Commit Graph

91 Commits

Author SHA1 Message Date
drochner 5e420ba772 restore behaviour before the 0.9.7d import: fall back to /dev/urandom
if ~/.rnd is not present.
(This code is with #ifdef __OpenBSD__ in openssl now; this change just
generalizes it.)
(approved by tls)
2004-06-21 15:14:16 +00:00
groo 4b32eb44a7 Resolve conflicts. In particular, prefer OpenSSL's BIO_strl* and
BIO_strncpy over ours.
2004-03-20 04:32:34 +00:00
groo 5a374ad0ce Import OpenSSL 0.9.7d to address:
1. Null-pointer assignment during SSL handshake
	2. Out-of-bounds read affects Kerberos ciphersuites
2004-03-20 04:22:06 +00:00
groo 0684427439 Import OpenSSL 0.9.7d to address:
1. Null-pointer assignment during SSL handshake
	2. Out-of-bounds read affects Kerberos ciphersuites
2004-03-20 04:22:04 +00:00
jonathan dedf78268d Patch OpenSSL to use opencrypto (aka /dev/crypto), if configured and
(per kernel policy) for crypto transforms for which hardware
acceleration is available. Affects:

   crypto/dist/openssl/crypto/engine/eng_all.c
   crypto/dist/openssl/crypto/engine/hw_cryptodev.c
   crypto/dist/openssl/crypto/evp/c_all.c

as posted to tech-crypto for review/comment on 2003-08-21.
2003-11-20 00:55:51 +00:00
itojun aec01dda91 sync w/ openssl 0.9.7c. shlib minor bump for libcrypto.
(ERR_release_err_state_table() added)
2003-11-04 23:54:26 +00:00
itojun 385718bc5c more unifdef 2003-11-04 23:45:56 +00:00
itojun 6b4e6697c9 openssl 0.9.7c. security changes are already in place 2003-11-04 23:25:09 +00:00
thorpej 1244cc6c62 Fix NULL vs 0 mixup. 2003-10-25 20:48:10 +00:00
itojun b3cd345741 more fixes from 0.9.7c, from openbsd 2003-10-02 02:26:17 +00:00
itojun ae91503b5d from openbsd:
Correct some off-by-ones.  They currently don't matter, but this
is for future safety and consistency.
OK krw@, markus@
2003-10-02 02:25:05 +00:00
christos 0a7cc0d7d1 Apply security fix: http://www.openssl.org/news/secadv_20030930.txt
Changelog from: http://cvs.openssl.org/chngview?cn=11471
2003-09-30 15:59:53 +00:00
itojun 34439bf0c9 off-by-one. from openbsd 2003-09-22 22:12:05 +00:00
itojun ca14877c77 reject rc5/idea/mdc2 commands if OPENSSL_NO_xx is specified 2003-08-27 21:05:02 +00:00
itojun eb24db53ab style; total size of buf is (num + 3) 2003-08-13 01:29:41 +00:00
simonb 658a8c458e Fix bad use of "sizeof(pointer)" where the length of a buffer was the
intention.  Fixes problems with least ssh's known_hosts file and factor.

