Dr. Stephen Henson [Wed, 21 Feb 2007 13:50:22 +0000 (13:50 +0000)]
Include changes from 0.9.7-stable.
Dr. Stephen Henson [Wed, 14 Feb 2007 13:15:58 +0000 (13:15 +0000)]
FIPS error codes are in fips_err.h not fips_err.c
Dr. Stephen Henson [Sun, 11 Feb 2007 00:53:39 +0000 (00:53 +0000)]
Typo.
Dr. Stephen Henson [Sun, 11 Feb 2007 00:51:58 +0000 (00:51 +0000)]
FIPSLD_NPT environment variable to disable pass-thru when building
standalone utilities.
Dr. Stephen Henson [Mon, 5 Feb 2007 18:42:12 +0000 (18:42 +0000)]
FIPS portability patches.
Submitted by: Brad House <brad@mainstreetsoftworks.com>
Dr. Stephen Henson [Sat, 3 Feb 2007 17:39:14 +0000 (17:39 +0000)]
Update .cvsignore
Dr. Stephen Henson [Sat, 3 Feb 2007 17:38:31 +0000 (17:38 +0000)]
Update dependencies.
Dr. Stephen Henson [Sat, 3 Feb 2007 17:30:41 +0000 (17:30 +0000)]
Constification.
Dr. Stephen Henson [Sat, 3 Feb 2007 17:19:43 +0000 (17:19 +0000)]
Remove all error string tables out of fipscanister.o, reorganise
ERR and SYS error code files to achieve this.
Dr. Stephen Henson [Sat, 3 Feb 2007 13:43:53 +0000 (13:43 +0000)]
Fix paths for --onedir and Unix.
Dr. Stephen Henson [Mon, 29 Jan 2007 00:31:22 +0000 (00:31 +0000)]
Stop missing directory error messages on Win32.
Dr. Stephen Henson [Mon, 29 Jan 2007 00:21:08 +0000 (00:21 +0000)]
More options to allow directory locations to be specified in mkfipsscr.pl
script. Make AES/DES algorithm test programs handle Win32 path separator.
Switch off verbose mode in AES test program.
Dr. Stephen Henson [Sat, 27 Jan 2007 13:19:42 +0000 (13:19 +0000)]
Preliminary VC++ build changes to support fipsdso. New perl script nksdef.pl to
work out how to split the DEF file between the two DLLs based on which symbols
the linker complains about (!).
Dr. Stephen Henson [Fri, 26 Jan 2007 17:01:47 +0000 (17:01 +0000)]
Use $(PERL) not perl in Win32 Makefile
Dr. Stephen Henson [Fri, 26 Jan 2007 14:25:30 +0000 (14:25 +0000)]
Make WIN32 build work with fipscanisterbuild option. Update ordinals and
fix warning.
Dr. Stephen Henson [Fri, 26 Jan 2007 00:39:55 +0000 (00:39 +0000)]
Use correct shared lib name in fips-1.0
Dr. Stephen Henson [Fri, 26 Jan 2007 00:13:45 +0000 (00:13 +0000)]
Typo.
Dr. Stephen Henson [Thu, 25 Jan 2007 22:39:08 +0000 (22:39 +0000)]
Fix to make install works in all configurations.
Dr. Stephen Henson [Thu, 25 Jan 2007 22:05:52 +0000 (22:05 +0000)]
Make install option work in fipdso (maybe!).
Dr. Stephen Henson [Thu, 25 Jan 2007 21:38:04 +0000 (21:38 +0000)]
Create libfips.a if needed.
