Commits · 13f6d57b1ef964f2b9cbd8f68783884caef0e5cb · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

08 Dec, 2009 2 commits

Add support for magic cipher suite value (MCSV). Make secure renegotiation · 13f6d57b

Dr. Stephen Henson authored Dec 08, 2009

work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.

13f6d57b

PR: 2121 · 8025e251

Dr. Stephen Henson authored Dec 08, 2009

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.

8025e251

07 Dec, 2009 1 commit
- Initial experimental TLSv1.1 support · 637f374a
  Dr. Stephen Henson authored Dec 07, 2009
  
  637f374a
02 Dec, 2009 5 commits
- PR: 2111 · 7e4cae1d
  Dr. Stephen Henson authored Dec 02, 2009
```
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
```
  7e4cae1d
- Update CHANGES. · 9d953025
  Dr. Stephen Henson authored Dec 02, 2009
  
  9d953025
- Replace the broken SPKAC certification with the correct version. · 3533ab1f
  Dr. Stephen Henson authored Dec 02, 2009
  
  3533ab1f
- Check it actually compiles this time ;-) · ec7d16ff
  Dr. Stephen Henson authored Dec 02, 2009
  
  ec7d16ff
- PR: 2120 · 5656f33c
  Dr. Stephen Henson authored Dec 02, 2009
```
Submitted by: steve@openssl.org

Initialize fields correctly if pem_str or info are NULL in  EVP_PKEY_asn1_new().
```
  5656f33c
01 Dec, 2009 4 commits

Ooops... · 7f354fa4
Dr. Stephen Henson authored Dec 01, 2009

7f354fa4
check DSA_sign() return value properly · 6732e142
Dr. Stephen Henson authored Dec 01, 2009

6732e142

PR: 2115 · 49968440

Dr. Stephen Henson authored Dec 01, 2009

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.

49968440

PR: 1432 · 606c46fb

Dr. Stephen Henson authored Dec 01, 2009

Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org

Truncate hash if it is too large: as required by FIPS 186-3.

606c46fb

30 Nov, 2009 1 commit

PR: 2118 · fed8dbf4

Dr. Stephen Henson authored Nov 30, 2009

Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org

Check return value of ECDSA_sign() properly.

fed8dbf4

29 Nov, 2009 1 commit
- typo · c2f0203d
  Dr. Stephen Henson authored Nov 29, 2009
  
  c2f0203d
26 Nov, 2009 3 commits
- bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER. · b6bf9e2e
  Andy Polyakov authored Nov 26, 2009
```
PR: 2110
```
  b6bf9e2e
- Experimental CMS password based recipient Info support. · d2a53c22
  Dr. Stephen Henson authored Nov 26, 2009
  
  d2a53c22
- Make CHANGES in CVS head consistent with the CHANGES files in the · 480af99e
  Bodo Möller authored Nov 26, 2009
```
branches.

This means that http://www.openssl.org/news/changelog.html will
finally describe 0.9.8l.
```
  480af99e
25 Nov, 2009 3 commits
- Add OID for PWRI KEK algorithm. · f2334630
  Dr. Stephen Henson authored Nov 25, 2009
  
  f2334630
- Add PBKFD2 prototype. · 007f7ec1
  Dr. Stephen Henson authored Nov 25, 2009
  
  007f7ec1
- Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat · 3d63b396
  Dr. Stephen Henson authored Nov 25, 2009
```
and is a pre-requisite to adding password based CMS support.
```
  3d63b396
23 Nov, 2009 1 commit
- cms-test.pl: use EXE_EXT. · 451038b4
  Andy Polyakov authored Nov 23, 2009
```
PR: 2107
```
  451038b4
19 Nov, 2009 1 commit
- util/pl/VC-32.pl: bufferoverflowu.lib only when actually needed and · 7766bc1a
  Andy Polyakov authored Nov 19, 2009
```
eliminate duplicate code.
PR: 2086
```
  7766bc1a
18 Nov, 2009 3 commits
- Servers can't end up talking SSLv2 with legacy renegotiation disabled · 6cef3a7f
  Dr. Stephen Henson authored Nov 18, 2009
  
