Commits · e65bcbcef05007ad00e26c8132a8d5f4baa981f0 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Sep 14, 2008
- Fix SSL state transitions. · e65bcbce
  Bodo Möller authored Sep 14, 2008
```
Submitted by: Nagendra Modadugu
```
  e65bcbce
- Note about CVS branch inconsistency. · e710de12
  Bodo Möller authored Sep 14, 2008
  
  e710de12
- Really get rid of unsafe double-checked locking. · db99c525
  Bodo Möller authored Sep 14, 2008
```
Also, "CHANGES" clean-ups.
```
  db99c525
- Some precautions to avoid potential security-relevant problems. · f8d6be3f
  Bodo Möller authored Sep 14, 2008
  
  f8d6be3f
Sep 01, 2008
- Initial support for delta CRLs. If "use deltas" flag is set attempt to find · d43c4497
  Dr. Stephen Henson authored Sep 01, 2008
```
a delta CRL in addition to a full CRL. Check and search delta in addition to
the base.
```
  d43c4497
Aug 29, 2008
- Add support for CRLs partitioned by reason code. · 4b96839f
  Dr. Stephen Henson authored Aug 29, 2008
```
Tidy CRL scoring system.

Add new CRL path validation error.
```
  4b96839f
Aug 27, 2008
- Add support for freshest CRL extension. · 249a77f5
  Dr. Stephen Henson authored Aug 27, 2008
  
  249a77f5
Aug 20, 2008
- Initial indirect CRL support. · d0fff69d
  Dr. Stephen Henson authored Aug 20, 2008
  
  d0fff69d
Aug 13, 2008
- Mention ERR_remove_state() deprecation, and ERR_remove_thread_state(NULL). · 2ecd2ede
  Bodo Möller authored Aug 13, 2008
  
  2ecd2ede
- Initial support for CRL path validation. This supports distinct certificate · 9d84d4ed
  Dr. Stephen Henson authored Aug 13, 2008
```
and CRL signing keys.
```
  9d84d4ed
Aug 12, 2008

Support for policy mappings extension. · 002e66c0

Dr. Stephen Henson authored Aug 12, 2008

Delete X509_POLICY_REF code.

Fix handling of invalid policy extensions to return the correct error.

Add command line option to inhibit policy mappings.

002e66c0

Aug 08, 2008
- Initial support for name constraints certificate extension. · e9746e03
  Dr. Stephen Henson authored Aug 08, 2008
```
TODO: robustness checking on name forms.
```
  e9746e03
Aug 06, 2008

Remove the dual-callback scheme for numeric and pointer thread IDs, · 4c329696

Geoff Thorpe authored Aug 06, 2008

deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.

4c329696

Jul 30, 2008
- Initial support for alternative CRL issuing certificates. · 5cbd2033
  Dr. Stephen Henson authored Jul 30, 2008
```
Allow inibit any policy flag to be set in apps.
```
  5cbd2033
Jul 03, 2008
- Revert my earlier CRYPTO_THREADID commit, I will commit a reworked · 5f834ab1
  Geoff Thorpe authored Jul 03, 2008
```
version some time soon.
```
  5f834ab1
Jun 26, 2008
- Update from stable branch. · 8528128b
  Dr. Stephen Henson authored Jun 26, 2008
  
  8528128b
Jun 23, 2008
- avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr() · 8228fd89
  Bodo Möller authored Jun 23, 2008
```
Submitted by: Huang Ying
Reviewed by: Douglas Stebila
```
  8228fd89
Jun 09, 2008
- Add acknowledgement. · adb92d56
  Dr. Stephen Henson authored Jun 09, 2008
  
  adb92d56
Jun 05, 2008
- Update CHANGES. · 6bf79e30
  Dr. Stephen Henson authored Jun 05, 2008
  
  6bf79e30
Jun 04, 2008
- More type-checking. · 5ce278a7
  Ben Laurie authored Jun 04, 2008
  
  5ce278a7
Jun 03, 2008
- Memory saving patch. · 8671b898
  Ben Laurie authored Jun 03, 2008
  
  8671b898
Jun 01, 2008
- Add client cert engine to SSL routines. · 368888bc
  Dr. Stephen Henson authored Jun 01, 2008
  
  368888bc
May 28, 2008

sync with 0.9.8 branch · 2cd81830
Bodo Möller authored May 28, 2008

2cd81830

From HEAD: · e194fe8f

Bodo Möller authored May 28, 2008

Fix flaw if 'Server Key exchange message' is omitted from a TLS
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com

e194fe8f

From HEAD: · 40a70628

Bodo Möller authored May 28, 2008

Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com

40a70628

May 26, 2008
- LHASH revamp. make depend. · 3c1d6bbc
  Ben Laurie authored May 26, 2008
  
  3c1d6bbc
May 23, 2008
- Clear error queue when starting SSL_CTX_use_certificate_chain_file · c2c2e7a4
  Lutz Jänicke authored May 23, 2008
```
PR: 1417, 1513
Submitted by: Erik de Castro Lopo <mle+openssl@mega-nerd.com>
```
  c2c2e7a4
- Remove all root CA files (beyond test CAs including private key) · d18ef847
  Lutz Jänicke authored May 23, 2008
```
from the OpenSSL distribution.
```
  d18ef847
May 20, 2008
- Typo. · 5c0d90a6
  Dr. Stephen Henson authored May 20, 2008
  
  5c0d90a6
- Typo. · f4347305
  Dr. Stephen Henson authored May 20, 2008
  
  f4347305
May 19, 2008
- Fix two invalid memory reads in RSA OAEP mode. · 94fd382f
  Dr. Stephen Henson authored May 19, 2008
```
Submitted by: Ivan Nestlerode <inestlerode@us.ibm.com>
Reviewed by: steve
```
  94fd382f
- Change use of CRYPTO_THREADID so that we always use both the ulong and · 4bd4afa3
  Bodo Möller authored May 19, 2008
```
ptr members.

(So if the id_callback is bogus, we still have &errno.)
```
  4bd4afa3
Apr 30, 2008
- Update from stable branch. · 8a2062fe
  Dr. Stephen Henson authored Apr 30, 2008
  
  8a2062fe
Apr 28, 2008
- Fix auto-discovery of ENGINEs. See the CHANGES entry for details (and/or · e7b097f5
  Geoff Thorpe authored Apr 28, 2008
```
ticket #1668).

PR: 1668
Submitted by: Ian Lister
Reviewed by: Geoff Thorpe
```
  e7b097f5
Apr 27, 2008

Paul Sheer optimised the OpenSSL to/from libGMP conversions for the case · 5ee6f96c

Geoff Thorpe authored Apr 27, 2008

where they both use the same limb size. I've tweaked his patch slightly, so
blame me if it breaks.

Submitted by: Paul Sheer
Reviewed by: Geoff Thorpe

5ee6f96c

Apr 02, 2008
- Update CHANGES. · 3df93571
  Dr. Stephen Henson authored Apr 02, 2008
  
  3df93571
- Update CHANGES. · 992e92a4
  Dr. Stephen Henson authored Apr 02, 2008
  
  992e92a4
Mar 28, 2008

Support for verification of signed receipts. · eb9d8d8c
Dr. Stephen Henson authored Mar 28, 2008

eb9d8d8c

There was a need to support thread ID types that couldn't be reliably cast · f7ccba3e

Geoff Thorpe authored Mar 28, 2008

to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.

f7ccba3e

Mar 15, 2008
- Return error if no cipher set for encrypted data type. · fd47c361
  Dr. Stephen Henson authored Mar 15, 2008
```
Update CHANGES.
```
  fd47c361