Commits · d0595f170c225b918a980f49c5d16ec53545a6ad · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Mar 28, 2012

Initial revision of ECC extension handling. · d0595f17

Dr. Stephen Henson authored Mar 28, 2012

Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.

d0595f17

Mar 22, 2012
- fix leak · 751e26cb
  Dr. Stephen Henson authored Mar 22, 2012
  
  751e26cb
- Submitted by: Markus Friedl <mfriedl@gmail.com> · f404acfa
  Dr. Stephen Henson authored Mar 22, 2012
```
Fix memory leaks in 'goto err' cases.
```
  f404acfa
Mar 21, 2012
- use client version when deciding whether to send supported signature algorithms extension · 7744ef1a
  Dr. Stephen Henson authored Mar 21, 2012
  
  7744ef1a
Mar 19, 2012
- e_padlock-x86[_64].pl: better understanding of prefetch errata and proper · ed998634
  Andy Polyakov authored Mar 19, 2012
```
workaround.
```
  ed998634
- eng_all.c: revert previous "disable Padlock" commit, which was unjustified. · 884c580e
  Andy Polyakov authored Mar 19, 2012
  
  884c580e
Mar 18, 2012
- Always use SSLv23_{client,server}_method in s_client.c and s_server.c, · bbbe61c9
  Dr. Stephen Henson authored Mar 18, 2012
```
the old code came from SSLeay days before TLS was even supported.
```
  bbbe61c9
Mar 17, 2012
- vpaes-x86_64.pl: out-of-date Apple assembler fails to calculate · df27a351
  Andy Polyakov authored Mar 17, 2012
```
distance between local labels.
PR: 2762
```
  df27a351
Mar 16, 2012
- bsaes-x86_64.pl: optimize key conversion. · f9ef874a
  Andy Polyakov authored Mar 16, 2012
  
  f9ef874a
- bsaes-armv7.pl: optmize Sbox and key conversion. · 442c9f13
  Andy Polyakov authored Mar 16, 2012
  
  442c9f13
Mar 14, 2012
- oops, revert unrelated patches · 156421a2
  Dr. Stephen Henson authored Mar 14, 2012
  
  156421a2
- update FAQ, NEWS · 61ad8262
  Dr. Stephen Henson authored Mar 14, 2012
  
  61ad8262
Mar 13, 2012
- ghash-x86.pl: omit unreferenced rem_8bit from no-sse2 build. · 5c88dcca
  Andy Polyakov authored Mar 13, 2012
  
  5c88dcca
- ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER. · d2add2ef
  Andy Polyakov authored Mar 13, 2012
  
  d2add2ef
- x86_64-xlate.pl: remove old kludge. · b2ae61ec
  Andy Polyakov authored Mar 13, 2012
```
PR: 2435,2440
```
  b2ae61ec
Mar 12, 2012
- corrected fix to PR#2711 and also cover mime_param_cmp · 78dfd439
  Dr. Stephen Henson authored Mar 12, 2012
  
  78dfd439
- Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and · 146b52ed
  Dr. Stephen Henson authored Mar 12, 2012
```
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
```
  146b52ed
- update NEWS · 13747c6f
  Dr. Stephen Henson authored Mar 12, 2012
  
  13747c6f
Mar 11, 2012

PR: 2744 · 174b07be

Dr. Stephen Henson authored Mar 11, 2012

Submitted by: Dmitry Belyavsky <beldmit@gmail.com>

CMS support for ccgost engine

174b07be

Mar 09, 2012
- Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> · 15a40af2
  Dr. Stephen Henson authored Mar 09, 2012
```
Add more extension names in s_cb.c extension printing code.
```
  15a40af2
- PR: 2756 · ea6e3860
  Dr. Stephen Henson authored Mar 09, 2012
```
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
```
  ea6e3860
Mar 08, 2012
- check return value of BIO_write in PKCS7_decrypt · 34b61f5a
  Dr. Stephen Henson authored Mar 08, 2012
  
  34b61f5a
Mar 06, 2012

New ctrls to retrieve supported signature algorithms and curves and · e7f8ff43

Dr. Stephen Henson authored Mar 06, 2012

extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.

e7f8ff43

PR: 2755 · 62b6948a

Dr. Stephen Henson authored Mar 06, 2012

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.

