Commit graph

8448 commits

Author SHA1 Message Date
Nils Larsch
54a2631eb3 fix no-ssl2 build 2006-12-06 16:52:55 +00:00
Nils Larsch
492a907089 fix function names in RSAerr calls
PR: 1403
2006-12-04 20:41:46 +00:00
Bodo Möller
9dc705a2ac fix support for receiving fragmented handshake messages 2006-11-29 14:44:07 +00:00
Dr. Stephen Henson
ea474c567f Rebuild error source files. 2006-11-21 19:27:19 +00:00
Dr. Stephen Henson
f6cdaa96c0 Use error table to determine if errors should be loaded. 2006-11-21 19:19:09 +00:00
Dr. Stephen Henson
0e5d87d76f Fix from HEAD. 2006-11-13 13:23:33 +00:00
Mark J. Cox
055fa1c35c Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan
2006-09-29 08:20:11 +00:00
Richard Levitte
90a63277e2 Oops, some changes forgotten... 2006-09-28 19:48:48 +00:00
Mark J. Cox
6b131d9c45 After tagging, open up 0.9.7m-dev 2006-09-28 12:00:30 +00:00
Mark J. Cox
c830c1a209 Prepare for 0.9.7l release 2006-09-28 11:56:57 +00:00
Mark J. Cox
b213966415 Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 11:53:51 +00:00
Dr. Stephen Henson
8db3f4ace9 Fix from HEAD. 2006-09-22 17:15:04 +00:00
Dr. Stephen Henson
4ebd255a5b Fix from head. 2006-09-22 17:06:51 +00:00
Bodo Möller
d9d294463e Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
[Problem pointed out by Adam Young <adamy (at) acm.org>]
2006-09-19 10:00:29 +00:00
Bodo Möller
ea43804bda Backport from HEAD: fix ciphersuite selection 2006-09-12 14:41:50 +00:00
Bodo Möller
c2293d2e9a make consistent with 0.9.8-branch version of this file 2006-09-06 06:41:32 +00:00
Mark J. Cox
e872398844 Don't forget to put back the -dev 2006-09-05 08:46:18 +00:00
Mark J. Cox
60bee5d44c Bump for 0.9.7l-dev 2006-09-05 08:38:12 +00:00
Mark J. Cox
975a7a483f Prepare 0.9.7k release 2006-09-05 08:34:07 +00:00
Mark J. Cox
ffa0407233 Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)  [Ben Laurie and Google Security Team]

Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
2006-09-05 08:24:14 +00:00
Dr. Stephen Henson
6f414aef0e Update from HEAD. 2006-08-31 20:11:30 +00:00
Dr. Stephen Henson
45e33ebeab Fix from HEAD. Except we can't stream multipart/signed in 0.9.7 so that case
still rewinds the stream.
2006-07-13 20:36:51 +00:00
Dr. Stephen Henson
0f562e2a2c Fix from HEAD. 2006-07-09 12:05:10 +00:00
Bodo Möller
ae2684851f documentation for "HIGH" vs. "MEDIUM" was not up-to-date 2006-06-30 22:03:18 +00:00
Bodo Möller
feee55c65d use <poll.h> as by Single Unix Specification 2006-06-30 08:15:13 +00:00
Bodo Möller
81edd235b1 always read if we can't use select because of a too large FD
(it's non-blocking mode anyway)
2006-06-28 14:49:39 +00:00
Andy Polyakov
23c13189e9 Mitigate the hazard of cache-collision timing attack on last round
[from HEAD].
2006-06-28 08:57:22 +00:00
Richard Levitte
bdd00f8c8a Use poll() when possible to gather Unix randomness entropy 2006-06-27 06:31:48 +00:00
Bodo Möller
30c99d45b7 Be more explicit about requirements for multi-threading. 2006-06-23 14:59:43 +00:00
Richard Levitte
e4a901b0b3 Synchronise with the Unix build 2006-06-21 05:08:36 +00:00
Dr. Stephen Henson
e25a2423da Place hex_to_string and string_to_hex in separate source file to avoid
dragging in extra dependencies when just these functions are used.
2006-06-20 18:06:40 +00:00
Bodo Möller
094c6aa51d Thread-safety fixes 2006-06-16 01:01:34 +00:00
Bodo Möller
c098e8b6ca Disable invalid ciphersuites 2006-06-14 17:51:36 +00:00
Bodo Möller
019a63f9c9 Thread-safety fixes 2006-06-14 08:50:11 +00:00
Dr. Stephen Henson
6651ac386e Fix from head. 2006-05-17 18:25:38 +00:00
Dr. Stephen Henson
0be0592ec4 Fix from HEAD. 2006-05-17 18:20:53 +00:00
Dr. Stephen Henson
a6fb8a8203 Update for next dev version. 2006-05-04 13:08:01 +00:00
Dr. Stephen Henson
d26d236162 Prepare for release 2006-05-04 12:52:59 +00:00
Dr. Stephen Henson
3dcd6cf004 make update 2006-05-04 12:32:36 +00:00
Dr. Stephen Henson
daaca57e55 Use new fips-1.0 directory in error library. 2006-05-04 12:09:04 +00:00
Dr. Stephen Henson
309d74c8f0 Update CHANGES. 2006-05-04 11:16:20 +00:00
Dr. Stephen Henson
234f2f67ac Add new --with-baseaddr command line option to allow the FIPS base address of
libeay32.dll to be explicitly specified.
2006-04-24 13:32:58 +00:00
Dr. Stephen Henson
d4e81773cc Check pbe2->keyfunc->parameter is not NULL before dereferencing.
PR: 1316
2006-04-15 17:42:46 +00:00
Dr. Stephen Henson
d366bf7948 Typos. 2006-04-07 00:15:44 +00:00
Dr. Stephen Henson
6c9cd652f7 Link _chkstk.o from FIPSLIB_D. 2006-04-07 00:04:37 +00:00
Richard Levitte
dd4263d906 Change chop to chomp when reading lines, so CRLF is properly processed on
the operating systems where they are the normal line endings
2006-04-03 09:15:27 +00:00
Dr. Stephen Henson
f4e43726a8 Check flag before calling FIPS_dsa_check(). 2006-03-31 22:44:20 +00:00
Dr. Stephen Henson
6fa6e3e2df Flag to allow use of DSA_METHOD in FIPS mode. 2006-03-31 17:09:46 +00:00
Dr. Stephen Henson
fcdf1d3fc7 Update build system to make use of validated module in FIPS mode. 2006-03-28 12:10:37 +00:00
Nils Larsch
e0fe7abeec apply fixes from the cvs head 2006-03-14 09:07:06 +00:00