wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7717 commits 20 branches 302 tags 153 MiB
Commit graph

7717 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andy Polyakov
c5f17d45c1 Further synchronizations with md32_common.h update, consistent naming 
for low-level SHA block routines.
 2006-10-17 16:13:18 +00:00
Andy Polyakov
31439046e0 bn/asm/ppc.pl to use ppc-xlate.pl. 2006-10-17 14:37:07 +00:00
Andy Polyakov
11d0ebc841 Further synchronizations with md32_common.h update. 2006-10-17 13:38:10 +00:00
Andy Polyakov
cecfdbf72d VIA-specific Montgomery multiplication routine. 2006-10-17 07:04:48 +00:00
Andy Polyakov
f0f61f6d0d Synchronize SHA1 assembler with md32_common.h update. 2006-10-17 07:00:23 +00:00
Andy Polyakov
d68ff71004 Support for .asciz directive in perlasm modules. 2006-10-17 06:43:11 +00:00
Andy Polyakov
591e85e928 Linking errors on IA64 and typo in aes-ia64.S. 2006-10-17 06:41:27 +00:00
Andy Polyakov
c69ed6ea39 Re-implement md32_common.h [make it simpler!] and eliminate code rendered 
redundant as result.
 2006-10-11 11:55:11 +00:00
Dr. Stephen Henson
55a08fac68 Typo. 2006-10-05 21:59:50 +00:00
Nils Larsch
2fc281d01f return an error if the supplied precomputed values lead to an invalid signature 2006-10-04 19:37:17 +00:00
Bodo Möller
d326582cab ASN1_item_verify needs to initialize ctx before any "goto err" can 
happen; the new code for the OID cross reference table failed to do so.
 2006-10-04 06:14:36 +00:00
Dr. Stephen Henson
f4c630abb3 Place standard CRL behaviour in default X509_CRL_METHOD new functions to 
create, free and set default CRL method.
 2006-10-03 02:47:59 +00:00
Mark J. Cox
c2cccfc585 Initialise ctx to NULL to avoid uninitialized free, noticed by 
Steve Kiernan
 2006-09-29 08:21:41 +00:00
Bodo Möller
3c5406b35c All 0.9.8d patches have been applied to HEAD now, so we no longer need 
the redundant entries under the 0.9.9 heading.
 2006-09-28 13:50:41 +00:00
Bodo Möller
5e3225cc44 Introduce limits to prevent malicious keys being able to 
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
 2006-09-28 13:45:34 +00:00
Bodo Möller
61118caa86 include 0.9.8d and 0.9.7l information 2006-09-28 13:35:01 +00:00
Mark J. Cox
348be7ec60 Fix ASN.1 parsing of certain invalid structures that can result 
in a denial of service.  (CVE-2006-2937)  [Steve Henson]
 2006-09-28 13:20:44 +00:00
Mark J. Cox
3ff55e9680 Fix buffer overflow in SSL_get_shared_ciphers() function. 
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
 2006-09-28 13:18:43 +00:00
Richard Levitte
cbb92dfaf0 Fixes for the following claims: 
1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336
 2006-09-28 12:22:58 +00:00
Dr. Stephen Henson
019bfef899 Initialize new callbacks and make sure hent is always initialized. 2006-09-26 13:25:19 +00:00
Richard Levitte
0709249f4c Complete the change for VMS. 2006-09-25 08:35:35 +00:00
Dr. Stephen Henson
89c9c66736 Submitted by: Brad Spencer <spencer@jacknife.org> 
Reviewed by: steve
 2006-09-23 17:29:49 +00:00
Dr. Stephen Henson
347ed3b93c Buffer size handling fix for enc. 
PR:1374
 2006-09-22 17:14:22 +00:00
Dr. Stephen Henson
5b73c3609b Using correct lock for X509_REQ. 
PR:1348
 2006-09-22 17:06:09 +00:00
Dr. Stephen Henson
eebeb52b29 Update length if copying MSB set in asn1_string_canon(). 2006-09-22 13:37:15 +00:00
Dr. Stephen Henson
6ec6cfc767 Updated file. 2006-09-21 16:19:10 +00:00
Dr. Stephen Henson
44181ea836 Add missing prototype. Fix various warnings (C++ comments, ; outside function). 2006-09-21 13:24:46 +00:00
Dr. Stephen Henson
c80c7bf999 Make int_rsa_sign function match prototype. 
PR: 1383
 2006-09-21 13:11:24 +00:00
Dr. Stephen Henson
ffa5ebf3f4 Compile in gost engine. 2006-09-21 13:07:57 +00:00
Dr. Stephen Henson
926c41bd29 Updated version of gost engine. 2006-09-21 13:04:43 +00:00
Dr. Stephen Henson
1182301ca7 Do CRL method init after other operations. 2006-09-21 12:48:56 +00:00
Dr. Stephen Henson
010fa0b331 Tidy up CRL handling by checking for critical extensions when it is 
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.

Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
 2006-09-21 12:42:15 +00:00
Andy Polyakov
4ca7d975af Build error on non-unix. 
PR: 1390
 2006-09-18 19:50:54 +00:00
Andy Polyakov
b774111020 Race condition in ms/uplink.c. 
PR: 1382
 2006-09-18 19:41:37 +00:00
Andy Polyakov
78260d890b As x86ms.pl is out, remove do_masm.bat and mention to it in INSTALL.W32. 2006-09-18 19:20:43 +00:00
Andy Polyakov
4b67fefe5a Remove x86ms.pl and reimplement x86*.pl. 2006-09-18 19:17:09 +00:00
Andy Polyakov
3a8012cbf2 Improve 386 portability of aes-586.pl. 2006-09-18 19:13:15 +00:00
Bodo Möller
a53cdc5b08 Ensure that the addition mods[i]+delta cannot overflow in probable_prime(). 
[Problem pointed out by Adam Young <adamy (at) acm.org>]
 2006-09-18 14:00:49 +00:00
Dr. Stephen Henson
5d20c4fb35 Overhaul of by_dir code to handle dynamic loading of CRLs. 2006-09-17 17:16:28 +00:00
Dr. Stephen Henson
a04549cc75 GOST public key algorithm ENGINE donated to the OpenSSL by Cryptocom. 
Very early version, doesn't do much yet, not even added to the build system.
 2006-09-17 13:00:18 +00:00
Dr. Stephen Henson
bc7535bc7f Support for AKID in CRLs and partial support for IDP. Overhaul of CRL 
handling to support this.
 2006-09-14 17:25:02 +00:00
Dr. Stephen Henson
83357f047d Update docs. 2006-09-13 03:28:42 +00:00
Bodo Möller
b6699c3f07 Update 2006-09-12 14:42:19 +00:00
Dr. Stephen Henson
016bc5ceb3 Fixes for new CRL/cert callbacks. Update CRL processing code to use new 
callbacks.
 2006-09-11 13:00:52 +00:00
Bodo Möller
ed65f7dc34 ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 
ciphersuite as well
 2006-09-11 09:49:03 +00:00
Dr. Stephen Henson
4d50a2b4d6 Add verify callback functions to lookup a STACK of matching certs or CRLs 
based on subject name.

New thread safe functions to retrieve matching STACK from X509_STORE.

Cache some IDP components.
 2006-09-10 12:38:37 +00:00
Bodo Möller
7f4301668f Make sure the int_rsa_verify() prototype matches the implementation 
(m_len currently is 'unsigned int', not 'size_t')

Submitted by: Gisle Vanem
 2006-09-08 06:00:40 +00:00
Dr. Stephen Henson
29a1bb07e5 Additional detail. 2006-09-06 11:59:04 +00:00
Bodo Möller
99e9a90081 update information on "current version" ... 2006-09-06 11:54:19 +00:00
Dr. Stephen Henson
715020e334 Add an FAQ. 2006-09-06 11:53:50 +00:00