]> granicus.if.org Git - openssl/log
openssl
18 years agoAPP_FILES is no longer used, remove it everywhere.
Richard Levitte [Fri, 29 Sep 2006 06:54:39 +0000 (06:54 +0000)]
APP_FILES is no longer used, remove it everywhere.

18 years agofix typo
Bodo Möller [Thu, 28 Sep 2006 13:30:28 +0000 (13:30 +0000)]
fix typo

18 years agofor completeness, include 0.9.7l information
Bodo Möller [Thu, 28 Sep 2006 13:29:08 +0000 (13:29 +0000)]
for completeness, include 0.9.7l information

18 years agoFixes for the following claims:
Richard Levitte [Thu, 28 Sep 2006 12:23:15 +0000 (12:23 +0000)]
Fixes for the following claims:

  1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336

18 years agoAfter tagging, bump ready for 0.9.8e development
Mark J. Cox [Thu, 28 Sep 2006 11:39:33 +0000 (11:39 +0000)]
After tagging, bump ready for 0.9.8e development

18 years agoPrepare for 0.9.8d release OpenSSL_0_9_8d
Mark J. Cox [Thu, 28 Sep 2006 11:32:42 +0000 (11:32 +0000)]
Prepare for 0.9.8d release

18 years agoIntroduce limits to prevent malicious keys being able to
Mark J. Cox [Thu, 28 Sep 2006 11:29:03 +0000 (11:29 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

18 years agoUpdate from HEAD.
Dr. Stephen Henson [Sat, 23 Sep 2006 17:30:25 +0000 (17:30 +0000)]
Update from HEAD.

18 years agoFix from HEAD.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:14:44 +0000 (17:14 +0000)]
Fix from HEAD.

18 years agoFix from HEAD.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:07:40 +0000 (17:07 +0000)]
Fix from HEAD.

18 years agoFix but in apps/pkcs12.c
Dr. Stephen Henson [Fri, 22 Sep 2006 00:28:37 +0000 (00:28 +0000)]
Fix but in apps/pkcs12.c
PR: 1377

18 years agoBuild error on non-unix [from HEAD].
Andy Polyakov [Mon, 18 Sep 2006 19:51:45 +0000 (19:51 +0000)]
Build error on non-unix [from HEAD].
PR: 1390

18 years agoRace condition in ms/uplink.c [from HEAD].
Andy Polyakov [Mon, 18 Sep 2006 19:44:23 +0000 (19:44 +0000)]
Race condition in ms/uplink.c [from HEAD].
PR: 1382

18 years agoEnsure that the addition mods[i]+delta cannot overflow in probable_prime().
Bodo Möller [Mon, 18 Sep 2006 14:01:39 +0000 (14:01 +0000)]
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().

[Problem pointed out by Adam Young <adamy (at) acm.org>]

18 years agoUpdate
Bodo Möller [Tue, 12 Sep 2006 14:42:09 +0000 (14:42 +0000)]
Update

18 years agoensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
Bodo Möller [Mon, 11 Sep 2006 09:48:46 +0000 (09:48 +0000)]
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
ciphersuite as well

18 years agoRemove non-functional part of recent patch, after discussion with
Bodo Möller [Wed, 6 Sep 2006 06:43:26 +0000 (06:43 +0000)]
Remove non-functional part of recent patch, after discussion with
Colin Percival (this would have caused more problems than solved,
and isn't really necessary anyway)

18 years agoAfter tagging, prep for next release
Mark J. Cox [Tue, 5 Sep 2006 08:51:30 +0000 (08:51 +0000)]
After tagging, prep for next release

18 years agoReady for 0.9.8c release OpenSSL_0_9_8c
Mark J. Cox [Tue, 5 Sep 2006 08:45:37 +0000 (08:45 +0000)]
Ready for 0.9.8c release

18 years agoAvoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
Mark J. Cox [Tue, 5 Sep 2006 08:25:42 +0000 (08:25 +0000)]
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)

Submitted by:  Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson

18 years agoFix from HEAD.
Dr. Stephen Henson [Thu, 31 Aug 2006 21:01:41 +0000 (21:01 +0000)]
Fix from HEAD.

