00
Dr. Stephen Henson
546d6760b9 Update curve list size. 2013-12-29 16:30:34 +00:00
Andy Polyakov
ccbb8d5e95 sparcv9cap.c: omit random detection.
PR: 3202
(cherry picked from commit 926725b3d7)
2013-12-28 13:32:45 +01:00
Andy Polyakov
d7d7e7b038 ARM assembly pack: make it work with older toolchain.
(cherry picked from commit 2218c296b4)
2013-12-28 12:18:11 +01:00
Dr. Stephen Henson
80b6d97585 Fix DTLS retransmission from previous session.
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1)
2013-12-20 23:25:41 +00:00
Dr. Stephen Henson
ff64ab32ae Ignore NULL parameter in EVP_MD_CTX_destroy.
(cherry picked from commit a6c62f0c25)
2013-12-20 23:24:26 +00:00
Andy Polyakov
fc9c9e47f7 sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes.
(and ensure stack alignment in the process)
(cherry picked from commit fc0503a25c)
2013-12-18 22:57:14 +01:00
Andy Polyakov
68e6ac4379 evp/e_[aes|camellia].c: fix typo in CBC subroutine.
It worked because it was never called.
(cherry picked from commit e9c80e04c1)
2013-12-18 22:56:24 +01:00
Andy Polyakov
e34b7e99fd sha512.c: fullfull implicit API contract in SHA512_Transform.
SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.
(cherry picked from commit cdd1acd788)
2013-12-18 22:56:00 +01:00
Dr. Stephen Henson
a32ba49352 Check EVP errors for handshake digests.
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f)
2013-12-18 13:27:15 +00:00
Dr. Stephen Henson
3a0c71541b verify parameter enumeration functions
(cherry picked from commit 9b3d75706e)

Conflicts:

	crypto/x509/x509_vpm.c
2013-12-13 15:52:27 +00:00
Dr. Stephen Henson
adc6bd73e3 Add opaque ID structure.
Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
2013-12-13 15:36:31 +00:00
Dr. Stephen Henson
8c6d8c2a49 Backport TLS padding extension from master. 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
53a8f8c26d Fix for partial chain notification.
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
bf4863b3f5 Verify parameter retrieval functions.
New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
8f68678989 Don't use rdrand engine as default unless explicitly requested. 2013-12-13 15:29:26 +00:00
Dr. Stephen Henson
57c4e42d75 Get FIPS checking logic right.
We need to lock when *not* in FIPS mode.
2013-12-10 12:52:27 +00:00
Dr. Stephen Henson
ff672cf8dd remove obsolete STATUS file 2013-12-10 00:10:41 +00:00
Dr. Stephen Henson
d43b040773 Add release dates to NEWS 2013-12-10 00:08:33 +00:00
Andy Polyakov
422c8c36e5 ARM assembly pack: SHA update from master. 2013-12-09 23:53:42 +01:00
Andy Polyakov
b76310ba74 ARM assembly pack: AES update from master (including bit-sliced module). 2013-12-09 23:44:45 +01:00
Andy Polyakov
c012f6e576 bn/asm/armv4-mont.pl: add NEON code path.
(cherry picked from commit d1671f4f1a)
2013-12-09 22:46:29 +01:00
Andy Polyakov
cf6d55961c crypto/bn/asm/x86_64-mont*.pl: update from master.
Add MULX/AD*X code paths and optimize even original code path.
2013-12-09 22:40:53 +01:00
Andy Polyakov
3aa1b1ccbb x86_64-xlate.pl: fix jrcxz in nasm case.
(cherry picked from commit 667053a2f3)
2013-12-09 22:19:34 +01:00
Andy Polyakov
3dcae82fa9 x86_64-xlate.pl: minor update.
(cherry picked from commit 41965a84c4)
2013-12-09 21:53:41 +01:00
Dr. Stephen Henson
86b81ecb73 update $default_depflags 2013-12-08 13:21:02 +00:00
Dr. Stephen Henson
c43dc3dd77 Avoid multiple locks in FIPS mode.
PR: 3176.

In FIPS mode ssleay_rand_bytes is only used for PRNG seeding and is
performed in either a single threaded context (when the PRNG is first
initialised) or under a lock (reseeding). To avoid multiple locks disable
use of CRYPTO_LOCK_RAND in FIPS mode in ssleay_rand_bytes.
2013-12-08 13:21:02 +00:00
Andy Polyakov
e5eab8a199 bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
PR: 3189
Submitted by: Oscar Ciurana
(cherry picked from commit c5d5f5bd0f)
2013-12-04 00:02:18 +01:00
Andy Polyakov
7bab6eb6f0 crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64.
(cherry picked from commit 8bd7ca9996)
2013-12-03 22:30:00 +01:00
Andy Polyakov
87d9526d0c crypto/bn/rsaz*: fix licensing note.
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
asm/rsaz-x86_64.pl: sync from master.
(cherry picked from commit 31ed9a2131)
2013-12-03 22:17:55 +01:00
Andy Polyakov
36982f056a bn/asm/rsaz-x86_64.pl: fix prototype.
(cherry picked from commit 6efef384c6)
2013-12-03 09:44:24 +01:00
Dr. Stephen Henson
c97ec5631b Fix warning. 2013-12-01 23:30:21 +00:00
Dr. Stephen Henson
fdb0d5dd8f Change header order to pick up OPENSSL_SYS_WIN32 2013-12-01 23:29:40 +00:00
Dr. Stephen Henson
81b6dfe40d Recongnise no-dane and no-libunbound 2013-12-01 23:12:27 +00:00
Dr. Stephen Henson
bc35b8e435 make update 2013-12-01 23:09:44 +00:00
Dr. Stephen Henson
6859f3fc12 Fix warnings. 2013-12-01 23:08:13 +00:00
Dr. Stephen Henson
8b2d5cc4a7 WIN32 fixes. 2013-12-01 23:07:18 +00:00
Dr. Stephen Henson
74184b6f21 RSAX no longer compiled. 2013-12-01 23:06:33 +00:00
Dr. Stephen Henson
6416aed586 Simplify and update openssl.spec 2013-11-27 15:35:02 +00:00
Dr. Stephen Henson
2a1b7bd380 New functions to retrieve certificate from SSL_CTX
New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().
(cherry picked from commit a25f9adc77)
2013-11-18 18:59:18 +00:00
Dr. Stephen Henson
4bba0bda61 Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set
(cherry picked from commit 60aeb18750)
2013-11-18 18:59:03 +00:00