oweals/openssl.git
17 years agoRespect ISO aliasing rules [from HEAD].
Andy Polyakov [Wed, 10 Oct 2007 21:56:01 +0000 (21:56 +0000)]
Respect ISO aliasing rules [from HEAD].
PR: 1296

17 years agoTypo in apps/Makefile.
Andy Polyakov [Wed, 10 Oct 2007 21:53:53 +0000 (21:53 +0000)]
Typo in apps/Makefile.

17 years agoFix from 0.9.8-stable
Dr. Stephen Henson [Tue, 9 Oct 2007 16:08:47 +0000 (16:08 +0000)]
Fix from 0.9.8-stable
PR: 1545

17 years agoAdd pqgver option.
Dr. Stephen Henson [Fri, 5 Oct 2007 17:09:10 +0000 (17:09 +0000)]
Add pqgver option.

17 years agoFix off-by-one.
Ben Laurie [Thu, 4 Oct 2007 08:01:21 +0000 (08:01 +0000)]
Fix off-by-one.

17 years agoClarify.
Ben Laurie [Thu, 4 Oct 2007 07:56:11 +0000 (07:56 +0000)]
Clarify.

17 years agoUpdate flags.
Ben Laurie [Thu, 4 Oct 2007 07:55:40 +0000 (07:55 +0000)]
Update flags.

17 years agoMake bn2dec work on "SIXTY_FOUR_BIT" platforms [from HEAD].
Andy Polyakov [Sat, 15 Sep 2007 17:10:13 +0000 (17:10 +0000)]
Make bn2dec work on "SIXTY_FOUR_BIT" platforms [from HEAD].
PR: 1456

17 years agoVAX C can't handle 64 bit integers, making SHA512 impossible...
Richard Levitte [Wed, 22 Aug 2007 20:58:53 +0000 (20:58 +0000)]
VAX C can't handle 64 bit integers, making SHA512 impossible...

17 years agoAdd VC8 shut up flags after debugging options have been set.
Dr. Stephen Henson [Mon, 18 Jun 2007 12:57:45 +0000 (12:57 +0000)]
Add VC8 shut up flags after debugging options have been set.

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Tue, 22 May 2007 23:31:56 +0000 (23:31 +0000)]
Update from HEAD.

17 years agoRetire -bpowerpc64-linux option from linux-ppc64. Those who need it can
Andy Polyakov [Sun, 20 May 2007 14:17:44 +0000 (14:17 +0000)]
Retire -bpowerpc64-linux option from linux-ppc64. Those who need it can
add it at ./Configure command-line.
PR: 1457

17 years agoAdd evp_cnf.c file.
Dr. Stephen Henson [Mon, 9 Apr 2007 23:56:33 +0000 (23:56 +0000)]
Add evp_cnf.c file.

17 years agoFix from HEAD.
Dr. Stephen Henson [Mon, 9 Apr 2007 23:54:55 +0000 (23:54 +0000)]
Fix from HEAD.

17 years agoBackport "alg" module to OpenSSL 0.9.7
Dr. Stephen Henson [Mon, 9 Apr 2007 12:17:21 +0000 (12:17 +0000)]
Backport "alg" module to OpenSSL 0.9.7

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Mon, 9 Apr 2007 11:47:17 +0000 (11:47 +0000)]
Update from HEAD.

17 years agofile evp_cnf.c was added on branch OpenSSL_0_9_7-stable on 2007-04-09 23:56:33 +0000
Dr. Stephen Henson [Sun, 8 Apr 2007 17:51:01 +0000 (17:51 +0000)]
file evp_cnf.c was added on branch OpenSSL_0_9_7-stable on 2007-04-09 23:56:33 +0000

17 years agostricter session ID context matching
Bodo Möller [Wed, 21 Mar 2007 14:32:44 +0000 (14:32 +0000)]
stricter session ID context matching

17 years agoclarification regarding libdes
Bodo Möller [Wed, 21 Mar 2007 10:57:54 +0000 (10:57 +0000)]
clarification regarding libdes

17 years agoUpdate from 0.9.8-stable
Dr. Stephen Henson [Mon, 5 Mar 2007 00:07:57 +0000 (00:07 +0000)]
Update from 0.9.8-stable