  6cef3a7f
- Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation · 4d09323a
  Dr. Stephen Henson authored Nov 18, 2009
  
  4d09323a
- Include a more meaningful error message when rejecting legacy renegotiation · 64abf5e6
  Dr. Stephen Henson authored Nov 18, 2009
  
  64abf5e6
17 Nov, 2009 1 commit

PR: 2103 · 446a6a8a

Dr. Stephen Henson authored Nov 17, 2009

Submitted by: Rob Austein <sra@hactrn.net>
Approved by: steve@openssl.org

Initialise atm.flags to 0.

446a6a8a

15 Nov, 2009 10 commits
- PR: 2101 (additional) · 320d3fd6
  Dr. Stephen Henson authored Nov 15, 2009
```
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>
Approved by: steve@openssl.org

Another mingw fix.
```
  320d3fd6
- OPENSSL_ia32cap.pod update. · cca3ea1e
  Andy Polyakov authored Nov 15, 2009
  
  cca3ea1e
- Add sha512-parisc.pl. · a83f83aa
  Andy Polyakov authored Nov 15, 2009
  
  a83f83aa
- SHA1 assembler show off: minor performance updates and new modules for · 5727f1f7
  Andy Polyakov authored Nov 15, 2009
```
forgotten CPUs.
```
  5727f1f7
- sha512.c: there apparently is ILP32 PowerPC platform, where it is safe to · 53f73afc
  Andy Polyakov authored Nov 15, 2009
```
inline 64-bit assembler instructions. Normally it's inappropriate, because
signalling doesn't preserve upper halves of general purpose registers.
Meaning that it's only safe if signals are blocked for the time "wide"
code executes.
PR: 1998
```
  53f73afc
- x86_64-xlate.pl: new gas requires sign extention in lea instruction. · 10232bdc
  Andy Polyakov authored Nov 15, 2009
```
This resolves md5-x86_64.pl and sha1-x86_64.pl bugs, but without modifying
the code.
PR: 2094,2095
```
  10232bdc
- x86masm.pl: eliminate linker "multiple sections found with different · 55ff3aff
  Andy Polyakov authored Nov 15, 2009
```
attributes" warning.
```
  55ff3aff
- bss_dgram.c: more elegant solution to PR#2069. Use socklen_t heuristic · b7cec490
  Andy Polyakov authored Nov 15, 2009
```
from b_sock.c, don't assume that caller always passes pointer to buffer
large enough to hold sockaddr_storage.
PR: 2069
```
  b7cec490
- b_sock.c: fix compiler warning. · 2335e8a9
  Andy Polyakov authored Nov 15, 2009
  
  2335e8a9
- aesni-x86.pl: eliminate development comments. · 6f766a41
  Andy Polyakov authored Nov 15, 2009
  
  6f766a41
13 Nov, 2009 1 commit

PR: 2101 · f741382b

Dr. Stephen Henson authored Nov 13, 2009

Submitted by: Doug Kaufman <dkaufman@rahul.net>
Approved by: steve@openssl.org

Fixes for tests in cms-test.pl

f741382b

12 Nov, 2009 3 commits
- PR: 2088 · c18e51ba
  Dr. Stephen Henson authored Nov 12, 2009
```
Submitted by: Aleksey Samsonov <s4ms0n0v@gmail.com>
Approved by: steve@openssl.org

Fix memory leak in d2i_PublicKey().
```
  c18e51ba
- set engine to NULL after releasing it · 773b63d6
  Dr. Stephen Henson authored Nov 12, 2009
  
  773b63d6
- Update from 1.0.0-stable · 0a02d1db
  Richard Levitte authored Nov 12, 2009
  
  0a02d1db