Dr. Stephen Henson [Thu, 23 Jan 2014 18:36:33 +0000 (18:36 +0000)]
Use default digest implementation in dgst.c
Use default instead of ENGINE version of digest. Without this
errors will occur if you use an ENGINE for a private key and
it doesn't implement the digest in question.
Kaspar Brand [Thu, 16 Jan 2014 13:49:38 +0000 (13:49 +0000)]
Omit initial status request callback check.
PR#3178
Zoltan Arpadffy [Sat, 11 Jan 2014 22:42:37 +0000 (22:42 +0000)]
VMS fixes
Dr. Stephen Henson [Thu, 9 Jan 2014 22:47:22 +0000 (22:47 +0000)]
Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling.
(cherry picked from commit
8f4077ca69076cebaca51b7b666db1ed49e46b9e)
Dr. Stephen Henson [Wed, 8 Jan 2014 14:24:21 +0000 (14:24 +0000)]
Update NEWS.
Dr. Stephen Henson [Wed, 8 Jan 2014 13:39:48 +0000 (13:39 +0000)]
Update NEWS.
Dr. Stephen Henson [Wed, 8 Jan 2014 13:07:20 +0000 (13:07 +0000)]
Fix warning
PR#3220
Dr. Stephen Henson [Mon, 6 Jan 2014 15:37:02 +0000 (15:37 +0000)]
Update NEWS: removal of time in handshakes.
Dr. Stephen Henson [Mon, 6 Jan 2014 14:37:03 +0000 (14:37 +0000)]
Prepare for 1.0.1g-dev
Dr. Stephen Henson [Mon, 6 Jan 2014 14:36:07 +0000 (14:36 +0000)]
Prepare for 1.0.1f release
Dr. Stephen Henson [Mon, 6 Jan 2014 14:35:04 +0000 (14:35 +0000)]
Fix for TLS record tampering bug CVE-2013-4353
Dr. Stephen Henson [Mon, 6 Jan 2014 13:33:27 +0000 (13:33 +0000)]
make update
Dr. Stephen Henson [Sat, 4 Jan 2014 13:50:52 +0000 (13:50 +0000)]
Restore SSL_OP_MSIE_SSLV2_RSA_PADDING
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
0.9.7h but deleting it will break source compatibility with any software
that references it. Restore it but #define to zero.
(cherry picked from commit
b17d6b8d1d49fa4732deff17cfd1833616af0d9c)
Dr. Stephen Henson [Thu, 2 Jan 2014 19:02:28 +0000 (19:02 +0000)]
update NEWS
Dr. Stephen Henson [Tue, 24 Dec 2013 18:17:00 +0000 (18:17 +0000)]
Don't change version number if session established
When sending an invalid version number alert don't change the
version number to the client version if a session is already
established.
Thanks to Marek Majkowski for additional analysis of this issue.
PR#3191
Dr. Stephen Henson [Wed, 11 Dec 2013 14:45:12 +0000 (14:45 +0000)]
Don't use rdrand engine as default unless explicitly requested.
(cherry picked from commit
8f68678989a198ead3ab59a698302ecb0f1c8fb1)
Dr. Stephen Henson [Fri, 20 Dec 2013 15:26:50 +0000 (15:26 +0000)]
Fix DTLS retransmission from previous session.
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
Dr. Stephen Henson [Fri, 20 Dec 2013 15:12:26 +0000 (15:12 +0000)]
Ignore NULL parameter in EVP_MD_CTX_destroy.
Dr. Stephen Henson [Thu, 19 Dec 2013 14:37:39 +0000 (14:37 +0000)]
Use version in SSL_METHOD not SSL structure.
When deciding whether to use TLS 1.2 PRF and record hash algorithms
use the version number in the corresponding SSL_METHOD structure
instead of the SSL structure. The SSL structure version is sometimes
inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449)
Andy Polyakov [Wed, 18 Dec 2013 20:27:35 +0000 (21:27 +0100)]
sha512.c: fullfull implicit API contract in SHA512_Transform.
SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.
(cherry picked from commit
cdd1acd788020d2c525331da1712ada778f1373c)
Dr. Stephen Henson [Sat, 14 Dec 2013 13:55:48 +0000 (13:55 +0000)]
Check EVP errors for handshake digests.
