Dr. Stephen Henson
5421196eca
ABI compliance fixes.
...
Move new structure fields to end of structures.
2012-02-22 15:39:54 +00:00
Dr. Stephen Henson
74b4b49494
SSL export fixes (from Adam Langley) [original from 1.0.1]
2012-02-22 15:06:56 +00:00
Dr. Stephen Henson
de2b5b7439
initialise i if n == 0
2012-02-22 15:03:44 +00:00
Dr. Stephen Henson
64095ce9d7
Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
...
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
2012-02-21 14:41:13 +00:00
Dr. Stephen Henson
206310c305
Fix bug in CVE-2011-4619: check we have really received a client hello
...
before rejecting multiple SGC restarts.
2012-02-16 15:26:04 +00:00
Dr. Stephen Henson
5863163732
Additional compatibility fix for MDC2 signature format.
...
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
2012-02-15 14:27:25 +00:00
Dr. Stephen Henson
83cb7c4635
An incompatibility has always existed between the format used for RSA
...
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.
This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.
Add detection in RSA_verify so either format works.
Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
2012-02-15 14:04:00 +00:00
Dr. Stephen Henson
04296664e0
PR: 2713
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Move libraries that are not needed for dynamic linking to Libs.private in
the .pc files
2012-02-12 18:47:47 +00:00
Dr. Stephen Henson
fc7dae5229
PR: 2717
...
Submitted by: Tim Rice <tim@multitalents.net>
Make compilation work on OpenServer 5.0.7
2012-02-11 23:41:19 +00:00
Dr. Stephen Henson
be81f4dd81
PR: 2716
...
Submitted by: Adam Langley <agl@google.com>
Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.
2012-02-11 23:20:53 +00:00
Dr. Stephen Henson
e626c77808
PR: 2703
...
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>
Fix some memory and resource leaks in CAPI ENGINE.
2012-02-11 23:13:10 +00:00
Dr. Stephen Henson
da2a5a79ef
PR: 2705
...
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>
Only create ex_data indices once for CAPI engine.
2012-02-11 23:08:08 +00:00
Dr. Stephen Henson
11eaec9ae4
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Further fixes for use_srtp extension.
2012-02-11 22:53:31 +00:00
Andy Polyakov
cbc0b0ec2d
apps/s_cb.c: recognized latest TLS version.
2012-02-11 13:30:47 +00:00
Dr. Stephen Henson
1df80b6561
PR: 2704
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Fix srp extension.
2012-02-10 20:08:36 +00:00
Dr. Stephen Henson
3770b988c0
PR: 2710
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Check return codes for load_certs_crls.
2012-02-10 19:54:54 +00:00
Dr. Stephen Henson
9641be2aac
PR: 2714
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Make no-srp work.
2012-02-10 19:43:14 +00:00
Dr. Stephen Henson
f94cfe6a12
only cleanup ctx if we need to, save ctx flags when we do
2012-02-10 16:55:17 +00:00
Dr. Stephen Henson
7951c2699f
add fips blocking overrides to command line utilities
2012-02-10 16:47:40 +00:00
Dr. Stephen Henson
5997efca83
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Fix encoding of use_srtp extension to be compliant with RFC5764
2012-02-10 00:07:18 +00:00
Dr. Stephen Henson
57559471bf
oops, revert unrelated changes
2012-02-09 15:43:58 +00:00
Dr. Stephen Henson
f4e1169341
Modify client hello version when renegotiating to enhance interop with
...
some servers.
2012-02-09 15:42:10 +00:00
Dr. Stephen Henson
febec8ff23
typo
2012-02-02 19:18:24 +00:00
Andy Polyakov
0208ab2e3f
bn_nist.c: make new optimized code dependent on BN_LLONG.
2012-02-02 07:46:05 +00:00
Andy Polyakov
faed798c32
hpux-parisc2-*: engage assembler.
2012-02-02 07:41:29 +00:00
Dr. Stephen Henson
f71c6e52f7
Add support for distinct certificate chains per key type and per SSL
...
structure.
Before this the only way to add a custom chain was in the parent SSL_CTX
(which is shared by all key types and SSL structures) or rely on auto
chain building (which is performed on each handshake) from the trust store.
