Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
110,498 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

62 Commits

Author SHA1 Message Date
itojun 359e4b88f5 OpenSSL Security Advisory [19 March 2003] 
Klima-Pokorny-Rosa attack on RSA in SSL/TLS
 2003-03-19 23:06:33 +00:00
itojun 9e2d007f93 enable RSA blinding by defualt. from bugtraq posting <3E758B85.6090300@algroup.co.uk> 2003-03-17 14:33:50 +00:00
wiz 658b9c6d28 In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked 
via timing by performing a MAC computation even if incorrect
block cipher padding has been found.  This is a countermeasure
against active attacks where the attacker has to distinguish
between bad padding and a MAC verification error. (CAN-2003-0078)
 2003-02-20 07:39:17 +00:00
itojun 2b9b8f5bd3 reduce #ifdef related to OPENSSLDIR - we want it be static 2002-09-01 11:38:34 +00:00
itojun 50d422c24f e_os.h is not part of exported openssl interface, so don't install it into 
/usr/include/openssl (e_os.h has an explicit comment about it).  it obviously
is a bug in openssl 0.9.6 Makefile.
based on openssl 0.9.7 snapshot.
 2002-08-31 10:46:36 +00:00
itojun f613969b8a somehow main trunk was not in sync with 0.9.6f for this file. noted by havard. 2002-08-28 23:10:30 +00:00
itojun 1146a80999 more NO_xx cleanup. can't catch these by openssl-unifdef.pl 2002-08-17 21:41:59 +00:00
itojun 08597903ce sync with 0.9.6g 2002-08-09 15:58:46 +00:00
itojun 5eb341dcb6 openssl 0.9.6g, build framework fixes 2002-08-09 15:45:08 +00:00
itojun 182c0b6e08 sync with 0.9.6f. prevents DoS attack and regen of manpages. 2002-08-08 23:47:34 +00:00
itojun f5e63fe4c2 openssl 0.9.6f, with security fixes 2002-08-08 23:14:54 +00:00
itojun e8859ea868 remove files mistakenly shipped with openssl 0.9.6e. 
(it won't affect the build)
 2002-08-05 11:21:29 +00:00
itojun 85c4496982 http://marc.theaimsgroup.com/?l=openssl-cvs&m=102831422608153&w=2 
*) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
     and get fix the header length calculation.
     [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
      Alon Kantor <alonk@checkpoint.com> (and others),
      Steve Henson]

(critical)
 2002-08-03 12:56:23 +00:00
itojun e7f66af2b2 fix incorrect overrun check. 
http://marc.theaimsgroup.com/?l=openssl-cvs&m=102831516309127&w=2
(thank todd!)
 2002-08-02 23:09:03 +00:00
itojun ef920a0913 sync with 0.9.6e. 2002-07-31 01:29:37 +00:00
itojun 25e766824a OpenSSL 0.9.6e. includes major security fixes (already applied) 2002-07-30 23:57:34 +00:00
itojun e9316c8858 apply patch supplied with OpenSSL Security Advisory [30 July 2002] 
advisory 1: four potentially remotely-exploitable vulnerability in
SSL2/SSL3 code
advisory 2: ASN1 parser vulnerability (all SSL/TLS apps affected)
 2002-07-30 12:55:08 +00:00
itojun 7c75b5ec2f sync with 0.9.6d. shlib minor for libssl and libcrypto 
is cranked for additional functions.
 2002-06-09 16:12:52 +00:00
itojun 7720435b28 openssl 0.9.6d 2002-06-09 15:21:32 +00:00
itojun f0231f96aa do not propose IDEA cipher on SSL connection, as our default installation 
does not handle IDEA.
TODO: dynamically enable IDEA if libcrypto_idea is linked
 2002-06-09 02:16:18 +00:00
wiz 1fd7eeefcd "than" instead of "then". 2001-11-21 19:14:19 +00:00
wiz a984ffbe34 less than, not then, and re-established, not re-estabished 2001-11-21 19:11:44 +00:00
wiz 4c99916337 va_{start,end} audit: 
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).

Improved by comments from enami and christos -- thanks!

Heimdal/krb4/KAME changes already fed back, rest to follow.

