]>
granicus.if.org Git - openssl/log
Richard Levitte [Fri, 29 Sep 2006 06:54:39 +0000 (06:54 +0000)]
APP_FILES is no longer used, remove it everywhere.
Bodo Möller [Thu, 28 Sep 2006 13:30:28 +0000 (13:30 +0000)]
fix typo
Bodo Möller [Thu, 28 Sep 2006 13:29:08 +0000 (13:29 +0000)]
for completeness, include 0.9.7l information
Richard Levitte [Thu, 28 Sep 2006 12:23:15 +0000 (12:23 +0000)]
Fixes for the following claims:
1) Certificate Message with no certs
OpenSSL implementation sends the Certificate message during SSL
handshake, however as per the specification, these have been omitted.
-- RFC 2712 --
CertificateRequest, and the ServerKeyExchange shown in Figure 1
will be omitted since authentication and the establishment of a
master secret will be done using the client's Kerberos credentials
for the TLS server. The client's certificate will be omitted for
the same reason.
-- RFC 2712 --
3) Pre-master secret Protocol version
The pre-master secret generated by OpenSSL does not have the correct
client version.
RFC 2712 says, if the Kerberos option is selected, the pre-master
secret structure is the same as that used in the RSA case.
TLS specification defines pre-master secret as:
struct {
ProtocolVersion client_version;
opaque random[46];
} PreMasterSecret;
where client_version is the latest protocol version supported by the
client
The pre-master secret generated by OpenSSL does not have the correct
client version. The implementation does not update the first 2 bytes
of random secret for Kerberos Cipher suites. At the server-end, the
client version from the pre-master secret is not validated.
PR: 1336
Mark J. Cox [Thu, 28 Sep 2006 11:39:33 +0000 (11:39 +0000)]
After tagging, bump ready for 0.9.8e development
Mark J. Cox [Thu, 28 Sep 2006 11:32:42 +0000 (11:32 +0000)]
Prepare for 0.9.8d release
Mark J. Cox [Thu, 28 Sep 2006 11:29:03 +0000 (11:29 +0000)]
Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
Dr. Stephen Henson [Sat, 23 Sep 2006 17:30:25 +0000 (17:30 +0000)]
Update from HEAD.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:14:44 +0000 (17:14 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Fri, 22 Sep 2006 17:07:40 +0000 (17:07 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Fri, 22 Sep 2006 00:28:37 +0000 (00:28 +0000)]
Fix but in apps/pkcs12.c
PR: 1377
Andy Polyakov [Mon, 18 Sep 2006 19:51:45 +0000 (19:51 +0000)]
Build error on non-unix [from HEAD].
PR: 1390
Andy Polyakov [Mon, 18 Sep 2006 19:44:23 +0000 (19:44 +0000)]
Race condition in ms/uplink.c [from HEAD].
PR: 1382
Bodo Möller [Mon, 18 Sep 2006 14:01:39 +0000 (14:01 +0000)]
Ensure that the addition mods[i]+delta cannot overflow in probable_prime().
[Problem pointed out by Adam Young <adamy (at) acm.org>]
Bodo Möller [Tue, 12 Sep 2006 14:42:09 +0000 (14:42 +0000)]
Update
Bodo Möller [Mon, 11 Sep 2006 09:48:46 +0000 (09:48 +0000)]
ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0
ciphersuite as well
Bodo Möller [Wed, 6 Sep 2006 06:43:26 +0000 (06:43 +0000)]
Remove non-functional part of recent patch, after discussion with
Colin Percival (this would have caused more problems than solved,
and isn't really necessary anyway)
Mark J. Cox [Tue, 5 Sep 2006 08:51:30 +0000 (08:51 +0000)]
After tagging, prep for next release
Mark J. Cox [Tue, 5 Sep 2006 08:45:37 +0000 (08:45 +0000)]
Ready for 0.9.8c release
Mark J. Cox [Tue, 5 Sep 2006 08:25:42 +0000 (08:25 +0000)]
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
(CVE-2006-4339)
Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
Dr. Stephen Henson [Thu, 31 Aug 2006 21:01:41 +0000 (21:01 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Thu, 31 Aug 2006 20:11:09 +0000 (20:11 +0000)]
Fix from HEAD.
