Dr. Stephen Henson
5792219d1d
Redirect cipher operations to FIPS module for FIPS builds.
2011-05-29 16:18:38 +00:00
Dr. Stephen Henson
04dc5a9ca6
Redirect digests to FIPS module for FIPS builds.
...
Use FIPS API when initialising digests.
Sync header file evp.h and error codes with HEAD for necessary FIPS
definitions.
2011-05-28 23:01:26 +00:00
Dr. Stephen Henson
6ea8d138d3
Fix the ECDSA timing attack mentioned in the paper at:
...
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:42:27 +00:00
Dr. Stephen Henson
b81fde02aa
Add server client certificate support for TLS v1.2 . This is more complex
...
than client side as we need to keep the handshake record cache frozen when
it contains all the records need to process the certificate verify message.
(backport from HEAD).
2011-05-20 14:58:45 +00:00
Dr. Stephen Henson
7043fa702f
add FIPS support to ssl: doesn't do anything on this branch yet as there is no FIPS compilation support
2011-05-19 18:22:16 +00:00
Dr. Stephen Henson
f98d2e5cc1
Implement FIPS_mode and FIPS_mode_set
2011-05-19 18:19:07 +00:00
Dr. Stephen Henson
4fe4c00eca
Provisional support for TLS v1.2 client authentication: client side only.
...
Parse certificate request message and set digests appropriately.
Generate new TLS v1.2 format certificate verify message.
Keep handshake caches around for longer as they are needed for client auth.
2011-05-12 17:49:15 +00:00
Dr. Stephen Henson
9472baae0d
Backport TLS v1.2 support from HEAD.
...
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
2011-05-11 13:37:52 +00:00
Dr. Stephen Henson
74096890ba
Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN
...
all ssl related structures are opaque and internals cannot be directly
accessed. Many applications will need some modification to support this and
most likely some additional functions added to OpenSSL.
The advantage of this option is that any application supporting it will still
be binary compatible if SSL structures change.
(backport from HEAD).
2011-05-11 12:56:38 +00:00
Ben Laurie
a149b2466e
Add SRP.
2011-03-16 11:26:40 +00:00
Bodo Möller
cd77b3e88b
Sync with 1.0.0 branch.
...
(CVE-2011-0014 OCSP stapling fix has been applied to the 1.0.1 branch as well.)
2011-02-08 19:08:32 +00:00
Bodo Möller
346601bc32
CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)
2011-02-03 10:42:00 +00:00
Dr. Stephen Henson
e501dbb658
Fix escaping code for string printing. If *any* escaping is enabled we
...
must escape the escape character itself (backslash).
2011-01-03 01:30:58 +00:00
Dr. Stephen Henson
2c5c4fca14
apply J-PKAKE fix to HEAD (original by Ben)
2010-11-29 18:33:28 +00:00
Dr. Stephen Henson
a618011ca1
add "missing" functions to copy EVP_PKEY_METHOD and examine info
2010-11-24 16:07:45 +00:00
Dr. Stephen Henson
6e21ce592e
fix CVE-2010-3864
2010-11-17 17:36:29 +00:00
Dr. Stephen Henson
3fa29765fd
PR: 2314
...
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve
Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
2010-10-10 12:27:19 +00:00
Dr. Stephen Henson
945ba0300d
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-10-03 18:56:25 +00:00
Bodo Möller
9b0e97ae10
Update version numbers
2010-08-26 18:45:21 +00:00
Bodo Möller
48ce525d16
New 64-bit optimized implementation EC_GFp_nistp224_method().
...
Binary compatibility is not affected as this will only be
compiled in if explicitly requested (#ifdef EC_NISTP224_64_GCC_128).
Submitted by: Emilia Kasper (Google)
2010-08-26 14:29:27 +00:00
Dr. Stephen Henson
48ae85b6ff
PR: 1833
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Support for abbreviated handshakes when renegotiating.
2010-08-26 14:22:40 +00:00
Bodo Möller
82281ce47d
ECC library bugfixes.
...
Submitted by: Emilia Kapser (Google)
2010-08-26 12:10:57 +00:00
Bodo Möller
4ecd2bafbb
Harmonize with OpenSSL_1_0_0-stable version of CHANGES.
2010-08-26 11:21:49 +00:00
Dr. Stephen Henson
f6c29ba3dc
Fix WIN32 build system to correctly link ENGINE DLLs contained in a
...
directory: currently the GOST ENGINE is the only case.
2010-07-24 17:55:47 +00:00
Dr. Stephen Henson
160f9b5bf6
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-07-21 16:23:59 +00:00
Dr. Stephen Henson
53e7985c8d
PR: 1830
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson
Support for RFC5705 key extractor.
