Commits · 8e04001f85c05fb26e775d099faaf2f85f11fe03 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jan 29, 2014

Dr. Stephen Henson authored Jan 29, 2014

Remove reference to ERR_TXT_MALLOCED in the error library as that is
only used internally. Indicate that returned error data must not be
freed.
(cherry picked from commit f2d678e6)

8e04001f

Jan 28, 2014

typo · 0450d6c1
Dr. Stephen Henson authored Jan 28, 2014
```
(cherry picked from commit cb218267)
```
0450d6c1
Fix demo comment: 0.9.9 never released. · 745929c2
Dr. Stephen Henson authored Jan 28, 2014
```
(cherry picked from commit 717cc858)
```
745929c2

Add loaded dynamic ENGINEs to list. · 158d0616

Dr. Stephen Henson authored Jan 28, 2014

Always add a dynamically loaded ENGINE to list. Otherwise it can cause
problems when multiply loaded, especially if it adds new public key methods.
For all current engines we only want a single implementation anyway.
(cherry picked from commit e933f91f)

158d0616

Jan 23, 2014

Use default digest implementation in dgst.c · 16d61675

Dr. Stephen Henson authored Jan 23, 2014

Use default instead of ENGINE version of digest. Without this
errors will occur if you use an ENGINE for a private key and
it doesn't implement the digest in question.
(cherry picked from commit 4eedf86a)

16d61675

make update · 9fe6acbd
Dr. Stephen Henson authored Jan 23, 2014

9fe6acbd

Jan 16, 2014
- Omit initial status request callback check. · 5df83229
  Kaspar Brand authored Jan 16, 2014
```
PR#3178
(cherry picked from commit eb85ee9a)
```
  5df83229
Jan 11, 2014
- VMS fixes · 317ed9ab
  Zoltan Arpadffy authored Jan 11, 2014
  
  317ed9ab
Jan 10, 2014
- fix shell syntax PR#3216 · 080ae684
  Dr. Stephen Henson authored Jan 10, 2014
  
  080ae684
Jan 09, 2014
- Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling. · 6c6f6c44
  Dr. Stephen Henson authored Jan 09, 2014
```
(cherry picked from commit 8f4077ca)
```
  6c6f6c44
Jan 06, 2014
- Prepare for 1.0.0m-dev · 11d31c00
  Dr. Stephen Henson authored Jan 06, 2014
  
  11d31c00
- Prepare for 1.0.0l release · 7f94a3c3
  Dr. Stephen Henson authored Jan 06, 2014
  
  OpenSSL_1_0_0l
  
  7f94a3c3
- make update · 528c6ef7
  Dr. Stephen Henson authored Jan 06, 2014
  
  528c6ef7
Jan 04, 2014

Restore SSL_OP_MSIE_SSLV2_RSA_PADDING · 1b0d4812

Dr. Stephen Henson authored Jan 04, 2014

The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
0.9.7h but deleting it will break source compatibility with any software
that references it. Restore it but #define to zero.
(cherry picked from commit b17d6b8d)

1b0d4812

Jan 02, 2014
- update NEWS · 7233e209
  Dr. Stephen Henson authored Jan 02, 2014
  
  7233e209
Dec 20, 2013

Fix DTLS retransmission from previous session. · 2d64b51d

Dr. Stephen Henson authored Dec 20, 2013

For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967)

Conflicts:

	ssl/ssl_locl.h

2d64b51d

Ignore NULL parameter in EVP_MD_CTX_destroy. · 1f7732bc
Dr. Stephen Henson authored Dec 20, 2013
```
(cherry picked from commit a6c62f0c)
```
1f7732bc

Dec 10, 2013
- remove obsolete STATUS file · fec613dc
  Dr. Stephen Henson authored Dec 10, 2013
  
  fec613dc
Dec 09, 2013
- Add release dates to NEWS · 91f17128
  Dr. Stephen Henson authored Dec 09, 2013
  
  91f17128
Nov 27, 2013
- Simplify and update openssl.spec · 2a832cf0
  Dr. Stephen Henson authored Nov 27, 2013
  