62b6948a

PR: 2748 · 0fbf8b9c

Dr. Stephen Henson authored Mar 06, 2012

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.

0fbf8b9c

Mar 05, 2012
- don't do loop check for single self signed certificate · d895f7f0
  Dr. Stephen Henson authored Mar 05, 2012
  
  d895f7f0
Mar 03, 2012
- Configure: make no-whirlpool work. · ce0ed3b7
  Andy Polyakov authored Mar 03, 2012
  
  ce0ed3b7
- bsaes-armv7.pl: change preferred contact. · 358c372d
  Andy Polyakov authored Mar 03, 2012
  
  358c372d
- Add bit-sliced AES for ARM NEON. This initial version is effectively · c4a52a6d
  Andy Polyakov authored Mar 03, 2012
```
reference implementation, it does not interface to OpenSSL yet.
```
  c4a52a6d
Feb 29, 2012

PR: 2743 · 797a2a10

Dr. Stephen Henson authored Feb 29, 2012

Reported by: Dmitry Belyavsky <beldmit@gmail.com>

Fix memory leak if invalid GOST MAC key given.

797a2a10

PR: 2742 · 3c6a7cd4

Dr. Stephen Henson authored Feb 29, 2012

Reported by: Dmitry Belyavsky <beldmit@gmail.com>

If resigning with detached content in CMS just copy data across.

3c6a7cd4

Feb 28, 2012
- Fix memory leak cause by race condition when creating public keys. · dc4f678c
  Dr. Stephen Henson authored Feb 28, 2012
```
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
```
  dc4f678c
- x86cpuid.pl: fix processor capability detection on pre-586. · 0f2ece87
  Andy Polyakov authored Feb 28, 2012
  
  0f2ece87
Feb 27, 2012

PR: 2736 · 68a7b5ae

Dr. Stephen Henson authored Feb 27, 2012

Reported by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Preserve unused bits value in non-canonicalised ASN1_STRING structures
by using ASN1_STRING_copy which preseves flags.

68a7b5ae

PR: 2737 · 161c9b42

Dr. Stephen Henson authored Feb 27, 2012

Submitted by: Remi Gacogne <rgacogne-bugs@coredump.fr>

Fix double free in PKCS12_parse if we run out of memory.

161c9b42

PR: 2739 · 57cb030c

Dr. Stephen Henson authored Feb 27, 2012

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix padding bugs in Heartbeat support.

57cb030c

PR: 2735 · d441e6d8

Dr. Stephen Henson authored Feb 27, 2012

Make cryptodev digests work. Thanks to Nikos Mavrogiannopoulos for
this fix.

d441e6d8

free headers after use in error message · 228a8599
Dr. Stephen Henson authored Feb 27, 2012

228a8599
Detect symmetric crypto errors in PKCS7_decrypt. · d16bb406
Dr. Stephen Henson authored Feb 27, 2012
```
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
```
d16bb406

Feb 26, 2012

Configure: I remove adding of -D_XPG4_2 -D__EXTENSIONS__ in sctp builds for · f7ef20c5

Andy Polyakov authored Feb 26, 2012

following reasons:

- it's not the way to engage XPG4v2 mode, defining _XOPEN_SOURCE to
  value less than 500 is (see standards(5));
- we need to work out strategy to handle _XOPEN_SOURCE, current state
  when we define e.g. _XOPEN_SOURCE to 500 in some files is inappropriate;
- sctp implementation on Solaris is incomplete, in sense that bss_dgram.c
  doesn't compile, because not all structures are defined, so that
  enabling sctp doesn't work anyway;

f7ef20c5