Dr. Stephen Henson [Thu, 5 Jan 2012 00:07:34 +0000 (00:07 +0000)]
disable heartbeats if tlsext disabled
Dr. Stephen Henson [Wed, 4 Jan 2012 23:53:52 +0000 (23:53 +0000)]
update CHANGES
Dr. Stephen Henson [Wed, 4 Jan 2012 23:52:05 +0000 (23:52 +0000)]
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve
Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
Dr. Stephen Henson [Wed, 4 Jan 2012 23:13:29 +0000 (23:13 +0000)]
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
Dr. Stephen Henson [Wed, 4 Jan 2012 23:11:43 +0000 (23:11 +0000)]
fix CHANGES
Dr. Stephen Henson [Wed, 4 Jan 2012 23:07:54 +0000 (23:07 +0000)]
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
Dr. Stephen Henson [Wed, 4 Jan 2012 23:03:20 +0000 (23:03 +0000)]
Check GOST parameters are not NULL (CVE-2012-0027)
Dr. Stephen Henson [Wed, 4 Jan 2012 23:01:19 +0000 (23:01 +0000)]
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
Dr. Stephen Henson [Wed, 4 Jan 2012 14:46:04 +0000 (14:46 +0000)]
fix warnings
Dr. Stephen Henson [Wed, 4 Jan 2012 14:25:28 +0000 (14:25 +0000)]
Submitted by: Adam Langley <agl@chromium.org>
Reviewed by: steve
Fix memory leaks.
Dr. Stephen Henson [Tue, 3 Jan 2012 22:03:07 +0000 (22:03 +0000)]
only send heartbeat extension from server if client sent one
Dr. Stephen Henson [Tue, 3 Jan 2012 13:30:28 +0000 (13:30 +0000)]
prepare for 1.0.1-beta1
Dr. Stephen Henson [Mon, 2 Jan 2012 18:28:28 +0000 (18:28 +0000)]
OpenSSL 1.0.1 is now in beta.
Dr. Stephen Henson [Mon, 2 Jan 2012 18:16:40 +0000 (18:16 +0000)]
incomplete provisional OAEP CMS decrypt support
Dr. Stephen Henson [Mon, 2 Jan 2012 16:41:11 +0000 (16:41 +0000)]
make update
Dr. Stephen Henson [Mon, 2 Jan 2012 16:31:46 +0000 (16:31 +0000)]
update NEWS
Dr. Stephen Henson [Sat, 31 Dec 2011 23:49:45 +0000 (23:49 +0000)]
recognise HEARTBEATS in mkdef.pl script
Dr. Stephen Henson [Sat, 31 Dec 2011 23:07:28 +0000 (23:07 +0000)]
update CHANGES
Dr. Stephen Henson [Sat, 31 Dec 2011 23:00:36 +0000 (23:00 +0000)]
PR: 2658
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
Dr. Stephen Henson [Tue, 27 Dec 2011 15:17:50 +0000 (15:17 +0000)]
make error code checking strict
Dr. Stephen Henson [Tue, 27 Dec 2011 14:38:27 +0000 (14:38 +0000)]
make update
Dr. Stephen Henson [Tue, 27 Dec 2011 14:37:43 +0000 (14:37 +0000)]
fix error code
Dr. Stephen Henson [Tue, 27 Dec 2011 14:36:57 +0000 (14:36 +0000)]
fix deprecated statement
Dr. Stephen Henson [Tue, 27 Dec 2011 14:28:25 +0000 (14:28 +0000)]
update default depflags
Dr. Stephen Henson [Tue, 27 Dec 2011 14:23:22 +0000 (14:23 +0000)]
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.
- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
Dr. Stephen Henson [Mon, 26 Dec 2011 19:38:09 +0000 (19:38 +0000)]
PR: 2326
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve
Fix incorrect comma expressions and goto f_err as alert has been set.
Dr. Stephen Henson [Sun, 25 Dec 2011 14:59:40 +0000 (14:59 +0000)]
recognise no-sctp
Dr. Stephen Henson [Sun, 25 Dec 2011 14:48:44 +0000 (14:48 +0000)]
update ordinals
Dr. Stephen Henson [Sun, 25 Dec 2011 14:47:46 +0000 (14:47 +0000)]
recognise SCTP in mkdef.pl script
Dr. Stephen Henson [Sun, 25 Dec 2011 14:45:40 +0000 (14:45 +0000)]
PR: 2535
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Add SCTP support for DTLS (RFC 6083).
Dr. Stephen Henson [Fri, 23 Dec 2011 15:03:16 +0000 (15:03 +0000)]
typo
Dr. Stephen Henson [Fri, 23 Dec 2011 14:10:35 +0000 (14:10 +0000)]
delete unimplemented function from header file, update ordinals
Dr. Stephen Henson [Thu, 22 Dec 2011 16:10:04 +0000 (16:10 +0000)]
update ordinals
Dr. Stephen Henson [Thu, 22 Dec 2011 16:01:23 +0000 (16:01 +0000)]
remove prototype for deleted SRP function
Dr. Stephen Henson [Thu, 22 Dec 2011 15:01:16 +0000 (15:01 +0000)]
New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
New function to retrieve compression method from SSL_SESSION structure.
Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.
Ben Laurie [Tue, 20 Dec 2011 15:05:03 +0000 (15:05 +0000)]
Fix DTLS.
Dr. Stephen Henson [Mon, 19 Dec 2011 17:02:35 +0000 (17:02 +0000)]
PR: 2563
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve
Improved PRNG seeding for VOS.
Andy Polyakov [Mon, 19 Dec 2011 14:49:05 +0000 (14:49 +0000)]
update CHANGES.
Dr. Stephen Henson [Mon, 19 Dec 2011 14:40:02 +0000 (14:40 +0000)]
update CHANGES
Andy Polyakov [Mon, 19 Dec 2011 14:33:37 +0000 (14:33 +0000)]
apps/speed.c: fix typo in last commit.
Andy Polyakov [Thu, 15 Dec 2011 22:30:11 +0000 (22:30 +0000)]
apps/speed.c: Cygwin alarm() fails sometimes.
PR: 2655
Andy Polyakov [Thu, 15 Dec 2011 22:20:26 +0000 (22:20 +0000)]
vpaes-x86.pl: revert previous commit and solve the problem through x86masm.pl [from HEAD].
PR: 2657
Dr. Stephen Henson [Wed, 14 Dec 2011 22:18:03 +0000 (22:18 +0000)]
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Remove unnecessary code for srp and to add some comments to
s_client.
- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable
- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
Andy Polyakov [Wed, 14 Dec 2011 21:30:25 +0000 (21:30 +0000)]
vpaes-x86.pl: portability fix.
PR: 2657
Ben Laurie [Tue, 13 Dec 2011 14:35:12 +0000 (14:35 +0000)]
Remove redundant TLS exporter.
Ben Laurie [Tue, 13 Dec 2011 14:25:11 +0000 (14:25 +0000)]
SSL export fixes (from Adam Langley).
Andy Polyakov [Mon, 12 Dec 2011 15:12:09 +0000 (15:12 +0000)]
modexp512-x86_64.pl: Solaris portability fix [from HEAD].
PR: 2656
Dr. Stephen Henson [Sun, 11 Dec 2011 16:39:56 +0000 (16:39 +0000)]
detect and use older PKITS data
Dr. Stephen Henson [Sat, 10 Dec 2011 01:37:55 +0000 (01:37 +0000)]
typo
Dr. Stephen Henson [Sat, 10 Dec 2011 00:50:16 +0000 (00:50 +0000)]
add commented out option to allow use of older PKITS data
Dr. Stephen Henson [Sat, 10 Dec 2011 00:42:48 +0000 (00:42 +0000)]
remove old -attime code, new version includes all old functionality
Dr. Stephen Henson [Sat, 10 Dec 2011 00:37:42 +0000 (00:37 +0000)]
implement -attime option as a verify parameter then it works with all relevant applications
Ben Laurie [Fri, 9 Dec 2011 20:15:48 +0000 (20:15 +0000)]
Fix warning.
Andy Polyakov [Fri, 9 Dec 2011 19:16:35 +0000 (19:16 +0000)]
perlasm/x86gas.pl: give a hand old assemblers assembling loop instruction
[from HEAD].
Andy Polyakov [Fri, 9 Dec 2011 15:46:41 +0000 (15:46 +0000)]
cryptlib.c: allow for OPENSSL_ia32cap=~0x????? syntax for environment value
in question.
Andy Polyakov [Fri, 9 Dec 2011 14:26:28 +0000 (14:26 +0000)]
x86-mont.pl: fix bug in integer-only squaring path.
PR: 2648
Dr. Stephen Henson [Thu, 8 Dec 2011 14:45:15 +0000 (14:45 +0000)]
Replace expired test server and client certificates with new ones.
Dr. Stephen Henson [Wed, 7 Dec 2011 12:28:50 +0000 (12:28 +0000)]
fix error discrepancy
Dr. Stephen Henson [Tue, 6 Dec 2011 00:00:51 +0000 (00:00 +0000)]
The default CN prompt message can be confusing when often the CN needs to
be the server FQDN: change it.
[Reported by PSW Group]
Ben Laurie [Fri, 2 Dec 2011 16:49:32 +0000 (16:49 +0000)]
Fix exporter.
Ben Laurie [Fri, 2 Dec 2011 14:39:41 +0000 (14:39 +0000)]
Fix warnings.
Bodo Möller [Fri, 2 Dec 2011 12:51:41 +0000 (12:51 +0000)]
Resolve a stack set-up race condition (if the list of compression
methods isn't presorted, it will be sorted on first read).
Submitted by: Adam Langley
Bodo Möller [Fri, 2 Dec 2011 12:40:42 +0000 (12:40 +0000)]
Fix ecdsatest.c.
