Commits · 0d609395158f3dfc0e30c1d687294f75263c532c · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jan 25, 2012
- add support for use of fixed DH client certificates · 0d609395
  Dr. Stephen Henson authored Jan 25, 2012
  
  0d609395
Jan 22, 2012
- oops revert debug change · 2ff5ac55
  Dr. Stephen Henson authored Jan 22, 2012
  
  2ff5ac55
- return error if md is NULL · 1db5f356
  Dr. Stephen Henson authored Jan 22, 2012
  
  1db5f356
Jan 21, 2012
- x86_64-xlate.pl: proper solution for RT#2620. · e6903980
  Andy Polyakov authored Jan 21, 2012
  
  e6903980
Jan 18, 2012

Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. · 855d2918

Dr. Stephen Henson authored Jan 18, 2012

Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)

855d2918

Jan 17, 2012
- fix CHANGES entry · ac07bc86
  Dr. Stephen Henson authored Jan 17, 2012
  
  ac07bc86
Jan 16, 2012

Support for fixed DH ciphersuites. · 8e1dc4d7

Dr. Stephen Henson authored Jan 16, 2012

The cipher definitions of these ciphersuites have been around since SSLeay
but were always disabled. Now OpenSSL supports DH certificates they can be
finally enabled.

Various additional changes were needed to make them work properly: many
unused fixed DH sections of code were untested.

8e1dc4d7

Jan 15, 2012
- cryptlib.c: sscanf warning. · a985410d
  Andy Polyakov authored Jan 15, 2012
  
  a985410d
- Fix OPNESSL vs. OPENSSL typos. · 0ecedec8
  Andy Polyakov authored Jan 15, 2012
```
PR: 2613
Submitted by: Leena Heino
```
  0ecedec8
- fix warning · 9bd20155
  Dr. Stephen Henson authored Jan 15, 2012
  
  9bd20155
Jan 14, 2012
- cryptlib.c: make even non-Windows builds "strtoull-agnostic". · 5d13669a
  Andy Polyakov authored Jan 14, 2012
  
  5d13669a
Jan 13, 2012
- sha512-sparcv9.pl: work around V8+ warning. · adb5a269
  Andy Polyakov authored Jan 13, 2012
  
  adb5a269
- aes-ppc.pl, sha512-ppc.pl: comply even with Embedded ABI specification · 23b93b58
  Andy Polyakov authored Jan 13, 2012
```
(most restrictive about r2 and r13 usage).
```
  23b93b58
Jan 12, 2012
- Sanitize usage of <ctype.h> functions. It's important that characters · a50bce82
  Andy Polyakov authored Jan 12, 2012
```
are passed zero-extended, not sign-extended.
PR: 2682
```
  a50bce82
- ec_pmeth.c: fix typo in commentary. · 713f4911
  Andy Polyakov authored Jan 12, 2012
```
PR: 2677
Submitted by: Annue Yousar
```
  713f4911
Jan 11, 2012
- doc/apps: formatting fixes. · 677741f8
  Andy Polyakov authored Jan 11, 2012
```
PR: 2683
Submitted by: Annie Yousar
```
  677741f8
- speed.c: typo in pkey_print_message. · 5beb93e1
  Andy Polyakov authored Jan 11, 2012
```
PR: 2681
Submitted by: Annie Yousar
```
  5beb93e1
- ecdsa.pod: typo. · 62d7dd5f
  Andy Polyakov authored Jan 11, 2012
```
PR: 2678
Submitted by: Annie Yousar
```
  62d7dd5f
- asn1/t_x509.c: fix serial number print, harmonize with a_int.c. · 6e913f99
  Andy Polyakov authored Jan 11, 2012
```
PR: 2675
Submitted by: Annie Yousar
```
  6e913f99
- aes-sparcv9.pl: clean up regexp · e255024b
  Andy Polyakov authored Jan 11, 2012
```
PR: 2685
```
  e255024b
Jan 10, 2012
- fix warning (revert original patch) · 8fa397a6
  Dr. Stephen Henson authored Jan 10, 2012
  
  8fa397a6
Jan 06, 2012
- cmac.c: optimize make_kn and move zero_iv to const segment. · 03cf7e78
  Andy Polyakov authored Jan 06, 2012
  
  03cf7e78
- bn_nist.c: harmonize buf in BN_nist_mod_256 with other mod functions. · ce0727f9
  Andy Polyakov authored Jan 06, 2012
  
  ce0727f9
Jan 05, 2012
- Update for 0.9.8s and 1.0.0f, and for 1.0.1 branch. · 8e855452
  Bodo Möller authored Jan 05, 2012
```
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in HEAD, the actual code is here already.)
```
  8e855452
- Fix usage indentation · 6620bf34
  Bodo Möller authored Jan 05, 2012
  
  6620bf34
- Fix for builds without DTLS support. · 7bb1cc95
  Bodo Möller authored Jan 05, 2012
```
Submitted by: Brian Carlstrom
```
  7bb1cc95
- PR: 2671 · 59e68615
  Dr. Stephen Henson authored Jan 05, 2012
```
Submitted by: steve

Update maximum message size for certifiate verify messages to support
4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.
```
  59e68615
- Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> · 192540b5
  Dr. Stephen Henson authored Jan 05, 2012
```
Reviewed by: steve

Send fatal alert if heartbeat extension has an illegal value.
```
  192540b5
- disable heartbeats if tlsext disabled · e2ca32fc
  Dr. Stephen Henson authored Jan 05, 2012
  
  e2ca32fc
Jan 04, 2012
- update CHANGES · 4d0bafb4
  Dr. Stephen Henson authored Jan 04, 2012
  
  4d0bafb4
- Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> · e7455724
  Dr. Stephen Henson authored Jan 04, 2012
```
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
```
  e7455724
- Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) · 27dfffd5
  Dr. Stephen Henson authored Jan 04, 2012
  
  27dfffd5
- Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) · d0dc991c
  Dr. Stephen Henson authored Jan 04, 2012
  
  d0dc991c
- fix CHANGES · 2ec0497f
  Dr. Stephen Henson authored Jan 04, 2012
  
  2ec0497f
- Check GOST parameters are not NULL (CVE-2012-0027) · 6bf896d9
  Dr. Stephen Henson authored Jan 04, 2012
  
  6bf896d9
- Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) · be71c372
  Dr. Stephen Henson authored Jan 04, 2012
  
  be71c372
- update FAQ · 00155723
  Dr. Stephen Henson authored Jan 04, 2012
  
  00155723
- fix warnings · 6074fb09
  Dr. Stephen Henson authored Jan 04, 2012
  
  6074fb09
- Submitted by: Adam Langley <agl@chromium.org> · 25536ea6
  Dr. Stephen Henson authored Jan 04, 2012
```
Reviewed by: steve

Fix memory leaks.
```
  25536ea6
Jan 03, 2012
- oops, revert wrong patch · b3720c34
  Dr. Stephen Henson authored Jan 03, 2012
  
  b3720c34