Commit graph

10645 commits

Author SHA1 Message Date
Krzysztof Kwiatkowski
b03d0513d0 Delete duplicate entry.
PR#3172
(cherry picked from commit 4f055e34c3598cad00fca097d812fa3e6436d967)
2013-11-13 23:47:26 +00:00
Andy Polyakov
0de70011ad srp/srp_grps.h: make it Compaq C-friendly.
PR: 3165
Submitted by: Daniel Richard G.
(cherry picked from commit 2df9ec01d5)
2013-11-12 22:19:40 +01:00
Andy Polyakov
220d1e5353 modes/asm/ghash-alpha.pl: update from HEAD.
PR: 3165
2013-11-12 21:59:01 +01:00
Andy Polyakov
ca44f72938 Make Makefiles OSF-make-friendly.
PR: 3165
(cherry picked from commit d1cf23ac86)
2013-11-12 21:53:39 +01:00
Dr. Stephen Henson
18f49508a5 Fix memory leak.
(cherry picked from commit 16bc45ba95)
2013-11-11 23:55:18 +00:00
Dr. Stephen Henson
5c50462e1e Typo. 2013-11-11 22:24:08 +00:00
Dr. Stephen Henson
a257865303 Fix for some platforms where "char" is unsigned.
(cherry picked from commit 08b433540416c5bc9a874ba0343e35ba490c65f1)
2013-11-11 22:18:07 +00:00
Andy Polyakov
60adefa610 Makefile.org: make FIPS build work with BSD make. 2013-11-10 23:06:41 +01:00
Dr. Stephen Henson
b5dde6bcc6 Check for missing components in RSA_check.
(cherry picked from commit 01be36ef70525e81fc358d2e559bdd0a0d9427a5)
2013-11-09 15:09:22 +00:00
Dr. Stephen Henson
024dbfd44c Document RSAPublicKey_{in,out} options.
(cherry picked from commit 7040d73d22987532faa503630d6616cf2788c975)
2013-11-09 15:09:22 +00:00
Dr. Stephen Henson
233069f8db Add CMS_SignerInfo_get0_signature function.
Add function to retrieve the signature from a CMS_SignerInfo structure:
applications can then read or modify it.
(cherry picked from commit e8df6cec4c09b9a94c4c07abcf0402d31ec82cc1)
2013-11-09 15:09:22 +00:00
Andy Polyakov
c76d6922b1 engines/ccgost/gost89.h: make word32 defintion unconditional.
Original definition depended on __LONG_MAX__ that is not guaranteed to
be present. As we don't support platforms with int narrower that 32 bits
it's appropriate to make defition inconditional.

PR: 3165
(cherry picked from commit 96180cac04)
2013-11-08 23:10:21 +01:00
Andy Polyakov
3241496144 modes/asm/ghash-alpha.pl: make it work with older assembler.
PR: 3165
(cherry picked from commit d24d1d7daf)
2013-11-08 23:10:09 +01:00
Dr. Stephen Henson
63fe69c12e Enable PSK in FIPS mode.
Enable PSK ciphersuites with AES or DES3 in FIPS mode.
(cherry picked from commit e0ffd129c1)
2013-11-06 14:39:41 +00:00
Dr. Stephen Henson
a4947e4e06 Initialise context before using it. 2013-11-06 13:16:50 +00:00
Ben Laurie
262f1c524e PBKDF2 should be efficient. Contributed by Christian Heimes
<christian@python.org>.
2013-11-03 17:27:12 +00:00
Dr. Stephen Henson
bd80d0229c Add brainpool curves to trace output. 2013-11-02 14:07:21 +00:00
Dr. Stephen Henson
163d794845 Fix warning.
(cherry picked from commit 96e16bddb4)
2013-11-02 14:02:00 +00:00
Dr. Stephen Henson
0b33466b3f Add SSL_CONF command to set DH Parameters.
(cherry picked from commit c557f921dc)
2013-11-02 13:42:03 +00:00
Dr. Stephen Henson
bed27f4db3 Fix argument processing.
(cherry picked from commit abf840e4f7)
2013-11-02 13:41:51 +00:00
Dr. Stephen Henson
738a224bd0 Constification.
(cherry picked from commit 27f3b65f49)
2013-11-02 13:41:38 +00:00
Dr. Stephen Henson
044f8ca87d Extend SSL_CONF
Extend SSL_CONF to return command value types.