Partial mitigation of PR#3200
Dr. Stephen Henson [Tue, 10 Dec 2013 12:52:27 +0000 (12:52 +0000)]
Get FIPS checking logic right.
We need to lock when *not* in FIPS mode.
(cherry picked from commit
57c4e42d7545b51cbc00015defc81db7236dc15f)
Dr. Stephen Henson [Tue, 10 Dec 2013 00:10:53 +0000 (00:10 +0000)]
remove obsolete STATUS file
Dr. Stephen Henson [Mon, 9 Dec 2013 23:55:12 +0000 (23:55 +0000)]
Add release dates to NEWS
Dr. Stephen Henson [Sun, 8 Dec 2013 13:13:29 +0000 (13:13 +0000)]
make update
Dr. Stephen Henson [Wed, 4 Dec 2013 13:39:04 +0000 (13:39 +0000)]
Avoid multiple locks in FIPS mode.
PR: 3176.
In FIPS mode ssleay_rand_bytes is only used for PRNG seeding and is
performed in either a single threaded context (when the PRNG is first
initialised) or under a lock (reseeding). To avoid multiple locks disable
use of CRYPTO_LOCK_RAND in FIPS mode in ssleay_rand_bytes.
(cherry picked from commit
53142f72c9b9c9bad2f39ca6200a4f04f5c8001c)
Andy Polyakov [Tue, 3 Dec 2013 22:59:55 +0000 (23:59 +0100)]
bn/asm/x86_64-mont5.pl: comply with Win64 ABI.
PR: 3189
Submitted by: Oscar Ciurana
(cherry picked from commit
c5d5f5bd0fe8b2313bec844c0f80f3d49562bfa8)
Dr. Stephen Henson [Wed, 27 Nov 2013 15:35:56 +0000 (15:35 +0000)]
Simplify and update openssl.spec
Andy Polyakov [Tue, 12 Nov 2013 21:09:55 +0000 (22:09 +0100)]
srp/srp_grps.h: make it Compaq C-friendly.
PR: 3165
Submitted by: Daniel Richard G.
(cherry picked from commit
2df9ec01d563f9cc2deab07e8c3391059d476592)
(cherry picked from commit
0de70011adf6952e3b975d1a8a383879b64f3b77)
Andy Polyakov [Tue, 12 Nov 2013 20:59:01 +0000 (21:59 +0100)]
modes/asm/ghash-alpha.pl: update from HEAD.
PR: 3165
(cherry picked from commit
220d1e5353409d9af938111b22d6b58e6a42f633)
Andy Polyakov [Tue, 12 Nov 2013 20:49:15 +0000 (21:49 +0100)]
Make Makefiles OSF-make-friendly.
PR: 3165
(cherry picked from commit
d1cf23ac86c05b22b8780e2c03b67230564d2d34)
Dr. Stephen Henson [Mon, 11 Nov 2013 22:39:40 +0000 (22:39 +0000)]
Fix memory leak.
(cherry picked from commit
16bc45ba956fdf07c7cda7feda88de597569df63)
Dr. Stephen Henson [Mon, 11 Nov 2013 22:24:08 +0000 (22:24 +0000)]
Andy Polyakov [Sun, 10 Nov 2013 22:06:41 +0000 (23:06 +0100)]
Makefile.org: make FIPS build work with BSD make.
(cherry picked from commit
60adefa61025ffd7d56cf7ff8491008f783282bf)
Dr. Stephen Henson [Thu, 7 Nov 2013 15:15:20 +0000 (15:15 +0000)]
Check for missing components in RSA_check.
(cherry picked from commit
01be36ef70525e81fc358d2e559bdd0a0d9427a5)
Dr. Stephen Henson [Thu, 7 Nov 2013 17:27:07 +0000 (17:27 +0000)]
Document RSAPublicKey_{in,out} options.
(cherry picked from commit
7040d73d22987532faa503630d6616cf2788c975)
Andy Polyakov [Fri, 8 Nov 2013 22:00:35 +0000 (23:00 +0100)]
engines/ccgost/gost89.h: make word32 defintion unconditional.
Original definition depended on __LONG_MAX__ that is not guaranteed to
be present. As we don't support platforms with int narrower that 32 bits
it's appropriate to make defition inconditional.
PR: 3165
(cherry picked from commit
96180cac04591abfe50fc86096365553484bde65)
Andy Polyakov [Fri, 8 Nov 2013 21:56:44 +0000 (22:56 +0100)]
modes/asm/ghash-alpha.pl: make it work with older assembler.
