Commit graph

7929 commits

Author SHA1 Message Date
Andy Polyakov
544d845585 OPENSSL_ia32cap.pod update. 2006-10-23 07:44:51 +00:00
Andy Polyakov
a6efc2d1b8 Fix mingw warnings. 2006-10-23 07:41:05 +00:00
Andy Polyakov
3189772e07 Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even
recent mingw modifications.
2006-10-23 07:38:30 +00:00
Andy Polyakov
08a638237d Allow for mingw cross-compile configuration. 2006-10-23 07:30:19 +00:00
Andy Polyakov
d8cdd1567f Make c_rehash more platform neutral and make it work in mixed environment,
such as MSYS with "native" Win32 perl.
2006-10-21 16:28:03 +00:00
Andy Polyakov
cbfb39d1be Rudimentary support for cross-compiling. 2006-10-21 13:38:16 +00:00
Andy Polyakov
a4d64c7f49 Align data payload for better performance. 2006-10-20 11:26:00 +00:00
Andy Polyakov
1e7b6c029c Avoid application relink on every make invocation. 2006-10-20 11:23:35 +00:00
Andy Polyakov
3634d7e97a Gcc over-optimizes PadLock AES CFB codepath, tell it not to. 2006-10-19 20:55:05 +00:00
Andy Polyakov
53d7efea76 Temporary fix for sha256 IA64 assembler. 2006-10-18 09:42:56 +00:00
Andy Polyakov
002684d693 Fix bug in big-endian path and optimize it for size. 2006-10-18 08:15:16 +00:00
Andy Polyakov
c038b8aa56 Typo in perlasm/x86asm.pl. 2006-10-17 16:21:28 +00:00
Andy Polyakov
c5f17d45c1 Further synchronizations with md32_common.h update, consistent naming
for low-level SHA block routines.
2006-10-17 16:13:18 +00:00
Andy Polyakov
31439046e0 bn/asm/ppc.pl to use ppc-xlate.pl. 2006-10-17 14:37:07 +00:00
Andy Polyakov
11d0ebc841 Further synchronizations with md32_common.h update. 2006-10-17 13:38:10 +00:00
Andy Polyakov
cecfdbf72d VIA-specific Montgomery multiplication routine. 2006-10-17 07:04:48 +00:00
Andy Polyakov
f0f61f6d0d Synchronize SHA1 assembler with md32_common.h update. 2006-10-17 07:00:23 +00:00
Andy Polyakov
d68ff71004 Support for .asciz directive in perlasm modules. 2006-10-17 06:43:11 +00:00
Andy Polyakov
591e85e928 Linking errors on IA64 and typo in aes-ia64.S. 2006-10-17 06:41:27 +00:00
Andy Polyakov
c69ed6ea39 Re-implement md32_common.h [make it simpler!] and eliminate code rendered
redundant as result.
2006-10-11 11:55:11 +00:00
Dr. Stephen Henson
55a08fac68 Typo. 2006-10-05 21:59:50 +00:00
Nils Larsch
2fc281d01f return an error if the supplied precomputed values lead to an invalid signature 2006-10-04 19:37:17 +00:00
Bodo Möller
d326582cab ASN1_item_verify needs to initialize ctx before any "goto err" can
happen; the new code for the OID cross reference table failed to do so.
2006-10-04 06:14:36 +00:00
Dr. Stephen Henson
f4c630abb3 Place standard CRL behaviour in default X509_CRL_METHOD new functions to
create, free and set default CRL method.
2006-10-03 02:47:59 +00:00
Mark J. Cox
c2cccfc585 Initialise ctx to NULL to avoid uninitialized free, noticed by
Steve Kiernan
2006-09-29 08:21:41 +00:00
Bodo Möller
3c5406b35c All 0.9.8d patches have been applied to HEAD now, so we no longer need
the redundant entries under the 0.9.9 heading.
2006-09-28 13:50:41 +00:00
Bodo Möller
5e3225cc44 Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
2006-09-28 13:45:34 +00:00
Bodo Möller
61118caa86 include 0.9.8d and 0.9.7l information 2006-09-28 13:35:01 +00:00
Mark J. Cox
348be7ec60 Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]
2006-09-28 13:20:44 +00:00
Mark J. Cox
3ff55e9680 Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 13:18:43 +00:00
Richard Levitte
cbb92dfaf0 Fixes for the following claims:
1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336
2006-09-28 12:22:58 +00:00
Dr. Stephen Henson
019bfef899 Initialize new callbacks and make sure hent is always initialized. 2006-09-26 13:25:19 +00:00
Richard Levitte
0709249f4c Complete the change for VMS. 2006-09-25 08:35:35 +00:00
Dr. Stephen Henson
89c9c66736 Submitted by: Brad Spencer <spencer@jacknife.org>
Reviewed by: steve
2006-09-23 17:29:49 +00:00
Dr. Stephen Henson
347ed3b93c Buffer size handling fix for enc.
PR:1374
2006-09-22 17:14:22 +00:00
Dr. Stephen Henson
5b73c3609b Using correct lock for X509_REQ.
PR:1348
2006-09-22 17:06:09 +00:00
Dr. Stephen Henson
eebeb52b29 Update length if copying MSB set in asn1_string_canon(). 2006-09-22 13:37:15 +00:00
Dr. Stephen Henson
6ec6cfc767 Updated file. 2006-09-21 16:19:10 +00:00
Dr. Stephen Henson
44181ea836 Add missing prototype. Fix various warnings (C++ comments, ; outside function). 2006-09-21 13:24:46 +00:00
Dr. Stephen Henson
c80c7bf999 Make int_rsa_sign function match prototype.
PR: 1383
2006-09-21 13:11:24 +00:00
Dr. Stephen Henson
ffa5ebf3f4 Compile in gost engine. 2006-09-21 13:07:57 +00:00
Dr. Stephen Henson
926c41bd29 Updated version of gost engine. 2006-09-21 13:04:43 +00:00
Dr. Stephen Henson
1182301ca7 Do CRL method init after other operations. 2006-09-21 12:48:56 +00:00
Dr. Stephen Henson
010fa0b331 Tidy up CRL handling by checking for critical extensions when it is
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.

Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
2006-09-21 12:42:15 +00:00
Andy Polyakov
4ca7d975af Build error on non-unix.
PR: 1390
2006-09-18 19:50:54 +00:00
Andy Polyakov
b774111020 Race condition in ms/uplink.c.
PR: 1382
2006-09-18 19:41:37 +00:00
Andy Polyakov
78260d890b As x86ms.pl is out, remove do_masm.bat and mention to it in INSTALL.W32. 2006-09-18 19:20:43 +00:00
Andy Polyakov
4b67fefe5a Remove x86ms.pl and reimplement x86*.pl. 2006-09-18 19:17:09 +00:00
Andy Polyakov
3a8012cbf2 Improve 386 portability of aes-586.pl. 2006-09-18 19:13:15 +00:00
Bodo Möller
a53cdc5b08 Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
[Problem pointed out by Adam Young <adamy (at) acm.org>]
2006-09-18 14:00:49 +00:00