oweals/openssl.git
17 years agoAvoid warning.
Dr. Stephen Henson [Sun, 18 Feb 2007 18:18:31 +0000 (18:18 +0000)]
Avoid warning.

17 years agoFix Win32 warnings.
Dr. Stephen Henson [Sun, 18 Feb 2007 17:23:20 +0000 (17:23 +0000)]
Fix Win32 warnings.

17 years agoSome fixes for ciphersuite string processing:
Bodo Möller [Sat, 17 Feb 2007 06:52:42 +0000 (06:52 +0000)]
Some fixes for ciphersuite string processing:

- add a workaround provided by Victor Duchovni so that 128- and
  256-bit variants of otherwise identical ciphersuites are treated
  correctly;

- also, correctly skip invalid parts of ciphersuite description strings.

Submitted by: Victor Duchovni, Bodo Moeller

17 years agoensure that the EVP_CIPHER_CTX object is initialized
Nils Larsch [Fri, 16 Feb 2007 20:40:07 +0000 (20:40 +0000)]
ensure that the EVP_CIPHER_CTX object is initialized

PR: 1490

17 years agoAdd STARTTLS support for IMAP and FTP.
Richard Levitte [Fri, 16 Feb 2007 18:12:20 +0000 (18:12 +0000)]
Add STARTTLS support for IMAP and FTP.
Submitted by Kees Cook <kees@outflux.net>

17 years ago- use OPENSSL_malloc() etc. in zlib
Nils Larsch [Wed, 14 Feb 2007 21:50:26 +0000 (21:50 +0000)]
- use OPENSSL_malloc() etc. in zlib
- move zlib_stateful_ex_idx initialization to COMP_zlib()

PR: 1468

17 years agouse user-supplied malloc functions for persistent kssl objects
Nils Larsch [Sat, 10 Feb 2007 10:40:24 +0000 (10:40 +0000)]
use user-supplied malloc functions for persistent kssl objects

PR: 1467
Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org>

17 years agoremove unreachable code
Nils Larsch [Sat, 10 Feb 2007 09:48:42 +0000 (09:48 +0000)]
remove unreachable code

17 years agoAdd hmac option to dgst from 0.9.7-stable.
Dr. Stephen Henson [Thu, 8 Feb 2007 19:08:21 +0000 (19:08 +0000)]
Add hmac option to dgst from 0.9.7-stable.

17 years agoensure that a ec key is used
Nils Larsch [Wed, 7 Feb 2007 20:36:40 +0000 (20:36 +0000)]
ensure that a ec key is used

PR: 1476

17 years agoAfter objects have been freed, NULLify the pointers so there will be no double
Richard Levitte [Wed, 7 Feb 2007 01:42:51 +0000 (01:42 +0000)]
After objects have been freed, NULLify the pointers so there will be no double
free of those objects

17 years agofix typo
Nils Larsch [Tue, 6 Feb 2007 19:48:36 +0000 (19:48 +0000)]
fix typo

17 years agoadd note about 56 bit ciphers
Nils Larsch [Tue, 6 Feb 2007 19:40:45 +0000 (19:40 +0000)]
add note about 56 bit ciphers

PR: 1461

17 years agoUpdate from fips2 branch.
Dr. Stephen Henson [Sat, 3 Feb 2007 17:32:14 +0000 (17:32 +0000)]
Update from fips2 branch.

17 years agofile err_str.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 11:26:29 +0000
Dr. Stephen Henson [Sat, 3 Feb 2007 17:19:41 +0000 (17:19 +0000)]
file err_str.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 11:26:29 +0000

17 years agofile fips_err.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 22:48:18 ...
Dr. Stephen Henson [Sat, 3 Feb 2007 17:19:39 +0000 (17:19 +0000)]
file fips_err.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 22:48:18 +0000

17 years agofile fips_err.h was added on branch OpenSSL_0_9_8-stable on 2008-09-16 22:48:18 ...
Dr. Stephen Henson [Sat, 3 Feb 2007 17:19:37 +0000 (17:19 +0000)]
file fips_err.h was added on branch OpenSSL_0_9_8-stable on 2008-09-16 22:48:18 +0000

17 years agofix documentation
Nils Larsch [Sat, 3 Feb 2007 10:27:31 +0000 (10:27 +0000)]
fix documentation

