oweals/openssl.git
18 years agoIntroduce limits to prevent malicious keys being able to
Bodo Möller [Thu, 28 Sep 2006 13:45:34 +0000 (13:45 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

18 years agoinclude 0.9.8d and 0.9.7l information
Bodo Möller [Thu, 28 Sep 2006 13:35:01 +0000 (13:35 +0000)]
include 0.9.8d and 0.9.7l information

18 years agoFix ASN.1 parsing of certain invalid structures that can result
Mark J. Cox [Thu, 28 Sep 2006 13:20:44 +0000 (13:20 +0000)]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

18 years agoFix buffer overflow in SSL_get_shared_ciphers() function.
Mark J. Cox [Thu, 28 Sep 2006 13:18:43 +0000 (13:18 +0000)]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

18 years agoFixes for the following claims:
Richard Levitte [Thu, 28 Sep 2006 12:22:58 +0000 (12:22 +0000)]
Fixes for the following claims:

  1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336

18 years agoInitialize new callbacks and make sure hent is always initialized.
Dr. Stephen Henson [Tue, 26 Sep 2006 13:25:19 +0000 (13:25 +0000)]
Initialize new callbacks and make sure hent is always initialized.

18 years agoComplete the change for VMS.
Richard Levitte [Mon, 25 Sep 2006 08:35:35 +0000 (08:35 +0000)]
Complete the change for VMS.

18 years agoSubmitted by: Brad Spencer <spencer@jacknife.org>
Dr. Stephen Henson [Sat, 23 Sep 2006 17:29:49 +0000 (17:29 +0000)]
Submitted by: Brad Spencer <spencer@jacknife.org>
Reviewed by: steve

18 years agoBuffer size handling fix for enc.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:14:22 +0000 (17:14 +0000)]
Buffer size handling fix for enc.

PR:1374

18 years agoUsing correct lock for X509_REQ.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:06:09 +0000 (17:06 +0000)]
Using correct lock for X509_REQ.

PR:1348

18 years agoUpdate length if copying MSB set in asn1_string_canon().
Dr. Stephen Henson [Fri, 22 Sep 2006 13:37:15 +0000 (13:37 +0000)]
Update length if copying MSB set in asn1_string_canon().

18 years agoUpdated file.
Dr. Stephen Henson [Thu, 21 Sep 2006 16:19:10 +0000 (16:19 +0000)]
Updated file.

18 years agoAdd missing prototype. Fix various warnings (C++ comments, ; outside function).
Dr. Stephen Henson [Thu, 21 Sep 2006 13:24:46 +0000 (13:24 +0000)]
Add missing prototype. Fix various warnings (C++ comments, ; outside function).

18 years agoMake int_rsa_sign function match prototype.
Dr. Stephen Henson [Thu, 21 Sep 2006 13:11:24 +0000 (13:11 +0000)]
Make int_rsa_sign function match prototype.

PR: 1383

18 years agoCompile in gost engine.
Dr. Stephen Henson [Thu, 21 Sep 2006 13:07:57 +0000 (13:07 +0000)]
Compile in gost engine.

18 years agoUpdated version of gost engine.
Dr. Stephen Henson [Thu, 21 Sep 2006 13:04:43 +0000 (13:04 +0000)]
Updated version of gost engine.

18 years agoDo CRL method init after other operations.
Dr. Stephen Henson [Thu, 21 Sep 2006 12:48:56 +0000 (12:48 +0000)]
Do CRL method init after other operations.

18 years agoTidy up CRL handling by checking for critical extensions when it is
Dr. Stephen Henson [Thu, 21 Sep 2006 12:42:15 +0000 (12:42 +0000)]
Tidy up CRL handling by checking for critical extensions when it is
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.

Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.

18 years agoBuild error on non-unix.
Andy Polyakov [Mon, 18 Sep 2006 19:50:54 +0000 (19:50 +0000)]
Build error on non-unix.
PR: 1390

18 years agoRace condition in ms/uplink.c.
Andy Polyakov [Mon, 18 Sep 2006 19:41:37 +0000 (19:41 +0000)]
Race condition in ms/uplink.c.
PR: 1382

18 years agoAs x86ms.pl is out, remove do_masm.bat and mention to it in INSTALL.W32.
Andy Polyakov [Mon, 18 Sep 2006 19:20:43 +0000 (19:20 +0000)]
As x86ms.pl is out, remove do_masm.bat and mention to it in INSTALL.W32.

