Dr. Stephen Henson
4877e30504
Fix from HEAD.
2006-11-13 13:23:05 +00:00
Nils Larsch
4656ec3852
update md docs
2006-10-27 21:59:48 +00:00
Andy Polyakov
e336441197
Gcc over-optimizes PadLock AES CFB codepath, tell it not to [from HEAD].
2006-10-19 20:56:31 +00:00
Dr. Stephen Henson
20d6182f33
Typo.
2006-10-05 21:59:09 +00:00
Nils Larsch
aa145866f9
return an error if the supplied precomputed values lead to an invalid signature
2006-10-04 19:55:03 +00:00
Mark J. Cox
fdff41e166
Initialise ctx to NULL to avoid uninitialized free, noticed by
...
Steve Kiernan
2006-09-29 08:21:07 +00:00
Richard Levitte
07b4bc3979
APP_FILES is no longer used, remove it everywhere.
2006-09-29 06:54:39 +00:00
Bodo Möller
0c66d3ae37
fix typo
2006-09-28 13:30:28 +00:00
Bodo Möller
bd869183d5
for completeness, include 0.9.7l information
2006-09-28 13:29:08 +00:00
Richard Levitte
7e2bf83100
Fixes for the following claims:
...
1) Certificate Message with no certs
OpenSSL implementation sends the Certificate message during SSL
handshake, however as per the specification, these have been omitted.
-- RFC 2712 --
CertificateRequest, and the ServerKeyExchange shown in Figure 1
will be omitted since authentication and the establishment of a
master secret will be done using the client's Kerberos credentials
for the TLS server. The client's certificate will be omitted for
the same reason.
-- RFC 2712 --
3) Pre-master secret Protocol version
The pre-master secret generated by OpenSSL does not have the correct
client version.
RFC 2712 says, if the Kerberos option is selected, the pre-master
secret structure is the same as that used in the RSA case.
TLS specification defines pre-master secret as:
struct {
ProtocolVersion client_version;
opaque random[46];
} PreMasterSecret;
where client_version is the latest protocol version supported by the
client
The pre-master secret generated by OpenSSL does not have the correct
client version. The implementation does not update the first 2 bytes
of random secret for Kerberos Cipher suites. At the server-end, the
client version from the pre-master secret is not validated.
PR: 1336
2006-09-28 12:23:15 +00:00
Mark J. Cox
25e52a78fb
After tagging, bump ready for 0.9.8e development
2006-09-28 11:39:33 +00:00
Mark J. Cox
47c4bb2ddf
Prepare for 0.9.8d release
2006-09-28 11:32:42 +00:00
Mark J. Cox
951dfbb13a
Introduce limits to prevent malicious keys being able to
...
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 11:29:03 +00:00
Dr. Stephen Henson
81780a3b62
Update from HEAD.
2006-09-23 17:30:25 +00:00
Dr. Stephen Henson
c574d0cdf2
Fix from HEAD.
2006-09-22 17:14:44 +00:00
Dr. Stephen Henson
c987c3f999
Fix from HEAD.
2006-09-22 17:07:40 +00:00
Dr. Stephen Henson
1a5e414863
Fix but in apps/pkcs12.c
...
PR: 1377
2006-09-22 00:28:37 +00:00
Andy Polyakov
ec3639385e
Build error on non-unix [from HEAD].
...
PR: 1390
2006-09-18 19:51:45 +00:00
Andy Polyakov
f01cfca6a4
Race condition in ms/uplink.c [from HEAD].
...
PR: 1382
2006-09-18 19:44:23 +00:00
Bodo Möller
7d5af5e0fa
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
...
[Problem pointed out by Adam Young <adamy (at) acm.org>]
2006-09-18 14:01:39 +00:00
Bodo Möller
8fdb296cbd
Update
2006-09-12 14:42:09 +00:00
Bodo Möller
879b30aaa3
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
...
ciphersuite as well
2006-09-11 09:48:46 +00:00
Bodo Möller
40ddcb717a
Remove non-functional part of recent patch, after discussion with
...