Add certificate and key options.

Update documentation.
(cherry picked from commit ec2f7e568e)
2013-11-02 13:41:19 +00:00
Dr. Stephen Henson
45ee08d99b Typo.
(cherry picked from commit 13af145159)
2013-11-02 13:41:06 +00:00
Piotr Sikora
5ff68e8f6d Fix SSL_OP_SINGLE_ECDH_USE
Don't require a public key in tls1_set_ec_id if compression status is
not needed. This fixes a bug where SSL_OP_SINGLE_ECDH_USE wouldn't work.
2013-11-01 21:37:46 +00:00
Dr. Stephen Henson
f14a4a861d Add -ecdh_single option.
Add -ecdh_single option to set SSL_OP_SINGLE_ECDH_USE on the command line.
2013-11-01 21:35:00 +00:00
Robin Seggelmann
f596e3c491 DTLS/SCTP struct authchunks Bug
PR: 2809

DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with
SCTP-AUTH.  It is checked if this has been activated successfully for
the local and remote peer. Due to a bug, however, the
gauth_number_of_chunks field of the authchunks struct is missing on
FreeBSD, and was therefore not considered in the OpenSSL implementation.
This patch sets the corresponding pointer for the check correctly
whether or not this bug is present.
2013-10-30 14:37:22 +00:00
Robin Seggelmann
9fb523adce DTLS/SCTP Finished Auth Bug
PR: 2808

With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and
FORWARD-TSN chunks. The key for this extension is derived from the
master secret and changed with the next ChangeCipherSpec, whenever a new
key has been negotiated. The following Finished then already uses the
new key.  Unfortunately, the ChangeCipherSpec and Finished are part of
the same flight as the ClientKeyExchange, which is necessary for the
computation of the new secret. Hence, these messages are sent
immediately following each other, leaving the server very little time to
compute the new secret and pass it to SCTP before the finished arrives.
So the Finished is likely to be discarded by SCTP and a retransmission
becomes necessary. To prevent this issue, the Finished of the client is
still sent with the old key.
2013-10-30 14:37:22 +00:00
Ben Laurie
cecf4d98d0 Remove unused variable. 2013-10-21 03:34:00 +01:00
Nick Mathewson
070e40e2f5 Fix another gmt_unix_time case in server_random 2013-10-20 15:08:58 -07:00
Nick Mathewson
d757097bbc Do not include a timestamp in the Client/ServerHello Random field.
Instead, send random bytes, unless SSL_SEND_{CLIENT,SERVER}RANDOM_MODE
is set.

This is a forward-port of commits:
  4af793036f
  f4c93b46ed
  3da721dac9
  2583270191

While the gmt_unix_time record was added in an ostensible attempt to
mitigate the dangers of a bad RNG, its presence leaks the host's view
of the current time in the clear.  This minor leak can help
fingerprint TLS instances across networks and protocols... and what's
worse, it's doubtful thet the gmt_unix_time record does any good at
all for its intended purpose, since:

    * It's quite possible to open two TLS connections in one second.

    * If the PRNG output is prone to repeat itself, ephemeral
      handshakes (and who knows what else besides) are broken.
2013-10-20 15:03:24 -07:00
Steve Marquess
7b112c2766 Remove gratuitous patent references 2013-10-20 22:19:47 +01:00
Dr. Stephen Henson
03ee8c2ed7 Fix no-ssl-trace 2013-10-20 22:07:33 +01:00
Dr. Stephen Henson
3495842bb0 Prevent use of RSA+MD5 in TLS 1.2 by default.
Removing RSA+MD5 from the default signature algorithm list
prevents its use by default.