18 years agoRemove x86ms.pl and reimplement x86*.pl.
Andy Polyakov [Mon, 18 Sep 2006 19:17:09 +0000 (19:17 +0000)]
Remove x86ms.pl and reimplement x86*.pl.

18 years agoImprove 386 portability of aes-586.pl.
Andy Polyakov [Mon, 18 Sep 2006 19:13:15 +0000 (19:13 +0000)]
Improve 386 portability of aes-586.pl.

18 years agoEnsure that the addition mods[i]+delta cannot overflow in probable_prime().
Bodo Möller [Mon, 18 Sep 2006 14:00:49 +0000 (14:00 +0000)]
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().

[Problem pointed out by Adam Young <adamy (at) acm.org>]

18 years agoOverhaul of by_dir code to handle dynamic loading of CRLs.
Dr. Stephen Henson [Sun, 17 Sep 2006 17:16:28 +0000 (17:16 +0000)]
Overhaul of by_dir code to handle dynamic loading of CRLs.

18 years agoGOST public key algorithm ENGINE donated to the OpenSSL by Cryptocom.
Dr. Stephen Henson [Sun, 17 Sep 2006 13:00:18 +0000 (13:00 +0000)]
GOST public key algorithm ENGINE donated to the OpenSSL by Cryptocom.

Very early version, doesn't do much yet, not even added to the build system.

18 years agoSupport for AKID in CRLs and partial support for IDP. Overhaul of CRL
Dr. Stephen Henson [Thu, 14 Sep 2006 17:25:02 +0000 (17:25 +0000)]
Support for AKID in CRLs and partial support for IDP. Overhaul of CRL
handling to support this.

18 years agoUpdate docs.
Dr. Stephen Henson [Wed, 13 Sep 2006 03:28:42 +0000 (03:28 +0000)]
Update docs.

18 years agoUpdate
Bodo Möller [Tue, 12 Sep 2006 14:42:19 +0000 (14:42 +0000)]
Update

18 years agoFixes for new CRL/cert callbacks. Update CRL processing code to use new
Dr. Stephen Henson [Mon, 11 Sep 2006 13:00:52 +0000 (13:00 +0000)]
Fixes for new CRL/cert callbacks. Update CRL processing code to use new
callbacks.

18 years agoensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
Bodo Möller [Mon, 11 Sep 2006 09:49:03 +0000 (09:49 +0000)]
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
ciphersuite as well

18 years agoAdd verify callback functions to lookup a STACK of matching certs or CRLs
Dr. Stephen Henson [Sun, 10 Sep 2006 12:38:37 +0000 (12:38 +0000)]
Add verify callback functions to lookup a STACK of matching certs or CRLs
based on subject name.

New thread safe functions to retrieve matching STACK from X509_STORE.

Cache some IDP components.

18 years agoMake sure the int_rsa_verify() prototype matches the implementation
Bodo Möller [Fri, 8 Sep 2006 06:00:40 +0000 (06:00 +0000)]
Make sure the int_rsa_verify() prototype matches the implementation
(m_len currently is 'unsigned int', not 'size_t')

Submitted by: Gisle Vanem

18 years agoAdditional detail.
Dr. Stephen Henson [Wed, 6 Sep 2006 11:59:04 +0000 (11:59 +0000)]
Additional detail.

18 years agoupdate information on "current version" ...
Bodo Möller [Wed, 6 Sep 2006 11:54:19 +0000 (11:54 +0000)]
update information on "current version" ...

18 years agoAdd an FAQ.
Dr. Stephen Henson [Wed, 6 Sep 2006 11:53:50 +0000 (11:53 +0000)]
Add an FAQ.

18 years agoRemove non-functional part of recent patch, after discussion with
Bodo Möller [Wed, 6 Sep 2006 06:43:11 +0000 (06:43 +0000)]
Remove non-functional part of recent patch, after discussion with
Colin Percival (this would have caused more problems than solved,
and isn't really necessary anyway)

18 years agoMake consistent with 0.9.8-branch version of this file
Bodo Möller [Wed, 6 Sep 2006 06:42:11 +0000 (06:42 +0000)]
Make consistent with 0.9.8-branch version of this file

18 years agoEvery change so far that is in the 0.9.8 branch is (or should be) in HEAD
Bodo Möller [Wed, 6 Sep 2006 06:34:52 +0000 (06:34 +0000)]
Every change so far that is in the 0.9.8 branch is (or should be) in HEAD

18 years agoAvoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
Mark J. Cox [Tue, 5 Sep 2006 08:58:03 +0000 (08:58 +0000)]
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)

Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson

18 years agoRewrite sha1-586.pl.
Andy Polyakov [Thu, 31 Aug 2006 21:27:30 +0000 (21:27 +0000)]
Rewrite sha1-586.pl.

