Commits · 5b9d0995a126e1813677b9ea0b5b55337e253cb4 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

10 May, 2012 1 commit
- Reported by: Solar Designer of Openwall · 5b9d0995
  Dr. Stephen Henson authored May 10, 2012
```
Make sure tkeylen is initialised properly when encrypting CMS messages.
```
  5b9d0995
04 May, 2012 1 commit
- Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS. · 7ad8e1fc
  Richard Levitte authored May 04, 2012
  
  7ad8e1fc
27 Apr, 2012 1 commit

ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance · c9b31189

Andy Polyakov authored Apr 27, 2012

of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA,
why slower algorithm are affected more... [from HEAD].
PR: 2794
Submitted by: Ashley Lai

c9b31189

26 Apr, 2012 7 commits
- Don't try to use unvalidated composite ciphers in FIPS mode · c76b7a1a
  Dr. Stephen Henson authored Apr 26, 2012
  
  c76b7a1a
- prepare for next version · c940e070
  Dr. Stephen Henson authored Apr 26, 2012
  
  c940e070
- make update · 88be4ebf
  Dr. Stephen Henson authored Apr 26, 2012
  
  OpenSSL_1_0_1b
  
  88be4ebf
- prepare for 1.0.1b release · effa47b8
  Dr. Stephen Henson authored Apr 26, 2012
  
  effa47b8
- update NEWS · 067400b1
  Dr. Stephen Henson authored Apr 26, 2012
  
  067400b1
- CHANGES: clarify. · 748628ce
  Andy Polyakov authored Apr 26, 2012
  
  748628ce
- CHANGEs: fix typos and clarify. · 6791060e
  Andy Polyakov authored Apr 26, 2012
  
  6791060e
25 Apr, 2012 2 commits
- Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and · 502dfeb8
  Dr. Stephen Henson authored Apr 25, 2012
```
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
```
  502dfeb8
- s23_clnt.c: ensure interoperability by maitaining client "version capability" · 5bbed295
  Andy Polyakov authored Apr 25, 2012
```
vector contiguous [from HEAD].
PR: 2802
```
  5bbed295
22 Apr, 2012 3 commits
- correct error code · 2f2d33f4
  Dr. Stephen Henson authored Apr 22, 2012
  
  2f2d33f4
- check correctness of errors before updating them so we don't get bogus errors added · be60a3fe
  Dr. Stephen Henson authored Apr 22, 2012
  
  be60a3fe
- correct old FAQ answers, sync with HEAD · e504a829
  Dr. Stephen Henson authored Apr 22, 2012
  
  e504a829
20 Apr, 2012 3 commits
- e_rc4_hmac_md5.c: reapply commit#21726, which was erroneously omitted. · 0d829f66
  Andy Polyakov authored Apr 20, 2012
```
PR: 2797, 2792
```
  0d829f66
- call OPENSSL_init when calling FIPS_mode too · d9540579
  Dr. Stephen Henson authored Apr 20, 2012
  
  d9540579
- make ciphers work again for FIPS builds · ecf963b8
  Dr. Stephen Henson authored Apr 20, 2012
  
  ecf963b8
19 Apr, 2012 6 commits
- e_rc4_hmac_md5.c: last commit was inappropriate for non-x86[_64] platforms · 7fc6d35b
  Andy Polyakov authored Apr 19, 2012
```
[from HEAD].
PR: 2792
```
  7fc6d35b
- update for next version · e7d2a371
  Dr. Stephen Henson authored Apr 19, 2012
  
  e7d2a371
- prepare for 1.0.1a release · 531c6fc8
  Dr. Stephen Henson authored Apr 19, 2012
  
  OpenSSL_1_0_1a
  
  531c6fc8
- update NEWS · e011d0a3
  Dr. Stephen Henson authored Apr 19, 2012
  
  e011d0a3
- Check for potentially exploitable overflows in asn1_d2i_read_bio · 8d5505d0
  Dr. Stephen Henson authored Apr 19, 2012
```
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
```
  8d5505d0
- Makefile.org: clear yet another environment variable [from HEAD]. · d36e0ee4
  Andy Polyakov authored Apr 19, 2012
```
PR: 2793
```
  d36e0ee4
18 Apr, 2012 4 commits
- only call FIPS_cipherinit in FIPS mode · 143619cc
  Dr. Stephen Henson authored Apr 18, 2012
  
  143619cc
- e_rc4_hmac_md5.c: update from HEAD, fixes crash on legacy Intel CPUs. · 9f339d75
  Andy Polyakov authored Apr 18, 2012
```
PR: 2792
```
  9f339d75
- update NEWS · 28583660
  Dr. Stephen Henson authored Apr 18, 2012
  
  28583660
- correct error code · dedfe959
  Dr. Stephen Henson authored Apr 18, 2012
  
  dedfe959
17 Apr, 2012 3 commits

Disable SHA-2 ciphersuites in < TLS 1.2 connections. · 4d936ace

Bodo Möller authored Apr 17, 2012

(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)

Submitted by: Adam Langley

4d936ace

Additional workaround for PR#2771 · 89bd25eb

Dr. Stephen Henson authored Apr 17, 2012

If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.

Document workarounds in CHANGES.

89bd25eb

Partial workaround for PR#2771. · 4a1cf501

Dr. Stephen Henson authored Apr 17, 2012

Some servers hang when presented with a client hello record length exceeding
255 bytes but will work with longer client hellos if the TLS record version
in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all
cases...

4a1cf501

16 Apr, 2012 2 commits
- OPENSSL_NO_SOCK fixes [from HEAD]. · 32e12316
  Andy Polyakov authored Apr 16, 2012
```
PR: 2791
Submitted by: Ben Noordhuis
```
  32e12316
- Minor compatibility fixes [from HEAD]. · ad7b24f1
  Andy Polyakov authored Apr 16, 2012
```
PR: 2790
Submitted by: Alexei Khlebnikov
```
  ad7b24f1
15 Apr, 2012 2 commits
- s3_srvr.c: fix typo [from HEAD]. · c2770c0e
  Andy Polyakov authored Apr 15, 2012
```
PR: 2538
```
  c2770c0e
- e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag · 371056f2
  Andy Polyakov authored Apr 15, 2012
```
countermeasure [from HEAD].

PR: 2778
```
  371056f2
12 Apr, 2012 1 commit
- s390x asm pack: fix typos. · 2d613908
  Andy Polyakov authored Apr 12, 2012
  
  2d613908
11 Apr, 2012 3 commits
- oops, macro not present in OpenSSL 1.0.2 · 18fb1fae
  Dr. Stephen Henson authored Apr 11, 2012
  
  18fb1fae
- fix reset fix · 39ef161c
  Dr. Stephen Henson authored Apr 11, 2012
  
  39ef161c
- make reinitialisation work for CMAC · a7612c50
  Dr. Stephen Henson authored Apr 11, 2012
  
  a7612c50
10 Apr, 2012 1 commit
- update rather ancient EVP digest documentation · 6cbae10b
  Dr. Stephen Henson authored Apr 10, 2012
  
  6cbae10b