drochner
5e420ba772
restore behaviour before the 0.9.7d import: fall back to /dev/urandom
...
if ~/.rnd is not present.
(This code is with #ifdef __OpenBSD__ in openssl now; this change just
generalizes it.)
(approved by tls)
2004-06-21 15:14:16 +00:00
groo
4b32eb44a7
Resolve conflicts. In particular, prefer OpenSSL's BIO_strl* and
...
BIO_strncpy over ours.
2004-03-20 04:32:34 +00:00
groo
5a374ad0ce
Import OpenSSL 0.9.7d to address:
...
1. Null-pointer assignment during SSL handshake
2. Out-of-bounds read affects Kerberos ciphersuites
2004-03-20 04:22:06 +00:00
groo
0684427439
Import OpenSSL 0.9.7d to address:
...
1. Null-pointer assignment during SSL handshake
2. Out-of-bounds read affects Kerberos ciphersuites
2004-03-20 04:22:04 +00:00
jonathan
dedf78268d
Patch OpenSSL to use opencrypto (aka /dev/crypto), if configured and
...
(per kernel policy) for crypto transforms for which hardware
acceleration is available. Affects:
crypto/dist/openssl/crypto/engine/eng_all.c
crypto/dist/openssl/crypto/engine/hw_cryptodev.c
crypto/dist/openssl/crypto/evp/c_all.c
as posted to tech-crypto for review/comment on 2003-08-21.
2003-11-20 00:55:51 +00:00
itojun
aec01dda91
sync w/ openssl 0.9.7c. shlib minor bump for libcrypto.
...
(ERR_release_err_state_table() added)
2003-11-04 23:54:26 +00:00
itojun
385718bc5c
more unifdef
2003-11-04 23:45:56 +00:00
itojun
6b4e6697c9
openssl 0.9.7c. security changes are already in place
2003-11-04 23:25:09 +00:00
thorpej
1244cc6c62
Fix NULL vs 0 mixup.
2003-10-25 20:48:10 +00:00
itojun
b3cd345741
more fixes from 0.9.7c, from openbsd
2003-10-02 02:26:17 +00:00
itojun
ae91503b5d
from openbsd:
...
Correct some off-by-ones. They currently don't matter, but this
is for future safety and consistency.
OK krw@, markus@
2003-10-02 02:25:05 +00:00
christos
0a7cc0d7d1
Apply security fix: http://www.openssl.org/news/secadv_20030930.txt
...
Changelog from: http://cvs.openssl.org/chngview?cn=11471
2003-09-30 15:59:53 +00:00
itojun
34439bf0c9
off-by-one. from openbsd
2003-09-22 22:12:05 +00:00
itojun
ca14877c77
reject rc5/idea/mdc2 commands if OPENSSL_NO_xx is specified
2003-08-27 21:05:02 +00:00
itojun
eb24db53ab
style; total size of buf is (num + 3)
2003-08-13 01:29:41 +00:00
simonb
658a8c458e
Fix bad use of "sizeof(pointer)" where the length of a buffer was the
...
intention. Fixes problems with least ssh's known_hosts file and factor.
Patch from Berndt Josef Wulf's PR lib/22347.
2003-08-12 03:25:24 +00:00
itojun
5de5abdd3d
consistently use new DES API, re-enable des regression test
2003-07-31 08:53:58 +00:00
itojun
805c102737
fix compilation on sparc64. reported by Juergen Hannken-Illjes
2003-07-25 09:06:02 +00:00
itojun
e8876f361f
avoid "unsigned u_int32_t"
2003-07-25 02:02:43 +00:00
itojun
f4401cd869
upgrade openssl to 0.9.7b. (AES is now supported)
...
alter des.h to be friendly with openssl/des.h (you can include both in the
same file)
make libkrb to depend on libdes. bump major.
massage various portioin of heimdal to be friendly with openssl 0.9.7b.
