Dr. Stephen Henson
418044cbab
Experimental workaround to large client hello issue (see PR#2771).
...
If OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
only.
2012-03-29 19:08:54 +00:00
Andy Polyakov
8c67b13407
perlasm/x86masm.pl: fix last fix [from HEAD].
2012-03-29 18:11:21 +00:00
Andy Polyakov
2a477ccf0b
ans1/tasn_prn.c: avoid bool in variable names [from HEAD].
...
PR: 2776
2012-03-29 17:48:43 +00:00
Dr. Stephen Henson
c34137bef9
fix leak
2012-03-22 16:28:51 +00:00
Dr. Stephen Henson
914d91c5b3
Submitted by: Markus Friedl <mfriedl@gmail.com>
...
Fix memory leaks in 'goto err' cases.
2012-03-22 15:43:19 +00:00
Dr. Stephen Henson
e733dea3ce
update version to 1.0.1a-dev
2012-03-22 15:18:19 +00:00
Dr. Stephen Henson
78c5d2a9bb
use client version when deciding whether to send supported signature algorithms extension
2012-03-21 21:32:57 +00:00
Dr. Stephen Henson
3bf4e14cc3
Always use SSLv23_{client,server}_method in s_client.c and s_server.c,
...
the old code came from SSLeay days before TLS was even supported.
2012-03-18 18:16:05 +00:00
Andy Polyakov
d68d160cb7
bsaes-x86_64.pl: optimize key conversion [from HEAD].
2012-03-16 21:45:51 +00:00
Dr. Stephen Henson
202cb42fbb
remove trailing slash
2012-03-14 22:20:40 +00:00
Richard Levitte
49f6cb968f
cipher should only be set to PSK if JPAKE is used.
2012-03-14 12:39:00 +00:00
Dr. Stephen Henson
07e120b7da
update STATUS
2012-03-14 12:14:06 +00:00
Dr. Stephen Henson
f3dcae15ac
prepare for 1.0.1 release
2012-03-14 12:04:40 +00:00
Dr. Stephen Henson
25ec498dc7
update NEWS
2012-03-13 22:49:27 +00:00
Andy Polyakov
9cc42cb091
ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER [from HEAD].
2012-03-13 19:21:15 +00:00
Andy Polyakov
bcf9cf89e7
x86_64-xlate.pl: remove old kludge.
...
PR: 2435,2440
2012-03-13 19:19:31 +00:00
Dr. Stephen Henson
f0729fc3e0
corrected fix to PR#2711 and also cover mime_param_cmp
2012-03-12 16:29:47 +00:00
Dr. Stephen Henson
8186c00ef3
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
...
continue with symmetric decryption process to avoid leaking timing
information to an attacker.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 16:27:50 +00:00
Dr. Stephen Henson
c0b31ccb87
PR: 2744
...
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>
CMS support for ccgost engine
2012-03-11 13:40:05 +00:00
Dr. Stephen Henson
267c950c5f
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
...
Add more extension names in s_cb.c extension printing code.
2012-03-09 18:37:41 +00:00
Dr. Stephen Henson
ce1605b508
PR: 2756
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS timeout handling.
2012-03-09 15:52:20 +00:00
Dr. Stephen Henson
66fdb1c0d4
check return value of BIO_write in PKCS7_decrypt
2012-03-08 14:02:51 +00:00
Dr. Stephen Henson
25bfdca16a
PR: 2755
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reduce MTU after failed transmissions.
2012-03-06 13:47:27 +00:00
Dr. Stephen Henson
9c284f9651
PR: 2748
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix possible DTLS timer deadlock.
2012-03-06 13:24:16 +00:00
Andy Polyakov
6d78c381f6
Configure: make no-whirlpool work [from HEAD].
2012-03-03 13:18:06 +00:00
Richard Levitte
784e2080df
On OpenVMS, try sha256 and sha512 et al as well.
2012-03-01 21:29:58 +00:00
Richard Levitte
70505bc334
For OpenVMS, use inttypes.h instead of stdint.h
2012-03-01 21:29:16 +00:00
Dr. Stephen Henson
8e8b247341
PR: 2743
...