Ben Laurie [Mon, 28 Aug 2006 11:00:32 +0000 (11:00 +0000)]
Add IGE and biIGE modes.
Andy Polyakov [Tue, 1 Aug 2006 16:13:47 +0000 (16:13 +0000)]
Engage assembler in solaris64-x86_64-cc [backport from HEAD].
Bodo Möller [Mon, 31 Jul 2006 11:50:02 +0000 (11:50 +0000)]
Camellia IPR information
Bodo Möller [Wed, 19 Jul 2006 13:38:27 +0000 (13:38 +0000)]
New Camellia implementation (replacing previous version)
Submitted by: NTT
Bodo Möller [Wed, 19 Jul 2006 13:37:10 +0000 (13:37 +0000)]
Camellia information
Dr. Stephen Henson [Thu, 13 Jul 2006 20:35:33 +0000 (20:35 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sun, 9 Jul 2006 12:07:22 +0000 (12:07 +0000)]
Oops...
Dr. Stephen Henson [Sun, 9 Jul 2006 12:03:02 +0000 (12:03 +0000)]
Fix from HEAD.
Ben Laurie [Sun, 2 Jul 2006 14:43:21 +0000 (14:43 +0000)]
Fix warning.
Bodo Möller [Fri, 30 Jun 2006 22:03:48 +0000 (22:03 +0000)]
documentation for "HIGH" vs. "MEDIUM" was not up-to-date
Bodo Möller [Fri, 30 Jun 2006 08:14:50 +0000 (08:14 +0000)]
use <poll.h> as by Single Unix Specification
Bodo Möller [Wed, 28 Jun 2006 14:50:00 +0000 (14:50 +0000)]
always read in RAND_poll() if we can't use select because of a too
large FD: it's non-blocking mode anyway
Andy Polyakov [Wed, 28 Jun 2006 09:01:40 +0000 (09:01 +0000)]
aes-586.pl sync from HEAD.
Andy Polyakov [Wed, 28 Jun 2006 08:58:15 +0000 (08:58 +0000)]
Mitigate the hazard of cache-collision timing attack on last round
[from HEAD].
Richard Levitte [Tue, 27 Jun 2006 06:31:57 +0000 (06:31 +0000)]
Use poll() when possible to gather Unix randomness entropy
Bodo Möller [Fri, 23 Jun 2006 14:59:59 +0000 (14:59 +0000)]
Be more explicit about requirements for multi-threading.
Bodo Möller [Thu, 22 Jun 2006 13:07:45 +0000 (13:07 +0000)]
Fix for previous change: explicitly named ciphersuites are OK to add
Bodo Möller [Thu, 22 Jun 2006 12:35:54 +0000 (12:35 +0000)]
Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)
Bodo Möller [Tue, 20 Jun 2006 08:50:33 +0000 (08:50 +0000)]
Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch)
Bodo Möller [Fri, 16 Jun 2006 01:01:14 +0000 (01:01 +0000)]
Another thread-safety fix
Bodo Möller [Wed, 14 Jun 2006 17:52:01 +0000 (17:52 +0000)]
Disable invalid ciphersuites
Bodo Möller [Wed, 14 Jun 2006 13:52:49 +0000 (13:52 +0000)]
Make sure that AES ciphersuites get priority over Camellia ciphersuites
in the default cipher string.
Bodo Möller [Wed, 14 Jun 2006 09:56:08 +0000 (09:56 +0000)]
"make depend" for the default configuration, i.e. no-camellia here in
the 0.9.8 branch!
Bodo Möller [Wed, 14 Jun 2006 08:51:41 +0000 (08:51 +0000)]
Thread-safety fixes
Bodo Möller [Wed, 14 Jun 2006 08:47:00 +0000 (08:47 +0000)]
make update
Richard Levitte [Mon, 12 Jun 2006 06:46:27 +0000 (06:46 +0000)]
Keep synchronised with Unix
Bodo Möller [Sun, 11 Jun 2006 01:08:15 +0000 (01:08 +0000)]
Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
Richard Levitte [Sat, 10 Jun 2006 05:38:29 +0000 (05:38 +0000)]
Keep synchronised with the Unix build
Bodo Möller [Fri, 9 Jun 2006 22:31:05 +0000 (22:31 +0000)]
Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
Bodo Möller [Fri, 9 Jun 2006 15:42:21 +0000 (15:42 +0000)]
Camellia cipher, contributed by NTT
Submitted by: Masashi Fujita
Reviewed by: Bodo Moeller
Andy Polyakov [Sat, 20 May 2006 08:51:11 +0000 (08:51 +0000)]
Tidy up hpux targets.
