Andy Polyakov
9cc42cb091
ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER [from HEAD].
2012-03-13 19:21:15 +00:00
Andy Polyakov
bcf9cf89e7
x86_64-xlate.pl: remove old kludge.
...
PR: 2435,2440
2012-03-13 19:19:31 +00:00
Dr. Stephen Henson
f0729fc3e0
corrected fix to PR#2711 and also cover mime_param_cmp
2012-03-12 16:29:47 +00:00
Dr. Stephen Henson
8186c00ef3
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
...
continue with symmetric decryption process to avoid leaking timing
information to an attacker.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 16:27:50 +00:00
Dr. Stephen Henson
c0b31ccb87
PR: 2744
...
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>
CMS support for ccgost engine
2012-03-11 13:40:05 +00:00
Dr. Stephen Henson
267c950c5f
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
...
Add more extension names in s_cb.c extension printing code.
2012-03-09 18:37:41 +00:00
Dr. Stephen Henson
ce1605b508
PR: 2756
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS timeout handling.
2012-03-09 15:52:20 +00:00
Dr. Stephen Henson
66fdb1c0d4
check return value of BIO_write in PKCS7_decrypt
2012-03-08 14:02:51 +00:00
Dr. Stephen Henson
25bfdca16a
PR: 2755
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reduce MTU after failed transmissions.
2012-03-06 13:47:27 +00:00
Dr. Stephen Henson
9c284f9651
PR: 2748
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix possible DTLS timer deadlock.
2012-03-06 13:24:16 +00:00
Andy Polyakov
6d78c381f6
Configure: make no-whirlpool work [from HEAD].
2012-03-03 13:18:06 +00:00
Richard Levitte
784e2080df
On OpenVMS, try sha256 and sha512 et al as well.
2012-03-01 21:29:58 +00:00
Richard Levitte
70505bc334
For OpenVMS, use inttypes.h instead of stdint.h
2012-03-01 21:29:16 +00:00
Dr. Stephen Henson
8e8b247341
PR: 2743
...
Reported by: Dmitry Belyavsky <beldmit@gmail.com>
Fix memory leak if invalid GOST MAC key given.
2012-02-29 14:12:52 +00:00
Dr. Stephen Henson
a8595879ec
PR: 2742
...
Reported by: Dmitry Belyavsky <beldmit@gmail.com>
If resigning with detached content in CMS just copy data across.
2012-02-29 14:01:53 +00:00
Dr. Stephen Henson
33a688e806
Fix memory leak cause by race condition when creating public keys.
...
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-28 14:47:16 +00:00
Andy Polyakov
5c2bfad9b4
x86cpuid.pl: fix processor capability detection on pre-586 [from HEAD].
2012-02-28 14:20:34 +00:00
Dr. Stephen Henson
250f979237
PR: 2736
...
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>
Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
2012-02-27 18:45:18 +00:00
Dr. Stephen Henson
b527b6e8ff
PR: 2737
...
Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>
Fix double free in PKCS12_parse if we run out of memory.
2012-02-27 16:46:45 +00:00
Dr. Stephen Henson
a54ce007e6
PR: 2739
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix padding bugs in Heartbeat support.
2012-02-27 16:38:10 +00:00
Dr. Stephen Henson
4ed1f3490e
PR: 2735
...
Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.
2012-02-27 16:33:25 +00:00
Dr. Stephen Henson
0a082e9b37
free headers after use in error message
2012-02-27 16:27:09 +00:00
Dr. Stephen Henson
236a99a409
Detect symmetric crypto errors in PKCS7_decrypt.
...
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-27 15:22:54 +00:00
Andy Polyakov
04b4363ec8
Configure: remove adding of -D_XPG4_2 -D__EXTENSIONS__ in sctp builds,
...
see corresponding commit to HEAD for details.
2012-02-26 22:03:41 +00:00
Andy Polyakov
37ebc20093
seed.c: Solaris portability fix from HEAD.
2012-02-26 21:53:28 +00:00
Dr. Stephen Henson
cef781cc87
PR: 2730
...
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
VMS fixes: disable SCTP by default.
