Bodo Möller [Thu, 28 Sep 2006 13:45:34 +0000 (13:45 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Bodo Möller [Thu, 28 Sep 2006 13:35:01 +0000 (13:35 +0000)]
include 0.9.8d and 0.9.7l information
Mark J. Cox [Thu, 28 Sep 2006 13:20:44 +0000 (13:20 +0000)]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Mark J. Cox [Thu, 28 Sep 2006 13:18:43 +0000 (13:18 +0000)]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
Richard Levitte [Thu, 28 Sep 2006 12:22:58 +0000 (12:22 +0000)]
Fixes for the following claims:
1) Certificate Message with no certs
OpenSSL implementation sends the Certificate message during SSL
handshake, however as per the specification, these have been omitted.
-- RFC 2712 --
CertificateRequest, and the ServerKeyExchange shown in Figure 1
will be omitted since authentication and the establishment of a
master secret will be done using the client's Kerberos credentials
for the TLS server. The client's certificate will be omitted for
the same reason.
-- RFC 2712 --
3) Pre-master secret Protocol version
The pre-master secret generated by OpenSSL does not have the correct
client version.
RFC 2712 says, if the Kerberos option is selected, the pre-master
secret structure is the same as that used in the RSA case.
TLS specification defines pre-master secret as:
struct {
ProtocolVersion client_version;
opaque random[46];
} PreMasterSecret;
where client_version is the latest protocol version supported by the
client
The pre-master secret generated by OpenSSL does not have the correct
client version. The implementation does not update the first 2 bytes
of random secret for Kerberos Cipher suites. At the server-end, the
client version from the pre-master secret is not validated.
PR: 1336
Dr. Stephen Henson [Tue, 26 Sep 2006 13:25:19 +0000 (13:25 +0000)]
Initialize new callbacks and make sure hent is always initialized.
Richard Levitte [Mon, 25 Sep 2006 08:35:35 +0000 (08:35 +0000)]
Complete the change for VMS.
Dr. Stephen Henson [Sat, 23 Sep 2006 17:29:49 +0000 (17:29 +0000)]
Submitted by: Brad Spencer <spencer@jacknife.org>
Reviewed by: steve
Dr. Stephen Henson [Fri, 22 Sep 2006 17:14:22 +0000 (17:14 +0000)]
Buffer size handling fix for enc.
PR:1374
Dr. Stephen Henson [Fri, 22 Sep 2006 17:06:09 +0000 (17:06 +0000)]
Using correct lock for X509_REQ.
PR:1348
Dr. Stephen Henson [Fri, 22 Sep 2006 13:37:15 +0000 (13:37 +0000)]
Update length if copying MSB set in asn1_string_canon().
Dr. Stephen Henson [Thu, 21 Sep 2006 16:19:10 +0000 (16:19 +0000)]
Updated file.
Dr. Stephen Henson [Thu, 21 Sep 2006 13:24:46 +0000 (13:24 +0000)]
Add missing prototype. Fix various warnings (C++ comments, ; outside function).
Dr. Stephen Henson [Thu, 21 Sep 2006 13:11:24 +0000 (13:11 +0000)]
Make int_rsa_sign function match prototype.
PR: 1383
Dr. Stephen Henson [Thu, 21 Sep 2006 13:07:57 +0000 (13:07 +0000)]
Compile in gost engine.
Dr. Stephen Henson [Thu, 21 Sep 2006 13:04:43 +0000 (13:04 +0000)]
Updated version of gost engine.
Dr. Stephen Henson [Thu, 21 Sep 2006 12:48:56 +0000 (12:48 +0000)]
Do CRL method init after other operations.
Dr. Stephen Henson [Thu, 21 Sep 2006 12:42:15 +0000 (12:42 +0000)]
Tidy up CRL handling by checking for critical extensions when it is
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.
Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
Andy Polyakov [Mon, 18 Sep 2006 19:50:54 +0000 (19:50 +0000)]
Build error on non-unix.
PR: 1390
Andy Polyakov [Mon, 18 Sep 2006 19:41:37 +0000 (19:41 +0000)]
Race condition in ms/uplink.c.
PR: 1382
Andy Polyakov [Mon, 18 Sep 2006 19:20:43 +0000 (19:20 +0000)]
As x86ms.pl is out, remove do_masm.bat and mention to it in INSTALL.W32.
Andy Polyakov [Mon, 18 Sep 2006 19:17:09 +0000 (19:17 +0000)]
Remove x86ms.pl and reimplement x86*.pl.
