Commits · 2218c296b4981af6f2639bbd7eabfb89437fe776 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Dec 28, 2013
- ARM assembly pack: make it work with older toolchain. · 2218c296
  Andy Polyakov authored Dec 28, 2013
  
  2218c296
Dec 22, 2013

Canonicalise input in CMS_verify. · cd30f03a

Dr. Stephen Henson authored Dec 22, 2013

If content is detached and not binary mode translate the input to
CRLF format. Before this change the input was verified verbatim
which lead to a discrepancy between sign and verify.

cd30f03a

Dec 20, 2013

Fix DTLS retransmission from previous session. · 20b82b51

Dr. Stephen Henson authored Dec 20, 2013

For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967)

20b82b51

Ignore NULL parameter in EVP_MD_CTX_destroy. · 560b34f2
Dr. Stephen Henson authored Dec 20, 2013
```
(cherry picked from commit a6c62f0c)
```
560b34f2

Dec 18, 2013
- sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes. · fc0503a2
  Andy Polyakov authored Dec 18, 2013
```
(and ensure stack alignment in the process)
```
  fc0503a2
- evp/e_[aes|camellia].c: fix typo in CBC subroutine. · e9c80e04
  Andy Polyakov authored Dec 18, 2013
```
It worked because it was never called.
```
  e9c80e04
- PPC assembly pack update addendum. · f0f4b8f1
  Andy Polyakov authored Dec 18, 2013
  
  f0f4b8f1
- sha512.c: fullfull implicit API contract in SHA512_Transform. · cdd1acd7
  Andy Polyakov authored Dec 18, 2013
```
SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.
```
  cdd1acd7
- PPC assembly pack: improve AIX support (enable vpaes-ppc). · 128e1d10
  Andy Polyakov authored Dec 18, 2013
  
  128e1d10
- Check EVP errors for handshake digests. · ed496b3d
  Dr. Stephen Henson authored Dec 14, 2013
```
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be)
```
  ed496b3d
- Update demo. · 88c21c47
  Dr. Stephen Henson authored Dec 18, 2013
  
  88c21c47
Dec 13, 2013

Add opaque ID structure. · 4a253652

Dr. Stephen Henson authored Dec 11, 2013

Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
(cherry picked from commit adc6bd73)

Conflicts:

	crypto/x509/x509_vpm.c

4a253652

Update to pad extension. · 4fcdd66f

Dr. Stephen Henson authored Dec 12, 2013

Fix padding calculation for different SSL_METHOD types. Use the
standard name as used in draft-agl-tls-padding-02

4fcdd66f

Fix for partial chain notification. · 102302b0

Dr. Stephen Henson authored Dec 13, 2013

For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
(cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)

102302b0

Verify parameter retrieval functions. · 7af31968

Dr. Stephen Henson authored Dec 13, 2013

New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
(cherry picked from commit be0c9270690ed9c1799900643cab91de146de857)

7af31968

Don't use rdrand engine as default unless explicitly requested. · 8a1956f3
Dr. Stephen Henson authored Dec 11, 2013
```
(cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)
```
8a1956f3

Dec 10, 2013
- remove obsolete STATUS file · e3bc1f49
  Dr. Stephen Henson authored Dec 10, 2013
  
  e3bc1f49
- Add release dates to NEWS · 57d7ee3a
  Dr. Stephen Henson authored Dec 10, 2013
  
  57d7ee3a
Dec 09, 2013
- x86_64-xlate.pl: minor update. · 41965a84
  Andy Polyakov authored Dec 09, 2013
  
