Commits · 3ff55e9680cc99f330f25e48cd1422e3459c02de · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

28 Sep, 2006 2 commits

Fix buffer overflow in SSL_get_shared_ciphers() function. · 3ff55e96

Mark J. Cox authored Sep 28, 2006

(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

3ff55e96

Fixes for the following claims: · cbb92dfa

Richard Levitte authored Sep 28, 2006

  1) Certificate Message with no certs

  OpenSSL implementation sends the Certificate message during SSL
  handshake, however as per the specification, these have been omitted.

  -- RFC 2712 --
     CertificateRequest, and the ServerKeyExchange shown in Figure 1
     will be omitted since authentication and the establishment of a
     master secret will be done using the client's Kerberos credentials
     for the TLS server.  The client's certificate will be omitted for
     the same reason.
  -- RFC 2712 --

  3) Pre-master secret Protocol version

  The pre-master secret generated by OpenSSL does not have the correct
  client version.

  RFC 2712 says, if the Kerberos option is selected, the pre-master
  secret structure is the same as that used in the RSA case.

  TLS specification defines pre-master secret as:
         struct {
             ProtocolVersion client_version;
             opaque random[46];
         } PreMasterSecret;

  where client_version is the latest protocol version supported by the
  client

  The pre-master secret generated by OpenSSL does not have the correct
  client version. The implementation does not update the first 2 bytes
  of random secret for Kerberos Cipher suites. At the server-end, the
  client version from the pre-master secret is not validated.

PR: 1336

cbb92dfa

26 Sep, 2006 1 commit
- Initialize new callbacks and make sure hent is always initialized. · 019bfef8
  Dr. Stephen Henson authored Sep 26, 2006
  
  019bfef8
25 Sep, 2006 1 commit
- Complete the change for VMS. · 0709249f
  Richard Levitte authored Sep 25, 2006
  
  0709249f
23 Sep, 2006 1 commit
- Submitted by: Brad Spencer <spencer@jacknife.org> · 89c9c667
  Dr. Stephen Henson authored Sep 23, 2006
```
Reviewed by: steve
```
  89c9c667
22 Sep, 2006 3 commits
- Buffer size handling fix for enc. · 347ed3b9
  Dr. Stephen Henson authored Sep 22, 2006
```
PR:1374
```
  347ed3b9
- Using correct lock for X509_REQ. · 5b73c360
  Dr. Stephen Henson authored Sep 22, 2006
```
PR:1348
```
  5b73c360
- Update length if copying MSB set in asn1_string_canon(). · eebeb52b
  Dr. Stephen Henson authored Sep 22, 2006
  
  eebeb52b
21 Sep, 2006 7 commits
- Updated file. · 6ec6cfc7
  Dr. Stephen Henson authored Sep 21, 2006
  
  6ec6cfc7
- Add missing prototype. Fix various warnings (C++ comments, ; outside function). · 44181ea8
  Dr. Stephen Henson authored Sep 21, 2006
  
  44181ea8
- Make int_rsa_sign function match prototype. · c80c7bf9
  Dr. Stephen Henson authored Sep 21, 2006
```
PR: 1383
```
  c80c7bf9
- Compile in gost engine. · ffa5ebf3
  Dr. Stephen Henson authored Sep 21, 2006
  
  ffa5ebf3
- Updated version of gost engine. · 926c41bd
  Dr. Stephen Henson authored Sep 21, 2006
  
  926c41bd
- Do CRL method init after other operations. · 1182301c
  Dr. Stephen Henson authored Sep 21, 2006
  
  1182301c
- Tidy up CRL handling by checking for critical extensions when it is · 010fa0b3
  Dr. Stephen Henson authored Sep 21, 2006
```
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.

Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
```
  010fa0b3
18 Sep, 2006 6 commits
- Build error on non-unix. · 4ca7d975
  Andy Polyakov authored Sep 18, 2006
```
PR: 1390
```
  4ca7d975
- Race condition in ms/uplink.c. · b7741110
  Andy Polyakov authored Sep 18, 2006
```
PR: 1382
```
  b7741110
- As x86ms.pl is out, remove do_masm.bat and mention to it in INSTALL.W32. · 78260d89
  Andy Polyakov authored Sep 18, 2006
  