2012-02-25 17:58:03 +00:00
Dr. Stephen Henson
08e4c7a967
correct CHANGES
2012-02-23 22:13:59 +00:00
Dr. Stephen Henson
697e4edcad
PR: 2711
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Tolerate bad MIME headers in parser.
2012-02-23 21:50:32 +00:00
Dr. Stephen Henson
b26297ca51
PR: 2696
...
Submitted by: Rob Austein <sra@hactrn.net>
Fix inverted range problem in RFC3779 code.
Thanks to Andrew Chi for generating test cases for this bug.
2012-02-23 21:31:22 +00:00
Dr. Stephen Henson
6ca7dba0cf
PR: 2727
...
Submitted by: Bruce Stephens <bruce.stephens@isode.com>
Use same construct for EXHEADER in srp/Makefile as other makefiles to cope
with possibly empty EXHEADER.
2012-02-23 13:49:22 +00:00
Dr. Stephen Henson
f1fa05b407
ABI compliance fixes.
...
Move new structure fields to end of structures.
Import library codes from 1.0.0 and recreate new ones.
2012-02-22 14:01:44 +00:00
Dr. Stephen Henson
02e22c35fe
update NEWS
2012-02-21 14:21:32 +00:00
Dr. Stephen Henson
b935714237
typo
2012-02-17 17:31:32 +00:00
Dr. Stephen Henson
a8314df902
Fix bug in CVE-2011-4619: check we have really received a client hello
...
before rejecting multiple SGC restarts.
2012-02-16 15:25:39 +00:00
Dr. Stephen Henson
0cd7a0325f
Additional compatibility fix for MDC2 signature format.
...
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
2012-02-15 14:14:01 +00:00
Dr. Stephen Henson
16b7c81d55
An incompatibility has always existed between the format used for RSA
...
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.
This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.
Add detection in RSA_verify so either format works.
Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
2012-02-15 14:00:09 +00:00
Dr. Stephen Henson
424ba8b588
PR: 2708
...
Submitted by: Bruce Stephens <bruce.stephens@isode.com>
Translate path separators correctly for $fipsdir in util/mk1mf.pl
2012-02-12 23:20:21 +00:00
Dr. Stephen Henson
bf493e8d62
PR: 2713
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Move libraries that are not needed for dynamic linking to Libs.private in
the .pc files
2012-02-12 18:47:36 +00:00
Dr. Stephen Henson
c714e43c8d
PR: 2717
...
Submitted by: Tim Rice <tim@multitalents.net>
Make compilation work on OpenServer 5.0.7
2012-02-11 23:38:49 +00:00
Dr. Stephen Henson
cdf9d6f6ed
PR: 2716
...
Submitted by: Adam Langley <agl@google.com>
Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.
2012-02-11 23:21:09 +00:00
Dr. Stephen Henson
cc4b48c27c
PR: 2703
...
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>
Fix some memory and resource leaks in CAPI ENGINE.
2012-02-11 23:12:59 +00:00
Dr. Stephen Henson
cac9c92cc0
PR: 2705
...
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>
Only create ex_data indices once for CAPI engine.
2012-02-11 23:07:58 +00:00
Dr. Stephen Henson
d40abf1689
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Further fixes for use_srtp extension.
2012-02-11 22:53:48 +00:00
Andy Polyakov
69e9c69e70
apps/s_cb.c: recognize latest TLS versions [from HEAD].
2012-02-11 13:31:16 +00:00
Dr. Stephen Henson
c489ea7d01
PR: 2704
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Fix srp extension.
2012-02-10 20:08:49 +00:00
Dr. Stephen Henson
26c6857a59
PR: 2710
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check return codes for load_certs_crls.
2012-02-10 19:54:46 +00:00
Dr. Stephen Henson
508bd3d1aa
PR: 2714
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Make no-srp work.
2012-02-10 19:44:00 +00:00
Dr. Stephen Henson
8705846710
only cleanup ctx if we need to, save ctx flags when we do
2012-02-10 16:54:56 +00:00
Dr. Stephen Henson
c944a9696e
add fips hmac option and fips blocking overrides to command line utilities
2012-02-10 16:46:19 +00:00
Dr. Stephen Henson
943cc09d8a
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Fix encoding of use_srtp extension to be compliant with RFC5764
2012-02-10 00:03:37 +00:00