oweals/openssl.git
18 years agoRebuild error source files.
Dr. Stephen Henson [Tue, 21 Nov 2006 19:27:19 +0000 (19:27 +0000)]
Rebuild error source files.

18 years agoUse error table to determine if errors should be loaded.
Dr. Stephen Henson [Tue, 21 Nov 2006 19:19:09 +0000 (19:19 +0000)]
Use error table to determine if errors should be loaded.

18 years agoFix from HEAD.
Dr. Stephen Henson [Mon, 13 Nov 2006 13:23:33 +0000 (13:23 +0000)]
Fix from HEAD.

18 years agoInitialise ctx to NULL to avoid uninitialized free, noticed by
Mark J. Cox [Fri, 29 Sep 2006 08:20:11 +0000 (08:20 +0000)]
Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan

18 years agoOops, some changes forgotten...
Richard Levitte [Thu, 28 Sep 2006 19:48:48 +0000 (19:48 +0000)]
Oops, some changes forgotten...

18 years agoAfter tagging, open up 0.9.7m-dev
Mark J. Cox [Thu, 28 Sep 2006 12:00:30 +0000 (12:00 +0000)]
After tagging, open up 0.9.7m-dev

18 years agoPrepare for 0.9.7l release OpenSSL_0_9_7l
Mark J. Cox [Thu, 28 Sep 2006 11:56:57 +0000 (11:56 +0000)]
Prepare for 0.9.7l release

18 years agoIntroduce limits to prevent malicious keys being able to
Mark J. Cox [Thu, 28 Sep 2006 11:53:51 +0000 (11:53 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

18 years agoFix from HEAD.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:15:04 +0000 (17:15 +0000)]
Fix from HEAD.

18 years agoFix from head.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:06:51 +0000 (17:06 +0000)]
Fix from head.

18 years agoEnsure that the addition mods[i]+delta cannot overflow in probable_prime().
Bodo Möller [Tue, 19 Sep 2006 10:00:29 +0000 (10:00 +0000)]
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().

[Problem pointed out by Adam Young <adamy (at) acm.org>]

18 years agoBackport from HEAD: fix ciphersuite selection
Bodo Möller [Tue, 12 Sep 2006 14:41:50 +0000 (14:41 +0000)]
Backport from HEAD: fix ciphersuite selection

18 years agomake consistent with 0.9.8-branch version of this file
Bodo Möller [Wed, 6 Sep 2006 06:41:32 +0000 (06:41 +0000)]
make consistent with 0.9.8-branch version of this file

18 years agoDon't forget to put back the -dev
Mark J. Cox [Tue, 5 Sep 2006 08:46:18 +0000 (08:46 +0000)]
Don't forget to put back the -dev

18 years agoBump for 0.9.7l-dev
Mark J. Cox [Tue, 5 Sep 2006 08:38:12 +0000 (08:38 +0000)]
Bump for 0.9.7l-dev

18 years agoPrepare 0.9.7k release OpenSSL_0_9_7k
Mark J. Cox [Tue, 5 Sep 2006 08:34:07 +0000 (08:34 +0000)]
Prepare 0.9.7k release

18 years agoAvoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
Mark J. Cox [Tue, 5 Sep 2006 08:24:14 +0000 (08:24 +0000)]
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)  [Ben Laurie and Google Security Team]

Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson

18 years agoUpdate from HEAD.
Dr. Stephen Henson [Thu, 31 Aug 2006 20:11:30 +0000 (20:11 +0000)]
Update from HEAD.

18 years agoFix from HEAD. Except we can't stream multipart/signed in 0.9.7 so that case
Dr. Stephen Henson [Thu, 13 Jul 2006 20:36:51 +0000 (20:36 +0000)]
Fix from HEAD. Except we can't stream multipart/signed in 0.9.7 so that case
still rewinds the stream.

18 years agoFix from HEAD.
Dr. Stephen Henson [Sun, 9 Jul 2006 12:05:10 +0000 (12:05 +0000)]
Fix from HEAD.

18 years agodocumentation for "HIGH" vs. "MEDIUM" was not up-to-date
Bodo Möller [Fri, 30 Jun 2006 22:03:18 +0000 (22:03 +0000)]
documentation for "HIGH" vs. "MEDIUM" was not up-to-date

18 years agouse <poll.h> as by Single Unix Specification
Bodo Möller [Fri, 30 Jun 2006 08:15:13 +0000 (08:15 +0000)]
use <poll.h> as by Single Unix Specification

18 years agoalways read if we can't use select because of a too large FD
Bodo Möller [Wed, 28 Jun 2006 14:49:39 +0000 (14:49 +0000)]
always read if we can't use select because of a too large FD
(it's non-blocking mode anyway)

18 years agoMitigate the hazard of cache-collision timing attack on last round
Andy Polyakov [Wed, 28 Jun 2006 08:57:22 +0000 (08:57 +0000)]
Mitigate the hazard of cache-collision timing attack on last round
[from HEAD].

