Commits · 9204e7ef0d186ed5005794ae0d6b14ad42ba274d · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Aug 13, 2013

DTLS message_sequence number wrong in rehandshake ServerHello · 9204e7ef

Michael Tuexen authored Aug 13, 2013

This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.

Conflicts:

	ssl/d1_pkt.c
(cherry picked from commit 6f87807e)

9204e7ef

Aug 08, 2013

DTLS handshake fix. · 257df40f

Michael Tuexen authored Aug 08, 2013

Reported by: Prashant Jaikumar <rmstar@gmail.com>

Fix handling of application data received before a handshake.
(cherry picked from commit 0c75eeac)

257df40f

Apr 08, 2013
- Set s->d1 to NULL after freeing it. · a44c9b9c
  Dr. Stephen Henson authored Apr 08, 2013
```
(cherry picked from commit 04638f2f)
```
  a44c9b9c
Apr 07, 2013
- Print out DSA key if parameters absent. · 1cbd7456
  Dr. Stephen Henson authored Apr 07, 2013
```
In DSA_print DSA parameters can be absent (e.g inherited) it is
not a fatal error.
```
  1cbd7456
Mar 19, 2013

Disable compression for DTLS. · e1e39a24

Dr. Stephen Henson authored Mar 19, 2013

The only standard compression method is stateful and is incompatible with
DTLS.
(cherry picked from commit e14b8410)

e1e39a24

Mar 18, 2013
- x86cpuid.pl: make it work with older CPU. · 01de6e21
  Andy Polyakov authored Mar 18, 2013
```
PR: 3005, from master
```
  01de6e21
- Avoid unnecessary fragmentation. · 05689a13
  Michael Tuexen authored Mar 18, 2013
```
(cherry picked from commit 80ccc66d)
```
  05689a13
- Encode INTEGER correctly. · 1643edc6
  Dr. Stephen Henson authored Mar 18, 2013
```
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
```
  1643edc6
- Typo. · 1546fb78
  Dr. Stephen Henson authored Mar 18, 2013
  
  1546fb78
Feb 26, 2013
- Merge branch 'OpenSSL_0_9_8-stable' of /home/steve/src/git/openssl into OpenSSL_0_9_8-stable · b7d222c5
  Dr. Stephen Henson authored Feb 26, 2013
  
  b7d222c5
- Use orig_len, not rec->orig_len · a93cc7c5
  Geoff Lowe authored Feb 26, 2013
  
  a93cc7c5
Feb 15, 2013

Fix POD errors to stop make install_docs dying with pod2man 2.5.0+ · 8988407a

Nick Alcock authored Feb 15, 2013

podlators 2.5.0 has switched to dying on POD syntax errors. This means
that a bunch of long-standing erroneous POD in the openssl documentation
now leads to fatal errors from pod2man, halting installation.

Unfortunately POD constraints mean that you have to sort numeric lists
in ascending order if they start with 1: you cannot do 1, 0, 2 even if
you want 1 to appear first. I've reshuffled such (alas, I wish there
were a better way but I don't know of one).

8988407a

Feb 14, 2013
- cms-test.pl: make it work with not-so-latest perl. · b2afc0a9
  Andy Polyakov authored May 16, 2011
```
(cherry picked from commit 9c437e2f)
```
  b2afc0a9
Feb 12, 2013

Check DTLS_BAD_VER for version number. · a8655eb2

David Woodhouse authored Feb 12, 2013

Need to check DTLS_BAD_VER as well as DTLS1_VERSION.
PR:2984
(cherry picked from commit 6a14feb0)

a8655eb2

Feb 11, 2013
- Fix for SSL_get_certificate · f751dc47
  Dr. Stephen Henson authored Feb 11, 2013
```
Now we set the current certificate to the one used by a server
there is no need to call ssl_get_server_send_cert which will
fail if we haven't sent a certificate yet.
(cherry picked from commit 147dbb2f)
```
  f751dc47
- Fix in ssltest is no-ssl2 configured · fbe621d0
  Dr. Stephen Henson authored Feb 11, 2013
```
(cherry picked from commit cbf9b4ae)
```
  fbe621d0
- use 10240 for tar record size · 2e9fd430
  Dr. Stephen Henson authored Feb 11, 2013
  
  2e9fd430
- FAQ/README: we are now using Git instead of CVS · 1638ce72
  Lutz Jaenicke authored Feb 11, 2013
```
(cherry picked from commit f88dbb83)

Conflicts:

	INSTALL.W32
```
  1638ce72
Feb 10, 2013

Set next version. · 7ecd974f

Dr. Stephen Henson authored Feb 10, 2013

Note: it was decided that after 0.9.8y it should be 0.9.8za then
0.9.8zb etc.