Dr. Stephen Henson [Thu, 25 Jan 2007 21:29:07 +0000 (21:29 +0000)]
Fixes to build system to cleanly handle fipsdso
Dr. Stephen Henson [Thu, 25 Jan 2007 18:56:19 +0000 (18:56 +0000)]
Add missing definition for ARD
Dr. Stephen Henson [Thu, 25 Jan 2007 18:49:54 +0000 (18:49 +0000)]
Update .cvsignore
Dr. Stephen Henson [Thu, 25 Jan 2007 18:47:19 +0000 (18:47 +0000)]
New build option fipsdso
Dr. Stephen Henson [Wed, 24 Jan 2007 13:00:15 +0000 (13:00 +0000)]
Remove ASN1 library (and other) dependencies from fipscanister.o
Dr. Stephen Henson [Wed, 24 Jan 2007 12:42:20 +0000 (12:42 +0000)]
Update version for FIPS2 branch.
cvs2svn [Tue, 23 Jan 2007 18:25:02 +0000 (18:25 +0000)]
This commit was manufactured by cvs2svn to create branch 'OpenSSL-
fips2-0_9_7-stable'.
Dr. Stephen Henson [Tue, 23 Jan 2007 18:25:01 +0000 (18:25 +0000)]
Don't call OPENSSL_free() on sig, DSA_free() has already freed it.
Dr. Stephen Henson [Tue, 23 Jan 2007 18:21:12 +0000 (18:21 +0000)]
Typo.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:53:01 +0000 (17:53 +0000)]
Constify tag table.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:51:08 +0000 (17:51 +0000)]
To reduce FIPS dependencies don't load error strings and avoid use of ASN1
versions of DSA signature functions.
Dr. Stephen Henson [Tue, 23 Jan 2007 17:43:57 +0000 (17:43 +0000)]
Move some DSA functions between files to make it possible to use the DSA
crypto without ASN1 dependency.
Dr. Stephen Henson [Tue, 23 Jan 2007 01:40:28 +0000 (01:40 +0000)]
Rewrite AES/DES algorithm test programs to only use low level API.
Dr. Stephen Henson [Sun, 21 Jan 2007 16:02:37 +0000 (16:02 +0000)]
Update from HEAD.
Dr. Stephen Henson [Sun, 21 Jan 2007 14:05:43 +0000 (14:05 +0000)]
Oops...
Dr. Stephen Henson [Sun, 21 Jan 2007 13:59:17 +0000 (13:59 +0000)]
Make FIPS algorithm tests compile in none-FIPS mode.
Dr. Stephen Henson [Sun, 21 Jan 2007 13:37:48 +0000 (13:37 +0000)]
Update fips_test_suite source.
Dr. Stephen Henson [Sat, 20 Jan 2007 18:49:05 +0000 (18:49 +0000)]
Link fips utilities only against fipscanister.o
Dr. Stephen Henson [Fri, 19 Jan 2007 13:17:52 +0000 (13:17 +0000)]
User cleaner way to handle new options for VC++ build.
Dr. Stephen Henson [Thu, 18 Jan 2007 21:27:29 +0000 (21:27 +0000)]
Upadte from HEAD.
Dr. Stephen Henson [Thu, 18 Jan 2007 18:44:41 +0000 (18:44 +0000)]
Expanded boundary support for VC++ build.
Dr. Stephen Henson [Thu, 18 Jan 2007 13:29:15 +0000 (13:29 +0000)]
Expand security boundary to match 1.1.1 module.
Dr. Stephen Henson [Wed, 17 Jan 2007 17:12:17 +0000 (17:12 +0000)]
Initial support for new build options under WIN32 and VC++.
Dr. Stephen Henson [Tue, 16 Jan 2007 19:45:14 +0000 (19:45 +0000)]
Remove debugging echo.
Dr. Stephen Henson [Tue, 16 Jan 2007 19:30:21 +0000 (19:30 +0000)]
Add options to allow fipscanister to be built and linked against internally.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:39:58 +0000 (17:39 +0000)]
More fixes to build/fipsld to handle detached fips_premain.c detached sig.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:14:50 +0000 (17:14 +0000)]
Remove deleted fipshashes.[co] from Makefile.
