Dr. Stephen Henson [Fri, 23 Feb 2007 12:17:03 +0000 (12:17 +0000)]
Oops! Correct version file.
Dr. Stephen Henson [Fri, 23 Feb 2007 12:07:21 +0000 (12:07 +0000)]
Prepare for release.
Dr. Stephen Henson [Fri, 23 Feb 2007 00:59:28 +0000 (00:59 +0000)]
Make update.
Dr. Stephen Henson [Fri, 23 Feb 2007 00:36:03 +0000 (00:36 +0000)]
Fix syntax error in asm file.
Dr. Stephen Henson [Thu, 22 Feb 2007 22:30:49 +0000 (22:30 +0000)]
Set $fips when fipscanistebuild is used.
Dr. Stephen Henson [Thu, 22 Feb 2007 22:30:00 +0000 (22:30 +0000)]
Typo.
Dr. Stephen Henson [Thu, 22 Feb 2007 01:51:34 +0000 (01:51 +0000)]
Only give warning if relevant options are given.
Dr. Stephen Henson [Thu, 22 Feb 2007 01:36:15 +0000 (01:36 +0000)]
Update NEWS file.
Dr. Stephen Henson [Wed, 21 Feb 2007 18:16:25 +0000 (18:16 +0000)]
Include big warning message if test fipscanister.o compilation option used.
Lutz Jänicke [Wed, 21 Feb 2007 17:44:08 +0000 (17:44 +0000)]
Fix incorrect handling of special characters.
PR: 1459
Submitted by: tnitschke@innominate.com
Reviewed by: steve@openssl.org
Dr. Stephen Henson [Wed, 21 Feb 2007 13:48:09 +0000 (13:48 +0000)]
Cleanse PEM buffers before freeing them.
Submitted by: Benjamin Bennett <ben@psc.edu>
Bodo Möller [Mon, 19 Feb 2007 18:35:45 +0000 (18:35 +0000)]
Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.
Bodo Möller [Mon, 19 Feb 2007 14:45:57 +0000 (14:45 +0000)]
fix incorrect strength bit values for certain Kerberos ciphersuites
Submitted by: Victor Duchovni
Bodo Möller [Sat, 17 Feb 2007 06:53:10 +0000 (06:53 +0000)]
Some fixes for ciphersuite string processing:
- add a workaround provided by Victor Duchovni so that 128- and
256-bit variants of otherwise identical ciphersuites are treated
correctly;
- also, correctly skip invalid parts of ciphersuite description strings.
Submitted by: Victor Duchovni, Bodo Moeller
Dr. Stephen Henson [Sat, 3 Feb 2007 17:33:30 +0000 (17:33 +0000)]
Update from fips2 branch.
Nils Larsch [Sat, 3 Feb 2007 10:27:06 +0000 (10:27 +0000)]
fix documentation
PR: 1466
Dr. Stephen Henson [Tue, 23 Jan 2007 18:25:01 +0000 (18:25 +0000)]
Don't call OPENSSL_free() on sig, DSA_free() has already freed it.
Dr. Stephen Henson [Tue, 23 Jan 2007 18:21:12 +0000 (18:21 +0000)]
Typo.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:53:01 +0000 (17:53 +0000)]
Constify tag table.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:51:08 +0000 (17:51 +0000)]
To reduce FIPS dependencies don't load error strings and avoid use of ASN1
versions of DSA signature functions.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:43:57 +0000 (17:43 +0000)]
Move some DSA functions between files to make it possible to use the DSA
crypto without ASN1 dependency.
Dr. Stephen Henson [Tue, 23 Jan 2007 01:40:28 +0000 (01:40 +0000)]
Rewrite AES/DES algorithm test programs to only use low level API.
Dr. Stephen Henson [Sun, 21 Jan 2007 16:02:37 +0000 (16:02 +0000)]
Update from HEAD.