PR: 3165
(cherry picked from commit
d24d1d7daf515aa19fbf18f6371e3e617028a07c)
Dr. Stephen Henson [Wed, 6 Nov 2013 14:38:28 +0000 (14:38 +0000)]
Enable PSK in FIPS mode.
Enable PSK ciphersuites with AES or DES3 in FIPS mode.
(cherry picked from commit
e0ffd129c16af90eb5e2ce54e57832c0046d1aaf)
Dr. Stephen Henson [Wed, 6 Nov 2013 13:16:50 +0000 (13:16 +0000)]
Initialise context before using it.
(cherry picked from commit
a4947e4e064d2d5bb622ac64cf13edc4a46ed196)
Ben Laurie [Sun, 3 Nov 2013 17:23:50 +0000 (17:23 +0000)]
PBKDF2 should be efficient. Contributed by Christian Heimes
<christian@python.org>.
Robin Seggelmann [Wed, 9 May 2012 17:28:41 +0000 (19:28 +0200)]
DTLS/SCTP Finished Auth Bug
PR: 2808
With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and
FORWARD-TSN chunks. The key for this extension is derived from the
master secret and changed with the next ChangeCipherSpec, whenever a new
key has been negotiated. The following Finished then already uses the
new key. Unfortunately, the ChangeCipherSpec and Finished are part of
the same flight as the ClientKeyExchange, which is necessary for the
computation of the new secret. Hence, these messages are sent
immediately following each other, leaving the server very little time to
compute the new secret and pass it to SCTP before the finished arrives.
So the Finished is likely to be discarded by SCTP and a retransmission
becomes necessary. To prevent this issue, the Finished of the client is
still sent with the old key.
(cherry picked from commit
9fb523adce6fd6015b68da2ca8e4ac4900ac2be2)
(cherry picked from commit
b9ef52b07897f249a9fa44943dba33fba8fb2721)
Robin Seggelmann [Wed, 9 May 2012 17:28:44 +0000 (19:28 +0200)]
DTLS/SCTP struct authchunks Bug
PR: 2809
DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with
SCTP-AUTH. It is checked if this has been activated successfully for
the local and remote peer. Due to a bug, however, the
gauth_number_of_chunks field of the authchunks struct is missing on
FreeBSD, and was therefore not considered in the OpenSSL implementation.
This patch sets the corresponding pointer for the check correctly
whether or not this bug is present.
(cherry picked from commit
f596e3c491035fe80db5fc0c3ff6b647662b0003)
(cherry picked from commit
b8140811367f6e1ef13afa6ffe9625309c46946c)
Nick Mathewson [Sun, 20 Oct 2013 22:08:58 +0000 (15:08 -0700)]
Fix another gmt_unix_time case in server_random
Dr. Stephen Henson [Tue, 15 Oct 2013 13:15:54 +0000 (14:15 +0100)]
Don't use RSA+MD5 with TLS 1.2
Since the TLS 1.2 supported signature algorithms extension is less
sophisticaed in OpenSSL 1.0.1 this has to be done in two stages.
RSA+MD5 is removed from supported signature algorithms extension:
any compliant implementation should never use RSA+MD5 as a result.
To cover the case of a broken implementation using RSA+MD5 anyway
disable lookup of MD5 algorithm in TLS 1.2.
Ben Laurie [Sat, 19 Oct 2013 11:37:15 +0000 (12:37 +0100)]
More cleanup.
Ben Laurie [Sat, 19 Oct 2013 11:34:15 +0000 (12:34 +0100)]
Cleanup.
Ben Laurie [Sat, 19 Oct 2013 10:46:32 +0000 (11:46 +0100)]
Merge branch 'no_gmt_unix_time' of git://github.com/nmathewson/openssl into OpenSSL_1_0_1-stable
Andy Polyakov [Sun, 13 Oct 2013 11:14:52 +0000 (13:14 +0200)]
MIPS assembly pack: get rid of deprecated instructions.
Latest MIPS ISA specification declared 'branch likely' instructions
obsolete. To makes code future-proof replace them with equivalent.
(cherry picked from commit
0c2adb0a9be76da8de9bbfd5377215f71711a52e)
Andy Polyakov [Sat, 12 Oct 2013 19:47:54 +0000 (21:47 +0200)]
aes/asm/bsaes-x86_64.pl: update from master.
