oweals/openssl.git
17 years agoOnly give warning if relevant options are given.
Dr. Stephen Henson [Thu, 22 Feb 2007 01:51:34 +0000 (01:51 +0000)]
Only give warning if relevant options are given.

17 years agoUpdate NEWS file.
Dr. Stephen Henson [Thu, 22 Feb 2007 01:36:15 +0000 (01:36 +0000)]
Update NEWS file.

17 years agoInclude big warning message if test fipscanister.o compilation option used.
Dr. Stephen Henson [Wed, 21 Feb 2007 18:16:25 +0000 (18:16 +0000)]
Include big warning message if test fipscanister.o compilation option used.

17 years agoFix incorrect handling of special characters.
Lutz Jänicke [Wed, 21 Feb 2007 17:44:08 +0000 (17:44 +0000)]
Fix incorrect handling of special characters.
PR: 1459
Submitted by: tnitschke@innominate.com
Reviewed by: steve@openssl.org

17 years agoCleanse PEM buffers before freeing them.
Dr. Stephen Henson [Wed, 21 Feb 2007 13:48:09 +0000 (13:48 +0000)]
Cleanse PEM buffers before freeing them.

Submitted by: Benjamin Bennett <ben@psc.edu>

17 years agoInclude "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
Bodo Möller [Mon, 19 Feb 2007 18:35:45 +0000 (18:35 +0000)]
Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.

17 years agofix incorrect strength bit values for certain Kerberos ciphersuites
Bodo Möller [Mon, 19 Feb 2007 14:45:57 +0000 (14:45 +0000)]
fix incorrect strength bit values for certain Kerberos ciphersuites

Submitted by: Victor Duchovni

17 years agoSome fixes for ciphersuite string processing:
Bodo Möller [Sat, 17 Feb 2007 06:53:10 +0000 (06:53 +0000)]
Some fixes for ciphersuite string processing:

- add a workaround provided by Victor Duchovni so that 128- and
  256-bit variants of otherwise identical ciphersuites are treated
  correctly;

- also, correctly skip invalid parts of ciphersuite description strings.

Submitted by: Victor Duchovni, Bodo Moeller

17 years agoUpdate from fips2 branch.
Dr. Stephen Henson [Sat, 3 Feb 2007 17:33:30 +0000 (17:33 +0000)]
Update from fips2 branch.

17 years agofix documentation
Nils Larsch [Sat, 3 Feb 2007 10:27:06 +0000 (10:27 +0000)]
fix documentation

PR: 1466

17 years agoDon't call OPENSSL_free() on sig, DSA_free() has already freed it.
Dr. Stephen Henson [Tue, 23 Jan 2007 18:25:01 +0000 (18:25 +0000)]
Don't call OPENSSL_free() on sig, DSA_free() has already freed it.

17 years agoTypo.
Dr. Stephen Henson [Tue, 23 Jan 2007 18:21:12 +0000 (18:21 +0000)]
Typo.

17 years agoConstify tag table.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:53:01 +0000 (17:53 +0000)]
Constify tag table.

17 years agoTo reduce FIPS dependencies don't load error strings and avoid use of ASN1
Dr. Stephen Henson [Tue, 23 Jan 2007 17:51:08 +0000 (17:51 +0000)]
To reduce FIPS dependencies don't load error strings and avoid use of ASN1
versions of DSA signature functions.

17 years agoMove some DSA functions between files to make it possible to use the DSA
Dr. Stephen Henson [Tue, 23 Jan 2007 17:43:57 +0000 (17:43 +0000)]
Move some DSA functions between files to make it possible to use the DSA
crypto without ASN1 dependency.

17 years agoRewrite AES/DES algorithm test programs to only use low level API.
Dr. Stephen Henson [Tue, 23 Jan 2007 01:40:28 +0000 (01:40 +0000)]
Rewrite AES/DES algorithm test programs to only use low level API.

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Sun, 21 Jan 2007 16:02:37 +0000 (16:02 +0000)]
Update from HEAD.

17 years agoOops...
Dr. Stephen Henson [Sun, 21 Jan 2007 14:05:43 +0000 (14:05 +0000)]
Oops...

17 years agoMake FIPS algorithm tests compile in none-FIPS mode.
Dr. Stephen Henson [Sun, 21 Jan 2007 13:59:17 +0000 (13:59 +0000)]
Make FIPS algorithm tests compile in none-FIPS mode.

