- Dec 20, 2013
-
-
Dr. Stephen Henson authored
For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. CVE-2013-6450. (cherry picked from commit 34628967)
-
Dr. Stephen Henson authored
(cherry picked from commit a6c62f0c25a756c263a80ce52afbae888028e986)
-
- Dec 18, 2013
-
-
Andy Polyakov authored
(and ensure stack alignment in the process)
-
Andy Polyakov authored
It worked because it was never called.
-
Andy Polyakov authored
-
Andy Polyakov authored
SHA512_Transform was initially added rather as tribute to tradition than for practucal reasons. But use was recently found in ssl/s3_cbc.c and it turned to be problematic on platforms that don't tolerate misasligned references to memory and lack assembly subroutine.
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
Partial mitigation of PR#3200 (cherry picked from commit 0294b2be)
-
Dr. Stephen Henson authored
-
- Dec 13, 2013
-
-
Dr. Stephen Henson authored
Move the IP, email and host checking fields from the public X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID structure. By doing this the structure can be modified in future without risk of breaking any applications. (cherry picked from commit adc6bd73) Conflicts: crypto/x509/x509_vpm.c
-
Dr. Stephen Henson authored
Fix padding calculation for different SSL_METHOD types. Use the standard name as used in draft-agl-tls-padding-02
-
Dr. Stephen Henson authored
For consistency with other cases if we are performing partial chain verification with just one certificate notify the callback with ok==1. (cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)
-
Dr. Stephen Henson authored
New functions to retrieve internal pointers to X509_VERIFY_PARAM for SSL_CTX and SSL structures. (cherry picked from commit be0c9270690ed9c1799900643cab91de146de857)
-
Dr. Stephen Henson authored
(cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)
-
- Dec 10, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Dec 09, 2013
-
-
Andy Polyakov authored
-
Andy Polyakov authored
This also eliminates code duplication between x86_64-mont and x86_64-mont and optimizes even original non-MULX code.
-
- Dec 04, 2013
-
-
Andy Polyakov authored
-
Andy Polyakov authored
Suggested by: Marcello Cerri
-
Andy Polyakov authored
Suggested by: Marcello Cerri
-
Andy Polyakov authored
-
Andy Polyakov authored
AIX assembler doesn't hanle .align, which is essential for vpaes module.
-
- Dec 03, 2013
-
-
Andy Polyakov authored
PR: 3189 Submitted by: Oscar Ciurana
-
Andy Polyakov authored
-
Andy Polyakov authored
rsaz_exp.c: harmonize line terminating; asm/rsaz-*.pl: minor optimizations.
-
Andy Polyakov authored
-
- Nov 30, 2013
-
-
Dr. Stephen Henson authored
-
- Nov 29, 2013
-
-
Andy Polyakov authored
-
- Nov 27, 2013
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Nov 18, 2013
-
-
Dr. Stephen Henson authored
New functions to retrieve current certificate or private key from an SSL_CTX. Constify SSL_get_private_key().
-
Dr. Stephen Henson authored
-
- Nov 17, 2013
-
-
Dr. Stephen Henson authored
-
- Nov 14, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit 1abfa78a8ba714f7e47bd674db53dbe303cd1ce7)
-
Piotr Sikora authored
PR#3106
-
- Nov 13, 2013
-
-
Dr. Stephen Henson authored
Some functions such as EVP_VerifyFinal only finalise a copy of the passed context in case an application wants to digest more data. Doing this when it is not needed is inefficient and many applications don't require it. For compatibility the default is to still finalise a copy unless the flag EVP_MD_CTX_FLAG_FINALISE is set in which case the passed context is finalised an *no* further data can be digested after finalisation.
-
Dr. Stephen Henson authored
If pointer comparison for current certificate fails check to see if a match using X509_cmp succeeds for the current certificate: this is useful for cases where the certificate pointer is not available.
-
Rob Stradling authored
PR#3169 This patch, which currently applies successfully against master and 1_0_2, adds the following functions: SSL_[CTX_]select_current_cert() - set the current certificate without disturbing the existing structure. SSL_[CTX_]get0_chain_certs() - get the current certificate's chain. SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain. The patch also adds these functions to, and fixes some existing errors in, SSL_CTX_add1_chain_cert.pod.
-