PR: 1466

17 years agofix potential memory leaks
Nils Larsch [Sat, 3 Feb 2007 09:51:59 +0000 (09:51 +0000)]
fix potential memory leaks

PR: 1462
Submitted by: Charles Hardin <chardin@2wire.com>

17 years agofile mksdef.pl was added on branch OpenSSL_0_9_8-stable on 2008-09-18 11:20:08 +0000
Dr. Stephen Henson [Sat, 27 Jan 2007 13:19:43 +0000 (13:19 +0000)]
file mksdef.pl was added on branch OpenSSL_0_9_8-stable on 2008-09-18 11:20:08 +0000

17 years agoUpdate from 0.9.7-stable.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:54:22 +0000 (17:54 +0000)]
Update from 0.9.7-stable.

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Sun, 21 Jan 2007 16:07:25 +0000 (16:07 +0000)]
Update from HEAD.

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Sun, 21 Jan 2007 13:16:49 +0000 (13:16 +0000)]
Update from HEAD.

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Thu, 18 Jan 2007 21:25:24 +0000 (21:25 +0000)]
Update from HEAD.

17 years agoUpdate do new home page
Lutz Jänicke [Fri, 12 Jan 2007 18:47:28 +0000 (18:47 +0000)]
Update do new home page

17 years agoInitialize padlock in shared build.
Andy Polyakov [Thu, 4 Jan 2007 22:55:25 +0000 (22:55 +0000)]
Initialize padlock in shared build.

17 years ago#include <stddef.h> in digest headers [from HEAD].
Andy Polyakov [Fri, 29 Dec 2006 14:55:43 +0000 (14:55 +0000)]
#include <stddef.h> in digest headers [from HEAD].

17 years agofix return value of get_cert_chain()
Nils Larsch [Wed, 27 Dec 2006 09:39:51 +0000 (09:39 +0000)]
fix return value of get_cert_chain()

PR: 1441

17 years agoFrom HEAD
Richard Levitte [Tue, 26 Dec 2006 21:23:38 +0000 (21:23 +0000)]
From HEAD

17 years agoSynchronise with Unixly build
Richard Levitte [Mon, 25 Dec 2006 10:57:20 +0000 (10:57 +0000)]
Synchronise with Unixly build

17 years agoMake sha.h more "portable" [from HEAD].
Andy Polyakov [Fri, 22 Dec 2006 16:04:56 +0000 (16:04 +0000)]
Make sha.h more "portable" [from HEAD].

17 years agofix typos
Nils Larsch [Thu, 21 Dec 2006 21:11:44 +0000 (21:11 +0000)]
fix typos

PR: 1354, 1355, 1398

17 years agoremove trailing '\'
Nils Larsch [Tue, 19 Dec 2006 19:47:39 +0000 (19:47 +0000)]
remove trailing '\'

PR: 1438

17 years agoFix the BIT STRING encoding of EC points or parameter seeds
Bodo Möller [Tue, 19 Dec 2006 15:10:46 +0000 (15:10 +0000)]
Fix the BIT STRING encoding of EC points or parameter seeds
(need to prevent the removal of trailing zero bits).

17 years agoproperly initialize SSL context, check return value
Nils Larsch [Wed, 13 Dec 2006 22:08:20 +0000 (22:08 +0000)]
properly initialize SSL context, check return value

17 years agoUpdate from 0.9.7-stable branch
Dr. Stephen Henson [Thu, 7 Dec 2006 13:28:07 +0000 (13:28 +0000)]
Update from 0.9.7-stable branch

17 years agoUpdate from HEAD.
Dr. Stephen Henson [Wed, 6 Dec 2006 13:38:59 +0000 (13:38 +0000)]
Update from HEAD.