Andy Polyakov [Mon, 18 Sep 2006 19:13:15 +0000 (19:13 +0000)]
Improve 386 portability of aes-586.pl.
Bodo Möller [Mon, 18 Sep 2006 14:00:49 +0000 (14:00 +0000)]
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
[Problem pointed out by Adam Young <adamy (at) acm.org>]
Dr. Stephen Henson [Sun, 17 Sep 2006 17:16:28 +0000 (17:16 +0000)]
Overhaul of by_dir code to handle dynamic loading of CRLs.
Dr. Stephen Henson [Sun, 17 Sep 2006 13:00:18 +0000 (13:00 +0000)]
GOST public key algorithm ENGINE donated to the OpenSSL by Cryptocom.
Very early version, doesn't do much yet, not even added to the build system.
Dr. Stephen Henson [Thu, 14 Sep 2006 17:25:02 +0000 (17:25 +0000)]
Support for AKID in CRLs and partial support for IDP. Overhaul of CRL
handling to support this.
Dr. Stephen Henson [Wed, 13 Sep 2006 03:28:42 +0000 (03:28 +0000)]
Update docs.
Bodo Möller [Tue, 12 Sep 2006 14:42:19 +0000 (14:42 +0000)]
Update
Dr. Stephen Henson [Mon, 11 Sep 2006 13:00:52 +0000 (13:00 +0000)]
Fixes for new CRL/cert callbacks. Update CRL processing code to use new
callbacks.
Bodo Möller [Mon, 11 Sep 2006 09:49:03 +0000 (09:49 +0000)]
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
ciphersuite as well
Dr. Stephen Henson [Sun, 10 Sep 2006 12:38:37 +0000 (12:38 +0000)]
Add verify callback functions to lookup a STACK of matching certs or CRLs
based on subject name.
New thread safe functions to retrieve matching STACK from X509_STORE.
Cache some IDP components.
Bodo Möller [Fri, 8 Sep 2006 06:00:40 +0000 (06:00 +0000)]
Make sure the int_rsa_verify() prototype matches the implementation
(m_len currently is 'unsigned int', not 'size_t')
Submitted by: Gisle Vanem
Dr. Stephen Henson [Wed, 6 Sep 2006 11:59:04 +0000 (11:59 +0000)]
Additional detail.
Bodo Möller [Wed, 6 Sep 2006 11:54:19 +0000 (11:54 +0000)]
update information on "current version" ...
Dr. Stephen Henson [Wed, 6 Sep 2006 11:53:50 +0000 (11:53 +0000)]
Add an FAQ.
Bodo Möller [Wed, 6 Sep 2006 06:43:11 +0000 (06:43 +0000)]
Remove non-functional part of recent patch, after discussion with
Colin Percival (this would have caused more problems than solved,
and isn't really necessary anyway)
Bodo Möller [Wed, 6 Sep 2006 06:42:11 +0000 (06:42 +0000)]
Make consistent with 0.9.8-branch version of this file
Bodo Möller [Wed, 6 Sep 2006 06:34:52 +0000 (06:34 +0000)]
Every change so far that is in the 0.9.8 branch is (or should be) in HEAD
Mark J. Cox [Tue, 5 Sep 2006 08:58:03 +0000 (08:58 +0000)]
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
Andy Polyakov [Thu, 31 Aug 2006 21:27:30 +0000 (21:27 +0000)]
Rewrite sha1-586.pl.
Andy Polyakov [Thu, 31 Aug 2006 21:15:38 +0000 (21:15 +0000)]
Fix bug in aes-586.pl.
Andy Polyakov [Thu, 31 Aug 2006 21:12:17 +0000 (21:12 +0000)]
Fix bug in x86unix.pl introduced in latest update.
PR: 1380
Dr. Stephen Henson [Thu, 31 Aug 2006 21:01:15 +0000 (21:01 +0000)]
Kill more C++ comments.
Dr. Stephen Henson [Thu, 31 Aug 2006 20:56:20 +0000 (20:56 +0000)]
Fix C++ style comments, change assert to OPENSSL_assert, stop warning with
pedantic mode.
Dr. Stephen Henson [Thu, 31 Aug 2006 20:10:37 +0000 (20:10 +0000)]
Fix leak
Ben Laurie [Thu, 31 Aug 2006 14:04:04 +0000 (14:04 +0000)]
Forward port of IGE mode.
Ben Laurie [Mon, 28 Aug 2006 17:01:04 +0000 (17:01 +0000)]
Make things static that should be. Declare stuff in headers that should be.
