Dr. Stephen Henson
57cb030cea
PR: 2739
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix padding bugs in Heartbeat support.
2012-02-27 16:38:24 +00:00
Dr. Stephen Henson
d441e6d8db
PR: 2735
...
Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.
2012-02-27 16:33:34 +00:00
Dr. Stephen Henson
228a8599ff
free headers after use in error message
2012-02-27 16:27:17 +00:00
Dr. Stephen Henson
d16bb406d4
Detect symmetric crypto errors in PKCS7_decrypt.
...
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-27 15:22:41 +00:00
Andy Polyakov
f7ef20c5ee
Configure: I remove adding of -D_XPG4_2 -D__EXTENSIONS__ in sctp builds for
...
following reasons:
- it's not the way to engage XPG4v2 mode, defining _XOPEN_SOURCE to
value less than 500 is (see standards(5));
- we need to work out strategy to handle _XOPEN_SOURCE, current state
when we define e.g. _XOPEN_SOURCE to 500 in some files is inappropriate;
- sctp implementation on Solaris is incomplete, in sense that bss_dgram.c
doesn't compile, because not all structures are defined, so that
enabling sctp doesn't work anyway;
2012-02-26 22:02:59 +00:00
Andy Polyakov
d0e68a98c5
seed.c: incredibly enough seed.c can fail to compile on Solaris with certain
...
flags, because SS is defined after inclusion of <stdlib.h>, in <sys/regset.h>
2012-02-26 21:52:43 +00:00
Dr. Stephen Henson
a36fb72584
PR: 2730
...
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
VMS fixes: disable SCTP by default.
2012-02-25 17:59:40 +00:00
Dr. Stephen Henson
8f27a92754
ABI fixes from 1.0.1-stable
2012-02-23 22:25:52 +00:00
Dr. Stephen Henson
6941b7b918
PR: 2711
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Tolerate bad MIME headers in parser.
2012-02-23 21:50:44 +00:00
Dr. Stephen Henson
ef570cc869
PR: 2696
...
Submitted by: Rob Austein <sra@hactrn.net>
Fix inverted range problem in RFC3779 code.
Thanks to Andrew Chi for generating test cases for this bug.
2012-02-23 21:31:37 +00:00
Dr. Stephen Henson
4d3670fa50
PR: 2727
...
Submitted by: Bruce Stephens <bruce.stephens@isode.com>
Use same construct for EXHEADER in srp/Makefile as other makefiles to cope
with possibly empty EXHEADER.
2012-02-23 13:49:35 +00:00
Dr. Stephen Henson
5421196eca
ABI compliance fixes.
...
Move new structure fields to end of structures.
2012-02-22 15:39:54 +00:00
Dr. Stephen Henson
74b4b49494
SSL export fixes (from Adam Langley) [original from 1.0.1]
2012-02-22 15:06:56 +00:00
Dr. Stephen Henson
de2b5b7439
initialise i if n == 0
2012-02-22 15:03:44 +00:00
Dr. Stephen Henson
64095ce9d7
Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
...
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
2012-02-21 14:41:13 +00:00
Dr. Stephen Henson
206310c305
Fix bug in CVE-2011-4619: check we have really received a client hello
...
before rejecting multiple SGC restarts.
2012-02-16 15:26:04 +00:00
Dr. Stephen Henson
5863163732
Additional compatibility fix for MDC2 signature format.
...
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
2012-02-15 14:27:25 +00:00
Dr. Stephen Henson
83cb7c4635
An incompatibility has always existed between the format used for RSA
...
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.
This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.
Add detection in RSA_verify so either format works.
Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
2012-02-15 14:04:00 +00:00
Dr. Stephen Henson
04296664e0
PR: 2713
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Move libraries that are not needed for dynamic linking to Libs.private in
the .pc files
2012-02-12 18:47:47 +00:00
Dr. Stephen Henson
fc7dae5229
PR: 2717
...
Submitted by: Tim Rice <tim@multitalents.net>
Make compilation work on OpenServer 5.0.7
2012-02-11 23:41:19 +00:00
Dr. Stephen Henson
be81f4dd81
PR: 2716
...
Submitted by: Adam Langley <agl@google.com>
Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.
2012-02-11 23:20:53 +00:00
Dr. Stephen Henson
e626c77808
PR: 2703
...
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>
Fix some memory and resource leaks in CAPI ENGINE.
