Commits · 338a61b94e39e3db628ff862853255b8d71615ee · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Dec 09, 2009
- Add patch to crypto/evp which didn't apply from PR#2124 · 338a61b9
  Dr. Stephen Henson authored Dec 09, 2009
  
  338a61b9
- Revert lhash patch for PR#2124 · e4bcadb3
  Dr. Stephen Henson authored Dec 09, 2009
  
  e4bcadb3
- PR: 2124 · fdb2c6e4
  Dr. Stephen Henson authored Dec 09, 2009
```
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
```
  fdb2c6e4
- Add ctrls to clear options and mode. · 7661ccad
  Dr. Stephen Henson authored Dec 09, 2009
```
Change RI ctrl so it doesn't clash.
```
  7661ccad
Dec 08, 2009

Send no_renegotiation alert as required by spec. · 82e610e2
Dr. Stephen Henson authored Dec 08, 2009

82e610e2
Add ctrl and macro so we can determine if peer support secure renegotiation. · 5430200b
Dr. Stephen Henson authored Dec 08, 2009

5430200b

Add support for magic cipher suite value (MCSV). Make secure renegotiation · 13f6d57b

Dr. Stephen Henson authored Dec 08, 2009

work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.

13f6d57b

PR: 2121 · 8025e251

Dr. Stephen Henson authored Dec 08, 2009

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.

8025e251

Dec 07, 2009
- Initial experimental TLSv1.1 support · 637f374a
  Dr. Stephen Henson authored Dec 07, 2009
  
  637f374a
Dec 02, 2009
- PR: 2111 · 7e4cae1d
  Dr. Stephen Henson authored Dec 02, 2009
```
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
```
  7e4cae1d
- Update CHANGES. · 9d953025
  Dr. Stephen Henson authored Dec 02, 2009
  
  9d953025
- Replace the broken SPKAC certification with the correct version. · 3533ab1f
  Dr. Stephen Henson authored Dec 02, 2009
  
  3533ab1f
- Check it actually compiles this time ;-) · ec7d16ff
  Dr. Stephen Henson authored Dec 02, 2009
  
  ec7d16ff
- PR: 2120 · 5656f33c
  Dr. Stephen Henson authored Dec 02, 2009
```
Submitted by: steve@openssl.org

Initialize fields correctly if pem_str or info are NULL in  EVP_PKEY_asn1_new().
```
  5656f33c
Dec 01, 2009

Ooops... · 7f354fa4
Dr. Stephen Henson authored Dec 01, 2009

7f354fa4
check DSA_sign() return value properly · 6732e142
Dr. Stephen Henson authored Dec 01, 2009

6732e142

PR: 2115 · 49968440

Dr. Stephen Henson authored Dec 01, 2009

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.

49968440

PR: 1432 · 606c46fb

Dr. Stephen Henson authored Dec 01, 2009

Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org

Truncate hash if it is too large: as required by FIPS 186-3.

606c46fb

Nov 30, 2009

PR: 2118 · fed8dbf4

Dr. Stephen Henson authored Nov 30, 2009

Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Approved by: steve@openssl.org

Check return value of ECDSA_sign() properly.

fed8dbf4

Nov 29, 2009
- typo · c2f0203d
  Dr. Stephen Henson authored Nov 29, 2009
  
  c2f0203d
Nov 26, 2009
- bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER. · b6bf9e2e
  Andy Polyakov authored Nov 26, 2009
```
PR: 2110
```
  b6bf9e2e
- Experimental CMS password based recipient Info support. · d2a53c22
  Dr. Stephen Henson authored Nov 26, 2009
  
  d2a53c22
- Make CHANGES in CVS head consistent with the CHANGES files in the · 480af99e
  Bodo Möller authored Nov 26, 2009
```
branches.

This means that http://www.openssl.org/news/changelog.html will
finally describe 0.9.8l.
```
  480af99e
Nov 25, 2009
- Add OID for PWRI KEK algorithm. · f2334630
  Dr. Stephen Henson authored Nov 25, 2009
  
  f2334630
- Add PBKFD2 prototype. · 007f7ec1
  Dr. Stephen Henson authored Nov 25, 2009
  
  007f7ec1
- Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat · 3d63b396
  Dr. Stephen Henson authored Nov 25, 2009
```
and is a pre-requisite to adding password based CMS support.
```
  3d63b396
Nov 23, 2009
- cms-test.pl: use EXE_EXT. · 451038b4
  Andy Polyakov authored Nov 23, 2009
```
PR: 2107
```
  451038b4
Nov 19, 2009
- util/pl/VC-32.pl: bufferoverflowu.lib only when actually needed and · 7766bc1a
  Andy Polyakov authored Nov 19, 2009
```
eliminate duplicate code.
PR: 2086
```
  7766bc1a
Nov 18, 2009
- Servers can't end up talking SSLv2 with legacy renegotiation disabled · 6cef3a7f
  Dr. Stephen Henson authored Nov 18, 2009
  
  6cef3a7f
- Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation · 4d09323a
  Dr. Stephen Henson authored Nov 18, 2009
  
  4d09323a
- Include a more meaningful error message when rejecting legacy renegotiation · 64abf5e6
  Dr. Stephen Henson authored Nov 18, 2009
  
  64abf5e6
Nov 17, 2009

PR: 2103 · 446a6a8a

Dr. Stephen Henson authored Nov 17, 2009

Submitted by: Rob Austein <sra@hactrn.net>
Approved by: steve@openssl.org

Initialise atm.flags to 0.

446a6a8a

Nov 15, 2009
- PR: 2101 (additional) · 320d3fd6
  Dr. Stephen Henson authored Nov 15, 2009
```
Submitted by: Roumen Petrov <openssl@roumenpetrov.info>
Approved by: steve@openssl.org

Another mingw fix.
```
  320d3fd6
- OPENSSL_ia32cap.pod update. · cca3ea1e
  Andy Polyakov authored Nov 15, 2009
  
  cca3ea1e
- Add sha512-parisc.pl. · a83f83aa
  Andy Polyakov authored Nov 15, 2009
  
  a83f83aa
- SHA1 assembler show off: minor performance updates and new modules for · 5727f1f7
  Andy Polyakov authored Nov 15, 2009
```
forgotten CPUs.
```
  5727f1f7
- sha512.c: there apparently is ILP32 PowerPC platform, where it is safe to · 53f73afc
  Andy Polyakov authored Nov 15, 2009
```
inline 64-bit assembler instructions. Normally it's inappropriate, because
signalling doesn't preserve upper halves of general purpose registers.
Meaning that it's only safe if signals are blocked for the time "wide"
code executes.
PR: 1998
```
  53f73afc
- x86_64-xlate.pl: new gas requires sign extention in lea instruction. · 10232bdc
  Andy Polyakov authored Nov 15, 2009
```
This resolves md5-x86_64.pl and sha1-x86_64.pl bugs, but without modifying
the code.
PR: 2094,2095
```
  10232bdc
- x86masm.pl: eliminate linker "multiple sections found with different · 55ff3aff
  Andy Polyakov authored Nov 15, 2009
```
attributes" warning.
```
  55ff3aff
- bss_dgram.c: more elegant solution to PR#2069. Use socklen_t heuristic · b7cec490
  Andy Polyakov authored Nov 15, 2009
```
from b_sock.c, don't assume that caller always passes pointer to buffer
large enough to hold sockaddr_storage.
PR: 2069
```
  b7cec490