18 years agoUse poll() when possible to gather Unix randomness entropy
Richard Levitte [Tue, 27 Jun 2006 06:31:48 +0000 (06:31 +0000)]
Use poll() when possible to gather Unix randomness entropy

18 years agoBe more explicit about requirements for multi-threading.
Bodo Möller [Fri, 23 Jun 2006 14:59:43 +0000 (14:59 +0000)]
Be more explicit about requirements for multi-threading.

18 years agoSynchronise with the Unix build
Richard Levitte [Wed, 21 Jun 2006 05:08:36 +0000 (05:08 +0000)]
Synchronise with the Unix build

18 years agoPlace hex_to_string and string_to_hex in separate source file to avoid
Dr. Stephen Henson [Tue, 20 Jun 2006 18:06:40 +0000 (18:06 +0000)]
Place hex_to_string and string_to_hex in separate source file to avoid
dragging in extra dependencies when just these functions are used.

18 years agoThread-safety fixes
Bodo Möller [Fri, 16 Jun 2006 01:01:34 +0000 (01:01 +0000)]
Thread-safety fixes

18 years agoDisable invalid ciphersuites
Bodo Möller [Wed, 14 Jun 2006 17:51:36 +0000 (17:51 +0000)]
Disable invalid ciphersuites

18 years agoThread-safety fixes
Bodo Möller [Wed, 14 Jun 2006 08:50:11 +0000 (08:50 +0000)]
Thread-safety fixes

18 years agoFix from head.
Dr. Stephen Henson [Wed, 17 May 2006 18:25:38 +0000 (18:25 +0000)]
Fix from head.

18 years agoFix from HEAD.
Dr. Stephen Henson [Wed, 17 May 2006 18:20:53 +0000 (18:20 +0000)]
Fix from HEAD.

18 years agoUpdate for next dev version.
Dr. Stephen Henson [Thu, 4 May 2006 13:08:01 +0000 (13:08 +0000)]
Update for next dev version.

18 years agoPrepare for release OpenSSL_0_9_7j
Dr. Stephen Henson [Thu, 4 May 2006 12:52:59 +0000 (12:52 +0000)]
Prepare for release

18 years agomake update
Dr. Stephen Henson [Thu, 4 May 2006 12:32:36 +0000 (12:32 +0000)]
make update

18 years agoUse new fips-1.0 directory in error library.
Dr. Stephen Henson [Thu, 4 May 2006 12:09:04 +0000 (12:09 +0000)]
Use new fips-1.0 directory in error library.

18 years agoUpdate CHANGES.
Dr. Stephen Henson [Thu, 4 May 2006 11:16:20 +0000 (11:16 +0000)]
Update CHANGES.

18 years agoAdd new --with-baseaddr command line option to allow the FIPS base address of
Dr. Stephen Henson [Mon, 24 Apr 2006 13:32:58 +0000 (13:32 +0000)]
Add new --with-baseaddr command line option to allow the FIPS base address of
libeay32.dll to be explicitly specified.

18 years agoCheck pbe2->keyfunc->parameter is not NULL before dereferencing.
Dr. Stephen Henson [Sat, 15 Apr 2006 17:42:46 +0000 (17:42 +0000)]
Check pbe2->keyfunc->parameter is not NULL before dereferencing.

PR: 1316

18 years agoTypos.
Dr. Stephen Henson [Fri, 7 Apr 2006 00:15:44 +0000 (00:15 +0000)]
Typos.

18 years agoLink _chkstk.o from FIPSLIB_D.
Dr. Stephen Henson [Fri, 7 Apr 2006 00:04:37 +0000 (00:04 +0000)]
Link _chkstk.o from FIPSLIB_D.

18 years agoChange chop to chomp when reading lines, so CRLF is properly processed on
Richard Levitte [Mon, 3 Apr 2006 09:15:27 +0000 (09:15 +0000)]
Change chop to chomp when reading lines, so CRLF is properly processed on
the operating systems where they are the normal line endings

18 years agoCheck flag before calling FIPS_dsa_check().
Dr. Stephen Henson [Fri, 31 Mar 2006 22:44:20 +0000 (22:44 +0000)]
Check flag before calling FIPS_dsa_check().