17 years agoMerge from HEAD
Lutz Jänicke [Tue, 27 Feb 2007 08:27:30 +0000 (08:27 +0000)]
Merge from HEAD

17 years agouse 2007 copyright for generated files
Bodo Möller [Mon, 26 Feb 2007 10:47:28 +0000 (10:47 +0000)]
use 2007 copyright for generated files

17 years agoUse -mcpu on platforms that don't support -march.
Dr. Stephen Henson [Sat, 24 Feb 2007 13:10:19 +0000 (13:10 +0000)]
Use -mcpu on platforms that don't support -march.

17 years agoUpdate README for next version.
Dr. Stephen Henson [Fri, 23 Feb 2007 13:20:26 +0000 (13:20 +0000)]
Update README for next version.

17 years agoUse date in README.
Dr. Stephen Henson [Fri, 23 Feb 2007 12:49:09 +0000 (12:49 +0000)]
Use date in README.

17 years agoUpdate to next dev version.
Dr. Stephen Henson [Fri, 23 Feb 2007 12:35:48 +0000 (12:35 +0000)]
Update to next dev version.

17 years agoOops! Correct version file.
Dr. Stephen Henson [Fri, 23 Feb 2007 12:17:03 +0000 (12:17 +0000)]
Oops! Correct version file.

17 years agoPrepare for release.
Dr. Stephen Henson [Fri, 23 Feb 2007 12:07:21 +0000 (12:07 +0000)]
Prepare for release.

17 years agoMake update.
Dr. Stephen Henson [Fri, 23 Feb 2007 00:59:28 +0000 (00:59 +0000)]
Make update.

17 years agoFix syntax error in asm file.
Dr. Stephen Henson [Fri, 23 Feb 2007 00:36:03 +0000 (00:36 +0000)]
Fix syntax error in asm file.

17 years agoSet $fips when fipscanistebuild is used.
Dr. Stephen Henson [Thu, 22 Feb 2007 22:30:49 +0000 (22:30 +0000)]
Set $fips when fipscanistebuild is used.

17 years agoTypo.
Dr. Stephen Henson [Thu, 22 Feb 2007 22:30:00 +0000 (22:30 +0000)]
Typo.

17 years agoOnly give warning if relevant options are given.
Dr. Stephen Henson [Thu, 22 Feb 2007 01:51:34 +0000 (01:51 +0000)]
Only give warning if relevant options are given.

17 years agoUpdate NEWS file.
Dr. Stephen Henson [Thu, 22 Feb 2007 01:36:15 +0000 (01:36 +0000)]
Update NEWS file.

17 years agoInclude big warning message if test fipscanister.o compilation option used.
Dr. Stephen Henson [Wed, 21 Feb 2007 18:16:25 +0000 (18:16 +0000)]
Include big warning message if test fipscanister.o compilation option used.

17 years agoFix incorrect handling of special characters.
Lutz Jänicke [Wed, 21 Feb 2007 17:44:08 +0000 (17:44 +0000)]
Fix incorrect handling of special characters.
PR: 1459
Submitted by: tnitschke@innominate.com
Reviewed by: steve@openssl.org

17 years agoCleanse PEM buffers before freeing them.
Dr. Stephen Henson [Wed, 21 Feb 2007 13:48:09 +0000 (13:48 +0000)]
Cleanse PEM buffers before freeing them.

Submitted by: Benjamin Bennett <ben@psc.edu>

17 years agoInclude "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
Bodo Möller [Mon, 19 Feb 2007 18:35:45 +0000 (18:35 +0000)]
Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.

17 years agofix incorrect strength bit values for certain Kerberos ciphersuites
Bodo Möller [Mon, 19 Feb 2007 14:45:57 +0000 (14:45 +0000)]
fix incorrect strength bit values for certain Kerberos ciphersuites

Submitted by: Victor Duchovni

17 years agoSome fixes for ciphersuite string processing:
Bodo Möller [Sat, 17 Feb 2007 06:53:10 +0000 (06:53 +0000)]
Some fixes for ciphersuite string processing:

- add a workaround provided by Victor Duchovni so that 128- and
  256-bit variants of otherwise identical ciphersuites are treated
  correctly;

- also, correctly skip invalid parts of ciphersuite description strings.

