openssl.git
9 years agoMinor compatibility fixes [from HEAD].
Andy Polyakov [Mon, 16 Apr 2012 17:35:48 +0000 (17:35 +0000)]
Minor compatibility fixes [from HEAD].
PR: 2790
Submitted by: Alexei Khlebnikov

9 years agos3_srvr.c: fix typo [from HEAD].
Andy Polyakov [Sun, 15 Apr 2012 17:23:54 +0000 (17:23 +0000)]
s3_srvr.c: fix typo [from HEAD].
PR: 2538

9 years agoe_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag
Andy Polyakov [Sun, 15 Apr 2012 14:23:26 +0000 (14:23 +0000)]
e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag
countermeasure [from HEAD].

PR: 2778

9 years agos390x asm pack: fix typos.
Andy Polyakov [Thu, 12 Apr 2012 06:46:49 +0000 (06:46 +0000)]
s390x asm pack: fix typos.

9 years agoAdd options to set additional type specific certificate chains to
Dr. Stephen Henson [Wed, 11 Apr 2012 16:54:07 +0000 (16:54 +0000)]
Add options to set additional type specific certificate chains to
s_server.

9 years agouse different variable for chain iteration
Dr. Stephen Henson [Wed, 11 Apr 2012 16:01:20 +0000 (16:01 +0000)]
use different variable for chain iteration

9 years agooops, macro not present in OpenSSL 1.0.2
Dr. Stephen Henson [Wed, 11 Apr 2012 15:10:48 +0000 (15:10 +0000)]
oops, macro not present in OpenSSL 1.0.2

9 years agofix reset fix
Dr. Stephen Henson [Wed, 11 Apr 2012 15:05:33 +0000 (15:05 +0000)]
fix reset fix

9 years agomake reinitialisation work for CMAC
Dr. Stephen Henson [Wed, 11 Apr 2012 12:26:27 +0000 (12:26 +0000)]
make reinitialisation work for CMAC

9 years agoupdate rather ancient EVP digest documentation
Dr. Stephen Henson [Tue, 10 Apr 2012 22:28:13 +0000 (22:28 +0000)]
update rather ancient EVP digest documentation

9 years agoaes-s390x.pl: fix crash in AES_set_decrypt_key in linux32-s390x build [from HEAD].
Andy Polyakov [Mon, 9 Apr 2012 15:12:30 +0000 (15:12 +0000)]
aes-s390x.pl: fix crash in AES_set_decrypt_key in linux32-s390x build [from HEAD].

9 years agoupdate year
Dr. Stephen Henson [Sat, 7 Apr 2012 22:14:16 +0000 (22:14 +0000)]
update year

9 years agorecognise DECLARE_PEM_write_const, update ordinals
Dr. Stephen Henson [Sat, 7 Apr 2012 20:48:12 +0000 (20:48 +0000)]
recognise DECLARE_PEM_write_const, update ordinals
(backport from HEAD)

9 years agotransparently handle X9.42 DH parameters
Dr. Stephen Henson [Sat, 7 Apr 2012 20:42:44 +0000 (20:42 +0000)]
transparently handle X9.42 DH parameters
(backport from HEAD)

9 years agoDocument RFC5114 "generation" options.
Dr. Stephen Henson [Sat, 7 Apr 2012 20:42:17 +0000 (20:42 +0000)]
Document RFC5114 "generation" options.
(backport from HEAD)

9 years agoInitial experimental support for X9.42 DH parameter format to handle
Dr. Stephen Henson [Sat, 7 Apr 2012 20:22:11 +0000 (20:22 +0000)]
Initial experimental support for X9.42 DH parameter format to handle
RFC5114 parameters and X9.42 DH public and private keys.
(backport from HEAD)

9 years agobranches: 1.2.2;
Dr. Stephen Henson [Sat, 7 Apr 2012 17:41:51 +0000 (17:41 +0000)]
branches:  1.2.2;
Correct some parameter values.
(backport from HEAD)

9 years agoUpdate DH_check() to peform sensible checks when q parameter is present.
Dr. Stephen Henson [Sat, 7 Apr 2012 17:40:08 +0000 (17:40 +0000)]
Update DH_check() to peform sensible checks when q parameter is present.
(backport from HEAD)

9 years agoAdd RFC5114 DH parameters to OpenSSL. Add test data to dhtest.
Dr. Stephen Henson [Sat, 7 Apr 2012 12:19:50 +0000 (12:19 +0000)]
Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest.
(backport from HEAD)

9 years agoSubmitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Dr. Stephen Henson [Fri, 6 Apr 2012 20:16:09 +0000 (20:16 +0000)]
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>

Localize client hello extension parsing in t1_lib.c
(backport from HEAD)

9 years agoAdd support for automatic ECDH temporary key parameter selection. When
Dr. Stephen Henson [Fri, 6 Apr 2012 20:15:50 +0000 (20:15 +0000)]
Add support for automatic ECDH temporary key parameter selection. When
enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.
(backport from HEAD)

9 years agoTidy up EC parameter check code: instead of accessing internal structures
Dr. Stephen Henson [Fri, 6 Apr 2012 20:14:53 +0000 (20:14 +0000)]
Tidy up EC parameter check code: instead of accessing internal structures
add utility functions to t1_lib.c to check if EC certificates and parameters
are consistent with peer.
(backport from HEAD)

9 years agoInitial revision of ECC extension handling.
Dr. Stephen Henson [Fri, 6 Apr 2012 20:12:35 +0000 (20:12 +0000)]
Initial revision of ECC extension handling.

Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
(backport from HEAD)

9 years agoNew ctrls to retrieve supported signature algorithms and curves and
Dr. Stephen Henson [Fri, 6 Apr 2012 19:29:49 +0000 (19:29 +0000)]
New ctrls to retrieve supported signature algorithms and curves and
extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.
(backport from HEAD)

9 years agoinitialise i if n == 0
Dr. Stephen Henson [Fri, 6 Apr 2012 17:36:40 +0000 (17:36 +0000)]
initialise i if n == 0
(backport from HEAD)

9 years agoAdd new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
Dr. Stephen Henson [Fri, 6 Apr 2012 17:35:01 +0000 (17:35 +0000)]
Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
(backport from HEAD)

9 years agoAdd support for distinct certificate chains per key type and per SSL
Dr. Stephen Henson [Fri, 6 Apr 2012 17:22:48 +0000 (17:22 +0000)]
Add support for distinct certificate chains per key type and per SSL
structure.

Before this the only way to add a custom chain was in the parent SSL_CTX
(which is shared by all key types and SSL structures) or rely on auto
chain building (which is performed on each handshake) from the trust store.
(backport from HEAD)

9 years agoBackport: code tidy (from HEAD)
Dr. Stephen Henson [Fri, 6 Apr 2012 12:02:43 +0000 (12:02 +0000)]
Backport: code tidy (from HEAD)

9 years agoBackport: Revise ssl code to use CERT_PKEY structure when outputting a certificate...
Dr. Stephen Henson [Fri, 6 Apr 2012 12:00:24 +0000 (12:00 +0000)]
Backport: Revise ssl code to use CERT_PKEY structure when outputting a certificate chain (from HEAD)

9 years agoBackport: tidy/enhance certificate chain output code (from HEAD)
Dr. Stephen Henson [Fri, 6 Apr 2012 11:58:17 +0000 (11:58 +0000)]
Backport: tidy/enhance certificate chain output code (from HEAD)

9 years agoBackport: allow key agreement in SSL/TLS certificates (from HEAD)
Dr. Stephen Henson [Fri, 6 Apr 2012 11:36:35 +0000 (11:36 +0000)]
Backport: allow key agreement in SSL/TLS certificates (from HEAD)

9 years agoBackport: initialise dh_clnt (from HEAD)
Dr. Stephen Henson [Fri, 6 Apr 2012 11:35:45 +0000 (11:35 +0000)]
Backport: initialise dh_clnt (from HEAD)

