Commits · bc91494e064ebdcff68f987947f97e404fbca0b5 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Mar 04, 2011
- Initial, provisional, subject to wholesale change, untested, probably · 591cbfae
  Dr. Stephen Henson authored Mar 04, 2011
```
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.

Did I say this was untested?
```
  591cbfae
Feb 21, 2011
- Make fipscanisteronly build only required files. · eead69f5
  Dr. Stephen Henson authored Feb 21, 2011
  
  eead69f5
Feb 17, 2011
- Make -DOPENSSL_FIPSSYMS work for assembly language builds. · 5d439d69
  Dr. Stephen Henson authored Feb 17, 2011
  
  5d439d69
Feb 16, 2011
- Experimental FIPS symbol renaming. · 017bc57b
  Dr. Stephen Henson authored Feb 16, 2011
```
Fixups under fips/ to make symbol renaming work.
```
  017bc57b
Feb 15, 2011
- Add non-FIPS algorithm blocking and selftest checking. · 25c65429
  Dr. Stephen Henson authored Feb 15, 2011
  
  25c65429
Feb 14, 2011
- Add ECDSA functionality to fips module. Initial very incomplete version · fe26d066
  Dr. Stephen Henson authored Feb 14, 2011
```
of algorithm test program.
```
  fe26d066
Feb 12, 2011
- New option to disable characteristic two fields in EC code. · b3310161
  Dr. Stephen Henson authored Feb 12, 2011
  
  b3310161
Feb 11, 2011
- New "fispcanisteronly" build option: only build fipscanister.o and · 30b56225
  Dr. Stephen Henson authored Feb 11, 2011
```
associated utilities. This functionality will be used by the validated
tarball.
```
  30b56225
Feb 09, 2011
- Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest. · b3d8022e
  Dr. Stephen Henson authored Feb 09, 2011
  
  b3d8022e
Feb 08, 2011
- Sync with 1.0.1 branch. · c415adc2
  Bodo Möller authored Feb 08, 2011
```
(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
```
  c415adc2
Feb 07, 2011
- Initial *very* experimental EVP support for AES-GCM. Note: probably very · bdaa5415
  Dr. Stephen Henson authored Feb 07, 2011
```
broken and subject to change.
```
  bdaa5415
- Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher: · d45087c6
  Dr. Stephen Henson authored Feb 07, 2011
```
the NULL value for the input buffer is sufficient to notice this case.
```
  d45087c6
- New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying · 3da0ca79
  Dr. Stephen Henson authored Feb 07, 2011
```
cipher handles all cipher symantics itself.
```
  3da0ca79
Feb 03, 2011
- fix omissions · 9bda7458
  Bodo Möller authored Feb 03, 2011
  
  9bda7458
- CVE-2010-4180 fix (from OpenSSL_1_0_0-stable) · 88f2a4cf
  Bodo Möller authored Feb 03, 2011
  
  88f2a4cf
Jan 03, 2011
- Fix escaping code for string printing. If *any* escaping is enabled we · 968062b7
  Dr. Stephen Henson authored Jan 03, 2011
```
must escape the escape character itself (backslash).
```
  968062b7
Dec 25, 2010
- avoid verification loops in trusted store when path building · 2b3936e8
  Dr. Stephen Henson authored Dec 25, 2010
  
  2b3936e8
Nov 29, 2010
- apply J-PKAKE fix to HEAD (original by Ben) · 300b1d76
  Dr. Stephen Henson authored Nov 29, 2010
  
  300b1d76
Nov 24, 2010
- add "missing" functions to copy EVP_PKEY_METHOD and examine info · f830c68f
  Dr. Stephen Henson authored Nov 24, 2010
  
  f830c68f
Nov 16, 2010
- bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files · 732d31be
  Dr. Stephen Henson authored Nov 16, 2010
  
  732d31be
Oct 10, 2010
- move CHANGES entry to correct place · e49af2ac
  Dr. Stephen Henson authored Oct 10, 2010
  
  e49af2ac
- PR: 2314 · 57594258
  Dr. Stephen Henson authored Oct 10, 2010
```
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
```
  57594258
Oct 03, 2010

Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), · 39239280

Dr. Stephen Henson authored Oct 03, 2010

this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.