Submitted by: Victor Duchovni, Bodo Moeller

17 years agoUpdate from fips2 branch.
Dr. Stephen Henson [Sat, 3 Feb 2007 17:33:30 +0000 (17:33 +0000)]
Update from fips2 branch.

17 years agofix documentation
Nils Larsch [Sat, 3 Feb 2007 10:27:06 +0000 (10:27 +0000)]
fix documentation

PR: 1466

17 years agoDon't call OPENSSL_free() on sig, DSA_free() has already freed it.
Dr. Stephen Henson [Tue, 23 Jan 2007 18:25:01 +0000 (18:25 +0000)]
Don't call OPENSSL_free() on sig, DSA_free() has already freed it.

17 years agoTypo.
Dr. Stephen Henson [Tue, 23 Jan 2007 18:21:12 +0000 (18:21 +0000)]
Typo.

17 years agoConstify tag table.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:53:01 +0000 (17:53 +0000)]
Constify tag table.

17 years agoTo reduce FIPS dependencies don't load error strings and avoid use of ASN1
Dr. Stephen Henson [Tue, 23 Jan 2007 17:51:08 +0000 (17:51 +0000)]
To reduce FIPS dependencies don't load error strings and avoid use of ASN1
versions of DSA signature functions.

17 years agoMove some DSA functions between files to make it possible to use the DSA
Dr. Stephen Henson [Tue, 23 Jan 2007 17:43:57 +0000 (17:43 +0000)]
Move some DSA functions between files to make it possible to use the DSA
crypto without ASN1 dependency.

17 years agoRewrite AES/DES algorithm test programs to only use low level API.
Dr. Stephen Henson [Tue, 23 Jan 2007 01:40:28 +0000 (01:40 +0000)]
Rewrite AES/DES algorithm test programs to only use low level API.

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Sun, 21 Jan 2007 16:02:37 +0000 (16:02 +0000)]
Update from HEAD.

17 years agoOops...
Dr. Stephen Henson [Sun, 21 Jan 2007 14:05:43 +0000 (14:05 +0000)]
Oops...

17 years agoMake FIPS algorithm tests compile in none-FIPS mode.
Dr. Stephen Henson [Sun, 21 Jan 2007 13:59:17 +0000 (13:59 +0000)]
Make FIPS algorithm tests compile in none-FIPS mode.

17 years agoUpdate fips_test_suite source.
Dr. Stephen Henson [Sun, 21 Jan 2007 13:37:48 +0000 (13:37 +0000)]
Update fips_test_suite source.

17 years agoLink fips utilities only against fipscanister.o
Dr. Stephen Henson [Sat, 20 Jan 2007 18:49:05 +0000 (18:49 +0000)]
Link fips utilities only against fipscanister.o

17 years agoUser cleaner way to handle new options for VC++ build.
Dr. Stephen Henson [Fri, 19 Jan 2007 13:17:52 +0000 (13:17 +0000)]
User cleaner way to handle new options for VC++ build.

17 years agoUpadte from HEAD.
Dr. Stephen Henson [Thu, 18 Jan 2007 21:27:29 +0000 (21:27 +0000)]
Upadte from HEAD.

17 years agoExpanded boundary support for VC++ build.
Dr. Stephen Henson [Thu, 18 Jan 2007 18:44:41 +0000 (18:44 +0000)]
Expanded boundary support for VC++ build.

17 years agoExpand security boundary to match 1.1.1 module.
Dr. Stephen Henson [Thu, 18 Jan 2007 13:29:15 +0000 (13:29 +0000)]
Expand security boundary to match 1.1.1 module.

17 years agoInitial support for new build options under WIN32 and VC++.
Dr. Stephen Henson [Wed, 17 Jan 2007 17:12:17 +0000 (17:12 +0000)]
Initial support for new build options under WIN32 and VC++.

17 years agoRemove debugging echo.
Dr. Stephen Henson [Tue, 16 Jan 2007 19:45:14 +0000 (19:45 +0000)]
Remove debugging echo.