2012-01-31 14:00:10 +00:00
Dr. Stephen Henson
9ade64dedf
code tidy
2012-01-27 14:21:38 +00:00
Dr. Stephen Henson
c526ed410c
Revise ssl code to use a CERT_PKEY structure when outputting a
...
certificate chain instead of an X509 structure.
This makes it easier to enhance code in future and the chain
output functions have access to the CERT_PKEY structure being
used.
2012-01-26 16:00:34 +00:00
Dr. Stephen Henson
4379d0e457
Tidy/enhance certificate chain output code.
...
New function ssl_add_cert_chain which adds a certificate chain to
SSL internal BUF_MEM. Use this function in ssl3_output_cert_chain
and dtls1_output_cert_chain instead of partly duplicating code.
2012-01-26 15:47:32 +00:00
Dr. Stephen Henson
7568d15acd
allow key agreement for SSL/TLS certificates
2012-01-26 14:57:45 +00:00
Dr. Stephen Henson
08e4ea4884
initialise dh_clnt
2012-01-26 14:37:46 +00:00
Andy Polyakov
98909c1d5b
ghash-x86.pl: engage original MMX version in no-sse2 builds.
2012-01-25 17:56:08 +00:00
Dr. Stephen Henson
ccd395cbcc
add example for DH certificate generation
2012-01-25 16:33:39 +00:00
Dr. Stephen Henson
0d60939515
add support for use of fixed DH client certificates
2012-01-25 14:51:49 +00:00
Dr. Stephen Henson
2ff5ac55c5
oops revert debug change
2012-01-22 13:52:39 +00:00
Dr. Stephen Henson
1db5f356f5
return error if md is NULL
2012-01-22 13:12:14 +00:00
Andy Polyakov
e6903980af
x86_64-xlate.pl: proper solution for RT#2620.
2012-01-21 11:34:53 +00:00
Dr. Stephen Henson
855d29184e
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
...
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 18:15:27 +00:00
Dr. Stephen Henson
ac07bc8602
fix CHANGES entry
2012-01-17 14:20:32 +00:00
Dr. Stephen Henson
8e1dc4d7ca
Support for fixed DH ciphersuites.
...
The cipher definitions of these ciphersuites have been around since SSLeay
but were always disabled. Now OpenSSL supports DH certificates they can be
finally enabled.
Various additional changes were needed to make them work properly: many
unused fixed DH sections of code were untested.
2012-01-16 18:19:14 +00:00
Andy Polyakov
a985410d2d
cryptlib.c: sscanf warning.
2012-01-15 17:13:57 +00:00
Andy Polyakov
0ecedec82d
Fix OPNESSL vs. OPENSSL typos.
...
PR: 2613
Submitted by: Leena Heino
2012-01-15 13:39:10 +00:00
Dr. Stephen Henson
9bd20155ba
fix warning
2012-01-15 13:30:41 +00:00
Andy Polyakov
5d13669a2c
cryptlib.c: make even non-Windows builds "strtoull-agnostic".
2012-01-14 18:46:15 +00:00
Andy Polyakov
adb5a2694a
sha512-sparcv9.pl: work around V8+ warning.
2012-01-13 09:18:05 +00:00
Andy Polyakov
23b93b587b
aes-ppc.pl, sha512-ppc.pl: comply even with Embedded ABI specification
...
(most restrictive about r2 and r13 usage).
2012-01-13 09:16:52 +00:00
Andy Polyakov
a50bce82ec
Sanitize usage of <ctype.h> functions. It's important that characters
...
are passed zero-extended, not sign-extended.
PR: 2682
2012-01-12 16:21:35 +00:00
Andy Polyakov
713f49119f
ec_pmeth.c: fix typo in commentary.
...
PR: 2677
Submitted by: Annue Yousar
2012-01-12 13:22:51 +00:00
Andy Polyakov
677741f87a
doc/apps: formatting fixes.
...
PR: 2683
Submitted by: Annie Yousar
2012-01-11 21:58:19 +00:00
Andy Polyakov
5beb93e114
speed.c: typo in pkey_print_message.
...
PR: 2681
Submitted by: Annie Yousar
2012-01-11 21:48:31 +00:00