Commits · 9d2c9dd1e1a452939a733b638d180bb308ce72a9 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jun 05, 2014

Additional CVE-2014-0224 protection. · 9d2c9dd1

Dr. Stephen Henson authored May 16, 2014

Return a fatal error if an attempt is made to use a zero length
master secret.
(cherry picked from commit 006cd708)

9d2c9dd1

Fix CVE-2014-0221 · 8942b92c

Dr. Stephen Henson authored May 16, 2014

Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
(cherry picked from commit d3152655)

8942b92c

Fix CVE-2014-3470 · e5f70659

Dr. Stephen Henson authored May 29, 2014

Check session_cert is not NULL before dereferencing it.
(cherry picked from commit 8011cd56)

e5f70659

Jun 03, 2014
- Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370 · a5d03c54
  Libor Krystek authored Jun 03, 2014
  
  a5d03c54
Jun 02, 2014

Check there is enough room for extension. · 56b94a38
David Benjamin authored Jun 02, 2014
```
(cherry picked from commit 7d89b3bf42e4b4067371ab33ef7631434e41d1e4)
```
56b94a38
Free up s->d1->buffered_app_data.q properly. · d52eb827
zhu qun-ying authored Jun 02, 2014
```
PR#3286
(cherry picked from commit 71e95000afb2227fe5cac1c79ae884338bcd8d0b)
```
d52eb827

Allow reordering of certificates when signing. · 4967a832

Dr. Stephen Henson authored Jun 02, 2014

Add certificates if -nocerts and -certfile specified when signing
in smime application. This can be used this to specify the
order certificates appear in the PKCS#7 structure: some broken
applications require a certain ordering.

PR#3316
(cherry picked from commit e114abee9ec084a56c1d6076ac6de8a7a3a5cf34)

4967a832

Typo: set i to -1 before goto. · 64688668
Sami Farin authored Jun 02, 2014
```
PR#3302
(cherry picked from commit 9717f01951f976f76dd40a38d9fc7307057fa4c4)
```
64688668

Jun 01, 2014

Added SSLErr call for internal error in dtls1_buffer_record · de8a5b52
Matt Caswell authored Jun 01, 2014

de8a5b52
Delays the queue insertion until after the ssl3_setup_buffers() call due to... · 8de85b00
David Ramos authored Jun 01, 2014
```
Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362
```
8de85b00

Recognise padding extension. · 8d715741

Dr. Stephen Henson authored Jun 01, 2014

(cherry picked from commit ea2bb861f0daaa20819bf9ac8c146f7593feacd4)

Conflicts:

	apps/s_cb.c

8d715741

Option to disable padding extension. · 623a01df

Dr. Stephen Henson authored Jun 01, 2014

Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.

This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.

PR#3336
(cherry picked from commit 758415b2259fa45d3fe17d8e53ae1341b7b6e482)

Conflicts:

	ssl/t1_lib.c

623a01df

Set default global mask to UTF8 only. · 08b172b9
Dr. Stephen Henson authored Jun 01, 2014
```
(cherry picked from commit 3009244d)
```
08b172b9

Allocate extra space when NETSCAPE_HANG_BUG defined. · 856a4585

David Ramos authored Jun 01, 2014

Make sure there is an extra 4 bytes for server done message when
NETSCAPE_HANG_BUG is defined.

PR#3361
(cherry picked from commit 92d81ba6)

856a4585

Initialise alg. · 3329765b
David Ramos authored Jun 01, 2014
```
PR#3313
(cherry picked from commit 7e2c6f7e)
```
3329765b

May 30, 2014
- Use correct digest when exporting keying material. · 87a0cbdf
  Dr. Stephen Henson authored May 30, 2014
```
PR#3319
(cherry picked from commit 84691390eae86befd33c83721dacedb539ae34e6)
```
  87a0cbdf
- Don't compile heartbeat test code on Windows (for now). · b5bdde9e
  Dr. Stephen Henson authored May 30, 2014
```
(cherry picked from commit 2c575907d2c8601a18716f718ce309ed4e1f1783)
```
  b5bdde9e
May 29, 2014
- Set version number correctly. · 1788072b
  Dr. Stephen Henson authored May 29, 2014
```
PR#3249
(cherry picked from commit 8909bf20269035d295743fca559207ef2eb84eb3)
```
  1788072b
- Fix memory leak. · 5f2b5e38
  František Bořánek authored May 29, 2014
```
PR#3278
(cherry picked from commit de56fe797081fc09ebd1add06d6e2df42a324fd5)
```
  5f2b5e38
- remove duplicate 0x for default RSASSA-PSS salt len · 42d73874
  Martin Kaiser authored May 28, 2014
```
(cherry picked from commit 3820fec3a09faecba7fe9912aa20ef7fcda8337b)
```
  42d73874
May 25, 2014
- Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg · 88d3d6c9
  Matt Caswell authored May 25, 2014
  