2010-07-18 17:39:46 +00:00
Dr. Stephen Henson
1eb1cf452b
Backport TLS v1.1 support from HEAD
2010-06-27 14:15:02 +00:00
Dr. Stephen Henson
c549810def
update versions for 1.0.1
2010-06-16 13:48:00 +00:00
Dr. Stephen Henson
1dba06e7b0
update for next version
2010-06-16 13:34:33 +00:00
Dr. Stephen Henson
9c7baca820
prepare for release
2010-06-01 13:31:38 +00:00
Dr. Stephen Henson
618265e645
Fix CVE-2010-1633 and CVE-2010-0742.
2010-06-01 13:17:06 +00:00
Dr. Stephen Henson
acc9938ba5
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
...
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.
Update docs.
2010-04-07 13:18:30 +00:00
Dr. Stephen Henson
6747de655e
updates for next release
2010-03-30 00:55:00 +00:00
Dr. Stephen Henson
91bad2b09e
Prepare for 1.0.0 release - finally ;-)
2010-03-29 13:11:54 +00:00
Bodo Möller
5b5464d525
Fix for "Record of death" vulnerability CVE-2010-0740.
...
Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010).
2010-03-25 11:22:42 +00:00
Dr. Stephen Henson
47333a34d5
Submitted by: Tomas Hoger <thoger@redhat.com>
...
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
2010-03-03 15:41:00 +00:00
Dr. Stephen Henson
2b23d89d14
oops, use correct date
2010-02-26 12:14:30 +00:00
Bodo Möller
32567c9f3b
Fix X509_STORE locking
2010-02-19 18:26:23 +00:00
Dr. Stephen Henson
989238802a
Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
...
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
2010-02-17 18:38:10 +00:00
Dr. Stephen Henson
9051fc538f
PR: 2100
...
Submitted by: James Baker <jbaker@tableausoftware.com> et al.
Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:25 +00:00
Dr. Stephen Henson
81d87a2a28
update references to new RI RFC
2010-02-12 21:59:57 +00:00
Dr. Stephen Henson
1700426256
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
...
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
2010-02-07 13:41:23 +00:00
Dr. Stephen Henson
57cffe901f
typo
2010-01-27 14:05:15 +00:00
Dr. Stephen Henson
d793c292cb
add CHANGES entry
2010-01-26 19:48:10 +00:00
Dr. Stephen Henson
d8f07f1674
Typo
2010-01-26 12:29:48 +00:00
Dr. Stephen Henson
1699389a46
Tolerate PKCS#8 DSA format with negative private key.
2010-01-22 20:17:30 +00:00
Dr. Stephen Henson
41c0f68630
Fix version handling so it can cope with a major version >3.
...
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
2010-01-13 19:08:29 +00:00
Dr. Stephen Henson
2c627637c5
Modify compression code so it avoids using ex_data free functions. This
...
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
2010-01-13 18:46:01 +00:00
Dr. Stephen Henson
93fac08ec3
PR: 2136
...
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>
Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
2010-01-12 17:27:11 +00:00
Dr. Stephen Henson
eb17330837
Updates to conform with draft-ietf-tls-renegotiation-03.txt:
...
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
2010-01-06 17:37:38 +00:00
Dr. Stephen Henson
e642fd7a1c
Compression handling on session resume was badly broken: it always
...
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
2010-01-01 00:44:36 +00:00
Bodo Möller
a0b7277724
Constify crypto/cast.
2009-12-22 10:58:01 +00:00
Dr. Stephen Henson
675564835c
New option to enable/disable connection to unpatched servers
2009-12-16 20:28:30 +00:00
Dr. Stephen Henson
52a08e90d1
Add ctrls to clear options and mode.
...
Change RI ctrl so it doesn't clash.
2009-12-09 13:25:38 +00:00
Dr. Stephen Henson
6b5f0458fe
Send no_renegotiation alert as required by spec.
2009-12-08 19:06:09 +00:00
Dr. Stephen Henson
b52a2738d4
Add ctrl and macro so we can determine if peer support secure renegotiation.
2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
10f99d7b77
Add support for magic cipher suite value (MCSV). Make secure renegotiation
...
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.
NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.
Change mismatch alerts to handshake_failure as required by spec.
Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:15:12 +00:00
Dr. Stephen Henson
7b1856e5a1
PR: 2111
...
Submitted by: Martin Olsson <molsson@opera.com>
Check for bn_wexpand errors in bn_mul.c
2009-12-02 15:28:05 +00:00
Bodo Möller
aefb9dc5e5
Make CHANGES in the OpenSSL_1_0_0-stable branch consistent with the
...
one in the OpenSSL_0_9_8-stable branch.
2009-11-26 18:37:11 +00:00
Dr. Stephen Henson
e42ff486a8
fix CHANGES
2009-11-09 18:46:59 +00:00
Dr. Stephen Henson
bc9058d041
First cut of renegotiation extension. (port to 1.0.0-stable)
2009-11-09 18:45:42 +00:00
Dr. Stephen Henson
961092281f
Add option to allow in-band CRL loading in verify utility. Add function
...
