Commits · 09da95542aa8367a5ac164ae78725c8a11849c56 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Sep 16, 2013

cbc128.c: fix strict aliasing warning. · 09da9554
Andy Polyakov authored Nov 05, 2012

09da9554
Sync CHANGES and NEWS files. · cc53b385
Bodo Moeller authored Sep 16, 2013

cc53b385

Fix overly lenient comparisons: · 0aeeae0c

Bodo Moeller authored Sep 16, 2013

    - EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope

(cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)

0aeeae0c

Sep 15, 2013
- crypto/armcap.c: fix typo in rdtsc subroutine. · 00c991f0
  Andy Polyakov authored Sep 15, 2013
```
PR: 3125
Submitted by: Kyle McMartin
(cherry picked from commit 8e52a906)
```
  00c991f0
Aug 20, 2013
- Correct ECDSA example. · 55856a7b
  Dr. Stephen Henson authored Aug 20, 2013
```
(cherry picked from commit 3a918ea2bbf4175d9461f81be1403d3781b2c0dc)
```
  55856a7b
Aug 13, 2013

DTLS message_sequence number wrong in rehandshake ServerHello · 83a3af9f

Michael Tuexen authored Aug 13, 2013

This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.
(cherry picked from commit b62f4daa)

83a3af9f

Aug 08, 2013

DTLS handshake fix. · 76bf0cf2

Michael Tuexen authored Aug 08, 2013

Reported by: Prashant Jaikumar <rmstar@gmail.com>

Fix handling of application data received before a handshake.
(cherry picked from commit 0c75eeac)

76bf0cf2

Aug 06, 2013

Fix verify loop with CRL checking. · 7cf0529b

Dr. Stephen Henson authored Jul 12, 2013

PR #3090
Reported by: Franck Youssef <fry@open.ch>

If no new reason codes are obtained after checking a CRL exit with an
error to avoid repeatedly checking the same CRL.

This will only happen if verify errors such as invalid CRL scope are
overridden in a callback.
(cherry picked from commit 4b26645c)

7cf0529b

Fix for PEM_X509_INFO_read_bio. · 6c03af13

Kaspar Brand authored Aug 06, 2013

PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.
(cherry picked from commit 5ae8d6bc)

6c03af13

Aug 03, 2013

crypto/evp/e_aes.c: fix logical pre-processor bug and formatting. · 5cd1aa4f

Andy Polyakov authored Aug 03, 2013

Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
(cherry picked from commit 044f63086051d7542fa9485a1432498c39c4d8fa)

5cd1aa4f

Jul 31, 2013
- crypto/sha/asm/sha1-x86_64.pl: comply with Win64 ABI. · 04b80f40
  Andy Polyakov authored Jul 31, 2013
  
  04b80f40
Jun 30, 2013
- config: fix executable format detection on latest FreeBSD. · 591c55a9
  Andy Polyakov authored Jun 30, 2013
```
Submitted by: Bryan Drewery
PR: 3075
(cherry picked from commit c256e69d)
```
  591c55a9
- PA-RISC assembler pack: switch to bve in 64-bit builds. · cd269386
  Andy Polyakov authored Jun 18, 2013
```
PR: 3074
(cherry picked from commit 02450ec6)
```
  cd269386
Jun 12, 2013
- Typo: don't call RAND_cleanup during app startup. · 25370e93
  Dr. Stephen Henson authored Jun 12, 2013
```
(cherry picked from commit 90e7f983)
```
  25370e93
May 30, 2013
- Don't use RC2 with PKCS#12 files in FIPS mode. · cdb6c484
  Dr. Stephen Henson authored May 30, 2013
  
  cdb6c484
May 05, 2013

Fix PSS signature printing. · 04b727b4

Dr. Stephen Henson authored May 05, 2013

Fix PSS signature printing: consistently use 0x prefix for hex values for
padding length and trailer fields.
(cherry picked from commit deb24ad53147f5a8dd63416224a5edd7bbc0e74a)

04b727b4

May 03, 2013
- Reencode with X509_CRL_ctx_sign too. · cbd93a06
  Dr. Stephen Henson authored May 03, 2013
```
(cherry picked from commit 96940f4f2d0300c033379a87db0ff19e598c6264)
```
  cbd93a06
May 02, 2013

Reencode certificates in X509_sign_ctx. · b9e84f00

Dr. Stephen Henson authored May 02, 2013

Reencode certificates in X509_sign_ctx as well as X509_sign.