18 years agoFlag to allow use of DSA_METHOD in FIPS mode.
Dr. Stephen Henson [Fri, 31 Mar 2006 17:09:46 +0000 (17:09 +0000)]
Flag to allow use of DSA_METHOD in FIPS mode.

18 years agoUpdate build system to make use of validated module in FIPS mode.
Dr. Stephen Henson [Tue, 28 Mar 2006 12:10:37 +0000 (12:10 +0000)]
Update build system to make use of validated module in FIPS mode.

18 years agoapply fixes from the cvs head
Nils Larsch [Tue, 14 Mar 2006 09:07:06 +0000 (09:07 +0000)]
apply fixes from the cvs head

18 years agoCheck EVP_DigestInit return value in EVP_BytesToKey() and use supported
Dr. Stephen Henson [Wed, 1 Mar 2006 21:15:24 +0000 (21:15 +0000)]
Check EVP_DigestInit return value in EVP_BytesToKey() and use supported
algorithm in PKCS12_create in FIPS mode.

18 years agoforce C locale when using [a-z] in sed expressions
Nils Larsch [Wed, 1 Mar 2006 19:52:39 +0000 (19:52 +0000)]
force C locale when using [a-z] in sed expressions

PR: 1283
Submitted by: Mike Frysinger

18 years agofix "#ifndef HZ" statement
Nils Larsch [Tue, 28 Feb 2006 20:15:56 +0000 (20:15 +0000)]
fix "#ifndef HZ" statement

PR: 1287

18 years agoI forgot to change fips to fips-1_0 in one place. That stopped the
Richard Levitte [Sun, 26 Feb 2006 11:17:21 +0000 (11:17 +0000)]
I forgot to change fips to fips-1_0 in one place.  That stopped the
build completely.  Hopefully, things will work better now.

18 years agofix Intel Mac configuration; patch supplied by JP Szikora <szikora@icp.ucl.ac.be>
Nils Larsch [Sat, 25 Feb 2006 12:01:25 +0000 (12:01 +0000)]
fix Intel Mac configuration; patch supplied by JP Szikora <szikora@icp.ucl.ac.be>

18 years agoOops, forgot to adapt the VMS build to the renamed directory.
Richard Levitte [Thu, 23 Feb 2006 09:18:45 +0000 (09:18 +0000)]
Oops, forgot to adapt the VMS build to the renamed directory.

18 years agoAdd entry for FIPSLIBDIR in Makefile.org
Dr. Stephen Henson [Wed, 8 Feb 2006 00:58:01 +0000 (00:58 +0000)]
Add entry for FIPSLIBDIR in Makefile.org

18 years agoAllow fips install dir to be specified for VC++ build.
Dr. Stephen Henson [Wed, 8 Feb 2006 00:47:30 +0000 (00:47 +0000)]
Allow fips install dir to be specified for VC++ build.

18 years agoBuild fips_premain_dso.exe in static build too. OpenSSL_FIPS_1_0
Dr. Stephen Henson [Tue, 7 Feb 2006 17:14:04 +0000 (17:14 +0000)]
Build fips_premain_dso.exe in static build too.

18 years agoBuild standalone exe after copying headers.
Dr. Stephen Henson [Tue, 7 Feb 2006 15:09:00 +0000 (15:09 +0000)]
Build standalone exe after copying headers.

18 years agoUse and build fips_premain_dso.exe and fips_standalone_sha1.exe from VC++
Dr. Stephen Henson [Mon, 6 Feb 2006 14:16:38 +0000 (14:16 +0000)]
Use and build fips_premain_dso.exe and fips_standalone_sha1.exe from VC++
instead of those from mingw build.

Visual Studio Express 2005 doesn't like fips_premain_dso.exe from mingw used
against its DLLs.

18 years agoAdd Makefile to fipshashes.c
Dr. Stephen Henson [Mon, 6 Feb 2006 00:48:37 +0000 (00:48 +0000)]
Add Makefile to fipshashes.c

18 years agoUpdate VC++ build for new FIPS paths.
Dr. Stephen Henson [Sun, 5 Feb 2006 23:49:07 +0000 (23:49 +0000)]
Update VC++ build for new FIPS paths.

18 years agoUse correct fips_premain_dso.exe path.
Dr. Stephen Henson [Sun, 5 Feb 2006 21:36:41 +0000 (21:36 +0000)]
Use correct fips_premain_dso.exe path.