17 years agoAdd options to allow fipscanister to be built and linked against internally.
Dr. Stephen Henson [Tue, 16 Jan 2007 19:30:21 +0000 (19:30 +0000)]
Add options to allow fipscanister to be built and linked against internally.

17 years agoMore fixes to build/fipsld to handle detached fips_premain.c detached sig.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:39:58 +0000 (17:39 +0000)]
More fixes to build/fipsld to handle detached fips_premain.c detached sig.

17 years agoRemove deleted fipshashes.[co] from Makefile.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:14:50 +0000 (17:14 +0000)]
Remove deleted fipshashes.[co] from Makefile.

17 years ago$(FIPSCHECK) no longer used.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:03:30 +0000 (17:03 +0000)]
$(FIPSCHECK) no longer used.

17 years agoUpdate .cvsignore.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:37:07 +0000 (14:37 +0000)]
Update .cvsignore.

17 years agoUpdate .cvsignore
Dr. Stephen Henson [Tue, 16 Jan 2007 14:34:22 +0000 (14:34 +0000)]
Update .cvsignore

17 years agoUse correct perl script name in mkfipsscr.pl output.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:32:14 +0000 (14:32 +0000)]
Use correct perl script name in mkfipsscr.pl output.

17 years agoUpdate fipsld to use external signature for fips_premain.c . Update build system
Dr. Stephen Henson [Tue, 16 Jan 2007 14:06:33 +0000 (14:06 +0000)]
Update fipsld to use external signature for fips_premain.c . Update build system
remove redundant source file hash checks.

17 years agoDon't use deprecated -mcpu option.
Dr. Stephen Henson [Tue, 16 Jan 2007 13:48:16 +0000 (13:48 +0000)]
Don't use deprecated -mcpu option.

17 years agoOops...
Dr. Stephen Henson [Mon, 15 Jan 2007 00:29:39 +0000 (00:29 +0000)]
Oops...

17 years agoPerl script to build shell scripts and batch files to run algorithm test programs.
Dr. Stephen Henson [Mon, 15 Jan 2007 00:25:59 +0000 (00:25 +0000)]
Perl script to build shell scripts and batch files to run algorithm test programs.

17 years agoMake algorithm test programs tolerate whitespace in input files.
Dr. Stephen Henson [Sun, 14 Jan 2007 17:01:31 +0000 (17:01 +0000)]
Make algorithm test programs tolerate whitespace in input files.

17 years agoUpdate to new home page
Lutz Jänicke [Fri, 12 Jan 2007 18:48:00 +0000 (18:48 +0000)]
Update to new home page

17 years agoRemove 'done' variable since it stops error codes being reloaded.
Dr. Stephen Henson [Thu, 7 Dec 2006 13:23:22 +0000 (13:23 +0000)]
Remove 'done' variable since it stops error codes being reloaded.

17 years agofix no-ssl2 build
Nils Larsch [Wed, 6 Dec 2006 16:52:55 +0000 (16:52 +0000)]
fix no-ssl2 build

17 years agofix function names in RSAerr calls
Nils Larsch [Mon, 4 Dec 2006 20:41:46 +0000 (20:41 +0000)]
fix function names in RSAerr calls

PR: 1403

18 years agofix support for receiving fragmented handshake messages
Bodo Möller [Wed, 29 Nov 2006 14:44:07 +0000 (14:44 +0000)]
fix support for receiving fragmented handshake messages

18 years agoRebuild error source files.
Dr. Stephen Henson [Tue, 21 Nov 2006 19:27:19 +0000 (19:27 +0000)]
Rebuild error source files.

18 years agoUse error table to determine if errors should be loaded.
Dr. Stephen Henson [Tue, 21 Nov 2006 19:19:09 +0000 (19:19 +0000)]
Use error table to determine if errors should be loaded.

18 years agoFix from HEAD.
Dr. Stephen Henson [Mon, 13 Nov 2006 13:23:33 +0000 (13:23 +0000)]
Fix from HEAD.

18 years agoInitialise ctx to NULL to avoid uninitialized free, noticed by
Mark J. Cox [Fri, 29 Sep 2006 08:20:11 +0000 (08:20 +0000)]
Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan

18 years agoOops, some changes forgotten...
Richard Levitte [Thu, 28 Sep 2006 19:48:48 +0000 (19:48 +0000)]
Oops, some changes forgotten...