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
2009-10-31 13:34:19 +00:00
Dr. Stephen Henson
9ac5c355a2
Move CHANGES entry to 0.9.8l section
2009-10-30 13:29:08 +00:00
Dr. Stephen Henson
3d0b604c14
Fix statless session resumption so it can coexist with SNI
2009-10-30 13:22:44 +00:00
Dr. Stephen Henson
0c690586e0
PR: 2064, 728
...
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
2009-09-30 21:41:53 +00:00
Dr. Stephen Henson
80afb40ae3
Submitted by: Julia Lawall <julia@diku.dk>
...
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:27:27 +00:00
Dr. Stephen Henson
b5b65403a4
Add new option --strict-warnings to Configure script. This is used to add
...
in devteam warnings into other configurations.
2009-09-09 16:32:19 +00:00
Dr. Stephen Henson
c9add317a9
Tidy up and fix verify callbacks to avoid structure dereference, use of
...
obsolete functions and enhance to handle new conditions such as policy
printing.
2009-09-02 12:45:19 +00:00
Dr. Stephen Henson
d5ec7d66a8
PR: 2003
...
Make it possible to install OpenSSL in directories with name other
than "lib" for example "lib64". Based on patch from Jeremy Utley.
2009-08-10 14:42:05 +00:00
Dr. Stephen Henson
52828ca214
Add missing CHANGES entry.
2009-08-06 16:29:42 +00:00
Dr. Stephen Henson
11ba084e1b
Document MD2 deprecation.
2009-07-13 11:57:15 +00:00
Dr. Stephen Henson
76ec9151d1
Update from 0.9.8-stable.
2009-06-30 22:26:28 +00:00
Dr. Stephen Henson
dbb834ffeb
Update from 0.9.8-stable.
2009-06-28 16:24:11 +00:00
Dr. Stephen Henson
710c1c34d1
Allow checking of self-signed certifictes if a flag is set.
2009-06-26 11:28:52 +00:00
Dr. Stephen Henson
0cb76e79df
PR: 1748
...
Fix nasty SSL BIO pop bug. Since this changes the behaviour of SSL BIOs and
will break applications that worked around the bug only included in 1.0.0 and
later.
2009-06-25 11:26:45 +00:00
Dr. Stephen Henson
6178da0142
Update from HEAD.
2009-06-17 12:05:51 +00:00
Dr. Stephen Henson
f1ed5fa827
Update from 0.9.8-stable.
2009-06-15 15:00:19 +00:00
Dr. Stephen Henson
e1f09dfd84
PR: 1921
...
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve@openssl.org
Add ECDHE and PSK support to DTLS.
2009-05-31 17:11:24 +00:00
Dr. Stephen Henson
32fbeacdfb
Add CHANGES entries from 0.9.8-stable.
2009-05-18 17:37:13 +00:00
Dr. Stephen Henson
376bbb5887
PR: 1914
...
Make safestack work with C++.
2009-04-28 21:56:04 +00:00
Dr. Stephen Henson
19ae090787
Print out registered digest names in dgst utility instead of hard
...
coding them. Modify EVP_MD_do_all() to include registered digest name.
This is a modified version of part of PR#1887.
2009-04-10 10:30:27 +00:00
Dr. Stephen Henson
9ae5743515
Disable SSLv2 cipher suites by default and avoid SSLv2 compatible client
...
hello if no SSLv2 cipher suites are included. This effectively disables
the broken SSLv2 use by default.
2009-04-07 17:01:07 +00:00
Dr. Stephen Henson
c184b140df
Update from 0.9.8-stable.
2009-04-07 16:30:32 +00:00
Dr. Stephen Henson
5d48762647
Make PKCS12_parse() handle some PKCS#12 files which have their own ideas
...
about settings for local key id...
2009-04-02 17:44:50 +00:00
Dr. Stephen Henson
aaf35f11d7
Allow use of algorithm and cipher names for dgsts and enc utilities instead
...
of having to manually include each one.
2009-03-30 11:31:50 +00:00
Dr. Stephen Henson
77ea8c3002
Fix typo in CHANGES.
2009-03-25 22:21:12 +00:00
Dr. Stephen Henson
ddcfc25a6d
Update from stable branch.
2009-03-25 19:02:22 +00:00
Dr. Stephen Henson
4d7b7c62c3
Update CHANGES.
2009-03-25 12:57:50 +00:00
Dr. Stephen Henson
73ba116e96
Update from stable branch.
2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
80b2ff978d
Update from stable branch.
2009-03-25 12:53:50 +00:00
Dr. Stephen Henson
7ce8c95d58
Update from stable branch.
2009-03-25 12:53:26 +00:00
Dr. Stephen Henson
b6af2c7e3e
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
...
Reviewed by: steve@openssl.org
Update ccgost engine to support parameter files.
2009-03-17 15:38:34 +00:00
Dr. Stephen Henson
237d7b6cae
Fix from stable branch.
