Commits · a32ba49352258067cdb6ae796481557614153c57 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Dec 18, 2013
- Check EVP errors for handshake digests. · a32ba493
  Dr. Stephen Henson authored Dec 14, 2013
```
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be)
```
  a32ba493
Dec 13, 2013
- verify parameter enumeration functions · 3a0c7154
  Dr. Stephen Henson authored Feb 25, 2010
```
(cherry picked from commit 9b3d7570)

Conflicts:

	crypto/x509/x509_vpm.c
```
  3a0c7154
- Add opaque ID structure. · adc6bd73
  Dr. Stephen Henson authored Dec 11, 2013
```
Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
```
  adc6bd73
- Backport TLS padding extension from master. · 8c6d8c2a
  Dr. Stephen Henson authored Dec 13, 2013
  
  8c6d8c2a
- Fix for partial chain notification. · 53a8f8c2
  Dr. Stephen Henson authored Dec 13, 2013
```
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
```
  53a8f8c2
- Verify parameter retrieval functions. · bf4863b3
  Dr. Stephen Henson authored Dec 13, 2013
```
New functions to retrieve internal pointers to X509_VERIFY_PARAM
for SSL_CTX and SSL structures.
```
  bf4863b3
- Don't use rdrand engine as default unless explicitly requested. · 8f686789
  Dr. Stephen Henson authored Dec 11, 2013
  
  8f686789
Dec 10, 2013
- Get FIPS checking logic right. · 57c4e42d
  Dr. Stephen Henson authored Dec 10, 2013
```
We need to lock when *not* in FIPS mode.
```
  57c4e42d
- remove obsolete STATUS file · ff672cf8
  Dr. Stephen Henson authored Dec 10, 2013
  
  ff672cf8
- Add release dates to NEWS · d43b0407
  Dr. Stephen Henson authored Dec 10, 2013
  
  d43b0407
Dec 09, 2013
- ARM assembly pack: SHA update from master. · 422c8c36
  Andy Polyakov authored Dec 09, 2013
  
  422c8c36
- ARM assembly pack: AES update from master (including bit-sliced module). · b76310ba
  Andy Polyakov authored Dec 09, 2013
  
  b76310ba
- bn/asm/armv4-mont.pl: add NEON code path. · c012f6e5
  Andy Polyakov authored Dec 04, 2013
```
(cherry picked from commit d1671f4f)
```
  c012f6e5
- crypto/bn/asm/x86_64-mont*.pl: update from master. · cf6d5596
  Andy Polyakov authored Dec 09, 2013
```
Add MULX/AD*X code paths and optimize even original code path.
```
  cf6d5596
- x86_64-xlate.pl: fix jrcxz in nasm case. · 3aa1b1cc
  Andy Polyakov authored Oct 03, 2013
```
(cherry picked from commit 667053a2)
```
  3aa1b1cc
- x86_64-xlate.pl: minor update. · 3dcae82f
  Andy Polyakov authored Dec 09, 2013
```
(cherry picked from commit 41965a84)
```
  3dcae82f
Dec 08, 2013

update $default_depflags · 86b81ecb
Dr. Stephen Henson authored Dec 08, 2013

86b81ecb

Avoid multiple locks in FIPS mode. · c43dc3dd

Dr. Stephen Henson authored Dec 04, 2013

PR: 3176.

In FIPS mode ssleay_rand_bytes is only used for PRNG seeding and is
performed in either a single threaded context (when the PRNG is first
initialised) or under a lock (reseeding). To avoid multiple locks disable
use of CRYPTO_LOCK_RAND in FIPS mode in ssleay_rand_bytes.

