Commits · 04296664e05ed98128e35d25c1e03e162703b912 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Feb 12, 2012

PR: 2713 · 04296664

Dr. Stephen Henson authored Feb 12, 2012

Submitted by: Tomas Mraz <tmraz@redhat.com>

Move libraries that are not needed for dynamic linking to Libs.private in
the .pc files

04296664

Feb 11, 2012

PR: 2717 · fc7dae52

Dr. Stephen Henson authored Feb 11, 2012

Submitted by: Tim Rice <tim@multitalents.net>

Make compilation work on OpenServer 5.0.7

fc7dae52

PR: 2716 · be81f4dd

Dr. Stephen Henson authored Feb 11, 2012

Submitted by: Adam Langley <agl@google.com>

Fix handling of exporter return value and use OpenSSL indentation in
s_client, s_server.

be81f4dd

PR: 2703 · e626c778

Dr. Stephen Henson authored Feb 11, 2012

Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Fix some memory and resource leaks in CAPI ENGINE.

e626c778

PR: 2705 · da2a5a79

Dr. Stephen Henson authored Feb 11, 2012

Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Only create ex_data indices once for CAPI engine.

da2a5a79

Submitted by: Eric Rescorla <ekr@rtfm.com> · 11eaec9a
Dr. Stephen Henson authored Feb 11, 2012
```
Further fixes for use_srtp extension.
```
11eaec9a
apps/s_cb.c: recognized latest TLS version. · cbc0b0ec
Andy Polyakov authored Feb 11, 2012

cbc0b0ec

Feb 10, 2012
- PR: 2704 · 1df80b65
  Dr. Stephen Henson authored Feb 10, 2012
```
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>

Fix srp extension.
```
  1df80b65
- PR: 2710 · 3770b988
  Dr. Stephen Henson authored Feb 10, 2012
```
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check return codes for load_certs_crls.
```
  3770b988
- PR: 2714 · 9641be2a
  Dr. Stephen Henson authored Feb 10, 2012
```
Submitted by: Tomas Mraz <tmraz@redhat.com>

Make no-srp work.
```
  9641be2a
- only cleanup ctx if we need to, save ctx flags when we do · f94cfe6a
  Dr. Stephen Henson authored Feb 10, 2012
  
  f94cfe6a
- add fips blocking overrides to command line utilities · 7951c269
  Dr. Stephen Henson authored Feb 10, 2012
  
  7951c269
- Submitted by: Eric Rescorla <ekr@rtfm.com> · 5997efca
  Dr. Stephen Henson authored Feb 10, 2012
```
Fix encoding of use_srtp extension to be compliant with RFC5764
```
  5997efca
Feb 09, 2012
- oops, revert unrelated changes · 57559471
  Dr. Stephen Henson authored Feb 09, 2012
  
  57559471
- Modify client hello version when renegotiating to enhance interop with · f4e11693
  Dr. Stephen Henson authored Feb 09, 2012
```
some servers.
```
  f4e11693
Feb 02, 2012
- typo · febec8ff
  Dr. Stephen Henson authored Feb 02, 2012
  
  febec8ff
- bn_nist.c: make new optimized code dependent on BN_LLONG. · 0208ab2e
  Andy Polyakov authored Feb 02, 2012
  
  0208ab2e
- hpux-parisc2-*: engage assembler. · faed798c
  Andy Polyakov authored Feb 02, 2012
  
  faed798c
Jan 31, 2012

Add support for distinct certificate chains per key type and per SSL · f71c6e52

Dr. Stephen Henson authored Jan 31, 2012

structure.

