Ben Laurie [Sun, 9 Mar 2008 18:22:50 +0000 (18:22 +0000)]
Fix dependencies. Again.
Mark J. Cox [Thu, 28 Feb 2008 13:31:53 +0000 (13:31 +0000)]
Missing changelog entry for cvs.openssl.org/chngview?cn=16642
Dr. Stephen Henson [Thu, 3 Jan 2008 13:56:12 +0000 (13:56 +0000)]
Typo.
Dr. Stephen Henson [Thu, 3 Jan 2008 13:53:05 +0000 (13:53 +0000)]
Add fipsalgtest.pl script from 0.9.8-fips branch. Change default tests to
match 1.1.x module.
Dr. Stephen Henson [Thu, 3 Jan 2008 13:46:46 +0000 (13:46 +0000)]
Suppress debug output from AES algorithm test.
Dr. Stephen Henson [Thu, 3 Jan 2008 13:37:23 +0000 (13:37 +0000)]
Backport fixes/updates from 0.9.8-fips to algorithm tests.
Andy Polyakov [Wed, 10 Oct 2007 22:05:54 +0000 (22:05 +0000)]
Eliminate conditional final subtraction in Montgomery multiplication
[from HEAD].
Andy Polyakov [Wed, 10 Oct 2007 21:56:01 +0000 (21:56 +0000)]
Respect ISO aliasing rules [from HEAD].
PR: 1296
Andy Polyakov [Wed, 10 Oct 2007 21:53:53 +0000 (21:53 +0000)]
Typo in apps/Makefile.
Dr. Stephen Henson [Tue, 9 Oct 2007 16:08:47 +0000 (16:08 +0000)]
Fix from 0.9.8-stable
PR: 1545
Dr. Stephen Henson [Fri, 5 Oct 2007 17:09:10 +0000 (17:09 +0000)]
Add pqgver option.
Ben Laurie [Thu, 4 Oct 2007 08:01:21 +0000 (08:01 +0000)]
Fix off-by-one.
Ben Laurie [Thu, 4 Oct 2007 07:56:11 +0000 (07:56 +0000)]
Clarify.
Ben Laurie [Thu, 4 Oct 2007 07:55:40 +0000 (07:55 +0000)]
Update flags.
Andy Polyakov [Sat, 15 Sep 2007 17:10:13 +0000 (17:10 +0000)]
Make bn2dec work on "SIXTY_FOUR_BIT" platforms [from HEAD].
PR: 1456
Richard Levitte [Wed, 22 Aug 2007 20:58:53 +0000 (20:58 +0000)]
VAX C can't handle 64 bit integers, making SHA512 impossible...
Dr. Stephen Henson [Mon, 18 Jun 2007 12:57:45 +0000 (12:57 +0000)]
Add VC8 shut up flags after debugging options have been set.
Dr. Stephen Henson [Tue, 22 May 2007 23:31:56 +0000 (23:31 +0000)]
Update from HEAD.
Andy Polyakov [Sun, 20 May 2007 14:17:44 +0000 (14:17 +0000)]
Retire -bpowerpc64-linux option from linux-ppc64. Those who need it can
add it at ./Configure command-line.
PR: 1457
Dr. Stephen Henson [Mon, 9 Apr 2007 23:56:33 +0000 (23:56 +0000)]
Add evp_cnf.c file.
Dr. Stephen Henson [Mon, 9 Apr 2007 23:54:55 +0000 (23:54 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Mon, 9 Apr 2007 12:17:21 +0000 (12:17 +0000)]
Backport "alg" module to OpenSSL 0.9.7
Dr. Stephen Henson [Mon, 9 Apr 2007 11:47:17 +0000 (11:47 +0000)]
Update from HEAD.
Dr. Stephen Henson [Sun, 8 Apr 2007 17:51:01 +0000 (17:51 +0000)]
file evp_cnf.c was added on branch OpenSSL_0_9_7-stable on 2007-04-09 23:56:33 +0000
Bodo Möller [Wed, 21 Mar 2007 14:32:44 +0000 (14:32 +0000)]
stricter session ID context matching
Bodo Möller [Wed, 21 Mar 2007 10:57:54 +0000 (10:57 +0000)]
clarification regarding libdes
Dr. Stephen Henson [Mon, 5 Mar 2007 00:07:57 +0000 (00:07 +0000)]
Update from 0.9.8-stable
Lutz Jänicke [Tue, 27 Feb 2007 08:27:30 +0000 (08:27 +0000)]
Merge from HEAD
Bodo Möller [Mon, 26 Feb 2007 10:47:28 +0000 (10:47 +0000)]
use 2007 copyright for generated files
Dr. Stephen Henson [Sat, 24 Feb 2007 13:10:19 +0000 (13:10 +0000)]
Use -mcpu on platforms that don't support -march.
Dr. Stephen Henson [Fri, 23 Feb 2007 13:20:26 +0000 (13:20 +0000)]
Update README for next version.
Dr. Stephen Henson [Fri, 23 Feb 2007 12:49:09 +0000 (12:49 +0000)]
Use date in README.
