Dr. Stephen Henson
ad0e439604
Avoid shadow warning.
2006-11-07 16:20:14 +00:00
Dr. Stephen Henson
5456583294
Don't add the TS EKU by default in openssl.cnf because it then
...
makes certificates genereated by ca, CA.pl etc useless for anything else.
2006-11-07 14:27:55 +00:00
Dr. Stephen Henson
f1845cbee8
Typo.
2006-11-07 13:46:37 +00:00
Dr. Stephen Henson
51cc37b69d
Fix link for ASN1_generate_nconf
2006-11-07 13:44:03 +00:00
Dr. Stephen Henson
ff1b10dca1
Typo.
2006-11-07 13:17:02 +00:00
Dr. Stephen Henson
ebeb17e2e0
Add v3 ref to see also sections.
2006-11-07 13:13:14 +00:00
Dr. Stephen Henson
137de5b157
Add documentetion for noCheck extension and add a few cross references to
...
the extension documentation.
2006-11-07 12:51:27 +00:00
Nils Larsch
224328e404
fix warning
2006-11-06 20:10:44 +00:00
Nils Larsch
1611b9ed80
remove SSLEAY_MACROS code
2006-11-06 19:53:39 +00:00
Nils Larsch
8a4af56fc6
update md docs
2006-10-27 21:58:09 +00:00
Nils Larsch
05cfe06607
fix OPENSSL_NO_foo defines
2006-10-27 21:25:53 +00:00
Dr. Stephen Henson
b37a68cc8f
Initialize old_priv_encode, old_priv_decode.
2006-10-27 11:43:27 +00:00
Andy Polyakov
a2688c872d
Minor portability update to c_rehash.
2006-10-26 10:52:12 +00:00
Andy Polyakov
5b50f99e1e
Further mingw build procedure updates.
2006-10-24 22:14:20 +00:00
Andy Polyakov
b8994b6130
Harmonize dll naming in mingw builds.
2006-10-23 11:54:18 +00:00
Andy Polyakov
d7917c584a
Yet another mingw warning.
2006-10-23 07:45:52 +00:00
Andy Polyakov
544d845585
OPENSSL_ia32cap.pod update.
2006-10-23 07:44:51 +00:00
Andy Polyakov
a6efc2d1b8
Fix mingw warnings.
2006-10-23 07:41:05 +00:00
Andy Polyakov
3189772e07
Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even
...
recent mingw modifications.
2006-10-23 07:38:30 +00:00
Andy Polyakov
08a638237d
Allow for mingw cross-compile configuration.
2006-10-23 07:30:19 +00:00
Andy Polyakov
d8cdd1567f
Make c_rehash more platform neutral and make it work in mixed environment,
...
such as MSYS with "native" Win32 perl.
2006-10-21 16:28:03 +00:00
Andy Polyakov
cbfb39d1be
Rudimentary support for cross-compiling.
2006-10-21 13:38:16 +00:00
Andy Polyakov
a4d64c7f49
Align data payload for better performance.
2006-10-20 11:26:00 +00:00
Andy Polyakov
1e7b6c029c
Avoid application relink on every make invocation.
2006-10-20 11:23:35 +00:00
Andy Polyakov
3634d7e97a
Gcc over-optimizes PadLock AES CFB codepath, tell it not to.
2006-10-19 20:55:05 +00:00
Andy Polyakov
53d7efea76
Temporary fix for sha256 IA64 assembler.
2006-10-18 09:42:56 +00:00
Andy Polyakov
002684d693
Fix bug in big-endian path and optimize it for size.
2006-10-18 08:15:16 +00:00
Andy Polyakov
c038b8aa56
Typo in perlasm/x86asm.pl.
2006-10-17 16:21:28 +00:00
Andy Polyakov
c5f17d45c1
Further synchronizations with md32_common.h update, consistent naming
...
for low-level SHA block routines.
2006-10-17 16:13:18 +00:00
Andy Polyakov
31439046e0
bn/asm/ppc.pl to use ppc-xlate.pl.
2006-10-17 14:37:07 +00:00
Andy Polyakov
11d0ebc841
Further synchronizations with md32_common.h update.