  78260d89
- Remove x86ms.pl and reimplement x86*.pl. · 4b67fefe
  Andy Polyakov authored Sep 18, 2006
  
  4b67fefe
- Improve 386 portability of aes-586.pl. · 3a8012cb
  Andy Polyakov authored Sep 18, 2006
  
  3a8012cb
- Ensure that the addition mods[i]+delta cannot overflow in probable_prime(). · a53cdc5b
  Bodo Möller authored Sep 18, 2006
```
[Problem pointed out by Adam Young <adamy (at) acm.org>]
```
  a53cdc5b
17 Sep, 2006 2 commits
- Overhaul of by_dir code to handle dynamic loading of CRLs. · 5d20c4fb
  Dr. Stephen Henson authored Sep 17, 2006
  
  5d20c4fb
- GOST public key algorithm ENGINE donated to the OpenSSL by Cryptocom. · a04549cc
  Dr. Stephen Henson authored Sep 17, 2006
```
Very early version, doesn't do much yet, not even added to the build system.
```
  a04549cc
14 Sep, 2006 1 commit
- Support for AKID in CRLs and partial support for IDP. Overhaul of CRL · bc7535bc
  Dr. Stephen Henson authored Sep 14, 2006
```
handling to support this.
```
  bc7535bc
13 Sep, 2006 1 commit
- Update docs. · 83357f04
  Dr. Stephen Henson authored Sep 13, 2006
  
  83357f04
12 Sep, 2006 1 commit
- Update · b6699c3f
  Bodo Möller authored Sep 12, 2006
  
  b6699c3f
11 Sep, 2006 2 commits
- Fixes for new CRL/cert callbacks. Update CRL processing code to use new · 016bc5ce
  Dr. Stephen Henson authored Sep 11, 2006
```
callbacks.
```
  016bc5ce
- ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 · ed65f7dc
  Bodo Möller authored Sep 11, 2006
```
ciphersuite as well
```
  ed65f7dc
10 Sep, 2006 1 commit
- Add verify callback functions to lookup a STACK of matching certs or CRLs · 4d50a2b4
  Dr. Stephen Henson authored Sep 10, 2006
```
based on subject name.

New thread safe functions to retrieve matching STACK from X509_STORE.

Cache some IDP components.
```
  4d50a2b4
08 Sep, 2006 1 commit
- Make sure the int_rsa_verify() prototype matches the implementation · 7f430166
  Bodo Möller authored Sep 08, 2006
```
(m_len currently is 'unsigned int', not 'size_t')

Submitted by: Gisle Vanem
```
  7f430166
06 Sep, 2006 6 commits
- Additional detail. · 29a1bb07
  Dr. Stephen Henson authored Sep 06, 2006
  
  29a1bb07
- update information on "current version" ... · 99e9a900
  Bodo Möller authored Sep 06, 2006
  
  99e9a900
- Add an FAQ. · 715020e3
  Dr. Stephen Henson authored Sep 06, 2006
  
  715020e3
- Remove non-functional part of recent patch, after discussion with · 29528860
  Bodo Möller authored Sep 06, 2006
```
Colin Percival (this would have caused more problems than solved,
and isn't really necessary anyway)
```
  29528860
- Make consistent with 0.9.8-branch version of this file · 613e7d2a
  Bodo Möller authored Sep 06, 2006
  
  613e7d2a
- Every change so far that is in the 0.9.8 branch is (or should be) in HEAD · 6a2c4710
  Bodo Möller authored Sep 06, 2006
  
  6a2c4710
05 Sep, 2006 1 commit
- Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher · b79aa05e
  Mark J. Cox authored Sep 05, 2006
```
(CVE-2006-4339)

Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
```
  b79aa05e
31 Aug, 2006 3 commits
- Rewrite sha1-586.pl. · 500b5a18
  Andy Polyakov authored Aug 31, 2006
  
  500b5a18
- Fix bug in aes-586.pl. · 2b8a5406
  Andy Polyakov authored Aug 31, 2006
  
  2b8a5406
- Fix bug in x86unix.pl introduced in latest update. · 2f35ae90
  Andy Polyakov authored Aug 31, 2006
```
PR: 1380
```
  2f35ae90