Commits · 9f8c1832833bfb41b8691a632a6be0a58cedaea7 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jun 14, 2014
- Update the VMS tests according to the latest unixly tests. · 9f8c1832
  Richard Levitte authored Jun 12, 2014
```
Partly provided by Zoltan Arpadffy <arpadffy@polarhome.com>
```
  9f8c1832
- aesni-sha256-x86_64.pl: add missing rex in shaext. · 8301245a
  Andy Polyakov authored Jun 14, 2014
```
PR: 3405
(cherry picked from commit 91a6bf80)
```
  8301245a
- sha1-x86_64.pl: add missing rex prefix in shaext. · 1f6d2076
  Andy Polyakov authored Jun 14, 2014
```
PR: 3405
(cherry picked from commit c9cf29cc)
```
  1f6d2076
Jun 13, 2014
- Fixed incorrect return code handling in ssl3_final_finish_mac. · 561ba124
  Matt Caswell authored Jun 10, 2014
```
Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.
```
  561ba124
- Revert "Fixed incorrect return code handling in ssl3_final_finish_mac" · 7f133c35
  Matt Caswell authored Jun 13, 2014
```
This reverts commit 728bd41a.

Missing attribution.
```
  7f133c35
Jun 12, 2014
- Client-side namecheck wildcards. · 3cc8a3f2
  Viktor Dukhovni authored Jun 12, 2014
```
A client reference identity of ".example.com" matches a server
certificate presented identity that is any sub-domain of "example.com"
(e.g. "www.sub.example.com).

With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches
only direct child sub-domains (e.g. "www.sub.example.com").
(cherry picked from commit e52c52f10bb8e34aaf8f28f3e5b56939e8f6b357)
```
  3cc8a3f2
- Fix off-by-one errors in ssl_cipher_get_evp() · 3d860774
  Kurt Cancemi authored Jun 04, 2014
```
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

PR#3375
```
  3d860774
- Facilitate back-porting of AESNI and SHA modules. · 56ba280c
  Andy Polyakov authored Jun 12, 2014
```
Fix SEH and stack handling in Win64 build.
(cherry picked from commit 977f32e8)
```
  56ba280c
- Added OPENSSL_assert check as per PR#3377 reported by Rainer Jung <rainer.jung@kippdata.de> · 955bfbc2
  Matt Caswell authored Jun 12, 2014
  
  955bfbc2
- remove some more DANE code · 2eab488c
  Dr. Stephen Henson authored Jun 12, 2014
  
  2eab488c
- make update · fa7a0efb
  Dr. Stephen Henson authored Jun 12, 2014
  
  fa7a0efb
- Fix Windows build. · 3fe8f005
  Dr. Stephen Henson authored Jun 12, 2014
  
  3fe8f005
- Remove unimplemented functions. · 5af09776
  Dr. Stephen Henson authored Jun 12, 2014
  
  5af09776
- Update the VMS build according to the latest unixly build. · 995d08d1
  Richard Levitte authored Jun 12, 2014
```
Partly provided by Zoltan Arpadffy <arpadffy@polarhome.com>
```
  995d08d1
- The 1.0.2 cms-test.pl had some changes that don't quite work on VMS... · ca422f35
  Richard Levitte authored Jun 12, 2014
  
  ca422f35
- Bring in the 1.0.1g to 1.0.1h changes into CHANGES. · 68a1e0bc
  Richard Levitte authored Jun 12, 2014
  
  68a1e0bc
- Small cleanup, double entry in CHANGES. · ed6c278f
  Richard Levitte authored Jun 12, 2014
  
  ed6c278f
Jun 11, 2014
- Enable multi-block support by default. · d85a772e
  Andy Polyakov authored Jun 11, 2014
```
(cherry picked from commit 77a27a50)
```
  d85a772e
- Fix compilation with no-comp · fb2f9f26
  Dr. Stephen Henson authored Jun 11, 2014
```
(cherry picked from commit 7239a09c7b5757ed8d0e9869f3e9b03c0e11f4d1)
```
  fb2f9f26
- ghash-x86_64.pl: optimize for upcoming Atom. · 66aeaec0
  Andy Polyakov authored Jun 11, 2014
```
(cherry picked from commit 1cf8f57b)
```
  66aeaec0
- Add support for Intel SHA extension. · 70fddbe3
  Andy Polyakov authored Jun 11, 2014
```
(cherry picked from commit 619b9466)
```
  70fddbe3
Jun 10, 2014

Separate the SCT List parser from the SCT List viewer · 5fc3d333
Rob Stradling authored May 12, 2014
```
(cherry picked from commit fd2309aa)
```
5fc3d333
Fixed incorrect return code handling in ssl3_final_finish_mac · 728bd41a
Matt Caswell authored Jun 10, 2014

