wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8513 commits 20 branches 302 tags 153 MiB
Commit graph

1174 commits

Author SHA1 Message Date
Dr. Stephen Henson
7e92432b39 Replace FIPS PRNG with AES version. 2007-02-21 16:57:35 +00:00
Dr. Stephen Henson
e3435a51f7 Include changes from 0.9.7-stable. 2007-02-21 13:50:22 +00:00
Dr. Stephen Henson
53ddf0cc10 FIPS portability patches. 
Submitted by:  Brad House <brad@mainstreetsoftworks.com>
 2007-02-05 18:42:12 +00:00
Dr. Stephen Henson
ca36b0969a Remove all error string tables out of fipscanister.o, reorganise 
ERR and SYS error code files to achieve this.
 2007-02-03 17:19:43 +00:00
Dr. Stephen Henson
385075063e Preliminary VC++ build changes to support fipsdso. New perl script nksdef.pl to 
work out how to split the DEF file between the two DLLs based on which symbols
the linker complains about (!).
 2007-01-27 13:19:42 +00:00
Dr. Stephen Henson
af10d72e10 New build option fipsdso 2007-01-25 18:47:19 +00:00
Dr. Stephen Henson
8e664b2055 Remove ASN1 library (and other) dependencies from fipscanister.o 2007-01-24 13:00:15 +00:00
Dr. Stephen Henson
d02dab1b32 Update version for FIPS2 branch. 2007-01-24 12:42:20 +00:00
Dr. Stephen Henson
eee04c54ae Expand security boundary to match 1.1.1 module. 2007-01-18 13:29:15 +00:00
Dr. Stephen Henson
18051aa815 Update fipsld to use external signature for fips_premain.c . Update build system 
remove redundant source file hash checks.
 2007-01-16 14:06:33 +00:00
Dr. Stephen Henson
d107905b31 Perl script to build shell scripts and batch files to run algorithm test programs. 2007-01-15 00:25:59 +00:00
Dr. Stephen Henson
7c4dd3fefe Make algorithm test programs tolerate whitespace in input files. 2007-01-14 17:01:31 +00:00
Bodo Möller
9dc705a2ac fix support for receiving fragmented handshake messages 2006-11-29 14:44:07 +00:00
Dr. Stephen Henson
f6cdaa96c0 Use error table to determine if errors should be loaded. 2006-11-21 19:19:09 +00:00
Mark J. Cox
6b131d9c45 After tagging, open up 0.9.7m-dev 2006-09-28 12:00:30 +00:00
Mark J. Cox
c830c1a209 Prepare for 0.9.7l release 2006-09-28 11:56:57 +00:00
Mark J. Cox
b213966415 Introduce limits to prevent malicious keys being able to 
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
 2006-09-28 11:53:51 +00:00
Bodo Möller
ea43804bda Backport from HEAD: fix ciphersuite selection 2006-09-12 14:41:50 +00:00
Mark J. Cox
60bee5d44c Bump for 0.9.7l-dev 2006-09-05 08:38:12 +00:00
Mark J. Cox
975a7a483f Prepare 0.9.7k release 2006-09-05 08:34:07 +00:00
Mark J. Cox
ffa0407233 Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher 
(CVE-2006-4339)  [Ben Laurie and Google Security Team]

Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
 2006-09-05 08:24:14 +00:00
Bodo Möller
81edd235b1 always read if we can't use select because of a too large FD 
(it's non-blocking mode anyway)
 2006-06-28 14:49:39 +00:00
Richard Levitte
bdd00f8c8a Use poll() when possible to gather Unix randomness entropy 2006-06-27 06:31:48 +00:00
Bodo Möller
c098e8b6ca Disable invalid ciphersuites 2006-06-14 17:51:36 +00:00
Bodo Möller
019a63f9c9 Thread-safety fixes 2006-06-14 08:50:11 +00:00
Dr. Stephen Henson
a6fb8a8203 Update for next dev version. 2006-05-04 13:08:01 +00:00
Dr. Stephen Henson
d26d236162 Prepare for release 2006-05-04 12:52:59 +00:00
Dr. Stephen Henson
309d74c8f0 Update CHANGES. 2006-05-04 11:16:20 +00:00
Dr. Stephen Henson
a5319427a2 Update CHANGES/NEWS. 2006-02-03 18:42:24 +00:00
Mark J. Cox
7606bb65ea One time CAN->CVE- renumbering 2005-10-19 10:49:39 +00:00
Richard Levitte
2f4d5c6542 After release. 2005-10-14 22:43:18 +00:00
Richard Levitte
deab8d9392 Time for release of 0.9.7i. 
The tag will be OpenSSL_0_9_7i
 2005-10-14 22:15:53 +00:00
Mark J. Cox
49a305e7ef Bump after tagging for 0.9.7h release 2005-10-11 10:14:27 +00:00
Mark J. Cox
a40916cbba Add fixes for CAN-2005-2969 
Bump release ready for OpenSSL_0_9_7h tag
 2005-10-11 10:10:05 +00:00
Dr. Stephen Henson
e96fad9d2d Typo. 2005-06-02 20:30:03 +00:00
Dr. Stephen Henson
0c7b06714e Add CHANGES entry for PSS and X9.31 padding. 2005-06-02 20:08:30 +00:00
Bodo Möller
44a287747f make sure DSA signing exponentiations really are constant-time 2005-05-26 04:40:42 +00:00
Bodo Möller
fd86c390eb Change wording for BN_mod_exp_mont_consttime() entry 2005-05-16 19:14:38 +00:00
Bodo Möller
ecb1445ce2 Implement fixed-window exponentiation to mitigate hyper-threading 
timing attacks.

BN_FLG_EXP_CONSTTIME requests this algorithm, and this done by default for
RSA/DSA/DH private key computations unless
RSA_FLAG_NO_EXP_CONSTTIME/DSA_FLAG_NO_EXP_CONSTTIME/
DH_FLAG_NO_EXP_CONSTTIME is set.

Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
 2005-05-16 01:26:08 +00:00
Bodo Möller
00c1c6cb28 PR:Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled 
with the SSL_OP_NO_SSLv2 option.
 2005-05-11 18:26:08 +00:00
Dr. Stephen Henson
73f3c281ff Update from HEAD. 2005-05-01 12:47:33 +00:00
Dr. Stephen Henson
4ed56cba63 New function BN_MONT_CTX_set_locked, to set montgomery parameters in a 
threadsafe manner.

Modify or add calls to use it in rsa, dsa and dh algorithms.
 2005-04-22 13:17:49 +00:00
Dr. Stephen Henson
96534114a3 Include error library value in C error source files instead of fixing up 
at runtime.
 2005-04-12 13:30:45 +00:00
Richard Levitte
d060fc9ff2 Now that things have been tagged properly, make preparations for the 
next version in the 0.9.7 branch.
 2005-04-11 15:15:09 +00:00
Richard Levitte
22e5a7935f Prepare to release 0.9.7g. 
The tag till be OpenSSL_0_9_7g.
 2005-04-11 15:10:07 +00:00
Richard Levitte
93aeac64ce Merge RFC3820 source into mainstream 0.9.7-stable. 2005-04-11 15:03:37 +00:00
Dr. Stephen Henson
c710c7b3a3 Make kerberos ciphersuites work with newer headers. 2005-04-09 23:32:37 +00:00
Ulf Möller
4cf8f9369c undo Cygwin change 2005-03-23 22:01:57 +00:00
Dr. Stephen Henson
da26bcb5de Update CHANGES, opensslv.h 2005-03-22 21:27:36 +00:00
Dr. Stephen Henson
9c29e781a8 Oops, use right date! 2005-03-22 19:14:42 +00:00