Commits · bd31fb21454609b125ade1ad569ebcc2a2b9b73c · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

28 Mar, 2007 1 commit
- Change to mitigate branch prediction attacks · bd31fb21
  Bodo Möller authored Mar 28, 2007
```
Submitted by: Matthew D Wood
Reviewed by: Bodo Moeller
```
  bd31fb21
21 Mar, 2007 1 commit
- stricter session ID context matching · 0f32c841
  Bodo Möller authored Mar 21, 2007
  
  0f32c841
26 Feb, 2007 1 commit
- include complete 0.9.7 history · dd2b6750
  Bodo Möller authored Feb 26, 2007
```
include release date of 0.9.8e
```
  dd2b6750
21 Feb, 2007 2 commits
- Extend SMTP and IMAP protocol handling to perform the required · 8d72476e
  Lutz Jänicke authored Feb 21, 2007
```
EHLO or CAPABILITY handshake before sending STARTTLS

Submitted by: Goetz Babin-Ebell <goetz@shomitefo.de>
```
  8d72476e
- Update from 0.9.7-stable. · a2e623c0
  Dr. Stephen Henson authored Feb 21, 2007
  
  a2e623c0
20 Feb, 2007 1 commit
- Improve ciphersuite order stability when disabling ciphersuites. · fd5bc65c
  Bodo Möller authored Feb 20, 2007
```
Change ssl_create_cipher_list() to prefer ephemeral ECDH over
ephemeral DH.
```
  fd5bc65c
19 Feb, 2007 1 commit

Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a · 0a05123a

Bodo Möller authored Feb 19, 2007

ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.

Also, change ssl_create_cipher_list() so that it no longer
starts with an arbitrary ciphersuite ordering, but instead
uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".

0a05123a

17 Feb, 2007 1 commit

Reorganize the data used for SSL ciphersuite pattern matching. · 52b8dad8

Bodo Möller authored Feb 17, 2007

This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).

In some cases the ciphersuite list generated from a given string is
affected by this change.  I hope this is just in those cases where the
previous behaviour did not make sense.

52b8dad8

03 Feb, 2007 1 commit
- add support for DSA with SHA2 · 357d5de5
  Nils Larsch authored Feb 03, 2007
  
  357d5de5
24 Dec, 2006 1 commit

Experimental streaming PKCS#7 support. · 11d8cdc6

Dr. Stephen Henson authored Dec 24, 2006

I thought it was about time I dusted this off. This stuff had been sitting on
my hard drive for *ages* (2003 in fact). Hasn't been tested well and may not
work properly.

Nothing uses it at present which is just as well.

Think of this as a traditional Christmas present which looks far more
impressive in the adverts and on the box, some of the bits are missing and
falls to bits if you play with it too much.

11d8cdc6

21 Dec, 2006 1 commit
- fix typos · fec38ca4
  Nils Larsch authored Dec 21, 2006
```
PR: 1354, 1355, 1398, 1408
```
  fec38ca4
20 Dec, 2006 1 commit
- add support for ecdsa-with-sha256 etc. · 06e2dd03
  Nils Larsch authored Dec 20, 2006
  
  06e2dd03
19 Dec, 2006 1 commit
- Fix the BIT STRING encoding of EC points or parameter seeds · 772e3c07
  Bodo Möller authored Dec 19, 2006
```
(need to prevent the removal of trailing zero bits).
```
  772e3c07
29 Nov, 2006 1 commit
- fix support for receiving fragmented handshake messages · 1e24b3a0
  Bodo Möller authored Nov 29, 2006
  
  1e24b3a0
27 Nov, 2006 1 commit
- Add RFC 3779 support. · 96ea4ae9
  Ben Laurie authored Nov 27, 2006
  
  96ea4ae9
21 Nov, 2006 1 commit
- Update from 0.9.8 stable. Eliminate duplicate error codes. · 47a9d527
  Dr. Stephen Henson authored Nov 21, 2006
  
  47a9d527
16 Nov, 2006 1 commit
- Initial, incomplete support for typesafe macros without using function · de121164
  Dr. Stephen Henson authored Nov 16, 2006
```
casts.
```
  de121164
23 Oct, 2006 1 commit
- Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even · 3189772e
  Andy Polyakov authored Oct 23, 2006
```
recent mingw modifications.
```
  3189772e
28 Sep, 2006 4 commits
- All 0.9.8d patches have been applied to HEAD now, so we no longer need · 3c5406b3
  Bodo Möller authored Sep 28, 2006
```
the redundant entries under the 0.9.9 heading.
```
  3c5406b3
- include 0.9.8d and 0.9.7l information · 61118caa
  Bodo Möller authored Sep 28, 2006
  
