Commit Graph

10707 Commits

Author SHA1 Message Date
Dr. Stephen Henson
27dfffd5b7 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 23:16:15 +00:00
Dr. Stephen Henson
d0dc991c62 Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 23:15:51 +00:00
Dr. Stephen Henson
2ec0497f08 fix CHANGES 2012-01-04 23:10:44 +00:00
Dr. Stephen Henson
6bf896d9b1 Check GOST parameters are not NULL (CVE-2012-0027) 2012-01-04 23:03:40 +00:00
Dr. Stephen Henson
be71c37296 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 23:01:54 +00:00
Dr. Stephen Henson
0015572372 update FAQ 2012-01-04 20:05:58 +00:00
Dr. Stephen Henson
6074fb0979 fix warnings 2012-01-04 14:45:47 +00:00
Dr. Stephen Henson
25536ea6a7 Submitted by: Adam Langley <agl@chromium.org>
Reviewed by: steve

Fix memory leaks.
2012-01-04 14:25:42 +00:00
Dr. Stephen Henson
b3720c34e5 oops, revert wrong patch 2012-01-03 22:06:21 +00:00
Dr. Stephen Henson
5733919dbc only send heartbeat extension from server if client sent one 2012-01-03 22:03:20 +00:00
Dr. Stephen Henson
b333905011 incomplete provisional OAEP CMS decrypt support 2012-01-02 18:25:37 +00:00
Dr. Stephen Henson
918fc30fa4 recognise HEARTBEATS in mkdef.pl script 2011-12-31 23:50:01 +00:00
Dr. Stephen Henson
0b9f5ef809 update CHANGES 2011-12-31 23:08:15 +00:00
Dr. Stephen Henson
4817504d06 PR: 2658
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
2011-12-31 22:59:57 +00:00
Dr. Stephen Henson
84b6e277d4 make update 2011-12-27 14:46:03 +00:00
Dr. Stephen Henson
fa2c72e549 update default depflags 2011-12-27 14:45:32 +00:00
Dr. Stephen Henson
ffdfce8d14 fix error code 2011-12-27 14:40:21 +00:00
Dr. Stephen Henson
816e243a87 fix deprecated statement 2011-12-27 14:39:13 +00:00
Dr. Stephen Henson
c79f22c63a PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.

- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
2011-12-27 14:21:45 +00:00
Dr. Stephen Henson
f3d781bb43 PR: 2326
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve

Fix incorrect comma expressions and goto f_err as alert has been set.
2011-12-26 19:37:58 +00:00
Dr. Stephen Henson
995a6b10e1 recognise no-sctp 2011-12-25 14:59:52 +00:00
Dr. Stephen Henson
9ef562bcc6 recognise SCTP in mkdef.pl script 2011-12-25 14:46:15 +00:00
Dr. Stephen Henson
7e159e0133 PR: 2535
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Add SCTP support for DTLS (RFC 6083).
2011-12-25 14:45:15 +00:00
Dr. Stephen Henson
b9e1488865 typo 2011-12-23 15:03:03 +00:00
Dr. Stephen Henson
e43bfb2906 recognise DECLARE_PEM_write_const, update ordinals 2011-12-23 14:58:30 +00:00
Dr. Stephen Henson
9c52c3e07c delete unimplemented function from header file, update ordinals 2011-12-23 14:09:30 +00:00
Dr. Stephen Henson
1394b29120 sync and update ordinals 2011-12-22 16:11:47 +00:00
Dr. Stephen Henson
b646fc409d remove prototype for deleted SRP function 2011-12-22 16:05:02 +00:00
Dr. Stephen Henson
f9b0b45238 New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
New function to retrieve compression method from SSL_SESSION structure.

Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.
2011-12-22 15:14:32 +00:00
Dr. Stephen Henson
ad89bf7894 PR: 2563
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve

Improved PRNG seeding for VOS.
2011-12-19 17:01:37 +00:00
Andy Polyakov
e75440d2c9 update CHANGES. 2011-12-19 14:48:49 +00:00
Dr. Stephen Henson
188c53f7e8 update CHANGES 2011-12-19 14:41:03 +00:00
Andy Polyakov
7aba22ba28 apps/speed.c: fix typo in last commit. 2011-12-19 14:33:09 +00:00
Andy Polyakov
bdba45957a apps/speed.c: Cygwin alarm() fails sometimes.
PR: 2655
2011-12-15 22:30:03 +00:00
Andy Polyakov
0e1467a64c vpaes-x86.pl: revert previous commit and solve the problem through x86masm.pl.
PR: 2657
2011-12-15 22:20:05 +00:00
Dr. Stephen Henson
f2fc30751e PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Remove unnecessary code for srp and to add some comments to
s_client.

- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable

- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
2011-12-14 22:17:06 +00:00
Dr. Stephen Henson
1bfdb34f70 Add private keys and generation scripts for test certificates in apps
directory.
2011-12-14 22:14:47 +00:00
Andy Polyakov
405edfdcab vpaes-x86.pl: portability fix.
PR: 2657
2011-12-14 21:29:32 +00:00
Ben Laurie
3c0ff9f939 Remove redundant TLS exporter. 2011-12-13 15:57:39 +00:00
Ben Laurie
b9ef708e40 Padlock engine doesn't build (the asm parts are not built for some reason),
so remove for now.
2011-12-13 15:56:40 +00:00
Ben Laurie
e166891e0d Fix warning. 2011-12-13 15:55:35 +00:00
Ben Laurie
9a436c0f89 Back out redundant verification time change. 2011-12-13 15:00:43 +00:00
Ben Laurie
7fd5df6b12 Make it possible to set a time for verification. 2011-12-13 14:38:12 +00:00
Andy Polyakov
8c98b2591f modexp512-x86_64.pl: Solaris protability fix.
PR: 2656
2011-12-12 15:10:14 +00:00
Dr. Stephen Henson
be16cc23c6 detect and use older PKITS data 2011-12-11 16:39:25 +00:00
Dr. Stephen Henson
4fa35e7336 Updates from fips2 branch: close streams in test utilities, use cofactor ECDH
add new key and signature generation tests to fips_test_suite.
2011-12-10 13:38:34 +00:00
Dr. Stephen Henson
a3a2e3a43d add cofactor ECDH support from fips branch 2011-12-10 13:35:11 +00:00
Dr. Stephen Henson
67ef4f63f1 use different names for asm temp files to avoid problems on some platforms 2011-12-10 13:29:38 +00:00
Dr. Stephen Henson
3bfe583b8d add commented out option to allow use of older PKITS data 2011-12-10 00:49:55 +00:00
Dr. Stephen Henson
627b044536 update CHANGES 2011-12-10 00:49:05 +00:00