18 years agoFix from HEAD.
Dr. Stephen Henson [Thu, 31 Aug 2006 20:11:09 +0000 (20:11 +0000)]
Fix from HEAD.

18 years agoAdd IGE and biIGE modes.
Ben Laurie [Mon, 28 Aug 2006 11:00:32 +0000 (11:00 +0000)]
Add IGE and biIGE modes.

18 years agoEngage assembler in solaris64-x86_64-cc [backport from HEAD].
Andy Polyakov [Tue, 1 Aug 2006 16:13:47 +0000 (16:13 +0000)]
Engage assembler in solaris64-x86_64-cc [backport from HEAD].

18 years agoCamellia IPR information
Bodo Möller [Mon, 31 Jul 2006 11:50:02 +0000 (11:50 +0000)]
Camellia IPR information

18 years agoNew Camellia implementation (replacing previous version)
Bodo Möller [Wed, 19 Jul 2006 13:38:27 +0000 (13:38 +0000)]
New Camellia implementation (replacing previous version)

Submitted by: NTT

18 years agoCamellia information
Bodo Möller [Wed, 19 Jul 2006 13:37:10 +0000 (13:37 +0000)]
Camellia information

18 years agoFix from HEAD.
Dr. Stephen Henson [Thu, 13 Jul 2006 20:35:33 +0000 (20:35 +0000)]
Fix from HEAD.

18 years agoOops...
Dr. Stephen Henson [Sun, 9 Jul 2006 12:07:22 +0000 (12:07 +0000)]
Oops...

18 years agoFix from HEAD.
Dr. Stephen Henson [Sun, 9 Jul 2006 12:03:02 +0000 (12:03 +0000)]
Fix from HEAD.

18 years agoFix warning.
Ben Laurie [Sun, 2 Jul 2006 14:43:21 +0000 (14:43 +0000)]
Fix warning.

18 years agodocumentation for "HIGH" vs. "MEDIUM" was not up-to-date
Bodo Möller [Fri, 30 Jun 2006 22:03:48 +0000 (22:03 +0000)]
documentation for "HIGH" vs. "MEDIUM" was not up-to-date

18 years agouse <poll.h> as by Single Unix Specification
Bodo Möller [Fri, 30 Jun 2006 08:14:50 +0000 (08:14 +0000)]
use <poll.h> as by Single Unix Specification

18 years agoalways read in RAND_poll() if we can't use select because of a too
Bodo Möller [Wed, 28 Jun 2006 14:50:00 +0000 (14:50 +0000)]
always read in RAND_poll() if we can't use select because of a too
large FD: it's non-blocking mode anyway

18 years agoaes-586.pl sync from HEAD.
Andy Polyakov [Wed, 28 Jun 2006 09:01:40 +0000 (09:01 +0000)]
aes-586.pl sync from HEAD.

18 years agoMitigate the hazard of cache-collision timing attack on last round
Andy Polyakov [Wed, 28 Jun 2006 08:58:15 +0000 (08:58 +0000)]
Mitigate the hazard of cache-collision timing attack on last round
[from HEAD].

18 years agoUse poll() when possible to gather Unix randomness entropy
Richard Levitte [Tue, 27 Jun 2006 06:31:57 +0000 (06:31 +0000)]
Use poll() when possible to gather Unix randomness entropy

18 years agoBe more explicit about requirements for multi-threading.
Bodo Möller [Fri, 23 Jun 2006 14:59:59 +0000 (14:59 +0000)]
Be more explicit about requirements for multi-threading.

18 years agoFix for previous change: explicitly named ciphersuites are OK to add
Bodo Möller [Thu, 22 Jun 2006 13:07:45 +0000 (13:07 +0000)]
Fix for previous change: explicitly named ciphersuites are OK to add

18 years agoPut ECCdraft ciphersuites back into default build (but disabled
Bodo Möller [Thu, 22 Jun 2006 12:35:54 +0000 (12:35 +0000)]
Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)

18 years agoRemove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)
Bodo Möller [Tue, 20 Jun 2006 08:50:33 +0000 (08:50 +0000)]
Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)

18 years agoAnother thread-safety fix
Bodo Möller [Fri, 16 Jun 2006 01:01:14 +0000 (01:01 +0000)]
Another thread-safety fix

18 years agoDisable invalid ciphersuites
Bodo Möller [Wed, 14 Jun 2006 17:52:01 +0000 (17:52 +0000)]
Disable invalid ciphersuites

18 years agoMake sure that AES ciphersuites get priority over Camellia ciphersuites
Bodo Möller [Wed, 14 Jun 2006 13:52:49 +0000 (13:52 +0000)]
Make sure that AES ciphersuites get priority over Camellia ciphersuites
in the default cipher string.

