wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7671 commits 20 branches 302 tags 153 MiB
Commit graph

1330 commits

Author SHA1 Message Date
Dr. Stephen Henson
9b95537a01 Fixes to make CFB1 Monte Carlo test work. 2007-12-26 19:04:58 +00:00
Dr. Stephen Henson
0633bca11c Updates from 0.9.8-stable 2007-12-14 01:16:16 +00:00
Dr. Stephen Henson
100868d1cf Link fips utils against fipscanister.lib only except for dso builds. 
Add --with-fipslibdir option to Configure.
 2007-07-20 22:23:11 +00:00
Dr. Stephen Henson
0712210f03 Typo. 2007-07-19 21:44:25 +00:00
Dr. Stephen Henson
23830280e4 Add SSE2 support to VC++ build. Update MASM script. 2007-07-19 12:17:56 +00:00
Dr. Stephen Henson
9593bc46bf Tolerate DigestInfo with absent parameters in FIPS mode. 2007-07-15 16:10:46 +00:00
Dr. Stephen Henson
1b8b2d9300 Enhance mkfipsscr.pl to handle different testvector paths and perform 
sanity checks.

Make AES/TDES algorithm test programs quiet if VERBOSE is zero.
 2007-07-15 12:01:54 +00:00
Dr. Stephen Henson
4e1778b0d8 Update Windows build system to use AES assembler and standard assembly 
language routines in FIPS mode compiles.
 2007-07-12 08:20:21 +00:00
Dr. Stephen Henson
475631c31a Use common source files for FIPS mode and utilize same optimizations. 2007-07-10 21:24:32 +00:00
Dr. Stephen Henson
ffc35e73b4 Check selftest status in all crypto operations and abort with 
a fatal error on failure.
 2007-07-02 11:22:50 +00:00
Dr. Stephen Henson
a197212e0f Modify AES and 3DES selftests to use EVP. 2007-07-01 23:19:15 +00:00
Dr. Stephen Henson
8944220221 Move 3DES EVP inside FIPS module and modify algorithm tests to use it. 2007-07-01 17:58:15 +00:00
Dr. Stephen Henson
5fd76ba57a Changes to make AES algorithm test work via EVP. 2007-07-01 12:53:10 +00:00
Dr. Stephen Henson
49fa74385d Move minimal EVP_CIPHER implementation into FIPS library. Not used by 
any FIPS applications yet.
 2007-07-01 00:07:25 +00:00
Dr. Stephen Henson
53c381105a Update from stable branch. 2007-05-21 12:40:07 +00:00
Dr. Stephen Henson
a416ca47ac Merge from 0.9.8-stable. 2007-04-25 13:15:51 +00:00
Dr. Stephen Henson
1139eeecbc Merge from 0.9.8 stable branch. 2007-04-24 11:30:51 +00:00
Dr. Stephen Henson
282af42404 Add algorithm configuration module. 2007-04-08 17:51:02 +00:00
Dr. Stephen Henson
a81f337331 Block low level public key signature operations in FIPS mode. 
Update self tests for all modes and use EVP.

Update pairwise consistency checks.
 2007-04-06 00:30:24 +00:00
Dr. Stephen Henson
9719193222 New EVP sign and verify functionality. 2007-04-03 21:01:29 +00:00
Dr. Stephen Henson
ff03c6bc97 Add tiny ASN1 code for DSA signatures. 
Make DSA tests, selftests and algorithm tests use EVP.
 2007-04-02 23:59:47 +00:00
Dr. Stephen Henson
cb6fdc3a49 Update from stable branch. 2007-03-28 22:00:48 +00:00
Dr. Stephen Henson
8c3b5d5f27 Update from 0.9.8-stable with patches also applied to equivalent FIPS 
sources.
 2007-03-28 12:38:55 +00:00
Dr. Stephen Henson
6693e26927 Use perl script instead of editbin to rename object file sections. 2007-03-27 00:03:42 +00:00
Dr. Stephen Henson
793364457b Modify VC++ build sytem to use fipscanister.lib instead of fipscanister.o 
and avoid the need for ld.exe.
 2007-03-26 12:06:44 +00:00
Dr. Stephen Henson
55768cf773 Forward FIPS DLL implementations from libcrypto DLL under Win32. 2007-03-22 18:31:35 +00:00
Dr. Stephen Henson
aeb9ccfaad And so it begins... 2007-03-22 00:39:24 +00:00
Bodo Möller
6fd3f3260d stricter session ID context matching 2007-03-21 14:33:01 +00:00
Bodo Möller
d9e262443c oops -- this should have been in 0.9.8e 2007-03-21 14:18:27 +00:00
Bodo Möller
402b951804 include complete 0.9.7 history 2007-02-26 10:48:56 +00:00
Dr. Stephen Henson
5dd24ead57 Prepare for next version. 2007-02-23 12:50:54 +00:00
Dr. Stephen Henson
0615396d2d Prepare for release. 2007-02-23 12:12:28 +00:00
Lutz Jänicke
cdb13ae8d0 Extend SMTP and IMAP protocol handling to perform the required 
EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
 2007-02-21 18:20:33 +00:00
Dr. Stephen Henson
52ee969e29 Update from 0.9.7-stable. 2007-02-21 13:48:49 +00:00
Bodo Möller
55f0501201 Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a 
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.
 2007-02-19 18:38:11 +00:00
Bodo Möller
5f4cc234fb Some fixes for ciphersuite string processing: 
- add a workaround provided by Victor Duchovni so that 128- and
  256-bit variants of otherwise identical ciphersuites are treated
  correctly;

- also, correctly skip invalid parts of ciphersuite description strings.

Submitted by: Victor Duchovni, Bodo Moeller
 2007-02-17 06:52:42 +00:00
Nils Larsch
68bb98159f fix typos 
PR: 1354, 1355, 1398
 2006-12-21 21:11:44 +00:00
Bodo Möller
1a8521ff24 Fix the BIT STRING encoding of EC points or parameter seeds 
(need to prevent the removal of trailing zero bits).
 2006-12-19 15:10:46 +00:00
Bodo Möller
5c6f76da0a fix support for receiving fragmented handshake messages 2006-11-29 14:45:14 +00:00
Ben Laurie
4636341b05 Add RFC 3779 support, contributed by ARIN. 2006-11-27 13:36:55 +00:00
Dr. Stephen Henson
900f7a8776 Update from 0.9.7-stable. 
Improve mkerr.pl header file function name parsing.
 2006-11-21 20:14:05 +00:00
Bodo Möller
bd869183d5 for completeness, include 0.9.7l information 2006-09-28 13:29:08 +00:00
Mark J. Cox
25e52a78fb After tagging, bump ready for 0.9.8e development 2006-09-28 11:39:33 +00:00
Mark J. Cox
47c4bb2ddf Prepare for 0.9.8d release 2006-09-28 11:32:42 +00:00
Mark J. Cox
951dfbb13a Introduce limits to prevent malicious keys being able to 
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
 2006-09-28 11:29:03 +00:00
Bodo Möller
8fdb296cbd Update 2006-09-12 14:42:09 +00:00
Bodo Möller
879b30aaa3 ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 
ciphersuite as well
 2006-09-11 09:48:46 +00:00
Mark J. Cox
da1841a075 After tagging, prep for next release 2006-09-05 08:51:30 +00:00
Mark J. Cox
0a0a10d127 Ready for 0.9.8c release 2006-09-05 08:45:37 +00:00
Mark J. Cox
df20b6e79b Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher 
(CVE-2006-4339)

Submitted by:  Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
 2006-09-05 08:25:42 +00:00