18 years agoFix bug in aes-586.pl.
Andy Polyakov [Thu, 31 Aug 2006 21:15:38 +0000 (21:15 +0000)]
Fix bug in aes-586.pl.

18 years agoFix bug in x86unix.pl introduced in latest update.
Andy Polyakov [Thu, 31 Aug 2006 21:12:17 +0000 (21:12 +0000)]
Fix bug in x86unix.pl introduced in latest update.
PR: 1380

18 years agoKill more C++ comments.
Dr. Stephen Henson [Thu, 31 Aug 2006 21:01:15 +0000 (21:01 +0000)]
Kill more C++ comments.

18 years agoFix C++ style comments, change assert to OPENSSL_assert, stop warning with
Dr. Stephen Henson [Thu, 31 Aug 2006 20:56:20 +0000 (20:56 +0000)]
Fix C++ style comments, change assert to OPENSSL_assert, stop warning with
pedantic mode.

18 years agoFix leak
Dr. Stephen Henson [Thu, 31 Aug 2006 20:10:37 +0000 (20:10 +0000)]
Fix leak

18 years agoForward port of IGE mode.
Ben Laurie [Thu, 31 Aug 2006 14:04:04 +0000 (14:04 +0000)]
Forward port of IGE mode.

18 years agoMake things static that should be. Declare stuff in headers that should be.
Ben Laurie [Mon, 28 Aug 2006 17:01:04 +0000 (17:01 +0000)]
Make things static that should be. Declare stuff in headers that should be.
Fix warnings.

18 years agoAccording to documentation, including time.h declares select() on
Richard Levitte [Sun, 20 Aug 2006 05:54:35 +0000 (05:54 +0000)]
According to documentation, including time.h declares select() on
OpenVMS, and possibly more.

Ref: http://h71000.www7.hp.com/doc/82final/6529/6529pro_019.html#r_select

18 years agoCorrect warnings about signedness.
Richard Levitte [Sun, 20 Aug 2006 05:18:12 +0000 (05:18 +0000)]
Correct warnings about signedness.

18 years agoUse gmtime on cygwin
Ulf Möller [Sun, 13 Aug 2006 09:03:38 +0000 (09:03 +0000)]
Use gmtime on cygwin
Submitted by: Corinna Vinschen

18 years ago+20% tune-up for Power5.
Andy Polyakov [Wed, 9 Aug 2006 15:40:30 +0000 (15:40 +0000)]
+20% tune-up for Power5.

18 years agoRevised AES_cbc_encrypt in x86 assembler module.
Andy Polyakov [Mon, 7 Aug 2006 09:05:52 +0000 (09:05 +0000)]
Revised AES_cbc_encrypt in x86 assembler module.

18 years agoCorrect punctuation.
Ulf Möller [Sat, 5 Aug 2006 20:45:06 +0000 (20:45 +0000)]
Correct punctuation.
PR: 1367

18 years agoAgressively prefetch S-box in SSE codepatch, relax alignment requirement,
Andy Polyakov [Wed, 2 Aug 2006 22:38:16 +0000 (22:38 +0000)]
Agressively prefetch S-box in SSE codepatch, relax alignment requirement,
check for SSE bit instead of MMX, as pshufw was introduces in PIII, minor
optimization, typos...

18 years agoSwitch to compact S-box when generating AES key schedule.
Andy Polyakov [Wed, 2 Aug 2006 07:46:56 +0000 (07:46 +0000)]
Switch to compact S-box when generating AES key schedule.

18 years agoSwitch to compact S-box when generating AES key schedule.
Andy Polyakov [Tue, 1 Aug 2006 22:10:39 +0000 (22:10 +0000)]
Switch to compact S-box when generating AES key schedule.

18 years agoReal Bourne shell doesn't interpret ==, but =.
Andy Polyakov [Tue, 1 Aug 2006 16:12:10 +0000 (16:12 +0000)]
Real Bourne shell doesn't interpret ==, but =.

18 years agoEngage assembler in solaris64-x86_64-cc.
Andy Polyakov [Mon, 31 Jul 2006 22:28:40 +0000 (22:28 +0000)]
Engage assembler in solaris64-x86_64-cc.

18 years agoperlasm/x86unix.pl update.
Andy Polyakov [Mon, 31 Jul 2006 22:26:40 +0000 (22:26 +0000)]
perlasm/x86unix.pl update.