17 years agoUpdate fips_test_suite source.
Dr. Stephen Henson [Sun, 21 Jan 2007 13:37:48 +0000 (13:37 +0000)]
Update fips_test_suite source.

17 years agoLink fips utilities only against fipscanister.o
Dr. Stephen Henson [Sat, 20 Jan 2007 18:49:05 +0000 (18:49 +0000)]
Link fips utilities only against fipscanister.o

17 years agoUser cleaner way to handle new options for VC++ build.
Dr. Stephen Henson [Fri, 19 Jan 2007 13:17:52 +0000 (13:17 +0000)]
User cleaner way to handle new options for VC++ build.

17 years agoUpadte from HEAD.
Dr. Stephen Henson [Thu, 18 Jan 2007 21:27:29 +0000 (21:27 +0000)]
Upadte from HEAD.

17 years agoExpanded boundary support for VC++ build.
Dr. Stephen Henson [Thu, 18 Jan 2007 18:44:41 +0000 (18:44 +0000)]
Expanded boundary support for VC++ build.

17 years agoExpand security boundary to match 1.1.1 module.
Dr. Stephen Henson [Thu, 18 Jan 2007 13:29:15 +0000 (13:29 +0000)]
Expand security boundary to match 1.1.1 module.

17 years agoInitial support for new build options under WIN32 and VC++.
Dr. Stephen Henson [Wed, 17 Jan 2007 17:12:17 +0000 (17:12 +0000)]
Initial support for new build options under WIN32 and VC++.

17 years agoRemove debugging echo.
Dr. Stephen Henson [Tue, 16 Jan 2007 19:45:14 +0000 (19:45 +0000)]
Remove debugging echo.

17 years agoAdd options to allow fipscanister to be built and linked against internally.
Dr. Stephen Henson [Tue, 16 Jan 2007 19:30:21 +0000 (19:30 +0000)]
Add options to allow fipscanister to be built and linked against internally.

17 years agoMore fixes to build/fipsld to handle detached fips_premain.c detached sig.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:39:58 +0000 (17:39 +0000)]
More fixes to build/fipsld to handle detached fips_premain.c detached sig.

17 years agoRemove deleted fipshashes.[co] from Makefile.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:14:50 +0000 (17:14 +0000)]
Remove deleted fipshashes.[co] from Makefile.

17 years ago$(FIPSCHECK) no longer used.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:03:30 +0000 (17:03 +0000)]
$(FIPSCHECK) no longer used.

17 years agoUpdate .cvsignore.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:37:07 +0000 (14:37 +0000)]
Update .cvsignore.

17 years agoUpdate .cvsignore
Dr. Stephen Henson [Tue, 16 Jan 2007 14:34:22 +0000 (14:34 +0000)]
Update .cvsignore

17 years agoUse correct perl script name in mkfipsscr.pl output.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:32:14 +0000 (14:32 +0000)]
Use correct perl script name in mkfipsscr.pl output.

17 years agoUpdate fipsld to use external signature for fips_premain.c . Update build system
Dr. Stephen Henson [Tue, 16 Jan 2007 14:06:33 +0000 (14:06 +0000)]
Update fipsld to use external signature for fips_premain.c . Update build system
remove redundant source file hash checks.

17 years agoDon't use deprecated -mcpu option.
Dr. Stephen Henson [Tue, 16 Jan 2007 13:48:16 +0000 (13:48 +0000)]
Don't use deprecated -mcpu option.

17 years agoOops...
Dr. Stephen Henson [Mon, 15 Jan 2007 00:29:39 +0000 (00:29 +0000)]
Oops...

17 years agoPerl script to build shell scripts and batch files to run algorithm test programs.
Dr. Stephen Henson [Mon, 15 Jan 2007 00:25:59 +0000 (00:25 +0000)]
Perl script to build shell scripts and batch files to run algorithm test programs.

17 years agoMake algorithm test programs tolerate whitespace in input files.
Dr. Stephen Henson [Sun, 14 Jan 2007 17:01:31 +0000 (17:01 +0000)]
Make algorithm test programs tolerate whitespace in input files.