  41965a84
- bn/asm/x86_64-mont5.pl: add MULX/AD*X code path. · ec9cc70f
  Andy Polyakov authored Dec 09, 2013
```
This also eliminates code duplication between x86_64-mont and x86_64-mont
and optimizes even original non-MULX code.
```
  ec9cc70f
Dec 04, 2013
- bn/asm/armv4-mont.pl: add NEON code path. · d1671f4f
  Andy Polyakov authored Dec 04, 2013
  
  d1671f4f
- perlasm/ppc-xlate.pl: add support for AltiVec/VMX and VSX. · 26e18383
  Andy Polyakov authored Dec 04, 2013
```
Suggested by: Marcello Cerri
```
  26e18383
- perlasm/ppc-xlate.pl: improve linux64le support. · f586d971
  Andy Polyakov authored Dec 04, 2013
```
Suggested by: Marcello Cerri
```
  f586d971
- aes/asm/vpaes-ppc.pl: comply with ABI. · a61e5122
  Andy Polyakov authored Dec 04, 2013
  
  a61e5122
- Configure: remove vpaes-ppc from aix targets. · 34b1008c
  Andy Polyakov authored Dec 04, 2013
```
AIX assembler doesn't hanle .align, which is essential for vpaes module.
```
  34b1008c
Dec 03, 2013
- bn/asm/x86_64-mont5.pl: comply with Win64 ABI. · c5d5f5bd
  Andy Polyakov authored Dec 03, 2013
```
PR: 3189
Submitted by: Oscar Ciurana
```
  c5d5f5bd
- crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64. · 8bd7ca99
  Andy Polyakov authored Dec 03, 2013
  
  8bd7ca99
- crypto/bn/rsaz*: fix licensing note. · 31ed9a21
  Andy Polyakov authored Dec 03, 2013
```
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
```
  31ed9a21
- bn/asm/rsaz-x86_64.pl: fix prototype. · 6efef384
  Andy Polyakov authored Dec 03, 2013
  
  6efef384
Nov 30, 2013
- Simplify and update openssl.spec · 4b27bab9
  Dr. Stephen Henson authored Nov 27, 2013
  
  4b27bab9
Nov 29, 2013
- vpaes-ppc.pl: fix bug in IV handling and comply with ABI. · 89bb96e5
  Andy Polyakov authored Nov 29, 2013
  
  89bb96e5
Nov 27, 2013
- ppc64-mont.pl: eliminate dependency on GPRs' upper halves. · b9e87d07
  Andy Polyakov authored Nov 27, 2013
  
  b9e87d07
- Take vpaes-ppc module into loop. · 07f3e4f3
  Andy Polyakov authored Nov 27, 2013
  
  07f3e4f3
- Add Vector Permutation AES for PPC. · b5c54c91
  Andy Polyakov authored Nov 27, 2013
  
  b5c54c91
Nov 18, 2013
- New functions to retrieve certificate from SSL_CTX · a25f9adc
  Dr. Stephen Henson authored Nov 18, 2013
```
New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().
```
  a25f9adc
- Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set · 60aeb187
  Dr. Stephen Henson authored Nov 18, 2013
  
  60aeb187
Nov 17, 2013
- Use correct header length in ssl3_send_certifcate_request · fdeaf55b
  Dr. Stephen Henson authored Nov 17, 2013
  
  fdeaf55b
Nov 14, 2013
- Constify. · 0f7fa1b1
  Dr. Stephen Henson authored Nov 14, 2013
```
(cherry picked from commit 1abfa78a)
```
  0f7fa1b1
- Fix compilation with no-nextprotoneg. · 2911575c
  Piotr Sikora authored Nov 13, 2013
```
PR#3106
```
  2911575c
Nov 13, 2013

Flag to disable automatic copying of contexts. · afa23c46

Dr. Stephen Henson authored Nov 13, 2013

Some functions such as EVP_VerifyFinal only finalise a copy of the passed
context in case an application wants to digest more data. Doing this when
it is not needed is inefficient and many applications don't require it.

For compatibility the default is to still finalise a copy unless the
flag EVP_MD_CTX_FLAG_FINALISE is set in which case the passed
context is finalised an *no* further data can be digested after
finalisation.

afa23c46