aboutsummaryrefslogtreecommitdiff
path: root/security/openssl-beta/distinfo
Commit message (Collapse)AuthorAgeFilesLines
* - turn this into a slave portDirk Meyer2004-03-261-2/+0
| | | | Notes: svn path=/head/; revision=105370
* - Security update to 0.9.7dDirk Meyer2004-03-171-2/+2
| | | | | | | http://www.openssl.org/news/secadv_20040317.txt Notes: svn path=/head/; revision=104290
* - add SIZEDirk Meyer2004-02-261-0/+1
| | | | Notes: svn path=/head/; revision=102162
* - Security Fix, Update to 0.9.7cDirk Meyer2003-09-301-1/+1
| | | | | | | - Fix manpages Notes: svn path=/head/; revision=89911
* - Update to 0.9.7bDirk Meyer2003-04-111-1/+1
| | | | Notes: svn path=/head/; revision=78755
* - merged some patches in distributionDirk Meyer2003-02-191-1/+1
| | | | | | | | | - added thread support on alpha, sparc64 - Update to 0.9.7a (with security fix) - Add support for daily snaphots with OPENSSL_SNAPSHOT=yes Notes: svn path=/head/; revision=75910
* Update to 0.9.7 releaseDirk Meyer2003-01-021-1/+1
| | | | Notes: svn path=/head/; revision=72234
* - Update to 0.9.7-beta5Dirk Meyer2003-01-021-1/+1
| | | | | | | | | - add test target - make build on sparc64 - fix a make problem in crypto/bf Notes: svn path=/head/; revision=72142
* Update to openssl-0.9.7-beta3 after repro-copy, use at own risk.Dirk Meyer2002-08-141-1/+1
| | | | Notes: svn path=/head/; revision=64516
* Security Update to: 0.9.6gDirk Meyer2002-08-101-1/+1
| | | | Notes: svn path=/head/; revision=64320
* Security Update to 0.9.6eDirk Meyer2002-07-301-1/+1
| | | | Notes: svn path=/head/; revision=63747
* Update to: 0.9.6dDirk Meyer2002-05-131-1/+1
| | | | | | | | | | | | | | See: http://www.openssl.org/source/exp/CHANGES Port improvements: proccessor type is now detected Add option: OPENSSL_WITH_386 This set as default for package generation on bento Notes: svn path=/head/; revision=59026
* - Update to 0.9.6cDirk Meyer2002-04-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - more manpages - shift FORBIDDEN Excerpt of Changes between 0.9.6b and 0.9.6c [21 dec 2001] *) Fix BN_rand_range bug pointed out by Dominikus Scherkl *) Only add signing time to PKCS7 structures if it is not already present. *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", OBJ_ld_ce should be OBJ_id_ce. Also some ip-pda OIDs in crypto/objects/objects.txt were incorrect (cf. RFC 3039). *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() returns early because it has nothing to do. *) Fix mutex callback return values in crypto/engine/hw_ncipher.c. *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake messages are stored in a single piece (fixed-length part and variable-length part combined) and fix various bugs found on the way. *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() instead. BIO_gethostbyname() does not know what timeouts are appropriate, so entries would stay in cache even when they have become invalid. *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when faced with a pathologically small ClientHello fragment that does not contain client_version: Instead of aborting with an error, simply choose the highest available protocol version (i.e., TLS 1.0 unless it is disabled). *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() never resets s->method to s->ctx->method when called from within one of the SSL handshake functions. *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert (sent using the client's version number) if client_version is smaller than the protocol version in use. Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the client will at least see that alert. *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation correctly. *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a client receives HelloRequest while in a handshake. *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C should end in 'break', not 'goto end' which circuments various cleanups done in state SSL_ST_OK. But session related stuff must be disabled for SSL_ST_OK in the case that we just sent a HelloRequest. Also avoid some overhead by not calling ssl_init_wbio_buffer() before just sending a HelloRequest. *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't reveal whether illegal block cipher padding was found or a MAC verification error occured. (Neither SSLerr() codes nor alerts are directly visible to potential attackers, but the information may leak via logfiles.) ssl/s2_pkt.c failed to verify that the purported number of padding bytes is in the legal range. *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid 'wristwatch attack' using huge encoding parameters (cf. James H. Manger's CRYPTO 2001 paper). Note that the RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use encoding parameters and hence was not vulnerable. *) BN_sqr() bug fix. *) Rabin-Miller test analyses assume uniformly distributed witnesses, so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() followed by modular reduction. *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range() equivalent based on BN_pseudo_rand() instead of BN_rand(). *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB). This function was broken, as the check for a new client hello message to handle SGC did not allow these large messages. *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl() for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>). *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() with the same message size as in ssl3_get_certificate_request(). Otherwise, if no ServerKeyExchange message occurs, CertificateRequest messages might inadvertently be reject as too long. *) Modified SSL library such that the verify_callback that has been set specificly for an SSL object with SSL_set_verify() is actually being used. Before the change, a verify_callback set with this function was ignored and the verify_callback() set in the SSL_CTX at the time of the call was used. New function X509_STORE_CTX_set_verify_cb() introduced to allow the necessary settings. *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored dh->length and always used BN_rand_range(priv_key, dh->p). So switch back to BN_rand(priv_key, l, ...) where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1 otherwise. *) In RSA_eay_public_encrypt, RSA_eay_private_decrypt, RSA_eay_private_encrypt RSA_eay_public_decrypt always reject numbers >= n. *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2 to synchronize access to 'locking_thread'. *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID *before* setting the 'crypto_lock_rand' flag. The previous code had a race condition if 0 is a valid thread ID. Notes: svn path=/head/; revision=57949
* Upgrade openssl to 0.9.6b.OKAZAKI Tetsurou2001-07-201-1/+1
| | | | Notes: svn path=/head/; revision=45285
* Upgrade openssl to 0.9.6a and bump the shlib version in the processDoug Barton2001-05-231-1/+1
| | | | | | | | | | | | | due to non-backwards compatible changes. The shlib bump necessitates a corresponding bump in bsd.port.mk for the automagic openssl dependency. Mistakes in the port are my responsibility. Approval for the bsd.port.mk commit comes through asami -> kkenn -> me. Kris is a little busy at the moment, so he asked me to lob it in. Approved by: kris Notes: svn path=/head/; revision=42951
* Upgrade to 0.9.5a.Dirk Froemberg2000-04-161-1/+1
| | | | Notes: svn path=/head/; revision=27653
* Upgrade to 0.9.4.Dirk Froemberg1999-08-091-1/+1
| | | | Notes: svn path=/head/; revision=20633
* Upgrade to 0.9.3a.Dirk Froemberg1999-06-061-1/+1
| | | | Notes: svn path=/head/; revision=19224
* Upgrade to OpenSSL 0.9.3:Dirk Froemberg1999-06-021-2/+1
| | | | | | | | - some changes of the directory layout: e. g. ${PREFIX}/lib/openssl.cnf -> ${PREFIX}/openssl/openssl.cnf Notes: svn path=/head/; revision=19177