Dr. Stephen Henson [Fri, 23 Feb 2007 12:35:48 +0000 (12:35 +0000)]
Update to next dev version.
Dr. Stephen Henson [Fri, 23 Feb 2007 12:17:03 +0000 (12:17 +0000)]
Oops! Correct version file.
Dr. Stephen Henson [Fri, 23 Feb 2007 12:07:21 +0000 (12:07 +0000)]
Prepare for release.
Dr. Stephen Henson [Fri, 23 Feb 2007 00:59:28 +0000 (00:59 +0000)]
Make update.
Dr. Stephen Henson [Fri, 23 Feb 2007 00:36:03 +0000 (00:36 +0000)]
Fix syntax error in asm file.
Dr. Stephen Henson [Thu, 22 Feb 2007 22:30:49 +0000 (22:30 +0000)]
Set $fips when fipscanistebuild is used.
Dr. Stephen Henson [Thu, 22 Feb 2007 22:30:00 +0000 (22:30 +0000)]
Typo.
Dr. Stephen Henson [Thu, 22 Feb 2007 01:51:34 +0000 (01:51 +0000)]
Only give warning if relevant options are given.
Dr. Stephen Henson [Thu, 22 Feb 2007 01:36:15 +0000 (01:36 +0000)]
Update NEWS file.
Dr. Stephen Henson [Wed, 21 Feb 2007 18:16:25 +0000 (18:16 +0000)]
Include big warning message if test fipscanister.o compilation option used.
Lutz Jänicke [Wed, 21 Feb 2007 17:44:08 +0000 (17:44 +0000)]
Fix incorrect handling of special characters.
PR: 1459
Submitted by: tnitschke@innominate.com
Reviewed by: steve@openssl.org
Dr. Stephen Henson [Wed, 21 Feb 2007 13:48:09 +0000 (13:48 +0000)]
Cleanse PEM buffers before freeing them.
Submitted by: Benjamin Bennett <ben@psc.edu>
Bodo Möller [Mon, 19 Feb 2007 18:35:45 +0000 (18:35 +0000)]
Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.
Bodo Möller [Mon, 19 Feb 2007 14:45:57 +0000 (14:45 +0000)]
fix incorrect strength bit values for certain Kerberos ciphersuites
Submitted by: Victor Duchovni
Bodo Möller [Sat, 17 Feb 2007 06:53:10 +0000 (06:53 +0000)]
Some fixes for ciphersuite string processing:
- add a workaround provided by Victor Duchovni so that 128- and
256-bit variants of otherwise identical ciphersuites are treated
correctly;
- also, correctly skip invalid parts of ciphersuite description strings.
Submitted by: Victor Duchovni, Bodo Moeller
Dr. Stephen Henson [Sat, 3 Feb 2007 17:33:30 +0000 (17:33 +0000)]
Update from fips2 branch.
Nils Larsch [Sat, 3 Feb 2007 10:27:06 +0000 (10:27 +0000)]
fix documentation
PR: 1466
Dr. Stephen Henson [Tue, 23 Jan 2007 18:25:01 +0000 (18:25 +0000)]
Don't call OPENSSL_free() on sig, DSA_free() has already freed it.
Dr. Stephen Henson [Tue, 23 Jan 2007 18:21:12 +0000 (18:21 +0000)]
Typo.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:53:01 +0000 (17:53 +0000)]
Constify tag table.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:51:08 +0000 (17:51 +0000)]
To reduce FIPS dependencies don't load error strings and avoid use of ASN1
versions of DSA signature functions.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:43:57 +0000 (17:43 +0000)]
Move some DSA functions between files to make it possible to use the DSA
crypto without ASN1 dependency.
Dr. Stephen Henson [Tue, 23 Jan 2007 01:40:28 +0000 (01:40 +0000)]
Rewrite AES/DES algorithm test programs to only use low level API.
Dr. Stephen Henson [Sun, 21 Jan 2007 16:02:37 +0000 (16:02 +0000)]
Update from HEAD.
Dr. Stephen Henson [Sun, 21 Jan 2007 14:05:43 +0000 (14:05 +0000)]
Oops...
Dr. Stephen Henson [Sun, 21 Jan 2007 13:59:17 +0000 (13:59 +0000)]
Make FIPS algorithm tests compile in none-FIPS mode.
Dr. Stephen Henson [Sun, 21 Jan 2007 13:37:48 +0000 (13:37 +0000)]
Update fips_test_suite source.
Dr. Stephen Henson [Sat, 20 Jan 2007 18:49:05 +0000 (18:49 +0000)]
Link fips utilities only against fipscanister.o
Dr. Stephen Henson [Fri, 19 Jan 2007 13:17:52 +0000 (13:17 +0000)]
User cleaner way to handle new options for VC++ build.
Dr. Stephen Henson [Thu, 18 Jan 2007 21:27:29 +0000 (21:27 +0000)]
Upadte from HEAD.
Dr. Stephen Henson [Thu, 18 Jan 2007 18:44:41 +0000 (18:44 +0000)]
Expanded boundary support for VC++ build.
Dr. Stephen Henson [Thu, 18 Jan 2007 13:29:15 +0000 (13:29 +0000)]
Expand security boundary to match 1.1.1 module.
