Commit graph

11092 commits

Author SHA1 Message Date
Dr. Stephen Henson
fc6fc7ff38 Add options to set additional type specific certificate chains to
s_server.
2012-04-11 16:53:11 +00:00
Dr. Stephen Henson
adfd95c2ac use different variable for chain iteration 2012-04-11 16:01:08 +00:00
Dr. Stephen Henson
80eb43519e fix reset fix 2012-04-11 15:05:07 +00:00
Dr. Stephen Henson
bbe0c8c5be make reinitialisation work for CMAC 2012-04-11 12:26:41 +00:00
Dr. Stephen Henson
5a34fcd76e update rather ancient EVP digest documentation 2012-04-10 22:28:01 +00:00
Andy Polyakov
b1fd0ccb38 aes-s390x.pl: fix crash in AES_set_decrypt_key in linux32-s390x build. 2012-04-09 15:12:13 +00:00
Dr. Stephen Henson
b2284ed34a Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Localize client hello extension parsing in t1_lib.c
2012-04-06 11:18:40 +00:00
Dr. Stephen Henson
a43526302f Add support for automatic ECDH temporary key parameter selection. When
enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.
2012-04-05 13:38:27 +00:00
Dr. Stephen Henson
2131ce570a add FAQ about version numbers 2012-04-05 13:16:37 +00:00
Andy Polyakov
45cd45bbbc aes-armv4.pl: make it more foolproof [inspired by aes-s390x.pl in 1.0.1]. 2012-04-05 08:30:22 +00:00
Andy Polyakov
bc9583efa2 aes-s390x.pl: make it more foolproof [inspired by 1.0.1]. 2012-04-05 08:22:09 +00:00
Andy Polyakov
a20152bdaf ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444).
PR: 2778
2012-04-04 20:45:51 +00:00
Dr. Stephen Henson
fd2b65ce53 Tidy up EC parameter check code: instead of accessing internal structures
add utility functions to t1_lib.c to check if EC certificates and parameters
are consistent with peer.
2012-04-04 14:41:01 +00:00
Dr. Stephen Henson
263c62467d Update ordinals. 2012-04-03 23:13:23 +00:00
Andy Polyakov
82c5ac4599 CHANGES: harmonize with 1.0.0 and 1.0.1. 2012-03-31 18:56:27 +00:00
Dr. Stephen Henson
94e9215fbc PR: 2778(part)
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).
2012-03-31 18:03:02 +00:00
Andy Polyakov
f62f792057 modes_lcl.h: make it work on i386.
PR: 2780
2012-03-31 17:02:46 +00:00
Andy Polyakov
5db9645f1b vpaes-x86[_64].pl: handle zero length in vpaes_cbc_encrypt.
PR: 2775
2012-03-31 16:53:34 +00:00
Andy Polyakov
86963f40f8 util/cygwin.sh update.
PR: 2761
Submitted by: Corinna Vinschen
2012-03-31 11:06:46 +00:00
Dr. Stephen Henson
d3379de5a9 don't shadow 2012-03-30 15:43:32 +00:00
Andy Polyakov
4736eab947 bn/bn_gf2m.c: make new BN_GF2m_mod_inv work with BN_DEBUG_RAND. 2012-03-29 21:35:28 +00:00
Andy Polyakov
23a05fa0c1 modes/gcm128.c: fix self-test. 2012-03-29 18:25:38 +00:00
Andy Polyakov
482a7d80cf sha512-armv4.pl: optimize NEON code path by utilizing vbsl, bitwise select. 2012-03-29 18:20:11 +00:00
Andy Polyakov
ee743dca53 perlasm/x86masm.pl: fix last fix. 2012-03-29 18:09:36 +00:00
Andy Polyakov
6da165c631 ans1/tasn_prn.c: avoid bool in variable names.
PR: 2776
2012-03-29 17:48:19 +00:00
Dr. Stephen Henson
d0595f170c Initial revision of ECC extension handling.
Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
2012-03-28 15:05:04 +00:00
Dr. Stephen Henson
751e26cb9b fix leak 2012-03-22 16:28:07 +00:00
Dr. Stephen Henson
f404acfa2c Submitted by: Markus Friedl <mfriedl@gmail.com>
Fix memory leaks in 'goto err' cases.
2012-03-22 15:44:51 +00:00
Dr. Stephen Henson
7744ef1ada use client version when deciding whether to send supported signature algorithms extension 2012-03-21 21:33:23 +00:00
Andy Polyakov
ed998634cd e_padlock-x86[_64].pl: better understanding of prefetch errata and proper
workaround.
2012-03-19 20:23:32 +00:00
Andy Polyakov
884c580e05 eng_all.c: revert previous "disable Padlock" commit, which was unjustified. 2012-03-19 20:20:41 +00:00
Dr. Stephen Henson
bbbe61c958 Always use SSLv23_{client,server}_method in s_client.c and s_server.c,
the old code came from SSLeay days before TLS was even supported.
2012-03-18 18:16:46 +00:00
Andy Polyakov
df27a35137 vpaes-x86_64.pl: out-of-date Apple assembler fails to calculate
distance between local labels.
PR: 2762
2012-03-17 16:06:31 +00:00
Andy Polyakov
f9ef874a21 bsaes-x86_64.pl: optimize key conversion. 2012-03-16 21:44:19 +00:00
Andy Polyakov
442c9f13d4 bsaes-armv7.pl: optmize Sbox and key conversion. 2012-03-16 21:41:48 +00:00
Dr. Stephen Henson
156421a2af oops, revert unrelated patches 2012-03-14 13:46:50 +00:00
Dr. Stephen Henson
61ad8262a0 update FAQ, NEWS 2012-03-14 13:44:57 +00:00
Andy Polyakov
5c88dcca5b ghash-x86.pl: omit unreferenced rem_8bit from no-sse2 build. 2012-03-13 19:43:42 +00:00
Andy Polyakov
d2add2efaa ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER. 2012-03-13 19:20:55 +00:00
Andy Polyakov
b2ae61ecf2 x86_64-xlate.pl: remove old kludge.
PR: 2435,2440
2012-03-13 19:19:08 +00:00
Dr. Stephen Henson
78dfd43955 corrected fix to PR#2711 and also cover mime_param_cmp 2012-03-12 16:32:19 +00:00
Dr. Stephen Henson
146b52edd1 Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 16:31:39 +00:00
Dr. Stephen Henson
13747c6fda update NEWS 2012-03-12 16:23:00 +00:00
Dr. Stephen Henson
174b07be93 PR: 2744
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

CMS support for ccgost engine
2012-03-11 13:40:17 +00:00
Dr. Stephen Henson
15a40af2ed Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Add more extension names in s_cb.c extension printing code.
2012-03-09 18:38:35 +00:00
Dr. Stephen Henson
ea6e386008 PR: 2756
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
2012-03-09 15:52:33 +00:00
Dr. Stephen Henson
34b61f5a25 check return value of BIO_write in PKCS7_decrypt 2012-03-08 14:10:23 +00:00
Dr. Stephen Henson
e7f8ff4382 New ctrls to retrieve supported signature algorithms and curves and
extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.
2012-03-06 14:28:21 +00:00
Dr. Stephen Henson
62b6948a27 PR: 2755
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
2012-03-06 13:47:43 +00:00
Dr. Stephen Henson
0fbf8b9cea PR: 2748
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
2012-03-06 13:26:15 +00:00