Dr. Stephen Henson [Wed, 17 May 2006 18:25:59 +0000 (18:25 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Wed, 17 May 2006 18:20:27 +0000 (18:20 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sun, 7 May 2006 12:27:48 +0000 (12:27 +0000)]
Don't check for padding bug if compression is negotiated.
PR: 1204
Ulf Möller [Sat, 6 May 2006 18:35:41 +0000 (18:35 +0000)]
bug fix.
PR: 1326
Submitted by: John Skodon
Dr. Stephen Henson [Sat, 6 May 2006 12:18:15 +0000 (12:18 +0000)]
Update debug-steve
Dr. Stephen Henson [Fri, 5 May 2006 13:19:35 +0000 (13:19 +0000)]
Backport of CPUID support in mk1mf and update Mingw32 batch file to build
cpuid source file.
Dr. Stephen Henson [Fri, 5 May 2006 00:22:18 +0000 (00:22 +0000)]
Initial support for single batch file to build all Win32 ASM files.
Dr. Stephen Henson [Thu, 4 May 2006 16:24:27 +0000 (16:24 +0000)]
Detect MSYS and use Unix like build if detected.
Dr. Stephen Henson [Thu, 4 May 2006 13:08:35 +0000 (13:08 +0000)]
Update for next dev version.
Dr. Stephen Henson [Thu, 4 May 2006 12:46:42 +0000 (12:46 +0000)]
Prepare for new release.
Dr. Stephen Henson [Thu, 4 May 2006 12:15:59 +0000 (12:15 +0000)]
make update
Dr. Stephen Henson [Thu, 4 May 2006 11:23:28 +0000 (11:23 +0000)]
Update NEWS file.
Dr. Stephen Henson [Wed, 3 May 2006 13:16:02 +0000 (13:16 +0000)]
Inherit check time if appropriate.
Dr. Stephen Henson [Fri, 28 Apr 2006 00:28:51 +0000 (00:28 +0000)]
Create a crlnumber file when a CA is created using CA.pl
Dr. Stephen Henson [Sat, 15 Apr 2006 17:53:52 +0000 (17:53 +0000)]
Fix warning.
Dr. Stephen Henson [Sat, 15 Apr 2006 17:43:18 +0000 (17:43 +0000)]
Fix from 0.9.7-stable.
Dr. Stephen Henson [Sat, 15 Apr 2006 13:17:53 +0000 (13:17 +0000)]
Fix on the right branch this time :-)
Dr. Stephen Henson [Sat, 15 Apr 2006 00:22:34 +0000 (00:22 +0000)]
If cipher list contains a match for an explicit ciphersuite only match that
one suite.
Richard Levitte [Mon, 3 Apr 2006 09:15:40 +0000 (09:15 +0000)]
Change chop to chomp when reading lines, so CRLF is properly processed on
the operating systems where they are the normal line endings
Ulf Möller [Fri, 17 Mar 2006 19:29:26 +0000 (19:29 +0000)]
*** empty log message ***
Ulf Möller [Fri, 17 Mar 2006 19:27:22 +0000 (19:27 +0000)]
as in head
Nils Larsch [Tue, 14 Mar 2006 22:48:31 +0000 (22:48 +0000)]
fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()
Nils Larsch [Mon, 13 Mar 2006 23:12:08 +0000 (23:12 +0000)]
fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end()
Bodo Möller [Sat, 11 Mar 2006 22:10:46 +0000 (22:10 +0000)]
clarification
Dr. Stephen Henson [Wed, 1 Mar 2006 21:17:50 +0000 (21:17 +0000)]
Update from HEAD.