c43dc3dd

Dec 03, 2013
- bn/asm/x86_64-mont5.pl: comply with Win64 ABI. · e5eab8a1
  Andy Polyakov authored Dec 03, 2013
```
PR: 3189
Submitted by: Oscar Ciurana
(cherry picked from commit c5d5f5bd)
```
  e5eab8a1
- crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64. · 7bab6eb6
  Andy Polyakov authored Dec 03, 2013
```
(cherry picked from commit 8bd7ca99)
```
  7bab6eb6
- crypto/bn/rsaz*: fix licensing note. · 87d9526d
  Andy Polyakov authored Dec 03, 2013
```
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
asm/rsaz-x86_64.pl: sync from master.
(cherry picked from commit 31ed9a21)
```
  87d9526d
- bn/asm/rsaz-x86_64.pl: fix prototype. · 36982f05
  Andy Polyakov authored Dec 03, 2013
```
(cherry picked from commit 6efef384)
```
  36982f05
Dec 01, 2013
- Fix warning. · c97ec563
  Dr. Stephen Henson authored Dec 01, 2013
  
  c97ec563
- Change header order to pick up OPENSSL_SYS_WIN32 · fdb0d5dd
  Dr. Stephen Henson authored Dec 01, 2013
  
  fdb0d5dd
- Recongnise no-dane and no-libunbound · 81b6dfe4
  Dr. Stephen Henson authored Dec 01, 2013
  
  81b6dfe4
- make update · bc35b8e4
  Dr. Stephen Henson authored Dec 01, 2013
  
  bc35b8e4
- Fix warnings. · 6859f3fc
  Dr. Stephen Henson authored Dec 01, 2013
  
  6859f3fc
- WIN32 fixes. · 8b2d5cc4
  Dr. Stephen Henson authored Dec 01, 2013
  
  8b2d5cc4
- RSAX no longer compiled. · 74184b6f
  Dr. Stephen Henson authored Dec 01, 2013
  
  74184b6f
Nov 27, 2013
- Simplify and update openssl.spec · 6416aed5
  Dr. Stephen Henson authored Nov 27, 2013
  
  6416aed5
Nov 18, 2013
- New functions to retrieve certificate from SSL_CTX · 2a1b7bd3
  Dr. Stephen Henson authored Nov 18, 2013
```
New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().
(cherry picked from commit a25f9adc)
```
  2a1b7bd3
- Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set · 4bba0bda
  Dr. Stephen Henson authored Nov 18, 2013
```
(cherry picked from commit 60aeb187)
```
  4bba0bda
Nov 17, 2013
- Use correct header length in ssl3_send_certifcate_request · 27baa831
  Dr. Stephen Henson authored Nov 17, 2013
```
(cherry picked from commit fdeaf55b)
```
  27baa831
Nov 14, 2013
- Constify. · 1abfa78a
  Dr. Stephen Henson authored Nov 14, 2013
  
  1abfa78a
- Fix compilation with no-nextprotoneg. · edc687ba
  Piotr Sikora authored Nov 13, 2013
```
PR#3106
```
  edc687ba
Nov 13, 2013

Allow match selecting of current certificate. · ff0bdbed

Dr. Stephen Henson authored Nov 13, 2013

If pointer comparison for current certificate fails check
to see if a match using X509_cmp succeeds for the current
certificate: this is useful for cases where the certificate
pointer is not available.
(cherry picked from commit 6856b288a6e66edd23907b7fa264f42e05ac9fc7)

ff0bdbed

Additional "chain_cert" functions. · dc4bdf59

Rob Stradling authored Nov 11, 2013

PR#3169

This patch, which currently applies successfully against master and
1_0_2, adds the following functions:

SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.

SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.

SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.

The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.
(cherry picked from commit 2f56c9c015dbca45379c9a725915b3b8e765a119)

dc4bdf59

Delete duplicate entry. · b03d0513
Krzysztof Kwiatkowski authored Nov 13, 2013
```
PR#3172
(cherry picked from commit 4f055e34c3598cad00fca097d812fa3e6436d967)
```
b03d0513

Nov 12, 2013
- srp/srp_grps.h: make it Compaq C-friendly. · 0de70011
  Andy Polyakov authored Nov 12, 2013
```
PR: 3165
Submitted by: Daniel Richard G.
(cherry picked from commit 2df9ec01)
```
  0de70011
- modes/asm/ghash-alpha.pl: update from HEAD. · 220d1e53
  Andy Polyakov authored Nov 12, 2013
```
PR: 3165
```
  220d1e53