Performance improvement and Windows-specific bugfix (PR#3139).
(cherry picked from commit
9ed6fba2b4685ced2340feff03da5a12ed14b003)
Nick Mathewson [Wed, 9 Oct 2013 14:37:53 +0000 (10:37 -0400)]
Control sending time with SSL_SEND_{CLIENT,SERVER}RANDOM_MODE
(I'd rather use an option, but it appears that the options field is
full.)
Now, we send the time in the gmt_unix_time field if the appropriate
one of these mode options is set, but randomize the field if the flag
is not set.
Nick Mathewson [Wed, 9 Oct 2013 14:28:42 +0000 (10:28 -0400)]
Refactor {client,server}_random to call an intermediate function
I'll be using this to make an option for randomizing the time.
Andy Polyakov [Thu, 3 Oct 2013 08:55:49 +0000 (10:55 +0200)]
evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms.
Submitted by: Yuriy Kaminskiy
(cherry picked from commit
524b00c0da42b129ed8622dfb3f5eab9cc5d6617)
Resolved conflicts:
crypto/evp/e_des3.c
Ben Laurie [Tue, 1 Oct 2013 13:51:04 +0000 (14:51 +0100)]
Constification.
Dr. Stephen Henson [Wed, 17 Jul 2013 13:19:40 +0000 (14:19 +0100)]
Dr. Stephen Henson [Mon, 16 Sep 2013 04:23:44 +0000 (05:23 +0100)]
Disable Dual EC DRBG.
Return an error if an attempt is made to enable the Dual EC DRBG: it
is not used by default.
Dr. Stephen Henson [Mon, 16 Sep 2013 05:12:00 +0000 (06:12 +0100)]
Fix warning.
Nick Mathewson [Mon, 16 Sep 2013 17:32:54 +0000 (13:32 -0400)]
Do not include a timestamp in the ServerHello Random field.
Instead, send random bytes.
Nick Mathewson [Sun, 8 Sep 2013 00:40:59 +0000 (20:40 -0400)]
Do not include a timestamp in the ClientHello Random field.
Instead, send random bytes.
While the gmt_unix_time record was added in an ostensible attempt to
mitigate the dangers of a bad RNG, its presence leaks the host's view
of the current time in the clear. This minor leak can help
fingerprint TLS instances across networks and protocols... and what's
worse, it's doubtful thet the gmt_unix_time record does any good at
all for its intended purpose, since:
* It's quite possible to open two TLS connections in one second.
* If the PRNG output is prone to repeat itself, ephemeral
* handshakes (and who knows what else besides) are broken.
Rob Stradling [Thu, 12 Sep 2013 21:05:17 +0000 (22:05 +0100)]
Update CHANGES.
Rob Stradling [Tue, 10 Sep 2013 10:06:55 +0000 (11:06 +0100)]
Tidy up comments.
Rob Stradling [Tue, 10 Sep 2013 10:03:29 +0000 (11:03 +0100)]
Use TLS version supplied by client when fingerprinting Safari.
Rob Stradling [Tue, 10 Sep 2013 10:00:57 +0000 (11:00 +0100)]
Fix compilation with no-ec and/or no-tlsext.
Rob Stradling [Mon, 9 Sep 2013 11:52:41 +0000 (12:52 +0100)]
Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
Ben Laurie [Mon, 16 Sep 2013 14:05:21 +0000 (15:05 +0100)]
Remove AVX and VIS3 support.
Andy Polyakov [Sun, 19 May 2013 19:55:30 +0000 (21:55 +0200)]
gcm128.c: update from master (add AVX and VIS3 support).
Andy Polyakov [Mon, 5 Nov 2012 17:03:39 +0000 (17:03 +0000)]
crypto/modes: even more strict aliasing fixes [and fix bug in cbc128.c from
previous cbc128.c commit].
Andy Polyakov [Mon, 5 Nov 2012 10:04:02 +0000 (10:04 +0000)]
cbc128.c: fix strict aliasing warning.
Bodo Moeller [Mon, 16 Sep 2013 12:47:56 +0000 (14:47 +0200)]
Sync CHANGES and NEWS files.