  61118caa
- Fix ASN.1 parsing of certain invalid structures that can result · 348be7ec
  Mark J. Cox authored Sep 28, 2006
```
in a denial of service.  (CVE-2006-2937)  [Steve Henson]
```
  348be7ec
- Fix buffer overflow in SSL_get_shared_ciphers() function. · 3ff55e96
  Mark J. Cox authored Sep 28, 2006
```
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
 malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
```
  3ff55e96
21 Sep, 2006 1 commit

Tidy up CRL handling by checking for critical extensions when it is · 010fa0b3

Dr. Stephen Henson authored Sep 21, 2006

loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.

Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.

010fa0b3

17 Sep, 2006 1 commit
- Overhaul of by_dir code to handle dynamic loading of CRLs. · 5d20c4fb
  Dr. Stephen Henson authored Sep 17, 2006
  
  5d20c4fb
14 Sep, 2006 1 commit
- Support for AKID in CRLs and partial support for IDP. Overhaul of CRL · bc7535bc
  Dr. Stephen Henson authored Sep 14, 2006
```
handling to support this.
```
  bc7535bc
12 Sep, 2006 1 commit
- Update · b6699c3f
  Bodo Möller authored Sep 12, 2006
  
  b6699c3f
11 Sep, 2006 1 commit
- ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 · ed65f7dc
  Bodo Möller authored Sep 11, 2006
```
ciphersuite as well
```
  ed65f7dc
06 Sep, 2006 1 commit
- Every change so far that is in the 0.9.8 branch is (or should be) in HEAD · 6a2c4710
  Bodo Möller authored Sep 06, 2006
  
  6a2c4710
05 Sep, 2006 1 commit
- Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher · b79aa05e
  Mark J. Cox authored Sep 05, 2006
```
(CVE-2006-4339)

Submitted by: Ben Laurie, Google Security Team
Reviewed by: bmoeller, mjc, shenson
```
  b79aa05e
31 Aug, 2006 1 commit
- Forward port of IGE mode. · aa6d1a0c
  Ben Laurie authored Aug 31, 2006
  
  aa6d1a0c
25 Jul, 2006 1 commit
- Support for multiple CRLs with same issuer name in X509_STORE. Modify · f6e7d014
  Dr. Stephen Henson authored Jul 25, 2006
```
verify logic to try to use an unexpired CRL if possible.
```
  f6e7d014
24 Jul, 2006 1 commit
- Cache some CRL related extensions. · edc54021
  Dr. Stephen Henson authored Jul 24, 2006
  
  edc54021
18 Jul, 2006 1 commit
- Store canonical encodings of Name structures. Update X509_NAME_cmp() to use · 450ea834
  Dr. Stephen Henson authored Jul 18, 2006
```
them.
```
  450ea834
17 Jul, 2006 2 commits
- Add -timeout option to ocsp utility. · 454dbbc5
  Dr. Stephen Henson authored Jul 17, 2006
  
  454dbbc5
- New non-blocking OCSP functionality. · c1c6c0bf
  Dr. Stephen Henson authored Jul 17, 2006
  
  c1c6c0bf
10 Jul, 2006 1 commit
- Allow digests to supply S/MIME micalg values from a ctrl. · b7683e3a
  Dr. Stephen Henson authored Jul 10, 2006
```
Send ctrls to EVP_PKEY_METHOD during signing of PKCS7 structure so
customisation is possible.
```
  b7683e3a
09 Jul, 2006 2 commits
- New functions to add and free up application defined signature OIDs. · 0ee2166c
  Dr. Stephen Henson authored Jul 09, 2006
  
  0ee2166c
- New functions to enumerate digests and ciphers. · 5ba4bf35
  Dr. Stephen Henson authored Jul 09, 2006
  
  5ba4bf35
28 Jun, 2006 1 commit
- always read in RAND_poll() if we can't use select because of a too · e34aa5a3
  Bodo Möller authored Jun 28, 2006
```
large FD: it's non-blocking mode anyway
```
  e34aa5a3
27 Jun, 2006 1 commit
- Use poll() when possible to gather Unix randomness entropy · 27a3d9f9
  Richard Levitte authored Jun 27, 2006
  
  27a3d9f9