Dr. Stephen Henson
0a082e9b37
free headers after use in error message
2012-02-27 16:27:09 +00:00
Dr. Stephen Henson
236a99a409
Detect symmetric crypto errors in PKCS7_decrypt.
...
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-27 15:22:54 +00:00
Andy Polyakov
04b4363ec8
Configure: remove adding of -D_XPG4_2 -D__EXTENSIONS__ in sctp builds,
...
see corresponding commit to HEAD for details.
2012-02-26 22:03:41 +00:00
Andy Polyakov
37ebc20093
seed.c: Solaris portability fix from HEAD.
2012-02-26 21:53:28 +00:00
Dr. Stephen Henson
cef781cc87
PR: 2730
...
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
VMS fixes: disable SCTP by default.
2012-02-25 17:58:03 +00:00
Dr. Stephen Henson
08e4c7a967
correct CHANGES
2012-02-23 22:13:59 +00:00
Dr. Stephen Henson
697e4edcad
PR: 2711
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Tolerate bad MIME headers in parser.
2012-02-23 21:50:32 +00:00
Dr. Stephen Henson
b26297ca51
PR: 2696
...
Submitted by: Rob Austein <sra@hactrn.net>
Fix inverted range problem in RFC3779 code.
Thanks to Andrew Chi for generating test cases for this bug.
2012-02-23 21:31:22 +00:00
Dr. Stephen Henson
6ca7dba0cf
PR: 2727
...
Submitted by: Bruce Stephens <bruce.stephens@isode.com>
Use same construct for EXHEADER in srp/Makefile as other makefiles to cope
with possibly empty EXHEADER.
2012-02-23 13:49:22 +00:00
Dr. Stephen Henson
f1fa05b407
ABI compliance fixes.
...
Move new structure fields to end of structures.
Import library codes from 1.0.0 and recreate new ones.
2012-02-22 14:01:44 +00:00
Dr. Stephen Henson
02e22c35fe
update NEWS
2012-02-21 14:21:32 +00:00
Dr. Stephen Henson
b935714237
typo
2012-02-17 17:31:32 +00:00
Dr. Stephen Henson
a8314df902
Fix bug in CVE-2011-4619: check we have really received a client hello
...
before rejecting multiple SGC restarts.
2012-02-16 15:25:39 +00:00
Dr. Stephen Henson
0cd7a0325f
Additional compatibility fix for MDC2 signature format.
...
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
2012-02-15 14:14:01 +00:00
Dr. Stephen Henson
16b7c81d55
An incompatibility has always existed between the format used for RSA
...
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.
This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.
Add detection in RSA_verify so either format works.
Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
2012-02-15 14:00:09 +00:00
Dr. Stephen Henson
424ba8b588
PR: 2708
...
Submitted by: Bruce Stephens <bruce.stephens@isode.com>
Translate path separators correctly for $fipsdir in util/mk1mf.pl
2012-02-12 23:20:21 +00:00
Dr. Stephen Henson
bf493e8d62
PR: 2713
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Move libraries that are not needed for dynamic linking to Libs.private in
the .pc files
2012-02-12 18:47:36 +00:00
Dr. Stephen Henson
c714e43c8d
PR: 2717
...
Submitted by: Tim Rice <tim@multitalents.net>
Make compilation work on OpenServer 5.0.7
2012-02-11 23:38:49 +00:00
Dr. Stephen Henson
cdf9d6f6ed
PR: 2716
...
Submitted by: Adam Langley <agl@google.com>
Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.
2012-02-11 23:21:09 +00:00
Dr. Stephen Henson
cc4b48c27c
PR: 2703
...
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>
Fix some memory and resource leaks in CAPI ENGINE.
2012-02-11 23:12:59 +00:00
Dr. Stephen Henson
cac9c92cc0
PR: 2705
...
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>
Only create ex_data indices once for CAPI engine.
2012-02-11 23:07:58 +00:00
Dr. Stephen Henson
d40abf1689
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Further fixes for use_srtp extension.
2012-02-11 22:53:48 +00:00
Andy Polyakov
69e9c69e70
apps/s_cb.c: recognize latest TLS versions [from HEAD].
