Dr. Stephen Henson 53348780e9 Fix SRP buffer overrun vulnerability. ...

Invalid parameters passed to the SRP code can be overrun an internal
buffer. Add sanity check that g, A, B < N to SRP code.

Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for reporting this issue.

2014-08-06 20:41:24 +01:00

..

aes

Initial POWER8 support from development branch.

2014-07-20 14:36:49 +02:00

asn1

Fix OID handling:

2014-08-06 20:41:24 +01:00

bf

Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA

2011-08-14 13:47:30 +00:00

bio

Fix memory leak in BIO_free if there is no destroy function.

2014-07-09 23:32:18 +01:00

bn

make update

2014-08-01 21:21:03 +01:00

buffer

Check length first in BUF_strnlen().

2014-05-22 10:12:10 +01:00

camellia

camellia/asm/cmll-x86_64.pl: fix symptomless bugs (update from master).

2014-02-01 23:14:33 +01:00

cast

Please Clang's sanitizer.

2014-07-09 22:45:38 +02:00

cmac

oops, macro not present in OpenSSL 1.0.2

2012-04-11 15:10:48 +00:00

cms

Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259).

2014-07-10 17:49:53 +01:00

comp

Assorted bugfixes:

2011-02-03 12:03:57 +00:00

conf

Prevent infinite loop loading config files.

2014-07-07 13:54:11 +01:00

des

SPARC T4 assembly pack: treat zero input length in CBC.

2014-03-07 10:48:51 +01:00

dh

dh_check.c: check BN_CTX_get's return value.

2014-03-06 14:21:17 +01:00

dsa

Return correct enveloped data type in ASN1 methods.

2013-10-01 14:01:18 +01:00

dso

Fix a wrong parameter count ERR_add_error_data

2014-05-19 22:15:27 +01:00

ec

Simplify and fix ec_GFp_simple_points_make_affine

2014-08-01 17:27:59 +02:00

ecdh

make update

2013-12-01 23:09:44 +00:00

ecdsa

Accessor functions for app_data in ECDSA_METHOD

2014-07-02 00:59:43 +01:00

engine

Please Clang's sanitizer, addendum.

2014-07-09 22:45:52 +02:00

err

Don't include comp.h if no-comp set.

2013-01-20 01:10:03 +00:00

evp

Initial POWER8 support from development branch.

2014-07-20 14:36:49 +02:00

hmac

Experimental multi-implementation support for FIPS capable OpenSSL.

2012-05-13 18:40:12 +00:00

idea

Fix typo in ideatest.c

2014-06-28 00:06:32 +01:00

jpake

apply J-PKAKE fix to HEAD (original by Ben)

2010-11-29 18:33:28 +00:00

krb5

Further BUILDENV refinement, further fool-proofing of Makefiles and

2005-05-16 16:55:47 +00:00

lhash

Revert lhash patch for PR#2124

2009-12-09 15:00:20 +00:00

md2

Prohibit use of low level digest APIs in FIPS mode.

2011-06-01 13:39:45 +00:00

md4

Fix some clang warnings.

2013-01-13 21:06:36 +00:00

md5

md5_locl.h: enable assembly support on SPARC [from master].

2013-05-20 00:33:09 +02:00

mdc2

Reduce version skew: trivia (I hope).

2012-06-03 22:03:37 +00:00

modes

Initial POWER8 support from development branch.

2014-07-20 14:36:49 +02:00

objects

Fix OID handling:

2014-08-06 20:41:24 +01:00

ocsp

Handle IPv6 addresses in OCSP_parse_url.

2014-06-27 17:31:37 +01:00

pem

Sanity check keylength in PVK files.

2014-07-06 00:36:14 +01:00

perlasm

Initial POWER8 support from development branch.

2014-07-20 14:36:49 +02:00

pkcs7

Remove ancient obsolete files under pkcs7.

2014-06-27 13:53:23 +01:00

pkcs12

Fix memory leak.

2014-05-29 13:49:50 +01:00

pqueue

Fix warnings (From HEAD, original patch by Ben).