17 years agoUpdate to new home page
Lutz Jänicke [Fri, 12 Jan 2007 18:48:00 +0000 (18:48 +0000)]
Update to new home page

17 years agoRemove 'done' variable since it stops error codes being reloaded.
Dr. Stephen Henson [Thu, 7 Dec 2006 13:23:22 +0000 (13:23 +0000)]
Remove 'done' variable since it stops error codes being reloaded.

17 years agofix no-ssl2 build
Nils Larsch [Wed, 6 Dec 2006 16:52:55 +0000 (16:52 +0000)]
fix no-ssl2 build

17 years agofix function names in RSAerr calls
Nils Larsch [Mon, 4 Dec 2006 20:41:46 +0000 (20:41 +0000)]
fix function names in RSAerr calls

PR: 1403

17 years agofix support for receiving fragmented handshake messages
Bodo Möller [Wed, 29 Nov 2006 14:44:07 +0000 (14:44 +0000)]
fix support for receiving fragmented handshake messages

18 years agoRebuild error source files.
Dr. Stephen Henson [Tue, 21 Nov 2006 19:27:19 +0000 (19:27 +0000)]
Rebuild error source files.

18 years agoUse error table to determine if errors should be loaded.
Dr. Stephen Henson [Tue, 21 Nov 2006 19:19:09 +0000 (19:19 +0000)]
Use error table to determine if errors should be loaded.

18 years agoFix from HEAD.
Dr. Stephen Henson [Mon, 13 Nov 2006 13:23:33 +0000 (13:23 +0000)]
Fix from HEAD.

18 years agoInitialise ctx to NULL to avoid uninitialized free, noticed by
Mark J. Cox [Fri, 29 Sep 2006 08:20:11 +0000 (08:20 +0000)]
Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan

18 years agoOops, some changes forgotten...
Richard Levitte [Thu, 28 Sep 2006 19:48:48 +0000 (19:48 +0000)]
Oops, some changes forgotten...

18 years agoAfter tagging, open up 0.9.7m-dev
Mark J. Cox [Thu, 28 Sep 2006 12:00:30 +0000 (12:00 +0000)]
After tagging, open up 0.9.7m-dev

18 years agoPrepare for 0.9.7l release OpenSSL_0_9_7l
Mark J. Cox [Thu, 28 Sep 2006 11:56:57 +0000 (11:56 +0000)]
Prepare for 0.9.7l release

18 years agoIntroduce limits to prevent malicious keys being able to
Mark J. Cox [Thu, 28 Sep 2006 11:53:51 +0000 (11:53 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

18 years agoFix from HEAD.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:15:04 +0000 (17:15 +0000)]
Fix from HEAD.

18 years agoFix from head.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:06:51 +0000 (17:06 +0000)]
Fix from head.

18 years agoEnsure that the addition mods[i]+delta cannot overflow in probable_prime().
Bodo Möller [Tue, 19 Sep 2006 10:00:29 +0000 (10:00 +0000)]
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().

[Problem pointed out by Adam Young <adamy (at) acm.org>]

18 years agoBackport from HEAD: fix ciphersuite selection
Bodo Möller [Tue, 12 Sep 2006 14:41:50 +0000 (14:41 +0000)]
Backport from HEAD: fix ciphersuite selection

18 years agomake consistent with 0.9.8-branch version of this file
Bodo Möller [Wed, 6 Sep 2006 06:41:32 +0000 (06:41 +0000)]
make consistent with 0.9.8-branch version of this file

18 years agoDon't forget to put back the -dev
Mark J. Cox [Tue, 5 Sep 2006 08:46:18 +0000 (08:46 +0000)]
Don't forget to put back the -dev

18 years agoBump for 0.9.7l-dev
Mark J. Cox [Tue, 5 Sep 2006 08:38:12 +0000 (08:38 +0000)]
Bump for 0.9.7l-dev

18 years agoPrepare 0.9.7k release OpenSSL_0_9_7k
Mark J. Cox [Tue, 5 Sep 2006 08:34:07 +0000 (08:34 +0000)]
Prepare 0.9.7k release

18 years agoAvoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
Mark J. Cox [Tue, 5 Sep 2006 08:24:14 +0000 (08:24 +0000)]
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)  [Ben Laurie and Google Security Team]

Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson

18 years agoUpdate from HEAD.
Dr. Stephen Henson [Thu, 31 Aug 2006 20:11:30 +0000 (20:11 +0000)]
Update from HEAD.

