Dr. Stephen Henson
16b7c81d55
An incompatibility has always existed between the format used for RSA
...
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.
This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.
Add detection in RSA_verify so either format works.
Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
2012-02-15 14:00:09 +00:00
Dr. Stephen Henson
424ba8b588
PR: 2708
...
Submitted by: Bruce Stephens <bruce.stephens@isode.com>
Translate path separators correctly for $fipsdir in util/mk1mf.pl
2012-02-12 23:20:21 +00:00
Dr. Stephen Henson
bf493e8d62
PR: 2713
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Move libraries that are not needed for dynamic linking to Libs.private in
the .pc files
2012-02-12 18:47:36 +00:00
Dr. Stephen Henson
c714e43c8d
PR: 2717
...
Submitted by: Tim Rice <tim@multitalents.net>
Make compilation work on OpenServer 5.0.7
2012-02-11 23:38:49 +00:00
Dr. Stephen Henson
cdf9d6f6ed
PR: 2716
...
Submitted by: Adam Langley <agl@google.com>
Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.
2012-02-11 23:21:09 +00:00
Dr. Stephen Henson
cc4b48c27c
PR: 2703
...
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>
Fix some memory and resource leaks in CAPI ENGINE.
2012-02-11 23:12:59 +00:00
Dr. Stephen Henson
cac9c92cc0
PR: 2705
...
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>
Only create ex_data indices once for CAPI engine.
2012-02-11 23:07:58 +00:00
Dr. Stephen Henson
d40abf1689
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Further fixes for use_srtp extension.
2012-02-11 22:53:48 +00:00
Andy Polyakov
69e9c69e70
apps/s_cb.c: recognize latest TLS versions [from HEAD].
2012-02-11 13:31:16 +00:00
Dr. Stephen Henson
c489ea7d01
PR: 2704
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Fix srp extension.
2012-02-10 20:08:49 +00:00
Dr. Stephen Henson
26c6857a59
PR: 2710
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check return codes for load_certs_crls.
2012-02-10 19:54:46 +00:00
Dr. Stephen Henson
508bd3d1aa
PR: 2714
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Make no-srp work.
2012-02-10 19:44:00 +00:00
Dr. Stephen Henson
8705846710
only cleanup ctx if we need to, save ctx flags when we do
2012-02-10 16:54:56 +00:00
Dr. Stephen Henson
c944a9696e
add fips hmac option and fips blocking overrides to command line utilities
2012-02-10 16:46:19 +00:00
Dr. Stephen Henson
943cc09d8a
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Fix encoding of use_srtp extension to be compliant with RFC5764
2012-02-10 00:03:37 +00:00
Dr. Stephen Henson
fc6800d19f
Modify client hello version when renegotiating to enhance interop with
...
some servers.
2012-02-09 15:41:44 +00:00
Andy Polyakov
d06f047b04
bn_nist.c: make new optimized code dependent on BN_LLONG [from HEAD].
2012-02-02 07:46:19 +00:00
Andy Polyakov
ddc899bada
hpux-parisc2-*: engage assembler [from HEAD] and make it link.
2012-02-02 07:42:31 +00:00
Andy Polyakov
bd479e25c7
ghash-x86.pl: engage original MMX version in no-sse2 builds [from HEAD].
2012-01-25 17:56:25 +00:00
Andy Polyakov
eaf5bd168e
x86_64-xlate.pl: 1.0.1-specific typo.
2012-01-25 17:50:23 +00:00
Dr. Stephen Henson
d7ecc206ba
only include bn.h once
2012-01-24 23:00:36 +00:00
Dr. Stephen Henson
11ea212e8c
only include evp.h once
2012-01-24 22:59:46 +00:00
Dr. Stephen Henson
cb29d8c11f
only include string.h once
2012-01-24 22:58:46 +00:00
Dr. Stephen Henson
adcea5a043
return error if md is NULL
2012-01-22 13:12:50 +00:00
Andy Polyakov
f02f7c2c4a
cryptlib.c: make even non-Windows builds "strtoull-agnostic" [from HEAD].
