Commits · 24fc4f656cadeef0e30f3c4d7d6a9e49672e40a1 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

14 Jan, 2010 1 commit

PR: 1618 · 24fc4f65

Dr. Stephen Henson authored Jan 14, 2010

Submitted by: steve@openssl.org

Fix bug in 0.9.8-stable time handling in ca.c . NB: this only handles cases
where times are not being checked or printed properly. Issues relating to
time_t becoming negative or wrapping around are *NOT* addressed. OpenSSL
1.0.0 and later does fix these issues by using its own time routines.

24fc4f65

13 Jan, 2010 2 commits

Fix version handling so it can cope with a major version >3. · c3c3b288

Dr. Stephen Henson authored Jan 13, 2010

Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.

c3c3b288

Modify compression code so it avoids using ex_data free functions. This · 06e2670a
Dr. Stephen Henson authored Jan 13, 2010
```
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
```
06e2670a

07 Jan, 2010 3 commits
- Simplify RI+SCSV logic: · 3798a4d0
  Dr. Stephen Henson authored Jan 07, 2010
```
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
```
  3798a4d0
- x86_64-xlate.pl: new gas requires sign extention in lea instruction · 5b8246d6
  Andy Polyakov authored Jan 07, 2010
```
[from HEAD].
PR: 2094,2095
```
  5b8246d6
- util/pl/VC-32.pl: bufferoverflowu.lib only when actually needed [from HEAD]. · 2e24bc42
  Andy Polyakov authored Jan 07, 2010
```
PR: 2086
```
  2e24bc42
06 Jan, 2010 2 commits
- correct error codes · f244ed3e
  Dr. Stephen Henson authored Jan 06, 2010
  
  f244ed3e
- Updates to conform with draft-ietf-tls-renegotiation-03.txt: · 50a095ed
  Dr. Stephen Henson authored Jan 06, 2010
```
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
```
  50a095ed
05 Jan, 2010 2 commits
- Typo · 37aff219
  Dr. Stephen Henson authored Jan 05, 2010
  
  37aff219
- PR: 2132 · 309aa5fb
  Dr. Stephen Henson authored Jan 05, 2010
```
Submitted by: steve

Fix bundled pod2man.pl to handle alternative comment formats.
```
  309aa5fb
27 Dec, 2009 1 commit

Update RI to match latest spec. · 5f409487

Dr. Stephen Henson authored Dec 27, 2009

MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.

5f409487

25 Dec, 2009 1 commit
- Traditional Yuletide commit ;-) · c22050be
  Dr. Stephen Henson authored Dec 25, 2009
```
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
```
  c22050be
22 Dec, 2009 2 commits
- Constify crypto/cast. · 54ca55fd
  Bodo Möller authored Dec 22, 2009
  
  54ca55fd
- Constify crypto/cast. · d0e79d7e
  Bodo Möller authored Dec 22, 2009
  
  d0e79d7e
17 Dec, 2009 2 commits
- Ooops, engage ENGINE initialisation code correctly in FIPS builds. · c1003dfd
  Dr. Stephen Henson authored Dec 17, 2009
  
  c1003dfd
- Alert to use is now defined in spec: update code · 98809a14
  Dr. Stephen Henson authored Dec 17, 2009
  
  98809a14
16 Dec, 2009 1 commit
- New option to enable/disable connection to unpatched servers · ccc3df8c
  Dr. Stephen Henson authored Dec 16, 2009
  
  ccc3df8c
14 Dec, 2009 3 commits
- add another missed case · 593a6dbe
  Dr. Stephen Henson authored Dec 14, 2009
  
  593a6dbe
- simplify RI error code and catch extra error case ignored before · efbe446f
  Dr. Stephen Henson authored Dec 14, 2009
  
  efbe446f
- Allow initial connection (but no renegoriation) to servers which don't support · 725745d1
  Dr. Stephen Henson authored Dec 14, 2009
```
RI.
```
  725745d1
12 Dec, 2009 1 commit
- Missing newline. · c0e94f82
  Ben Laurie authored Dec 12, 2009
  
  c0e94f82
11 Dec, 2009 1 commit
- Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL · ef4bd016
  Dr. Stephen Henson authored Dec 11, 2009
  
  ef4bd016
09 Dec, 2009 4 commits
- clarify docs · 7a8a3ef4
  Dr. Stephen Henson authored Dec 09, 2009
  
  7a8a3ef4
- Document option clearning functions. · 98c7b036
  Dr. Stephen Henson authored Dec 09, 2009
```
Initial secure renegotiation documentation.
```
  98c7b036
- PR: 2124 · 9e5dea0f
  Dr. Stephen Henson authored Dec 09, 2009
```
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
```
  9e5dea0f
- Add ctrls to clear options and mode. · cb4823fd
  Dr. Stephen Henson authored Dec 09, 2009
```
Change RI ctrl so it doesn't clash.
```
  cb4823fd
08 Dec, 2009 3 commits

Send no_renegotiation alert as required by spec. · 17bb0516
Dr. Stephen Henson authored Dec 08, 2009

17bb0516
Add ctrl and macro so we can determine if peer support secure renegotiation. · 59f44e81
Dr. Stephen Henson authored Dec 08, 2009
```
Fix SSL_CIPHER initialiser for mcsv
```
59f44e81

Add support for magic cipher suite value (MCSV). Make secure renegotiation · 7a014dce

Dr. Stephen Henson authored Dec 08, 2009

work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.

7a014dce

02 Dec, 2009 2 commits
- PR: 2111 · 1ff44a99
  Dr. Stephen Henson authored Dec 02, 2009
```
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
```
  1ff44a99
- Replace the broken SPKAC certification with the correct version. · 6cf61614
  Dr. Stephen Henson authored Dec 02, 2009
  
  6cf61614
01 Dec, 2009 2 commits

PR: 2115 · 82e448b9

Dr. Stephen Henson authored Dec 01, 2009

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.

82e448b9

PR: 1432 · b172352b

Dr. Stephen Henson authored Dec 01, 2009

Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org

Truncate hash if it is too large: as required by FIPS 186-3.

b172352b

29 Nov, 2009 1 commit
- typo · 95b14fd8
  Dr. Stephen Henson authored Nov 29, 2009
  
  95b14fd8
26 Nov, 2009 4 commits
- (whitespace) · 553d2e32
  Bodo Möller authored Nov 26, 2009
  
  553d2e32
- The version numbering may change, again; so be careful about what we · 82fb4ee8
  Bodo Möller authored Nov 26, 2009
```
announce in CHANGES.
```
  82fb4ee8
- Remove attribution -- this wasn't my patch, I only edited and applied it. · 389fef6c
  Bodo Möller authored Nov 26, 2009
  
  389fef6c
- Remove obsolete information about a change for 0.9.7n. · b6622f96
  Bodo Möller authored Nov 26, 2009
```
(No further releases from the 0.9.7 branch are planned.  Note that the
"deleted" change is also in 0.9.8f.)
```
  b6622f96
18 Nov, 2009 2 commits
- Servers can't end up talking SSLv2 with legacy renegotiation disabled · 7f5448e3
  Dr. Stephen Henson authored Nov 18, 2009
  
  7f5448e3
- Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation · 5d965f07
  Dr. Stephen Henson authored Nov 18, 2009
  
  5d965f07