Dr. Stephen Henson [Thu, 18 Jan 2007 21:27:29 +0000 (21:27 +0000)]
Upadte from HEAD.
Dr. Stephen Henson [Thu, 18 Jan 2007 18:44:41 +0000 (18:44 +0000)]
Expanded boundary support for VC++ build.
Dr. Stephen Henson [Thu, 18 Jan 2007 13:29:15 +0000 (13:29 +0000)]
Expand security boundary to match 1.1.1 module.
Dr. Stephen Henson [Wed, 17 Jan 2007 17:12:17 +0000 (17:12 +0000)]
Initial support for new build options under WIN32 and VC++.
Dr. Stephen Henson [Tue, 16 Jan 2007 19:45:14 +0000 (19:45 +0000)]
Remove debugging echo.
Dr. Stephen Henson [Tue, 16 Jan 2007 19:30:21 +0000 (19:30 +0000)]
Add options to allow fipscanister to be built and linked against internally.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:39:58 +0000 (17:39 +0000)]
More fixes to build/fipsld to handle detached fips_premain.c detached sig.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:14:50 +0000 (17:14 +0000)]
Remove deleted fipshashes.[co] from Makefile.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:03:30 +0000 (17:03 +0000)]
$(FIPSCHECK) no longer used.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:37:07 +0000 (14:37 +0000)]
Update .cvsignore.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:34:22 +0000 (14:34 +0000)]
Update .cvsignore
Dr. Stephen Henson [Tue, 16 Jan 2007 14:32:14 +0000 (14:32 +0000)]
Use correct perl script name in mkfipsscr.pl output.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:06:33 +0000 (14:06 +0000)]
Update fipsld to use external signature for fips_premain.c . Update build system
remove redundant source file hash checks.
Dr. Stephen Henson [Tue, 16 Jan 2007 13:48:16 +0000 (13:48 +0000)]
Don't use deprecated -mcpu option.
Dr. Stephen Henson [Mon, 15 Jan 2007 00:29:39 +0000 (00:29 +0000)]
Oops...
Dr. Stephen Henson [Mon, 15 Jan 2007 00:25:59 +0000 (00:25 +0000)]
Perl script to build shell scripts and batch files to run algorithm test programs.
Dr. Stephen Henson [Sun, 14 Jan 2007 17:01:31 +0000 (17:01 +0000)]
Make algorithm test programs tolerate whitespace in input files.
Lutz Jänicke [Fri, 12 Jan 2007 18:48:00 +0000 (18:48 +0000)]
Update to new home page
Dr. Stephen Henson [Thu, 7 Dec 2006 13:23:22 +0000 (13:23 +0000)]
Remove 'done' variable since it stops error codes being reloaded.
Nils Larsch [Wed, 6 Dec 2006 16:52:55 +0000 (16:52 +0000)]
fix no-ssl2 build
Nils Larsch [Mon, 4 Dec 2006 20:41:46 +0000 (20:41 +0000)]
fix function names in RSAerr calls
PR: 1403
Bodo Möller [Wed, 29 Nov 2006 14:44:07 +0000 (14:44 +0000)]
fix support for receiving fragmented handshake messages
Dr. Stephen Henson [Tue, 21 Nov 2006 19:27:19 +0000 (19:27 +0000)]
Rebuild error source files.
Dr. Stephen Henson [Tue, 21 Nov 2006 19:19:09 +0000 (19:19 +0000)]
Use error table to determine if errors should be loaded.
Dr. Stephen Henson [Mon, 13 Nov 2006 13:23:33 +0000 (13:23 +0000)]
Fix from HEAD.
Mark J. Cox [Fri, 29 Sep 2006 08:20:11 +0000 (08:20 +0000)]
Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan
Richard Levitte [Thu, 28 Sep 2006 19:48:48 +0000 (19:48 +0000)]
Oops, some changes forgotten...