2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
854a225a27
Update from stable branch.
2009-03-14 18:33:49 +00:00
Dr. Stephen Henson
33ab2e31f3
PR: 1854
...
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org
Support GeneralizedTime in ca utility.
2009-03-09 13:59:07 +00:00
Dr. Stephen Henson
77202a85a0
Update from stable branch.
2009-03-07 17:00:23 +00:00
Bodo Möller
7ca1cfbac3
-hex option for openssl rand
...
PR: 1831
Submitted by: Damien Miller
2009-02-02 00:01:28 +00:00
Dr. Stephen Henson
57f39cc826
Print out UTF8 and NumericString types in ASN1 parsing utility.
2009-01-28 12:54:52 +00:00
Dr. Stephen Henson
6489573224
Update from stable branch.
2009-01-28 12:36:14 +00:00
Ben Laurie
7f62532030
Allow CC to be overridden.
2009-01-18 12:06:37 +00:00
Dr. Stephen Henson
c2c99e2860
Update certificate hash line format to handle canonical format
...
and avoid MD5 dependency.
2009-01-15 13:22:39 +00:00
Dr. Stephen Henson
8125d9f99c
Make PKCS#8 the standard write format for private keys, replacing the
...
ancient SSLeay format.
2009-01-15 12:52:38 +00:00
Dr. Stephen Henson
363bd0b48e
Add a set of standard gcc warning options which are designed to be the
...
minimum requirement for committed code. Added to debug-steve* config targets
for now.
2009-01-11 15:56:32 +00:00
Ben Laurie
60aee6ce15
Add missing entry.
2009-01-09 12:48:02 +00:00
Dr. Stephen Henson
bab534057b
Updatde from stable branch.
2009-01-07 23:44:27 +00:00
Bodo Möller
7a76219774
Implement Configure option pattern "experimental-foo"
...
(specifically, "experimental-jpake").
2008-12-02 01:21:39 +00:00
Dr. Stephen Henson
79bd20fd17
Update from stable-branch.
2008-11-24 17:27:08 +00:00
Geoff Thorpe
31636a3ed1
Allow the CHIL engine to load even if dynamic locks aren't registered.
...
Submitted by: Sander Temme
2008-11-19 14:21:27 +00:00
Dr. Stephen Henson
12bf56c017
PR: 1574
...
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org
Ticket override support for EAP-FAST.
2008-11-15 17:18:12 +00:00
Dr. Stephen Henson
ed551cddf7
Update from stable branch.
2008-11-12 17:28:18 +00:00
Dr. Stephen Henson
87d52468aa
Update HMAC functions to return an error where relevant.
2008-11-02 16:00:39 +00:00
Ben Laurie
6caa4edd3e
Add JPAKE.
2008-10-26 18:40:52 +00:00
Ben Laurie
28b6d5020e
Set comparison function in v3_add_canonize().
2008-10-14 19:27:07 +00:00
Ben Laurie
d5bbead449
Add XMPP STARTTLS support.
2008-10-14 19:11:26 +00:00
Ben Laurie
1ea6472e60
Type-safe OBJ_bsearch_ex.
2008-10-14 08:10:52 +00:00
Ben Laurie
babb379849
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90
Experimental new date handling routines. These fix issues with X509_time_adj()
...
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Bodo Möller
837f2fc7a4
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
...
enable disabled ciphersuites.
2008-09-22 21:22:47 +00:00
Bodo Möller
1a489c9af1
From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.
...
Also, fix CHANGES (consistency with stable branch).
2008-09-15 20:41:24 +00:00
Dr. Stephen Henson
8c864e5466
Add missing CHANGES entry.
2008-09-15 20:30:58 +00:00
Bodo Möller
e65bcbcef0
Fix SSL state transitions.
...
Submitted by: Nagendra Modadugu
2008-09-14 14:02:07 +00:00
Bodo Möller
e710de12ce
Note about CVS branch inconsistency.
2008-09-14 13:53:18 +00:00
Bodo Möller
db99c52509
Really get rid of unsafe double-checked locking.
...
Also, "CHANGES" clean-ups.
2008-09-14 13:51:44 +00:00
Bodo Möller
f8d6be3f81
Some precautions to avoid potential security-relevant problems.
2008-09-14 13:42:34 +00:00
Dr. Stephen Henson
d43c4497ce
Initial support for delta CRLs. If "use deltas" flag is set attempt to find
...
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06
Add support for CRLs partitioned by reason code.
...
Tidy CRL scoring system.
Add new CRL path validation error.
2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
249a77f5fb
Add support for freshest CRL extension.
2008-08-27 15:52:05 +00:00
Dr. Stephen Henson
d0fff69dc9
Initial indirect CRL support.
2008-08-20 16:42:19 +00:00
Bodo Möller
2ecd2edede
Mention ERR_remove_state() deprecation, and ERR_remove_thread_state(NULL).