17 years agofix documentation
Nils Larsch [Wed, 6 Dec 2006 09:12:28 +0000 (09:12 +0000)]
fix documentation

PR: 1343

17 years agoavoid duplicate entries in add_cert_dir()
Nils Larsch [Tue, 5 Dec 2006 21:21:10 +0000 (21:21 +0000)]
avoid duplicate entries in add_cert_dir()

PR: 1407
Submitted by: Tomas Mraz <tmraz@redhat.com>

17 years agoreturn 0 if 'noout' is used and no has occurred
Nils Larsch [Tue, 5 Dec 2006 20:08:03 +0000 (20:08 +0000)]
return 0 if 'noout' is used and no has occurred

PR: 1435
Submitted by: "Haridharan" <haridharan@gmail.com>

17 years agoallocate a new attributes entry in X509_REQ_add_extensions()
Nils Larsch [Mon, 4 Dec 2006 19:10:58 +0000 (19:10 +0000)]
allocate a new attributes entry in X509_REQ_add_extensions()
if it's NULL (in case of a malformed pkcs10 request)

PR: 1347
Submitted by: Remo Inverardi <invi@your.toilet.ch>

17 years agoadd "Certificate Issuer", "Issuing Distribution Point" and
Nils Larsch [Mon, 4 Dec 2006 18:48:16 +0000 (18:48 +0000)]
add "Certificate Issuer", "Issuing Distribution Point" and
"Subject Directory Attributes" OIDs

PR: 1433

17 years agoCamellia fixes and improvements from HEAD.
Andy Polyakov [Sat, 2 Dec 2006 12:00:27 +0000 (12:00 +0000)]
Camellia fixes and improvements from HEAD.

17 years agoCamellia portability fixes.
Andy Polyakov [Sat, 2 Dec 2006 11:57:40 +0000 (11:57 +0000)]
Camellia portability fixes.

Submitted by: Masashi Fujita, NTT

17 years agoUpdate dependencies.
Dr. Stephen Henson [Thu, 30 Nov 2006 14:03:58 +0000 (14:03 +0000)]
Update dependencies.

17 years agoFix default depflags.
Dr. Stephen Henson [Thu, 30 Nov 2006 14:01:38 +0000 (14:01 +0000)]
Fix default depflags.

17 years agoWin32 fixes.
Dr. Stephen Henson [Thu, 30 Nov 2006 13:04:43 +0000 (13:04 +0000)]
Win32 fixes.

Use OPENSSL_NO_RFC3779 instead of OPENSSL_RFC3779: this makes the Win32 scripts
work and is consistent with other options.

Fix Win32 scripts and Configure to process OPENSSL_NO_RFC3779 properly.

Update ordinals.

Change some prototypes for LSB because VC++ 6 doesn't like the */ sequence and thinks it is an invalid end of comment.

17 years agoreplace macros with functions
Nils Larsch [Wed, 29 Nov 2006 20:47:15 +0000 (20:47 +0000)]
replace macros with functions

Submitted by: Tracy Camp <tracyx.e.camp@intel.com>

17 years agofix support for receiving fragmented handshake messages
Bodo Möller [Wed, 29 Nov 2006 14:45:14 +0000 (14:45 +0000)]
fix support for receiving fragmented handshake messages

17 years agoAdd RFC 3779 support, contributed by ARIN.
Ben Laurie [Mon, 27 Nov 2006 13:36:55 +0000 (13:36 +0000)]
Add RFC 3779 support, contributed by ARIN.

17 years agoregister the engine as default engine in ENGINE_set_default()
Nils Larsch [Fri, 24 Nov 2006 18:44:26 +0000 (18:44 +0000)]
register the engine as default engine in ENGINE_set_default()

PR: 1431

17 years agowording, as in head
Ulf Möller [Tue, 21 Nov 2006 20:51:47 +0000 (20:51 +0000)]
wording, as in head

17 years agoRebuild error file C source files.
Dr. Stephen Henson [Tue, 21 Nov 2006 20:14:46 +0000 (20:14 +0000)]
Rebuild error file C source files.

17 years agoUpdate from 0.9.7-stable.
Dr. Stephen Henson [Tue, 21 Nov 2006 20:14:05 +0000 (20:14 +0000)]
Update from 0.9.7-stable.

Improve mkerr.pl header file function name parsing.

18 years agoFix from HEAD.
Dr. Stephen Henson [Mon, 13 Nov 2006 13:23:05 +0000 (13:23 +0000)]
Fix from HEAD.

18 years agoupdate md docs
Nils Larsch [Fri, 27 Oct 2006 21:59:48 +0000 (21:59 +0000)]
update md docs

18 years agoGcc over-optimizes PadLock AES CFB codepath, tell it not to [from HEAD].
Andy Polyakov [Thu, 19 Oct 2006 20:56:31 +0000 (20:56 +0000)]
Gcc over-optimizes PadLock AES CFB codepath, tell it not to [from HEAD].