  2a832cf0
Nov 11, 2013
- Fix memory leak. · 0c939428
  Dr. Stephen Henson authored Nov 11, 2013
```
(cherry picked from commit 16bc45ba)
```
  0c939428
Nov 09, 2013
- Check for missing components in RSA_check. · 07aafc49
  Dr. Stephen Henson authored Nov 07, 2013
```
(cherry picked from commit 01be36ef70525e81fc358d2e559bdd0a0d9427a5)
```
  07aafc49
- Document RSAPublicKey_{in,out} options. · 70fd1f91
  Dr. Stephen Henson authored Nov 07, 2013
```
(cherry picked from commit 7040d73d22987532faa503630d6616cf2788c975)
```
  70fd1f91
Nov 08, 2013

engines/ccgost/gost89.h: make word32 defintion unconditional. · 16f2ba72

Andy Polyakov authored Nov 08, 2013

Original definition depended on __LONG_MAX__ that is not guaranteed to
be present. As we don't support platforms with int narrower that 32 bits
it's appropriate to make defition inconditional.

PR: 3165
(cherry picked from commit 96180cac)

16f2ba72

Nov 06, 2013
- Initialise context before using it. · 0c0a51d3
  Dr. Stephen Henson authored Nov 06, 2013
```
(cherry picked from commit a4947e4e)
```
  0c0a51d3
Nov 05, 2013
- PBKDF2 should be efficient. Contributed by Christian Heimes · 68b6a943
  Ben Laurie authored Nov 03, 2013
```
<christian@python.org>.

Conflicts:
	crypto/evp/p5_crpt2.c
```
  68b6a943
Oct 04, 2013
- Merge branch 'rob-100' into OpenSSL_1_0_0-stable · b7aa71a3
  Ben Laurie authored Oct 04, 2013
  
  b7aa71a3
- Update CHANGES. · f1d02019
  Rob Stradling authored Sep 12, 2013
  
  f1d02019
Oct 03, 2013

evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms. · 41468ed3

Andy Polyakov authored Oct 03, 2013

Submitted by: Yuriy Kaminskiy
(cherry picked from commit 524b00c0)

Resolved conflicts:

	crypto/evp/e_des3.c
(cherry picked from commit eb22b7ec)

41468ed3

Oct 01, 2013
- Constification. · 5f0df1f6
  Ben Laurie authored Oct 01, 2013
```
Conflicts:
	crypto/buffer/buffer.c
```
  5f0df1f6
Sep 30, 2013
- Typo. · e6b4ed7f
  Dr. Stephen Henson authored Jul 17, 2013
```
(cherry picked from commit 415ece73)
```
  e6b4ed7f
Sep 16, 2013

Sync CHANGES and NEWS files. · f11bedf8
Bodo Moeller authored Sep 16, 2013

f11bedf8

Fix overly lenient comparisons: · c23746f3

Bodo Moeller authored Sep 16, 2013

    - EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope

(cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)

c23746f3

Sep 10, 2013
- Remove empty line. · 7a1b1722
  Rob Stradling authored Sep 10, 2013
  
  7a1b1722
- Tidy up comments. · 583c2aa3
  Rob Stradling authored Sep 10, 2013
  
  583c2aa3
- Use TLS version supplied by client when fingerprinting Safari. · 9b2b6191
  Rob Stradling authored Sep 10, 2013
  
  9b2b6191
Sep 09, 2013
- Backport TLS 1.1/1.2 #defines · 48f91f6a
  Rob Stradling authored Sep 09, 2013
  
  48f91f6a
- Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. · 6f1c8d45
  Rob Stradling authored Sep 09, 2013
```
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
```
  6f1c8d45
Aug 20, 2013
- Correct ECDSA example. · 56023bc4
  Dr. Stephen Henson authored Aug 20, 2013
```
(cherry picked from commit 3a918ea2bbf4175d9461f81be1403d3781b2c0dc)
```
  56023bc4
Aug 13, 2013

DTLS message_sequence number wrong in rehandshake ServerHello · 6f87807e

Michael Tuexen authored Aug 13, 2013

This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.
(cherry picked from commit b62f4daa)

Conflicts:

	ssl/d1_pkt.c

6f87807e