18 years agoSanity check for FIPS module directory.
Dr. Stephen Henson [Sun, 5 Feb 2006 21:18:42 +0000 (21:18 +0000)]
Sanity check for FIPS module directory.

18 years agoUpdate VC++ build for FIPS mode.
Dr. Stephen Henson [Sun, 5 Feb 2006 20:52:56 +0000 (20:52 +0000)]
Update VC++ build for FIPS mode.

18 years agoinstall: target tune up.
Andy Polyakov [Sun, 5 Feb 2006 13:35:24 +0000 (13:35 +0000)]
install: target tune up.

18 years agoAdjust DIR variable in fips-1.0/Makefile accordingly.
Andy Polyakov [Sun, 5 Feb 2006 12:38:58 +0000 (12:38 +0000)]
Adjust DIR variable in fips-1.0/Makefile accordingly.

18 years agoUpdate/hack mkdef.pl to recognize and add SHA2 algorithms when OPENSSL_FIPS
Dr. Stephen Henson [Sat, 4 Feb 2006 23:05:40 +0000 (23:05 +0000)]
Update/hack mkdef.pl to recognize and add SHA2 algorithms when OPENSSL_FIPS
is defined.

18 years agoFix from HEAD.
Dr. Stephen Henson [Sat, 4 Feb 2006 01:50:41 +0000 (01:50 +0000)]
Fix from HEAD.

18 years agoFix from HEAD.
Dr. Stephen Henson [Sat, 4 Feb 2006 01:27:52 +0000 (01:27 +0000)]
Fix from HEAD.

18 years agoUse getcwd() because it works under MSYS but `pwd` doesn't.
Dr. Stephen Henson [Fri, 3 Feb 2006 23:55:26 +0000 (23:55 +0000)]
Use getcwd() because it works under MSYS but `pwd` doesn't.

18 years agoUpdate CHANGES/NEWS.
Dr. Stephen Henson [Fri, 3 Feb 2006 18:42:24 +0000 (18:42 +0000)]
Update CHANGES/NEWS.

18 years agoUpdated fips_test_suite.
Dr. Stephen Henson [Fri, 3 Feb 2006 18:27:13 +0000 (18:27 +0000)]
Updated fips_test_suite.

18 years agofix if statement: call conn_state() if the BIO is not in the BIO_CONN_S_OK state
Nils Larsch [Thu, 2 Feb 2006 22:29:55 +0000 (22:29 +0000)]
fix if statement: call conn_state() if the BIO is not in the BIO_CONN_S_OK state

18 years agoAdd fips_test_suite.c to TEST
Dr. Stephen Henson [Thu, 2 Feb 2006 15:10:50 +0000 (15:10 +0000)]
Add fips_test_suite.c to TEST

18 years agoSpotted divergence between CVS and submitted tar-ball.
Andy Polyakov [Wed, 1 Feb 2006 22:22:40 +0000 (22:22 +0000)]
Spotted divergence between CVS and submitted tar-ball.

18 years agoRemove files erroneously added in catalog rename.
Andy Polyakov [Wed, 1 Feb 2006 22:21:13 +0000 (22:21 +0000)]
Remove files erroneously added in catalog rename.

18 years agoFix from head.
Dr. Stephen Henson [Tue, 31 Jan 2006 18:38:06 +0000 (18:38 +0000)]
Fix from head.

18 years agoUpdate some scripts to use fips-1.0
Dr. Stephen Henson [Mon, 30 Jan 2006 18:51:36 +0000 (18:51 +0000)]
Update some scripts to use fips-1.0

18 years agoChange fips directory to fips-1.0
Dr. Stephen Henson [Mon, 30 Jan 2006 18:15:29 +0000 (18:15 +0000)]
Change fips directory to fips-1.0

18 years agoTypo
Lutz Jänicke [Mon, 30 Jan 2006 17:07:54 +0000 (17:07 +0000)]
Typo

Submitted by: Girish Venkatachalam <girish1729@gmail.com>

18 years agoBackport of other fixes to keep VC++ happy.
Dr. Stephen Henson [Mon, 30 Jan 2006 13:49:59 +0000 (13:49 +0000)]
Backport of other fixes to keep VC++ happy.

18 years agoBackport of changes to support later versions of VC++.
Dr. Stephen Henson [Mon, 30 Jan 2006 13:14:20 +0000 (13:14 +0000)]
Backport of changes to support later versions of VC++.

