Dr. Stephen Henson
156421a2af
oops, revert unrelated patches
2012-03-14 13:46:50 +00:00
Dr. Stephen Henson
61ad8262a0
update FAQ, NEWS
2012-03-14 13:44:57 +00:00
Andy Polyakov
5c88dcca5b
ghash-x86.pl: omit unreferenced rem_8bit from no-sse2 build.
2012-03-13 19:43:42 +00:00
Andy Polyakov
d2add2efaa
ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER.
2012-03-13 19:20:55 +00:00
Andy Polyakov
b2ae61ecf2
x86_64-xlate.pl: remove old kludge.
...
PR: 2435,2440
2012-03-13 19:19:08 +00:00
Dr. Stephen Henson
78dfd43955
corrected fix to PR#2711 and also cover mime_param_cmp
2012-03-12 16:32:19 +00:00
Dr. Stephen Henson
146b52edd1
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
...
continue with symmetric decryption process to avoid leaking timing
information to an attacker.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
2012-03-12 16:31:39 +00:00
Dr. Stephen Henson
13747c6fda
update NEWS
2012-03-12 16:23:00 +00:00
Dr. Stephen Henson
174b07be93
PR: 2744
...
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>
CMS support for ccgost engine
2012-03-11 13:40:17 +00:00
Dr. Stephen Henson
15a40af2ed
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
...
Add more extension names in s_cb.c extension printing code.
2012-03-09 18:38:35 +00:00
Dr. Stephen Henson
ea6e386008
PR: 2756
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS timeout handling.
2012-03-09 15:52:33 +00:00
Dr. Stephen Henson
34b61f5a25
check return value of BIO_write in PKCS7_decrypt
2012-03-08 14:10:23 +00:00
Dr. Stephen Henson
e7f8ff4382
New ctrls to retrieve supported signature algorithms and curves and
...
extensions to s_client and s_server to print out retrieved valued.
Extend CERT structure to cache supported signature algorithm data.
2012-03-06 14:28:21 +00:00
Dr. Stephen Henson
62b6948a27
PR: 2755
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reduce MTU after failed transmissions.
2012-03-06 13:47:43 +00:00
Dr. Stephen Henson
0fbf8b9cea
PR: 2748
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix possible DTLS timer deadlock.
2012-03-06 13:26:15 +00:00
Dr. Stephen Henson
d895f7f060
don't do loop check for single self signed certificate
2012-03-05 15:48:13 +00:00
Andy Polyakov
ce0ed3b778
Configure: make no-whirlpool work.
2012-03-03 13:17:47 +00:00
Andy Polyakov
358c372d16
bsaes-armv7.pl: change preferred contact.
2012-03-03 13:04:53 +00:00
Andy Polyakov
c4a52a6dca
Add bit-sliced AES for ARM NEON. This initial version is effectively
...
reference implementation, it does not interface to OpenSSL yet.
2012-03-03 12:33:28 +00:00
Dr. Stephen Henson
797a2a102d
PR: 2743
...
Reported by: Dmitry Belyavsky <beldmit@gmail.com>
Fix memory leak if invalid GOST MAC key given.
2012-02-29 14:13:00 +00:00
Dr. Stephen Henson
3c6a7cd44b
PR: 2742
...
Reported by: Dmitry Belyavsky <beldmit@gmail.com>
If resigning with detached content in CMS just copy data across.
2012-02-29 14:02:02 +00:00
Dr. Stephen Henson
dc4f678cdc
Fix memory leak cause by race condition when creating public keys.
...
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-28 14:47:02 +00:00
Andy Polyakov
0f2ece872d
x86cpuid.pl: fix processor capability detection on pre-586.
2012-02-28 14:20:21 +00:00
Dr. Stephen Henson
68a7b5ae1e
PR: 2736
...
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>
Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.
2012-02-27 18:45:28 +00:00
Dr. Stephen Henson
161c9b4262
PR: 2737
...
Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>
Fix double free in PKCS12_parse if we run out of memory.
2012-02-27 16:46:34 +00:00
Dr. Stephen Henson
57cb030cea
PR: 2739
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix padding bugs in Heartbeat support.
2012-02-27 16:38:24 +00:00
Dr. Stephen Henson
d441e6d8db
PR: 2735
...
Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.
2012-02-27 16:33:34 +00:00
Dr. Stephen Henson
228a8599ff
free headers after use in error message
2012-02-27 16:27:17 +00:00
Dr. Stephen Henson
d16bb406d4
Detect symmetric crypto errors in PKCS7_decrypt.
