- May 02, 2013
-
-
Dr. Stephen Henson authored
Reencode certificates in X509_sign_ctx as well as X509_sign. This was causing a problem in the x509 application when it modified an existing certificate.
-
- Apr 23, 2013
-
-
Andy Polyakov authored
Submitted by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Contributor claims ~50% improvement in CTR and ~9% in CBC decrypt on Cortex-A15.
-
Andy Polyakov authored
-
- Apr 14, 2013
-
-
Dr. Stephen Henson authored
-
- Apr 13, 2013
-
-
Andy Polyakov authored
-
Andy Polyakov authored
While ARMv7 in general is capable of unaligned access, not all instructions actually are. And trouble is that compiler doesn't seem to differentiate those capable and incapable of unaligned access. Side effect is that kernel goes into endless loop retrying same instruction triggering unaligned trap. Problem was observed in xts128.c and ccm128.c modules. It's possible to resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT be feels more appropriate.
-
- Apr 09, 2013
-
-
Dr. Stephen Henson authored
Check for Suite B support using method flags instead of version numbers: anything supporting TLS 1.2 cipher suites will also support Suite B. Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
-
Dr. Stephen Henson authored
If we successfully match a cookie don't set return value to 2 as this results in other error conditions returning 2 as well. Instead set return value to -2 which can be checked later if everything else is OK.
-
Dr. Stephen Henson authored
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
-
- Apr 08, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Don't use Win32 specific options in mk1mf.pl to build assembly language files.
-
- Apr 07, 2013
-
-
Ben Laurie authored
turn out to be made somewhere by existing Makefiles.
-
- Apr 06, 2013
-
-
Ben Laurie authored
-
Ben Laurie authored
-
Dr. Stephen Henson authored
Only use -MMD and .sinclude in copy builds: other platforms don't support them.
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
- Apr 04, 2013
-
-
Dr. Stephen Henson authored
Since s->method does not reflect the final client version when a client hello is sent for SSLv23_client_method it can't be relied on to indicate if TLS 1.2 ciphers should be used. So use the client version instead.
-
Andy Polyakov authored
-
Andy Polyakov authored
Give CBC decrypt approximately same treatment as to CTR and collect 25%.
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Apr 03, 2013
-
-
Dr. Stephen Henson authored
-
- Mar 31, 2013
-
-
Dr. Stephen Henson authored
-