18 years agoTypo.
Dr. Stephen Henson [Thu, 5 Oct 2006 21:59:09 +0000 (21:59 +0000)]
Typo.

18 years agoreturn an error if the supplied precomputed values lead to an invalid signature
Nils Larsch [Wed, 4 Oct 2006 19:55:03 +0000 (19:55 +0000)]
return an error if the supplied precomputed values lead to an invalid signature

18 years agoInitialise ctx to NULL to avoid uninitialized free, noticed by
Mark J. Cox [Fri, 29 Sep 2006 08:21:07 +0000 (08:21 +0000)]
Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan

18 years agoAPP_FILES is no longer used, remove it everywhere.
Richard Levitte [Fri, 29 Sep 2006 06:54:39 +0000 (06:54 +0000)]
APP_FILES is no longer used, remove it everywhere.

18 years agofix typo
Bodo Möller [Thu, 28 Sep 2006 13:30:28 +0000 (13:30 +0000)]
fix typo

18 years agofor completeness, include 0.9.7l information
Bodo Möller [Thu, 28 Sep 2006 13:29:08 +0000 (13:29 +0000)]
for completeness, include 0.9.7l information

18 years agoFixes for the following claims:
Richard Levitte [Thu, 28 Sep 2006 12:23:15 +0000 (12:23 +0000)]
Fixes for the following claims:

  1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336

18 years agoAfter tagging, bump ready for 0.9.8e development
Mark J. Cox [Thu, 28 Sep 2006 11:39:33 +0000 (11:39 +0000)]
After tagging, bump ready for 0.9.8e development

18 years agoPrepare for 0.9.8d release OpenSSL_0_9_8d
Mark J. Cox [Thu, 28 Sep 2006 11:32:42 +0000 (11:32 +0000)]
Prepare for 0.9.8d release

18 years agoIntroduce limits to prevent malicious keys being able to
Mark J. Cox [Thu, 28 Sep 2006 11:29:03 +0000 (11:29 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

18 years agoUpdate from HEAD.
Dr. Stephen Henson [Sat, 23 Sep 2006 17:30:25 +0000 (17:30 +0000)]
Update from HEAD.

18 years agoFix from HEAD.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:14:44 +0000 (17:14 +0000)]
Fix from HEAD.

18 years agoFix from HEAD.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:07:40 +0000 (17:07 +0000)]
Fix from HEAD.

18 years agoFix but in apps/pkcs12.c
Dr. Stephen Henson [Fri, 22 Sep 2006 00:28:37 +0000 (00:28 +0000)]
Fix but in apps/pkcs12.c
PR: 1377

18 years agoBuild error on non-unix [from HEAD].
Andy Polyakov [Mon, 18 Sep 2006 19:51:45 +0000 (19:51 +0000)]
Build error on non-unix [from HEAD].
PR: 1390

18 years agoRace condition in ms/uplink.c [from HEAD].
Andy Polyakov [Mon, 18 Sep 2006 19:44:23 +0000 (19:44 +0000)]
Race condition in ms/uplink.c [from HEAD].
PR: 1382

18 years agoEnsure that the addition mods[i]+delta cannot overflow in probable_prime().
Bodo Möller [Mon, 18 Sep 2006 14:01:39 +0000 (14:01 +0000)]
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().

[Problem pointed out by Adam Young <adamy (at) acm.org>]

18 years agoUpdate
Bodo Möller [Tue, 12 Sep 2006 14:42:09 +0000 (14:42 +0000)]
Update

18 years agoensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
Bodo Möller [Mon, 11 Sep 2006 09:48:46 +0000 (09:48 +0000)]
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
ciphersuite as well

18 years agoRemove non-functional part of recent patch, after discussion with
Bodo Möller [Wed, 6 Sep 2006 06:43:26 +0000 (06:43 +0000)]
Remove non-functional part of recent patch, after discussion with
Colin Percival (this would have caused more problems than solved,
and isn't really necessary anyway)

18 years agoAfter tagging, prep for next release
Mark J. Cox [Tue, 5 Sep 2006 08:51:30 +0000 (08:51 +0000)]
After tagging, prep for next release

18 years agoReady for 0.9.8c release OpenSSL_0_9_8c
Mark J. Cox [Tue, 5 Sep 2006 08:45:37 +0000 (08:45 +0000)]
Ready for 0.9.8c release

18 years agoAvoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
Mark J. Cox [Tue, 5 Sep 2006 08:25:42 +0000 (08:25 +0000)]
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)

Submitted by:  Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson

18 years agoFix from HEAD.
Dr. Stephen Henson [Thu, 31 Aug 2006 21:01:41 +0000 (21:01 +0000)]
Fix from HEAD.

