Skip to content
  1. May 25, 2013
  2. May 13, 2013
  3. May 05, 2013
  4. May 02, 2013
  5. Apr 23, 2013
  6. Apr 14, 2013
  7. Apr 13, 2013
    • Andy Polyakov's avatar
      db05b447
    • Andy Polyakov's avatar
      crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on ARMv7. · 3bdd8052
      Andy Polyakov authored
      While ARMv7 in general is capable of unaligned access, not all instructions
      actually are. And trouble is that compiler doesn't seem to differentiate
      those capable and incapable of unaligned access. Side effect is that kernel
      goes into endless loop retrying same instruction triggering unaligned trap.
      Problem was observed in xts128.c and ccm128.c modules. It's possible to
      resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT
      be feels more appropriate.
      3bdd8052
  8. Apr 09, 2013
    • Dr. Stephen Henson's avatar
      Suite B support for DTLS 1.2 · 4544f0a6
      Dr. Stephen Henson authored
      Check for Suite B support using method flags instead of version numbers:
      anything supporting TLS 1.2 cipher suites will also support Suite B.
      
      Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
      4544f0a6
    • Dr. Stephen Henson's avatar
      Always return errors in ssl3_get_client_hello · c56f5b8e
      Dr. Stephen Henson authored
      If we successfully match a cookie don't set return value to 2 as this
      results in other error conditions returning 2 as well.
      
      Instead set return value to -2 which can be checked later if everything
      else is OK.
      c56f5b8e
    • Dr. Stephen Henson's avatar
      Dual DTLS version methods. · c6913eeb
      Dr. Stephen Henson authored
      Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
      pick the highest version the peer supports during negotiation.
      
      As with SSL/TLS options can change this behaviour specifically
      SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
      c6913eeb
  9. Apr 08, 2013
  10. Apr 07, 2013
  11. Apr 06, 2013
  12. Apr 04, 2013
    • Dr. Stephen Henson's avatar
      Make TLS 1.2 ciphers work again. · 1e2d4cb0
      Dr. Stephen Henson authored
      Since s->method does not reflect the final client version when a client
      hello is sent for SSLv23_client_method it can't be relied on to indicate
      if TLS 1.2 ciphers should be used. So use the client version instead.
      1e2d4cb0