Before this the only way to add a custom chain was in the parent SSL_CTX
(which is shared by all key types and SSL structures) or rely on auto
chain building (which is performed on each handshake) from the trust store.

f71c6e52

Jan 27, 2012
- code tidy · 9ade64de
  Dr. Stephen Henson authored Jan 27, 2012
  
  9ade64de
Jan 26, 2012
- Revise ssl code to use a CERT_PKEY structure when outputting a · c526ed41
  Dr. Stephen Henson authored Jan 26, 2012
```
certificate chain instead of an X509 structure.

This makes it easier to enhance code in future and the chain
output functions have access to the CERT_PKEY structure being
used.
```
  c526ed41
- Tidy/enhance certificate chain output code. · 4379d0e4
  Dr. Stephen Henson authored Jan 26, 2012
```
New function ssl_add_cert_chain which adds a certificate chain to
SSL internal BUF_MEM. Use this function in ssl3_output_cert_chain
and dtls1_output_cert_chain instead of partly duplicating code.
```
  4379d0e4
- allow key agreement for SSL/TLS certificates · 7568d15a
  Dr. Stephen Henson authored Jan 26, 2012
  
  7568d15a
- initialise dh_clnt · 08e4ea48
  Dr. Stephen Henson authored Jan 26, 2012
  
  08e4ea48
Jan 25, 2012
- ghash-x86.pl: engage original MMX version in no-sse2 builds. · 98909c1d
  Andy Polyakov authored Jan 25, 2012
  
  98909c1d
- add example for DH certificate generation · ccd395cb
  Dr. Stephen Henson authored Jan 25, 2012
  
  ccd395cb
- add support for use of fixed DH client certificates · 0d609395
  Dr. Stephen Henson authored Jan 25, 2012
  
  0d609395
Jan 22, 2012
- oops revert debug change · 2ff5ac55
  Dr. Stephen Henson authored Jan 22, 2012
  
  2ff5ac55
- return error if md is NULL · 1db5f356
  Dr. Stephen Henson authored Jan 22, 2012
  
  1db5f356
Jan 21, 2012
- x86_64-xlate.pl: proper solution for RT#2620. · e6903980
  Andy Polyakov authored Jan 21, 2012
  
  e6903980
Jan 18, 2012

Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. · 855d2918

Dr. Stephen Henson authored Jan 18, 2012

Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)

855d2918

Jan 17, 2012
- fix CHANGES entry · ac07bc86
  Dr. Stephen Henson authored Jan 17, 2012
  
  ac07bc86
Jan 16, 2012

Support for fixed DH ciphersuites. · 8e1dc4d7

Dr. Stephen Henson authored Jan 16, 2012

The cipher definitions of these ciphersuites have been around since SSLeay
but were always disabled. Now OpenSSL supports DH certificates they can be
finally enabled.

Various additional changes were needed to make them work properly: many
unused fixed DH sections of code were untested.

8e1dc4d7

Jan 15, 2012
- cryptlib.c: sscanf warning. · a985410d
  Andy Polyakov authored Jan 15, 2012
  
  a985410d
- Fix OPNESSL vs. OPENSSL typos. · 0ecedec8
  Andy Polyakov authored Jan 15, 2012
```
PR: 2613
Submitted by: Leena Heino
```
  0ecedec8
- fix warning · 9bd20155
  Dr. Stephen Henson authored Jan 15, 2012
  
  9bd20155
Jan 14, 2012
- cryptlib.c: make even non-Windows builds "strtoull-agnostic". · 5d13669a
  Andy Polyakov authored Jan 14, 2012
  
  5d13669a
Jan 13, 2012
- sha512-sparcv9.pl: work around V8+ warning. · adb5a269
  Andy Polyakov authored Jan 13, 2012
  
  adb5a269
- aes-ppc.pl, sha512-ppc.pl: comply even with Embedded ABI specification · 23b93b58
  Andy Polyakov authored Jan 13, 2012
```
(most restrictive about r2 and r13 usage).
```
  23b93b58
Jan 12, 2012
- Sanitize usage of <ctype.h> functions. It's important that characters · a50bce82
  Andy Polyakov authored Jan 12, 2012
```
are passed zero-extended, not sign-extended.
PR: 2682
```
  a50bce82