Fix warnings.
Richard Levitte [Sun, 20 Aug 2006 05:54:35 +0000 (05:54 +0000)]
According to documentation, including time.h declares select() on
OpenVMS, and possibly more.
Ref: http://h71000.www7.hp.com/doc/82final/6529/6529pro_019.html#r_select
Richard Levitte [Sun, 20 Aug 2006 05:18:12 +0000 (05:18 +0000)]
Correct warnings about signedness.
Ulf Möller [Sun, 13 Aug 2006 09:03:38 +0000 (09:03 +0000)]
Use gmtime on cygwin
Submitted by: Corinna Vinschen
Andy Polyakov [Wed, 9 Aug 2006 15:40:30 +0000 (15:40 +0000)]
+20% tune-up for Power5.
Andy Polyakov [Mon, 7 Aug 2006 09:05:52 +0000 (09:05 +0000)]
Revised AES_cbc_encrypt in x86 assembler module.
Ulf Möller [Sat, 5 Aug 2006 20:45:06 +0000 (20:45 +0000)]
Correct punctuation.
PR: 1367
Andy Polyakov [Wed, 2 Aug 2006 22:38:16 +0000 (22:38 +0000)]
Agressively prefetch S-box in SSE codepatch, relax alignment requirement,
check for SSE bit instead of MMX, as pshufw was introduces in PIII, minor
optimization, typos...
Andy Polyakov [Wed, 2 Aug 2006 07:46:56 +0000 (07:46 +0000)]
Switch to compact S-box when generating AES key schedule.
Andy Polyakov [Tue, 1 Aug 2006 22:10:39 +0000 (22:10 +0000)]
Switch to compact S-box when generating AES key schedule.
Andy Polyakov [Tue, 1 Aug 2006 16:12:10 +0000 (16:12 +0000)]
Real Bourne shell doesn't interpret ==, but =.
Andy Polyakov [Mon, 31 Jul 2006 22:28:40 +0000 (22:28 +0000)]
Engage assembler in solaris64-x86_64-cc.
Andy Polyakov [Mon, 31 Jul 2006 22:26:40 +0000 (22:26 +0000)]
perlasm/x86unix.pl update.
Andy Polyakov [Mon, 31 Jul 2006 20:03:56 +0000 (20:03 +0000)]
Next generation aes-586.pl featuring AES_[en|de]crypt, accessing exclusively
256 byte S-box. AES_cbc_encrypt needs further work as it should also use
slow routines when processing smaller amount of data.
Bodo Möller [Mon, 31 Jul 2006 11:50:01 +0000 (11:50 +0000)]
Camellia IPR information
Dr. Stephen Henson [Tue, 25 Jul 2006 17:39:38 +0000 (17:39 +0000)]
Support for multiple CRLs with same issuer name in X509_STORE. Modify
verify logic to try to use an unexpired CRL if possible.
Dr. Stephen Henson [Mon, 24 Jul 2006 12:39:22 +0000 (12:39 +0000)]
Cache some CRL related extensions.
Dr. Stephen Henson [Fri, 21 Jul 2006 22:46:19 +0000 (22:46 +0000)]
Avoid warning.
Dr. Stephen Henson [Fri, 21 Jul 2006 22:28:48 +0000 (22:28 +0000)]
Avoid WIN32 warning.
Dr. Stephen Henson [Fri, 21 Jul 2006 22:26:31 +0000 (22:26 +0000)]
Avoid warnings.
Dr. Stephen Henson [Thu, 20 Jul 2006 16:56:47 +0000 (16:56 +0000)]
Use correct pointer types for various functions.
Bodo Möller [Wed, 19 Jul 2006 13:38:26 +0000 (13:38 +0000)]
New Camellia implementation (replacing previous version)
Submitted by: NTT
Bodo Möller [Wed, 19 Jul 2006 13:36:40 +0000 (13:36 +0000)]
Camellia information
Dr. Stephen Henson [Tue, 18 Jul 2006 12:36:19 +0000 (12:36 +0000)]
Store canonical encodings of Name structures. Update X509_NAME_cmp() to use
them.
Andy Polyakov [Tue, 18 Jul 2006 10:05:38 +0000 (10:05 +0000)]
Reimplement outer rounds as "compact" in x86 assembler. This has rather
strong impact on decrypt performance, 20-25%. One probably should consider
switching between slower and faster routines depending on how much data
we were asked to process.
Dr. Stephen Henson [Mon, 17 Jul 2006 18:52:51 +0000 (18:52 +0000)]
WIN32 fixes signed/unsigned issues and slightly socket semantics.