Submitted by: Emilia Kasper
Bodo Möller [Fri, 2 Dec 2011 12:24:48 +0000 (12:24 +0000)]
Fix BIO_f_buffer().
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
Andy Polyakov [Thu, 1 Dec 2011 12:17:20 +0000 (12:17 +0000)]
bn/asm/mips.pl: fix typos [from HEAD].
Dr. Stephen Henson [Fri, 25 Nov 2011 00:18:10 +0000 (00:18 +0000)]
PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Make SRP conformant to rfc 5054.
Changes are:
- removal of the addition state after client hello
- removal of all pre-rfc srp alert ids
- sending a fatal alert when there is no srp extension but when the
server wants SRP
- removal of unnecessary code in the client.
Ben Laurie [Thu, 24 Nov 2011 18:22:06 +0000 (18:22 +0000)]
Don't send NPN during renegotiation.
Ben Laurie [Thu, 24 Nov 2011 16:51:15 +0000 (16:51 +0000)]
Indent.
Dr. Stephen Henson [Tue, 22 Nov 2011 14:45:27 +0000 (14:45 +0000)]
update ordinals
Dr. Stephen Henson [Tue, 22 Nov 2011 14:44:42 +0000 (14:44 +0000)]
add cryptlib.h to mkdef.pl
Dr. Stephen Henson [Tue, 22 Nov 2011 12:50:59 +0000 (12:50 +0000)]
Workaround so "make depend" works for fips builds.
Dr. Stephen Henson [Mon, 21 Nov 2011 22:56:33 +0000 (22:56 +0000)]
update ordinals
Dr. Stephen Henson [Mon, 21 Nov 2011 22:55:12 +0000 (22:55 +0000)]
add strp.h to mkdef.pl headers
Dr. Stephen Henson [Mon, 21 Nov 2011 22:52:01 +0000 (22:52 +0000)]
move internal functions to ssl_locl.h
Dr. Stephen Henson [Mon, 21 Nov 2011 22:35:35 +0000 (22:35 +0000)]
recognise NEXTPROTONEG
Dr. Stephen Henson [Mon, 21 Nov 2011 22:29:16 +0000 (22:29 +0000)]
bcmp doesn't exist on all platforms, replace with memcmp
Andy Polyakov [Wed, 16 Nov 2011 23:36:40 +0000 (23:36 +0000)]
bsaes-x86_64.pl: fix buffer overrun in tail processing [from HEAD].
Ben Laurie [Tue, 15 Nov 2011 23:51:22 +0000 (23:51 +0000)]
Add TLS exporter.
Ben Laurie [Tue, 15 Nov 2011 23:02:16 +0000 (23:02 +0000)]
Add DTLS-SRTP.
Andy Polyakov [Tue, 15 Nov 2011 13:55:52 +0000 (13:55 +0000)]
aes-armv4.pl: make it link.
Andy Polyakov [Tue, 15 Nov 2011 12:39:48 +0000 (12:39 +0000)]
e_rc4_hmac_md5.c: make it work on darwin64, which is configured with RC4_CHAR.
Andy Polyakov [Tue, 15 Nov 2011 12:20:55 +0000 (12:20 +0000)]
aes-s390x.pl: make it link.
Andy Polyakov [Tue, 15 Nov 2011 12:19:56 +0000 (12:19 +0000)]
Configure, e_aes.c: allow for XTS assembler implementation [from HEAD].
Andy Polyakov [Mon, 14 Nov 2011 21:17:08 +0000 (21:17 +0000)]
e_aes.c: jumbo update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:14:53 +0000 (21:14 +0000)]
ec_cvt.c: performance update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:13:35 +0000 (21:13 +0000)]
c_allc.c: add XTS ciphers [from HEAD].
Andy Polyakov [Mon, 14 Nov 2011 21:12:53 +0000 (21:12 +0000)]
config: platform and poratbility updates from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:12:05 +0000 (21:12 +0000)]
Configure, etc.: engage additional assembler modules.
Andy Polyakov [Mon, 14 Nov 2011 21:09:30 +0000 (21:09 +0000)]
speed.c: add ghash benchmark [from HEAD].
Andy Polyakov [Mon, 14 Nov 2011 21:06:50 +0000 (21:06 +0000)]
x86 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:05:42 +0000 (21:05 +0000)]
BN update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 21:01:21 +0000 (21:01 +0000)]
x86_64 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:58:01 +0000 (20:58 +0000)]
ARM assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:56:15 +0000 (20:56 +0000)]
Alpha assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:55:24 +0000 (20:55 +0000)]
MIPS assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:54:17 +0000 (20:54 +0000)]
PPC assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:50:15 +0000 (20:50 +0000)]
PA-RISC assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:48:35 +0000 (20:48 +0000)]
SPARCv9 assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:47:22 +0000 (20:47 +0000)]
s390x assembler pack update from HEAD.
Andy Polyakov [Mon, 14 Nov 2011 20:45:57 +0000 (20:45 +0000)]
IA64 assembler pack update from HEAD.