Dr. Stephen Henson [Tue, 16 Jan 2007 17:03:30 +0000 (17:03 +0000)]
$(FIPSCHECK) no longer used.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:37:07 +0000 (14:37 +0000)]
Update .cvsignore.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:34:22 +0000 (14:34 +0000)]
Update .cvsignore
Dr. Stephen Henson [Tue, 16 Jan 2007 14:32:14 +0000 (14:32 +0000)]
Use correct perl script name in mkfipsscr.pl output.
Dr. Stephen Henson [Tue, 16 Jan 2007 14:06:33 +0000 (14:06 +0000)]
Update fipsld to use external signature for fips_premain.c . Update build system
remove redundant source file hash checks.
Dr. Stephen Henson [Tue, 16 Jan 2007 13:48:16 +0000 (13:48 +0000)]
Don't use deprecated -mcpu option.
Dr. Stephen Henson [Mon, 15 Jan 2007 00:29:39 +0000 (00:29 +0000)]
Oops...
Dr. Stephen Henson [Mon, 15 Jan 2007 00:25:59 +0000 (00:25 +0000)]
Perl script to build shell scripts and batch files to run algorithm test programs.
Dr. Stephen Henson [Sun, 14 Jan 2007 17:01:31 +0000 (17:01 +0000)]
Make algorithm test programs tolerate whitespace in input files.
Lutz Jänicke [Fri, 12 Jan 2007 18:48:00 +0000 (18:48 +0000)]
Update to new home page
Dr. Stephen Henson [Thu, 7 Dec 2006 13:23:22 +0000 (13:23 +0000)]
Remove 'done' variable since it stops error codes being reloaded.
Nils Larsch [Wed, 6 Dec 2006 16:52:55 +0000 (16:52 +0000)]
fix no-ssl2 build
Nils Larsch [Mon, 4 Dec 2006 20:41:46 +0000 (20:41 +0000)]
fix function names in RSAerr calls
PR: 1403
Bodo Möller [Wed, 29 Nov 2006 14:44:07 +0000 (14:44 +0000)]
fix support for receiving fragmented handshake messages
Dr. Stephen Henson [Tue, 21 Nov 2006 19:27:19 +0000 (19:27 +0000)]
Rebuild error source files.
Dr. Stephen Henson [Tue, 21 Nov 2006 19:19:09 +0000 (19:19 +0000)]
Use error table to determine if errors should be loaded.
Dr. Stephen Henson [Mon, 13 Nov 2006 13:23:33 +0000 (13:23 +0000)]
Fix from HEAD.
Mark J. Cox [Fri, 29 Sep 2006 08:20:11 +0000 (08:20 +0000)]
Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan
Richard Levitte [Thu, 28 Sep 2006 19:48:48 +0000 (19:48 +0000)]
Oops, some changes forgotten...
Mark J. Cox [Thu, 28 Sep 2006 12:00:30 +0000 (12:00 +0000)]
After tagging, open up 0.9.7m-dev
Mark J. Cox [Thu, 28 Sep 2006 11:56:57 +0000 (11:56 +0000)]
Prepare for 0.9.7l release
Mark J. Cox [Thu, 28 Sep 2006 11:53:51 +0000 (11:53 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
Dr. Stephen Henson [Fri, 22 Sep 2006 17:15:04 +0000 (17:15 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:06:51 +0000 (17:06 +0000)]
Fix from head.