18 years agoFix from HEAD. Except we can't stream multipart/signed in 0.9.7 so that case
Dr. Stephen Henson [Thu, 13 Jul 2006 20:36:51 +0000 (20:36 +0000)]
Fix from HEAD. Except we can't stream multipart/signed in 0.9.7 so that case
still rewinds the stream.

18 years agoFix from HEAD.
Dr. Stephen Henson [Sun, 9 Jul 2006 12:05:10 +0000 (12:05 +0000)]
Fix from HEAD.

18 years agodocumentation for "HIGH" vs. "MEDIUM" was not up-to-date
Bodo Möller [Fri, 30 Jun 2006 22:03:18 +0000 (22:03 +0000)]
documentation for "HIGH" vs. "MEDIUM" was not up-to-date

18 years agouse <poll.h> as by Single Unix Specification
Bodo Möller [Fri, 30 Jun 2006 08:15:13 +0000 (08:15 +0000)]
use <poll.h> as by Single Unix Specification

18 years agoalways read if we can't use select because of a too large FD
Bodo Möller [Wed, 28 Jun 2006 14:49:39 +0000 (14:49 +0000)]
always read if we can't use select because of a too large FD
(it's non-blocking mode anyway)

18 years agoMitigate the hazard of cache-collision timing attack on last round
Andy Polyakov [Wed, 28 Jun 2006 08:57:22 +0000 (08:57 +0000)]
Mitigate the hazard of cache-collision timing attack on last round
[from HEAD].

18 years agoUse poll() when possible to gather Unix randomness entropy
Richard Levitte [Tue, 27 Jun 2006 06:31:48 +0000 (06:31 +0000)]
Use poll() when possible to gather Unix randomness entropy

18 years agoBe more explicit about requirements for multi-threading.
Bodo Möller [Fri, 23 Jun 2006 14:59:43 +0000 (14:59 +0000)]
Be more explicit about requirements for multi-threading.

18 years agoSynchronise with the Unix build
Richard Levitte [Wed, 21 Jun 2006 05:08:36 +0000 (05:08 +0000)]
Synchronise with the Unix build

18 years agoPlace hex_to_string and string_to_hex in separate source file to avoid
Dr. Stephen Henson [Tue, 20 Jun 2006 18:06:40 +0000 (18:06 +0000)]
Place hex_to_string and string_to_hex in separate source file to avoid
dragging in extra dependencies when just these functions are used.

18 years agoThread-safety fixes
Bodo Möller [Fri, 16 Jun 2006 01:01:34 +0000 (01:01 +0000)]
Thread-safety fixes

18 years agoDisable invalid ciphersuites
Bodo Möller [Wed, 14 Jun 2006 17:51:36 +0000 (17:51 +0000)]
Disable invalid ciphersuites

18 years agoThread-safety fixes
Bodo Möller [Wed, 14 Jun 2006 08:50:11 +0000 (08:50 +0000)]
Thread-safety fixes

18 years agoFix from head.
Dr. Stephen Henson [Wed, 17 May 2006 18:25:38 +0000 (18:25 +0000)]
Fix from head.

18 years agoFix from HEAD.
Dr. Stephen Henson [Wed, 17 May 2006 18:20:53 +0000 (18:20 +0000)]
Fix from HEAD.

18 years agoUpdate for next dev version.
Dr. Stephen Henson [Thu, 4 May 2006 13:08:01 +0000 (13:08 +0000)]
Update for next dev version.

18 years agoPrepare for release OpenSSL_0_9_7j
Dr. Stephen Henson [Thu, 4 May 2006 12:52:59 +0000 (12:52 +0000)]
Prepare for release

18 years agomake update
Dr. Stephen Henson [Thu, 4 May 2006 12:32:36 +0000 (12:32 +0000)]
make update

18 years agoUse new fips-1.0 directory in error library.
Dr. Stephen Henson [Thu, 4 May 2006 12:09:04 +0000 (12:09 +0000)]
Use new fips-1.0 directory in error library.

18 years agoUpdate CHANGES.
Dr. Stephen Henson [Thu, 4 May 2006 11:16:20 +0000 (11:16 +0000)]
Update CHANGES.

18 years agoAdd new --with-baseaddr command line option to allow the FIPS base address of
Dr. Stephen Henson [Mon, 24 Apr 2006 13:32:58 +0000 (13:32 +0000)]
Add new --with-baseaddr command line option to allow the FIPS base address of
libeay32.dll to be explicitly specified.