2010-06-15 17:25:15 +00:00

rand

Fix error discrepancy.

2014-08-01 18:42:41 +01:00

rc2

make update

2013-01-15 16:24:07 +00:00

rc4

Please Clang's sanitizer.

2014-07-09 22:45:38 +02:00

rc5

Intel compiler support update from HEAD.

2012-11-28 13:12:09 +00:00

ripemd

Fix some clang warnings.

2013-01-13 21:06:36 +00:00

rsa

Return smaller of ret and f.

2014-07-05 22:38:17 +01:00

seed

Revert "version skew" patches that break FIPS compilation

2012-06-09 23:36:38 +00:00

sha

sha1-ppc.pl: shave off one cycle from BODY_20_39

2014-07-21 15:30:59 +02:00

srp

Fix SRP buffer overrun vulnerability.

2014-08-06 20:41:24 +01:00

stack

Implement sk_deep_copy.

2014-07-07 19:19:13 +10:00

store

Make it possible to disable STORE.

2009-02-19 09:42:51 +00:00

threads

Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).

2009-05-15 16:37:08 +00:00

ts

Fix double frees.

2014-04-22 17:00:52 +01:00

txt_db

Change STRING to OPENSSL_STRING etc as common words such

2009-07-27 21:08:53 +00:00

ui

* crypto/ui/ui_lib.c: misplaced brace in switch statement.

2014-07-13 19:13:38 +02:00

whrlpool

wp-mmx.pl: ~10% performance improvement.

2014-02-01 22:27:07 +01:00

x509

Update API to use (char *) for email addresses and hostnames

2014-07-07 19:20:34 +10:00

x509v3

Update API to use (char *) for email addresses and hostnames

2014-07-07 19:20:34 +10:00

.cvsignore

Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev

2008-04-17 10:19:16 +00:00

alphacpuid.pl

Alpha assembler fixed from HEAD.

2011-08-12 12:31:08 +00:00

arm64cpuid.S

Add linux-aarch64 taget.

2014-06-10 23:20:55 +02:00

arm_arch.h

Add linux-aarch64 taget.

2014-06-10 23:20:55 +02:00

armcap.c

Add linux-aarch64 taget.

2014-06-10 23:20:55 +02:00

armv4cpuid.S

ARM assembly pack: get ARMv7 instruction endianness right.

2014-06-10 22:51:15 +02:00

cpt_err.c

Implement FIPS_mode and FIPS_mode_set

2011-05-19 18:19:07 +00:00

cryptlib.c

Avoid Windows 8 Getversion deprecated errors.

2014-02-25 13:41:53 +00:00

cryptlib.h

Reduce version skew: trivia (I hope).

2012-06-03 22:03:37 +00:00

crypto-lib.com

Adjust VMS build to Unix build. Most of all, make it so the disabled

2014-06-18 13:43:09 +02:00

crypto.h

Add and use a constant-time memcmp.

2013-02-06 13:56:12 +00:00

cversion.c

(oops) Apologies all, that last header-cleanup commit was from the wrong

2004-04-19 18:09:28 +00:00

ebcdic.c

Oops, this file already had the "empty source file" workaround but it

2003-10-29 22:25:04 +00:00

ebcdic.h

EBCDIC support.

2000-02-01 02:21:16 +00:00

ex_data.c

Avoid warnings with -pedantic, specifically:

2008-07-04 23:12:52 +00:00

fips_err.h

Update error codes for FIPS.

2011-10-21 13:04:27 +00:00

fips_ers.c

Add FIPS error codes.

2011-06-21 16:58:10 +00:00

ia64cpuid.S

IA64 assembler pack update from HEAD.

2011-11-14 20:45:57 +00:00

install-crypto.com

Adjust VMS build to Unix build. Most of all, make it so the disabled

2014-06-18 13:43:09 +02:00

LPdir_nyi.c

Copy a few files from LPlib (a new project of mine), add a wrapper.