Mark J. Cox [Thu, 28 Sep 2006 12:00:30 +0000 (12:00 +0000)]
After tagging, open up 0.9.7m-dev
Mark J. Cox [Thu, 28 Sep 2006 11:56:57 +0000 (11:56 +0000)]
Prepare for 0.9.7l release
Mark J. Cox [Thu, 28 Sep 2006 11:53:51 +0000 (11:53 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
Dr. Stephen Henson [Fri, 22 Sep 2006 17:15:04 +0000 (17:15 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:06:51 +0000 (17:06 +0000)]
Fix from head.
Bodo Möller [Tue, 19 Sep 2006 10:00:29 +0000 (10:00 +0000)]
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
[Problem pointed out by Adam Young <adamy (at) acm.org>]
Bodo Möller [Tue, 12 Sep 2006 14:41:50 +0000 (14:41 +0000)]
Backport from HEAD: fix ciphersuite selection
Bodo Möller [Wed, 6 Sep 2006 06:41:32 +0000 (06:41 +0000)]
make consistent with 0.9.8-branch version of this file
Mark J. Cox [Tue, 5 Sep 2006 08:46:18 +0000 (08:46 +0000)]
Don't forget to put back the -dev
Mark J. Cox [Tue, 5 Sep 2006 08:38:12 +0000 (08:38 +0000)]
Bump for 0.9.7l-dev
Mark J. Cox [Tue, 5 Sep 2006 08:34:07 +0000 (08:34 +0000)]
Prepare 0.9.7k release
Mark J. Cox [Tue, 5 Sep 2006 08:24:14 +0000 (08:24 +0000)]
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339) [Ben Laurie and Google Security Team]
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
Dr. Stephen Henson [Thu, 31 Aug 2006 20:11:30 +0000 (20:11 +0000)]
Update from HEAD.
Dr. Stephen Henson [Thu, 13 Jul 2006 20:36:51 +0000 (20:36 +0000)]
Fix from HEAD. Except we can't stream multipart/signed in 0.9.7 so that case
still rewinds the stream.
Dr. Stephen Henson [Sun, 9 Jul 2006 12:05:10 +0000 (12:05 +0000)]
Fix from HEAD.
Bodo Möller [Fri, 30 Jun 2006 22:03:18 +0000 (22:03 +0000)]
documentation for "HIGH" vs. "MEDIUM" was not up-to-date
Bodo Möller [Fri, 30 Jun 2006 08:15:13 +0000 (08:15 +0000)]
use <poll.h> as by Single Unix Specification
Bodo Möller [Wed, 28 Jun 2006 14:49:39 +0000 (14:49 +0000)]
always read if we can't use select because of a too large FD
(it's non-blocking mode anyway)
Andy Polyakov [Wed, 28 Jun 2006 08:57:22 +0000 (08:57 +0000)]
Mitigate the hazard of cache-collision timing attack on last round
[from HEAD].
Richard Levitte [Tue, 27 Jun 2006 06:31:48 +0000 (06:31 +0000)]
Use poll() when possible to gather Unix randomness entropy
Bodo Möller [Fri, 23 Jun 2006 14:59:43 +0000 (14:59 +0000)]
Be more explicit about requirements for multi-threading.
Richard Levitte [Wed, 21 Jun 2006 05:08:36 +0000 (05:08 +0000)]
Synchronise with the Unix build
Dr. Stephen Henson [Tue, 20 Jun 2006 18:06:40 +0000 (18:06 +0000)]
Place hex_to_string and string_to_hex in separate source file to avoid
dragging in extra dependencies when just these functions are used.
Bodo Möller [Fri, 16 Jun 2006 01:01:34 +0000 (01:01 +0000)]
Thread-safety fixes
Bodo Möller [Wed, 14 Jun 2006 17:51:36 +0000 (17:51 +0000)]
Disable invalid ciphersuites
Bodo Möller [Wed, 14 Jun 2006 08:50:11 +0000 (08:50 +0000)]
Thread-safety fixes
Dr. Stephen Henson [Wed, 17 May 2006 18:25:38 +0000 (18:25 +0000)]
Fix from head.