2012-02-11 13:31:16 +00:00
Dr. Stephen Henson
c489ea7d01
PR: 2704
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Fix srp extension.
2012-02-10 20:08:49 +00:00
Dr. Stephen Henson
26c6857a59
PR: 2710
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check return codes for load_certs_crls.
2012-02-10 19:54:46 +00:00
Dr. Stephen Henson
508bd3d1aa
PR: 2714
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Make no-srp work.
2012-02-10 19:44:00 +00:00
Dr. Stephen Henson
8705846710
only cleanup ctx if we need to, save ctx flags when we do
2012-02-10 16:54:56 +00:00
Dr. Stephen Henson
c944a9696e
add fips hmac option and fips blocking overrides to command line utilities
2012-02-10 16:46:19 +00:00
Dr. Stephen Henson
943cc09d8a
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Fix encoding of use_srtp extension to be compliant with RFC5764
2012-02-10 00:03:37 +00:00
Dr. Stephen Henson
fc6800d19f
Modify client hello version when renegotiating to enhance interop with
...
some servers.
2012-02-09 15:41:44 +00:00
Andy Polyakov
d06f047b04
bn_nist.c: make new optimized code dependent on BN_LLONG [from HEAD].
2012-02-02 07:46:19 +00:00
Andy Polyakov
ddc899bada
hpux-parisc2-*: engage assembler [from HEAD] and make it link.
2012-02-02 07:42:31 +00:00
Andy Polyakov
bd479e25c7
ghash-x86.pl: engage original MMX version in no-sse2 builds [from HEAD].
2012-01-25 17:56:25 +00:00
Andy Polyakov
eaf5bd168e
x86_64-xlate.pl: 1.0.1-specific typo.
2012-01-25 17:50:23 +00:00
Dr. Stephen Henson
d7ecc206ba
only include bn.h once
2012-01-24 23:00:36 +00:00
Dr. Stephen Henson
11ea212e8c
only include evp.h once
2012-01-24 22:59:46 +00:00
Dr. Stephen Henson
cb29d8c11f
only include string.h once
2012-01-24 22:58:46 +00:00
Dr. Stephen Henson
adcea5a043
return error if md is NULL
2012-01-22 13:12:50 +00:00
Andy Polyakov
f02f7c2c4a
cryptlib.c: make even non-Windows builds "strtoull-agnostic" [from HEAD].
2012-01-21 12:18:29 +00:00
Andy Polyakov
a1e44cc14f
x86_64-xlate.pl: proper solution for RT#2620 [from HEAD].
2012-01-21 11:35:20 +00:00
Dr. Stephen Henson
d2d09bf68c
change version to beta3-dev
2012-01-19 17:14:17 +00:00
Dr. Stephen Henson
e2dfb655f7
update files for beta2 release
2012-01-19 15:46:43 +00:00
Dr. Stephen Henson
463e76b63c
prepare for beta2
2012-01-19 15:37:57 +00:00
Dr. Stephen Henson
2dc4b0dbe8
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
...
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 18:14:56 +00:00
Dr. Stephen Henson
7b23c126e6
undef some symbols that cause problems with make depend for fips builds
2012-01-18 01:40:36 +00:00
Dr. Stephen Henson
25e3d2225a
fix CHANGES entry
2012-01-17 14:19:09 +00:00
Andy Polyakov
c8e0b5d7b6
1.0.1-specific OPNESSL vs. OPENSSL typo.
...
PR: 2613
Submitted by: Leena Heino
2012-01-15 13:42:50 +00:00
Andy Polyakov
4fb7e2b445
Fix OPNESSL vs. OPENSSL typos [from HEAD].
...
PR: 2613
Submitted by: Leena Heino
2012-01-15 13:40:21 +00:00
Dr. Stephen Henson
9138e3c061
fix warning
2012-01-15 13:30:52 +00:00
Andy Polyakov
9b2a29660b
Sanitize usage of <ctype.h> functions. It's important that characters
...
are passed zero-extended, not sign-extended [from HEAD].
PR: 2682
2012-01-12 16:28:03 +00:00