18 years agoNext generation aes-586.pl featuring AES_[en|de]crypt, accessing exclusively
Andy Polyakov [Mon, 31 Jul 2006 20:03:56 +0000 (20:03 +0000)]
Next generation aes-586.pl featuring AES_[en|de]crypt, accessing exclusively
256 byte S-box. AES_cbc_encrypt needs further work as it should also use
slow routines when processing smaller amount of data.

18 years agoCamellia IPR information
Bodo Möller [Mon, 31 Jul 2006 11:50:01 +0000 (11:50 +0000)]
Camellia IPR information

18 years agoSupport for multiple CRLs with same issuer name in X509_STORE. Modify
Dr. Stephen Henson [Tue, 25 Jul 2006 17:39:38 +0000 (17:39 +0000)]
Support for multiple CRLs with same issuer name in X509_STORE. Modify
verify logic to try to use an unexpired CRL if possible.

18 years agoCache some CRL related extensions.
Dr. Stephen Henson [Mon, 24 Jul 2006 12:39:22 +0000 (12:39 +0000)]
Cache some CRL related extensions.

18 years agoAvoid warning.
Dr. Stephen Henson [Fri, 21 Jul 2006 22:46:19 +0000 (22:46 +0000)]
Avoid warning.

18 years agoAvoid WIN32 warning.
Dr. Stephen Henson [Fri, 21 Jul 2006 22:28:48 +0000 (22:28 +0000)]
Avoid WIN32 warning.

18 years agoAvoid warnings.
Dr. Stephen Henson [Fri, 21 Jul 2006 22:26:31 +0000 (22:26 +0000)]
Avoid warnings.

18 years agoUse correct pointer types for various functions.
Dr. Stephen Henson [Thu, 20 Jul 2006 16:56:47 +0000 (16:56 +0000)]
Use correct pointer types for various functions.

18 years agoNew Camellia implementation (replacing previous version)
Bodo Möller [Wed, 19 Jul 2006 13:38:26 +0000 (13:38 +0000)]
New Camellia implementation (replacing previous version)

Submitted by: NTT

18 years agoCamellia information
Bodo Möller [Wed, 19 Jul 2006 13:36:40 +0000 (13:36 +0000)]
Camellia information

18 years agoStore canonical encodings of Name structures. Update X509_NAME_cmp() to use
Dr. Stephen Henson [Tue, 18 Jul 2006 12:36:19 +0000 (12:36 +0000)]
Store canonical encodings of Name structures. Update X509_NAME_cmp() to use
them.

18 years agoReimplement outer rounds as "compact" in x86 assembler. This has rather
Andy Polyakov [Tue, 18 Jul 2006 10:05:38 +0000 (10:05 +0000)]
Reimplement outer rounds as "compact" in x86 assembler. This has rather
strong impact on decrypt performance, 20-25%. One probably should consider
switching between slower and faster routines depending on how much data
we were asked to process.

18 years agoWIN32 fixes signed/unsigned issues and slightly socket semantics.
Dr. Stephen Henson [Mon, 17 Jul 2006 18:52:51 +0000 (18:52 +0000)]
WIN32 fixes signed/unsigned issues and slightly socket semantics.

18 years agoUpdate .cvsignore again.
Dr. Stephen Henson [Mon, 17 Jul 2006 16:42:06 +0000 (16:42 +0000)]
Update .cvsignore again.

18 years agoUpdate .cvsignore
Dr. Stephen Henson [Mon, 17 Jul 2006 16:40:20 +0000 (16:40 +0000)]
Update .cvsignore

18 years agoFix various error codes to match functions.
Dr. Stephen Henson [Mon, 17 Jul 2006 16:33:31 +0000 (16:33 +0000)]
Fix various error codes to match functions.

18 years agoAdd -timeout option to ocsp utility.
Dr. Stephen Henson [Mon, 17 Jul 2006 13:26:54 +0000 (13:26 +0000)]
Add -timeout option to ocsp utility.

18 years agoNew non-blocking OCSP functionality.
Dr. Stephen Henson [Mon, 17 Jul 2006 12:18:28 +0000 (12:18 +0000)]
New non-blocking OCSP functionality.

18 years agoAdd option for "compact" rounds to aes_x86core.c. "Compact" rounds are
Andy Polyakov [Fri, 14 Jul 2006 09:57:55 +0000 (09:57 +0000)]
Add option for "compact" rounds to aes_x86core.c. "Compact" rounds are
those referencing compact, 256-byte, S-boxes.