2008-08-13 19:30:01 +00:00
Dr. Stephen Henson
9d84d4ed5e
Initial support for CRL path validation. This supports distinct certificate
...
and CRL signing keys.
2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
002e66c0e8
Support for policy mappings extension.
...
Delete X509_POLICY_REF code.
Fix handling of invalid policy extensions to return the correct error.
Add command line option to inhibit policy mappings.
2008-08-12 10:32:56 +00:00
Dr. Stephen Henson
e9746e03ee
Initial support for name constraints certificate extension.
...
TODO: robustness checking on name forms.
2008-08-08 15:35:29 +00:00
Geoff Thorpe
4c3296960d
Remove the dual-callback scheme for numeric and pointer thread IDs,
...
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).
Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Dr. Stephen Henson
5cbd203302
Initial support for alternative CRL issuing certificates.
...
Allow inibit any policy flag to be set in apps.
2008-07-30 15:49:12 +00:00
Geoff Thorpe
5f834ab123
Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
...
version some time soon.
2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
8528128b2a
Update from stable branch.
2008-06-26 23:27:31 +00:00
Bodo Möller
8228fd89fc
avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
...
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
2008-06-23 20:46:24 +00:00
Dr. Stephen Henson
adb92d56eb
Add acknowledgement.
2008-06-09 16:48:42 +00:00
Dr. Stephen Henson
6bf79e30ea
Update CHANGES.
2008-06-05 15:34:24 +00:00
Ben Laurie
5ce278a77b
More type-checking.
2008-06-04 11:01:43 +00:00
Ben Laurie
8671b89860
Memory saving patch.
2008-06-03 02:48:34 +00:00
Dr. Stephen Henson
368888bcb6
Add client cert engine to SSL routines.
2008-06-01 22:33:24 +00:00
Bodo Möller
2cd81830ef
sync with 0.9.8 branch
2008-05-28 22:30:28 +00:00
Bodo Möller
e194fe8f47
From HEAD:
...
Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)
Reviewed by: openssl-security@openssl.org
Obtained from: mark@awe.com
2008-05-28 22:17:34 +00:00
Bodo Möller
40a706286f
From HEAD:
...
Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)
Reviewed by: openssl-security@openssl.org
Obtained from: jorton@redhat.com
2008-05-28 22:15:48 +00:00
Ben Laurie
3c1d6bbc92
LHASH revamp. make depend.
2008-05-26 11:24:29 +00:00
Lutz Jänicke
c2c2e7a438
Clear error queue when starting SSL_CTX_use_certificate_chain_file
...
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
2008-05-23 10:37:52 +00:00
Lutz Jänicke
d18ef847f4
Remove all root CA files (beyond test CAs including private key)
...
from the OpenSSL distribution.
2008-05-23 08:59:23 +00:00
Dr. Stephen Henson
5c0d90a699
Typo.
2008-05-20 18:49:00 +00:00
Dr. Stephen Henson
f434730524
Typo.
2008-05-20 16:13:57 +00:00
Dr. Stephen Henson
94fd382f8b
Fix two invalid memory reads in RSA OAEP mode.
...
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
2008-05-19 21:33:55 +00:00
Bodo Möller
4bd4afa34e
Change use of CRYPTO_THREADID so that we always use both the ulong and
...
ptr members.
(So if the id_callback is bogus, we still have &errno.)
2008-05-19 20:45:25 +00:00
Dr. Stephen Henson
8a2062fefe
Update from stable branch.
2008-04-30 16:14:02 +00:00
Geoff Thorpe
e7b097f558
Fix auto-discovery of ENGINEs. See the CHANGES entry for details (and/or
...
ticket #1668 ).
PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe
2008-04-28 21:39:09 +00:00
Geoff Thorpe
5ee6f96cea
Paul Sheer optimised the OpenSSL to/from libGMP conversions for the case
...
where they both use the same limb size. I've tweaked his patch slightly, so
blame me if it breaks.
Submitted by: Paul Sheer
Reviewed by: Geoff Thorpe
2008-04-27 18:41:23 +00:00
Dr. Stephen Henson
3df9357103
Update CHANGES.
2008-04-02 11:44:00 +00:00
Dr. Stephen Henson
992e92a46e
Update CHANGES.
2008-04-02 11:24:22 +00:00
Dr. Stephen Henson
eb9d8d8cd4
Support for verification of signed receipts.
2008-03-28 13:15:39 +00:00
Geoff Thorpe
f7ccba3edf
There was a need to support thread ID types that couldn't be reliably cast
...
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
fd47c36136
Return error if no cipher set for encrypted data type.
...
Update CHANGES.
2008-03-15 00:02:23 +00:00
Dr. Stephen Henson
8931b30d84
And so it begins...
...
Initial support for CMS.
Add zlib compression BIO.
Add AES key wrap implementation.
Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Bodo Möller
7c9882eb24
fix BIGNUM flag handling
2008-02-27 06:01:28 +00:00
Dr. Stephen Henson
7398053149
Experimental support for import of more options from Configure
...