Bodo Möller [Tue, 19 Sep 2006 10:00:29 +0000 (10:00 +0000)]
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
[Problem pointed out by Adam Young <adamy (at) acm.org>]
Bodo Möller [Tue, 12 Sep 2006 14:41:50 +0000 (14:41 +0000)]
Backport from HEAD: fix ciphersuite selection
Bodo Möller [Wed, 6 Sep 2006 06:41:32 +0000 (06:41 +0000)]
make consistent with 0.9.8-branch version of this file
Mark J. Cox [Tue, 5 Sep 2006 08:46:18 +0000 (08:46 +0000)]
Don't forget to put back the -dev
Mark J. Cox [Tue, 5 Sep 2006 08:38:12 +0000 (08:38 +0000)]
Bump for 0.9.7l-dev
Mark J. Cox [Tue, 5 Sep 2006 08:34:07 +0000 (08:34 +0000)]
Prepare 0.9.7k release
Mark J. Cox [Tue, 5 Sep 2006 08:24:14 +0000 (08:24 +0000)]
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339) [Ben Laurie and Google Security Team]
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
Dr. Stephen Henson [Thu, 31 Aug 2006 20:11:30 +0000 (20:11 +0000)]
Update from HEAD.
Dr. Stephen Henson [Thu, 13 Jul 2006 20:36:51 +0000 (20:36 +0000)]
Fix from HEAD. Except we can't stream multipart/signed in 0.9.7 so that case
still rewinds the stream.
Dr. Stephen Henson [Sun, 9 Jul 2006 12:05:10 +0000 (12:05 +0000)]
Fix from HEAD.
Bodo Möller [Fri, 30 Jun 2006 22:03:18 +0000 (22:03 +0000)]
documentation for "HIGH" vs. "MEDIUM" was not up-to-date
Bodo Möller [Fri, 30 Jun 2006 08:15:13 +0000 (08:15 +0000)]
use <poll.h> as by Single Unix Specification
Bodo Möller [Wed, 28 Jun 2006 14:49:39 +0000 (14:49 +0000)]
always read if we can't use select because of a too large FD
(it's non-blocking mode anyway)
Andy Polyakov [Wed, 28 Jun 2006 08:57:22 +0000 (08:57 +0000)]
Mitigate the hazard of cache-collision timing attack on last round
[from HEAD].
Richard Levitte [Tue, 27 Jun 2006 06:31:48 +0000 (06:31 +0000)]
Use poll() when possible to gather Unix randomness entropy
Bodo Möller [Fri, 23 Jun 2006 14:59:43 +0000 (14:59 +0000)]
Be more explicit about requirements for multi-threading.
Richard Levitte [Wed, 21 Jun 2006 05:08:36 +0000 (05:08 +0000)]
Synchronise with the Unix build
Dr. Stephen Henson [Tue, 20 Jun 2006 18:06:40 +0000 (18:06 +0000)]
Place hex_to_string and string_to_hex in separate source file to avoid
dragging in extra dependencies when just these functions are used.
Bodo Möller [Fri, 16 Jun 2006 01:01:34 +0000 (01:01 +0000)]
Thread-safety fixes
Bodo Möller [Wed, 14 Jun 2006 17:51:36 +0000 (17:51 +0000)]
Disable invalid ciphersuites
Bodo Möller [Wed, 14 Jun 2006 08:50:11 +0000 (08:50 +0000)]
Thread-safety fixes
Dr. Stephen Henson [Wed, 17 May 2006 18:25:38 +0000 (18:25 +0000)]
Fix from head.
Dr. Stephen Henson [Wed, 17 May 2006 18:20:53 +0000 (18:20 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Thu, 4 May 2006 13:08:01 +0000 (13:08 +0000)]
Update for next dev version.
Dr. Stephen Henson [Thu, 4 May 2006 12:52:59 +0000 (12:52 +0000)]
Prepare for release
Dr. Stephen Henson [Thu, 4 May 2006 12:32:36 +0000 (12:32 +0000)]
make update
Dr. Stephen Henson [Thu, 4 May 2006 12:09:04 +0000 (12:09 +0000)]
Use new fips-1.0 directory in error library.
Dr. Stephen Henson [Thu, 4 May 2006 11:16:20 +0000 (11:16 +0000)]
Update CHANGES.
Dr. Stephen Henson [Mon, 24 Apr 2006 13:32:58 +0000 (13:32 +0000)]
Add new --with-baseaddr command line option to allow the FIPS base address of
libeay32.dll to be explicitly specified.