18 years agoThere is should be no need to rewind the input stream any more.
Dr. Stephen Henson [Thu, 13 Jul 2006 20:29:55 +0000 (20:29 +0000)]
There is should be no need to rewind the input stream any more.

For S/MIME multipart/signed type the signature is calculated on the fly.

For other detached data forms the stream isn't used after the single pass to
calculate signatures.

For non-detached the data is stored in a memory BIO.

18 years agoIn genpkey, also look for algorithm string name in any supplied ENGINE.
Dr. Stephen Henson [Wed, 12 Jul 2006 18:00:20 +0000 (18:00 +0000)]
In genpkey, also look for algorithm string name in any supplied ENGINE.

18 years agoBugfix: don't look in internal table for signature if found in application
Dr. Stephen Henson [Wed, 12 Jul 2006 16:30:40 +0000 (16:30 +0000)]
Bugfix: don't look in internal table for signature if found in application
supplied list.

18 years agoTypo.
Dr. Stephen Henson [Wed, 12 Jul 2006 13:28:44 +0000 (13:28 +0000)]
Typo.

18 years agoNew docs for EVP_Digest{Sign,Verify}*() function. Update existing docs.
Dr. Stephen Henson [Wed, 12 Jul 2006 12:31:30 +0000 (12:31 +0000)]
New docs for EVP_Digest{Sign,Verify}*() function. Update existing docs.

18 years agoAdd docs for pkeyparam. Update some existing docs.
Dr. Stephen Henson [Mon, 10 Jul 2006 23:10:26 +0000 (23:10 +0000)]
Add docs for pkeyparam. Update some existing docs.

18 years agoUpdate some usage messages.
Dr. Stephen Henson [Mon, 10 Jul 2006 22:49:08 +0000 (22:49 +0000)]
Update some usage messages.

18 years agomake update
Dr. Stephen Henson [Mon, 10 Jul 2006 18:40:42 +0000 (18:40 +0000)]
make update

18 years agoAllow digests to supply S/MIME micalg values from a ctrl.
Dr. Stephen Henson [Mon, 10 Jul 2006 18:36:55 +0000 (18:36 +0000)]
Allow digests to supply S/MIME micalg values from a ctrl.

Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.

18 years agoNew functions to add and free up application defined signature OIDs.
Dr. Stephen Henson [Sun, 9 Jul 2006 16:05:43 +0000 (16:05 +0000)]
New functions to add and free up application defined signature OIDs.

18 years agoSet detached flag in PKCS7 structure earlier to avoid eating up memory.
Dr. Stephen Henson [Sun, 9 Jul 2006 12:02:08 +0000 (12:02 +0000)]
Set detached flag in PKCS7 structure earlier to avoid eating up memory.

PR: 1071

18 years agoPublic key comparison and printing routine functions.
Dr. Stephen Henson [Sun, 9 Jul 2006 11:26:13 +0000 (11:26 +0000)]
Public key comparison and printing routine functions.

18 years agoEVP_PKEY_get_default_digest() manual page.
Dr. Stephen Henson [Sun, 9 Jul 2006 11:01:49 +0000 (11:01 +0000)]
EVP_PKEY_get_default_digest() manual page.

18 years agoEVP_PKEY_CTX_ctrl() docs.
Dr. Stephen Henson [Sun, 9 Jul 2006 10:51:03 +0000 (10:51 +0000)]
EVP_PKEY_CTX_ctrl() docs.

18 years agoUpdate docs.
Dr. Stephen Henson [Sun, 9 Jul 2006 01:59:30 +0000 (01:59 +0000)]
Update docs.

18 years agoNew functions to enumerate digests and ciphers.
Dr. Stephen Henson [Sun, 9 Jul 2006 00:53:45 +0000 (00:53 +0000)]
New functions to enumerate digests and ciphers.

18 years agoKeygen docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 21:42:49 +0000 (21:42 +0000)]
Keygen docs.

18 years agoEVP_PKEY_derive() docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 12:47:52 +0000 (12:47 +0000)]
EVP_PKEY_derive() docs.

18 years agoAdd some examples.
Dr. Stephen Henson [Sat, 8 Jul 2006 12:46:51 +0000 (12:46 +0000)]
Add some examples.

18 years agoEVP_PKEY_verify() docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 11:22:23 +0000 (11:22 +0000)]
EVP_PKEY_verify() docs.

18 years agoNew docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 11:13:01 +0000 (11:13 +0000)]
New docs.