(via top level Makefile) into mk1mf builds. This avoids the need
to duplicate the CFLAG handling and can auto build assembly language
source files from perl scripts.
Extend VC-WIN32 Configure entry to include new options.
2008-01-06 00:36:22 +00:00
Dr. Stephen Henson
76d761ccd3
Move CHANGES entry. Revert include file install line.
2008-01-03 22:57:50 +00:00
Dr. Stephen Henson
eef0c1f34c
Netware support.
...
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Dr. Stephen Henson
0e1dba934f
1. Changes for s_client.c to make it return non-zero exit code in case
...
of handshake failure
2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).
3. Changes to EVP
- adding of function EVP_PKEY_CTX_get0_peerkey
- Make function EVP_PKEY_derive_set_peerkey work for context with
ENCRYPT operation, because we use peerkey field in the context to
pass non-ephemeral secret key to GOST encrypt operation.
- added EVP_PKEY_CTRL_SET_IV control command. It is really
GOST-specific, but it is used in SSL code, so it has to go
in some header file, available during libssl compilation
4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data
5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
make debugging output which depends on constants defined there, work
and other KSSL_DEBUG output fixes
6. Declaration of real GOST ciphersuites, two authentication methods
SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST
7. Implementation of these methods.
8. Support for sending unsolicited serverhello extension if GOST
ciphersuite is selected. It is require for interoperability with
CryptoPro CSP 3.0 and 3.6 and controlled by
SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
This constant is added to SSL_OP_ALL, because it does nothing, if
non-GOST ciphersuite is selected, and all implementation of GOST
include compatibility with CryptoPro.
9. Support for CertificateVerify message without length field. It is
another CryptoPro bug, but support is made unconditional, because it
does no harm for draft-conforming implementation.
10. In tls1_mac extra copy of stream mac context is no more done.
When I've written currently commited code I haven't read
EVP_DigestSignFinal manual carefully enough and haven't noticed that
it does an internal digest ctx copying.
This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Lutz Jänicke
11d01d371f
Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f
2007-10-19 08:26:03 +00:00
Andy Polyakov
0d89e45690
Synchronize CHANGES between 0.9.8 and HEAD.
2007-10-13 10:55:30 +00:00
Dr. Stephen Henson
a6db6a0070
Update CHANGES. Keep ordinals consistent.
2007-10-12 00:15:09 +00:00
Andy Polyakov
0023adb47a
Switch to bn-s390x (it's faster on keys longer than 512 bits) and mention
...
s390x assembler pack in CHANAGES.
2007-10-01 07:38:32 +00:00
Andy Polyakov
4c7c5ff667
ARMv4 assembler pack.
2007-09-27 07:09:46 +00:00
Dr. Stephen Henson
67c8e7f414
Support for certificate status TLS extension.
2007-09-26 21:56:59 +00:00
Bodo Möller
761772d7e1
Implement the Opaque PRF Input TLS extension
...
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way. In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().
Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
2007-09-21 06:54:24 +00:00
Dr. Stephen Henson
a6fbcb4220
Change safestack reimplementation to match 0.9.8.
...
Fix additional gcc 4.2 value not used warnings.
2007-09-07 13:25:15 +00:00
Dr. Stephen Henson
81025661a9
Update ssl code to support digests other than MD5+SHA1 in handshake.
...
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
2007-08-31 12:42:53 +00:00
Dr. Stephen Henson
ec5d747328
Add Google sponsorship note.
2007-08-27 23:41:36 +00:00
Dr. Stephen Henson
ba0e826d83
Update from stable branch.
2007-08-23 22:59:09 +00:00
Dr. Stephen Henson
6434abbfc6
RFC4507 (including RFC4507bis) TLS stateless session resumption support
...
for OpenSSL.
2007-08-11 23:18:29 +00:00
Andy Polyakov
85a5668dba
CHANGES update from 098-stable.
2007-06-20 17:46:43 +00:00
Dr. Stephen Henson
3c07d3a3d3
Finish gcc 4.2 changes.
2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
297e6f1917
Avoid use of function pointer casts in pem library. Modify safestack to
...
always use inline functions.
2007-06-04 17:53:04 +00:00
Dr. Stephen Henson
b948e2c59e
Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.
2007-06-04 17:04:40 +00:00
Bodo Möller
19f6c524bf
Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
2007-05-22 09:47:43 +00:00
Ben Laurie
69ab085290
More IGE speedup.
2007-05-13 15:14:38 +00:00
Ben Laurie
5f09d0ecc2
AES IGE mode speedup.
2007-05-13 12:57:59 +00:00
Bodo Möller
96afc1cfd5
Add SEED encryption algorithm.
...
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
9cfc8a9d5c
Update smime utility to support streaming for -encrypt and -sign -nodetach
...
options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.
These all process content on the fly without storing it all in memory.