Dr. Stephen Henson [Wed, 17 May 2006 18:20:53 +0000 (18:20 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Thu, 4 May 2006 13:08:01 +0000 (13:08 +0000)]
Update for next dev version.
Dr. Stephen Henson [Thu, 4 May 2006 12:52:59 +0000 (12:52 +0000)]
Prepare for release
Dr. Stephen Henson [Thu, 4 May 2006 12:32:36 +0000 (12:32 +0000)]
make update
Dr. Stephen Henson [Thu, 4 May 2006 12:09:04 +0000 (12:09 +0000)]
Use new fips-1.0 directory in error library.
Dr. Stephen Henson [Thu, 4 May 2006 11:16:20 +0000 (11:16 +0000)]
Update CHANGES.
Dr. Stephen Henson [Mon, 24 Apr 2006 13:32:58 +0000 (13:32 +0000)]
Add new --with-baseaddr command line option to allow the FIPS base address of
libeay32.dll to be explicitly specified.
Dr. Stephen Henson [Sat, 15 Apr 2006 17:42:46 +0000 (17:42 +0000)]
Check pbe2->keyfunc->parameter is not NULL before dereferencing.
PR: 1316
Dr. Stephen Henson [Fri, 7 Apr 2006 00:15:44 +0000 (00:15 +0000)]
Typos.
Dr. Stephen Henson [Fri, 7 Apr 2006 00:04:37 +0000 (00:04 +0000)]
Link _chkstk.o from FIPSLIB_D.
Richard Levitte [Mon, 3 Apr 2006 09:15:27 +0000 (09:15 +0000)]
Change chop to chomp when reading lines, so CRLF is properly processed on
the operating systems where they are the normal line endings
Dr. Stephen Henson [Fri, 31 Mar 2006 22:44:20 +0000 (22:44 +0000)]
Check flag before calling FIPS_dsa_check().
Dr. Stephen Henson [Fri, 31 Mar 2006 17:09:46 +0000 (17:09 +0000)]
Flag to allow use of DSA_METHOD in FIPS mode.
Dr. Stephen Henson [Tue, 28 Mar 2006 12:10:37 +0000 (12:10 +0000)]
Update build system to make use of validated module in FIPS mode.
Nils Larsch [Tue, 14 Mar 2006 09:07:06 +0000 (09:07 +0000)]
apply fixes from the cvs head
Dr. Stephen Henson [Wed, 1 Mar 2006 21:15:24 +0000 (21:15 +0000)]
Check EVP_DigestInit return value in EVP_BytesToKey() and use supported
algorithm in PKCS12_create in FIPS mode.
Nils Larsch [Wed, 1 Mar 2006 19:52:39 +0000 (19:52 +0000)]
force C locale when using [a-z] in sed expressions
PR: 1283
Submitted by: Mike Frysinger
Nils Larsch [Tue, 28 Feb 2006 20:15:56 +0000 (20:15 +0000)]
fix "#ifndef HZ" statement
PR: 1287
Richard Levitte [Sun, 26 Feb 2006 11:17:21 +0000 (11:17 +0000)]
I forgot to change fips to fips-1_0 in one place. That stopped the
build completely. Hopefully, things will work better now.
Nils Larsch [Sat, 25 Feb 2006 12:01:25 +0000 (12:01 +0000)]
fix Intel Mac configuration; patch supplied by JP Szikora <szikora@icp.ucl.ac.be>
Richard Levitte [Thu, 23 Feb 2006 09:18:45 +0000 (09:18 +0000)]
Oops, forgot to adapt the VMS build to the renamed directory.
Dr. Stephen Henson [Wed, 8 Feb 2006 00:58:01 +0000 (00:58 +0000)]
Add entry for FIPSLIBDIR in Makefile.org
Dr. Stephen Henson [Wed, 8 Feb 2006 00:47:30 +0000 (00:47 +0000)]
Allow fips install dir to be specified for VC++ build.
