Andy Polyakov
524b00c0da
evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms.
...
Submitted by: Yuriy Kaminskiy
2013-10-03 10:55:49 +02:00
Andy Polyakov
6b2cae0c16
perlasm/sparcv9_modes.pl: make it work even with seasoned perl.
...
PR: 3130
2013-10-03 10:42:11 +02:00
Andy Polyakov
a5bb5bca52
bn/asm/x86_64-mont*.pl: add MULX/ADCX/ADOX code path.
2013-10-03 00:45:04 +02:00
Andy Polyakov
87954638a6
rsaz-x86_64.pl: add MULX/ADCX/ADOX code path.
2013-10-03 00:30:12 +02:00
Andy Polyakov
667053a2f3
x86_64-xlate.pl: fix jrcxz in nasm case.
2013-10-03 00:26:09 +02:00
Andy Polyakov
7f893258f6
evp/e_aes_cbc_hmac_sha*.c: multi-block glue code.
2013-10-03 00:24:03 +02:00
Andy Polyakov
6bcb68da41
Configire: take multi-block modules into build loop.
2013-10-03 00:21:10 +02:00
Andy Polyakov
b783858654
x86_64 assembly pack: add multi-block AES-NI, SHA1 and SHA256.
2013-10-03 00:18:58 +02:00
Andy Polyakov
5f487e0317
evp/e_aes_cbc_hmac_sha256.c: enable is on all AES-NI platforms, not only on AVX.
2013-10-03 00:16:51 +02:00
Andy Polyakov
066caf0551
aes/asm/*-armv*.pl: compensate for inconsistencies in tool-chains.
...
Suggested by: Ard Biesheuvel
2013-10-01 20:33:06 +02:00
Ben Laurie
70d416ec35
Produce PEM we would consume.
2013-09-25 13:57:36 +01:00
Ben Laurie
9725bda766
Show useful errors.
...
Conflicts:
apps/s_server.c
2013-09-25 12:45:48 +01:00
Ben Laurie
3cd8547a20
Mix time into the pool to avoid repetition of the Android duplicated PID problem.
2013-09-20 16:52:07 +01:00
Ben Laurie
7eef2b0cd7
Merge remote-tracking branch 'trevp/pemfix' into trev-pem-fix
2013-09-20 14:39:33 +01:00
Ben Laurie
79b9209883
More diagnostics for invalid OIDs.
2013-09-20 14:38:36 +01:00
Andy Polyakov
e0202d946d
aes-armv4.pl, bsaes-armv7.pl: add Linux kernel and Thumb2 support.
...
Submitted by: Ard Biesheuvel
2013-09-20 13:22:57 +02:00
Dr. Stephen Henson
94c2f77a62
Add functions to set ECDSA_METHOD structure.
...
Add various functions to allocate and set the fields of an ECDSA_METHOD
structure.
2013-09-18 01:22:50 +01:00
Dr. Stephen Henson
9600602267
Fix error code clashes.
2013-09-18 01:22:50 +01:00
Dr. Stephen Henson
40088d8b81
DTLS version usage fixes.
...
Make DTLS behave like TLS when negotiating version: record layer has
DTLS 1.0, message version is 1.2.
Tolerate different version numbers if version hasn't been negotiated
yet.
2013-09-17 18:55:41 +01:00
Bodo Moeller
7d3ba88a98
Move change note for SSL_OP_SAFARI_ECDHE_ECDSA_BUG.
...
(This went into 1.0.2 too, so it's not actually a change
between 1.0.x and 1.1.0.)
2013-09-17 10:06:34 +02:00
Bodo Moeller
cdf84b719c
Move the change note for partial chain verification: this is code from
...
the main branch (http://cvs.openssl.org/chngview?cn=19322 ) later added
to the 1.0.2 branch (http://cvs.openssl.org/chngview?cn=23113 ), and
thus not a change "between 1.0.2 and 1.1.0".
2013-09-17 09:48:23 +02:00
Trevor Perrin
92acab0b6a
Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated.
2013-09-16 17:28:57 +01:00
Bodo Moeller
4dc836773e
Sync CHANGES and NEWS files.
...
(Various changes from the master branch are now in the 1.0.2 branch too.)
2013-09-16 14:55:03 +02:00
Bodo Moeller
ca567a03ad
Fix overly lenient comparisons:
...