Dr. Stephen Henson [Wed, 17 Jan 2007 17:12:17 +0000 (17:12 +0000)]
Initial support for new build options under WIN32 and VC++.
Dr. Stephen Henson [Tue, 16 Jan 2007 19:45:14 +0000 (19:45 +0000)]
Remove debugging echo.
Dr. Stephen Henson [Tue, 16 Jan 2007 19:30:21 +0000 (19:30 +0000)]
Add options to allow fipscanister to be built and linked against internally.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:39:58 +0000 (17:39 +0000)]
More fixes to build/fipsld to handle detached fips_premain.c detached sig.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:14:50 +0000 (17:14 +0000)]
Remove deleted fipshashes.[co] from Makefile.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:03:30 +0000 (17:03 +0000)]
$(FIPSCHECK) no longer used.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:37:07 +0000 (14:37 +0000)]
Update .cvsignore.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:34:22 +0000 (14:34 +0000)]
Update .cvsignore
Dr. Stephen Henson [Tue, 16 Jan 2007 14:32:14 +0000 (14:32 +0000)]
Use correct perl script name in mkfipsscr.pl output.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:06:33 +0000 (14:06 +0000)]
Update fipsld to use external signature for fips_premain.c . Update build system
remove redundant source file hash checks.
Dr. Stephen Henson [Tue, 16 Jan 2007 13:48:16 +0000 (13:48 +0000)]
Don't use deprecated -mcpu option.
Dr. Stephen Henson [Mon, 15 Jan 2007 00:29:39 +0000 (00:29 +0000)]
Oops...
Dr. Stephen Henson [Mon, 15 Jan 2007 00:25:59 +0000 (00:25 +0000)]
Perl script to build shell scripts and batch files to run algorithm test programs.
Dr. Stephen Henson [Sun, 14 Jan 2007 17:01:31 +0000 (17:01 +0000)]
Make algorithm test programs tolerate whitespace in input files.
Lutz Jänicke [Fri, 12 Jan 2007 18:48:00 +0000 (18:48 +0000)]
Update to new home page
Dr. Stephen Henson [Thu, 7 Dec 2006 13:23:22 +0000 (13:23 +0000)]
Remove 'done' variable since it stops error codes being reloaded.
Nils Larsch [Wed, 6 Dec 2006 16:52:55 +0000 (16:52 +0000)]
fix no-ssl2 build
Nils Larsch [Mon, 4 Dec 2006 20:41:46 +0000 (20:41 +0000)]
fix function names in RSAerr calls
PR: 1403
Bodo Möller [Wed, 29 Nov 2006 14:44:07 +0000 (14:44 +0000)]
fix support for receiving fragmented handshake messages
Dr. Stephen Henson [Tue, 21 Nov 2006 19:27:19 +0000 (19:27 +0000)]
Rebuild error source files.
Dr. Stephen Henson [Tue, 21 Nov 2006 19:19:09 +0000 (19:19 +0000)]
Use error table to determine if errors should be loaded.
Dr. Stephen Henson [Mon, 13 Nov 2006 13:23:33 +0000 (13:23 +0000)]
Fix from HEAD.
Mark J. Cox [Fri, 29 Sep 2006 08:20:11 +0000 (08:20 +0000)]
Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan
Richard Levitte [Thu, 28 Sep 2006 19:48:48 +0000 (19:48 +0000)]
Oops, some changes forgotten...
Mark J. Cox [Thu, 28 Sep 2006 12:00:30 +0000 (12:00 +0000)]
After tagging, open up 0.9.7m-dev
Mark J. Cox [Thu, 28 Sep 2006 11:56:57 +0000 (11:56 +0000)]
Prepare for 0.9.7l release
Mark J. Cox [Thu, 28 Sep 2006 11:53:51 +0000 (11:53 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
Dr. Stephen Henson [Fri, 22 Sep 2006 17:15:04 +0000 (17:15 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:06:51 +0000 (17:06 +0000)]
Fix from head.
Bodo Möller [Tue, 19 Sep 2006 10:00:29 +0000 (10:00 +0000)]
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
[Problem pointed out by Adam Young <adamy (at) acm.org>]
Bodo Möller [Tue, 12 Sep 2006 14:41:50 +0000 (14:41 +0000)]
Backport from HEAD: fix ciphersuite selection
Bodo Möller [Wed, 6 Sep 2006 06:41:32 +0000 (06:41 +0000)]
make consistent with 0.9.8-branch version of this file
Mark J. Cox [Tue, 5 Sep 2006 08:46:18 +0000 (08:46 +0000)]
Don't forget to put back the -dev
Mark J. Cox [Tue, 5 Sep 2006 08:38:12 +0000 (08:38 +0000)]
Bump for 0.9.7l-dev
Mark J. Cox [Tue, 5 Sep 2006 08:34:07 +0000 (08:34 +0000)]
Prepare 0.9.7k release
Mark J. Cox [Tue, 5 Sep 2006 08:24:14 +0000 (08:24 +0000)]
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339) [Ben Laurie and Google Security Team]
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson