Note that it initially applies to 1.0.2, and not to HEAD. This is
in order to allow development with existing libunbound installations
that are dependent on OpenSSL 1.0.x. More details in RT.
RT: 3003
Reencode certificates in X509_sign_ctx as well as X509_sign.
This was causing a problem in the x509 application when it modified an
existing certificate.
(cherry picked from commit c6d8adb8a45186617e0a8e2c09469bd164b92b31)
While ARMv7 in general is capable of unaligned access, not all instructions
actually are. And trouble is that compiler doesn't seem to differentiate
those capable and incapable of unaligned access. Side effect is that kernel
goes into endless loop retrying same instruction triggering unaligned trap.
Problem was observed in xts128.c and ccm128.c modules. It's possible to
resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT
be feels more appropriate.
(cherry picked from commit 3bdd80521a81d50ade4214053cd9b293f920a77b)
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
(cherry picked from commit 94782e0e9c28bd872107b8f814f4db68c9fbf5ab)
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit 1643edc63c3e15b6db5a15a728bc288f2cc2bbc7)
Add CMS_RecipientInfo_encrypt: this function encrypts an existing content
encryption key to match the key in the RecipientInfo structure: this is
useful if a new recpient is added to and existing enveloped data structure.
Add documentation.
(cherry picked from commit e1f1d28f34cc5cfc87772e0d8331e00137a4a213)
Two example programs one for command line argument processing and
one for configuration file processing.
(cherry picked from commit 3646578ae7e29230d7b05a5487ad12990b2ae688)
Fix some typos and update version number first added: it has now been
backported to OpenSSL 1.0.2.
(cherry picked from commit 4365e4aad97fa37e4a97eb2270a64c03e6547014)
key to the one in a request. This is useful for cases where the public
key cannot be used for signing e.g. DH.
(cherry picked from commit 43206a2d7cc87c959535c0f69e2aa3b364eafd6e)
podlators 2.5.0 has switched to dying on POD syntax errors. This means
that a bunch of long-standing erroneous POD in the openssl documentation
now leads to fatal errors from pod2man, halting installation.
Unfortunately POD constraints mean that you have to sort numeric lists
in ascending order if they start with 1: you cannot do 1, 0, 2 even if
you want 1 to appear first. I've reshuffled such (alas, I wish there
were a better way but I don't know of one).
(cherry picked from commit 5cc270774258149235f69e1789b3370f57b0e27b)
Add description of "allocate and encode" operation for ASN1 routines.
Document how versioning will for after the letter release reaches
y.
(cherry picked from commit 2527b94fec345c0bec58f4c7a810b7b8d0552b17)
The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.
PR:2984
(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)