2006-10-17 13:38:10 +00:00
Andy Polyakov
cecfdbf72d
VIA-specific Montgomery multiplication routine.
2006-10-17 07:04:48 +00:00
Andy Polyakov
f0f61f6d0d
Synchronize SHA1 assembler with md32_common.h update.
2006-10-17 07:00:23 +00:00
Andy Polyakov
d68ff71004
Support for .asciz directive in perlasm modules.
2006-10-17 06:43:11 +00:00
Andy Polyakov
591e85e928
Linking errors on IA64 and typo in aes-ia64.S.
2006-10-17 06:41:27 +00:00
Andy Polyakov
c69ed6ea39
Re-implement md32_common.h [make it simpler!] and eliminate code rendered
...
redundant as result.
2006-10-11 11:55:11 +00:00
Dr. Stephen Henson
55a08fac68
Typo.
2006-10-05 21:59:50 +00:00
Nils Larsch
2fc281d01f
return an error if the supplied precomputed values lead to an invalid signature
2006-10-04 19:37:17 +00:00
Bodo Möller
d326582cab
ASN1_item_verify needs to initialize ctx before any "goto err" can
...
happen; the new code for the OID cross reference table failed to do so.
2006-10-04 06:14:36 +00:00
Dr. Stephen Henson
f4c630abb3
Place standard CRL behaviour in default X509_CRL_METHOD new functions to
...
create, free and set default CRL method.
2006-10-03 02:47:59 +00:00
Mark J. Cox
c2cccfc585
Initialise ctx to NULL to avoid uninitialized free, noticed by
...
Steve Kiernan
2006-09-29 08:21:41 +00:00
Bodo Möller
3c5406b35c
All 0.9.8d patches have been applied to HEAD now, so we no longer need
...
the redundant entries under the 0.9.9 heading.
2006-09-28 13:50:41 +00:00
Bodo Möller
5e3225cc44
Introduce limits to prevent malicious keys being able to
...
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
2006-09-28 13:45:34 +00:00
Bodo Möller
61118caa86
include 0.9.8d and 0.9.7l information
2006-09-28 13:35:01 +00:00
Mark J. Cox
348be7ec60
Fix ASN.1 parsing of certain invalid structures that can result
...
in a denial of service. (CVE-2006-2937) [Steve Henson]
2006-09-28 13:20:44 +00:00
Mark J. Cox
3ff55e9680
Fix buffer overflow in SSL_get_shared_ciphers() function.
...
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 13:18:43 +00:00
Richard Levitte
cbb92dfaf0
Fixes for the following claims:
...
1) Certificate Message with no certs
OpenSSL implementation sends the Certificate message during SSL
handshake, however as per the specification, these have been omitted.
-- RFC 2712 --
CertificateRequest, and the ServerKeyExchange shown in Figure 1
will be omitted since authentication and the establishment of a
master secret will be done using the client's Kerberos credentials
for the TLS server. The client's certificate will be omitted for
the same reason.
-- RFC 2712 --
3) Pre-master secret Protocol version
The pre-master secret generated by OpenSSL does not have the correct
client version.
RFC 2712 says, if the Kerberos option is selected, the pre-master
secret structure is the same as that used in the RSA case.
TLS specification defines pre-master secret as:
struct {
ProtocolVersion client_version;
opaque random[46];
} PreMasterSecret;
where client_version is the latest protocol version supported by the
client
The pre-master secret generated by OpenSSL does not have the correct
client version. The implementation does not update the first 2 bytes
of random secret for Kerberos Cipher suites. At the server-end, the
client version from the pre-master secret is not validated.
PR: 1336
2006-09-28 12:22:58 +00:00
Dr. Stephen Henson
019bfef899
Initialize new callbacks and make sure hent is always initialized.
2006-09-26 13:25:19 +00:00
Richard Levitte
0709249f4c
Complete the change for VMS.
2006-09-25 08:35:35 +00:00
Dr. Stephen Henson
89c9c66736
Submitted by: Brad Spencer <spencer@jacknife.org>
...
Reviewed by: steve
2006-09-23 17:29:49 +00:00