9 years agoBackport DH client certificate support (from HEAD)
Dr. Stephen Henson [Fri, 6 Apr 2012 11:34:42 +0000 (11:34 +0000)]
Backport DH client certificate support (from HEAD)

9 years agoBackport support for fixed DH ciphersuites (from HEAD)
Dr. Stephen Henson [Fri, 6 Apr 2012 11:33:12 +0000 (11:33 +0000)]
Backport support for fixed DH ciphersuites (from HEAD)

9 years agoaes-armv4.pl: make it more foolproof [inspired by aes-s390x.pl in 1.0.1].
Andy Polyakov [Thu, 5 Apr 2012 08:32:08 +0000 (08:32 +0000)]
aes-armv4.pl: make it more foolproof [inspired by aes-s390x.pl in 1.0.1].

9 years agoaes-s390x.pl: fix endless loop in linux32-s390x build [from 1.0.1].
Andy Polyakov [Thu, 5 Apr 2012 08:17:47 +0000 (08:17 +0000)]
aes-s390x.pl: fix endless loop in linux32-s390x build [from 1.0.1].

9 years agossl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444) [from HEAD].
Andy Polyakov [Wed, 4 Apr 2012 20:50:58 +0000 (20:50 +0000)]
ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444) [from HEAD].
PR: 2778

9 years agoCHANGES: harmonize with 1.0.0 and 1.0.1.
Andy Polyakov [Sat, 31 Mar 2012 18:56:07 +0000 (18:56 +0000)]
CHANGES: harmonize with 1.0.0 and 1.0.1.

9 years agoPR: 2778(part)
Dr. Stephen Henson [Sat, 31 Mar 2012 18:02:53 +0000 (18:02 +0000)]
PR: 2778(part)
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).

9 years agomodes_lcl.h: make it work on i386 [from HEAD].
Andy Polyakov [Sat, 31 Mar 2012 17:03:43 +0000 (17:03 +0000)]
modes_lcl.h: make it work on i386 [from HEAD].
PR: 2780

9 years agovpaes-x86[_64].pl: handle zero length in vpaes_cbc_encrypt [from HEAD].
Andy Polyakov [Sat, 31 Mar 2012 16:55:34 +0000 (16:55 +0000)]
vpaes-x86[_64].pl: handle zero length in vpaes_cbc_encrypt [from HEAD].
PR: 2775

9 years agoutil/cygwin.sh update [from HEAD].
Andy Polyakov [Sat, 31 Mar 2012 11:07:09 +0000 (11:07 +0000)]
util/cygwin.sh update [from HEAD].
PR: 2761
Submitted by: Corinna Vinschen

9 years agobn/bn_gf2m.c: make new BN_GF2m_mod_inv work with BN_DEBUG_RAND [from HEAD].
Andy Polyakov [Fri, 30 Mar 2012 17:41:00 +0000 (17:41 +0000)]
bn/bn_gf2m.c: make new BN_GF2m_mod_inv work with BN_DEBUG_RAND [from HEAD].

9 years agoans1/tasn_prn.c: avoid bool in variable names [from HEAD].
Andy Polyakov [Thu, 29 Mar 2012 19:11:59 +0000 (19:11 +0000)]
ans1/tasn_prn.c: avoid bool in variable names [from HEAD].
PR: 2776

9 years agoperlasm/x86masm.pl: fix last fix [from HEAD].
Andy Polyakov [Thu, 29 Mar 2012 19:11:08 +0000 (19:11 +0000)]
perlasm/x86masm.pl: fix last fix [from HEAD].

9 years agofix leak
Dr. Stephen Henson [Thu, 22 Mar 2012 16:28:21 +0000 (16:28 +0000)]
fix leak

9 years agoSubmitted by: Markus Friedl <mfriedl@gmail.com>
Dr. Stephen Henson [Thu, 22 Mar 2012 15:43:28 +0000 (15:43 +0000)]
Submitted by: Markus Friedl <mfriedl@gmail.com>

Fix memory leaks in 'goto err' cases.