2007-04-13 01:06:41 +00:00
Dr. Stephen Henson
2022cfe07e
New -mac and -macopt options to dgst utility. Reimplement -hmac option in
...
terms of new API.
2007-04-11 17:20:40 +00:00
Dr. Stephen Henson
47b71e6ee9
Update CHANGES.
2007-04-11 12:33:28 +00:00
Dr. Stephen Henson
d952c79a7b
New -sigopt option for dgst utility.
2007-04-08 12:47:18 +00:00
Bodo Möller
b002265ee3
make BN_FLG_CONSTTIME semantics more fool-proof
2007-03-28 18:41:23 +00:00
Bodo Möller
bd31fb2145
Change to mitigate branch prediction attacks
...
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2007-03-28 00:15:28 +00:00
Bodo Möller
0f32c841a6
stricter session ID context matching
2007-03-21 14:33:16 +00:00
Bodo Möller
dd2b6750db
include complete 0.9.7 history
...
include release date of 0.9.8e
2007-02-26 10:49:59 +00:00
Lutz Jänicke
8d72476e2b
Extend SMTP and IMAP protocol handling to perform the required
...
EHLO or CAPABILITY handshake before sending STARTTLS
Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
2007-02-21 18:20:41 +00:00
Dr. Stephen Henson
a2e623c011
Update from 0.9.7-stable.
2007-02-21 13:49:35 +00:00
Bodo Möller
fd5bc65cc8
Improve ciphersuite order stability when disabling ciphersuites.
...
Change ssl_create_cipher_list() to prefer ephemeral ECDH over
ephemeral DH.
2007-02-20 16:36:58 +00:00
Bodo Möller
0a05123a6c
Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
...
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.
Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".
2007-02-19 18:41:41 +00:00
Bodo Möller
52b8dad8ec
Reorganize the data used for SSL ciphersuite pattern matching.
...
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).
In some cases the ciphersuite list generated from a given string is
affected by this change. I hope this is just in those cases where the
previous behaviour did not make sense.
2007-02-17 06:45:38 +00:00
Nils Larsch
357d5de5b9
add support for DSA with SHA2
2007-02-03 14:41:12 +00:00
Dr. Stephen Henson
11d8cdc6ad
Experimental streaming PKCS#7 support.
...
I thought it was about time I dusted this off. This stuff had been sitting on
my hard drive for *ages* (2003 in fact). Hasn't been tested well and may not
work properly.
Nothing uses it at present which is just as well.
Think of this as a traditional Christmas present which looks far more
impressive in the adverts and on the box, some of the bits are missing and
falls to bits if you play with it too much.
2006-12-24 16:22:56 +00:00
Nils Larsch
fec38ca4ed
fix typos
...
PR: 1354, 1355, 1398, 1408
2006-12-21 21:13:27 +00:00
Nils Larsch
06e2dd037e
add support for ecdsa-with-sha256 etc.
2006-12-20 08:58:54 +00:00
Bodo Möller
772e3c07b4
Fix the BIT STRING encoding of EC points or parameter seeds
...
(need to prevent the removal of trailing zero bits).
2006-12-19 15:11:37 +00:00
Bodo Möller
1e24b3a09e
fix support for receiving fragmented handshake messages
2006-11-29 14:45:50 +00:00
Ben Laurie
96ea4ae91c
Add RFC 3779 support.
2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
47a9d527ab
Update from 0.9.8 stable. Eliminate duplicate error codes.
2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
de12116417
Initial, incomplete support for typesafe macros without using function
...
casts.
2006-11-16 00:19:39 +00:00
Andy Polyakov
3189772e07
Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even
...
recent mingw modifications.
2006-10-23 07:38:30 +00:00
Bodo Möller
3c5406b35c
All 0.9.8d patches have been applied to HEAD now, so we no longer need
...
the redundant entries under the 0.9.9 heading.
2006-09-28 13:50:41 +00:00
Bodo Möller
61118caa86
include 0.9.8d and 0.9.7l information
2006-09-28 13:35:01 +00:00
Mark J. Cox
348be7ec60
Fix ASN.1 parsing of certain invalid structures that can result
...
in a denial of service. (CVE-2006-2937) [Steve Henson]
2006-09-28 13:20:44 +00:00
Mark J. Cox
3ff55e9680
Fix buffer overflow in SSL_get_shared_ciphers() function.
...
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 13:18:43 +00:00
Dr. Stephen Henson
010fa0b331
Tidy up CRL handling by checking for critical extensions when it is
...
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.
Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
2006-09-21 12:42:15 +00:00
Dr. Stephen Henson
5d20c4fb35
Overhaul of by_dir code to handle dynamic loading of CRLs.
2006-09-17 17:16:28 +00:00
Dr. Stephen Henson
bc7535bc7f
Support for AKID in CRLs and partial support for IDP. Overhaul of CRL
...
handling to support this.
