Commit graph

2135 commits

Author SHA1 Message Date
Dr. Stephen Henson
0090a686c0 Add code to download CRLs based on CRLDP extension.
Just a sample, real world applications would have to be cleverer.
2012-12-06 18:43:40 +00:00
Dr. Stephen Henson
3bf15e2974 Integrate host, email and IP address checks into X509_verify.
Add new verify options to set checks.

Remove previous -check* commands from s_client and s_server.
2012-12-05 18:35:20 +00:00
Dr. Stephen Henson
2e8cb108dc initial support for delta CRL generations by diffing two full CRLs 2012-12-04 18:35:36 +00:00
Dr. Stephen Henson
fdb78f3d88 New option to add CRLs for s_client and s_server. 2012-12-02 16:16:28 +00:00
Dr. Stephen Henson
6f9076ff37 Generalise OCSP I/O functions to support dowloading of other ASN1
structures using HTTP. Add wrapper function to handle CRL download.
2012-11-28 16:22:53 +00:00
Dr. Stephen Henson
2c340864be New functions to set lookup_crls callback and to retrieve internal X509_STORE
from X509_STORE_CTX.
2012-11-27 23:47:48 +00:00
Dr. Stephen Henson
20b431e3a9 Add support for printing out and retrieving EC point formats extension. 2012-11-22 15:20:53 +00:00
Dr. Stephen Henson
1c455bc084 new function ASN1_TIME_diff to calculate difference between two ASN1_TIME structures 2012-11-19 15:12:07 +00:00
Dr. Stephen Henson
d88926f181 PR: 2909
Contributed by: Florian Weimer <fweimer@redhat.com>

Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.
2012-11-18 15:13:55 +00:00
Dr. Stephen Henson
3db935a9e5 add SSL_CONF functions and documentation 2012-11-16 19:12:24 +00:00
Dr. Stephen Henson
a70da5b3ec New functions to check a hostname email or IP address against a
certificate. Add options to s_client, s_server and x509 utilities
to print results of checks.
2012-10-08 15:10:07 +00:00
Andy Polyakov
b8c5929130 config: detect linux-mips* targets. 2012-09-19 20:58:07 +00:00
Dr. Stephen Henson
4f3df8bea2 Add -rev test option to s_server to just reverse order of characters received
by client and send back to server. Also prints an abbreviated summary of
the connection parameters.
2012-09-14 13:27:05 +00:00
Dr. Stephen Henson
2a7cbe77b3 Add -brief option to s_client and s_server to summarise connection details.
New option -verify_quiet to shut up the verify callback unless there is
an error.
2012-09-12 23:14:28 +00:00
Dr. Stephen Henson
94a209d8e1 Add ctrl and utility functions to retrieve raw cipher list sent by client in
client hello message. Previously this could only be retrieved on an initial
connection and it was impossible to determine the cipher IDs of any uknown
ciphersuites.
2012-09-12 13:57:48 +00:00
Dr. Stephen Henson
e5db9c3b67 Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate
change the current certificate (in s->cert->key) to the one used and then
SSL_get_certificate and SSL_get_privatekey will automatically work.
2012-09-11 13:34:08 +00:00
Ben Laurie
2daceb0342 Call OCSP Stapling callback after ciphersuite has been chosen, so the
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent.  See
http://rt.openssl.org/Ticket/Display.html?id=2836.
2012-09-11 12:57:46 +00:00
Andy Polyakov
0e1f390bad Harmonize CHANGES in HEAD. 2012-08-29 14:14:05 +00:00
Dr. Stephen Henson
2ea8035460 Add three Suite B modes to TLS code, supporting RFC6460. 2012-08-15 15:15:05 +00:00
Dr. Stephen Henson
3ad344a517 add suite B chain validation flags and associated verify errors 2012-08-03 13:51:43 +00:00
Dr. Stephen Henson
6dbb6219e7 Make tls1_check_chain return a set of flags indicating checks passed
by a certificate chain. Add additional tests to handle client
certificates: checks for matching certificate type and issuer name
comparison.

Print out results of checks for each candidate chain tested in
s_server/s_client.
2012-07-27 13:39:23 +00:00
Dr. Stephen Henson
ec4a50b3c3 Abort handshake if signature algorithm used not supported by peer. 2012-07-24 18:11:27 +00:00
Dr. Stephen Henson
d18b716d25 check EC tmp key matches preferences 2012-07-24 13:47:40 +00:00
Dr. Stephen Henson
74ecfab401 Add support for certificate stores in CERT structure. This makes it
possible to have different stores per SSL structure or one store in
the parent SSL_CTX. Include distint stores for certificate chain
verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
to build and store a certificate chain in CERT structure: returing
an error if the chain cannot be built: this will allow applications
to test if a chain is correctly configured.

Note: if the CERT based stores are not set then the parent SSL_CTX
store is used to retain compatibility with existing behaviour.
2012-07-23 23:34:28 +00:00
Dr. Stephen Henson
b7bfe69b66 New function ssl_set_client_disabled to set masks for any ciphersuites
that are disabled for this session (as opposed to always disabled by
configuration).
2012-07-18 14:09:46 +00:00
Dr. Stephen Henson
9f27b1eec3 Add new ctrl to retrieve client certificate types, print out
details in s_client.

Also add ctrl to set client certificate types. If not used sensible values
will be included based on supported signature algorithms: for example if
we don't include any DSA signing algorithms the DSA certificate type is
omitted.

Fix restriction in old code where certificate types would be truncated
if it exceeded TLS_CT_NUMBER.
2012-07-08 14:22:45 +00:00
Dr. Stephen Henson
3dbc46dfcd Separate client and server permitted signature algorithm support: by default
the permitted signature algorithms for server and client authentication
are the same but it is now possible to set different algorithms for client
authentication only.
2012-07-03 12:51:14 +00:00
Dr. Stephen Henson
18d7158809 Add certificate callback. If set this is called whenever a certificate
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.
2012-06-29 14:24:42 +00:00
Dr. Stephen Henson
d61ff83be9 Add new "valid_flags" field to CERT_PKEY structure which determines what
the certificate can be used for (if anything). Set valid_flags field
in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
to have similar checks in it.

Add new "cert_flags" field to CERT structure and include a "strict mode".
This enforces some TLS certificate requirements (such as only permitting
certificate signature algorithms contained in the supported algorithms
extension) which some implementations ignore: this option should be used
with caution as it could cause interoperability issues.
2012-06-28 12:45:49 +00:00
Dr. Stephen Henson
4453cd8c73 Reorganise supported signature algorithm extension processing.
Only store encoded versions of peer and configured signature algorithms.
Determine shared signature algorithms and cache the result along with NID
equivalents of each algorithm.
2012-06-25 14:32:30 +00:00
Dr. Stephen Henson
0f229cce65 Add support for application defined signature algorithms for use with
TLS v1.2. These are sent as an extension for clients and during a certificate
request for servers.

TODO: add support for shared signature algorithms, respect shared algorithms
when deciding which ciphersuites and certificates to permit.
2012-06-22 14:03:31 +00:00
Dr. Stephen Henson
a5ee80b910 Make it possible to delete all certificates from an SSL structure. 2012-06-18 12:56:59 +00:00
Dr. Stephen Henson
93ab9e421e Initial record tracing code. Print out all fields in SSL/TLS records
for debugging purposes. Needs "enable-ssl-trace" configuration option.
2012-06-15 12:46:09 +00:00
Dr. Stephen Henson
dfcf48f499 New functions to retrieve certificate signatures and signature OID NID. 2012-06-13 13:08:12 +00:00
Dr. Stephen Henson
4b9e0b5f74 print out issuer and subject unique identifier fields in certificates 2012-06-12 13:41:18 +00:00
Ben Laurie
a9e1c50bb0 RFC 5878 support. 2012-05-30 10:10:58 +00:00
Dr. Stephen Henson
4242a090c7 PR: 2813
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.
2012-05-11 13:53:37 +00:00
Dr. Stephen Henson
c3b1303387 PR: 2811
Reported by: Phil Pennock <openssl-dev@spodhuis.org>

Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
version client hello workaround if renegotiating.
2012-05-11 13:34:29 +00:00
Dr. Stephen Henson
c46ecc3a55 Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
DTLS to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
2012-05-10 16:03:52 +00:00
Dr. Stephen Henson
225055c30b Reported by: Solar Designer of Openwall
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-05-10 13:46:09 +00:00
Dr. Stephen Henson
a708609945 Don't try to use unvalidated composite ciphers in FIPS mode 2012-04-26 18:55:01 +00:00
Andy Polyakov
a2b21191d9 CHANGES: clarify. 2012-04-26 07:33:26 +00:00
Andy Polyakov
396f8b71ac CHANGES: fix typos and clarify. 2012-04-26 07:20:06 +00:00
Dr. Stephen Henson
43d5b4ff31 Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
2012-04-25 23:04:42 +00:00
Andy Polyakov
f2ad35821c s23_clnt.c: ensure interoperability by maitaining client "version capability"
vector contiguous.
PR: 2802
2012-04-25 22:06:32 +00:00
Dr. Stephen Henson
d9a9d10f4f Check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19 16:19:56 +00:00
Bodo Möller
d3ddf0228e Disable SHA-2 ciphersuites in < TLS 1.2 connections.
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)

Submitted by: Adam Langley
2012-04-17 15:23:03 +00:00
Dr. Stephen Henson
800e1cd969 Additional workaround for PR#2771
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.