18 years agoSample FIPS object file integrity checking script.
Dr. Stephen Henson [Sat, 28 Jan 2006 13:34:27 +0000 (13:34 +0000)]
Sample FIPS object file integrity checking script.

18 years agoUpdate to VC++ static build.
Dr. Stephen Henson [Sat, 28 Jan 2006 13:33:31 +0000 (13:33 +0000)]
Update to VC++ static build.

18 years agoMove certs to right place.
Dr. Stephen Henson [Thu, 26 Jan 2006 17:48:13 +0000 (17:48 +0000)]
Move certs to right place.

18 years agoFIPS related updates for Windows build. Only build fipscanister.o from the
Dr. Stephen Henson [Thu, 26 Jan 2006 17:34:57 +0000 (17:34 +0000)]
FIPS related updates for Windows build. Only build fipscanister.o from the
GMAKE target. Use precompiled fipscanister.o from other targets.

Update fipslink.pl script to check fipscanister.o and fips_premain.c hashes.

18 years agoMake sure stanadlong SHA1 checker is built.
Dr. Stephen Henson [Wed, 25 Jan 2006 13:40:55 +0000 (13:40 +0000)]
Make sure stanadlong SHA1 checker is built.

18 years agoAdd VC++ using GNU (or other U*ix like make) target for mk1mf.pl
Dr. Stephen Henson [Wed, 25 Jan 2006 13:26:11 +0000 (13:26 +0000)]
Add VC++ using GNU (or other U*ix like make) target for mk1mf.pl

Autodetect VC++ in config script and generate Makefile

Add source hash checking to mk1mf.pl for VC++.

18 years agoFix static VC++ build for FIPS.
Dr. Stephen Henson [Sun, 22 Jan 2006 00:04:39 +0000 (00:04 +0000)]
Fix static VC++ build for FIPS.

18 years agoUpdate to VC++ in-core fingerprinting support.
Dr. Stephen Henson [Sat, 21 Jan 2006 22:14:07 +0000 (22:14 +0000)]
Update to VC++ in-core fingerprinting support.

18 years agoSupport for VC++ build with in-core hashing.
Dr. Stephen Henson [Sat, 21 Jan 2006 21:28:26 +0000 (21:28 +0000)]
Support for VC++ build with in-core hashing.

18 years agoReplace detached signature with in-core fingerprinting.
Andy Polyakov [Sat, 21 Jan 2006 14:01:30 +0000 (14:01 +0000)]
Replace detached signature with in-core fingerprinting.

18 years agoCorrectly encode FALSE for BOOL in ASN1_TYPE.
Dr. Stephen Henson [Thu, 19 Jan 2006 17:19:43 +0000 (17:19 +0000)]
Correctly encode FALSE for BOOL in ASN1_TYPE.

18 years agoTypo.
Dr. Stephen Henson [Sun, 15 Jan 2006 13:54:42 +0000 (13:54 +0000)]
Typo.

18 years agoForgot to initialize CC6DISABLEWARNINGS properly...
Richard Levitte [Wed, 11 Jan 2006 18:55:19 +0000 (18:55 +0000)]
Forgot to initialize CC6DISABLEWARNINGS properly...

18 years agoTypo...
Richard Levitte [Wed, 11 Jan 2006 13:31:12 +0000 (13:31 +0000)]
Typo...

18 years agoDisable the Mixed Linkage warning for some selected modules. This is
Richard Levitte [Mon, 9 Jan 2006 19:22:51 +0000 (19:22 +0000)]
Disable the Mixed Linkage warning for some selected modules.  This is
because the Compaq C compiler will not accept that a variable be
declared extern then defined static without a warning.

18 years agoSome error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)
Bodo Möller [Sun, 8 Jan 2006 19:33:31 +0000 (19:33 +0000)]
Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)

18 years agoRewrite timeout computation in a way that is less prone to overflow.
Bodo Möller [Fri, 30 Dec 2005 23:52:20 +0000 (23:52 +0000)]
Rewrite timeout computation in a way that is less prone to overflow.

(Problem reported by Peter Sylvester.)

18 years agoUpdate Makefile.org for zlib fix backport.
Dr. Stephen Henson [Sun, 11 Dec 2005 19:12:57 +0000 (19:12 +0000)]
Update Makefile.org for zlib fix backport.

18 years agoBackport of zlib fixes to 0.9.7.
Dr. Stephen Henson [Sat, 10 Dec 2005 13:36:13 +0000 (13:36 +0000)]
Backport of zlib fixes to 0.9.7.