- EC_GROUP_cmp shouldn't consider curves equal just because
the curve name is the same. (They really *should* be the same
in this case, but there's an EC_GROUP_set_curve_name API,
which could be misused.)
- EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
equality (not an error).
Reported by: king cope
2013-09-16 12:59:21 +02:00
Andy Polyakov
8e52a9063a
crypto/armcap.c: fix typo in rdtsc subroutine.
...
PR: 3125
Submitted by: Kyle McMartin
2013-09-15 22:07:49 +02:00
Andy Polyakov
b3ef742cbb
Add support for Cygwin-x86_64.
...
PR: 3110
Submitted by Corinna Vinschen.
2013-09-15 22:01:23 +02:00
Andy Polyakov
612f4e2384
bsaes-armv7.pl: remove partial register operations in CTR subroutine.
2013-09-15 19:47:51 +02:00
Andy Polyakov
29f41e8a80
bsaes-armv7.pl: remove byte order dependency and minor optimization.
2013-09-15 19:44:43 +02:00
Ard Biesheuvel
a2ea9f3ecc
Added support for ARM/NEON based bit sliced AES in XTS mode
...
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2013-09-15 19:37:16 +02:00
Trevor Perrin
deda5ea788
Update docs to mention "BEGIN SERVERINFO FOR ".
2013-09-13 19:48:09 -07:00
Trevor Perrin
c655f40ed2
Require ServerInfo PEMs to be named "BEGIN SERVERINFO FOR"...
2013-09-13 19:32:55 -07:00
Trevor Perrin
9103197591
Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated.
2013-09-13 18:31:48 -07:00
Rob Stradling
785da0e610
Update CHANGES.
2013-09-13 18:15:56 +01:00
Rob Stradling
cbf8123512
Tidy up comments.
2013-09-13 16:24:22 +01:00
Rob Stradling
378341e192
Use TLS version supplied by client when fingerprinting Safari.
2013-09-13 16:24:22 +01:00
Rob Stradling
d89cd382da
Fix compilation with no-ec and/or no-tlsext.
2013-09-13 16:24:22 +01:00
Mat
5628ec6673
typo
2013-09-13 14:29:36 +01:00
Scott Deboy
b0d27cb902
Initialize next_proto in s_server - resolves incorrect attempts to free
2013-09-11 17:22:00 -07:00
Ben Laurie
edf92f1c41
Constification.
2013-09-10 18:04:08 +01:00
Andy Polyakov
7a1a12232a
crypto/modes/asm/aesni-gcm-x86_64.pl: minor optimization.
...
Avoid occasional up to 8% performance drops.
2013-09-09 21:43:21 +02:00
Andy Polyakov
72a158703b
crypto/bn/asm/x86_64-mont.pl: minor optimization.
2013-09-09 21:40:33 +02:00
Dr. Stephen Henson
ce4555967e
Remove ancient PATENTS section and FAQ reference.
2013-09-08 21:24:02 +01:00
Dr. Stephen Henson
52073b7675
Partial path fix.
...
When verifying a partial path always check to see if the EE certificate
is explicitly trusted: the path could contain other untrusted certificates.
2013-09-08 19:26:59 +01:00
Dr. Stephen Henson
a6e7d1c0e3
Document extension clash.
2013-09-08 15:10:46 +01:00
Dr. Stephen Henson
5e3ff62c34
Experimental encrypt-then-mac support.
...
Experimental support for encrypt then mac from
draft-gutmann-tls-encrypt-then-mac-02.txt
To enable it set the appropriate extension number (0x10 for the test server)
using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10
For non-compliant peers (i.e. just about everything) this should have no
effect.
2013-09-08 13:14:03 +01:00
Dr. Stephen Henson
226751ae4a
Set TLS v1.2 disabled mask properly.
2013-09-08 00:09:39 +01:00
Ben Laurie
1769dfab06
Const fix.
2013-09-06 14:03:28 +01:00
Scott Deboy
67c408cee9
Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks
2013-09-06 13:59:14 +01:00
Ben Laurie
5eda213ebe
More cleanup.
2013-09-06 13:59:14 +01:00
Ben Laurie
a6a48e87bc
Make it build.
2013-09-06 13:59:13 +01:00