Bodo Moeller [Mon, 16 Sep 2013 11:03:27 +0000 (13:03 +0200)]
Fix overly lenient comparisons:
- EC_GROUP_cmp shouldn't consider curves equal just because
the curve name is the same. (They really *should* be the same
in this case, but there's an EC_GROUP_set_curve_name API,
which could be misused.)
- EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
equality (not an error).
Reported by: king cope
(cherry picked from commit
312a46791ab465cfa3bf26764361faed0e5df014)
Andy Polyakov [Sun, 15 Sep 2013 20:07:49 +0000 (22:07 +0200)]
crypto/armcap.c: fix typo in rdtsc subroutine.
PR: 3125
Submitted by: Kyle McMartin
(cherry picked from commit
8e52a9063a8a016bdac780005256994d26f9c2f9)
Dr. Stephen Henson [Tue, 20 Aug 2013 15:33:02 +0000 (16:33 +0100)]
Correct ECDSA example.
(cherry picked from commit
3a918ea2bbf4175d9461f81be1403d3781b2c0dc)
Michael Tuexen [Tue, 13 Aug 2013 17:53:19 +0000 (18:53 +0100)]
DTLS message_sequence number wrong in rehandshake ServerHello
This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.
(cherry picked from commit
b62f4daac00303280361924b9cc19b3e27528b15)
Michael Tuexen [Thu, 8 Aug 2013 12:28:55 +0000 (13:28 +0100)]
DTLS handshake fix.
Reported by: Prashant Jaikumar <rmstar@gmail.com>
Fix handling of application data received before a handshake.
(cherry picked from commit
0c75eeacd3285b395dc75b65c3e6fe6ffbef59f0)
Dr. Stephen Henson [Fri, 12 Jul 2013 16:35:08 +0000 (17:35 +0100)]
Fix verify loop with CRL checking.
PR #3090
Reported by: Franck Youssef <fry@open.ch>
If no new reason codes are obtained after checking a CRL exit with an
error to avoid repeatedly checking the same CRL.
This will only happen if verify errors such as invalid CRL scope are
overridden in a callback.
(cherry picked from commit
4b26645c1a71cf9ce489e4f79fc836760b670ffe)
Kaspar Brand [Tue, 6 Aug 2013 15:01:47 +0000 (16:01 +0100)]
Fix for PEM_X509_INFO_read_bio.
PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.
(cherry picked from commit
5ae8d6bcbaff99423a2608559d738a3fcf7ed6dc)
Andy Polyakov [Sat, 3 Aug 2013 14:56:58 +0000 (16:56 +0200)]
crypto/evp/e_aes.c: fix logical pre-processor bug and formatting.
Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
(cherry picked from commit
044f63086051d7542fa9485a1432498c39c4d8fa)
Andy Polyakov [Wed, 31 Jul 2013 21:53:49 +0000 (23:53 +0200)]
crypto/sha/asm/sha1-x86_64.pl: comply with Win64 ABI.
Andy Polyakov [Sun, 30 Jun 2013 21:55:55 +0000 (23:55 +0200)]
config: fix executable format detection on latest FreeBSD.
Submitted by: Bryan Drewery
PR: 3075
(cherry picked from commit
c256e69d3f3acd0794ae9c1f353f4093bd4c8878)
Andy Polyakov [Tue, 18 Jun 2013 08:37:00 +0000 (10:37 +0200)]
PA-RISC assembler pack: switch to bve in 64-bit builds.
PR: 3074
(cherry picked from commit
02450ec69dda7815ba1e7bd74eb30f0ae1eb3042)
Dr. Stephen Henson [Wed, 12 Jun 2013 20:16:31 +0000 (21:16 +0100)]
Typo: don't call RAND_cleanup during app startup.
(cherry picked from commit
90e7f983b573c3f3c722a02db4491a1b1cd87e8c)
Dr. Stephen Henson [Thu, 30 May 2013 20:39:50 +0000 (21:39 +0100)]
Don't use RC2 with PKCS#12 files in FIPS mode.
Dr. Stephen Henson [Sun, 5 May 2013 12:34:03 +0000 (13:34 +0100)]
Fix PSS signature printing.
Fix PSS signature printing: consistently use 0x prefix for hex values for
padding length and trailer fields.
(cherry picked from commit
deb24ad53147f5a8dd63416224a5edd7bbc0e74a)
Dr. Stephen Henson [Fri, 3 May 2013 11:31:47 +0000 (12:31 +0100)]
Reencode with X509_CRL_ctx_sign too.
