Commit graph

1329 commits

Author SHA1 Message Date
Dr. Stephen Henson
0633bca11c Updates from 0.9.8-stable 2007-12-14 01:16:16 +00:00
Dr. Stephen Henson
100868d1cf Link fips utils against fipscanister.lib only except for dso builds.
Add --with-fipslibdir option to Configure.
2007-07-20 22:23:11 +00:00
Dr. Stephen Henson
0712210f03 Typo. 2007-07-19 21:44:25 +00:00
Dr. Stephen Henson
23830280e4 Add SSE2 support to VC++ build. Update MASM script. 2007-07-19 12:17:56 +00:00
Dr. Stephen Henson
9593bc46bf Tolerate DigestInfo with absent parameters in FIPS mode. 2007-07-15 16:10:46 +00:00
Dr. Stephen Henson
1b8b2d9300 Enhance mkfipsscr.pl to handle different testvector paths and perform
sanity checks.

Make AES/TDES algorithm test programs quiet if VERBOSE is zero.
2007-07-15 12:01:54 +00:00
Dr. Stephen Henson
4e1778b0d8 Update Windows build system to use AES assembler and standard assembly
language routines in FIPS mode compiles.
2007-07-12 08:20:21 +00:00
Dr. Stephen Henson
475631c31a Use common source files for FIPS mode and utilize same optimizations. 2007-07-10 21:24:32 +00:00
Dr. Stephen Henson
ffc35e73b4 Check selftest status in all crypto operations and abort with
a fatal error on failure.
2007-07-02 11:22:50 +00:00
Dr. Stephen Henson
a197212e0f Modify AES and 3DES selftests to use EVP. 2007-07-01 23:19:15 +00:00
Dr. Stephen Henson
8944220221 Move 3DES EVP inside FIPS module and modify algorithm tests to use it. 2007-07-01 17:58:15 +00:00
Dr. Stephen Henson
5fd76ba57a Changes to make AES algorithm test work via EVP. 2007-07-01 12:53:10 +00:00
Dr. Stephen Henson
49fa74385d Move minimal EVP_CIPHER implementation into FIPS library. Not used by
any FIPS applications yet.
2007-07-01 00:07:25 +00:00
Dr. Stephen Henson
53c381105a Update from stable branch. 2007-05-21 12:40:07 +00:00
Dr. Stephen Henson
a416ca47ac Merge from 0.9.8-stable. 2007-04-25 13:15:51 +00:00
Dr. Stephen Henson
1139eeecbc Merge from 0.9.8 stable branch. 2007-04-24 11:30:51 +00:00
Dr. Stephen Henson
282af42404 Add algorithm configuration module. 2007-04-08 17:51:02 +00:00
Dr. Stephen Henson
a81f337331 Block low level public key signature operations in FIPS mode.
Update self tests for all modes and use EVP.

Update pairwise consistency checks.
2007-04-06 00:30:24 +00:00
Dr. Stephen Henson
9719193222 New EVP sign and verify functionality. 2007-04-03 21:01:29 +00:00
Dr. Stephen Henson
ff03c6bc97 Add tiny ASN1 code for DSA signatures.
Make DSA tests, selftests and algorithm tests use EVP.
2007-04-02 23:59:47 +00:00
Dr. Stephen Henson
cb6fdc3a49 Update from stable branch. 2007-03-28 22:00:48 +00:00
Dr. Stephen Henson
8c3b5d5f27 Update from 0.9.8-stable with patches also applied to equivalent FIPS
sources.
2007-03-28 12:38:55 +00:00
Dr. Stephen Henson
6693e26927 Use perl script instead of editbin to rename object file sections. 2007-03-27 00:03:42 +00:00
Dr. Stephen Henson
793364457b Modify VC++ build sytem to use fipscanister.lib instead of fipscanister.o
and avoid the need for ld.exe.
2007-03-26 12:06:44 +00:00
Dr. Stephen Henson
55768cf773 Forward FIPS DLL implementations from libcrypto DLL under Win32. 2007-03-22 18:31:35 +00:00
Dr. Stephen Henson
aeb9ccfaad And so it begins... 2007-03-22 00:39:24 +00:00
Bodo Möller
6fd3f3260d stricter session ID context matching 2007-03-21 14:33:01 +00:00
Bodo Möller
d9e262443c oops -- this should have been in 0.9.8e 2007-03-21 14:18:27 +00:00
Bodo Möller
402b951804 include complete 0.9.7 history 2007-02-26 10:48:56 +00:00
Dr. Stephen Henson
5dd24ead57 Prepare for next version. 2007-02-23 12:50:54 +00:00
Dr. Stephen Henson
0615396d2d Prepare for release. 2007-02-23 12:12:28 +00:00
Lutz Jänicke
cdb13ae8d0 Extend SMTP and IMAP protocol handling to perform the required
EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
2007-02-21 18:20:33 +00:00
Dr. Stephen Henson
52ee969e29 Update from 0.9.7-stable. 2007-02-21 13:48:49 +00:00
Bodo Möller
55f0501201 Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.
2007-02-19 18:38:11 +00:00
Bodo Möller
5f4cc234fb Some fixes for ciphersuite string processing:
- add a workaround provided by Victor Duchovni so that 128- and
  256-bit variants of otherwise identical ciphersuites are treated
  correctly;

- also, correctly skip invalid parts of ciphersuite description strings.

Submitted by: Victor Duchovni, Bodo Moeller
2007-02-17 06:52:42 +00:00
Nils Larsch
68bb98159f fix typos
PR: 1354, 1355, 1398
2006-12-21 21:11:44 +00:00
Bodo Möller
1a8521ff24 Fix the BIT STRING encoding of EC points or parameter seeds
(need to prevent the removal of trailing zero bits).
2006-12-19 15:10:46 +00:00
Bodo Möller
5c6f76da0a fix support for receiving fragmented handshake messages 2006-11-29 14:45:14 +00:00
Ben Laurie
4636341b05 Add RFC 3779 support, contributed by ARIN. 2006-11-27 13:36:55 +00:00
Dr. Stephen Henson
900f7a8776 Update from 0.9.7-stable.
Improve mkerr.pl header file function name parsing.
2006-11-21 20:14:05 +00:00
Bodo Möller
bd869183d5 for completeness, include 0.9.7l information 2006-09-28 13:29:08 +00:00
Mark J. Cox
25e52a78fb After tagging, bump ready for 0.9.8e development 2006-09-28 11:39:33 +00:00
Mark J. Cox
47c4bb2ddf Prepare for 0.9.8d release 2006-09-28 11:32:42 +00:00
Mark J. Cox
951dfbb13a Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 11:29:03 +00:00
Bodo Möller
8fdb296cbd Update 2006-09-12 14:42:09 +00:00
Bodo Möller
879b30aaa3 ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
ciphersuite as well
2006-09-11 09:48:46 +00:00
Mark J. Cox
da1841a075 After tagging, prep for next release 2006-09-05 08:51:30 +00:00
Mark J. Cox
0a0a10d127 Ready for 0.9.8c release 2006-09-05 08:45:37 +00:00
Mark J. Cox
df20b6e79b Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)

Submitted by:  Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
2006-09-05 08:25:42 +00:00
Ben Laurie
4b9dcd821f Add IGE and biIGE modes. 2006-08-28 11:00:32 +00:00