generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
7,894 Commits 16 Branches 258 Tags
Commit Graph

7894 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dr. Stephen Henson
5456583294 Don't add the TS EKU by default in openssl.cnf because it then 
makes certificates genereated by ca, CA.pl etc useless for anything else.
 2006-11-07 14:27:55 +00:00
Dr. Stephen Henson
f1845cbee8 Typo. 2006-11-07 13:46:37 +00:00
Dr. Stephen Henson
51cc37b69d Fix link for ASN1_generate_nconf 2006-11-07 13:44:03 +00:00
Dr. Stephen Henson
ff1b10dca1 Typo. 2006-11-07 13:17:02 +00:00
Dr. Stephen Henson
ebeb17e2e0 Add v3 ref to see also sections. 2006-11-07 13:13:14 +00:00
Dr. Stephen Henson
137de5b157 Add documentetion for noCheck extension and add a few cross references to 
the extension documentation.
 2006-11-07 12:51:27 +00:00
Nils Larsch
224328e404 fix warning 2006-11-06 20:10:44 +00:00
Nils Larsch
1611b9ed80 remove SSLEAY_MACROS code 2006-11-06 19:53:39 +00:00
Nils Larsch
8a4af56fc6 update md docs 2006-10-27 21:58:09 +00:00
Nils Larsch
05cfe06607 fix OPENSSL_NO_foo defines 2006-10-27 21:25:53 +00:00
Dr. Stephen Henson
b37a68cc8f Initialize old_priv_encode, old_priv_decode. 2006-10-27 11:43:27 +00:00
Andy Polyakov
a2688c872d Minor portability update to c_rehash. 2006-10-26 10:52:12 +00:00
Andy Polyakov
5b50f99e1e Further mingw build procedure updates. 2006-10-24 22:14:20 +00:00
Andy Polyakov
b8994b6130 Harmonize dll naming in mingw builds. 2006-10-23 11:54:18 +00:00
Andy Polyakov
d7917c584a Yet another mingw warning. 2006-10-23 07:45:52 +00:00
Andy Polyakov
544d845585 OPENSSL_ia32cap.pod update. 2006-10-23 07:44:51 +00:00
Andy Polyakov
a6efc2d1b8 Fix mingw warnings. 2006-10-23 07:41:05 +00:00
Andy Polyakov
3189772e07 Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even 
recent mingw modifications.
 2006-10-23 07:38:30 +00:00
Andy Polyakov
08a638237d Allow for mingw cross-compile configuration. 2006-10-23 07:30:19 +00:00
Andy Polyakov
d8cdd1567f Make c_rehash more platform neutral and make it work in mixed environment, 
such as MSYS with "native" Win32 perl.
 2006-10-21 16:28:03 +00:00
Andy Polyakov
cbfb39d1be Rudimentary support for cross-compiling. 2006-10-21 13:38:16 +00:00
Andy Polyakov
a4d64c7f49 Align data payload for better performance. 2006-10-20 11:26:00 +00:00
Andy Polyakov
1e7b6c029c Avoid application relink on every make invocation. 2006-10-20 11:23:35 +00:00
Andy Polyakov
3634d7e97a Gcc over-optimizes PadLock AES CFB codepath, tell it not to. 2006-10-19 20:55:05 +00:00
Andy Polyakov
53d7efea76 Temporary fix for sha256 IA64 assembler. 2006-10-18 09:42:56 +00:00
Andy Polyakov
002684d693 Fix bug in big-endian path and optimize it for size. 2006-10-18 08:15:16 +00:00
Andy Polyakov
c038b8aa56 Typo in perlasm/x86asm.pl. 2006-10-17 16:21:28 +00:00
Andy Polyakov
c5f17d45c1 Further synchronizations with md32_common.h update, consistent naming 
for low-level SHA block routines.
 2006-10-17 16:13:18 +00:00
Andy Polyakov
31439046e0 bn/asm/ppc.pl to use ppc-xlate.pl. 2006-10-17 14:37:07 +00:00
Andy Polyakov
11d0ebc841 Further synchronizations with md32_common.h update. 2006-10-17 13:38:10 +00:00
Andy Polyakov
cecfdbf72d VIA-specific Montgomery multiplication routine. 2006-10-17 07:04:48 +00:00
Andy Polyakov
f0f61f6d0d Synchronize SHA1 assembler with md32_common.h update. 2006-10-17 07:00:23 +00:00
Andy Polyakov
d68ff71004 Support for .asciz directive in perlasm modules. 2006-10-17 06:43:11 +00:00
Andy Polyakov
591e85e928 Linking errors on IA64 and typo in aes-ia64.S. 2006-10-17 06:41:27 +00:00
Andy Polyakov
c69ed6ea39 Re-implement md32_common.h [make it simpler!] and eliminate code rendered 
redundant as result.
 2006-10-11 11:55:11 +00:00
Dr. Stephen Henson
55a08fac68 Typo. 2006-10-05 21:59:50 +00:00
Nils Larsch
2fc281d01f return an error if the supplied precomputed values lead to an invalid signature 2006-10-04 19:37:17 +00:00
Bodo Möller
d326582cab ASN1_item_verify needs to initialize ctx before any "goto err" can 
happen; the new code for the OID cross reference table failed to do so.
 2006-10-04 06:14:36 +00:00
Dr. Stephen Henson
f4c630abb3 Place standard CRL behaviour in default X509_CRL_METHOD new functions to 
create, free and set default CRL method.
 2006-10-03 02:47:59 +00:00
Mark J. Cox
c2cccfc585 Initialise ctx to NULL to avoid uninitialized free, noticed by 
Steve Kiernan
 2006-09-29 08:21:41 +00:00
Bodo Möller
3c5406b35c All 0.9.8d patches have been applied to HEAD now, so we no longer need 
the redundant entries under the 0.9.9 heading.
 2006-09-28 13:50:41 +00:00
Bodo Möller
5e3225cc44 Introduce limits to prevent malicious keys being able to 
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
 2006-09-28 13:45:34 +00:00
Bodo Möller
61118caa86 include 0.9.8d and 0.9.7l information 2006-09-28 13:35:01 +00:00
Mark J. Cox
348be7ec60 Fix ASN.1 parsing of certain invalid structures that can result 
in a denial of service.  (CVE-2006-2937)  [Steve Henson]
 2006-09-28 13:20:44 +00:00
Mark J. Cox
3ff55e9680 Fix buffer overflow in SSL_get_shared_ciphers() function. 
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
 2006-09-28 13:18:43 +00:00
Richard Levitte
cbb92dfaf0 Fixes for the following claims: 
1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336
 2006-09-28 12:22:58 +00:00
Dr. Stephen Henson
019bfef899 Initialize new callbacks and make sure hent is always initialized. 2006-09-26 13:25:19 +00:00
Richard Levitte
0709249f4c Complete the change for VMS. 2006-09-25 08:35:35 +00:00
Dr. Stephen Henson
89c9c66736 Submitted by: Brad Spencer <spencer@jacknife.org> 
Reviewed by: steve
 2006-09-23 17:29:49 +00:00
Dr. Stephen Henson
347ed3b93c Buffer size handling fix for enc. 
PR:1374
 2006-09-22 17:14:22 +00:00