18 years agoCheck pbe2->keyfunc->parameter is not NULL before dereferencing.
Dr. Stephen Henson [Sat, 15 Apr 2006 17:42:46 +0000 (17:42 +0000)]
Check pbe2->keyfunc->parameter is not NULL before dereferencing.

PR: 1316

18 years agoTypos.
Dr. Stephen Henson [Fri, 7 Apr 2006 00:15:44 +0000 (00:15 +0000)]
Typos.

18 years agoLink _chkstk.o from FIPSLIB_D.
Dr. Stephen Henson [Fri, 7 Apr 2006 00:04:37 +0000 (00:04 +0000)]
Link _chkstk.o from FIPSLIB_D.

18 years agoChange chop to chomp when reading lines, so CRLF is properly processed on
Richard Levitte [Mon, 3 Apr 2006 09:15:27 +0000 (09:15 +0000)]
Change chop to chomp when reading lines, so CRLF is properly processed on
the operating systems where they are the normal line endings

18 years agoCheck flag before calling FIPS_dsa_check().
Dr. Stephen Henson [Fri, 31 Mar 2006 22:44:20 +0000 (22:44 +0000)]
Check flag before calling FIPS_dsa_check().

18 years agoFlag to allow use of DSA_METHOD in FIPS mode.
Dr. Stephen Henson [Fri, 31 Mar 2006 17:09:46 +0000 (17:09 +0000)]
Flag to allow use of DSA_METHOD in FIPS mode.

18 years agoUpdate build system to make use of validated module in FIPS mode.
Dr. Stephen Henson [Tue, 28 Mar 2006 12:10:37 +0000 (12:10 +0000)]
Update build system to make use of validated module in FIPS mode.

18 years agoapply fixes from the cvs head
Nils Larsch [Tue, 14 Mar 2006 09:07:06 +0000 (09:07 +0000)]
apply fixes from the cvs head

18 years agoCheck EVP_DigestInit return value in EVP_BytesToKey() and use supported
Dr. Stephen Henson [Wed, 1 Mar 2006 21:15:24 +0000 (21:15 +0000)]
Check EVP_DigestInit return value in EVP_BytesToKey() and use supported
algorithm in PKCS12_create in FIPS mode.

18 years agoforce C locale when using [a-z] in sed expressions
Nils Larsch [Wed, 1 Mar 2006 19:52:39 +0000 (19:52 +0000)]
force C locale when using [a-z] in sed expressions

PR: 1283
Submitted by: Mike Frysinger

18 years agofix "#ifndef HZ" statement
Nils Larsch [Tue, 28 Feb 2006 20:15:56 +0000 (20:15 +0000)]
fix "#ifndef HZ" statement

PR: 1287

18 years agoI forgot to change fips to fips-1_0 in one place. That stopped the
Richard Levitte [Sun, 26 Feb 2006 11:17:21 +0000 (11:17 +0000)]
I forgot to change fips to fips-1_0 in one place.  That stopped the
build completely.  Hopefully, things will work better now.

18 years agofix Intel Mac configuration; patch supplied by JP Szikora <szikora@icp.ucl.ac.be>
Nils Larsch [Sat, 25 Feb 2006 12:01:25 +0000 (12:01 +0000)]
fix Intel Mac configuration; patch supplied by JP Szikora <szikora@icp.ucl.ac.be>

18 years agoOops, forgot to adapt the VMS build to the renamed directory.
Richard Levitte [Thu, 23 Feb 2006 09:18:45 +0000 (09:18 +0000)]
Oops, forgot to adapt the VMS build to the renamed directory.

18 years agoAdd entry for FIPSLIBDIR in Makefile.org
Dr. Stephen Henson [Wed, 8 Feb 2006 00:58:01 +0000 (00:58 +0000)]
Add entry for FIPSLIBDIR in Makefile.org

18 years agoAllow fips install dir to be specified for VC++ build.
Dr. Stephen Henson [Wed, 8 Feb 2006 00:47:30 +0000 (00:47 +0000)]
Allow fips install dir to be specified for VC++ build.

18 years agoBuild fips_premain_dso.exe in static build too. OpenSSL_FIPS_1_0
Dr. Stephen Henson [Tue, 7 Feb 2006 17:14:04 +0000 (17:14 +0000)]
Build fips_premain_dso.exe in static build too.