Document workarounds in CHANGES.
2012-04-17 15:12:09 +00:00
Dr. Stephen Henson
a43526302f Add support for automatic ECDH temporary key parameter selection. When
enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.
2012-04-05 13:38:27 +00:00
Andy Polyakov
82c5ac4599 CHANGES: harmonize with 1.0.0 and 1.0.1. 2012-03-31 18:56:27 +00:00
Dr. Stephen Henson
d0595f170c Initial revision of ECC extension handling.
Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
2012-03-28 15:05:04 +00:00
Dr. Stephen Henson
e7f8ff4382 New ctrls to retrieve supported signature algorithms and curves and
extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.
2012-03-06 14:28:21 +00:00
Dr. Stephen Henson
64095ce9d7 Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
2012-02-21 14:41:13 +00:00
Dr. Stephen Henson
206310c305 Fix bug in CVE-2011-4619: check we have really received a client hello
before rejecting multiple SGC restarts.
2012-02-16 15:26:04 +00:00
Dr. Stephen Henson
5863163732 Additional compatibility fix for MDC2 signature format.
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
2012-02-15 14:27:25 +00:00
Dr. Stephen Henson
83cb7c4635 An incompatibility has always existed between the format used for RSA
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.

This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.

Add detection in RSA_verify so either format works.

Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
2012-02-15 14:04:00 +00:00
Dr. Stephen Henson
f4e1169341 Modify client hello version when renegotiating to enhance interop with
some servers.
2012-02-09 15:42:10 +00:00
Dr. Stephen Henson
f71c6e52f7 Add support for distinct certificate chains per key type and per SSL
structure.

Before this the only way to add a custom chain was in the parent SSL_CTX
(which is shared by all key types and SSL structures) or rely on auto
chain building (which is performed on each handshake) from the trust store.
2012-01-31 14:00:10 +00:00
Dr. Stephen Henson
0d60939515 add support for use of fixed DH client certificates 2012-01-25 14:51:49 +00:00
Dr. Stephen Henson
855d29184e Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 18:15:27 +00:00
Dr. Stephen Henson
ac07bc8602 fix CHANGES entry 2012-01-17 14:20:32 +00:00
Dr. Stephen Henson
8e1dc4d7ca Support for fixed DH ciphersuites.
The cipher definitions of these ciphersuites have been around since SSLeay
but were always disabled. Now OpenSSL supports DH certificates they can be
finally enabled.

Various additional changes were needed to make them work properly: many
unused fixed DH sections of code were untested.
2012-01-16 18:19:14 +00:00
Bodo Möller
8e85545284 Update for 0.9.8s and 1.0.0f, and for 1.0.1 branch.
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in HEAD, the actual code is here already.)
2012-01-05 13:48:55 +00:00
Dr. Stephen Henson
4d0bafb4ae update CHANGES 2012-01-04 23:54:17 +00:00
Dr. Stephen Henson
e745572493 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 23:52:26 +00:00
Dr. Stephen Henson
27dfffd5b7 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 23:16:15 +00:00
Dr. Stephen Henson
2ec0497f08 fix CHANGES 2012-01-04 23:10:44 +00:00
Dr. Stephen Henson
6bf896d9b1 Check GOST parameters are not NULL (CVE-2012-0027) 2012-01-04 23:03:40 +00:00
Dr. Stephen Henson
be71c37296 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 23:01:54 +00:00
Dr. Stephen Henson
0b9f5ef809 update CHANGES 2011-12-31 23:08:15 +00:00
Dr. Stephen Henson
4817504d06 PR: 2658
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
2011-12-31 22:59:57 +00:00
Dr. Stephen Henson
ad89bf7894 PR: 2563
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve

Improved PRNG seeding for VOS.
2011-12-19 17:01:37 +00:00
Andy Polyakov
e75440d2c9 update CHANGES. 2011-12-19 14:48:49 +00:00
Dr. Stephen Henson
188c53f7e8 update CHANGES 2011-12-19 14:41:03 +00:00
Ben Laurie
9a436c0f89 Back out redundant verification time change. 2011-12-13 15:00:43 +00:00
Ben Laurie
7fd5df6b12 Make it possible to set a time for verification. 2011-12-13 14:38:12 +00:00
Dr. Stephen Henson
627b044536 update CHANGES 2011-12-10 00:49:05 +00:00
Dr. Stephen Henson
2ca873e8d8 transparently handle X9.42 DH parameters 2011-12-07 12:44:03 +00:00
Dr. Stephen Henson
afb14cda8c Initial experimental support for X9.42 DH parameter format to handle
RFC5114 parameters and X9.42 DH public and private keys.
2011-12-07 00:32:34 +00:00
Bodo Möller
19b0d0e75b Resolve a stack set-up race condition (if the list of compression
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
2011-12-02 12:52:00 +00:00
Bodo Möller
ea8c77a55b Fix ecdsatest.c.
Submitted by: Emilia Kasper
2011-12-02 12:41:17 +00:00
Bodo Möller
a7c71d8955 Update HEAD CHANGES file. 2011-12-02 12:28:20 +00:00
Bodo Möller
390c579568 Fix BIO_f_buffer().
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
2011-12-02 12:25:03 +00:00
Ben Laurie
e0af04056c Add TLS exporter. 2011-11-15 23:50:52 +00:00
Ben Laurie
333f926d67 Add DTLS-SRTP. 2011-11-15 22:59:20 +00:00
Dr. Stephen Henson
20bee9684d Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest. 2011-11-13 14:07:36 +00:00
Dr. Stephen Henson
a98b8ce652 Update fips_test_suite to take multiple command line options and
an induced error checking function.
2011-11-06 12:53:13 +00:00
Dr. Stephen Henson
f4324e51dd Add single call public key sign and verify functions. 2011-11-05 01:34:36 +00:00
Dr. Stephen Henson
3ec9dceb15 Add fips_algvs utility (from FIPS 2.0 stable branch). 2011-11-02 00:57:22 +00:00
Dr. Stephen Henson
5e4eb9954b add authentication parameter to FIPS_module_mode_set 2011-10-19 22:34:53 +00:00
Bodo Möller
e5641d7f05 BN_BLINDING multi-threading fix.
Submitted by: Emilia Kasper (Google)
2011-10-19 14:59:27 +00:00
Bodo Möller
e0d6132b8c Fix warnings.
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
2011-10-19 08:59:53 +00:00
Bodo Möller
3e00b4c9db Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.
2011-10-18 19:43:16 +00:00
Bodo Möller
8b37d33a94 typo 2011-10-13 13:20:33 +00:00
Bodo Möller
3ddc06f082 In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-13 13:05:58 +00:00
Dr. Stephen Henson
ccbb9badba fix CHANGES entry 2011-10-09 23:11:55 +00:00
Dr. Stephen Henson
2bfeb7dc83 Add FIPS selftests for ECDH algorithm. 2011-09-29 23:08:23 +00:00
Dr. Stephen Henson
cb71870dfa Use function name FIPS_drbg_health_check() for health check function.
Add explanatory comments to health check code.
2011-09-22 14:01:25 +00:00
Dr. Stephen Henson
4420b3b17a Revise DRBG to split between internal and external flags.
One demand health check function.

Perform generation test in fips_test_suite.