7ecd974f

Feb 09, 2013
- ssl/s3_[clnt|srvr].c: fix warning and linking error. · db731da8
  Andy Polyakov authored Feb 09, 2013
```
PR: 2979
```
  db731da8
Feb 08, 2013
- s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal. · 5864fd20
  Andy Polyakov authored Feb 08, 2013
```
(cherry picked from commit f93a4187)
```
  5864fd20
- s3_cbc.c: get rid of expensive divisions [from master]. · ff58eaa4
  Andy Polyakov authored Feb 08, 2013
```
(cherry picked from commit e9baceab)
```
  ff58eaa4
- ssl/s3_enc.c: remove artefact. · 76c61a5d
  Andy Polyakov authored Feb 08, 2013
  
  76c61a5d
- ssl/[d1|s3]_pkt.c: harmomize orig_len handling. · 4ea70191
  Andy Polyakov authored Feb 07, 2013
```
(cherry picked from commit 8545f73b)
```
  4ea70191
- Fix IV check and padding removal. · 59b1129e
  Dr. Stephen Henson authored Feb 07, 2013
```
Fix the calculation that checks there is enough room in a record
after removing padding and optional explicit IV. (by Steve)

For AEAD remove the correct number of padding bytes (by Andy)
(cherry picked from commit be125aa5)
```
  59b1129e
Feb 07, 2013

ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. · fb092ef4

Andy Polyakov authored Feb 01, 2013

Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
(cherry picked from commit 413cbfe6)

fb092ef4

Feb 06, 2013

Fix for EXP-RC2-CBC-MD5 · 6351adec

Adam Langley authored Feb 06, 2013

MD5 should use little endian order. Fortunately the only ciphersuite
affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which
is a rarely used export grade ciphersuite.
(cherry picked from commit ee463921)

6351adec

Feb 05, 2013
- prepare for release · 8964efc4
  Dr. Stephen Henson authored Feb 04, 2013
  
  OpenSSL_0_9_8y
  
  8964efc4
- make update · 430b637b
  Dr. Stephen Henson authored Feb 04, 2013
  
  430b637b
- Fix error codes. · ca3b81c8
  Dr. Stephen Henson authored Feb 04, 2013
```
(cherry picked from commit 35d732fc)
```
  ca3b81c8
- update NEWS and CHANGES · 031cbecf
  Dr. Stephen Henson authored Feb 04, 2013
  
  031cbecf
- bn_word.c: fix overflow bug in BN_add_word. · 1213e6c3
  Andy Polyakov authored Nov 09, 2012
```
(cherry picked from commit 134c0065)
```
  1213e6c3
- update NEWS · 32619893
  Dr. Stephen Henson authored Feb 01, 2013
  
  32619893
- s3/s3_cbc.c: allow for compilations with NO_SHA256|512. · 40e0de03
  Andy Polyakov authored Feb 01, 2013
```
(cherry picked from commit d5371324)
```
  40e0de03
- ssl/s3_cbc.c: md_state alignment portability fix. · 5f9345a2
  Andy Polyakov authored Feb 01, 2013
```
RISCs are picky and alignment granted by compiler for md_state can be
insufficient for SHA512.
(cherry picked from commit 36260233)
```
  5f9345a2
- ssl/s3_cbc.c: uint64_t portability fix. · 33ccde59
  Andy Polyakov authored Feb 01, 2013
```
Break dependency on uint64_t. It's possible to declare bits as
unsigned int, because TLS packets are limited in size and 32-bit
value can't overflow.
(cherry picked from commit cab13fc8)
```
  33ccde59
- Don't access EVP_MD internals directly. · 1909df07
  Dr. Stephen Henson authored Feb 01, 2013
  
  1909df07
- Add ordinal for CRYPTO_memcmp: since this will affect multiple · c23a7458
  Dr. Stephen Henson authored Jan 31, 2013
```
branches it needs to be in a "gap".
```
  c23a7458
- Timing fix mitigation for FIPS mode. · 924b1174
  Dr. Stephen Henson authored Jan 31, 2013
```
We have to use EVP in FIPS mode so we can only partially mitigate
timing differences.

Make an extra call to HMAC_Update to hash additonal blocks
to cover any timing differences caused by removal of padding.
```
  924b1174
- Move CRYPTO_memcmp to o_init.c when compiling with fips: cryptlib.o · 24b28060
  Dr. Stephen Henson authored Jan 31, 2013
```
is in the fips module for fips capable builds.
```
  24b28060