Commits · 6321ac9e15b23fdcbad25299ca4456a8186f6403 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

May 16, 2012
- ppccap.c: assume no features under 32-bit AIX kernel [from HEAD]. · 6321ac9e
  Andy Polyakov authored May 16, 2012
```
PR: 2810
```
  6321ac9e
May 11, 2012

PR: 2813 · eeca72f7

Dr. Stephen Henson authored May 11, 2012

Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.

eeca72f7

PR: 2811 · 6e164e5c

Dr. Stephen Henson authored May 11, 2012

Reported by: Phil Pennock <openssl-dev@spodhuis.org>

Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
version client hello workaround if renegotiating.

6e164e5c

May 10, 2012
- PR: 2806 · 1b452133
  Dr. Stephen Henson authored May 10, 2012
```
Submitted by: PK <runningdoglackey@yahoo.com>

Correct ciphersuite signature algorithm definitions.
```
  1b452133
- prepare for next version · d9c34505
  Dr. Stephen Henson authored May 10, 2012
  
  d9c34505
- prepare for 1.0.1c release · f9885acc
  Dr. Stephen Henson authored May 10, 2012
  
  OpenSSL_1_0_1c
  
  f9885acc
- update NEWS · fa9df484
  Dr. Stephen Henson authored May 10, 2012
  
  fa9df484
- Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and · d414a5a0
  Dr. Stephen Henson authored May 10, 2012
```
DTLS to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
```
  d414a5a0
- Don't forget to install srtp.h as well · 9eb4460e
  Richard Levitte authored May 10, 2012
  
  9eb4460e
- oops, revert unrelated change · 6984d166
  Dr. Stephen Henson authored May 10, 2012
  
  6984d166
- Reported by: Solar Designer of Openwall · 5b9d0995
  Dr. Stephen Henson authored May 10, 2012
```
Make sure tkeylen is initialised properly when encrypting CMS messages.
```
  5b9d0995
May 04, 2012
- Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS. · 7ad8e1fc
  Richard Levitte authored May 04, 2012
  
  7ad8e1fc
Apr 27, 2012

ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance · c9b31189

Andy Polyakov authored Apr 27, 2012

of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA,
why slower algorithm are affected more... [from HEAD].
PR: 2794
Submitted by: Ashley Lai

c9b31189

Apr 26, 2012
- Don't try to use unvalidated composite ciphers in FIPS mode · c76b7a1a
  Dr. Stephen Henson authored Apr 26, 2012
  
  c76b7a1a
- prepare for next version · c940e070
  Dr. Stephen Henson authored Apr 26, 2012
  
  c940e070
- make update · 88be4ebf
  Dr. Stephen Henson authored Apr 26, 2012
  
  OpenSSL_1_0_1b
  
  88be4ebf
- prepare for 1.0.1b release · effa47b8
  Dr. Stephen Henson authored Apr 26, 2012
  
  effa47b8
- update NEWS · 067400b1
  Dr. Stephen Henson authored Apr 26, 2012
  
  067400b1
- CHANGES: clarify. · 748628ce
  Andy Polyakov authored Apr 26, 2012
  
  748628ce
- CHANGEs: fix typos and clarify. · 6791060e
  Andy Polyakov authored Apr 26, 2012
  
  6791060e
Apr 25, 2012
- Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and · 502dfeb8
  Dr. Stephen Henson authored Apr 25, 2012
```
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
```
  502dfeb8
- s23_clnt.c: ensure interoperability by maitaining client "version capability" · 5bbed295
  Andy Polyakov authored Apr 25, 2012
```
vector contiguous [from HEAD].
PR: 2802
```
  5bbed295
Apr 22, 2012
- correct error code · 2f2d33f4
  Dr. Stephen Henson authored Apr 22, 2012
  
  2f2d33f4
- check correctness of errors before updating them so we don't get bogus errors added · be60a3fe
  Dr. Stephen Henson authored Apr 22, 2012
  
  be60a3fe
- correct old FAQ answers, sync with HEAD · e504a829
  Dr. Stephen Henson authored Apr 22, 2012
  
  e504a829
Apr 20, 2012
- e_rc4_hmac_md5.c: reapply commit#21726, which was erroneously omitted. · 0d829f66
  Andy Polyakov authored Apr 20, 2012
```
PR: 2797, 2792
```
  0d829f66
- call OPENSSL_init when calling FIPS_mode too · d9540579
  Dr. Stephen Henson authored Apr 20, 2012
  
  d9540579
- make ciphers work again for FIPS builds · ecf963b8
  Dr. Stephen Henson authored Apr 20, 2012
  
  ecf963b8
Apr 19, 2012
- e_rc4_hmac_md5.c: last commit was inappropriate for non-x86[_64] platforms · 7fc6d35b
  Andy Polyakov authored Apr 19, 2012
```
[from HEAD].
PR: 2792
```
  7fc6d35b
- update for next version · e7d2a371
  Dr. Stephen Henson authored Apr 19, 2012
  
  e7d2a371
- prepare for 1.0.1a release · 531c6fc8
  Dr. Stephen Henson authored Apr 19, 2012
  
  OpenSSL_1_0_1a
  
  531c6fc8
- update NEWS · e011d0a3
  Dr. Stephen Henson authored Apr 19, 2012
  
  e011d0a3
- Check for potentially exploitable overflows in asn1_d2i_read_bio · 8d5505d0
  Dr. Stephen Henson authored Apr 19, 2012
```
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
```
  8d5505d0
- Makefile.org: clear yet another environment variable [from HEAD]. · d36e0ee4
  Andy Polyakov authored Apr 19, 2012
```
PR: 2793
```
  d36e0ee4
Apr 18, 2012
- only call FIPS_cipherinit in FIPS mode · 143619cc
  Dr. Stephen Henson authored Apr 18, 2012
  
  143619cc
- e_rc4_hmac_md5.c: update from HEAD, fixes crash on legacy Intel CPUs. · 9f339d75
  Andy Polyakov authored Apr 18, 2012
```
PR: 2792
```
  9f339d75
- update NEWS · 28583660
  Dr. Stephen Henson authored Apr 18, 2012
  
  28583660
- correct error code · dedfe959
  Dr. Stephen Henson authored Apr 18, 2012
  
  dedfe959
Apr 17, 2012

Disable SHA-2 ciphersuites in < TLS 1.2 connections. · 4d936ace

Bodo Möller authored Apr 17, 2012

(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)

Submitted by: Adam Langley

4d936ace

Additional workaround for PR#2771 · 89bd25eb

Dr. Stephen Henson authored Apr 17, 2012

If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.

Document workarounds in CHANGES.

89bd25eb