Commits · 951dfbb13a79bff82cef8096d2c93bc2d65a7525 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Sep 28, 2006

Introduce limits to prevent malicious keys being able to · 951dfbb1

Mark J. Cox authored Sep 28, 2006

cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

951dfbb1

Sep 23, 2006
- Update from HEAD. · 81780a3b
  Dr. Stephen Henson authored Sep 23, 2006
  
  81780a3b
Sep 22, 2006
- Fix from HEAD. · c574d0cd
  Dr. Stephen Henson authored Sep 22, 2006
  
  c574d0cd
- Fix from HEAD. · c987c3f9
  Dr. Stephen Henson authored Sep 22, 2006
  
  c987c3f9
- Fix but in apps/pkcs12.c · 1a5e4148
  Dr. Stephen Henson authored Sep 22, 2006
```
PR: 1377
```
  1a5e4148
Sep 18, 2006
- Build error on non-unix [from HEAD]. · ec363938
  Andy Polyakov authored Sep 18, 2006
```
PR: 1390
```
  ec363938
- Race condition in ms/uplink.c [from HEAD]. · f01cfca6
  Andy Polyakov authored Sep 18, 2006
```
PR: 1382
```
  f01cfca6
- Ensure that the addition mods[i]+delta cannot overflow in probable_prime(). · 7d5af5e0
  Bodo Möller authored Sep 18, 2006
```
[Problem pointed out by Adam Young <adamy (at) acm.org>]
```
  7d5af5e0
Sep 12, 2006
- Update · 8fdb296c
  Bodo Möller authored Sep 12, 2006
  
  8fdb296c
Sep 11, 2006
- ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 · 879b30aa
  Bodo Möller authored Sep 11, 2006
```
ciphersuite as well
```
  879b30aa
Sep 06, 2006
- Remove non-functional part of recent patch, after discussion with · 40ddcb71
  Bodo Möller authored Sep 06, 2006
```
Colin Percival (this would have caused more problems than solved,
and isn't really necessary anyway)
```
  40ddcb71
Sep 05, 2006
- After tagging, prep for next release · da1841a0
  Mark J. Cox authored Sep 05, 2006
  
  da1841a0
- Ready for 0.9.8c release · 0a0a10d1
  Mark J. Cox authored Sep 05, 2006
  
  OpenSSL_0_9_8c
  
  0a0a10d1
- Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher · df20b6e7
  Mark J. Cox authored Sep 05, 2006
```
(CVE-2006-4339)

Submitted by:  Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
```
  df20b6e7
Aug 31, 2006
- Fix from HEAD. · f4f1dc39
  Dr. Stephen Henson authored Aug 31, 2006
  
  f4f1dc39
- Fix from HEAD. · 340b4dd7
  Dr. Stephen Henson authored Aug 31, 2006
  
  340b4dd7
Aug 28, 2006
- Add IGE and biIGE modes. · 4b9dcd82
  Ben Laurie authored Aug 28, 2006
  
  4b9dcd82
Aug 01, 2006
- Engage assembler in solaris64-x86_64-cc [backport from HEAD]. · 669c5c93
  Andy Polyakov authored Aug 01, 2006
  
  669c5c93
Jul 31, 2006
- Camellia IPR information · 7f9aa6c5
  Bodo Möller authored Jul 31, 2006
  
  7f9aa6c5
Jul 19, 2006
- New Camellia implementation (replacing previous version) · d9c06b56
  Bodo Möller authored Jul 19, 2006
```
Submitted by: NTT
```
  d9c06b56
- Camellia information · d045e1d7
  Bodo Möller authored Jul 19, 2006
  
  d045e1d7
Jul 13, 2006
- Fix from HEAD. · 6d14cc7e
  Dr. Stephen Henson authored Jul 13, 2006
  
  6d14cc7e
Jul 09, 2006
- Oops... · eb499b28
  Dr. Stephen Henson authored Jul 09, 2006
  
  eb499b28
- Fix from HEAD. · 65a82ef6
  Dr. Stephen Henson authored Jul 09, 2006
  
  65a82ef6
Jul 02, 2006
- Fix warning. · 616f5816
  Ben Laurie authored Jul 02, 2006
  
  616f5816
Jun 30, 2006
- documentation for "HIGH" vs. "MEDIUM" was not up-to-date · 57e80265
  Bodo Möller authored Jun 30, 2006
  
  57e80265
- use <poll.h> as by Single Unix Specification · 5d7f15da
  Bodo Möller authored Jun 30, 2006
  
  5d7f15da
Jun 28, 2006
- always read in RAND_poll() if we can't use select because of a too · ec67e3b7
  Bodo Möller authored Jun 28, 2006
```
large FD: it's non-blocking mode anyway
```
  ec67e3b7
- aes-586.pl sync from HEAD. · 0d3ff3c0
  Andy Polyakov authored Jun 28, 2006
  
  0d3ff3c0
- Mitigate the hazard of cache-collision timing attack on last round · 325e4886
  Andy Polyakov authored Jun 28, 2006
```
[from HEAD].
```
  325e4886
Jun 27, 2006
- Use poll() when possible to gather Unix randomness entropy · 8de95bc0
  Richard Levitte authored Jun 27, 2006
  
  8de95bc0
Jun 23, 2006
- Be more explicit about requirements for multi-threading. · 5e3003bb
  Bodo Möller authored Jun 23, 2006
  
  5e3003bb
Jun 22, 2006
- Fix for previous change: explicitly named ciphersuites are OK to add · e6e3f38b
  Bodo Möller authored Jun 22, 2006
  
  e6e3f38b
- Put ECCdraft ciphersuites back into default build (but disabled · aa17ab7e
  Bodo Möller authored Jun 22, 2006
```
unless specifically requested)
```
  aa17ab7e
Jun 20, 2006
- Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch) · 35908bd0
  Bodo Möller authored Jun 20, 2006
  
  35908bd0
Jun 16, 2006
- Another thread-safety fix · 4a9cfd76
  Bodo Möller authored Jun 16, 2006
  
  4a9cfd76
Jun 14, 2006
- Disable invalid ciphersuites · 0e73294e
  Bodo Möller authored Jun 14, 2006
  
  0e73294e
- Make sure that AES ciphersuites get priority over Camellia ciphersuites · b610f46b
  Bodo Möller authored Jun 14, 2006
```
in the default cipher string.
```
  b610f46b
- "make depend" for the default configuration, i.e. no-camellia here in · 1921a1ad
  Bodo Möller authored Jun 14, 2006
```
the 0.9.8 branch!
```
  1921a1ad
- Thread-safety fixes · 6d2cd23f
  Bodo Möller authored Jun 14, 2006
  
  6d2cd23f