Andy Polyakov
03cf7e784c
cmac.c: optimize make_kn and move zero_iv to const segment.
2012-01-06 13:19:16 +00:00
Andy Polyakov
ce0727f9bd
bn_nist.c: harmonize buf in BN_nist_mod_256 with other mod functions.
2012-01-06 13:17:47 +00:00
Bodo Möller
8e85545284
Update for 0.9.8s and 1.0.0f, and for 1.0.1 branch.
...
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in HEAD, the actual code is here already.)
2012-01-05 13:48:55 +00:00
Bodo Möller
6620bf3444
Fix usage indentation
2012-01-05 13:16:30 +00:00
Bodo Möller
7bb1cc9505
Fix for builds without DTLS support.
...
Submitted by: Brian Carlstrom
2012-01-05 10:22:41 +00:00
Dr. Stephen Henson
59e68615ce
PR: 2671
...
Submitted by: steve
Update maximum message size for certifiate verify messages to support
4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.
2012-01-05 00:28:43 +00:00
Dr. Stephen Henson
192540b522
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
...
Reviewed by: steve
Send fatal alert if heartbeat extension has an illegal value.
2012-01-05 00:23:17 +00:00
Dr. Stephen Henson
e2ca32fc2b
disable heartbeats if tlsext disabled
2012-01-05 00:07:46 +00:00
Dr. Stephen Henson
4d0bafb4ae
update CHANGES
2012-01-04 23:54:17 +00:00
Dr. Stephen Henson
e745572493
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
...
Reviewed by: steve
Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 23:52:26 +00:00
Dr. Stephen Henson
27dfffd5b7
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
2012-01-04 23:16:15 +00:00
Dr. Stephen Henson
d0dc991c62
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
2012-01-04 23:15:51 +00:00
Dr. Stephen Henson
2ec0497f08
fix CHANGES
2012-01-04 23:10:44 +00:00
Dr. Stephen Henson
6bf896d9b1
Check GOST parameters are not NULL (CVE-2012-0027)
2012-01-04 23:03:40 +00:00
Dr. Stephen Henson
be71c37296
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
2012-01-04 23:01:54 +00:00
Dr. Stephen Henson
0015572372
update FAQ
2012-01-04 20:05:58 +00:00
Dr. Stephen Henson
6074fb0979
fix warnings
2012-01-04 14:45:47 +00:00
Dr. Stephen Henson
25536ea6a7
Submitted by: Adam Langley <agl@chromium.org>
...
Reviewed by: steve
Fix memory leaks.
2012-01-04 14:25:42 +00:00
Dr. Stephen Henson
b3720c34e5
oops, revert wrong patch
2012-01-03 22:06:21 +00:00
Dr. Stephen Henson
5733919dbc
only send heartbeat extension from server if client sent one
2012-01-03 22:03:20 +00:00
Dr. Stephen Henson
b333905011
incomplete provisional OAEP CMS decrypt support
2012-01-02 18:25:37 +00:00
Dr. Stephen Henson
918fc30fa4
recognise HEARTBEATS in mkdef.pl script
2011-12-31 23:50:01 +00:00
Dr. Stephen Henson
0b9f5ef809
update CHANGES
2011-12-31 23:08:15 +00:00
Dr. Stephen Henson
4817504d06
PR: 2658
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
2011-12-31 22:59:57 +00:00
Dr. Stephen Henson
84b6e277d4
make update
2011-12-27 14:46:03 +00:00
Dr. Stephen Henson
fa2c72e549
update default depflags
2011-12-27 14:45:32 +00:00
Dr. Stephen Henson
ffdfce8d14
fix error code
2011-12-27 14:40:21 +00:00
Dr. Stephen Henson
816e243a87
fix deprecated statement
2011-12-27 14:39:13 +00:00
Dr. Stephen Henson
c79f22c63a
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.
- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
2011-12-27 14:21:45 +00:00
Dr. Stephen Henson
f3d781bb43
PR: 2326
...
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve
Fix incorrect comma expressions and goto f_err as alert has been set.
2011-12-26 19:37:58 +00:00
Dr. Stephen Henson
995a6b10e1
recognise no-sctp
2011-12-25 14:59:52 +00:00
Dr. Stephen Henson
9ef562bcc6
recognise SCTP in mkdef.pl script
2011-12-25 14:46:15 +00:00
Dr. Stephen Henson
7e159e0133
PR: 2535
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Add SCTP support for DTLS (RFC 6083).
2011-12-25 14:45:15 +00:00
Dr. Stephen Henson
b9e1488865
typo
2011-12-23 15:03:03 +00:00
Dr. Stephen Henson
e43bfb2906
recognise DECLARE_PEM_write_const, update ordinals
2011-12-23 14:58:30 +00:00
Dr. Stephen Henson
9c52c3e07c
delete unimplemented function from header file, update ordinals
2011-12-23 14:09:30 +00:00
Dr. Stephen Henson
1394b29120
sync and update ordinals
2011-12-22 16:11:47 +00:00
Dr. Stephen Henson
b646fc409d
remove prototype for deleted SRP function
2011-12-22 16:05:02 +00:00
Dr. Stephen Henson
f9b0b45238
New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
...
New function to retrieve compression method from SSL_SESSION structure.
Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.
2011-12-22 15:14:32 +00:00
Dr. Stephen Henson
ad89bf7894
PR: 2563
...
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve
Improved PRNG seeding for VOS.
2011-12-19 17:01:37 +00:00
Andy Polyakov
e75440d2c9
update CHANGES.
2011-12-19 14:48:49 +00:00
Dr. Stephen Henson
188c53f7e8
update CHANGES
2011-12-19 14:41:03 +00:00
Andy Polyakov
7aba22ba28
apps/speed.c: fix typo in last commit.
2011-12-19 14:33:09 +00:00
Andy Polyakov
bdba45957a
apps/speed.c: Cygwin alarm() fails sometimes.
...
PR: 2655
2011-12-15 22:30:03 +00:00
Andy Polyakov
0e1467a64c
vpaes-x86.pl: revert previous commit and solve the problem through x86masm.pl.
...
PR: 2657
2011-12-15 22:20:05 +00:00
Dr. Stephen Henson
f2fc30751e
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Remove unnecessary code for srp and to add some comments to
s_client.
- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable
- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
2011-12-14 22:17:06 +00:00
Dr. Stephen Henson
1bfdb34f70
Add private keys and generation scripts for test certificates in apps
...
directory.
2011-12-14 22:14:47 +00:00
Andy Polyakov
405edfdcab
vpaes-x86.pl: portability fix.
...
PR: 2657
2011-12-14 21:29:32 +00:00
Ben Laurie
3c0ff9f939
Remove redundant TLS exporter.
2011-12-13 15:57:39 +00:00
Ben Laurie
b9ef708e40
Padlock engine doesn't build (the asm parts are not built for some reason),
...
so remove for now.
2011-12-13 15:56:40 +00:00