...
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
2012-02-27 15:22:41 +00:00
Andy Polyakov
f7ef20c5ee
Configure: I remove adding of -D_XPG4_2 -D__EXTENSIONS__ in sctp builds for
...
following reasons:
- it's not the way to engage XPG4v2 mode, defining _XOPEN_SOURCE to
value less than 500 is (see standards(5));
- we need to work out strategy to handle _XOPEN_SOURCE, current state
when we define e.g. _XOPEN_SOURCE to 500 in some files is inappropriate;
- sctp implementation on Solaris is incomplete, in sense that bss_dgram.c
doesn't compile, because not all structures are defined, so that
enabling sctp doesn't work anyway;
2012-02-26 22:02:59 +00:00
Andy Polyakov
d0e68a98c5
seed.c: incredibly enough seed.c can fail to compile on Solaris with certain
...
flags, because SS is defined after inclusion of <stdlib.h>, in <sys/regset.h>
2012-02-26 21:52:43 +00:00
Dr. Stephen Henson
a36fb72584
PR: 2730
...
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
VMS fixes: disable SCTP by default.
2012-02-25 17:59:40 +00:00
Dr. Stephen Henson
8f27a92754
ABI fixes from 1.0.1-stable
2012-02-23 22:25:52 +00:00
Dr. Stephen Henson
6941b7b918
PR: 2711
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Tolerate bad MIME headers in parser.
2012-02-23 21:50:44 +00:00
Dr. Stephen Henson
ef570cc869
PR: 2696
...
Submitted by: Rob Austein <sra@hactrn.net>
Fix inverted range problem in RFC3779 code.
Thanks to Andrew Chi for generating test cases for this bug.
2012-02-23 21:31:37 +00:00
Dr. Stephen Henson
4d3670fa50
PR: 2727
...
Submitted by: Bruce Stephens <bruce.stephens@isode.com>
Use same construct for EXHEADER in srp/Makefile as other makefiles to cope
with possibly empty EXHEADER.
2012-02-23 13:49:35 +00:00
Dr. Stephen Henson
5421196eca
ABI compliance fixes.
...
Move new structure fields to end of structures.
2012-02-22 15:39:54 +00:00
Dr. Stephen Henson
74b4b49494
SSL export fixes (from Adam Langley) [original from 1.0.1]
2012-02-22 15:06:56 +00:00
Dr. Stephen Henson
de2b5b7439
initialise i if n == 0
2012-02-22 15:03:44 +00:00
Dr. Stephen Henson
64095ce9d7
Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
...
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
2012-02-21 14:41:13 +00:00
Dr. Stephen Henson
206310c305
Fix bug in CVE-2011-4619: check we have really received a client hello
...
before rejecting multiple SGC restarts.
2012-02-16 15:26:04 +00:00
Dr. Stephen Henson
5863163732
Additional compatibility fix for MDC2 signature format.
...
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
2012-02-15 14:27:25 +00:00
Dr. Stephen Henson
83cb7c4635
An incompatibility has always existed between the format used for RSA
...
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.
This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.
Add detection in RSA_verify so either format works.
Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
2012-02-15 14:04:00 +00:00
Dr. Stephen Henson
04296664e0
PR: 2713
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Move libraries that are not needed for dynamic linking to Libs.private in
the .pc files
2012-02-12 18:47:47 +00:00
Dr. Stephen Henson
fc7dae5229
PR: 2717
...
Submitted by: Tim Rice <tim@multitalents.net>
Make compilation work on OpenServer 5.0.7
2012-02-11 23:41:19 +00:00
Dr. Stephen Henson
be81f4dd81
PR: 2716
...
Submitted by: Adam Langley <agl@google.com>
Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.
2012-02-11 23:20:53 +00:00
Dr. Stephen Henson
e626c77808
PR: 2703
...
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>
Fix some memory and resource leaks in CAPI ENGINE.
2012-02-11 23:13:10 +00:00
Dr. Stephen Henson
da2a5a79ef
PR: 2705
...
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>
Only create ex_data indices once for CAPI engine.
2012-02-11 23:08:08 +00:00
Dr. Stephen Henson
11eaec9ae4
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Further fixes for use_srtp extension.
2012-02-11 22:53:31 +00:00
Andy Polyakov
cbc0b0ec2d
apps/s_cb.c: recognized latest TLS version.
2012-02-11 13:30:47 +00:00