generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
7,705 Commits 16 Branches 258 Tags
Commit Graph

1350 Commits

Author SHA1 Message Date
Bodo Möller
669b912dea Really get rid of unsafe double-checked locking. 
Also, "CHANGES" clean-ups.
 2008-09-14 13:51:49 +00:00
Bodo Möller
36a4a67b2b Some precautions to avoid potential security-relevant problems. 2008-09-14 13:42:40 +00:00
Ben Laurie
b7c8b4fc95 Allow soft-loading engines. 2008-09-12 13:29:59 +00:00
Dr. Stephen Henson
dd6e90465d Add support for Local Machine Keyset attribute in PKCS#12 files. 2008-06-26 23:26:52 +00:00
Bodo Möller
4afcee8b4b avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr() 
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
 2008-06-23 20:46:28 +00:00
Dr. Stephen Henson
1f3206216b Add acknowledgement. 2008-06-09 16:50:48 +00:00
Dr. Stephen Henson
1a12ce8ea5 Update CHANGES. 2008-06-05 15:32:05 +00:00
Mark J. Cox
3f79793b7e After tagging, bump ready for 0.9.8i development 2008-05-28 07:47:50 +00:00
Mark J. Cox
0d01d8a735 Prepare for 0.9.8h release 2008-05-28 07:37:14 +00:00
Mark J. Cox
2c0fa03dc6 Fix flaw if 'Server Key exchange message' is omitted from a TLS 
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com
 2008-05-28 07:29:27 +00:00
Mark J. Cox
d3b3a6d389 Fix double-free in TLS server name extensions which could lead to a remote 
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com
 2008-05-28 07:26:33 +00:00
Lutz Jänicke
5f23288692 Clear error queue when starting SSL_CTX_use_certificate_chain_file 
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
 2008-05-23 10:37:22 +00:00
Lutz Jänicke
45c58c7d10 Remove all root CA files (beyond test CAs including private key) 
from the OpenSSL distribution.
 2008-05-23 08:59:56 +00:00
Dr. Stephen Henson
112591be76 Fix off by one error ;-) 2008-05-20 18:48:22 +00:00
Dr. Stephen Henson
1b8daa3693 Typo. 2008-05-20 16:13:11 +00:00
Dr. Stephen Henson
10d3886c51 Fix two invalid memory reads in RSA OAEP mode. 
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
 2008-05-19 21:26:28 +00:00
Bodo Möller
c3031a4610 Avoid BN_MONT_CTX incompatibility. 2008-05-02 18:47:19 +00:00
Bodo Möller
812d8a176c Unobtrusive backport of 32-bit x86 Montgomery improvements from 0.9.9-dev: 
you need to use "enable-montasm" to see a difference.  (Huge speed
advantage, but BN_MONT_CTX is not binary compatible, so this can't be
enabled by default in the 0.9.8 branch.)

The CHANGES entry also covers the 64-bit x86 backport in November 2007
by appro.
 2008-05-01 23:11:34 +00:00
Dr. Stephen Henson
db533c96e3 TLS ticket key setting callback: this allows and application to set 
its own TLS ticket keys.
 2008-04-30 16:11:33 +00:00
Geoff Thorpe
98bd148b1a Fix auto-discovery of ENGINEs, ported from HEAD. 
NB, this fixes a regression relative to 0.9.7 and the documented behaviour,
but it would make sense for distro maintainers and others with an interest
in system behaviour to test with this change. The fix re-enables behaviour
that was broken and thus inherently disabled. In particular, if you
register an ENGINE implementation, and that ENGINE is able to successfully
self-initialise on the host, it will get used automatically (as claimed in
the documentation and as was the case for 0.9.7) - this was not the case
with 0.9.8 until now because of a bug.

PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe
 2008-04-28 21:45:43 +00:00
Geoff Thorpe
292248b8c2 Update from HEAD. 2008-04-27 18:52:14 +00:00
Dr. Stephen Henson
94b2c29f9d Backport of CMS code to 0.9.8-stable branch. Disabled by default. 2008-04-03 23:03:56 +00:00
Dr. Stephen Henson
6b8be6da76 Update CHANGES. 2008-04-02 11:45:34 +00:00
Dr. Stephen Henson
7ec2d392e7 Backport of zlib compression BIO from HEAD. Update mkdef.pl script to handle 
ZLIB. Update ordinals.
 2008-04-02 11:37:25 +00:00
Dr. Stephen Henson
e88f66bb49 Add CHANGES entry for key wrap. 2008-04-02 11:21:53 +00:00
Dr. Stephen Henson
9e7459fc5d Backport some useful ASN1 utility functions from HEAD. 2008-04-02 11:11:51 +00:00
Mark J. Cox
216ac24bd3 Add missing changelog entry for http://cvs.openssl.org/chngview?cn=16587 2008-02-28 13:35:58 +00:00
Bodo Möller
19398a175a fix BIGNUM flag handling 2008-02-27 06:02:00 +00:00
Dr. Stephen Henson
3b0e61a812 Netware support. 
Submitted by: Guenter Knauf <eflash@gmx.net>
 2008-01-03 22:53:06 +00:00
Lutz Jänicke
32f1f622f6 Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f 2007-10-19 08:25:53 +00:00
Dr. Stephen Henson
a523276786 Backport certificate status request TLS extension support to 0.9.8. 2007-10-12 00:00:36 +00:00
Ben Laurie
2339c5d722 Next version. 2007-10-11 15:04:32 +00:00
Ben Laurie
dd00266757 Ready to roll. 2007-10-11 14:58:15 +00:00
Ben Laurie
bb99ce5f80 make update, and more DTLS stuff. 2007-10-11 14:36:59 +00:00
Dr. Stephen Henson
294f03a812 Reimplement safestack to avoid function pointer casts. 2007-09-06 21:07:43 +00:00
Dr. Stephen Henson
927a28ba3b gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL. 
Fix various "computed value not used" warnings too.
 2007-09-06 12:43:54 +00:00
Dr. Stephen Henson
967ead7269 Update from HEAD. 2007-08-27 23:47:10 +00:00
Dr. Stephen Henson
5b96d1ccf9 Clarify CHANGES entry. 2007-08-23 22:58:24 +00:00
Dr. Stephen Henson
865a90eb4f Backport of TLS extension code to OpenSSL 0.9.8. 
Include server name and RFC4507bis support.

This is not compiled in by default and must be explicitly enabled with
the Configure option enable-tlsext
 2007-08-12 18:59:03 +00:00
Dr. Stephen Henson
f805d30769 SSE2 and AES assembly language support for VC++ build. 2007-07-19 17:39:07 +00:00
Andy Polyakov
4c5979a107 Mention recent changes to bn_mont.c in CHANGES. 2007-06-20 17:44:43 +00:00
Bodo Möller
b22250bb67 Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 2007-05-22 09:48:06 +00:00
Ben Laurie
8957121c14 More IGE speedup. 2007-05-13 15:04:16 +00:00
Ben Laurie
50241bc84e AES IGE mode speedup. 2007-05-13 12:03:57 +00:00
Bodo Möller
c3cc4662af Add SEED encryption algorithm. 
PR: 1503
Submitted by: KISA
Reviewed by: Bodo Moeller
 2007-04-23 23:50:26 +00:00
Bodo Möller
2ac061e487 make BN_FLG_CONSTTIME semantics more fool-proof 2007-03-28 18:44:01 +00:00
Bodo Möller
7cdb81582c Change to mitigate branch prediction attacks 
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
 2007-03-28 00:14:25 +00:00
Bodo Möller
6fd3f3260d stricter session ID context matching 2007-03-21 14:33:01 +00:00
Bodo Möller
d9e262443c oops -- this should have been in 0.9.8e 2007-03-21 14:18:27 +00:00
Bodo Möller
402b951804 include complete 0.9.7 history 2007-02-26 10:48:56 +00:00