9 years agoset version to 1.0.2-dev
Dr. Stephen Henson [Thu, 22 Mar 2012 15:29:21 +0000 (15:29 +0000)]
set version to 1.0.2-dev

9 years agoThis commit was manufactured by cvs2svn to create branch
cvs2svn [Wed, 21 Mar 2012 21:32:58 +0000 (21:32 +0000)]
This commit was manufactured by cvs2svn to create branch
'OpenSSL_1_0_2-stable'.

9 years agouse client version when deciding whether to send supported signature algorithms extension
Dr. Stephen Henson [Wed, 21 Mar 2012 21:32:57 +0000 (21:32 +0000)]
use client version when deciding whether to send supported signature algorithms extension

9 years agoAlways use SSLv23_{client,server}_method in s_client.c and s_server.c,
Dr. Stephen Henson [Sun, 18 Mar 2012 18:16:05 +0000 (18:16 +0000)]
Always use SSLv23_{client,server}_method in s_client.c and s_server.c,
the old code came from SSLeay days before TLS was even supported.

9 years agobsaes-x86_64.pl: optimize key conversion [from HEAD].
Andy Polyakov [Fri, 16 Mar 2012 21:45:51 +0000 (21:45 +0000)]
bsaes-x86_64.pl: optimize key conversion [from HEAD].

9 years agoremove trailing slash
Dr. Stephen Henson [Wed, 14 Mar 2012 22:20:40 +0000 (22:20 +0000)]
remove trailing slash

9 years agocipher should only be set to PSK if JPAKE is used. OpenSSL_1_0_1
Richard Levitte [Wed, 14 Mar 2012 12:39:00 +0000 (12:39 +0000)]
cipher should only be set to PSK if JPAKE is used.

9 years agoupdate STATUS
Dr. Stephen Henson [Wed, 14 Mar 2012 12:14:06 +0000 (12:14 +0000)]
update STATUS

9 years agoprepare for 1.0.1 release
Dr. Stephen Henson [Wed, 14 Mar 2012 12:04:40 +0000 (12:04 +0000)]
prepare for 1.0.1 release

9 years agoupdate NEWS
Dr. Stephen Henson [Tue, 13 Mar 2012 22:49:27 +0000 (22:49 +0000)]
update NEWS

9 years agossl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER [from HEAD].
Andy Polyakov [Tue, 13 Mar 2012 19:21:15 +0000 (19:21 +0000)]
ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER [from HEAD].

9 years agox86_64-xlate.pl: remove old kludge.
Andy Polyakov [Tue, 13 Mar 2012 19:19:31 +0000 (19:19 +0000)]
x86_64-xlate.pl: remove old kludge.
PR: 2435,2440

9 years agocorrected fix to PR#2711 and also cover mime_param_cmp
Dr. Stephen Henson [Mon, 12 Mar 2012 16:29:47 +0000 (16:29 +0000)]
corrected fix to PR#2711 and also cover mime_param_cmp

9 years agoFix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
Dr. Stephen Henson [Mon, 12 Mar 2012 16:27:50 +0000 (16:27 +0000)]
Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)

9 years agoPR: 2744
Dr. Stephen Henson [Sun, 11 Mar 2012 13:40:05 +0000 (13:40 +0000)]
PR: 2744
Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

CMS support for ccgost engine

9 years agoSubmitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Dr. Stephen Henson [Fri, 9 Mar 2012 18:37:41 +0000 (18:37 +0000)]
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>

Add more extension names in s_cb.c extension printing code.

9 years agoPR: 2756
Dr. Stephen Henson [Fri, 9 Mar 2012 15:52:20 +0000 (15:52 +0000)]
PR: 2756
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.

9 years agocheck return value of BIO_write in PKCS7_decrypt
Dr. Stephen Henson [Thu, 8 Mar 2012 14:02:51 +0000 (14:02 +0000)]
check return value of BIO_write in PKCS7_decrypt

9 years agoPR: 2755
Dr. Stephen Henson [Tue, 6 Mar 2012 13:47:27 +0000 (13:47 +0000)]
PR: 2755
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.