(cherry picked from commit
96940f4f2d0300c033379a87db0ff19e598c6264)
Dr. Stephen Henson [Thu, 2 May 2013 11:18:46 +0000 (12:18 +0100)]
Reencode certificates in X509_sign_ctx.
Reencode certificates in X509_sign_ctx as well as X509_sign.
This was causing a problem in the x509 application when it modified an
existing certificate.
(cherry picked from commit
c6d8adb8a45186617e0a8e2c09469bd164b92b31)
Andy Polyakov [Sat, 13 Apr 2013 18:57:37 +0000 (20:57 +0200)]
crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on ARMv7.
While ARMv7 in general is capable of unaligned access, not all instructions
actually are. And trouble is that compiler doesn't seem to differentiate
those capable and incapable of unaligned access. Side effect is that kernel
goes into endless loop retrying same instruction triggering unaligned trap.
Problem was observed in xts128.c and ccm128.c modules. It's possible to
resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT
be feels more appropriate.
(cherry picked from commit
3bdd80521a81d50ade4214053cd9b293f920a77b)
Dr. Stephen Henson [Mon, 8 Apr 2013 17:03:12 +0000 (18:03 +0100)]
Set s->d1 to NULL after freeing it.
(cherry picked from commit
04638f2fc335a6dc2af8e5d556d36e29c261dcd2)
Dr. Stephen Henson [Sun, 31 Mar 2013 16:42:46 +0000 (17:42 +0100)]
Dr. Stephen Henson [Thu, 28 Mar 2013 14:28:06 +0000 (14:28 +0000)]
Call RAND_cleanup in openssl application.
Matt Caswell [Tue, 26 Mar 2013 15:39:50 +0000 (15:39 +0000)]
Make binary curve ASN.1 work in FIPS mode.
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
(cherry picked from commit
94782e0e9c28bd872107b8f814f4db68c9fbf5ab)
Dr. Stephen Henson [Tue, 19 Mar 2013 13:46:28 +0000 (13:46 +0000)]
Disable compression for DTLS.
The only standard compression method is stateful and is incompatible with
DTLS.
(cherry picked from commit
e14b8410ca882da8e9579a2d928706f894c8e1ae)
Andy Polyakov [Mon, 4 Mar 2013 19:05:04 +0000 (20:05 +0100)]
x86cpuid.pl: make it work with older CPUs.
PR: 3005
(cherry picked from commit
5702e965d759dde8a098d8108660721ba2b93a7d)
Andy Polyakov [Mon, 18 Mar 2013 18:29:41 +0000 (19:29 +0100)]
e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms.
PR: 3002
(cherry picked from commit
5c60046553716fcf160718f59160493194f212dc)
Michael Tuexen [Mon, 18 Mar 2013 14:30:38 +0000 (14:30 +0000)]
Avoid unnecessary fragmentation.
(cherry picked from commit
80ccc66d7eedb2d06050130c77c482ae1584199a)
Dr. Stephen Henson [Mon, 18 Mar 2013 14:19:40 +0000 (14:19 +0000)]
Encode INTEGER correctly.
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit
1643edc63c3e15b6db5a15a728bc288f2cc2bbc7)
Dr. Stephen Henson [Mon, 18 Mar 2013 14:00:13 +0000 (14:00 +0000)]
Merge branch 'OpenSSL_1_0_1-stable' of ../openssl into OpenSSL_1_0_1-stable
Dr. Stephen Henson [Mon, 18 Mar 2013 13:58:32 +0000 (13:58 +0000)]
Andy Polyakov [Fri, 1 Mar 2013 21:36:36 +0000 (22:36 +0100)]
x86_64-gf2m.pl: fix typo.
(cherry picked from commit
342dbbbe4eb82b6e12163965a12f580c2deb03ad)
Andy Polyakov [Fri, 1 Mar 2013 20:43:10 +0000 (21:43 +0100)]
x86_64-gf2m.pl: add missing Windows build fix for #2963.
PR: 3004
(cherry picked from commit
7c43601d4424575d589f028aed0d5a4ae337527f)
Andy Polyakov [Sat, 16 Feb 2013 10:38:46 +0000 (11:38 +0100)]
bn_nist.c: cumulative update from master.
PR: 2981, 2837
projects / openssl.git / log