Colin Percival (this would have caused more problems than solved,
and isn't really necessary anyway)
2006-09-06 06:43:26 +00:00
Mark J. Cox
da1841a075
After tagging, prep for next release
2006-09-05 08:51:30 +00:00
Mark J. Cox
0a0a10d127
Ready for 0.9.8c release
2006-09-05 08:45:37 +00:00
Mark J. Cox
df20b6e79b
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
...
(CVE-2006-4339)
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
2006-09-05 08:25:42 +00:00
Dr. Stephen Henson
f4f1dc39e0
Fix from HEAD.
2006-08-31 21:01:41 +00:00
Dr. Stephen Henson
340b4dd7df
Fix from HEAD.
2006-08-31 20:11:09 +00:00
Ben Laurie
4b9dcd821f
Add IGE and biIGE modes.
2006-08-28 11:00:32 +00:00
Andy Polyakov
669c5c9380
Engage assembler in solaris64-x86_64-cc [backport from HEAD].
2006-08-01 16:13:47 +00:00
Bodo Möller
7f9aa6c59b
Camellia IPR information
2006-07-31 11:50:02 +00:00
Bodo Möller
d9c06b56ca
New Camellia implementation (replacing previous version)
...
Submitted by: NTT
2006-07-19 13:38:27 +00:00
Bodo Möller
d045e1d77e
Camellia information
2006-07-19 13:37:10 +00:00
Dr. Stephen Henson
6d14cc7ec1
Fix from HEAD.
2006-07-13 20:35:33 +00:00
Dr. Stephen Henson
eb499b2854
Oops...
2006-07-09 12:07:22 +00:00
Dr. Stephen Henson
65a82ef6d7
Fix from HEAD.
2006-07-09 12:03:02 +00:00
Ben Laurie
616f581650
Fix warning.
2006-07-02 14:43:21 +00:00
Bodo Möller
57e802656f
documentation for "HIGH" vs. "MEDIUM" was not up-to-date
2006-06-30 22:03:48 +00:00
Bodo Möller
5d7f15daf8
use <poll.h> as by Single Unix Specification
2006-06-30 08:14:50 +00:00
Bodo Möller
ec67e3b7e4
always read in RAND_poll() if we can't use select because of a too
...
large FD: it's non-blocking mode anyway
2006-06-28 14:50:00 +00:00
Andy Polyakov
0d3ff3c073
aes-586.pl sync from HEAD.
2006-06-28 09:01:40 +00:00
Andy Polyakov
325e48867c
Mitigate the hazard of cache-collision timing attack on last round
...
[from HEAD].
2006-06-28 08:58:15 +00:00
Richard Levitte
8de95bc05b
Use poll() when possible to gather Unix randomness entropy
2006-06-27 06:31:57 +00:00
Bodo Möller
5e3003bb52
Be more explicit about requirements for multi-threading.
2006-06-23 14:59:59 +00:00
Bodo Möller
e6e3f38bfa
Fix for previous change: explicitly named ciphersuites are OK to add
2006-06-22 13:07:45 +00:00
Bodo Möller
aa17ab7e57
Put ECCdraft ciphersuites back into default build (but disabled
...
unless specifically requested)
2006-06-22 12:35:54 +00:00
Bodo Möller
35908bd040
Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)
2006-06-20 08:50:33 +00:00
Bodo Möller
4a9cfd763e
Another thread-safety fix
2006-06-16 01:01:14 +00:00
Bodo Möller
0e73294e26
Disable invalid ciphersuites
2006-06-14 17:52:01 +00:00
Bodo Möller
b610f46bae
Make sure that AES ciphersuites get priority over Camellia ciphersuites
...
in the default cipher string.
2006-06-14 13:52:49 +00:00