Commit Graph

11666 Commits

Author SHA1 Message Date
Andy Polyakov
524b00c0da evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms.
Submitted by: Yuriy Kaminskiy
2013-10-03 10:55:49 +02:00
Andy Polyakov
6b2cae0c16 perlasm/sparcv9_modes.pl: make it work even with seasoned perl.
PR: 3130
2013-10-03 10:42:11 +02:00
Andy Polyakov
a5bb5bca52 bn/asm/x86_64-mont*.pl: add MULX/ADCX/ADOX code path. 2013-10-03 00:45:04 +02:00
Andy Polyakov
87954638a6 rsaz-x86_64.pl: add MULX/ADCX/ADOX code path. 2013-10-03 00:30:12 +02:00
Andy Polyakov
667053a2f3 x86_64-xlate.pl: fix jrcxz in nasm case. 2013-10-03 00:26:09 +02:00
Andy Polyakov
7f893258f6 evp/e_aes_cbc_hmac_sha*.c: multi-block glue code. 2013-10-03 00:24:03 +02:00
Andy Polyakov
6bcb68da41 Configire: take multi-block modules into build loop. 2013-10-03 00:21:10 +02:00
Andy Polyakov
b783858654 x86_64 assembly pack: add multi-block AES-NI, SHA1 and SHA256. 2013-10-03 00:18:58 +02:00
Andy Polyakov
5f487e0317 evp/e_aes_cbc_hmac_sha256.c: enable is on all AES-NI platforms, not only on AVX. 2013-10-03 00:16:51 +02:00
Andy Polyakov
066caf0551 aes/asm/*-armv*.pl: compensate for inconsistencies in tool-chains.
Suggested by: Ard Biesheuvel
2013-10-01 20:33:06 +02:00
Ben Laurie
70d416ec35 Produce PEM we would consume. 2013-09-25 13:57:36 +01:00
Ben Laurie
9725bda766 Show useful errors.
Conflicts:
	apps/s_server.c
2013-09-25 12:45:48 +01:00
Ben Laurie
3cd8547a20 Mix time into the pool to avoid repetition of the Android duplicated PID problem. 2013-09-20 16:52:07 +01:00
Ben Laurie
7eef2b0cd7 Merge remote-tracking branch 'trevp/pemfix' into trev-pem-fix 2013-09-20 14:39:33 +01:00
Ben Laurie
79b9209883 More diagnostics for invalid OIDs. 2013-09-20 14:38:36 +01:00
Andy Polyakov
e0202d946d aes-armv4.pl, bsaes-armv7.pl: add Linux kernel and Thumb2 support.
Submitted by: Ard Biesheuvel
2013-09-20 13:22:57 +02:00
Dr. Stephen Henson
94c2f77a62 Add functions to set ECDSA_METHOD structure.
Add various functions to allocate and set the fields of an ECDSA_METHOD
structure.
2013-09-18 01:22:50 +01:00
Dr. Stephen Henson
9600602267 Fix error code clashes. 2013-09-18 01:22:50 +01:00
Dr. Stephen Henson
40088d8b81 DTLS version usage fixes.
Make DTLS behave like TLS when negotiating version: record layer has
DTLS 1.0, message version is 1.2.