This was causing a problem in the x509 application when it modified an
existing certificate.
(cherry picked from commit c6d8adb8)

b9e84f00

Apr 13, 2013

crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on ARMv7. · 29a54672

Andy Polyakov authored Apr 13, 2013

While ARMv7 in general is capable of unaligned access, not all instructions
actually are. And trouble is that compiler doesn't seem to differentiate
those capable and incapable of unaligned access. Side effect is that kernel
goes into endless loop retrying same instruction triggering unaligned trap.
Problem was observed in xts128.c and ccm128.c modules. It's possible to
resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT
be feels more appropriate.
(cherry picked from commit 3bdd8052)

29a54672

Apr 08, 2013
- Set s->d1 to NULL after freeing it. · 0e9dd387
  Dr. Stephen Henson authored Apr 08, 2013
```
(cherry picked from commit 04638f2f)
```
  0e9dd387
Mar 31, 2013
- Typo. · 79dabcc1
  Dr. Stephen Henson authored Mar 31, 2013
```
(cherry picked from commit 0ded2a06)
```
  79dabcc1
Mar 28, 2013
- Call RAND_cleanup in openssl application. · 944bc29f
  Dr. Stephen Henson authored Mar 28, 2013
  
  944bc29f
Mar 26, 2013

Make binary curve ASN.1 work in FIPS mode. · 03e1b3a1

Matt Caswell authored Mar 26, 2013

Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
(cherry picked from commit 94782e0e)

03e1b3a1

Mar 19, 2013

Disable compression for DTLS. · 9c95ff96

Dr. Stephen Henson authored Mar 19, 2013

The only standard compression method is stateful and is incompatible with
DTLS.
(cherry picked from commit e14b8410)

9c95ff96

Mar 18, 2013
- x86cpuid.pl: make it work with older CPUs. · 96b680f2
  Andy Polyakov authored Mar 04, 2013
```
PR: 3005
(cherry picked from commit 5702e965)
```
  96b680f2
- e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms. · 9ab3ce12
  Andy Polyakov authored Mar 18, 2013
```
PR: 3002
(cherry picked from commit 5c600465)
```
  9ab3ce12
- Avoid unnecessary fragmentation. · 3972dbe4
  Michael Tuexen authored Mar 18, 2013
```
(cherry picked from commit 80ccc66d)
```
  3972dbe4
- Encode INTEGER correctly. · 85615e33
  Dr. Stephen Henson authored Mar 18, 2013
```
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit 1643edc6)
```
  85615e33
- Merge branch 'OpenSSL_1_0_1-stable' of ../openssl into OpenSSL_1_0_1-stable · f4cfc344
  Dr. Stephen Henson authored Mar 18, 2013
  
  f4cfc344
- Typo. · 24f599af
  Dr. Stephen Henson authored Mar 18, 2013
```
(cherry picked from commit 1546fb78)
```
  24f599af
Mar 01, 2013
- x86_64-gf2m.pl: fix typo. · bca0d7fd
  Andy Polyakov authored Mar 01, 2013
```
(cherry picked from commit 342dbbbe)
```
  bca0d7fd
- x86_64-gf2m.pl: add missing Windows build fix for #2963. · bc4ae2cb
  Andy Polyakov authored Mar 01, 2013
```
PR: 3004
(cherry picked from commit 7c43601d)
```
  bc4ae2cb
Feb 16, 2013
- bn_nist.c: cumulative update from master. · ef4b9f00
  Andy Polyakov authored Feb 16, 2013
```
PR: 2981, 2837
```
  ef4b9f00
Feb 15, 2013

Fix POD errors to stop make install_docs dying with pod2man 2.5.0+ · 08f8933f

Nick Alcock authored Feb 15, 2013

podlators 2.5.0 has switched to dying on POD syntax errors. This means
that a bunch of long-standing erroneous POD in the openssl documentation
now leads to fatal errors from pod2man, halting installation.

Unfortunately POD constraints mean that you have to sort numeric lists
in ascending order if they start with 1: you cannot do 1, 0, 2 even if
you want 1 to appear first. I've reshuffled such (alas, I wish there
were a better way but I don't know of one).
(cherry picked from commit 5cc27077)

08f8933f

Feb 14, 2013
- cms-test.pl: make it work with not-so-latest perl. · 41958376
  Andy Polyakov authored May 16, 2011
```
(cherry picked from commit 9c437e2f)
```
  41958376
Feb 12, 2013

Check DTLS_BAD_VER for version number. · 9fe4603b

David Woodhouse authored Feb 12, 2013

The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.

PR:2984
(cherry picked from commit d980abb2)

9fe4603b

Feb 11, 2013
- Fix for SSL_get_certificate · 147dbb2f
  Dr. Stephen Henson authored Feb 11, 2013
```
Now we set the current certificate to the one used by a server
there is no need to call ssl_get_server_send_cert which will
fail if we haven't sent a certificate yet.
```
  147dbb2f
- Fix in ssltest is no-ssl2 configured · cbf9b4ae
  Dr. Stephen Henson authored Feb 11, 2013
  
  cbf9b4ae
- update CHANGES · 625a5532
  Dr. Stephen Henson authored Feb 11, 2013
  
  625a5532
- prepare for next version · 3151e328
  Dr. Stephen Henson authored Feb 11, 2013
  
  3151e328