Dr. Stephen Henson [Sun, 21 Jan 2007 14:05:43 +0000 (14:05 +0000)]
Oops...
Dr. Stephen Henson [Sun, 21 Jan 2007 13:59:17 +0000 (13:59 +0000)]
Make FIPS algorithm tests compile in none-FIPS mode.
Dr. Stephen Henson [Sun, 21 Jan 2007 13:37:48 +0000 (13:37 +0000)]
Update fips_test_suite source.
Dr. Stephen Henson [Sat, 20 Jan 2007 18:49:05 +0000 (18:49 +0000)]
Link fips utilities only against fipscanister.o
Dr. Stephen Henson [Fri, 19 Jan 2007 13:17:52 +0000 (13:17 +0000)]
User cleaner way to handle new options for VC++ build.
Dr. Stephen Henson [Thu, 18 Jan 2007 21:27:29 +0000 (21:27 +0000)]
Upadte from HEAD.
Dr. Stephen Henson [Thu, 18 Jan 2007 18:44:41 +0000 (18:44 +0000)]
Expanded boundary support for VC++ build.
Dr. Stephen Henson [Thu, 18 Jan 2007 13:29:15 +0000 (13:29 +0000)]
Expand security boundary to match 1.1.1 module.
Dr. Stephen Henson [Wed, 17 Jan 2007 17:12:17 +0000 (17:12 +0000)]
Initial support for new build options under WIN32 and VC++.
Dr. Stephen Henson [Tue, 16 Jan 2007 19:45:14 +0000 (19:45 +0000)]
Remove debugging echo.
Dr. Stephen Henson [Tue, 16 Jan 2007 19:30:21 +0000 (19:30 +0000)]
Add options to allow fipscanister to be built and linked against internally.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:39:58 +0000 (17:39 +0000)]
More fixes to build/fipsld to handle detached fips_premain.c detached sig.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:14:50 +0000 (17:14 +0000)]
Remove deleted fipshashes.[co] from Makefile.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:03:30 +0000 (17:03 +0000)]
$(FIPSCHECK) no longer used.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:37:07 +0000 (14:37 +0000)]
Update .cvsignore.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:34:22 +0000 (14:34 +0000)]
Update .cvsignore
Dr. Stephen Henson [Tue, 16 Jan 2007 14:32:14 +0000 (14:32 +0000)]
Use correct perl script name in mkfipsscr.pl output.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:06:33 +0000 (14:06 +0000)]
Update fipsld to use external signature for fips_premain.c . Update build system
remove redundant source file hash checks.
Dr. Stephen Henson [Tue, 16 Jan 2007 13:48:16 +0000 (13:48 +0000)]
Don't use deprecated -mcpu option.
Dr. Stephen Henson [Mon, 15 Jan 2007 00:29:39 +0000 (00:29 +0000)]
Oops...
Dr. Stephen Henson [Mon, 15 Jan 2007 00:25:59 +0000 (00:25 +0000)]
Perl script to build shell scripts and batch files to run algorithm test programs.
Dr. Stephen Henson [Sun, 14 Jan 2007 17:01:31 +0000 (17:01 +0000)]
Make algorithm test programs tolerate whitespace in input files.
Lutz Jänicke [Fri, 12 Jan 2007 18:48:00 +0000 (18:48 +0000)]
Update to new home page
Dr. Stephen Henson [Thu, 7 Dec 2006 13:23:22 +0000 (13:23 +0000)]
Remove 'done' variable since it stops error codes being reloaded.
Nils Larsch [Wed, 6 Dec 2006 16:52:55 +0000 (16:52 +0000)]
fix no-ssl2 build
Nils Larsch [Mon, 4 Dec 2006 20:41:46 +0000 (20:41 +0000)]
fix function names in RSAerr calls
PR: 1403
Bodo Möller [Wed, 29 Nov 2006 14:44:07 +0000 (14:44 +0000)]
fix support for receiving fragmented handshake messages
Dr. Stephen Henson [Tue, 21 Nov 2006 19:27:19 +0000 (19:27 +0000)]
Rebuild error source files.
