Commits · 361fd136e9d960b05e7596b9a1786852522a8cd3 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jun 28, 2014
- Typo. · 361fd136
  Dr. Stephen Henson authored Jun 28, 2014
```
PR#3107
(cherry picked from commit 7c206db9)
```
  361fd136
Jun 27, 2014
- Don't disable state strings with no-ssl2 · 4950a528
  Dr. Stephen Henson authored Jun 28, 2014
```
Some state strings were erronously not compiled when no-ssl2
was set.

PR#3295
(cherry picked from commit 0518a3e1)
```
  4950a528
- Fix compilation with -DSSL_DEBUG -DTLS_DEBUG -DKSSL_DEBUG · 00ab230a
  yogesh nagarkar authored Jun 28, 2014
```
PR#3141
(cherry picked from commit d183545d)
```
  00ab230a
- Fix typo in ideatest.c · e99980e8
  Andreas Westfeld authored Jun 28, 2014
```
(cherry picked from commit d1d4382d)
```
  e99980e8
- Remove redundant check. · ec77f276
  Ken Ballou authored Jun 27, 2014
```
PR#3174
(cherry picked from commit fd331c0bb9b557903dd2ce88398570a3327b5ef0)
```
  ec77f276
- Fix for EVP_PBE_alg_add(). · d0ba9944
  Dr. Stephen Henson authored Jun 27, 2014
```
In EVP_PBE_alg_add don't use the underlying NID for the cipher
as it may have a non-standard key size.

PR#3206
(cherry picked from commit efb7caef637a1de8468ca109efd355a9d0e73a45)
```
  d0ba9944
- x86_64 assembly pack: addendum to last clang commit. · 52f85652
  Andy Polyakov authored Jun 24, 2014
```
(cherry picked from commit 7eb04882)
```
  52f85652
- x86_64 assembly pack: allow clang to compile AVX code. · 912f08dd
  Andy Polyakov authored Jun 24, 2014
```
(cherry picked from commit ac171925)
```
  912f08dd
- bn/asm/rsaz-avx2.pl: fix occasional failures. · 1067663d
  Andy Polyakov authored Jun 27, 2014
```
(cherry picked from commit 406d4af0)
```
  1067663d
- Tolerate critical AKID in CRLs. · 22228d2d
  Dr. Stephen Henson authored Jun 27, 2014
```
PR#3014
(cherry picked from commit 11da66f8)
```
  22228d2d
- Handle IPv6 addresses in OCSP_parse_url. · c5774559
  Tom Greenslade authored Jun 27, 2014
```
PR#2783
(cherry picked from commit b36f35cd)
```
  c5774559
- Rebuild OID table. · 65e4dca4
  Dr. Stephen Henson authored Jun 27, 2014
  
  65e4dca4
- Fix OID encoding for one component. · ff4cfc4c
  Dr. Stephen Henson authored Jun 27, 2014
```
OIDs with one component don't have an encoding.

PR#2556 (Bug#1)
(cherry picked from commit 95791bf9)
```
  ff4cfc4c
- Don't advertise ECC ciphersuits in SSLv2 compatible client hello. · f4623ab9
  Tomas Mraz authored Jun 27, 2014
```
PR#3374
(cherry picked from commit 0436369f)
```
  f4623ab9
- Clarify docs. · 6ef35095
  Jeffrey Walton authored Jun 27, 2014
```
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.

PR#3409
(cherry picked from commit 0535c2d6)
```
  6ef35095
- Memory leak and NULL dereference fixes. · e42c2082
  Dr. Stephen Henson authored Jun 27, 2014
```
PR#3403
(cherry picked from commit d2aea038)
```
  e42c2082
- Remove ancient obsolete files under pkcs7. · e86951ca
  Dr. Stephen Henson authored Jun 26, 2014
```
(cherry picked from commit 7be6b27a)
```
  e86951ca
Jun 26, 2014

Make sure BN_sqr can never return a negative value. · b7a4f98b
Huzaifa Sidhpurwala authored Jun 26, 2014
```
PR#3410
(cherry picked from commit e14e764c0d5d469da63d0819c6ffc0e1e9e7f0bb)
```
b7a4f98b

bn_exp.c: move check for AD*X to rsaz-avx2.pl. · 82a9dafe

Andy Polyakov authored Jun 27, 2014

This ensures high performance is situations when assembler supports
AVX2, but not AD*X.
(cherry picked from commit f3f620e1)