2012-01-21 12:18:29 +00:00
Andy Polyakov
a1e44cc14f
x86_64-xlate.pl: proper solution for RT#2620 [from HEAD].
2012-01-21 11:35:20 +00:00
Dr. Stephen Henson
d2d09bf68c
change version to beta3-dev
2012-01-19 17:14:17 +00:00
Dr. Stephen Henson
e2dfb655f7
update files for beta2 release
2012-01-19 15:46:43 +00:00
Dr. Stephen Henson
463e76b63c
prepare for beta2
2012-01-19 15:37:57 +00:00
Dr. Stephen Henson
2dc4b0dbe8
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
...
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 18:14:56 +00:00
Dr. Stephen Henson
7b23c126e6
undef some symbols that cause problems with make depend for fips builds
2012-01-18 01:40:36 +00:00
Dr. Stephen Henson
25e3d2225a
fix CHANGES entry
2012-01-17 14:19:09 +00:00
Andy Polyakov
c8e0b5d7b6
1.0.1-specific OPNESSL vs. OPENSSL typo.
...
PR: 2613
Submitted by: Leena Heino
2012-01-15 13:42:50 +00:00
Andy Polyakov
4fb7e2b445
Fix OPNESSL vs. OPENSSL typos [from HEAD].
...
PR: 2613
Submitted by: Leena Heino
2012-01-15 13:40:21 +00:00
Dr. Stephen Henson
9138e3c061
fix warning
2012-01-15 13:30:52 +00:00
Andy Polyakov
9b2a29660b
Sanitize usage of <ctype.h> functions. It's important that characters
...
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
2012-01-12 16:28:03 +00:00
Andy Polyakov
b7b4a9fa57
sparcv9cap.c: omit unused variable.
2012-01-12 14:19:52 +00:00
Andy Polyakov
1fb07a7de8
doc/apps: formatting fixes [from HEAD].
...
PR: 2683
Submitted by: Annie Yousar
2012-01-11 21:58:42 +00:00
Andy Polyakov
b9cbcaad58
speed.c: typo in pkey_print_message [from HEAD].
...
PR: 2681
Submitted by: Annie Yousar
2012-01-11 21:49:16 +00:00
Andy Polyakov
c6706a6f6c
ecdsa.pod: typo.
...
PR: 2678
Submitted by: Annie Yousar
2012-01-11 21:41:50 +00:00
Andy Polyakov
958e6a75a1
asn1/t_x509.c: fix serial number print, harmonize with a_int.c [from HEAD].
...
PR: 2675
Submitted by: Annie Yousar
2012-01-11 21:12:47 +00:00
Andy Polyakov
397977726c
aes-sparcv9.pl: clean up regexp [from HEAD].
...
PR: 2685
2012-01-11 15:32:08 +00:00
Dr. Stephen Henson
285d9189c7
PR: 2652
...
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
OpenVMS fixes.
2012-01-05 14:30:08 +00:00
Bodo Möller
767d3e0054
Update for 0.9.8s and 1.0.0f.
...
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in the 1.0.1 branch, the actual code is here already.)
2012-01-05 13:46:27 +00:00
Bodo Möller
409d2a1b71
Fix for builds without DTLS support.
...
Submitted by: Brian Carlstrom
2012-01-05 10:22:39 +00:00
Dr. Stephen Henson
e0b9678d7f
PR: 2671
...
Submitted by: steve
Update maximum message size for certifiate verify messages to support
4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.
2012-01-05 00:28:29 +00:00
Dr. Stephen Henson
166dea6ac8
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
...
Reviewed by: steve
Send fatal alert if heartbeat extension has an illegal value.
2012-01-05 00:23:31 +00:00
Dr. Stephen Henson
52bef4d677
disable heartbeats if tlsext disabled
2012-01-05 00:07:34 +00:00
Dr. Stephen Henson
801e5ef840
update CHANGES
2012-01-04 23:53:52 +00:00
Dr. Stephen Henson
0044739ae5
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
...
Reviewed by: steve
Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 23:52:05 +00:00