  88d3d6c9
May 24, 2014
- Only copy opensslconf.h at init time. · 3435ef46
  Ben Laurie authored May 24, 2014
  
  3435ef46
May 23, 2014
- vpaes-ppc.pl: comply with ABI. · c90c694b
  Andy Polyakov authored May 23, 2014
```
(cherry picked from commit b83d09f5)
```
  c90c694b
May 22, 2014
- Fix heartbeat_test for -DOPENSSL_NO_HEARTBEATS · 8db2ba4b
  Mike Bland authored May 22, 2014
```
Replaces the entire test with a trivial implementation when
OPENSSL_NO_HEARTBEATS is defined.
```
  8db2ba4b
- Check length first in BUF_strnlen(). · d77501d8
  Ben Laurie authored May 22, 2014
  
  d77501d8
May 21, 2014
- Fixed minor copy&paste error, and stray space causing rendering problem · 15e45659
  Matt Caswell authored May 22, 2014
  
  15e45659
- Fixed unterminated B tag, causing build to fail with newer pod2man versions · 57577665
  Matt Caswell authored May 22, 2014
  
  57577665
- Remove redundant test. · 4f7236ed
  Ben Laurie authored May 21, 2014
  
  4f7236ed
- Implement BUF_strnlen() and use it instead of strlen(). · ed693e43
  Ben Laurie authored May 21, 2014
  
  ed693e43
- Fixes to host checking. · a2219f6b
  Viktor Dukhovni authored May 21, 2014
```
Fixes to host checking wild card support and add support for
setting host checking flags when verifying a certificate
chain.
(cherry picked from commit 397a8e74)
```
  a2219f6b
- Fix for PKCS12_create if no-rc2 specified. · 03b5b78c
  Dr. Stephen Henson authored May 21, 2014
```
Use triple DES for certificate encryption if no-rc2 is
specified.

PR#3357
```
  03b5b78c
- Change default cipher in smime app to des3. · cd302feb
  Dr. Stephen Henson authored May 21, 2014
```
PR#3357
(cherry picked from commit ca3ffd9670f2b589bf8cc04923f953e06d6fbc58)
```
  cd302feb
May 20, 2014
- Fix signed/unsigned warning. · 5cd1a6fc
  Ben Laurie authored May 20, 2014
  
  5cd1a6fc
- Don't allocate more than is needed in BUF_strndup(). · 4ceb430a
  Ben Laurie authored May 20, 2014
  
  4ceb430a
- For portability use BUF_strndup instead of strndup. · 81ce94f8
  Dr. Stephen Henson authored May 20, 2014
```
(cherry picked from commit dcca7b13)
```
  81ce94f8
- Adding padding extension to trace code. · feaa3b38
  Dr. Stephen Henson authored May 20, 2014
```
(cherry picked from commit 6db14dbc)
```
  feaa3b38
May 19, 2014
- Fix a wrong parameter count ERR_add_error_data · 5d8e9f2a
  Janpopan authored May 04, 2014
  
  5d8e9f2a
- Merge branch 'mbland-heartbeat-test-1.0.2' into OpenSSL_1_0_2-stable · 6c1d36a6
  Ben Laurie authored May 19, 2014
  
  6c1d36a6
May 18, 2014

Unit/regression test for TLS heartbeats. · 2312a84c

Mike Bland authored Apr 16, 2014

Regression test against CVE-2014-0160 (Heartbleed).

More info: http://mike-bland.com/tags/heartbleed.html

(based on commit 35cb55988b75573105eefd00d27d0138eebe40b1)

2312a84c

May 15, 2014

Moved note about lack of support for AEAD modes out of BUGS section to... · a99d2a22

Matt Caswell authored May 15, 2014

Moved note about lack of support for AEAD modes out of BUGS section to SUPPORTED CIPHERS section (bug has been fixed, but still no support for AEAD)

a99d2a22