Resolved conflicts:

	crypto/bn/asm/rsaz-avx2.pl

82a9dafe

Jun 25, 2014
- aesv8-armx.pl: rigid input verification in key setup. · 1536bcfd
  Andy Polyakov authored Jun 25, 2014
```
(cherry picked from commit 7b8c8c4d)
```
  1536bcfd
- X509_check_mumble() failure is <= 0, not just 0 · 3fc0b1ed
  Viktor Dukhovni authored Jun 22, 2014
```
(cherry picked from commit a48fb040)
```
  3fc0b1ed
- More complete input validation of X509_check_mumble · 3d15d58e
  Viktor Dukhovni authored Jun 22, 2014
```
(cherry picked from commit 29edebe9)
```
  3d15d58e
- Drop hostlen from X509_VERIFY_PARAM_ID. · d93edc0a
  Viktor Dukhovni authored Jun 22, 2014
```
Just store NUL-terminated strings.  This works better when we add
support for multiple hostnames.
(cherry picked from commit b3012c69)
```
  d93edc0a
- More complete X509_check_host documentation. · 609daaba
  Viktor Dukhovni authored Jun 22, 2014
```
(cherry picked from commit d241b804)
```
  609daaba
Jun 24, 2014
- aesv8-armx.pl: inclrease interleave factor. · a073ceef
  Andy Polyakov authored Jun 24, 2014
```
This is to compensate for higher aes* instruction latency on Cortex-A57.
(cherry picked from commit 015364ba)
```
  a073ceef
- ARMv8 assembly pack: add Cortex performance numbers. · 5cd8ce42
  Andy Polyakov authored Jun 24, 2014
```
(cherry picked from commit 0f777aeb)
```
  5cd8ce42
Jun 22, 2014
- Fix off-by-one errors in ssl_cipher_get_evp() · d15f2d98
  Miod Vallat authored Jun 04, 2014
```
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

Bug discovered and fixed by Miod Vallat from the OpenBSD team.

PR#3375
```
  d15f2d98
- Revert "Fix off-by-one errors in ssl_cipher_get_evp()" · 00f5ee44
  Matt Caswell authored Jun 22, 2014
```
This reverts commit 3d860774.

Incorrect attribution.
```
  00f5ee44
- Fixed Windows compilation failure · e7911530
  Matt Caswell authored May 27, 2014
  
  e7911530
Jun 18, 2014
- Make sure test/tests.com exit gracefully, even when openssl.exe wasn't · 6ff73426
  Richard Levitte authored Jun 18, 2014
```
properly built.
```
  6ff73426
- Adjust VMS build to Unix build. Most of all, make it so the disabled · a61e509e
  Richard Levitte authored Jun 17, 2014
```
algorithms MD2 and RC5 don't get built.
Also, disable building the test apps in crypto/des and crypto/pkcs7, as
they have no support at all.
```
  a61e509e
Jun 17, 2014
- Fix signed/unsigned comparisons. · 1b823494
  Felix Laurie von Massenbach authored Jun 15, 2014
```
(cherry picked from commit 50cc4f7b)
```
  1b823494
- Fix shadow declaration. · 6657e68b
  Felix Laurie von Massenbach authored Jun 15, 2014
```
(cherry picked from commit 1f61d8b5)
```
  6657e68b
- Remove unused DANE macros. This should be the last DANE stuff... · 23351c60
  Richard Levitte authored Jun 17, 2014
  
  23351c60
Jun 16, 2014
- DCL doesn't do well with empty lines, or lines starting with # · 9a6112d1
  Richard Levitte authored Jun 16, 2014
  
  9a6112d1
- Spaces were added in some strings for better readability. However, those... · b9c0dae2
  Richard Levitte authored Jun 16, 2014
```
Spaces were added in some strings for better readability.  However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces
```
  b9c0dae2
- aesni-sha[1|256]-x86_64.pl: fix logical error and MacOS X build. · d940b3b9
  Andy Polyakov authored Jun 16, 2014
```
(cherry picked from commit 9024b84b)
```
  d940b3b9
Jun 14, 2014

Enforce _X509_CHECK_FLAG_DOT_SUBDOMAINS internal-only · cfbc10fb
Viktor Dukhovni authored Jun 13, 2014
```
(cherry picked from commit d435e23959f1c2cb4feadbfba9ad884c59f37db9)
```
cfbc10fb

Accept CCS after sending finished. · 90d94ce3

Dr. Stephen Henson authored Jun 14, 2014

Allow CCS after finished has been sent by client: at this point
keys have been correctly set up so it is OK to accept CCS from
server. Without this renegotiation can sometimes fail.

PR#3400
(cherry picked from commit 99cd6a91fcb0931feaebbb4832681d40a66fad41)

90d94ce3

evp/e_aes_cbc_sha[1|256].c: fix -DPEDANTIC build. · 79b960c0
Andy Polyakov authored Jun 14, 2014
```
(cherry picked from commit ce00c64d)
```
79b960c0