2012-02-11 23:13:10 +00:00
Dr. Stephen Henson
da2a5a79ef
PR: 2705
...
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>
Only create ex_data indices once for CAPI engine.
2012-02-11 23:08:08 +00:00
Dr. Stephen Henson
11eaec9ae4
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Further fixes for use_srtp extension.
2012-02-11 22:53:31 +00:00
Andy Polyakov
cbc0b0ec2d
apps/s_cb.c: recognized latest TLS version.
2012-02-11 13:30:47 +00:00
Dr. Stephen Henson
1df80b6561
PR: 2704
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Fix srp extension.
2012-02-10 20:08:36 +00:00
Dr. Stephen Henson
3770b988c0
PR: 2710
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check return codes for load_certs_crls.
2012-02-10 19:54:54 +00:00
Dr. Stephen Henson
9641be2aac
PR: 2714
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Make no-srp work.
2012-02-10 19:43:14 +00:00
Dr. Stephen Henson
f94cfe6a12
only cleanup ctx if we need to, save ctx flags when we do
2012-02-10 16:55:17 +00:00
Dr. Stephen Henson
7951c2699f
add fips blocking overrides to command line utilities
2012-02-10 16:47:40 +00:00
Dr. Stephen Henson
5997efca83
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Fix encoding of use_srtp extension to be compliant with RFC5764
2012-02-10 00:07:18 +00:00
Dr. Stephen Henson
57559471bf
oops, revert unrelated changes
2012-02-09 15:43:58 +00:00
Dr. Stephen Henson
f4e1169341
Modify client hello version when renegotiating to enhance interop with
...
some servers.
2012-02-09 15:42:10 +00:00
Dr. Stephen Henson
febec8ff23
typo
2012-02-02 19:18:24 +00:00
Andy Polyakov
0208ab2e3f
bn_nist.c: make new optimized code dependent on BN_LLONG.
2012-02-02 07:46:05 +00:00
Andy Polyakov
faed798c32
hpux-parisc2-*: engage assembler.
2012-02-02 07:41:29 +00:00
Dr. Stephen Henson
f71c6e52f7
Add support for distinct certificate chains per key type and per SSL
...
structure.
Before this the only way to add a custom chain was in the parent SSL_CTX
(which is shared by all key types and SSL structures) or rely on auto
chain building (which is performed on each handshake) from the trust store.
2012-01-31 14:00:10 +00:00
Dr. Stephen Henson
9ade64dedf
code tidy
2012-01-27 14:21:38 +00:00
Dr. Stephen Henson
c526ed410c
Revise ssl code to use a CERT_PKEY structure when outputting a
...
certificate chain instead of an X509 structure.
This makes it easier to enhance code in future and the chain
output functions have access to the CERT_PKEY structure being
used.
2012-01-26 16:00:34 +00:00
Dr. Stephen Henson
4379d0e457
Tidy/enhance certificate chain output code.
...
New function ssl_add_cert_chain which adds a certificate chain to
SSL internal BUF_MEM. Use this function in ssl3_output_cert_chain
and dtls1_output_cert_chain instead of partly duplicating code.
2012-01-26 15:47:32 +00:00
Dr. Stephen Henson
7568d15acd
allow key agreement for SSL/TLS certificates
2012-01-26 14:57:45 +00:00
Dr. Stephen Henson
08e4ea4884
initialise dh_clnt
2012-01-26 14:37:46 +00:00
Andy Polyakov
98909c1d5b
ghash-x86.pl: engage original MMX version in no-sse2 builds.
2012-01-25 17:56:08 +00:00
Dr. Stephen Henson
ccd395cbcc
add example for DH certificate generation
2012-01-25 16:33:39 +00:00
Dr. Stephen Henson
0d60939515
add support for use of fixed DH client certificates
2012-01-25 14:51:49 +00:00
Dr. Stephen Henson
2ff5ac55c5
oops revert debug change
2012-01-22 13:52:39 +00:00
Dr. Stephen Henson
1db5f356f5
return error if md is NULL
2012-01-22 13:12:14 +00:00
Andy Polyakov
e6903980af
x86_64-xlate.pl: proper solution for RT#2620.
2012-01-21 11:34:53 +00:00
Dr. Stephen Henson
855d29184e
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
...
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 18:15:27 +00:00
Dr. Stephen Henson
ac07bc8602
fix CHANGES entry
2012-01-17 14:20:32 +00:00