wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7536 commits 20 branches 302 tags 153 MiB
Commit graph

1317 commits

Author SHA1 Message Date
Dr. Stephen Henson
49fa74385d Move minimal EVP_CIPHER implementation into FIPS library. Not used by 
any FIPS applications yet.
 2007-07-01 00:07:25 +00:00
Dr. Stephen Henson
53c381105a Update from stable branch. 2007-05-21 12:40:07 +00:00
Dr. Stephen Henson
a416ca47ac Merge from 0.9.8-stable. 2007-04-25 13:15:51 +00:00
Dr. Stephen Henson
1139eeecbc Merge from 0.9.8 stable branch. 2007-04-24 11:30:51 +00:00
Dr. Stephen Henson
282af42404 Add algorithm configuration module. 2007-04-08 17:51:02 +00:00
Dr. Stephen Henson
a81f337331 Block low level public key signature operations in FIPS mode. 
Update self tests for all modes and use EVP.

Update pairwise consistency checks.
 2007-04-06 00:30:24 +00:00
Dr. Stephen Henson
9719193222 New EVP sign and verify functionality. 2007-04-03 21:01:29 +00:00
Dr. Stephen Henson
ff03c6bc97 Add tiny ASN1 code for DSA signatures. 
Make DSA tests, selftests and algorithm tests use EVP.
 2007-04-02 23:59:47 +00:00
Dr. Stephen Henson
cb6fdc3a49 Update from stable branch. 2007-03-28 22:00:48 +00:00
Dr. Stephen Henson
8c3b5d5f27 Update from 0.9.8-stable with patches also applied to equivalent FIPS 
sources.
 2007-03-28 12:38:55 +00:00
Dr. Stephen Henson
6693e26927 Use perl script instead of editbin to rename object file sections. 2007-03-27 00:03:42 +00:00
Dr. Stephen Henson
793364457b Modify VC++ build sytem to use fipscanister.lib instead of fipscanister.o 
and avoid the need for ld.exe.
 2007-03-26 12:06:44 +00:00
Dr. Stephen Henson
55768cf773 Forward FIPS DLL implementations from libcrypto DLL under Win32. 2007-03-22 18:31:35 +00:00
Dr. Stephen Henson
aeb9ccfaad And so it begins... 2007-03-22 00:39:24 +00:00
Bodo Möller
6fd3f3260d stricter session ID context matching 2007-03-21 14:33:01 +00:00
Bodo Möller
d9e262443c oops -- this should have been in 0.9.8e 2007-03-21 14:18:27 +00:00
Bodo Möller
402b951804 include complete 0.9.7 history 2007-02-26 10:48:56 +00:00
Dr. Stephen Henson
5dd24ead57 Prepare for next version. 2007-02-23 12:50:54 +00:00
Dr. Stephen Henson
0615396d2d Prepare for release. 2007-02-23 12:12:28 +00:00
Lutz Jänicke
cdb13ae8d0 Extend SMTP and IMAP protocol handling to perform the required 
EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
 2007-02-21 18:20:33 +00:00
Dr. Stephen Henson
52ee969e29 Update from 0.9.7-stable. 2007-02-21 13:48:49 +00:00
Bodo Möller
55f0501201 Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a 
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.
 2007-02-19 18:38:11 +00:00
Bodo Möller
5f4cc234fb Some fixes for ciphersuite string processing: 
- add a workaround provided by Victor Duchovni so that 128- and
  256-bit variants of otherwise identical ciphersuites are treated
  correctly;

- also, correctly skip invalid parts of ciphersuite description strings.

Submitted by: Victor Duchovni, Bodo Moeller
 2007-02-17 06:52:42 +00:00
Nils Larsch
68bb98159f fix typos 
PR: 1354, 1355, 1398
 2006-12-21 21:11:44 +00:00
Bodo Möller
1a8521ff24 Fix the BIT STRING encoding of EC points or parameter seeds 
(need to prevent the removal of trailing zero bits).
 2006-12-19 15:10:46 +00:00
Bodo Möller
5c6f76da0a fix support for receiving fragmented handshake messages 2006-11-29 14:45:14 +00:00
Ben Laurie
4636341b05 Add RFC 3779 support, contributed by ARIN. 2006-11-27 13:36:55 +00:00
Dr. Stephen Henson
900f7a8776 Update from 0.9.7-stable. 
Improve mkerr.pl header file function name parsing.
 2006-11-21 20:14:05 +00:00
Bodo Möller
bd869183d5 for completeness, include 0.9.7l information 2006-09-28 13:29:08 +00:00
Mark J. Cox
25e52a78fb After tagging, bump ready for 0.9.8e development 2006-09-28 11:39:33 +00:00
Mark J. Cox
47c4bb2ddf Prepare for 0.9.8d release 2006-09-28 11:32:42 +00:00
Mark J. Cox
951dfbb13a Introduce limits to prevent malicious keys being able to 
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
 2006-09-28 11:29:03 +00:00
Bodo Möller
8fdb296cbd Update 2006-09-12 14:42:09 +00:00
Bodo Möller
879b30aaa3 ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 
ciphersuite as well
 2006-09-11 09:48:46 +00:00
Mark J. Cox
da1841a075 After tagging, prep for next release 2006-09-05 08:51:30 +00:00
Mark J. Cox
0a0a10d127 Ready for 0.9.8c release 2006-09-05 08:45:37 +00:00
Mark J. Cox
df20b6e79b Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher 
(CVE-2006-4339)

Submitted by:  Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
 2006-09-05 08:25:42 +00:00
Ben Laurie
4b9dcd821f Add IGE and biIGE modes. 2006-08-28 11:00:32 +00:00
Bodo Möller
ec67e3b7e4 always read in RAND_poll() if we can't use select because of a too 
large FD: it's non-blocking mode anyway
 2006-06-28 14:50:00 +00:00
Richard Levitte
8de95bc05b Use poll() when possible to gather Unix randomness entropy 2006-06-27 06:31:57 +00:00
Bodo Möller
aa17ab7e57 Put ECCdraft ciphersuites back into default build (but disabled 
unless specifically requested)
 2006-06-22 12:35:54 +00:00
Bodo Möller
35908bd040 Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch) 2006-06-20 08:50:33 +00:00
Bodo Möller
0e73294e26 Disable invalid ciphersuites 2006-06-14 17:52:01 +00:00
Bodo Möller
6d2cd23f40 Thread-safety fixes 2006-06-14 08:51:41 +00:00
Bodo Möller
e18eef3d7a Camellia cipher, contributed by NTT 
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
 2006-06-09 15:42:21 +00:00
Dr. Stephen Henson
b723a7b11b Don't check for padding bug if compression is negotiated. 
PR: 1204
 2006-05-07 12:27:48 +00:00
Dr. Stephen Henson
1c5dc844e7 Update for next dev version. 2006-05-04 13:08:35 +00:00
Dr. Stephen Henson
f871949efd Prepare for new release. 2006-05-04 12:46:42 +00:00
Dr. Stephen Henson
cbb0b734c7 If cipher list contains a match for an explicit ciphersuite only match that 
one suite.
 2006-04-15 00:22:34 +00:00
Bodo Möller
5586a71a6e clarification 2006-03-11 22:10:46 +00:00