Option to skip dh test if fips_test_suite.
2011-09-21 17:04:56 +00:00
Dr. Stephen Henson
15094852de new function to lookup FIPS supported ciphers by NID 2011-09-14 13:25:48 +00:00
Dr. Stephen Henson
a11f06b2dc More extensive DRBG health check. New function to call health check
for all DRBG combinations.
2011-09-12 18:47:39 +00:00
Dr. Stephen Henson
7fdcb45745 Add support for Dual EC DRBG from SP800-90. Include updates to algorithm
tests and POST code.
2011-09-09 17:16:43 +00:00
Dr. Stephen Henson
0486cce653 Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
produce an error (CVE-2011-3207)
2011-09-06 15:15:09 +00:00
Bodo Möller
c519e89f5c Fix session handling. 2011-09-05 13:36:23 +00:00
Bodo Möller
612fcfbd29 Fix d2i_SSL_SESSION. 2011-09-05 13:31:17 +00:00
Bodo Möller
e7928282d0 (EC)DH memory handling fixes.
Submitted by: Adam Langley
2011-09-05 10:25:31 +00:00
Bodo Möller
837e1b6812 Fix memory leak on bad inputs. 2011-09-05 09:57:20 +00:00
Bodo Möller
acb4ab34a4 Synchronize with 1.0.1 CHANGES file. 2011-09-05 09:30:50 +00:00
Dr. Stephen Henson
f55f5f775e Add support for canonical generation of DSA parameter g.
Modify fips_dssvs to support appropriate file format.
2011-08-26 14:51:49 +00:00
Andy Polyakov
c608171d9c Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. 2011-08-23 20:51:38 +00:00
Dr. Stephen Henson
1f59a84308 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
2011-08-14 13:45:19 +00:00
Dr. Stephen Henson
20f12e63ff Add HMAC DRBG from SP800-90 2011-08-08 22:07:38 +00:00
Dr. Stephen Henson
28dd49faec Expand range of ctrls for AES GCM to support retrieval and setting of
invocation field.

Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.
2011-08-03 15:37:22 +00:00
Dr. Stephen Henson
fe8aeffa92 Update CHANGES. 2011-07-25 21:43:57 +00:00
Dr. Stephen Henson
01a9a7592e Add functions to return FIPS module version. 2011-07-04 23:38:16 +00:00
Bodo Möller
e66cb363d6 Fix the version history: changes going into 1.1.0 that are also going
into 1.0.1 should not be listed as "changes between 1.0.1 and 1.0.0".

This makes the OpenSSL_1_0_1-stable and HEAD versions of this file
consistent with each other (the HEAD version has the additional 1.1.0
section, but doesn't otherwise differ).
2011-06-15 14:49:17 +00:00
Dr. Stephen Henson
eda3766b53 Output supported curves in preference order instead of numerically. 2011-05-30 17:58:13 +00:00
Dr. Stephen Henson
992bdde62d Fix the ECDSA timing attack mentioned in the paper at:
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:41:56 +00:00
Dr. Stephen Henson
f37f20ffd3 PR: 2295
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2011-05-20 14:56:29 +00:00
Dr. Stephen Henson
101e6e19f2 Add CHANGES entry: add FIPS support to ssl 2011-05-19 18:10:25 +00:00
Dr. Stephen Henson
086e32a6c7 Implement FIPS_mode and FIPS_mode_set 2011-05-19 18:09:02 +00:00
Dr. Stephen Henson
855a54a9a5 Provisional support for TLS v1.2 client authentication: client side only.
Parse certificate request message and set digests appropriately.

Generate new TLS v1.2 format certificate verify message.

Keep handshake caches around for longer as they are needed for client auth.
2011-05-12 17:35:03 +00:00
Dr. Stephen Henson
c2fd598994 Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
a2f9200fba Initial TLS v1.2 client support. Include a default supported signature
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.

Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
2011-05-09 15:44:01 +00:00
Dr. Stephen Henson
6b7be581e5 Continuing TLS v1.2 support: add support for server parsing of
signature algorithms extension and correct signature format for
server key exchange.

All ciphersuites should now work on the server but no client support and
no client certificate support yet.
2011-05-06 13:00:07 +00:00
Dr. Stephen Henson
7409d7ad51 Initial incomplete TLS v1.2 support. New ciphersuites added, new version
checking added, SHA256 PRF support added.

At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
2011-04-29 22:56:51 +00:00
Dr. Stephen Henson
08557cf22c Initial "opaque SSL" framework. If an application defines
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.

The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
2011-04-29 22:37:12 +00:00
Dr. Stephen Henson
e0d1a2f80a Always return multiple of block length bytes from default DRBG seed
callback.

Handle case where no multiple of the block size is in the interval
[min_len, max_len].
2011-04-23 20:05:19 +00:00
Dr. Stephen Henson
cac4fb58e0 Add PRNG security strength checking. 2011-04-23 19:55:55 +00:00
Dr. Stephen Henson
b5dd178740 Fix EVP CCM decrypt. Add decrypt support to algorithm test program. 2011-04-18 22:48:40 +00:00
Dr. Stephen Henson
2391681082 Initial untested CCM support via EVP. 2011-04-18 14:25:11 +00:00
Dr. Stephen Henson
06b7e5a0e4 Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation. 2011-04-15 02:49:30 +00:00
Dr. Stephen Henson
ac892b7aa6 Initial incomplete POST overhaul: add support for POST callback to
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
32a2d8ddfe Provisional AES XTS support. 2011-04-12 23:21:33 +00:00
Dr. Stephen Henson
d7a3ce989c Update CHANGES. 2011-04-06 23:41:19 +00:00
Dr. Stephen Henson
05e24c87dd Extensive reorganisation of PRNG handling in FIPS module: all calls
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.

Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14 Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
96ec46f7c0 Implement health checks needed by SP800-90.
Fix warnings.

Instantiate DRBGs at maximum strength.
2011-03-17 16:55:24 +00:00
Ben Laurie
d4f3dd5fb6 Fix Tom Wu's email. 2011-03-16 11:28:43 +00:00
Ben Laurie
0deea0e03c Note SRP support. 2011-03-12 17:04:07 +00:00
Dr. Stephen Henson
8857b380e2 Add ECDH to validated module. 2011-03-09 23:44:06 +00:00
Dr. Stephen Henson
11e80de3ee New initial DH algorithm test driver. 2011-03-08 19:10:17 +00:00
Dr. Stephen Henson
591cbfae3c Initial, provisional, subject to wholesale change, untested, probably
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.

Did I say this was untested?
2011-03-04 18:00:21 +00:00
Dr. Stephen Henson
eead69f5ed Make fipscanisteronly build only required files. 2011-02-21 14:07:15 +00:00
Dr. Stephen Henson
5d439d6955 Make -DOPENSSL_FIPSSYMS work for assembly language builds. 2011-02-17 19:03:52 +00:00
Dr. Stephen Henson
017bc57bf9 Experimental FIPS symbol renaming.
Fixups under fips/ to make symbol renaming work.
2011-02-16 14:49:50 +00:00
Dr. Stephen Henson
25c6542944 Add non-FIPS algorithm blocking and selftest checking. 2011-02-15 16:03:47 +00:00
Dr. Stephen Henson
fe26d066ff Add ECDSA functionality to fips module. Initial very incomplete version
of algorithm test program.
2011-02-14 17:14:55 +00:00
Dr. Stephen Henson
b331016124 New option to disable characteristic two fields in EC code. 2011-02-12 17:23:32 +00:00
Dr. Stephen Henson
30b56225cc New "fispcanisteronly" build option: only build fipscanister.o and
associated utilities. This functionality will be used by the validated
tarball.
2011-02-11 19:02:34 +00:00
Dr. Stephen Henson
b3d8022edd Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest. 2011-02-09 16:21:43 +00:00
Bodo Möller
c415adc26f Sync with 1.0.1 branch.
(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
2011-02-08 19:09:08 +00:00
Dr. Stephen Henson
bdaa54155c Initial *very* experimental EVP support for AES-GCM. Note: probably very
broken and subject to change.
2011-02-07 18:16:33 +00:00
Dr. Stephen Henson
d45087c672 Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher:
the NULL value for the input buffer is sufficient to notice this case.
2011-02-07 18:04:27 +00:00
Dr. Stephen Henson
3da0ca796c New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying
cipher handles all cipher symantics itself.
2011-02-07 14:36:08 +00:00
Bodo Möller
9bda745876 fix omissions 2011-02-03 11:13:29 +00:00
Bodo Möller
88f2a4cf9c CVE-2010-4180 fix (from OpenSSL_1_0_0-stable) 2011-02-03 10:43:00 +00:00
Dr. Stephen Henson
968062b7d3 Fix escaping code for string printing. If *any* escaping is enabled we
must escape the escape character itself (backslash).
2011-01-03 01:31:24 +00:00
Dr. Stephen Henson
2b3936e882 avoid verification loops in trusted store when path building 2010-12-25 20:45:59 +00:00
Dr. Stephen Henson
300b1d76fe apply J-PKAKE fix to HEAD (original by Ben) 2010-11-29 18:32:05 +00:00
Dr. Stephen Henson
f830c68f4d add "missing" functions to copy EVP_PKEY_METHOD and examine info 2010-11-24 16:08:20 +00:00
Dr. Stephen Henson
732d31beee bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files 2010-11-16 14:18:51 +00:00
Dr. Stephen Henson
e49af2ac38 move CHANGES entry to correct place 2010-10-10 12:24:13 +00:00
Dr. Stephen Henson
5759425810 PR: 2314
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
2010-10-10 12:15:47 +00:00
Dr. Stephen Henson
39239280f3 Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-10-03 18:58:09 +00:00
Bodo Möller
7b3a9b0099 Update version numbers 2010-08-26 18:45:45 +00:00
Bodo Möller
7c2d4fee25 For better forward-security support, add functions
SSL_[CTX_]set_not_resumable_session_callback.