18 years agoFix from HEAD.
Dr. Stephen Henson [Thu, 31 Aug 2006 20:11:09 +0000 (20:11 +0000)]
Fix from HEAD.

18 years agoAdd IGE and biIGE modes.
Ben Laurie [Mon, 28 Aug 2006 11:00:32 +0000 (11:00 +0000)]
Add IGE and biIGE modes.

18 years agoEngage assembler in solaris64-x86_64-cc [backport from HEAD].
Andy Polyakov [Tue, 1 Aug 2006 16:13:47 +0000 (16:13 +0000)]
Engage assembler in solaris64-x86_64-cc [backport from HEAD].

18 years agoCamellia IPR information
Bodo Möller [Mon, 31 Jul 2006 11:50:02 +0000 (11:50 +0000)]
Camellia IPR information

18 years agoNew Camellia implementation (replacing previous version)
Bodo Möller [Wed, 19 Jul 2006 13:38:27 +0000 (13:38 +0000)]
New Camellia implementation (replacing previous version)

Submitted by: NTT

18 years agoCamellia information
Bodo Möller [Wed, 19 Jul 2006 13:37:10 +0000 (13:37 +0000)]
Camellia information

18 years agoFix from HEAD.
Dr. Stephen Henson [Thu, 13 Jul 2006 20:35:33 +0000 (20:35 +0000)]
Fix from HEAD.

18 years agoOops...
Dr. Stephen Henson [Sun, 9 Jul 2006 12:07:22 +0000 (12:07 +0000)]
Oops...

18 years agoFix from HEAD.
Dr. Stephen Henson [Sun, 9 Jul 2006 12:03:02 +0000 (12:03 +0000)]
Fix from HEAD.

18 years agoFix warning.
Ben Laurie [Sun, 2 Jul 2006 14:43:21 +0000 (14:43 +0000)]
Fix warning.

18 years agodocumentation for "HIGH" vs. "MEDIUM" was not up-to-date
Bodo Möller [Fri, 30 Jun 2006 22:03:48 +0000 (22:03 +0000)]
documentation for "HIGH" vs. "MEDIUM" was not up-to-date

18 years agouse <poll.h> as by Single Unix Specification
Bodo Möller [Fri, 30 Jun 2006 08:14:50 +0000 (08:14 +0000)]
use <poll.h> as by Single Unix Specification

18 years agoalways read in RAND_poll() if we can't use select because of a too
Bodo Möller [Wed, 28 Jun 2006 14:50:00 +0000 (14:50 +0000)]
always read in RAND_poll() if we can't use select because of a too
large FD: it's non-blocking mode anyway

18 years agoaes-586.pl sync from HEAD.
Andy Polyakov [Wed, 28 Jun 2006 09:01:40 +0000 (09:01 +0000)]
aes-586.pl sync from HEAD.

18 years agoMitigate the hazard of cache-collision timing attack on last round
Andy Polyakov [Wed, 28 Jun 2006 08:58:15 +0000 (08:58 +0000)]
Mitigate the hazard of cache-collision timing attack on last round
[from HEAD].

18 years agoUse poll() when possible to gather Unix randomness entropy
Richard Levitte [Tue, 27 Jun 2006 06:31:57 +0000 (06:31 +0000)]
Use poll() when possible to gather Unix randomness entropy

18 years agoBe more explicit about requirements for multi-threading.
Bodo Möller [Fri, 23 Jun 2006 14:59:59 +0000 (14:59 +0000)]
Be more explicit about requirements for multi-threading.

18 years agoFix for previous change: explicitly named ciphersuites are OK to add
Bodo Möller [Thu, 22 Jun 2006 13:07:45 +0000 (13:07 +0000)]
Fix for previous change: explicitly named ciphersuites are OK to add

18 years agoPut ECCdraft ciphersuites back into default build (but disabled
Bodo Möller [Thu, 22 Jun 2006 12:35:54 +0000 (12:35 +0000)]
Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)