9 years agoPR: 2748
Dr. Stephen Henson [Tue, 6 Mar 2012 13:24:16 +0000 (13:24 +0000)]
PR: 2748
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.

9 years agoConfigure: make no-whirlpool work [from HEAD].
Andy Polyakov [Sat, 3 Mar 2012 13:18:06 +0000 (13:18 +0000)]
Configure: make no-whirlpool work [from HEAD].

9 years agoOn OpenVMS, try sha256 and sha512 et al as well.
Richard Levitte [Thu, 1 Mar 2012 21:29:58 +0000 (21:29 +0000)]
On OpenVMS, try sha256 and sha512 et al as well.

9 years agoFor OpenVMS, use inttypes.h instead of stdint.h
Richard Levitte [Thu, 1 Mar 2012 21:29:16 +0000 (21:29 +0000)]
For OpenVMS, use inttypes.h instead of stdint.h

9 years agoPR: 2743
Dr. Stephen Henson [Wed, 29 Feb 2012 14:12:52 +0000 (14:12 +0000)]
PR: 2743
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

Fix memory leak if invalid GOST MAC key given.

9 years agoPR: 2742
Dr. Stephen Henson [Wed, 29 Feb 2012 14:01:53 +0000 (14:01 +0000)]
PR: 2742
Reported by: Dmitry Belyavsky <beldmit@gmail.com>

If resigning with detached content in CMS just copy data across.

9 years agoFix memory leak cause by race condition when creating public keys.
Dr. Stephen Henson [Tue, 28 Feb 2012 14:47:16 +0000 (14:47 +0000)]
Fix memory leak cause by race condition when creating public keys.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.

9 years agox86cpuid.pl: fix processor capability detection on pre-586 [from HEAD].
Andy Polyakov [Tue, 28 Feb 2012 14:20:34 +0000 (14:20 +0000)]
x86cpuid.pl: fix processor capability detection on pre-586 [from HEAD].

9 years agoPR: 2736
Dr. Stephen Henson [Mon, 27 Feb 2012 18:45:18 +0000 (18:45 +0000)]
PR: 2736
Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.

9 years agoPR: 2737
Dr. Stephen Henson [Mon, 27 Feb 2012 16:46:45 +0000 (16:46 +0000)]
PR: 2737
Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Fix double free in PKCS12_parse if we run out of memory.

9 years agoPR: 2739
Dr. Stephen Henson [Mon, 27 Feb 2012 16:38:10 +0000 (16:38 +0000)]
PR: 2739
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix padding bugs in Heartbeat support.

9 years agoPR: 2735
Dr. Stephen Henson [Mon, 27 Feb 2012 16:33:25 +0000 (16:33 +0000)]
PR: 2735

Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.

9 years agofree headers after use in error message
Dr. Stephen Henson [Mon, 27 Feb 2012 16:27:09 +0000 (16:27 +0000)]
free headers after use in error message

9 years agoDetect symmetric crypto errors in PKCS7_decrypt.
Dr. Stephen Henson [Mon, 27 Feb 2012 15:22:54 +0000 (15:22 +0000)]
Detect symmetric crypto errors in PKCS7_decrypt.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.

9 years agoConfigure: remove adding of -D_XPG4_2 -D__EXTENSIONS__ in sctp builds,
Andy Polyakov [Sun, 26 Feb 2012 22:03:41 +0000 (22:03 +0000)]
Configure: remove adding of -D_XPG4_2 -D__EXTENSIONS__ in sctp builds,
see corresponding commit to HEAD for details.

9 years agoseed.c: Solaris portability fix from HEAD.
Andy Polyakov [Sun, 26 Feb 2012 21:53:28 +0000 (21:53 +0000)]
seed.c: Solaris portability fix from HEAD.

9 years agoPR: 2730
Dr. Stephen Henson [Sat, 25 Feb 2012 17:58:03 +0000 (17:58 +0000)]
PR: 2730
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

VMS fixes: disable SCTP by default.