Submitted by: Emilia Kasper (Google)

[A part of this change affecting ssl/s3_lib.c was accidentally commited
separately, together with a compilation fix for that file;
see s3_lib.c CVS revision 1.133 (http://cvs.openssl.org/chngview?cn=19855).]
2010-08-26 15:15:47 +00:00
Bodo Möller
04daec862c New 64-bit optimized implementation EC_GFp_nistp224_method().
This will only be compiled in if explicitly requested
(#ifdef EC_NISTP224_64_GCC_128).

Submitted by: Emilia Kasper (Google)
2010-08-26 14:29:55 +00:00
Dr. Stephen Henson
44959ee456 PR: 1833
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Support for abbreviated handshakes when renegotiating.
2010-08-26 14:23:52 +00:00
Bodo Möller
c94f7f657b ECC library bugfixes.
Submitted by: Emilia Kasper (Google)
2010-08-26 12:11:01 +00:00
Bodo Möller
173350bcca Harmonize with OpenSSL_1_0_1-stable version of CHANGES. 2010-08-26 11:22:33 +00:00
Ben Laurie
ee2ffc2794 Add Next Protocol Negotiation. 2010-07-28 10:06:55 +00:00
Dr. Stephen Henson
eb1c48be6f Add new type ossl_ssize_t instead of ssize_t and move definitions to
e_os2.h, this should fix WIN32 compilation issues and hopefully avoid
conflicts with other headers which may workaround ssize_t in different ways.
2010-07-26 18:15:59 +00:00
Dr. Stephen Henson
223c59eae5 Fix WIN32 build system to correctly link ENGINE DLLs contained in a
directory: currently the GOST ENGINE is the only case.
2010-07-24 17:52:43 +00:00
Dr. Stephen Henson
7bbd0de88d Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-07-21 16:14:48 +00:00
Dr. Stephen Henson
f96ccf36ff PR: 1830
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson

Support for RFC5705 key extractor.
2010-07-18 17:43:18 +00:00
Dr. Stephen Henson
b9e7793dd7 oops, revert wrong patch.. 2010-07-18 17:43:01 +00:00
Dr. Stephen Henson
d135da5192 Fix warnings (From HEAD, original patch by Ben). 2010-07-18 16:52:47 +00:00
Dr. Stephen Henson
3cbb15ee81 add CVE-2010-0742 and CVS-2010-1633 fixes 2010-06-01 14:39:01 +00:00
Andy Polyakov
3efe51a407 Revert previous Linux-specific/centric commit#19629. If it really has to
be done, it's definitely not the way to do it. So far answer to the
question was to ./config -Wa,--noexecstack (adopted by RedHat).
2010-05-05 22:05:39 +00:00
Ben Laurie
0e3ef596e5 Non-executable stack in asm. 2010-05-05 15:50:13 +00:00
Dr. Stephen Henson
1bf508c9cf new function to diff tm structures 2010-04-15 13:25:26 +00:00
Dr. Stephen Henson
c0b8eb606f Add SHA2 algorithms to SSL_library_init(). Although these aren't used
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
2010-04-07 13:18:07 +00:00
Bodo Möller
3e8b6485b3 Fix for "Record of death" vulnerability CVE-2010-0740.
Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010),
and further harmonize this version of CHANGES with the versions in the current branches.
2010-03-25 11:25:30 +00:00
Dr. Stephen Henson
be449448dc update CHANGES 2010-03-14 12:55:15 +00:00
Dr. Stephen Henson
4c623cddbe add -sigopt option to ca utility 2010-03-14 12:54:45 +00:00
Mark J. Cox
fb75f349b7 This entry was in 0.9.8m changelog but missing from here, since it's
security relevent we'd better list it.
2010-03-12 08:36:44 +00:00
Dr. Stephen Henson
f26cf9957f typo 2010-03-11 14:19:46 +00:00
Dr. Stephen Henson
17c63d1cca RSA PSS ASN1 signing method 2010-03-11 14:06:46 +00:00
Dr. Stephen Henson
85522a074c Algorithm specific ASN1 signing functions. 2010-03-11 13:32:38 +00:00
Dr. Stephen Henson
31904ecdf3 RSA PSS verification support including certificates and certificate
requests. Add new ASN1 signature initialisation function to handle this
case.
2010-03-08 18:10:35 +00:00
Dr. Stephen Henson
ff04bbe363 Add PSS algorithm printing. This is an initial step towards full PSS support.
Uses ASN1 module in Martin Kaiser's PSS patch.
2010-03-06 19:55:25 +00:00
Dr. Stephen Henson
fa1ba589f3 Add algorithm specific signature printing. An individual ASN1 method can
now print out signatures instead of the standard hex dump.

More complex signatures (e.g. PSS) can print out more meaningful information.

Sample DSA version included that prints out the signature parameters r, s.

[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
 new fields in the middle has no compatibility issues]
2010-03-06 18:05:05 +00:00
Dr. Stephen Henson
cca1cd9a34 Submitted by: Tomas Hoger <thoger@redhat.com>
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
2010-03-03 15:41:18 +00:00
Dr. Stephen Henson
0f776277bc oops, use correct date 2010-02-26 12:13:36 +00:00
Dr. Stephen Henson
db28aa86e0 add -trusted_first option and verify flag 2010-02-25 12:21:48 +00:00
Dr. Stephen Henson
fbd2164044 Experimental support for partial chain verification: if an intermediate
certificate is explicitly trusted (using -addtrust option to x509 utility
for example) the verification is sucessful even if the chain is not complete.
2010-02-25 00:17:22 +00:00
Bodo Möller
a839755329 Fix X509_STORE locking 2010-02-19 18:27:07 +00:00
Dr. Stephen Henson
c2c49969e2 Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
2010-02-17 18:38:31 +00:00
Dr. Stephen Henson
47e0a1c335 PR: 2100
Submitted by: James Baker <jbaker@tableausoftware.com> et al.

Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:41 +00:00
Dr. Stephen Henson
f959598866 update references to new RI RFC 2010-02-12 21:59:31 +00:00
Dr. Stephen Henson
c8ef656df2 Make CMAC API similar to HMAC API. Add methods for CMAC. 2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
8c968e0355 Initial experimental CMAC implementation. 2010-02-07 18:01:07 +00:00
Dr. Stephen Henson
c2bf720842 Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
2010-02-07 13:39:39 +00:00
Dr. Stephen Henson
da454e4c67 typo 2010-01-29 00:09:33 +00:00
Dr. Stephen Henson
08c239701b Experimental renegotiation support in s_server test -www server. 2010-01-28 19:48:36 +00:00
Dr. Stephen Henson
4ba1aa393b typo 2010-01-27 14:05:39 +00:00
Dr. Stephen Henson
d5e7f2f2c3 PR: 1949
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
2010-01-26 19:47:37 +00:00
Dr. Stephen Henson
58c0da84dd Typo 2010-01-26 12:30:00 +00:00
Dr. Stephen Henson
ba64ae6cd1 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:12 +00:00
Dr. Stephen Henson
bd5f21a4ae Fix version handling so it can cope with a major version >3.
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
2010-01-13 19:08:02 +00:00
Dr. Stephen Henson
1b31b5ad56 Modify compression code so it avoids using ex_data free functions. This
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
2010-01-13 18:57:40 +00:00
Dr. Stephen Henson
0e0c6821fa PR: 2136
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
2010-01-12 17:29:34 +00:00
Dr. Stephen Henson
76998a71bc Updates to conform with draft-ietf-tls-renegotiation-03.txt:
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
2010-01-06 17:37:09 +00:00
Dr. Stephen Henson
e6f418bcb7 Compression handling on session resume was badly broken: it always
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
2009-12-31 14:13:30 +00:00
Dr. Stephen Henson
5e63121758 Include CHANGES entry for external cache 2009-12-31 13:58:57 +00:00
Bodo Möller
7427379e9b Constify crypto/cast. 2009-12-22 10:58:33 +00:00
Dr. Stephen Henson
ef51b4b9b4 New option to enable/disable connection to unpatched servers 2009-12-16 20:25:59 +00:00
Dr. Stephen Henson
7661ccadf0 Add ctrls to clear options and mode.
Change RI ctrl so it doesn't clash.
2009-12-09 13:25:16 +00:00
Dr. Stephen Henson
82e610e2cf Send no_renegotiation alert as required by spec. 2009-12-08 19:06:26 +00:00
Dr. Stephen Henson
5430200b8b Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:08 +00:00
Dr. Stephen Henson
13f6d57b1e Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:14:03 +00:00
Dr. Stephen Henson
637f374ad4 Initial experimental TLSv1.1 support 2009-12-07 13:31:02 +00:00
Dr. Stephen Henson
9d9530255b Update CHANGES. 2009-12-02 15:28:27 +00:00
Dr. Stephen Henson
d2a53c2238 Experimental CMS password based recipient Info support. 2009-11-26 18:57:39 +00:00
Bodo Möller
480af99ef4 Make CHANGES in CVS head consistent with the CHANGES files in the
branches.