Nils Larsch [Wed, 1 Mar 2006 19:52:07 +0000 (19:52 +0000)]
force C locale when using [a-z] in sed expressions
PR: 1283
Submitted by: Mike Frysinger
Nils Larsch [Tue, 28 Feb 2006 20:08:46 +0000 (20:08 +0000)]
fix "#ifndef HZ" statement
PR: 1287
Nils Larsch [Sat, 25 Feb 2006 11:53:45 +0000 (11:53 +0000)]
fix Intel Mac configuration; patch supplied by JP Szikora <szikora@icp.ucl.ac.be>
Nils Larsch [Fri, 24 Feb 2006 17:58:35 +0000 (17:58 +0000)]
fix no-dh configure option; patch supplied by Peter Meerwald
Dr. Stephen Henson [Tue, 21 Feb 2006 01:00:47 +0000 (01:00 +0000)]
Update from head.
Dr. Stephen Henson [Sun, 19 Feb 2006 13:45:22 +0000 (13:45 +0000)]
Fix from HEAD.
Nils Larsch [Wed, 15 Feb 2006 19:44:45 +0000 (19:44 +0000)]
fix typos
PR: 1280
Dr. Stephen Henson [Wed, 15 Feb 2006 15:03:47 +0000 (15:03 +0000)]
Fix OBJ_obj2txt() for large OIDs.
Nils Larsch [Mon, 13 Feb 2006 08:22:39 +0000 (08:22 +0000)]
fix typo: pass pre-computed parameters to the underlying signature function; thanks to Lucas Newman
Richard Levitte [Fri, 10 Feb 2006 08:52:56 +0000 (08:52 +0000)]
Backport the following changes from HEAD:
1.270:
As an effect of revisions 1.261, BUILD_CMD was changed so $(DIRS)
wasn't respected when using it to build different parts of OpenSSL.
1.269 was an attempt to correct that, but unfortunately meant that we
built every part that was given i $(DIRS) 7 times. This change puts
back the original intent with BUILD_CMD via the new macro
BUILD_ONE_CMD while keeping the intent with RECURSIVE_BUILD_CMD.
1.271:
Document the building macros.
Dr. Stephen Henson [Thu, 9 Feb 2006 12:28:30 +0000 (12:28 +0000)]
Update from 0.9.7-stable.
Nils Larsch [Wed, 8 Feb 2006 19:16:33 +0000 (19:16 +0000)]
backport recent changes from the cvs head
Dr. Stephen Henson [Sat, 4 Feb 2006 01:49:36 +0000 (01:49 +0000)]
Update filenames in makefiles
Dr. Stephen Henson [Sat, 4 Feb 2006 01:26:49 +0000 (01:26 +0000)]
Fix from HEAD.
Nils Larsch [Thu, 2 Feb 2006 22:16:45 +0000 (22:16 +0000)]
fix if statement: call conn_state() if the BIO is not in the BIO_CONN_S_OK state
Ben Laurie [Thu, 2 Feb 2006 15:27:22 +0000 (15:27 +0000)]
Constification.
Dr. Stephen Henson [Tue, 31 Jan 2006 18:37:41 +0000 (18:37 +0000)]
Fix from HEAD.
Lutz Jänicke [Mon, 30 Jan 2006 17:06:59 +0000 (17:06 +0000)]
Typo
Submitted by: Girish Venkatachalam <girish1729@gmail.com>
Dr. Stephen Henson [Sat, 21 Jan 2006 21:28:27 +0000 (21:28 +0000)]
file fipslink.pl was added on branch OpenSSL_0_9_8-stable on 2008-09-18 11:20:08 +0000
Dr. Stephen Henson [Sat, 21 Jan 2006 14:01:13 +0000 (14:01 +0000)]
file fipsld was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:10 +0000
Dr. Stephen Henson [Sat, 21 Jan 2006 14:01:11 +0000 (14:01 +0000)]
file fips_premain.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:10 +0000
Dr. Stephen Henson [Sat, 21 Jan 2006 14:01:09 +0000 (14:01 +0000)]
file fips_canister.c was added on branch OpenSSL_0_9_8-stable on 2008-09-16 10:12:10 +0000