Dr. Stephen Henson
0633bca11c
Updates from 0.9.8-stable
2007-12-14 01:16:16 +00:00
Dr. Stephen Henson
100868d1cf
Link fips utils against fipscanister.lib only except for dso builds.
...
Add --with-fipslibdir option to Configure.
2007-07-20 22:23:11 +00:00
Dr. Stephen Henson
0712210f03
Typo.
2007-07-19 21:44:25 +00:00
Dr. Stephen Henson
23830280e4
Add SSE2 support to VC++ build. Update MASM script.
2007-07-19 12:17:56 +00:00
Dr. Stephen Henson
9593bc46bf
Tolerate DigestInfo with absent parameters in FIPS mode.
2007-07-15 16:10:46 +00:00
Dr. Stephen Henson
1b8b2d9300
Enhance mkfipsscr.pl to handle different testvector paths and perform
...
sanity checks.
Make AES/TDES algorithm test programs quiet if VERBOSE is zero.
2007-07-15 12:01:54 +00:00
Dr. Stephen Henson
4e1778b0d8
Update Windows build system to use AES assembler and standard assembly
...
language routines in FIPS mode compiles.
2007-07-12 08:20:21 +00:00
Dr. Stephen Henson
475631c31a
Use common source files for FIPS mode and utilize same optimizations.
2007-07-10 21:24:32 +00:00
Dr. Stephen Henson
ffc35e73b4
Check selftest status in all crypto operations and abort with
...
a fatal error on failure.
2007-07-02 11:22:50 +00:00
Dr. Stephen Henson
a197212e0f
Modify AES and 3DES selftests to use EVP.
2007-07-01 23:19:15 +00:00
Dr. Stephen Henson
8944220221
Move 3DES EVP inside FIPS module and modify algorithm tests to use it.
2007-07-01 17:58:15 +00:00
Dr. Stephen Henson
5fd76ba57a
Changes to make AES algorithm test work via EVP.
2007-07-01 12:53:10 +00:00
Dr. Stephen Henson
49fa74385d
Move minimal EVP_CIPHER implementation into FIPS library. Not used by
...
any FIPS applications yet.
2007-07-01 00:07:25 +00:00
Dr. Stephen Henson
53c381105a
Update from stable branch.
2007-05-21 12:40:07 +00:00
Dr. Stephen Henson
a416ca47ac
Merge from 0.9.8-stable.
2007-04-25 13:15:51 +00:00
Dr. Stephen Henson
1139eeecbc
Merge from 0.9.8 stable branch.
2007-04-24 11:30:51 +00:00
Dr. Stephen Henson
282af42404
Add algorithm configuration module.
2007-04-08 17:51:02 +00:00
Dr. Stephen Henson
a81f337331
Block low level public key signature operations in FIPS mode.
...
Update self tests for all modes and use EVP.
Update pairwise consistency checks.
2007-04-06 00:30:24 +00:00
Dr. Stephen Henson
9719193222
New EVP sign and verify functionality.
2007-04-03 21:01:29 +00:00
Dr. Stephen Henson
ff03c6bc97
Add tiny ASN1 code for DSA signatures.
...
Make DSA tests, selftests and algorithm tests use EVP.
2007-04-02 23:59:47 +00:00
Dr. Stephen Henson
cb6fdc3a49
Update from stable branch.
2007-03-28 22:00:48 +00:00
Dr. Stephen Henson
8c3b5d5f27
Update from 0.9.8-stable with patches also applied to equivalent FIPS
...
sources.
2007-03-28 12:38:55 +00:00
Dr. Stephen Henson
6693e26927
Use perl script instead of editbin to rename object file sections.
2007-03-27 00:03:42 +00:00
Dr. Stephen Henson
793364457b
Modify VC++ build sytem to use fipscanister.lib instead of fipscanister.o
...
and avoid the need for ld.exe.
2007-03-26 12:06:44 +00:00
Dr. Stephen Henson
55768cf773
Forward FIPS DLL implementations from libcrypto DLL under Win32.
2007-03-22 18:31:35 +00:00
Dr. Stephen Henson
aeb9ccfaad
And so it begins...
2007-03-22 00:39:24 +00:00
Bodo Möller
6fd3f3260d
stricter session ID context matching
2007-03-21 14:33:01 +00:00
Bodo Möller
d9e262443c
oops -- this should have been in 0.9.8e
2007-03-21 14:18:27 +00:00
Bodo Möller
402b951804
include complete 0.9.7 history
2007-02-26 10:48:56 +00:00
Dr. Stephen Henson
5dd24ead57
Prepare for next version.
2007-02-23 12:50:54 +00:00
Dr. Stephen Henson
0615396d2d
Prepare for release.
2007-02-23 12:12:28 +00:00
Lutz Jänicke
cdb13ae8d0
Extend SMTP and IMAP protocol handling to perform the required
...
EHLO or CAPABILITY handshake before sending STARTTLS
Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
2007-02-21 18:20:33 +00:00
Dr. Stephen Henson
52ee969e29
Update from 0.9.7-stable.
2007-02-21 13:48:49 +00:00
Bodo Möller
55f0501201
Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
...
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.
2007-02-19 18:38:11 +00:00
Bodo Möller
5f4cc234fb
Some fixes for ciphersuite string processing:
...
- add a workaround provided by Victor Duchovni so that 128- and
256-bit variants of otherwise identical ciphersuites are treated
correctly;
- also, correctly skip invalid parts of ciphersuite description strings.
Submitted by: Victor Duchovni, Bodo Moeller
2007-02-17 06:52:42 +00:00
Nils Larsch
68bb98159f
fix typos
...
PR: 1354, 1355, 1398
2006-12-21 21:11:44 +00:00
Bodo Möller
1a8521ff24
Fix the BIT STRING encoding of EC points or parameter seeds
...
(need to prevent the removal of trailing zero bits).
2006-12-19 15:10:46 +00:00
Bodo Möller
5c6f76da0a
fix support for receiving fragmented handshake messages
2006-11-29 14:45:14 +00:00
Ben Laurie
4636341b05
Add RFC 3779 support, contributed by ARIN.
2006-11-27 13:36:55 +00:00
Dr. Stephen Henson
900f7a8776
Update from 0.9.7-stable.
...
Improve mkerr.pl header file function name parsing.
2006-11-21 20:14:05 +00:00
Bodo Möller
bd869183d5
for completeness, include 0.9.7l information
2006-09-28 13:29:08 +00:00
Mark J. Cox
25e52a78fb
After tagging, bump ready for 0.9.8e development
2006-09-28 11:39:33 +00:00
Mark J. Cox
47c4bb2ddf
Prepare for 0.9.8d release
2006-09-28 11:32:42 +00:00
Mark J. Cox
951dfbb13a
Introduce limits to prevent malicious keys being able to
...
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 11:29:03 +00:00
Bodo Möller
8fdb296cbd
Update
2006-09-12 14:42:09 +00:00
Bodo Möller
879b30aaa3
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
...
ciphersuite as well
2006-09-11 09:48:46 +00:00
Mark J. Cox
da1841a075
After tagging, prep for next release
2006-09-05 08:51:30 +00:00
Mark J. Cox
0a0a10d127
Ready for 0.9.8c release
2006-09-05 08:45:37 +00:00
Mark J. Cox
df20b6e79b
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
...
(CVE-2006-4339)
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
2006-09-05 08:25:42 +00:00
Ben Laurie
4b9dcd821f
Add IGE and biIGE modes.
2006-08-28 11:00:32 +00:00