This means that http://www.openssl.org/news/changelog.html will
finally describe 0.9.8l.
2009-11-26 18:43:17 +00:00
Dr. Stephen Henson
3d63b3966f Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat
and is a pre-requisite to adding password based CMS support.
2009-11-25 22:01:06 +00:00
Dr. Stephen Henson
e0e7997212 First cut of renegotiation extension. (port to HEAD) 2009-11-09 19:03:34 +00:00
Dr. Stephen Henson
befbd0619b update CHANGES 2009-11-09 17:33:32 +00:00
Dr. Stephen Henson
245d2ee3d0 Add option to allow in-band CRL loading in verify utility. Add function
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
2009-10-31 13:33:57 +00:00
Dr. Stephen Henson
bb4060c5b5 Move CHANGES entry to 0.9.8l section 2009-10-30 13:29:30 +00:00
Dr. Stephen Henson
661dc1431f Fix statless session resumption so it can coexist with SNI 2009-10-30 13:22:24 +00:00
Dr. Stephen Henson
18e503f30f PR: 2064, 728
Submitted by: steve@openssl.org

Add support for custom headers in OCSP requests.
2009-09-30 21:40:55 +00:00
Dr. Stephen Henson
b6dcdbfc94 Audit libcrypto for unchecked return values: fix all cases enountered 2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
acf20c7dbd Add attribute to check if return value of certain functions is incorrectly
ignored.
2009-09-23 16:27:10 +00:00
Dr. Stephen Henson
a25f33d28a Submitted by: Julia Lawall <julia@diku.dk>
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:29:29 +00:00
Dr. Stephen Henson
0c28f277d1 Add new option --strict-warnings to Configure script. This is used to add
in devteam warnings into other configurations.
2009-09-09 16:31:32 +00:00
Dr. Stephen Henson
1771668096 Tidy up and fix verify callbacks to avoid structure dereference, use of
obsolete functions and enhance to handle new conditions such as policy printing.
2009-09-02 12:47:28 +00:00
Dr. Stephen Henson
6727565a84 PR: 2003
Make it possible to install OpenSSL in directories with name other
than "lib" for example "lib64". Based on patch from Jeremy Utley.
2009-08-10 14:48:40 +00:00
Dr. Stephen Henson
d9d0f1b52c Reject leading 0x80 in OID subidentifiers. 2009-08-06 16:32:54 +00:00
Dr. Stephen Henson
0e4bc56347 Document MD2 deprecation. 2009-07-13 11:58:05 +00:00
Dr. Stephen Henson
9de014a7f8 Update from 0.9.8-stable 2009-06-30 22:27:33 +00:00
Dr. Stephen Henson
d2f6d28298 Update from 0.9.8-stable. 2009-06-28 16:24:37 +00:00
Dr. Stephen Henson
f3be6c7b7d Update from 1.0.0-stable. 2009-06-26 11:29:26 +00:00
Dr. Stephen Henson
e30dd20c0e Update from 1.0.0-stable 2009-06-25 11:29:30 +00:00
Dr. Stephen Henson
c05353c50a Rename asc2uni and uni2asc functions to avoid clashes. 2009-06-17 12:04:56 +00:00
Dr. Stephen Henson
31db43df08 Update from 0.9.8-stable. 2009-06-15 15:01:00 +00:00
Dr. Stephen Henson
d741ccadb5 Oops, update CHANGES entry. 2009-05-31 17:13:55 +00:00
Dr. Stephen Henson
d0b72cf45b Add CHANGES entries from 0.9.8-stable. 2009-05-18 17:37:33 +00:00
Dr. Stephen Henson
5f8f94a661 Update from 1.0.0-stable. 2009-04-28 22:10:54 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
22c98d4aad Update from 1.0.0-stable 2009-04-08 16:16:35 +00:00
Dr. Stephen Henson
cc7399e79c Changes from 1.0.0-stable. 2009-04-07 16:33:26 +00:00
Dr. Stephen Henson
14023fe352 Merge from 1.0.0-stable branch. 2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
aaf35f11d7 Allow use of algorithm and cipher names for dgsts and enc utilities instead
of having to manually include each one.
2009-03-30 11:31:50 +00:00
Dr. Stephen Henson
77ea8c3002 Fix typo in CHANGES. 2009-03-25 22:21:12 +00:00
Dr. Stephen Henson
ddcfc25a6d Update from stable branch. 2009-03-25 19:02:22 +00:00
Dr. Stephen Henson
4d7b7c62c3 Update CHANGES. 2009-03-25 12:57:50 +00:00
Dr. Stephen Henson
73ba116e96 Update from stable branch. 2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
80b2ff978d Update from stable branch. 2009-03-25 12:53:50 +00:00
Dr. Stephen Henson
7ce8c95d58 Update from stable branch. 2009-03-25 12:53:26 +00:00
Dr. Stephen Henson
b6af2c7e3e Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Reviewed by: steve@openssl.org

Update ccgost engine to support parameter files.
2009-03-17 15:38:34 +00:00
Dr. Stephen Henson
237d7b6cae Fix from stable branch. 2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
854a225a27 Update from stable branch. 2009-03-14 18:33:49 +00:00
Dr. Stephen Henson
33ab2e31f3 PR: 1854
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org

Support GeneralizedTime in ca utility.
2009-03-09 13:59:07 +00:00
Dr. Stephen Henson
77202a85a0 Update from stable branch. 2009-03-07 17:00:23 +00:00
Bodo Möller
7ca1cfbac3 -hex option for openssl rand
PR: 1831
Submitted by: Damien Miller
2009-02-02 00:01:28 +00:00
Dr. Stephen Henson
57f39cc826 Print out UTF8 and NumericString types in ASN1 parsing utility. 2009-01-28 12:54:52 +00:00
Dr. Stephen Henson
6489573224 Update from stable branch. 2009-01-28 12:36:14 +00:00
Ben Laurie
7f62532030 Allow CC to be overridden. 2009-01-18 12:06:37 +00:00
Dr. Stephen Henson
c2c99e2860 Update certificate hash line format to handle canonical format
and avoid MD5 dependency.
2009-01-15 13:22:39 +00:00
Dr. Stephen Henson
8125d9f99c Make PKCS#8 the standard write format for private keys, replacing the
ancient SSLeay format.
2009-01-15 12:52:38 +00:00
Dr. Stephen Henson
363bd0b48e Add a set of standard gcc warning options which are designed to be the
minimum requirement for committed code. Added to debug-steve* config targets
for now.
2009-01-11 15:56:32 +00:00
Ben Laurie
60aee6ce15 Add missing entry. 2009-01-09 12:48:02 +00:00
Dr. Stephen Henson
bab534057b Updatde from stable branch. 2009-01-07 23:44:27 +00:00
Bodo Möller
7a76219774 Implement Configure option pattern "experimental-foo"
(specifically, "experimental-jpake").
2008-12-02 01:21:39 +00:00
Dr. Stephen Henson
79bd20fd17 Update from stable-branch. 2008-11-24 17:27:08 +00:00
Geoff Thorpe
31636a3ed1 Allow the CHIL engine to load even if dynamic locks aren't registered.
Submitted by: Sander Temme
2008-11-19 14:21:27 +00:00
Dr. Stephen Henson
12bf56c017 PR: 1574
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.
2008-11-15 17:18:12 +00:00
Dr. Stephen Henson
ed551cddf7 Update from stable branch. 2008-11-12 17:28:18 +00:00
Dr. Stephen Henson
87d52468aa Update HMAC functions to return an error where relevant. 2008-11-02 16:00:39 +00:00
Ben Laurie
6caa4edd3e Add JPAKE. 2008-10-26 18:40:52 +00:00
Ben Laurie
28b6d5020e Set comparison function in v3_add_canonize(). 2008-10-14 19:27:07 +00:00
Ben Laurie
d5bbead449 Add XMPP STARTTLS support. 2008-10-14 19:11:26 +00:00
Ben Laurie
1ea6472e60 Type-safe OBJ_bsearch_ex. 2008-10-14 08:10:52 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90 Experimental new date handling routines. These fix issues with X509_time_adj()
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Bodo Möller
837f2fc7a4 Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.
2008-09-22 21:22:47 +00:00
Bodo Möller
1a489c9af1 From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.
Also, fix CHANGES (consistency with stable branch).
2008-09-15 20:41:24 +00:00
Dr. Stephen Henson
8c864e5466 Add missing CHANGES entry. 2008-09-15 20:30:58 +00:00
Bodo Möller
e65bcbcef0 Fix SSL state transitions.
Submitted by: Nagendra Modadugu
2008-09-14 14:02:07 +00:00
Bodo Möller
e710de12ce Note about CVS branch inconsistency. 2008-09-14 13:53:18 +00:00
Bodo Möller
db99c52509 Really get rid of unsafe double-checked locking.
Also, "CHANGES" clean-ups.
2008-09-14 13:51:44 +00:00
Bodo Möller
f8d6be3f81 Some precautions to avoid potential security-relevant problems. 2008-09-14 13:42:34 +00:00
Dr. Stephen Henson
d43c4497ce Initial support for delta CRLs. If "use deltas" flag is set attempt to find
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
2008-09-01 15:15:16 +00:00
Dr. Stephen Henson
4b96839f06 Add support for CRLs partitioned by reason code.
Tidy CRL scoring system.