9 years agocorrect CHANGES OpenSSL_1_0_1-beta3
Dr. Stephen Henson [Thu, 23 Feb 2012 22:13:59 +0000 (22:13 +0000)]
correct CHANGES

9 years agoPR: 2711
Dr. Stephen Henson [Thu, 23 Feb 2012 21:50:32 +0000 (21:50 +0000)]
PR: 2711
Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.

9 years agoPR: 2696
Dr. Stephen Henson [Thu, 23 Feb 2012 21:31:22 +0000 (21:31 +0000)]
PR: 2696
Submitted by: Rob Austein <sra@hactrn.net>

Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.

9 years agoPR: 2727
Dr. Stephen Henson [Thu, 23 Feb 2012 13:49:22 +0000 (13:49 +0000)]
PR: 2727
Submitted by: Bruce Stephens <bruce.stephens@isode.com>

Use same construct for EXHEADER in srp/Makefile as other makefiles to cope
with possibly empty EXHEADER.

9 years agoABI compliance fixes.
Dr. Stephen Henson [Wed, 22 Feb 2012 14:01:44 +0000 (14:01 +0000)]
ABI compliance fixes.

Move new structure fields to end of structures.

Import library codes from 1.0.0 and recreate new ones.

9 years agoupdate NEWS
Dr. Stephen Henson [Tue, 21 Feb 2012 14:21:32 +0000 (14:21 +0000)]
update NEWS

9 years agotypo
Dr. Stephen Henson [Fri, 17 Feb 2012 17:31:32 +0000 (17:31 +0000)]
typo

9 years agoFix bug in CVE-2011-4619: check we have really received a client hello
Dr. Stephen Henson [Thu, 16 Feb 2012 15:25:39 +0000 (15:25 +0000)]
Fix bug in CVE-2011-4619: check we have really received a client hello
before rejecting multiple SGC restarts.

9 years agoAdditional compatibility fix for MDC2 signature format.
Dr. Stephen Henson [Wed, 15 Feb 2012 14:14:01 +0000 (14:14 +0000)]
Additional compatibility fix for MDC2 signature format.

Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.

9 years agoAn incompatibility has always existed between the format used for RSA
Dr. Stephen Henson [Wed, 15 Feb 2012 14:00:09 +0000 (14:00 +0000)]
An incompatibility has always existed between the format used for RSA
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.

This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.

Add detection in RSA_verify so either format works.

Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.

9 years agoPR: 2708
Dr. Stephen Henson [Sun, 12 Feb 2012 23:20:21 +0000 (23:20 +0000)]
PR: 2708
Submitted by: Bruce Stephens <bruce.stephens@isode.com>

Translate path separators correctly for $fipsdir in util/mk1mf.pl

9 years agoPR: 2713
Dr. Stephen Henson [Sun, 12 Feb 2012 18:47:36 +0000 (18:47 +0000)]
PR: 2713
Submitted by: Tomas Mraz <tmraz@redhat.com>

Move libraries that are not needed for dynamic linking to Libs.private in
the .pc files

9 years agoPR: 2717
Dr. Stephen Henson [Sat, 11 Feb 2012 23:38:49 +0000 (23:38 +0000)]
PR: 2717
Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7

9 years agoPR: 2716
Dr. Stephen Henson [Sat, 11 Feb 2012 23:21:09 +0000 (23:21 +0000)]
PR: 2716
Submitted by: Adam Langley <agl@google.com>

Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.

9 years agoPR: 2703
Dr. Stephen Henson [Sat, 11 Feb 2012 23:12:59 +0000 (23:12 +0000)]
PR: 2703
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Fix some memory and resource leaks in CAPI ENGINE.

9 years agoPR: 2705
Dr. Stephen Henson [Sat, 11 Feb 2012 23:07:58 +0000 (23:07 +0000)]
PR: 2705
Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Only create ex_data indices once for CAPI engine.

9 years agoSubmitted by: Eric Rescorla <ekr@rtfm.com>
Dr. Stephen Henson [Sat, 11 Feb 2012 22:53:48 +0000 (22:53 +0000)]
Submitted by: Eric Rescorla <ekr@rtfm.com>

Further fixes for use_srtp extension.