728bd41a
Engage GHASH for ARMv8. · 77fb5a30
Andy Polyakov authored Jun 06, 2014
```
(cherry picked from commit 82741e9c)
```
77fb5a30
Add GHASH for ARMv8 Crypto Extension. · 7344089d
Andy Polyakov authored Jun 06, 2014
```
Result of joint effort with Ard Biesheuvel.
(cherry picked from commit 2d5a799d)
```
7344089d
Engage ARMv8 AES support [from HEAD]. · 7e03acf2
Andy Polyakov authored Jun 11, 2014

7e03acf2
Add AES module for ARMv8 Crypto Extension [from HEAD]. · 9af4cb3d
Andy Polyakov authored Jun 11, 2014

9af4cb3d
sha[1|512]-armv8.pl: get instruction endianness right. · a00caa02
Andy Polyakov authored Jun 06, 2014
```
Submitted by: Ard Biesheuvel.
(cherry picked from commit cd91fd7c)
```
a00caa02
linux-aarch64: engage SHA modules. · 4672acfa
Andy Polyakov authored Jun 01, 2014
```
(cherry picked from commit f8aab617)
```
4672acfa
Add SHA for ARMv8. · ea61b327
Andy Polyakov authored Jun 01, 2014
```
(cherry picked from commit ddb6b965)
```
ea61b327

Andy Polyakov authored Jun 01, 2014

armcap.c is shared between 32- and 64-bit builds and features link-time
detection of getauxval.

Submitted by: Ard Biesheuvel.
(cherry picked from commit e8d93e34)

dabfbea7

aesni-mb-x86_64.pl: add Win64 SEH. · 56d97370
Andy Polyakov authored Jun 10, 2014
```
(cherry picked from commit e2eabed1)
```
56d97370
ARM assembly pack: get ARMv7 instruction endianness right. · 3a97ebb1
Andy Polyakov authored Jun 06, 2014
```
Pointer out and suggested by: Ard Biesheuvel.
(cherry picked from commit 5dcf70a1)
```
3a97ebb1
armv4cpuid.S: switch to CNTVCT tick counter. · 16f4d2e3
Andy Polyakov authored Jun 01, 2014
```
(cherry picked from commit 72346328)
```
16f4d2e3
sha[1|256]-armv4: harmonize with arm_arch.h. · 1f72a76f
Andy Polyakov authored Jun 01, 2014
```
(cherry picked from commit 797d24be)
```
1f72a76f
sha/asm/sha1-armv4-large.pl: add NEON and ARMv8 code paths. · f5247cea
Andy Polyakov authored May 04, 2014
```
sha/asm/sha256-armv4.pl: add ARMv8 code path.
(cherry picked from commit 9250a306)
```
f5247cea
crypto/armcap.c: detect ARMv8 capabilities [in 32-bit build]. · 3da2c3df
Andy Polyakov authored May 04, 2014
```
(cherry picked from commit 4afa9f03)
```
3da2c3df

backport changes to ciphers(1) man page · 4ceddeea

Hubert Kario authored Jun 10, 2014

Backport of patch:
add ECC strings to ciphers(1), point out difference between DH and ECDH

and backport of other other assorted fixes to this man page

 * Make a clear distinction between DH and ECDH key exchange.
 * Group all key exchange cipher suite identifiers, first DH then ECDH
 * add descriptions for all supported *DH* identifiers
 * add ECDSA authentication descriptions
 * add example showing how to disable all suites that offer no
   authentication or encryption
 * update status of static DH (it's now supported)
 * backport descriptions of AES128, AES256, AESGCM
 * backport descriptions of CAMELLIA128, CAMELLIA256
 * backport listing of standard names for ECC cipher suites
   and TLSv1.2 cipher suites
 * backport description of PSK cipher suites

4ceddeea

Create test/testutil.h for unit test helper macros · 2fddc5fc

Mike Bland authored Jun 07, 2014

Defines SETUP_TEST_FIXTURE and EXECUTE_TEST, and updates ssl/heartbeat_test.c
using these macros. SETUP_TEST_FIXTURE makes use of the new TEST_CASE_NAME
macro, defined to use __func__ or __FUNCTION__ on platforms that support those
symbols, or to use the file name and line number otherwise. This should fix
several reported build problems related to lack of C99 support.

2fddc5fc

Remove experimental DANE code. · e3beef1e
Dr. Stephen Henson authored Jun 06, 2014
```
Remove experimental DANE/dnssec code: not ready for use in an
official release yet.
```
e3beef1e