Dr. Stephen Henson [Mon, 17 Jul 2006 16:42:06 +0000 (16:42 +0000)]
Update .cvsignore again.
Dr. Stephen Henson [Mon, 17 Jul 2006 16:40:20 +0000 (16:40 +0000)]
Update .cvsignore
Dr. Stephen Henson [Mon, 17 Jul 2006 16:33:31 +0000 (16:33 +0000)]
Fix various error codes to match functions.
Dr. Stephen Henson [Mon, 17 Jul 2006 13:26:54 +0000 (13:26 +0000)]
Add -timeout option to ocsp utility.
Dr. Stephen Henson [Mon, 17 Jul 2006 12:18:28 +0000 (12:18 +0000)]
New non-blocking OCSP functionality.
Andy Polyakov [Fri, 14 Jul 2006 09:57:55 +0000 (09:57 +0000)]
Add option for "compact" rounds to aes_x86core.c. "Compact" rounds are
those referencing compact, 256-byte, S-boxes.
Dr. Stephen Henson [Thu, 13 Jul 2006 20:29:55 +0000 (20:29 +0000)]
There is should be no need to rewind the input stream any more.
For S/MIME multipart/signed type the signature is calculated on the fly.
For other detached data forms the stream isn't used after the single pass to
calculate signatures.
For non-detached the data is stored in a memory BIO.
Dr. Stephen Henson [Wed, 12 Jul 2006 18:00:20 +0000 (18:00 +0000)]
In genpkey, also look for algorithm string name in any supplied ENGINE.
Dr. Stephen Henson [Wed, 12 Jul 2006 16:30:40 +0000 (16:30 +0000)]
Bugfix: don't look in internal table for signature if found in application
supplied list.
Dr. Stephen Henson [Wed, 12 Jul 2006 13:28:44 +0000 (13:28 +0000)]
Typo.
Dr. Stephen Henson [Wed, 12 Jul 2006 12:31:30 +0000 (12:31 +0000)]
New docs for EVP_Digest{Sign,Verify}*() function. Update existing docs.
Dr. Stephen Henson [Mon, 10 Jul 2006 23:10:26 +0000 (23:10 +0000)]
Add docs for pkeyparam. Update some existing docs.
Dr. Stephen Henson [Mon, 10 Jul 2006 22:49:08 +0000 (22:49 +0000)]
Update some usage messages.
Dr. Stephen Henson [Mon, 10 Jul 2006 18:40:42 +0000 (18:40 +0000)]
make update
Dr. Stephen Henson [Mon, 10 Jul 2006 18:36:55 +0000 (18:36 +0000)]
Allow digests to supply S/MIME micalg values from a ctrl.
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
Dr. Stephen Henson [Sun, 9 Jul 2006 16:05:43 +0000 (16:05 +0000)]
New functions to add and free up application defined signature OIDs.
Dr. Stephen Henson [Sun, 9 Jul 2006 12:02:08 +0000 (12:02 +0000)]
Set detached flag in PKCS7 structure earlier to avoid eating up memory.
PR: 1071
Dr. Stephen Henson [Sun, 9 Jul 2006 11:26:13 +0000 (11:26 +0000)]
Public key comparison and printing routine functions.
Dr. Stephen Henson [Sun, 9 Jul 2006 11:01:49 +0000 (11:01 +0000)]
EVP_PKEY_get_default_digest() manual page.
Dr. Stephen Henson [Sun, 9 Jul 2006 10:51:03 +0000 (10:51 +0000)]
EVP_PKEY_CTX_ctrl() docs.
Dr. Stephen Henson [Sun, 9 Jul 2006 01:59:30 +0000 (01:59 +0000)]
Update docs.
Dr. Stephen Henson [Sun, 9 Jul 2006 00:53:45 +0000 (00:53 +0000)]
New functions to enumerate digests and ciphers.
Dr. Stephen Henson [Sat, 8 Jul 2006 21:42:49 +0000 (21:42 +0000)]
Keygen docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 12:47:52 +0000 (12:47 +0000)]
EVP_PKEY_derive() docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 12:46:51 +0000 (12:46 +0000)]
Add some examples.
Dr. Stephen Henson [Sat, 8 Jul 2006 11:22:23 +0000 (11:22 +0000)]
EVP_PKEY_verify() docs.
Dr. Stephen Henson [Sat, 8 Jul 2006 11:13:01 +0000 (11:13 +0000)]
New docs.