18 years ago"make depend" for the default configuration, i.e. no-camellia here in
Bodo Möller [Wed, 14 Jun 2006 09:56:08 +0000 (09:56 +0000)]
"make depend" for the default configuration, i.e. no-camellia here in
the 0.9.8 branch!

18 years agoThread-safety fixes
Bodo Möller [Wed, 14 Jun 2006 08:51:41 +0000 (08:51 +0000)]
Thread-safety fixes

18 years agomake update
Bodo Möller [Wed, 14 Jun 2006 08:47:00 +0000 (08:47 +0000)]
make update

18 years agoKeep synchronised with Unix
Richard Levitte [Mon, 12 Jun 2006 06:46:27 +0000 (06:46 +0000)]
Keep synchronised with Unix

18 years agoCamellia cipher, contributed by NTT
Bodo Möller [Sun, 11 Jun 2006 01:08:15 +0000 (01:08 +0000)]
Camellia cipher, contributed by NTT

Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller

18 years agoKeep synchronised with the Unix build
Richard Levitte [Sat, 10 Jun 2006 05:38:29 +0000 (05:38 +0000)]
Keep synchronised with the Unix build

18 years agoCamellia cipher, contributed by NTT
Bodo Möller [Fri, 9 Jun 2006 22:31:05 +0000 (22:31 +0000)]
Camellia cipher, contributed by NTT

Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller

18 years agoCamellia cipher, contributed by NTT
Bodo Möller [Fri, 9 Jun 2006 15:42:21 +0000 (15:42 +0000)]
Camellia cipher, contributed by NTT

Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller

18 years agoTidy up hpux targets.
Andy Polyakov [Sat, 20 May 2006 08:51:11 +0000 (08:51 +0000)]
Tidy up hpux targets.

18 years agoFix from HEAD.
Dr. Stephen Henson [Wed, 17 May 2006 18:25:59 +0000 (18:25 +0000)]
Fix from HEAD.

18 years agoFix from HEAD.
Dr. Stephen Henson [Wed, 17 May 2006 18:20:27 +0000 (18:20 +0000)]
Fix from HEAD.

18 years agoDon't check for padding bug if compression is negotiated.
Dr. Stephen Henson [Sun, 7 May 2006 12:27:48 +0000 (12:27 +0000)]
Don't check for padding bug if compression is negotiated.

PR: 1204

18 years agobug fix.
Ulf Möller [Sat, 6 May 2006 18:35:41 +0000 (18:35 +0000)]
bug fix.
PR: 1326
Submitted by: John Skodon

18 years agoUpdate debug-steve
Dr. Stephen Henson [Sat, 6 May 2006 12:18:15 +0000 (12:18 +0000)]
Update debug-steve

18 years agoBackport of CPUID support in mk1mf and update Mingw32 batch file to build
Dr. Stephen Henson [Fri, 5 May 2006 13:19:35 +0000 (13:19 +0000)]
Backport of CPUID support in mk1mf and update Mingw32 batch file to build
cpuid source file.

18 years agoInitial support for single batch file to build all Win32 ASM files.
Dr. Stephen Henson [Fri, 5 May 2006 00:22:18 +0000 (00:22 +0000)]
Initial support for single batch file to build all Win32 ASM files.

18 years agoDetect MSYS and use Unix like build if detected.
Dr. Stephen Henson [Thu, 4 May 2006 16:24:27 +0000 (16:24 +0000)]
Detect MSYS and use Unix like build if detected.

18 years agoUpdate for next dev version.
Dr. Stephen Henson [Thu, 4 May 2006 13:08:35 +0000 (13:08 +0000)]
Update for next dev version.