Add new CRL path validation error.
2008-08-29 11:37:21 +00:00
Dr. Stephen Henson
249a77f5fb Add support for freshest CRL extension. 2008-08-27 15:52:05 +00:00
Dr. Stephen Henson
d0fff69dc9 Initial indirect CRL support. 2008-08-20 16:42:19 +00:00
Bodo Möller
2ecd2edede Mention ERR_remove_state() deprecation, and ERR_remove_thread_state(NULL). 2008-08-13 19:30:01 +00:00
Dr. Stephen Henson
9d84d4ed5e Initial support for CRL path validation. This supports distinct certificate
and CRL signing keys.
2008-08-13 16:00:11 +00:00
Dr. Stephen Henson
002e66c0e8 Support for policy mappings extension.
Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.
2008-08-12 10:32:56 +00:00
Dr. Stephen Henson
e9746e03ee Initial support for name constraints certificate extension.
TODO: robustness checking on name forms.
2008-08-08 15:35:29 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs,
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Dr. Stephen Henson
5cbd203302 Initial support for alternative CRL issuing certificates.
Allow inibit any policy flag to be set in apps.
2008-07-30 15:49:12 +00:00
Geoff Thorpe
5f834ab123 Revert my earlier CRYPTO_THREADID commit, I will commit a reworked
version some time soon.
2008-07-03 19:59:25 +00:00
Dr. Stephen Henson
8528128b2a Update from stable branch. 2008-06-26 23:27:31 +00:00
Bodo Möller
8228fd89fc avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr()
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
2008-06-23 20:46:24 +00:00
Dr. Stephen Henson
adb92d56eb Add acknowledgement. 2008-06-09 16:48:42 +00:00
Dr. Stephen Henson
6bf79e30ea Update CHANGES. 2008-06-05 15:34:24 +00:00
Ben Laurie
5ce278a77b More type-checking. 2008-06-04 11:01:43 +00:00
Ben Laurie
8671b89860 Memory saving patch. 2008-06-03 02:48:34 +00:00
Dr. Stephen Henson
368888bcb6 Add client cert engine to SSL routines. 2008-06-01 22:33:24 +00:00
Bodo Möller
2cd81830ef sync with 0.9.8 branch 2008-05-28 22:30:28 +00:00
Bodo Möller
e194fe8f47 From HEAD:
Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com
2008-05-28 22:17:34 +00:00
Bodo Möller
40a706286f From HEAD:
Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com
2008-05-28 22:15:48 +00:00
Ben Laurie
3c1d6bbc92 LHASH revamp. make depend. 2008-05-26 11:24:29 +00:00
Lutz Jänicke
c2c2e7a438 Clear error queue when starting SSL_CTX_use_certificate_chain_file
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
2008-05-23 10:37:52 +00:00
Lutz Jänicke
d18ef847f4 Remove all root CA files (beyond test CAs including private key)
from the OpenSSL distribution.
2008-05-23 08:59:23 +00:00
Dr. Stephen Henson
5c0d90a699 Typo. 2008-05-20 18:49:00 +00:00
Dr. Stephen Henson
f434730524 Typo. 2008-05-20 16:13:57 +00:00
Dr. Stephen Henson
94fd382f8b Fix two invalid memory reads in RSA OAEP mode.
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
2008-05-19 21:33:55 +00:00
Bodo Möller
4bd4afa34e Change use of CRYPTO_THREADID so that we always use both the ulong and
ptr members.

(So if the id_callback is bogus, we still have &errno.)
2008-05-19 20:45:25 +00:00
Dr. Stephen Henson
8a2062fefe Update from stable branch. 2008-04-30 16:14:02 +00:00
Geoff Thorpe
e7b097f558 Fix auto-discovery of ENGINEs. See the CHANGES entry for details (and/or
ticket #1668).

PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe
2008-04-28 21:39:09 +00:00
Geoff Thorpe
5ee6f96cea Paul Sheer optimised the OpenSSL to/from libGMP conversions for the case
where they both use the same limb size. I've tweaked his patch slightly, so
blame me if it breaks.

Submitted by: Paul Sheer
Reviewed by: Geoff Thorpe
2008-04-27 18:41:23 +00:00
Dr. Stephen Henson
3df9357103 Update CHANGES. 2008-04-02 11:44:00 +00:00
Dr. Stephen Henson
992e92a46e Update CHANGES. 2008-04-02 11:24:22 +00:00
Dr. Stephen Henson
eb9d8d8cd4 Support for verification of signed receipts. 2008-03-28 13:15:39 +00:00
Geoff Thorpe
f7ccba3edf There was a need to support thread ID types that couldn't be reliably cast
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
2008-03-28 02:49:43 +00:00
Dr. Stephen Henson
fd47c36136 Return error if no cipher set for encrypted data type.
Update CHANGES.
2008-03-15 00:02:23 +00:00
Dr. Stephen Henson
8931b30d84 And so it begins...
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.
2008-03-12 21:14:28 +00:00
Bodo Möller
7c9882eb24 fix BIGNUM flag handling 2008-02-27 06:01:28 +00:00
Dr. Stephen Henson
7398053149 Experimental support for import of more options from Configure
(via top level Makefile) into mk1mf builds. This avoids the need
to duplicate the CFLAG handling and can auto build assembly language
source files from perl scripts.

Extend VC-WIN32 Configure entry to include new options.
2008-01-06 00:36:22 +00:00
Dr. Stephen Henson
76d761ccd3 Move CHANGES entry. Revert include file install line. 2008-01-03 22:57:50 +00:00
Dr. Stephen Henson
eef0c1f34c Netware support.
Submitted by: Guenter Knauf <eflash@gmx.net>
2008-01-03 22:43:04 +00:00
Dr. Stephen Henson
0e1dba934f 1. Changes for s_client.c to make it return non-zero exit code in case
of handshake failure

2. Changes to x509_certificate_type function (crypto/x509/x509type.c) to
make it recognize GOST certificates as EVP_PKT_SIGN|EVP_PKT_EXCH
(required for s3_srvr to accept GOST client certificates).

3. Changes to EVP
	- adding of function EVP_PKEY_CTX_get0_peerkey
	- Make function EVP_PKEY_derive_set_peerkey work for context with
	  ENCRYPT operation, because we use peerkey field in the context to
	  pass non-ephemeral secret key to GOST encrypt operation.
	- added EVP_PKEY_CTRL_SET_IV control command. It is really
	  GOST-specific, but it is used in SSL code, so it has to go
	  in some header file, available during libssl compilation

4. Fix to HMAC to avoid call of OPENSSL_cleanse on undefined data

5. Include des.h if KSSL_DEBUG is defined into some libssl files, to
  make debugging output which depends on constants defined there, work
  and other KSSL_DEBUG output fixes

6. Declaration of real GOST ciphersuites, two authentication methods
   SSL_aGOST94 and SSL_aGOST2001 and one key exchange method SSL_kGOST

7. Implementation  of these methods.

8. Support for sending unsolicited serverhello extension if GOST
  ciphersuite is selected. It is require for interoperability with
  CryptoPro CSP 3.0 and 3.6 and controlled by
  SSL_OP_CRYPTOPRO_TLSEXT_BUG constant.
  This constant is added to SSL_OP_ALL, because it does nothing, if
  non-GOST ciphersuite is selected, and all implementation of GOST
  include compatibility with CryptoPro.

9. Support for CertificateVerify message without length field. It is
   another CryptoPro bug, but support is made unconditional, because it
   does no harm for draft-conforming implementation.

10. In tls1_mac extra copy of stream mac context is no more done.
  When I've written currently commited code I haven't read
  EVP_DigestSignFinal manual carefully enough and haven't noticed that
  it does an internal digest ctx copying.