2006-09-14 17:25:02 +00:00
Bodo Möller
b6699c3f07
Update
2006-09-12 14:42:19 +00:00
Bodo Möller
ed65f7dc34
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
...
ciphersuite as well
2006-09-11 09:49:03 +00:00
Bodo Möller
6a2c471077
Every change so far that is in the 0.9.8 branch is (or should be) in HEAD
2006-09-06 06:34:52 +00:00
Mark J. Cox
b79aa05e3b
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
...
(CVE-2006-4339)
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
2006-09-05 08:58:03 +00:00
Ben Laurie
aa6d1a0c19
Forward port of IGE mode.
2006-08-31 14:04:04 +00:00
Dr. Stephen Henson
f6e7d01450
Support for multiple CRLs with same issuer name in X509_STORE. Modify
...
verify logic to try to use an unexpired CRL if possible.
2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
edc540211c
Cache some CRL related extensions.
2006-07-24 12:39:22 +00:00
Dr. Stephen Henson
450ea83495
Store canonical encodings of Name structures. Update X509_NAME_cmp() to use
...
them.
2006-07-18 12:36:19 +00:00
Dr. Stephen Henson
454dbbc593
Add -timeout option to ocsp utility.
2006-07-17 13:26:54 +00:00
Dr. Stephen Henson
c1c6c0bf45
New non-blocking OCSP functionality.
2006-07-17 12:18:28 +00:00
Dr. Stephen Henson
b7683e3a5d
Allow digests to supply S/MIME micalg values from a ctrl.
...
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
2006-07-10 18:36:55 +00:00
Dr. Stephen Henson
0ee2166cc5
New functions to add and free up application defined signature OIDs.
2006-07-09 16:05:43 +00:00
Dr. Stephen Henson
5ba4bf35c5
New functions to enumerate digests and ciphers.
2006-07-09 00:53:45 +00:00
Bodo Möller
e34aa5a3b3
always read in RAND_poll() if we can't use select because of a too
...
large FD: it's non-blocking mode anyway
2006-06-28 14:50:12 +00:00
Richard Levitte
27a3d9f9aa
Use poll() when possible to gather Unix randomness entropy
2006-06-27 06:31:34 +00:00
Bodo Möller
48fc582f66
New functions CRYPTO_set_idptr_callback(),
...
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.
2006-06-23 15:21:36 +00:00
Bodo Möller
81de1028bc
Change in 0.9.8 branch:
...
Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)
2006-06-22 12:37:28 +00:00
Bodo Möller
850815cb6e
Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)
2006-06-20 08:50:42 +00:00
Bodo Möller
c4e7870ac1
Change array representation of binary polynomials to make GF2m part of
...
the BN library more generally useful.
Submitted by: Douglas Stebila
2006-06-18 22:00:57 +00:00
Bodo Möller
5b57fe0a1e
Disable invalid ciphersuites
2006-06-14 17:51:46 +00:00
Bodo Möller
89bbe14c50
Ciphersuite string bugfixes, and ECC-related (re-)definitions.
2006-06-14 17:40:31 +00:00
Bodo Möller
675f605d44
Thread-safety fixes
2006-06-14 08:55:23 +00:00
Bodo Möller
f3dea9a595
Camellia cipher, contributed by NTT
...
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Dr. Stephen Henson
fb7b393278
Output MIME parameter micalg according to RFC3851 and RFC4490 instead of hard
...
coding it to "sha1".
2006-06-06 13:27:36 +00:00
Dr. Stephen Henson
01b8b3c7d2
Complete EVP_PKEY_ASN1_METHOD ENGINE support.
2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
de9fcfe348
Initial public key ASN1 method engine support. Not integrated yet.
2006-06-02 17:52:27 +00:00
Dr. Stephen Henson
c9777d2659
Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE
...
implementations and functional reference counting when a context
is allocated, free or copied.
2006-06-02 12:33:39 +00:00
Dr. Stephen Henson
58aa573ac2
Add engine table for EVP_PKEY_METHOD. Doesn't do much yet.
2006-06-01 11:38:50 +00:00
Dr. Stephen Henson
91c9e62123
New functions for enchanced digest sign/verify.
2006-05-24 17:30:09 +00:00
Dr. Stephen Henson
5531192151
Add -resign and -md options to smime command to support resigning an
...
existing structure and using alternative digest for signing.
2006-05-18 23:44:44 +00:00
Dr. Stephen Henson
a6e7fcd140
Multiple signer support in smime application.
2006-05-18 12:41:28 +00:00
Dr. Stephen Henson
121dd39f9f
New option to pkcs12 utility to set alternative MAC digest algorithm.
2006-05-17 18:46:22 +00:00
Dr. Stephen Henson
6d3a1eac3b
Add PRF preference ctrl to ciphers.
2006-05-15 18:35:13 +00:00
Dr. Stephen Henson
b8f702a0af
Change builting PBE to use static table. Add entries for HMAC and MD5, GOST.
2006-05-15 17:34:36 +00:00