* openssl-0.9.2b-rsaoaep.patch supersedes patch-aj.Dirk Froemberg1999-04-131-0/+1
| | | | | | | Obtained from: http://www.openssl.org/ Notes: svn path=/head/; revision=17855
* Upgrade to 0.9.2b.Dirk Froemberg1999-03-261-2/+1
| | | | | | | | | | | | | | | | | | | | | | According to the OpenSSL-core-team you are strongly encouraged to upgrade any old version. The new version has a lot of bug fixes. - ${PREFIX}/bin/ssleay was renamed to ${PREFIX}/bin/openssl and ${PREFIX}/etc/ssleay.cnf to ${PREFIX}/lib/openssl.cnf - there are no links from e. g. ${PREFIX}/bin/md5 to ${PREFIX}/bin/ssleay any longer, instead you have to call "openssl md5" now - replaced HAS_CONFIGURE, CONFIGURE_SCRIPT and CONFIGURE_ENV with a do-configure target and changed the indention level - some perl scripts need perl5 now, so set USE_PERL5 and replace perl with ${PERL5} where neccessary. - honour ${CFLAGS} Notes: svn path=/head/; revision=17395
* Set ONLY_FOR_ARCHS to i386.Dirk Froemberg1999-03-061-0/+1
| | | | | | | | | | | | | | | | Apply openssl-0.9.1c-bnrec.patch via PATCHFILES: "DESCRIPTION: The Big Number (BN) library in OpenSSL 0.9.1c has some problems when dealing with very large numbers. Because mostly all other OpenSSL sub-libraries (including the RSA library) are based on BN, this can cause failures when doing certificate verification and performing other SSL functions. These BN bugs are already fixed for OpenSSL 0.9.2. But for OpenSSL 0.9.1c the easiest workaround to fix the subtle problems is to apply the above patch which mainly disables the broken Montgomery multiplication algorithm inside BN." Notes: svn path=/head/; revision=17012
* Bring this port up to openssl-0.9.1c after a repository copy from SSLeay.Dirk Froemberg1999-01-091-1/+1
| | | | | | | | | | | | | | | | | OpenSSL is a successor of SSLeay (see http://www.openssl.org/). This port uses almost the same files as SSLeay. So they can't be installed both. - make the port ${PREFIX} clean - reorganize PLIST (list links as normal files, which makes the PLIST shorter and easier to maintain) - reference ${PREFIX}/etc/ssleay.cnf only (there was a reference to ${PREFIX}/lib/ssleay.cnf somewhere) - some other minor portlint changes Notes: svn path=/head/; revision=15945
* Upgrade to version 0.9.0bMark Murray1998-08-271-1/+1
| | | | Notes: svn path=/head/; revision=12885
* update original distribution (0.8.1 -> 0.8.1b).Jun-ichiro itojun Hagino1998-07-061-1/+1
| | | | | | | 0.8.1 is no longer available due to PKCS#1 security hole. Notes: svn path=/head/; revision=11752
* Update to v 0.8.1. New algorithms (Blowfish &c) added. SSLv3 added.Mark Murray1997-08-151-1/+1
| | | | | | | Thanks to: Richard Seaman <Dick@tar.com> Notes: svn path=/head/; revision=7588
* Upgrade to 0.6.6Mark Murray1997-01-131-1/+1
| | | | Notes: svn path=/head/; revision=5342
* @#$%!! Forgot the MD5 checksum.Mark Murray1996-12-121-1/+1
| | | | | | | Found before: Anyone Else Notes: svn path=/head/; revision=4961
* Update to 0.6.4Mark Murray1996-09-241-1/+1
| | | | | | | Submitted by:Jeremy Prior <jez@netcraft.co.uk> (sorry I took so long!) Notes: svn path=/head/; revision=3861
* Move to version 0.6.3Mark Murray1996-08-101-1/+1
| | | | Notes: svn path=/head/; revision=3575
* SSLeay version 0.6.2.Mark Murray1996-07-291-1/+1
| | | | | | | | | | | This implementation has been built with Our ((actually its own but in our source tree) DES library and our MD{45}. You will need to link your SSL code with -ldes and -lmd. Are you happy now, Torsten? ;-) Notes: svn path=/head/; revision=3448
* At long last! This is Eric Young's SSL library. The DES routinesMark Murray1996-03-031-0/+1
are not part of this build as they are part of mainstram FreeBSD. Please will a certificates expert check out the certificates location. Notes: svn path=/head/; revision=2768
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-28 23:11:08 +0000