39239280

Aug 26, 2010

Update version numbers · 7b3a9b00
Bodo Möller authored Aug 26, 2010

7b3a9b00

For better forward-security support, add functions · 7c2d4fee

Bodo Möller authored Aug 26, 2010

SSL_[CTX_]set_not_resumable_session_callback.

Submitted by: Emilia Kasper (Google)

[A part of this change affecting ssl/s3_lib.c was accidentally commited
separately, together with a compilation fix for that file;
see s3_lib.c CVS revision 1.133 (http://cvs.openssl.org/chngview?cn=19855).]

7c2d4fee

New 64-bit optimized implementation EC_GFp_nistp224_method(). · 04daec86

Bodo Möller authored Aug 26, 2010

This will only be compiled in if explicitly requested
(#ifdef EC_NISTP224_64_GCC_128).

Submitted by: Emilia Kasper (Google)

04daec86

PR: 1833 · 44959ee4

Dr. Stephen Henson authored Aug 26, 2010

Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Support for abbreviated handshakes when renegotiating.

44959ee4

ECC library bugfixes. · c94f7f65
Bodo Möller authored Aug 26, 2010
```
Submitted by: Emilia Kasper (Google)
```
c94f7f65
Harmonize with OpenSSL_1_0_1-stable version of CHANGES. · 173350bc
Bodo Möller authored Aug 26, 2010

173350bc

Jul 28, 2010
- Add Next Protocol Negotiation. · ee2ffc27
  Ben Laurie authored Jul 28, 2010
  
  ee2ffc27
Jul 26, 2010

Add new type ossl_ssize_t instead of ssize_t and move definitions to · eb1c48be

Dr. Stephen Henson authored Jul 26, 2010

e_os2.h, this should fix WIN32 compilation issues and hopefully avoid
conflicts with other headers which may workaround ssize_t in different ways.

eb1c48be

Jul 24, 2010
- Fix WIN32 build system to correctly link ENGINE DLLs contained in a · 223c59ea
  Dr. Stephen Henson authored Jul 24, 2010
```
directory: currently the GOST ENGINE is the only case.
```
  223c59ea
Jul 21, 2010

Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), · 7bbd0de8

Dr. Stephen Henson authored Jul 21, 2010

this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.

7bbd0de8

Jul 18, 2010
- PR: 1830 · f96ccf36
  Dr. Stephen Henson authored Jul 18, 2010
```
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson

Support for RFC5705 key extractor.
```
  f96ccf36
- oops, revert wrong patch.. · b9e7793d
  Dr. Stephen Henson authored Jul 18, 2010
  
  b9e7793d
- Fix warnings (From HEAD, original patch by Ben). · d135da51
  Dr. Stephen Henson authored Jul 18, 2010
  
  d135da51
Jun 01, 2010
- add CVE-2010-0742 and CVS-2010-1633 fixes · 3cbb15ee
  Dr. Stephen Henson authored Jun 01, 2010
  
  3cbb15ee
May 05, 2010
- Revert previous Linux-specific/centric commit#19629. If it really has to · 3efe51a4
  Andy Polyakov authored May 05, 2010
```
be done, it's definitely not the way to do it. So far answer to the
question was to ./config -Wa,--noexecstack (adopted by RedHat).
```
  3efe51a4
- Non-executable stack in asm. · 0e3ef596
  Ben Laurie authored May 05, 2010
  
  0e3ef596
Apr 15, 2010
- new function to diff tm structures · 1bf508c9
  Dr. Stephen Henson authored Apr 15, 2010
  
  1bf508c9