Inspired by, but not not based on, OpenBSD.
 2001-09-24 13:22:25 +00:00
itojun 7fc834dc03 upgrade to 0.9.6b. no shlib major/minor bump is necessary. 2001-07-11 06:50:53 +00:00
itojun 0eb42056bd OpenSSL 0.9.6b 2001-07-11 03:54:20 +00:00
itojun a549080f85 OpenSSL 0.9.6b 2001-07-11 03:53:32 +00:00
itojun 7d076b538c fix PRNG weakness. the workaround presented on bugtraq posting. 2001-07-10 14:01:26 +00:00
itojun aae394a457 make it compile on macppc (or, platforms where char = unsigned char) 
From: Dave Huang <khym@azeotrope.org>
 2001-04-14 08:36:12 +00:00
itojun 08f45e7850 fix unterminated L<>. 2001-04-12 09:42:45 +00:00
itojun 974c617dfe sync better with 0.9.6a. 2001-04-12 07:57:56 +00:00
itojun 35a07da1df use openssl 0.9.6a. shlib major # is bumped for libcrypto, libssl and 
all kerberos libraries.
 2001-04-12 07:48:03 +00:00
itojun 75902e8d9b OpenSSL 0.9.6a 2001-04-12 03:10:36 +00:00
itojun 3095531005 OpenSSL 0.9.6a 2001-04-12 03:08:43 +00:00
itojun b9e8ac0f0f OpenSSL 0.9.6a 2001-04-12 03:06:03 +00:00
itojun 9e3025d914 des_cblock_print_file() does not really exist. 2001-04-11 10:13:28 +00:00
wiz 6b5ab77765 fo -> for 2001-04-02 18:25:34 +00:00
itojun 0265b9e0c2 redo 1.1 -> 1.2. on RAND_file_name(), return /dev/urandom by default. 
RAND_{load,write}_file() takes care of device file case.  from openbsd.
 2001-03-26 18:08:25 +00:00
itojun 522ac04d08 backout 1.1 -> 1.2 (use /dev/urandom if no value can be found), 
/dev/urandom is not a normal file - there'll be no EOF.
noticed by Manuel Bouyer.
 2001-03-21 19:49:50 +00:00
lukem 286bcc01a3 don't use LOG_CONS 2001-01-11 02:58:05 +00:00
christos 1473c569f5 eliminated redundant decl. 2001-01-07 00:01:16 +00:00
itojun b1375d5035 do not look at environment variables if issetugid() == 0. 
use random number device file as the default value.
from openbsd.
 2001-01-05 06:22:32 +00:00
bouyer e33acbd7b7 Correct printf format (used with integers, not longs). 2000-10-19 15:10:33 +00:00
taca c011ac8db6 - Correct missing closedir(3) in SSL_add_dir_cert_subjects_to_stack(). 
This should be fix the bug that apache enabled SSL may exhaust its
  file descriptors.  Noted by TAKANO Yuji <takachan@running-dog.net>
  on apache@ecc.u-tokyo.ac.jp, apache mailing list in Japanese.

  He had already sent a bug report to openssl-dev@openssl.org, but it
  wasn't fixed in openssl-0.9.6.  :-(
 2000-10-13 01:47:27 +00:00
is 612e4c298a define DES_LONG in time to be used by later header files. 2000-10-08 18:42:03 +00:00
itojun a001cd4e77 exit 0 on success, 1 on error 2000-10-06 06:21:16 +00:00
sommerfeld dc3402136b Constify variables containing format strings 2000-10-05 14:32:50 +00:00
itojun 18e8d6decc do not loop forever 2000-10-03 15:07:14 +00:00
itojun 42e4adfd95 make it useful as test (exit 0 if successful) 2000-10-03 14:45:36 +00:00
itojun 0b86bc5a1c nuke #define for changing variable size (affects ABI). 2000-10-03 04:00:19 +00:00
itojun 169eefc02f move rc5/idea dummy functions from crypto/dist/openssl/crypto to lib/libcrypto. 
they are not part of the openssl distribution.
suggested by thorpej.
 2000-10-01 22:17:59 +00:00