18 years agoPrepare for new release. OpenSSL_0_9_8b
Dr. Stephen Henson [Thu, 4 May 2006 12:46:42 +0000 (12:46 +0000)]
Prepare for new release.

18 years agomake update
Dr. Stephen Henson [Thu, 4 May 2006 12:15:59 +0000 (12:15 +0000)]
make update

18 years agoUpdate NEWS file.
Dr. Stephen Henson [Thu, 4 May 2006 11:23:28 +0000 (11:23 +0000)]
Update NEWS file.

18 years agoInherit check time if appropriate.
Dr. Stephen Henson [Wed, 3 May 2006 13:16:02 +0000 (13:16 +0000)]
Inherit check time if appropriate.

18 years agoCreate a crlnumber file when a CA is created using CA.pl
Dr. Stephen Henson [Fri, 28 Apr 2006 00:28:51 +0000 (00:28 +0000)]
Create a crlnumber file when a CA is created using CA.pl

18 years agoFix warning.
Dr. Stephen Henson [Sat, 15 Apr 2006 17:53:52 +0000 (17:53 +0000)]
Fix warning.

18 years agoFix from 0.9.7-stable.
Dr. Stephen Henson [Sat, 15 Apr 2006 17:43:18 +0000 (17:43 +0000)]
Fix from 0.9.7-stable.

18 years agoFix on the right branch this time :-)
Dr. Stephen Henson [Sat, 15 Apr 2006 13:17:53 +0000 (13:17 +0000)]
Fix on the right branch this time :-)

18 years agoIf cipher list contains a match for an explicit ciphersuite only match that
Dr. Stephen Henson [Sat, 15 Apr 2006 00:22:34 +0000 (00:22 +0000)]
If cipher list contains a match for an explicit ciphersuite only match that
one suite.

18 years agoChange chop to chomp when reading lines, so CRLF is properly processed on
Richard Levitte [Mon, 3 Apr 2006 09:15:40 +0000 (09:15 +0000)]
Change chop to chomp when reading lines, so CRLF is properly processed on
the operating systems where they are the normal line endings

18 years ago*** empty log message ***
Ulf Möller [Fri, 17 Mar 2006 19:29:26 +0000 (19:29 +0000)]
*** empty log message ***

18 years agoas in head
Ulf Möller [Fri, 17 Mar 2006 19:27:22 +0000 (19:27 +0000)]
as in head

18 years agofix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()
Nils Larsch [Tue, 14 Mar 2006 22:48:31 +0000 (22:48 +0000)]
fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()

18 years agofix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()
Nils Larsch [Mon, 13 Mar 2006 23:12:08 +0000 (23:12 +0000)]
fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()

18 years agoclarification
Bodo Möller [Sat, 11 Mar 2006 22:10:46 +0000 (22:10 +0000)]
clarification

18 years agoUpdate from HEAD.
Dr. Stephen Henson [Wed, 1 Mar 2006 21:17:50 +0000 (21:17 +0000)]
Update from HEAD.

18 years agoforce C locale when using [a-z] in sed expressions
Nils Larsch [Wed, 1 Mar 2006 19:52:07 +0000 (19:52 +0000)]
force C locale when using [a-z] in sed expressions

PR: 1283
Submitted by: Mike Frysinger

18 years agofix "#ifndef HZ" statement
Nils Larsch [Tue, 28 Feb 2006 20:08:46 +0000 (20:08 +0000)]
fix "#ifndef HZ" statement

PR: 1287

18 years agofix Intel Mac configuration; patch supplied by JP Szikora <szikora@icp.ucl.ac.be>
Nils Larsch [Sat, 25 Feb 2006 11:53:45 +0000 (11:53 +0000)]
fix Intel Mac configuration; patch supplied by JP Szikora <szikora@icp.ucl.ac.be>

18 years agofix no-dh configure option; patch supplied by Peter Meerwald
Nils Larsch [Fri, 24 Feb 2006 17:58:35 +0000 (17:58 +0000)]
fix no-dh configure option; patch supplied by Peter Meerwald

18 years agoUpdate from head.
Dr. Stephen Henson [Tue, 21 Feb 2006 01:00:47 +0000 (01:00 +0000)]
Update from head.