Dr. Stephen Henson [Tue, 7 Feb 2006 17:14:04 +0000 (17:14 +0000)]
Build fips_premain_dso.exe in static build too.
Dr. Stephen Henson [Tue, 7 Feb 2006 15:09:00 +0000 (15:09 +0000)]
Build standalone exe after copying headers.
Dr. Stephen Henson [Mon, 6 Feb 2006 14:16:38 +0000 (14:16 +0000)]
Use and build fips_premain_dso.exe and fips_standalone_sha1.exe from VC++
instead of those from mingw build.
Visual Studio Express 2005 doesn't like fips_premain_dso.exe from mingw used
against its DLLs.
Dr. Stephen Henson [Mon, 6 Feb 2006 00:48:37 +0000 (00:48 +0000)]
Add Makefile to fipshashes.c
Dr. Stephen Henson [Sun, 5 Feb 2006 23:49:07 +0000 (23:49 +0000)]
Update VC++ build for new FIPS paths.
Dr. Stephen Henson [Sun, 5 Feb 2006 21:36:41 +0000 (21:36 +0000)]
Use correct fips_premain_dso.exe path.
Dr. Stephen Henson [Sun, 5 Feb 2006 21:18:42 +0000 (21:18 +0000)]
Sanity check for FIPS module directory.
Dr. Stephen Henson [Sun, 5 Feb 2006 20:52:56 +0000 (20:52 +0000)]
Update VC++ build for FIPS mode.
Andy Polyakov [Sun, 5 Feb 2006 13:35:24 +0000 (13:35 +0000)]
install: target tune up.
Andy Polyakov [Sun, 5 Feb 2006 12:38:58 +0000 (12:38 +0000)]
Adjust DIR variable in fips-1.0/Makefile accordingly.
Dr. Stephen Henson [Sat, 4 Feb 2006 23:05:40 +0000 (23:05 +0000)]
Update/hack mkdef.pl to recognize and add SHA2 algorithms when OPENSSL_FIPS
is defined.
Dr. Stephen Henson [Sat, 4 Feb 2006 01:50:41 +0000 (01:50 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sat, 4 Feb 2006 01:27:52 +0000 (01:27 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Fri, 3 Feb 2006 23:55:26 +0000 (23:55 +0000)]
Use getcwd() because it works under MSYS but `pwd` doesn't.
Dr. Stephen Henson [Fri, 3 Feb 2006 18:42:24 +0000 (18:42 +0000)]
Update CHANGES/NEWS.
Dr. Stephen Henson [Fri, 3 Feb 2006 18:27:13 +0000 (18:27 +0000)]
Updated fips_test_suite.
Nils Larsch [Thu, 2 Feb 2006 22:29:55 +0000 (22:29 +0000)]
fix if statement: call conn_state() if the BIO is not in the BIO_CONN_S_OK state
Dr. Stephen Henson [Thu, 2 Feb 2006 15:10:50 +0000 (15:10 +0000)]
Add fips_test_suite.c to TEST
Andy Polyakov [Wed, 1 Feb 2006 22:22:40 +0000 (22:22 +0000)]
Spotted divergence between CVS and submitted tar-ball.
Andy Polyakov [Wed, 1 Feb 2006 22:21:13 +0000 (22:21 +0000)]
Remove files erroneously added in catalog rename.
Dr. Stephen Henson [Tue, 31 Jan 2006 18:38:06 +0000 (18:38 +0000)]
Fix from head.
Dr. Stephen Henson [Mon, 30 Jan 2006 18:51:36 +0000 (18:51 +0000)]
Update some scripts to use fips-1.0
Dr. Stephen Henson [Mon, 30 Jan 2006 18:15:29 +0000 (18:15 +0000)]
Change fips directory to fips-1.0