Commits · d0e79d7e2cbef667b68380cf7202c61d83c228aa · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Dec 22, 2009
- Constify crypto/cast. · d0e79d7e
  Bodo Möller authored Dec 22, 2009
  
  d0e79d7e
Dec 17, 2009
- Ooops, engage ENGINE initialisation code correctly in FIPS builds. · c1003dfd
  Dr. Stephen Henson authored Dec 17, 2009
  
  c1003dfd
- Alert to use is now defined in spec: update code · 98809a14
  Dr. Stephen Henson authored Dec 17, 2009
  
  98809a14
Dec 16, 2009
- New option to enable/disable connection to unpatched servers · ccc3df8c
  Dr. Stephen Henson authored Dec 16, 2009
  
  ccc3df8c
Dec 14, 2009
- add another missed case · 593a6dbe
  Dr. Stephen Henson authored Dec 14, 2009
  
  593a6dbe
- simplify RI error code and catch extra error case ignored before · efbe446f
  Dr. Stephen Henson authored Dec 14, 2009
  
  efbe446f
- Allow initial connection (but no renegoriation) to servers which don't support · 725745d1
  Dr. Stephen Henson authored Dec 14, 2009
```
RI.
```
  725745d1
Dec 12, 2009
- Missing newline. · c0e94f82
  Ben Laurie authored Dec 12, 2009
  
  c0e94f82
Dec 11, 2009
- Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL · ef4bd016
  Dr. Stephen Henson authored Dec 11, 2009
  
  ef4bd016
Dec 09, 2009
- clarify docs · 7a8a3ef4
  Dr. Stephen Henson authored Dec 09, 2009
  
  7a8a3ef4
- Document option clearning functions. · 98c7b036
  Dr. Stephen Henson authored Dec 09, 2009
```
Initial secure renegotiation documentation.
```
  98c7b036
- PR: 2124 · 9e5dea0f
  Dr. Stephen Henson authored Dec 09, 2009
```
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
```
  9e5dea0f
- Add ctrls to clear options and mode. · cb4823fd
  Dr. Stephen Henson authored Dec 09, 2009
```
Change RI ctrl so it doesn't clash.
```
  cb4823fd
Dec 08, 2009

Send no_renegotiation alert as required by spec. · 17bb0516
Dr. Stephen Henson authored Dec 08, 2009

17bb0516
Add ctrl and macro so we can determine if peer support secure renegotiation. · 59f44e81
Dr. Stephen Henson authored Dec 08, 2009
```
Fix SSL_CIPHER initialiser for mcsv
```
59f44e81

Add support for magic cipher suite value (MCSV). Make secure renegotiation · 7a014dce

Dr. Stephen Henson authored Dec 08, 2009

work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.

7a014dce

Dec 02, 2009
- PR: 2111 · 1ff44a99
  Dr. Stephen Henson authored Dec 02, 2009
```
Submitted by: Martin Olsson <molsson@opera.com>

Check for bn_wexpand errors in bn_mul.c
```
  1ff44a99
- Replace the broken SPKAC certification with the correct version. · 6cf61614
  Dr. Stephen Henson authored Dec 02, 2009
  
  6cf61614
Dec 01, 2009

PR: 2115 · 82e448b9

Dr. Stephen Henson authored Dec 01, 2009

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.

82e448b9

PR: 1432 · b172352b

Dr. Stephen Henson authored Dec 01, 2009

Submitted by: "Andrzej Chmielowiec" <achmielowiec@enigma.com.pl>, steve@openssl.org
Approved by: steve@openssl.org

Truncate hash if it is too large: as required by FIPS 186-3.

b172352b

Nov 29, 2009
- typo · 95b14fd8
  Dr. Stephen Henson authored Nov 29, 2009
  
  95b14fd8
Nov 26, 2009
- (whitespace) · 553d2e32
  Bodo Möller authored Nov 26, 2009
  
  553d2e32
- The version numbering may change, again; so be careful about what we · 82fb4ee8
  Bodo Möller authored Nov 26, 2009
```
announce in CHANGES.
```
  82fb4ee8
- Remove attribution -- this wasn't my patch, I only edited and applied it. · 389fef6c
  Bodo Möller authored Nov 26, 2009
  
  389fef6c
- Remove obsolete information about a change for 0.9.7n. · b6622f96
  Bodo Möller authored Nov 26, 2009
```
(No further releases from the 0.9.7 branch are planned.  Note that the
"deleted" change is also in 0.9.8f.)
```
  b6622f96
Nov 18, 2009
- Servers can't end up talking SSLv2 with legacy renegotiation disabled · 7f5448e3
  Dr. Stephen Henson authored Nov 18, 2009
  
  7f5448e3
- Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation · 5d965f07
  Dr. Stephen Henson authored Nov 18, 2009
  
  5d965f07
- Include a more meaningful error message when rejecting legacy renegotiation · b14713c2
  Dr. Stephen Henson authored Nov 18, 2009
  
  b14713c2
Nov 13, 2009

PR: 2094 · 637e0ba4

Dr. Stephen Henson authored Nov 13, 2009

Submitted by: Arkadiusz Miskiewicz <arekm@maven.pl>
Approved by: steve@openssl.org

Fix for out range of signed 32bit displacement error on newer binutils.

637e0ba4

PR: 2084 · 9ac37cb0

Dr. Stephen Henson authored Nov 13, 2009

Submitted by: Mike Frysinger <vapier@gentoo.org>
Approved by: steve@openssl.org

Parallel build fix.

9ac37cb0

PR: 2101 · fb7751b4

Dr. Stephen Henson authored Nov 13, 2009

Submitted by: Doug Kaufman <dkaufman@rahul.net>
Approved by: steve@openssl.org

Fixes for tests in cms-test.pl

fb7751b4

Nov 12, 2009
- Updated from 1.0.0-stable. · e333a8d6
  Richard Levitte authored Nov 12, 2009
  
  e333a8d6
Nov 10, 2009

PR: 1686 · 89a6daac

Dr. Stephen Henson authored Nov 10, 2009

Submitted by: Hanno BÃÂ¶ck <hanno@hboeck.de>
Approved by: steve@openssl.org

Create engines dir if it doesn't already exist.

89a6daac

PR: 2091 · 7e429459

Dr. Stephen Henson authored Nov 10, 2009

Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org

If an OID has no short name or long name return the numerical representation.

7e429459

check new_der for NULL too · b61a87b2
Dr. Stephen Henson authored Nov 10, 2009

b61a87b2

PR: 2090 · 2c6b1419

Dr. Stephen Henson authored Nov 10, 2009

Submitted by: Martin Kaiser <lists@kaiser.cx>, Stephen Henson
Approved by: steve@openssl.org

Improve error checking in asn1_gen.c

2c6b1419

Nov 09, 2009
- Fix wrong function codes and duplicate codes · af13c50d
  Dr. Stephen Henson authored Nov 09, 2009
  
  af13c50d
- Remove BF_PTR2 from configuration: it doesn't improve performance any more and... · 65c2397f
  Dr. Stephen Henson authored Nov 09, 2009
```
Remove BF_PTR2 from configuration: it doesn't improve performance any more and causes gcc warnings about arrays out of range
```
  65c2397f
Nov 08, 2009
- use OPENSSL_assert() and not assert() · 16e7efe3
  Dr. Stephen Henson authored Nov 08, 2009
  
  16e7efe3
- First cut of renegotiation extension. · c2b78c31
  Ben Laurie authored Nov 08, 2009
  
  c2b78c31