Dr. Stephen Henson [Tue, 21 Nov 2006 19:19:09 +0000 (19:19 +0000)]
Use error table to determine if errors should be loaded.
Dr. Stephen Henson [Mon, 13 Nov 2006 13:23:33 +0000 (13:23 +0000)]
Fix from HEAD.
Mark J. Cox [Fri, 29 Sep 2006 08:20:11 +0000 (08:20 +0000)]
Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan
Richard Levitte [Thu, 28 Sep 2006 19:48:48 +0000 (19:48 +0000)]
Oops, some changes forgotten...
Mark J. Cox [Thu, 28 Sep 2006 12:00:30 +0000 (12:00 +0000)]
After tagging, open up 0.9.7m-dev
Mark J. Cox [Thu, 28 Sep 2006 11:56:57 +0000 (11:56 +0000)]
Prepare for 0.9.7l release
Mark J. Cox [Thu, 28 Sep 2006 11:53:51 +0000 (11:53 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
Dr. Stephen Henson [Fri, 22 Sep 2006 17:15:04 +0000 (17:15 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:06:51 +0000 (17:06 +0000)]
Fix from head.
Bodo Möller [Tue, 19 Sep 2006 10:00:29 +0000 (10:00 +0000)]
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
[Problem pointed out by Adam Young <adamy (at) acm.org>]
Bodo Möller [Tue, 12 Sep 2006 14:41:50 +0000 (14:41 +0000)]
Backport from HEAD: fix ciphersuite selection
Bodo Möller [Wed, 6 Sep 2006 06:41:32 +0000 (06:41 +0000)]
make consistent with 0.9.8-branch version of this file
Mark J. Cox [Tue, 5 Sep 2006 08:46:18 +0000 (08:46 +0000)]
Don't forget to put back the -dev
Mark J. Cox [Tue, 5 Sep 2006 08:38:12 +0000 (08:38 +0000)]
Bump for 0.9.7l-dev
Mark J. Cox [Tue, 5 Sep 2006 08:34:07 +0000 (08:34 +0000)]
Prepare 0.9.7k release
Mark J. Cox [Tue, 5 Sep 2006 08:24:14 +0000 (08:24 +0000)]
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339) [Ben Laurie and Google Security Team]
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
Dr. Stephen Henson [Thu, 31 Aug 2006 20:11:30 +0000 (20:11 +0000)]
Update from HEAD.
Dr. Stephen Henson [Thu, 13 Jul 2006 20:36:51 +0000 (20:36 +0000)]
Fix from HEAD. Except we can't stream multipart/signed in 0.9.7 so that case
still rewinds the stream.
Dr. Stephen Henson [Sun, 9 Jul 2006 12:05:10 +0000 (12:05 +0000)]
Fix from HEAD.
Bodo Möller [Fri, 30 Jun 2006 22:03:18 +0000 (22:03 +0000)]
documentation for "HIGH" vs. "MEDIUM" was not up-to-date
Bodo Möller [Fri, 30 Jun 2006 08:15:13 +0000 (08:15 +0000)]
use <poll.h> as by Single Unix Specification
Bodo Möller [Wed, 28 Jun 2006 14:49:39 +0000 (14:49 +0000)]
always read if we can't use select because of a too large FD
(it's non-blocking mode anyway)
Andy Polyakov [Wed, 28 Jun 2006 08:57:22 +0000 (08:57 +0000)]
Mitigate the hazard of cache-collision timing attack on last round
[from HEAD].
Richard Levitte [Tue, 27 Jun 2006 06:31:48 +0000 (06:31 +0000)]
Use poll() when possible to gather Unix randomness entropy
Bodo Möller [Fri, 23 Jun 2006 14:59:43 +0000 (14:59 +0000)]
Be more explicit about requirements for multi-threading.
