Dr. Stephen Henson
4b9e0b5f74
print out issuer and subject unique identifier fields in certificates
2012-06-12 13:41:18 +00:00
Andy Polyakov
447e1319b1
bss_dgram.c: add BIO_CTRL_DGRAM_SET_DONT_FRAG.
...
PR: 2830
Submitted by: Robin Seggelmann
2012-06-11 14:56:25 +00:00
Andy Polyakov
e77ec2ba6f
bss_dgram.c: make getsockopt work in cases when optlen is 64-bit value.
2012-06-11 14:27:56 +00:00
Ben Laurie
195b9eeeed
Fix memory leak.
2012-06-11 09:23:55 +00:00
Andy Polyakov
80c42f3e0c
b_sock.c: make getsockopt work in cases when optlen is 64-bit value.
2012-06-11 08:52:11 +00:00
Ben Laurie
7a71af86ce
Rearrange and test authz extension.
2012-06-07 13:20:47 +00:00
Ben Laurie
32e62d1cc4
Fix memory leak.
2012-06-06 13:03:42 +00:00
Ben Laurie
aeda172afd
Parse authz correctly.
2012-06-06 12:52:19 +00:00
Andy Polyakov
8d1b199d26
Revert random changes from commit#22606.
2012-06-04 22:12:10 +00:00
Ben Laurie
71fa451343
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
Ben Laurie
a9e1c50bb0
RFC 5878 support.
2012-05-30 10:10:58 +00:00
Ben Laurie
03c1d9f99d
Build on FreeBSD with gcc 4.6.
2012-05-30 09:34:44 +00:00
Andy Polyakov
f889bb0384
sha256-586.pl: full unroll to deliver additional ~16%, add Sandy Bridge-
...
specific code path.
2012-05-28 17:50:57 +00:00
Andy Polyakov
83698d3191
sha512-x86_64.pl: >5% better performance.
2012-05-28 17:47:15 +00:00
Andy Polyakov
6a40ebe86b
aesni-x86_64.pl: make it possibel to use in Linux kernel.
2012-05-24 07:39:44 +00:00
Andy Polyakov
d4bb6bddf8
sha256-586.pl: tune away regression on Nehalem core and incidentally
...
improve performance on Atom and P4.
2012-05-24 07:39:04 +00:00
Andy Polyakov
ee9bf3eb6c
sha256-586.pl optimization.
2012-05-19 10:10:30 +00:00
Andy Polyakov
41409651be
s2_clnt.c: compensate for compiler bug.
2012-05-16 12:47:36 +00:00
Andy Polyakov
fd05495748
ppccap.c: assume no features under 32-bit AIX kernel.
...
PR: 2810
2012-05-16 12:42:32 +00:00
Dr. Stephen Henson
4242a090c7
PR: 2813
...
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>
Fix possible deadlock when decoding public keys.
2012-05-11 13:53:37 +00:00
Dr. Stephen Henson
c3b1303387
PR: 2811
...
Reported by: Phil Pennock <openssl-dev@spodhuis.org>
Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
version client hello workaround if renegotiating.
2012-05-11 13:34:29 +00:00
Ben Laurie
5762f7778d
Fix warning.
2012-05-10 20:29:00 +00:00
Ben Laurie
7a412ded50
Padlock doesn't build. I don't even know what it is.
2012-05-10 20:28:02 +00:00
Dr. Stephen Henson
efb19e1330
PR: 2806
...
Submitted by: PK <runningdoglackey@yahoo.com>
Correct ciphersuite signature algorithm definitions.
2012-05-10 18:25:39 +00:00
Dr. Stephen Henson
c46ecc3a55
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
...
DTLS to fix DoS attack.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
2012-05-10 16:03:52 +00:00
Dr. Stephen Henson
7388b43cae
update FAQ
2012-05-10 15:37:16 +00:00
Dr. Stephen Henson
225055c30b
Reported by: Solar Designer of Openwall
...
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-05-10 13:46:09 +00:00
Richard Levitte
e0311481b8
Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS.
2012-05-04 10:43:15 +00:00
Andy Polyakov
f9c5e5d92e
perlasm: fix symptom-less bugs, missing semicolons and 'my' declarations.
2012-04-28 10:36:58 +00:00
Andy Polyakov
9474483ab7
ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance
...
of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA,
why slower algorithm are affected more...
PR: 2794
Submitted by: Ashley Lai
2012-04-27 20:17:45 +00:00
Dr. Stephen Henson
a708609945
Don't try to use unvalidated composite ciphers in FIPS mode
2012-04-26 18:55:01 +00:00
Dr. Stephen Henson
a9e6c091d5
update NEWS
2012-04-26 11:13:30 +00:00
Dr. Stephen Henson
df5705442c
update FAQ
2012-04-26 11:10:24 +00:00
Andy Polyakov
a2b21191d9
CHANGES: clarify.
2012-04-26 07:33:26 +00:00
Andy Polyakov
396f8b71ac
CHANGES: fix typos and clarify.
2012-04-26 07:20:06 +00:00
Dr. Stephen Henson
43d5b4ff31
Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and
...
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
2012-04-25 23:04:42 +00:00
Andy Polyakov
f2ad35821c
s23_clnt.c: ensure interoperability by maitaining client "version capability"
...
vector contiguous.
PR: 2802
2012-04-25 22:06:32 +00:00
Dr. Stephen Henson
09e4e4b98e
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
...
Reviewed by: steve
Improved localisation of TLS extension handling and code tidy.
2012-04-24 12:22:23 +00:00
Dr. Stephen Henson
ce33b42bc6
oops, not yet ;-)
2012-04-23 21:58:29 +00:00
Dr. Stephen Henson
579d553464
update NEWS
2012-04-23 21:56:33 +00:00
Andy Polyakov
71fa3bc5ec
objxref.pl: improve portability.
2012-04-22 21:18:30 +00:00
Dr. Stephen Henson
e2f53b675a
correct error code
2012-04-22 13:31:09 +00:00
Dr. Stephen Henson
797c61aa2d
check correctness of errors before updating them so we don't get bogus errors added
2012-04-22 13:25:51 +00:00
Dr. Stephen Henson
597dab0fa8
correct old FAQ answers
2012-04-22 13:20:28 +00:00
Dr. Stephen Henson
b36bab7812
PR: 2239
...
Submitted by: Dominik Oepen <oepen@informatik.hu-berlin.de>
Add Brainpool curves from RFC5639.
Original patch by Annie Yousar <a.yousar@informatik.hu-berlin.de>
2012-04-22 13:06:51 +00:00
Andy Polyakov
8ea92ddd13
e_rc4_hmac_md5.c: last commit was inappropriate for non-x86[_64] platforms.
...
PR: 2792
2012-04-19 20:38:05 +00:00
Dr. Stephen Henson
d9a9d10f4f
Check for potentially exploitable overflows in asn1_d2i_read_bio
...
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19 16:19:56 +00:00
Dr. Stephen Henson
0d2baadfb4
update FAQ
2012-04-19 12:33:23 +00:00
Andy Polyakov
dce1cc2a59
Makefile.org: clear yet another environment variable.
...
PR: 2793
2012-04-19 06:39:40 +00:00
Dr. Stephen Henson
b214184160
recognise X9.42 DH certificates on servers
2012-04-18 17:03:29 +00:00