Nils Larsch
54a2631eb3
fix no-ssl2 build
2006-12-06 16:52:55 +00:00
Nils Larsch
492a907089
fix function names in RSAerr calls
...
PR: 1403
2006-12-04 20:41:46 +00:00
Bodo Möller
9dc705a2ac
fix support for receiving fragmented handshake messages
2006-11-29 14:44:07 +00:00
Dr. Stephen Henson
ea474c567f
Rebuild error source files.
2006-11-21 19:27:19 +00:00
Dr. Stephen Henson
f6cdaa96c0
Use error table to determine if errors should be loaded.
2006-11-21 19:19:09 +00:00
Dr. Stephen Henson
0e5d87d76f
Fix from HEAD.
2006-11-13 13:23:33 +00:00
Mark J. Cox
055fa1c35c
Initialise ctx to NULL to avoid uninitialized free, noticed by
...
Steve Kiernan
2006-09-29 08:20:11 +00:00
Richard Levitte
90a63277e2
Oops, some changes forgotten...
2006-09-28 19:48:48 +00:00
Mark J. Cox
6b131d9c45
After tagging, open up 0.9.7m-dev
2006-09-28 12:00:30 +00:00
Mark J. Cox
c830c1a209
Prepare for 0.9.7l release
2006-09-28 11:56:57 +00:00
Mark J. Cox
b213966415
Introduce limits to prevent malicious keys being able to
...
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 11:53:51 +00:00
Dr. Stephen Henson
8db3f4ace9
Fix from HEAD.
2006-09-22 17:15:04 +00:00
Dr. Stephen Henson
4ebd255a5b
Fix from head.
2006-09-22 17:06:51 +00:00
Bodo Möller
d9d294463e
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
...
[Problem pointed out by Adam Young <adamy (at) acm.org>]
2006-09-19 10:00:29 +00:00
Bodo Möller
ea43804bda
Backport from HEAD: fix ciphersuite selection
2006-09-12 14:41:50 +00:00
Bodo Möller
c2293d2e9a
make consistent with 0.9.8-branch version of this file
2006-09-06 06:41:32 +00:00
Mark J. Cox
e872398844
Don't forget to put back the -dev
2006-09-05 08:46:18 +00:00
Mark J. Cox
60bee5d44c
Bump for 0.9.7l-dev
2006-09-05 08:38:12 +00:00
Mark J. Cox
975a7a483f
Prepare 0.9.7k release
2006-09-05 08:34:07 +00:00
Mark J. Cox
ffa0407233
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
...
(CVE-2006-4339) [Ben Laurie and Google Security Team]
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
2006-09-05 08:24:14 +00:00
Dr. Stephen Henson
6f414aef0e
Update from HEAD.
2006-08-31 20:11:30 +00:00
Dr. Stephen Henson
45e33ebeab
Fix from HEAD. Except we can't stream multipart/signed in 0.9.7 so that case
...
still rewinds the stream.
2006-07-13 20:36:51 +00:00
Dr. Stephen Henson
0f562e2a2c
Fix from HEAD.
2006-07-09 12:05:10 +00:00
Bodo Möller
ae2684851f
documentation for "HIGH" vs. "MEDIUM" was not up-to-date
2006-06-30 22:03:18 +00:00
Bodo Möller
feee55c65d
use <poll.h> as by Single Unix Specification
2006-06-30 08:15:13 +00:00
Bodo Möller
81edd235b1
always read if we can't use select because of a too large FD
...
(it's non-blocking mode anyway)
2006-06-28 14:49:39 +00:00
Andy Polyakov
23c13189e9
Mitigate the hazard of cache-collision timing attack on last round
...
[from HEAD].
2006-06-28 08:57:22 +00:00
Richard Levitte
bdd00f8c8a
Use poll() when possible to gather Unix randomness entropy
2006-06-27 06:31:48 +00:00
Bodo Möller
30c99d45b7
Be more explicit about requirements for multi-threading.
2006-06-23 14:59:43 +00:00
Richard Levitte
e4a901b0b3
Synchronise with the Unix build
2006-06-21 05:08:36 +00:00
Dr. Stephen Henson
e25a2423da
Place hex_to_string and string_to_hex in separate source file to avoid
...
dragging in extra dependencies when just these functions are used.
2006-06-20 18:06:40 +00:00
Bodo Möller
094c6aa51d
Thread-safety fixes
2006-06-16 01:01:34 +00:00
Bodo Möller
c098e8b6ca
Disable invalid ciphersuites
2006-06-14 17:51:36 +00:00
Bodo Möller
019a63f9c9
Thread-safety fixes
2006-06-14 08:50:11 +00:00
Dr. Stephen Henson
6651ac386e
Fix from head.
2006-05-17 18:25:38 +00:00
Dr. Stephen Henson
0be0592ec4
Fix from HEAD.
2006-05-17 18:20:53 +00:00
Dr. Stephen Henson
a6fb8a8203
Update for next dev version.
2006-05-04 13:08:01 +00:00
Dr. Stephen Henson
d26d236162
Prepare for release
2006-05-04 12:52:59 +00:00
Dr. Stephen Henson
3dcd6cf004
make update
2006-05-04 12:32:36 +00:00
Dr. Stephen Henson
daaca57e55
Use new fips-1.0 directory in error library.
2006-05-04 12:09:04 +00:00
Dr. Stephen Henson
309d74c8f0
Update CHANGES.
2006-05-04 11:16:20 +00:00
Dr. Stephen Henson
234f2f67ac
Add new --with-baseaddr command line option to allow the FIPS base address of
...
libeay32.dll to be explicitly specified.
2006-04-24 13:32:58 +00:00
Dr. Stephen Henson
d4e81773cc
Check pbe2->keyfunc->parameter is not NULL before dereferencing.
...
PR: 1316
2006-04-15 17:42:46 +00:00
Dr. Stephen Henson
d366bf7948
Typos.
2006-04-07 00:15:44 +00:00
Dr. Stephen Henson
6c9cd652f7
Link _chkstk.o from FIPSLIB_D.
2006-04-07 00:04:37 +00:00
Richard Levitte
dd4263d906
Change chop to chomp when reading lines, so CRLF is properly processed on
...
the operating systems where they are the normal line endings
2006-04-03 09:15:27 +00:00
Dr. Stephen Henson
f4e43726a8
Check flag before calling FIPS_dsa_check().
2006-03-31 22:44:20 +00:00
Dr. Stephen Henson
6fa6e3e2df
Flag to allow use of DSA_METHOD in FIPS mode.
2006-03-31 17:09:46 +00:00
Dr. Stephen Henson
fcdf1d3fc7
Update build system to make use of validated module in FIPS mode.
2006-03-28 12:10:37 +00:00
Nils Larsch
e0fe7abeec
apply fixes from the cvs head
2006-03-14 09:07:06 +00:00