Reported by: Dmitry Belyavsky <beldmit@gmail.com>
Fix memory leak if invalid GOST MAC key given.
2012-02-29 14:12:52 +00:00
Dr. Stephen Henson
a8595879ec
PR: 2742
...
Reported by: Dmitry Belyavsky <beldmit@gmail.com>
If resigning with detached content in CMS just copy data across.
2012-02-29 14:01:53 +00:00
Dr. Stephen Henson
33a688e806
Fix memory leak cause by race condition when creating public keys.
...
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-28 14:47:16 +00:00
Andy Polyakov
5c2bfad9b4
x86cpuid.pl: fix processor capability detection on pre-586 [from HEAD].
2012-02-28 14:20:34 +00:00
Dr. Stephen Henson
250f979237
PR: 2736
...
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>
Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
2012-02-27 18:45:18 +00:00
Dr. Stephen Henson
b527b6e8ff
PR: 2737
...
Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>
Fix double free in PKCS12_parse if we run out of memory.
2012-02-27 16:46:45 +00:00
Dr. Stephen Henson
a54ce007e6
PR: 2739
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix padding bugs in Heartbeat support.
2012-02-27 16:38:10 +00:00
Dr. Stephen Henson
4ed1f3490e
PR: 2735
...
Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.
2012-02-27 16:33:25 +00:00
Dr. Stephen Henson
0a082e9b37
free headers after use in error message
2012-02-27 16:27:09 +00:00
Dr. Stephen Henson
236a99a409
Detect symmetric crypto errors in PKCS7_decrypt.
...
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-27 15:22:54 +00:00
Andy Polyakov
04b4363ec8
Configure: remove adding of -D_XPG4_2 -D__EXTENSIONS__ in sctp builds,
...
see corresponding commit to HEAD for details.
2012-02-26 22:03:41 +00:00
Andy Polyakov
37ebc20093
seed.c: Solaris portability fix from HEAD.
2012-02-26 21:53:28 +00:00
Dr. Stephen Henson
cef781cc87
PR: 2730
...
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
VMS fixes: disable SCTP by default.
2012-02-25 17:58:03 +00:00
Dr. Stephen Henson
08e4c7a967
correct CHANGES
2012-02-23 22:13:59 +00:00
Dr. Stephen Henson
697e4edcad
PR: 2711
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Tolerate bad MIME headers in parser.
2012-02-23 21:50:32 +00:00
Dr. Stephen Henson
b26297ca51
PR: 2696
...
Submitted by: Rob Austein <sra@hactrn.net>
Fix inverted range problem in RFC3779 code.
Thanks to Andrew Chi for generating test cases for this bug.
2012-02-23 21:31:22 +00:00
Dr. Stephen Henson
6ca7dba0cf
PR: 2727
...
Submitted by: Bruce Stephens <bruce.stephens@isode.com>
Use same construct for EXHEADER in srp/Makefile as other makefiles to cope
with possibly empty EXHEADER.
2012-02-23 13:49:22 +00:00
Dr. Stephen Henson
f1fa05b407
ABI compliance fixes.
...
Move new structure fields to end of structures.
Import library codes from 1.0.0 and recreate new ones.
2012-02-22 14:01:44 +00:00
Dr. Stephen Henson
02e22c35fe
update NEWS
2012-02-21 14:21:32 +00:00
Dr. Stephen Henson
b935714237
typo
2012-02-17 17:31:32 +00:00
Dr. Stephen Henson
a8314df902
Fix bug in CVE-2011-4619: check we have really received a client hello
...
before rejecting multiple SGC restarts.
2012-02-16 15:25:39 +00:00
Dr. Stephen Henson
0cd7a0325f
Additional compatibility fix for MDC2 signature format.
...
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
2012-02-15 14:14:01 +00:00
Dr. Stephen Henson
16b7c81d55
An incompatibility has always existed between the format used for RSA
...
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.
This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.
Add detection in RSA_verify so either format works.
Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
2012-02-15 14:00:09 +00:00