18 years agoFix from HEAD.
Dr. Stephen Henson [Sun, 19 Feb 2006 13:45:22 +0000 (13:45 +0000)]
Fix from HEAD.

18 years agofix typos
Nils Larsch [Wed, 15 Feb 2006 19:44:45 +0000 (19:44 +0000)]
fix typos

PR: 1280

18 years agoFix OBJ_obj2txt() for large OIDs.
Dr. Stephen Henson [Wed, 15 Feb 2006 15:03:47 +0000 (15:03 +0000)]
Fix OBJ_obj2txt() for large OIDs.

18 years agofix typo: pass pre-computed parameters to the underlying signature function; thanks...
Nils Larsch [Mon, 13 Feb 2006 08:22:39 +0000 (08:22 +0000)]
fix typo: pass pre-computed parameters to the underlying signature function; thanks to Lucas Newman

18 years agoBackport the following changes from HEAD:
Richard Levitte [Fri, 10 Feb 2006 08:52:56 +0000 (08:52 +0000)]
Backport the following changes from HEAD:

1.270:
As an effect of revisions 1.261, BUILD_CMD was changed so $(DIRS)
wasn't respected when using it to build different parts of OpenSSL.
1.269 was an attempt to correct that, but unfortunately meant that we
built every part that was given i $(DIRS) 7 times.  This change puts
back the original intent with BUILD_CMD via the new macro
BUILD_ONE_CMD while keeping the intent with RECURSIVE_BUILD_CMD.

1.271:
Document the building macros.

18 years agoUpdate from 0.9.7-stable.
Dr. Stephen Henson [Thu, 9 Feb 2006 12:28:30 +0000 (12:28 +0000)]
Update from 0.9.7-stable.

18 years agobackport recent changes from the cvs head
Nils Larsch [Wed, 8 Feb 2006 19:16:33 +0000 (19:16 +0000)]
backport recent changes from the cvs head

18 years agoUpdate filenames in makefiles
Dr. Stephen Henson [Sat, 4 Feb 2006 01:49:36 +0000 (01:49 +0000)]
Update filenames in makefiles

18 years agoFix from HEAD.
Dr. Stephen Henson [Sat, 4 Feb 2006 01:26:49 +0000 (01:26 +0000)]
Fix from HEAD.

18 years agofix if statement: call conn_state() if the BIO is not in the BIO_CONN_S_OK state
Nils Larsch [Thu, 2 Feb 2006 22:16:45 +0000 (22:16 +0000)]
fix if statement: call conn_state() if the BIO is not in the BIO_CONN_S_OK state

18 years agoConstification.
Ben Laurie [Thu, 2 Feb 2006 15:27:22 +0000 (15:27 +0000)]
Constification.

18 years agoFix from HEAD.
Dr. Stephen Henson [Tue, 31 Jan 2006 18:37:41 +0000 (18:37 +0000)]
Fix from HEAD.

18 years agoTypo
Lutz Jänicke [Mon, 30 Jan 2006 17:06:59 +0000 (17:06 +0000)]
Typo

Submitted by: Girish Venkatachalam <girish1729@gmail.com>

18 years agofile fipslink.pl was added on branch OpenSSL_0_9_8-stable on 2008-09-18 11:20:08...
Dr. Stephen Henson [Sat, 21 Jan 2006 21:28:27 +0000 (21:28 +0000)]
file fipslink.pl was added on branch OpenSSL_0_9_8-stable on 2008-09-18 11:20:08 +0000

18 years agofile fipsld was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:10 +0000
Dr. Stephen Henson [Sat, 21 Jan 2006 14:01:13 +0000 (14:01 +0000)]
file fipsld was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:10 +0000

18 years agofile fips_premain.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12...
Dr. Stephen Henson [Sat, 21 Jan 2006 14:01:11 +0000 (14:01 +0000)]
file fips_premain.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:10 +0000

18 years agofile fips_canister.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12...
Dr. Stephen Henson [Sat, 21 Jan 2006 14:01:09 +0000 (14:01 +0000)]
file fips_canister.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:10 +0000