2003-07-24 14:16:30 +00:00
itojun
2836295a36
OpenSSL 0.9.7b, major API changes included
2003-07-24 08:25:41 +00:00
itojun
0f3017142e
use snprintf (actually, "addr" can be supplied from outside, and if "addr"
...
points to shorter-than-24 buffer we will overrun buffer. bad API)
2003-07-24 04:41:13 +00:00
itojun
46471dc1e9
cast for signed/unsigned mixup
2003-07-14 18:27:48 +00:00
itojun
1bffbcd4a1
correct ^@ incorrectly committed
2003-07-14 18:26:05 +00:00
itojun
a157f97782
unifdef VMS/WIN16/WIN32 in public headers, at least
2003-07-14 14:06:14 +00:00
itojun
c187ba994b
use bounded string op (only one sprintf remains - still no clue)
2003-07-14 13:24:00 +00:00
itojun
a395b35ba2
delint
2003-07-14 13:07:05 +00:00
itojun
848c8ac0ef
use bounded string ops (especially libraries)
2003-07-14 13:05:19 +00:00
mycroft
6012957147
Don't build crypt() on NetBSD either.
2003-04-02 20:28:00 +00:00
itojun
359e4b88f5
OpenSSL Security Advisory [19 March 2003]
...
Klima-Pokorny-Rosa attack on RSA in SSL/TLS
2003-03-19 23:06:33 +00:00
itojun
9e2d007f93
enable RSA blinding by defualt. from bugtraq posting <3E758B85.6090300@algroup.co.uk>
2003-03-17 14:33:50 +00:00
wiz
658b9c6d28
In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
...
via timing by performing a MAC computation even if incorrect
block cipher padding has been found. This is a countermeasure
against active attacks where the attacker has to distinguish
between bad padding and a MAC verification error. (CAN-2003-0078)
2003-02-20 07:39:17 +00:00
itojun
2b9b8f5bd3
reduce #ifdef related to OPENSSLDIR - we want it be static
2002-09-01 11:38:34 +00:00
itojun
50d422c24f
e_os.h is not part of exported openssl interface, so don't install it into
...
/usr/include/openssl (e_os.h has an explicit comment about it). it obviously
is a bug in openssl 0.9.6 Makefile.
based on openssl 0.9.7 snapshot.
2002-08-31 10:46:36 +00:00
itojun
f613969b8a
somehow main trunk was not in sync with 0.9.6f for this file. noted by havard.
2002-08-28 23:10:30 +00:00
itojun
1146a80999
more NO_xx cleanup. can't catch these by openssl-unifdef.pl
2002-08-17 21:41:59 +00:00
itojun
08597903ce
sync with 0.9.6g
2002-08-09 15:58:46 +00:00
itojun
5eb341dcb6
openssl 0.9.6g, build framework fixes
2002-08-09 15:45:08 +00:00
itojun
182c0b6e08
sync with 0.9.6f. prevents DoS attack and regen of manpages.
2002-08-08 23:47:34 +00:00
itojun
f5e63fe4c2
openssl 0.9.6f, with security fixes
2002-08-08 23:14:54 +00:00
itojun
e8859ea868
remove files mistakenly shipped with openssl 0.9.6e.
...
(it won't affect the build)
2002-08-05 11:21:29 +00:00
itojun
85c4496982
http://marc.theaimsgroup.com/?l=openssl-cvs&m=102831422608153&w=2
...
*) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
and get fix the header length calculation.
[Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
Alon Kantor <alonk@checkpoint.com> (and others),
Steve Henson]
(critical)
2002-08-03 12:56:23 +00:00
itojun
e7f66af2b2
fix incorrect overrun check.
...
http://marc.theaimsgroup.com/?l=openssl-cvs&m=102831516309127&w=2
(thank todd!)
2002-08-02 23:09:03 +00:00
itojun
ef920a0913
sync with 0.9.6e.
2002-07-31 01:29:37 +00:00
itojun
25e766824a
OpenSSL 0.9.6e. includes major security fixes (already applied)
2002-07-30 23:57:34 +00:00
itojun
e9316c8858
apply patch supplied with OpenSSL Security Advisory [30 July 2002]
...
advisory 1: four potentially remotely-exploitable vulnerability in
SSL2/SSL3 code
advisory 2: ASN1 parser vulnerability (all SSL/TLS apps affected)
2002-07-30 12:55:08 +00:00
itojun
7c75b5ec2f
sync with 0.9.6d. shlib minor for libssl and libcrypto
...
is cranked for additional functions.
2002-06-09 16:12:52 +00:00
itojun
7720435b28
openssl 0.9.6d
2002-06-09 15:21:32 +00:00
itojun
f0231f96aa
do not propose IDEA cipher on SSL connection, as our default installation
...
does not handle IDEA.
TODO: dynamically enable IDEA if libcrypto_idea is linked
2002-06-09 02:16:18 +00:00
wiz
1fd7eeefcd
"than" instead of "then".
2001-11-21 19:14:19 +00:00