This implementation was tested against
1. CryptoPro CSP 3.6 client and server
2. Cryptopro CSP 3.0 server
2007-10-26 12:06:36 +00:00
Lutz Jänicke
11d01d371f Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f 2007-10-19 08:26:03 +00:00
Andy Polyakov
0d89e45690 Synchronize CHANGES between 0.9.8 and HEAD. 2007-10-13 10:55:30 +00:00
Dr. Stephen Henson
a6db6a0070 Update CHANGES. Keep ordinals consistent. 2007-10-12 00:15:09 +00:00
Andy Polyakov
0023adb47a Switch to bn-s390x (it's faster on keys longer than 512 bits) and mention
s390x assembler pack in CHANAGES.
2007-10-01 07:38:32 +00:00
Andy Polyakov
4c7c5ff667 ARMv4 assembler pack. 2007-09-27 07:09:46 +00:00
Dr. Stephen Henson
67c8e7f414 Support for certificate status TLS extension. 2007-09-26 21:56:59 +00:00
Bodo Möller
761772d7e1 Implement the Opaque PRF Input TLS extension
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way.  In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().

Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
2007-09-21 06:54:24 +00:00
Dr. Stephen Henson
a6fbcb4220 Change safestack reimplementation to match 0.9.8.
Fix additional gcc 4.2 value not used warnings.
2007-09-07 13:25:15 +00:00
Dr. Stephen Henson
81025661a9 Update ssl code to support digests other than MD5+SHA1 in handshake.
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
2007-08-31 12:42:53 +00:00
Dr. Stephen Henson
ec5d747328 Add Google sponsorship note. 2007-08-27 23:41:36 +00:00
Dr. Stephen Henson
ba0e826d83 Update from stable branch. 2007-08-23 22:59:09 +00:00
Dr. Stephen Henson
6434abbfc6 RFC4507 (including RFC4507bis) TLS stateless session resumption support
for OpenSSL.
2007-08-11 23:18:29 +00:00
Andy Polyakov
85a5668dba CHANGES update from 098-stable. 2007-06-20 17:46:43 +00:00
Dr. Stephen Henson
3c07d3a3d3 Finish gcc 4.2 changes. 2007-06-07 13:14:42 +00:00
Dr. Stephen Henson
297e6f1917 Avoid use of function pointer casts in pem library. Modify safestack to
always use inline functions.
2007-06-04 17:53:04 +00:00
Dr. Stephen Henson
b948e2c59e Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. 2007-06-04 17:04:40 +00:00
Bodo Möller
19f6c524bf Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 2007-05-22 09:47:43 +00:00
Ben Laurie
69ab085290 More IGE speedup. 2007-05-13 15:14:38 +00:00
Ben Laurie
5f09d0ecc2 AES IGE mode speedup. 2007-05-13 12:57:59 +00:00
Bodo Möller
96afc1cfd5 Add SEED encryption algorithm.
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
2007-04-23 23:48:59 +00:00
Dr. Stephen Henson
9cfc8a9d5c Update smime utility to support streaming for -encrypt and -sign -nodetach
options. Add new streaming i2d (though strictly speaking it is BER format
when streaming) and PEM functions.

These all process content on the fly without storing it all in memory.
2007-04-13 01:06:41 +00:00
Dr. Stephen Henson
2022cfe07e New -mac and -macopt options to dgst utility. Reimplement -hmac option in
terms of new API.
2007-04-11 17:20:40 +00:00
Dr. Stephen Henson
47b71e6ee9 Update CHANGES. 2007-04-11 12:33:28 +00:00
Dr. Stephen Henson
d952c79a7b New -sigopt option for dgst utility. 2007-04-08 12:47:18 +00:00
Bodo Möller
b002265ee3 make BN_FLG_CONSTTIME semantics more fool-proof 2007-03-28 18:41:23 +00:00
Bodo Möller
bd31fb2145 Change to mitigate branch prediction attacks
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
2007-03-28 00:15:28 +00:00
Bodo Möller
0f32c841a6 stricter session ID context matching 2007-03-21 14:33:16 +00:00
Bodo Möller
dd2b6750db include complete 0.9.7 history
include release date of 0.9.8e
2007-02-26 10:49:59 +00:00
Lutz Jänicke
8d72476e2b Extend SMTP and IMAP protocol handling to perform the required
EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
2007-02-21 18:20:41 +00:00
Dr. Stephen Henson
a2e623c011 Update from 0.9.7-stable. 2007-02-21 13:49:35 +00:00
Bodo Möller
fd5bc65cc8 Improve ciphersuite order stability when disabling ciphersuites.
Change ssl_create_cipher_list() to prefer ephemeral ECDH over
ephemeral DH.
2007-02-20 16:36:58 +00:00
Bodo Möller
0a05123a6c Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a
ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.

Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".
2007-02-19 18:41:41 +00:00
Bodo Möller
52b8dad8ec Reorganize the data used for SSL ciphersuite pattern matching.
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).

In some cases the ciphersuite list generated from a given string is
affected by this change.  I hope this is just in those cases where the
previous behaviour did not make sense.
2007-02-17 06:45:38 +00:00
Nils Larsch
357d5de5b9 add support for DSA with SHA2 2007-02-03 14:41:12 +00:00
Dr. Stephen Henson
11d8cdc6ad Experimental streaming PKCS#7 support.
I thought it was about time I dusted this off. This stuff had been sitting on
my hard drive for *ages* (2003 in fact). Hasn't been tested well and may not
work properly.

Nothing uses it at present which is just as well.

Think of this as a traditional Christmas present which looks far more
impressive in the adverts and on the box, some of the bits are missing and
falls to bits if you play with it too much.
2006-12-24 16:22:56 +00:00
Nils Larsch
fec38ca4ed fix typos
PR: 1354, 1355, 1398, 1408
2006-12-21 21:13:27 +00:00
Nils Larsch
06e2dd037e add support for ecdsa-with-sha256 etc. 2006-12-20 08:58:54 +00:00
Bodo Möller
772e3c07b4 Fix the BIT STRING encoding of EC points or parameter seeds
(need to prevent the removal of trailing zero bits).
2006-12-19 15:11:37 +00:00
Bodo Möller
1e24b3a09e fix support for receiving fragmented handshake messages 2006-11-29 14:45:50 +00:00
Ben Laurie
96ea4ae91c Add RFC 3779 support. 2006-11-27 14:18:05 +00:00
Dr. Stephen Henson
47a9d527ab Update from 0.9.8 stable. Eliminate duplicate error codes. 2006-11-21 21:29:44 +00:00
Dr. Stephen Henson
de12116417 Initial, incomplete support for typesafe macros without using function
casts.
2006-11-16 00:19:39 +00:00
Andy Polyakov
3189772e07 Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even
recent mingw modifications.
2006-10-23 07:38:30 +00:00
Bodo Möller
3c5406b35c All 0.9.8d patches have been applied to HEAD now, so we no longer need
the redundant entries under the 0.9.9 heading.
2006-09-28 13:50:41 +00:00
Bodo Möller
61118caa86 include 0.9.8d and 0.9.7l information 2006-09-28 13:35:01 +00:00
Mark J. Cox
348be7ec60 Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]
2006-09-28 13:20:44 +00:00
Mark J. Cox
3ff55e9680 Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 13:18:43 +00:00
Dr. Stephen Henson
010fa0b331 Tidy up CRL handling by checking for critical extensions when it is
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.

Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
2006-09-21 12:42:15 +00:00
Dr. Stephen Henson
5d20c4fb35 Overhaul of by_dir code to handle dynamic loading of CRLs. 2006-09-17 17:16:28 +00:00
Dr. Stephen Henson
bc7535bc7f Support for AKID in CRLs and partial support for IDP. Overhaul of CRL
handling to support this.
2006-09-14 17:25:02 +00:00
Bodo Möller
b6699c3f07 Update 2006-09-12 14:42:19 +00:00
Bodo Möller
ed65f7dc34 ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
ciphersuite as well
2006-09-11 09:49:03 +00:00
Bodo Möller
6a2c471077 Every change so far that is in the 0.9.8 branch is (or should be) in HEAD 2006-09-06 06:34:52 +00:00
Mark J. Cox
b79aa05e3b Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)

Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
2006-09-05 08:58:03 +00:00
Ben Laurie
aa6d1a0c19 Forward port of IGE mode. 2006-08-31 14:04:04 +00:00
Dr. Stephen Henson
f6e7d01450 Support for multiple CRLs with same issuer name in X509_STORE. Modify
verify logic to try to use an unexpired CRL if possible.
2006-07-25 17:39:38 +00:00
Dr. Stephen Henson
edc540211c Cache some CRL related extensions. 2006-07-24 12:39:22 +00:00
Dr. Stephen Henson
450ea83495 Store canonical encodings of Name structures. Update X509_NAME_cmp() to use
them.
2006-07-18 12:36:19 +00:00
Dr. Stephen Henson
454dbbc593 Add -timeout option to ocsp utility. 2006-07-17 13:26:54 +00:00
Dr. Stephen Henson
c1c6c0bf45 New non-blocking OCSP functionality. 2006-07-17 12:18:28 +00:00
Dr. Stephen Henson
b7683e3a5d Allow digests to supply S/MIME micalg values from a ctrl.
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
2006-07-10 18:36:55 +00:00
Dr. Stephen Henson
0ee2166cc5 New functions to add and free up application defined signature OIDs. 2006-07-09 16:05:43 +00:00
Dr. Stephen Henson
5ba4bf35c5 New functions to enumerate digests and ciphers. 2006-07-09 00:53:45 +00:00
Bodo Möller
e34aa5a3b3 always read in RAND_poll() if we can't use select because of a too
large FD: it's non-blocking mode anyway
2006-06-28 14:50:12 +00:00
Richard Levitte
27a3d9f9aa Use poll() when possible to gather Unix randomness entropy 2006-06-27 06:31:34 +00:00
Bodo Möller
48fc582f66 New functions CRYPTO_set_idptr_callback(),
CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.
2006-06-23 15:21:36 +00:00
Bodo Möller
81de1028bc Change in 0.9.8 branch:
Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)
2006-06-22 12:37:28 +00:00
Bodo Möller
850815cb6e Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch) 2006-06-20 08:50:42 +00:00
Bodo Möller
c4e7870ac1 Change array representation of binary polynomials to make GF2m part of
the BN library more generally useful.

Submitted by: Douglas Stebila
2006-06-18 22:00:57 +00:00
Bodo Möller
5b57fe0a1e Disable invalid ciphersuites 2006-06-14 17:51:46 +00:00
Bodo Möller
89bbe14c50 Ciphersuite string bugfixes, and ECC-related (re-)definitions. 2006-06-14 17:40:31 +00:00
Bodo Möller
675f605d44 Thread-safety fixes 2006-06-14 08:55:23 +00:00
Bodo Möller
f3dea9a595 Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
2006-06-09 15:44:59 +00:00
Dr. Stephen Henson
fb7b393278 Output MIME parameter micalg according to RFC3851 and RFC4490 instead of hard
coding it to "sha1".
2006-06-06 13:27:36 +00:00
Dr. Stephen Henson
01b8b3c7d2 Complete EVP_PKEY_ASN1_METHOD ENGINE support. 2006-06-05 11:52:46 +00:00
Dr. Stephen Henson
de9fcfe348 Initial public key ASN1 method engine support. Not integrated yet. 2006-06-02 17:52:27 +00:00
Dr. Stephen Henson
c9777d2659 Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE
implementations and functional reference counting when a context
is allocated, free or copied.
2006-06-02 12:33:39 +00:00
Dr. Stephen Henson
58aa573ac2 Add engine table for EVP_PKEY_METHOD. Doesn't do much yet. 2006-06-01 11:38:50 +00:00
Dr. Stephen Henson
91c9e62123 New functions for enchanced digest sign/verify. 2006-05-24 17:30:09 +00:00
Dr. Stephen Henson
5531192151 Add -resign and -md options to smime command to support resigning an
existing structure and using alternative digest for signing.
2006-05-18 23:44:44 +00:00
Dr. Stephen Henson
a6e7fcd140 Multiple signer support in smime application. 2006-05-18 12:41:28 +00:00
Dr. Stephen Henson
121dd39f9f New option to pkcs12 utility to set alternative MAC digest algorithm. 2006-05-17 18:46:22 +00:00
Dr. Stephen Henson
6d3a1eac3b Add PRF preference ctrl to ciphers. 2006-05-15 18:35:13 +00:00
Dr. Stephen Henson
b8f702a0af Change builting PBE to use static table. Add entries for HMAC and MD5, GOST. 2006-05-15 17:34:36 +00:00
Dr. Stephen Henson
856640b54f Extend PBE code to support non default PKCS#5 v2.0 PRFs. 2006-05-14 18:40:53 +00:00
Dr. Stephen Henson
34b3c72e4e Typo. 2006-05-14 16:50:22 +00:00
Dr. Stephen Henson
959e8dfe06 Update 'req' command to use new keygen API. 2006-05-11 21:39:00 +00:00
Dr. Stephen Henson
399a6f0bd1 Update PKCS#7 enveloped data to new API. 2006-05-08 12:44:25 +00:00
Dr. Stephen Henson
03919683f9 Add support for default public key digest type ctrl. 2006-05-07 17:09:39 +00:00
Dr. Stephen Henson
5cda6c4582 Fix from stable branch. 2006-05-07 12:30:37 +00:00
Dr. Stephen Henson
ee1d9ec019 Remove link between digests and signature algorithms.
Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate
the need for algorithm specific code.
2006-04-19 17:05:59 +00:00
Dr. Stephen Henson
d202709808 Add OID cross reference table.
Fix some typos in GOST OIDs.

Update dependencies.
2006-04-18 23:36:07 +00:00
Dr. Stephen Henson
492a9e2415 Allow public key ASN1 methods to set PKCS#7 SignerInfo structures. 2006-04-17 17:12:23 +00:00
Dr. Stephen Henson
9ca7047d71 Provisional support for EC pkey method, supporting ECDH and ECDSA. 2006-04-16 16:15:59 +00:00
Dr. Stephen Henson
ba1ba5f0fb If cipher list contains a match for an explicit ciphersuite only match that
one suite.
2006-04-15 00:22:05 +00:00
Dr. Stephen Henson
ffb1ac674c Complete key derivation support. 2006-04-13 20:16:56 +00:00
Dr. Stephen Henson
3ba0885a3e Extend DH ASN1 method, add DH EVP_PKEY_METHOD. 2006-04-12 23:51:24 +00:00
Ulf Möller
4700aea951 Add BeOS support.
PR: 1312
Submitted by: Oliver Tappe <zooey@hirschkaefer.de>
Reviewed by: Ulf Moeller
2006-04-11 21:34:21 +00:00
Dr. Stephen Henson
f5cda4cbb1 Initial keygen support. 2006-04-11 13:28:52 +00:00
Dr. Stephen Henson
f733a5ef0e Initial functions for main EVP_PKEY_METHOD operations.
No method implementations yet.
2006-04-07 16:42:09 +00:00
Dr. Stephen Henson
0b6f3c66cd Initial definitions and a few functions for EVP_PKEY_METHOD: an extension
of the EVP routines to public key algorithms.
2006-04-06 13:02:06 +00:00
Dr. Stephen Henson
0b33dac310 New function to retrieve ASN1 info on public key algorithms. New command
line option to print out info.
2006-04-04 18:16:03 +00:00
Bodo Möller
332737217a Implement Supported Elliptic Curves Extension.
Submitted by: Douglas Stebila
2006-03-30 02:44:56 +00:00
Dr. Stephen Henson
246e09319c Fix bug where freed OIDs could be accessed in EVP_cleanup() by
defering freeing in OBJ_cleanup().
2006-03-28 17:23:48 +00:00
Dr. Stephen Henson
3e4585c8fd New utility pkeyparam. Enhance and bugfix algorithm specific parameter
functions to support it.
2006-03-28 14:35:32 +00:00
Dr. Stephen Henson
3e84b6e15f New general public key utility 'pkey'. 2006-03-28 12:34:45 +00:00
Dr. Stephen Henson
35208f368c Gather printing routines into EVP_PKEY_ASN1_METHOD. 2006-03-22 13:09:35 +00:00
Dr. Stephen Henson
448be74335 Initial support for pluggable public key ASN1 support. Process most public
key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move
the spaghetti algorithm specific code to a single ASN1 module for each
algorithm.
2006-03-20 12:22:24 +00:00
Bodo Möller
36ca4ba63d Implement the Supported Point Formats Extension for ECC ciphersuites
Submitted by: Douglas Stebila
2006-03-11 23:46:37 +00:00
Bodo Möller
ed4a1d12b9 clarification 2006-03-11 22:10:34 +00:00
Nils Larsch
ddac197404 add initial support for RFC 4279 PSK SSL ciphersuites
PR: 1191
Submitted by: Mika Kousa and Pasi Eronen of Nokia Corporation
Reviewed by: Nils Larsch
2006-03-10 23:06:27 +00:00
Ulf Möller
c7235be6e3 RFC 3161 compliant time stamp request creation, response generation
and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller
2006-02-12 23:11:56 +00:00
Dr. Stephen Henson
31676a3540 Update from stable branch. 2006-01-15 13:50:10 +00:00
Bodo Möller
241520e66d More TLS extension related changes.
Submitted by: Peter Sylvester
2006-01-11 06:10:40 +00:00