2004-07-10 13:16:02 +00:00

LPdir_unix.c

Import changed files from LPlib. The changes are logged as follows

2004-09-23 22:11:39 +00:00

LPdir_vms.c

Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>

2011-03-19 09:47:47 +00:00

LPdir_win32.c

Import changed files from LPlib. The changes are logged as follows

2004-09-23 22:11:39 +00:00

LPdir_win.c

Fix mingw warnings.

2006-10-23 07:41:05 +00:00

LPdir_wince.c

Import changed files from LPlib. The changes are logged as follows

2004-09-23 22:11:39 +00:00

Makefile

crypto/Makefile: make it OSF-make-friendly

2014-02-26 16:42:57 +01:00

md32_common.h

Please Clang's sanitizer.

2014-07-09 22:45:38 +02:00

mem_clr.c

Fix warning.

2007-06-23 18:47:51 +00:00

mem_dbg.c

PR: 1894

2009-04-16 17:22:51 +00:00

mem.c

Reduce version skew: trivia (I hope).

2012-06-03 22:03:37 +00:00

o_dir_test.c

Copy a few files from LPlib (a new project of mine), add a wrapper.

2004-07-10 13:16:02 +00:00

o_dir.c

DJGPP has opendir() and friends, according to Gisle Vanem <giva@bgnett.no>.

2004-08-03 19:15:21 +00:00

o_dir.h

Copy a few files from LPlib (a new project of mine), add a wrapper.

2004-07-10 13:16:02 +00:00

o_fips.c

call OPENSSL_init when calling FIPS_mode too

2012-04-20 14:43:14 +00:00

o_init.c

The first of many changes to make OpenSSL 1.0.1 FIPS capable.

2011-05-26 14:19:19 +00:00

o_str.c

Improve WINCE support.

2014-02-01 22:48:56 +01:00

o_str.h

"Overload" SunOS 4.x memcmp, which ruins ASN1_OBJECT table lookups.

2005-09-20 20:19:07 +00:00

o_time.c

Time difference functions.

2013-08-19 21:55:07 +01:00

o_time.h

Time difference functions.

2013-08-19 21:55:07 +01:00

opensslconf.h.in

Eliminate warning induced by http://cvs.openssl.org/chngview?cn=14690 and

2005-12-16 10:37:24 +00:00

opensslv.h

Prepare for 1.0.2-beta3-dev

2014-07-22 21:31:04 +01:00

ossl_typ.h

Add KDF for DH.

2013-10-01 14:01:18 +01:00

pariscid.pl

PA-RISC assembler pack: switch to bve in 64-bit builds.

2013-06-30 23:13:23 +02:00

ppc_arch.h

Initial POWER8 support from development branch.

2014-07-20 14:36:49 +02:00

ppccap.c

Initial POWER8 support from development branch.

2014-07-20 14:36:49 +02:00

ppccpuid.pl

Initial POWER8 support from development branch.

2014-07-20 14:36:49 +02:00

s390xcap.c

s390x assembler pack update from HEAD.

2011-11-14 20:47:22 +00:00

s390xcpuid.S

s390x assembler pack update from HEAD.

2011-11-14 20:47:22 +00:00

sparc_arch.h

sparcv9cap.c: update from master.

2013-05-20 00:16:18 +02:00

sparccpuid.S

sparcv9cap.c: update from master.

2013-05-20 00:16:18 +02:00

sparcv9cap.c

sparcv9cap.c: omit random detection.

2013-12-28 13:32:45 +01:00

symhacks.h

Add new VMS hack symbol, update ordinals.

2014-03-02 13:50:06 +00:00

uid.c

Netware-specific changes,

2003-11-28 13:10:58 +00:00

vms_rms.h

Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>

2011-03-19 09:47:47 +00:00

x86_64cpuid.pl

x86[_64]cpuid.pl: add low-level RDSEED.

2014-02-14 17:25:14 +01:00

x86cpuid.pl

x86[_64]cpuid.pl: add low-level RDSEED.

2014-02-14 17:25:14 +01:00