Richard Levitte [Wed, 21 Jun 2006 05:08:36 +0000 (05:08 +0000)]
Synchronise with the Unix build
Dr. Stephen Henson [Tue, 20 Jun 2006 18:06:40 +0000 (18:06 +0000)]
Place hex_to_string and string_to_hex in separate source file to avoid
dragging in extra dependencies when just these functions are used.
Bodo Möller [Fri, 16 Jun 2006 01:01:34 +0000 (01:01 +0000)]
Thread-safety fixes
Bodo Möller [Wed, 14 Jun 2006 17:51:36 +0000 (17:51 +0000)]
Disable invalid ciphersuites
Bodo Möller [Wed, 14 Jun 2006 08:50:11 +0000 (08:50 +0000)]
Thread-safety fixes
Dr. Stephen Henson [Wed, 17 May 2006 18:25:38 +0000 (18:25 +0000)]
Fix from head.
Dr. Stephen Henson [Wed, 17 May 2006 18:20:53 +0000 (18:20 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Thu, 4 May 2006 13:08:01 +0000 (13:08 +0000)]
Update for next dev version.
Dr. Stephen Henson [Thu, 4 May 2006 12:52:59 +0000 (12:52 +0000)]
Prepare for release
Dr. Stephen Henson [Thu, 4 May 2006 12:32:36 +0000 (12:32 +0000)]
make update
Dr. Stephen Henson [Thu, 4 May 2006 12:09:04 +0000 (12:09 +0000)]
Use new fips-1.0 directory in error library.
Dr. Stephen Henson [Thu, 4 May 2006 11:16:20 +0000 (11:16 +0000)]
Update CHANGES.
Dr. Stephen Henson [Mon, 24 Apr 2006 13:32:58 +0000 (13:32 +0000)]
Add new --with-baseaddr command line option to allow the FIPS base address of
libeay32.dll to be explicitly specified.
Dr. Stephen Henson [Sat, 15 Apr 2006 17:42:46 +0000 (17:42 +0000)]
Check pbe2->keyfunc->parameter is not NULL before dereferencing.
PR: 1316
Dr. Stephen Henson [Fri, 7 Apr 2006 00:15:44 +0000 (00:15 +0000)]
Typos.
Dr. Stephen Henson [Fri, 7 Apr 2006 00:04:37 +0000 (00:04 +0000)]
Link _chkstk.o from FIPSLIB_D.
Richard Levitte [Mon, 3 Apr 2006 09:15:27 +0000 (09:15 +0000)]
Change chop to chomp when reading lines, so CRLF is properly processed on
the operating systems where they are the normal line endings
Dr. Stephen Henson [Fri, 31 Mar 2006 22:44:20 +0000 (22:44 +0000)]
Check flag before calling FIPS_dsa_check().
Dr. Stephen Henson [Fri, 31 Mar 2006 17:09:46 +0000 (17:09 +0000)]
Flag to allow use of DSA_METHOD in FIPS mode.
Dr. Stephen Henson [Tue, 28 Mar 2006 12:10:37 +0000 (12:10 +0000)]
Update build system to make use of validated module in FIPS mode.
Nils Larsch [Tue, 14 Mar 2006 09:07:06 +0000 (09:07 +0000)]
apply fixes from the cvs head
Dr. Stephen Henson [Wed, 1 Mar 2006 21:15:24 +0000 (21:15 +0000)]
Check EVP_DigestInit return value in EVP_BytesToKey() and use supported
algorithm in PKCS12_create in FIPS mode.
Nils Larsch [Wed, 1 Mar 2006 19:52:39 +0000 (19:52 +0000)]
force C locale when using [a-z] in sed expressions
PR: 1283
Submitted by: Mike Frysinger
Nils Larsch [Tue, 28 Feb 2006 20:15:56 +0000 (20:15 +0000)]
fix "#ifndef HZ" statement
PR: 1287