Tolerate different version numbers if version hasn't been negotiated
yet.
2013-09-17 18:55:41 +01:00
Bodo Moeller
7d3ba88a98 Move change note for SSL_OP_SAFARI_ECDHE_ECDSA_BUG.
(This went into 1.0.2 too, so it's not actually a change
between 1.0.x and 1.1.0.)
2013-09-17 10:06:34 +02:00
Bodo Moeller
cdf84b719c Move the change note for partial chain verification: this is code from
the main branch (http://cvs.openssl.org/chngview?cn=19322) later added
to the 1.0.2 branch (http://cvs.openssl.org/chngview?cn=23113), and
thus not a change "between 1.0.2 and 1.1.0".
2013-09-17 09:48:23 +02:00
Trevor Perrin
92acab0b6a Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated. 2013-09-16 17:28:57 +01:00
Bodo Moeller
4dc836773e Sync CHANGES and NEWS files.
(Various changes from the master branch are now in the 1.0.2 branch too.)
2013-09-16 14:55:03 +02:00
Bodo Moeller
ca567a03ad Fix overly lenient comparisons:
- EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope
2013-09-16 12:59:21 +02:00
Andy Polyakov
8e52a9063a crypto/armcap.c: fix typo in rdtsc subroutine.
PR: 3125
Submitted by: Kyle McMartin
2013-09-15 22:07:49 +02:00
Andy Polyakov
b3ef742cbb Add support for Cygwin-x86_64.
PR: 3110
Submitted by Corinna Vinschen.
2013-09-15 22:01:23 +02:00
Andy Polyakov
612f4e2384 bsaes-armv7.pl: remove partial register operations in CTR subroutine. 2013-09-15 19:47:51 +02:00
Andy Polyakov
29f41e8a80 bsaes-armv7.pl: remove byte order dependency and minor optimization. 2013-09-15 19:44:43 +02:00
Ard Biesheuvel
a2ea9f3ecc Added support for ARM/NEON based bit sliced AES in XTS mode
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2013-09-15 19:37:16 +02:00
Trevor Perrin
deda5ea788 Update docs to mention "BEGIN SERVERINFO FOR ". 2013-09-13 19:48:09 -07:00
Trevor Perrin
c655f40ed2 Require ServerInfo PEMs to be named "BEGIN SERVERINFO FOR"... 2013-09-13 19:32:55 -07:00
Trevor Perrin
9103197591 Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated. 2013-09-13 18:31:48 -07:00
Rob Stradling
785da0e610 Update CHANGES. 2013-09-13 18:15:56 +01:00
Rob Stradling
cbf8123512 Tidy up comments. 2013-09-13 16:24:22 +01:00
Rob Stradling
378341e192 Use TLS version supplied by client when fingerprinting Safari. 2013-09-13 16:24:22 +01:00
Rob Stradling
d89cd382da Fix compilation with no-ec and/or no-tlsext. 2013-09-13 16:24:22 +01:00
Mat
5628ec6673 typo 2013-09-13 14:29:36 +01:00
Scott Deboy
b0d27cb902 Initialize next_proto in s_server - resolves incorrect attempts to free 2013-09-11 17:22:00 -07:00
Ben Laurie
edf92f1c41 Constification. 2013-09-10 18:04:08 +01:00
Andy Polyakov
7a1a12232a crypto/modes/asm/aesni-gcm-x86_64.pl: minor optimization.
Avoid occasional up to 8% performance drops.
2013-09-09 21:43:21 +02:00
Andy Polyakov
72a158703b crypto/bn/asm/x86_64-mont.pl: minor optimization. 2013-09-09 21:40:33 +02:00
Dr. Stephen Henson
ce4555967e Remove ancient PATENTS section and FAQ reference. 2013-09-08 21:24:02 +01:00
Dr. Stephen Henson
52073b7675 Partial path fix.
When verifying a partial path always check to see if the EE certificate
is explicitly trusted: the path could contain other untrusted certificates.
2013-09-08 19:26:59 +01:00
Dr. Stephen Henson
a6e7d1c0e3 Document extension clash. 2013-09-08 15:10:46 +01:00
Dr. Stephen Henson
5e3ff62c34 Experimental encrypt-then-mac support.
Experimental support for encrypt then mac from
draft-gutmann-tls-encrypt-then-mac-02.txt

To enable it set the appropriate extension number (0x10 for the test server)
using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10

For non-compliant peers (i.e. just about everything) this should have no
effect.
2013-09-08 13:14:03 +01:00
Dr. Stephen Henson
226751ae4a Set TLS v1.2 disabled mask properly. 2013-09-08 00:09:39 +01:00
Ben Laurie
1769dfab06 Const fix. 2013-09-06 14:03:28 +01:00
Scott Deboy
67c408cee9 Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks 2013-09-06 13:59:14 +01:00
Ben Laurie
5eda213ebe More cleanup. 2013-09-06 13:59:14 +01:00
Ben Laurie
a6a48e87bc Make it build. 2013-09-06 13:59:13 +01:00