Patch from Berndt Josef Wulf's PR lib/22347.
2003-08-12 03:25:24 +00:00
itojun 5de5abdd3d consistently use new DES API, re-enable des regression test 2003-07-31 08:53:58 +00:00
itojun 805c102737 fix compilation on sparc64. reported by Juergen Hannken-Illjes 2003-07-25 09:06:02 +00:00
itojun e8876f361f avoid "unsigned u_int32_t" 2003-07-25 02:02:43 +00:00
itojun f4401cd869 upgrade openssl to 0.9.7b. (AES is now supported)
alter des.h to be friendly with openssl/des.h (you can include both in the
same file)
make libkrb to depend on libdes.  bump major.
massage various portioin of heimdal to be friendly with openssl 0.9.7b.
2003-07-24 14:16:30 +00:00
itojun 2836295a36 OpenSSL 0.9.7b, major API changes included 2003-07-24 08:25:41 +00:00
itojun 0f3017142e use snprintf (actually, "addr" can be supplied from outside, and if "addr"
points to shorter-than-24 buffer we will overrun buffer.  bad API)
2003-07-24 04:41:13 +00:00
itojun 46471dc1e9 cast for signed/unsigned mixup 2003-07-14 18:27:48 +00:00
itojun 1bffbcd4a1 correct ^@ incorrectly committed 2003-07-14 18:26:05 +00:00
itojun a157f97782 unifdef VMS/WIN16/WIN32 in public headers, at least 2003-07-14 14:06:14 +00:00
itojun c187ba994b use bounded string op (only one sprintf remains - still no clue) 2003-07-14 13:24:00 +00:00
itojun a395b35ba2 delint 2003-07-14 13:07:05 +00:00
itojun 848c8ac0ef use bounded string ops (especially libraries) 2003-07-14 13:05:19 +00:00
mycroft 6012957147 Don't build crypt() on NetBSD either. 2003-04-02 20:28:00 +00:00
itojun 359e4b88f5 OpenSSL Security Advisory [19 March 2003]
Klima-Pokorny-Rosa attack on RSA in SSL/TLS
2003-03-19 23:06:33 +00:00
itojun 9e2d007f93 enable RSA blinding by defualt. from bugtraq posting <3E758B85.6090300@algroup.co.uk> 2003-03-17 14:33:50 +00:00
wiz 658b9c6d28 In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
via timing by performing a MAC computation even if incorrect
block cipher padding has been found.  This is a countermeasure
against active attacks where the attacker has to distinguish
between bad padding and a MAC verification error. (CAN-2003-0078)
2003-02-20 07:39:17 +00:00
itojun 2b9b8f5bd3 reduce #ifdef related to OPENSSLDIR - we want it be static 2002-09-01 11:38:34 +00:00
itojun 50d422c24f e_os.h is not part of exported openssl interface, so don't install it into
/usr/include/openssl (e_os.h has an explicit comment about it).  it obviously
is a bug in openssl 0.9.6 Makefile.
based on openssl 0.9.7 snapshot.
2002-08-31 10:46:36 +00:00
itojun f613969b8a somehow main trunk was not in sync with 0.9.6f for this file. noted by havard. 2002-08-28 23:10:30 +00:00
itojun 1146a80999 more NO_xx cleanup. can't catch these by openssl-unifdef.pl 2002-08-17 21:41:59 +00:00
itojun 08597903ce sync with 0.9.6g 2002-08-09 15:58:46 +00:00
itojun 5eb341dcb6 openssl 0.9.6g, build framework fixes 2002-08-09 15:45:08 +00:00
itojun 182c0b6e08 sync with 0.9.6f. prevents DoS attack and regen of manpages. 2002-08-08 23:47:34 +00:00
itojun f5e63fe4c2 openssl 0.9.6f, with security fixes 2002-08-08 23:14:54 +00:00
itojun e8859ea868 remove files mistakenly shipped with openssl 0.9.6e.
(it won't affect the build)
2002-08-05 11:21:29 +00:00
itojun 85c4496982 http://marc.theaimsgroup.com/?l=openssl-cvs&m=102831422608153&w=2
*) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
     and get fix the header length calculation.
     [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
      Alon Kantor <alonk@checkpoint.com> (and others),
      Steve Henson]

(critical)
2002-08-03 12:56:23 +00:00
itojun e7f66af2b2 fix incorrect overrun check.
http://marc.theaimsgroup.com/?l=openssl-cvs&m=102831516309127&w=2
(thank todd!)
2002-08-02 23:09:03 +00:00
itojun ef920a0913 sync with 0.9.6e. 2002-07-31 01:29:37 +00:00
itojun 25e766824a OpenSSL 0.9.6e. includes major security fixes (already applied) 2002-07-30 23:57:34 +00:00
itojun e9316c8858 apply patch supplied with OpenSSL Security Advisory [30 July 2002]
advisory 1: four potentially remotely-exploitable vulnerability in
SSL2/SSL3 code
advisory 2: ASN1 parser vulnerability (all SSL/TLS apps affected)
2002-07-30 12:55:08 +00:00
itojun 7c75b5ec2f sync with 0.9.6d. shlib minor for libssl and libcrypto
is cranked for additional functions.
2002-06-09 16:12:52 +00:00
itojun 7720435b28 openssl 0.9.6d 2002-06-09 15:21:32 +00:00
itojun f0231f96aa do not propose IDEA cipher on SSL connection, as our default installation
does not handle IDEA.
TODO: dynamically enable IDEA if libcrypto_idea is linked
2002-06-09 02:16:18 +00:00
wiz 1fd7eeefcd "than" instead of "then". 2001-11-21 19:14:19 +00:00