18 years agoAfter tagging, open up 0.9.7m-dev
Mark J. Cox [Thu, 28 Sep 2006 12:00:30 +0000 (12:00 +0000)]
After tagging, open up 0.9.7m-dev

18 years agoPrepare for 0.9.7l release OpenSSL_0_9_7l
Mark J. Cox [Thu, 28 Sep 2006 11:56:57 +0000 (11:56 +0000)]
Prepare for 0.9.7l release

18 years agoIntroduce limits to prevent malicious keys being able to
Mark J. Cox [Thu, 28 Sep 2006 11:53:51 +0000 (11:53 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

18 years agoFix from HEAD.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:15:04 +0000 (17:15 +0000)]
Fix from HEAD.

18 years agoFix from head.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:06:51 +0000 (17:06 +0000)]
Fix from head.

18 years agoEnsure that the addition mods[i]+delta cannot overflow in probable_prime().
Bodo Möller [Tue, 19 Sep 2006 10:00:29 +0000 (10:00 +0000)]
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().

[Problem pointed out by Adam Young <adamy (at) acm.org>]

18 years agoBackport from HEAD: fix ciphersuite selection
Bodo Möller [Tue, 12 Sep 2006 14:41:50 +0000 (14:41 +0000)]
Backport from HEAD: fix ciphersuite selection

18 years agomake consistent with 0.9.8-branch version of this file
Bodo Möller [Wed, 6 Sep 2006 06:41:32 +0000 (06:41 +0000)]
make consistent with 0.9.8-branch version of this file

18 years agoDon't forget to put back the -dev
Mark J. Cox [Tue, 5 Sep 2006 08:46:18 +0000 (08:46 +0000)]
Don't forget to put back the -dev

18 years agoBump for 0.9.7l-dev
Mark J. Cox [Tue, 5 Sep 2006 08:38:12 +0000 (08:38 +0000)]
Bump for 0.9.7l-dev

18 years agoPrepare 0.9.7k release OpenSSL_0_9_7k
Mark J. Cox [Tue, 5 Sep 2006 08:34:07 +0000 (08:34 +0000)]
Prepare 0.9.7k release

18 years agoAvoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
Mark J. Cox [Tue, 5 Sep 2006 08:24:14 +0000 (08:24 +0000)]
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)  [Ben Laurie and Google Security Team]

Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson

18 years agoUpdate from HEAD.
Dr. Stephen Henson [Thu, 31 Aug 2006 20:11:30 +0000 (20:11 +0000)]
Update from HEAD.

18 years agoFix from HEAD. Except we can't stream multipart/signed in 0.9.7 so that case
Dr. Stephen Henson [Thu, 13 Jul 2006 20:36:51 +0000 (20:36 +0000)]
Fix from HEAD. Except we can't stream multipart/signed in 0.9.7 so that case
still rewinds the stream.

18 years agoFix from HEAD.
Dr. Stephen Henson [Sun, 9 Jul 2006 12:05:10 +0000 (12:05 +0000)]
Fix from HEAD.

18 years agodocumentation for "HIGH" vs. "MEDIUM" was not up-to-date
Bodo Möller [Fri, 30 Jun 2006 22:03:18 +0000 (22:03 +0000)]
documentation for "HIGH" vs. "MEDIUM" was not up-to-date

18 years agouse <poll.h> as by Single Unix Specification
Bodo Möller [Fri, 30 Jun 2006 08:15:13 +0000 (08:15 +0000)]
use <poll.h> as by Single Unix Specification

18 years agoalways read if we can't use select because of a too large FD
Bodo Möller [Wed, 28 Jun 2006 14:49:39 +0000 (14:49 +0000)]
always read if we can't use select because of a too large FD
(it's non-blocking mode anyway)

18 years agoMitigate the hazard of cache-collision timing attack on last round
Andy Polyakov [Wed, 28 Jun 2006 08:57:22 +0000 (08:57 +0000)]
Mitigate the hazard of cache-collision timing attack on last round
[from HEAD].