If a broken implementation attempts to use RSA+MD5 anyway the sanity
checking of signature algorithms will cause a fatal alert.
(cherry picked from commit 77a0f740d00ecf8f6b01c0685a2f858c3f65a3dd)
2013-10-20 22:07:33 +01:00
Ben Laurie
face65dab8 Add clang debug target. 2013-10-20 13:23:14 +01:00
Andy Polyakov
e41a49c625 PPC assembly pack: make new .size directives profiler-friendly.
Suggested by: Anton Blanchard
(cherry picked from commit 76c15d790e)
2013-10-15 23:42:18 +02:00
Dr. Stephen Henson
3a55a42bff Add brainpool curves to NID table too.
(cherry picked from commit 6699cb8491)
2013-10-15 12:09:54 +01:00
Dr. Stephen Henson
72550c52ed Fix warning.
(cherry picked from commit f6983769c1bcd6c3c6b6bbfbbc41848f6dccf127)
2013-10-15 11:33:58 +01:00
Dr. Stephen Henson
a9d0c56de1 Add test vectors from RFC7027
(cherry picked from commit 8ba2d4ed7f128e400693562efd35985068c45e4d)
2013-10-15 11:33:58 +01:00
Dr. Stephen Henson
469bcb0c24 RFC7027 (Brainpool for TLS) support.
(cherry picked from commit 695e8c36528f9c3275f5f56e9633ac6a0c11f2e3)
2013-10-15 11:33:58 +01:00
Andy Polyakov
43ce9cdde9 PPC assembly pack: update from master branch.
Includes multiple updates: AES module to comply with more ABI
flavors, SHA512 for PPC32, .size directives.
2013-10-15 00:31:45 +02:00
Andy Polyakov
011f89893c Add support for Cygwin-x86_64.
PR: 3110
Submitted by Corinna Vinschen.
(cherry picked from commit b3ef742cbb)
2013-10-14 16:59:05 +02:00
Andy Polyakov
958608ca1c Initial aarch64 bits.
(cherry picked from commit 039081b809)
2013-10-13 19:24:22 +02:00
Andy Polyakov
1aecb23f5b MIPS assembly pack: get rid of deprecated instructions.
Latest MIPS ISA specification declared 'branch likely' instructions
obsolete. To makes code future-proof replace them with equivalent.
(cherry picked from commit 0c2adb0a9b)
2013-10-13 13:18:21 +02:00
Andy Polyakov
9ed6fba2b4 aes/asm/bsaes-x86_64.pl: update from master.
Performance improvement and Windows-specific bugfix (PR#3139).
2013-10-12 21:47:54 +02:00
Andy Polyakov
df5c435c0b bn/asm/rsax-avx2.pl: minor optimization [for Decoded ICache].
(cherry picked from commit fa104be35e)
2013-10-10 23:09:54 +02:00
Ben Laurie
1ebaf97c44 Constification. 2013-10-07 12:44:40 +01:00
Ben Laurie
c8c6914aac Merge branch 'OpenSSL_1_0_2-stable' into pre-aead 2013-10-05 21:20:24 +01:00
Andy Polyakov
c99028f252 evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms.
Submitted by: Yuriy Kaminskiy
(cherry picked from commit 524b00c0da)
2013-10-05 21:09:50 +01:00
Andy Polyakov
90d8c5862b perlasm/sparcv9_modes.pl: make it work even with seasoned perl.
PR: 3130
(cherry picked from commit 6b2cae0c16)
2013-10-05 21:09:39 +01:00
Ben Laurie
2d5dd00f9e Merge branch 'OpenSSL_1_0_2-stable' into agl-1.0.2aead 2013-10-04 12:59:03 +01:00