Commits · f37f20ffd33bf13545cddb16b6292752aa5ab012 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

May 20, 2011

PR: 2295 · f37f20ff

Dr. Stephen Henson authored May 20, 2011

Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.

f37f20ff

May 19, 2011
- Add CHANGES entry: add FIPS support to ssl · 101e6e19
  Dr. Stephen Henson authored May 19, 2011
  
  101e6e19
- Implement FIPS_mode and FIPS_mode_set · 086e32a6
  Dr. Stephen Henson authored May 19, 2011
  
  086e32a6
- oops · 05b4fc6c
  Dr. Stephen Henson authored May 19, 2011
  
  05b4fc6c
- update date · 0fba7a8f
  Dr. Stephen Henson authored May 19, 2011
  
  0fba7a8f
- inherit HMAC flags from MD_CTX · 92b4d936
  Dr. Stephen Henson authored May 19, 2011
  
  92b4d936
- set encodedPoint to NULL after freeing it · 4f7533eb
  Dr. Stephen Henson authored May 19, 2011
  
  4f7533eb
May 18, 2011
- aesni-x86_64.pl: make it compile on MacOS X. · fb2f3411
  Andy Polyakov authored May 18, 2011
  
  fb2f3411
- x86gas.pl: don't omit .comm OPENSSL_ia32cap_P on MacOS X. · c30a2505
  Andy Polyakov authored May 18, 2011
  
  c30a2505
- x86_64-xlate.pl: add inter-register movq and make x86_64-gfm.s compile on · c7b903e0
  Andy Polyakov authored May 18, 2011
```
Solaris, MacOS X, elderly gas...
```
  c7b903e0
- x86_64cpuid.pl: allow shared build to work without -Bsymbolic. · ddc20d4d
  Andy Polyakov authored May 18, 2011
```
PR: 2466
```
  ddc20d4d
- e_padlock.c: make it compile on MacOS X. · b5084203
  Andy Polyakov authored May 18, 2011
  
  b5084203
May 16, 2011
- x86[_64]cpuid.pl: handle new extensions. · b9064221
  Andy Polyakov authored May 16, 2011
  
  b9064221
- ppc-xlate.pl: get linux64 declaration right. · a3e07010
  Andy Polyakov authored May 16, 2011
  
  a3e07010
- cms-test.pl: make it work with not-so-latest perl. · 9c437e2f
  Andy Polyakov authored May 16, 2011
  
  9c437e2f
- x86gas.pl: add palignr and move pclmulqdq. · 2b9a8ca1
  Andy Polyakov authored May 16, 2011
  
  2b9a8ca1
- x86_64 assembler pack: add x86_64-gf2m module. · afebe623
  Andy Polyakov authored May 16, 2011
  
  afebe623
- x86_64-xlate.pl: allow "base-less" effective address, add palignr, move · b5c6aab5
  Andy Polyakov authored May 16, 2011
```
pclmulqdq.
```
  b5c6aab5
May 15, 2011
- new flag to stop ENGINE methods being registered · b9b0a177
  Dr. Stephen Henson authored May 15, 2011
  
  b9b0a177
- NULL is a valid cspname · 9609ea86
  Dr. Stephen Henson authored May 15, 2011
  
  9609ea86
May 13, 2011
- Typo. · ff636340
  Dr. Stephen Henson authored May 13, 2011
  
  ff636340
- typo · 3ece5928
  Dr. Stephen Henson authored May 13, 2011
  
  3ece5928
- Recognise NO_NISTP224-64-GCC-128 · a75829de
  Dr. Stephen Henson authored May 13, 2011
  
  a75829de
May 12, 2011
- Enter FIPS mode by calling FIPS_module_mode_set in openssl.c until · d39c4951
  Dr. Stephen Henson authored May 12, 2011
```
FIPS_mode_set is implemented.
```
  d39c4951
- Provisional support for TLS v1.2 client authentication: client side only. · 855a54a9
  Dr. Stephen Henson authored May 12, 2011
```
Parse certificate request message and set digests appropriately.

Generate new TLS v1.2 format certificate verify message.

Keep handshake caches around for longer as they are needed for client auth.
```
  855a54a9
- Process signature algorithms during TLS v1.2 client authentication. · 8f829124
  Dr. Stephen Henson authored May 12, 2011
```
Make sure message is long enough for signature algorithms.
```
  8f829124
- Fix error discrepancy. · f76b1baf
  Dr. Stephen Henson authored May 12, 2011
  
  f76b1baf
- Add SSL_INTERN definition. · b1d00b96
  Dr. Stephen Henson authored May 12, 2011
  
  b1d00b96
May 11, 2011
- Sync ordinals. · c76e024d
  Dr. Stephen Henson authored May 11, 2011
  
  c76e024d
- make kerberos work with OPENSSL_NO_SSL_INTERN · 4f7a2ab8
  Dr. Stephen Henson authored May 11, 2011
  
  4f7a2ab8
- bn_nist.c: fix shadowing warnings. · b0188c4f
  Andy Polyakov authored May 11, 2011
  
  b0188c4f
- fips_canister.c: pick more neutral macro name. · f24e95b7
  Andy Polyakov authored May 11, 2011
  
  f24e95b7
- Reorder signature algorithms in strongest hash first order. · fc101f88
  Dr. Stephen Henson authored May 11, 2011
  
  fc101f88
- Set FIPS mode for values other than 1. The only current effect · 2f38b389
  Dr. Stephen Henson authored May 11, 2011
```
is to return a consistent value. So calling FIPS_module_mode_set(n)
for n != 0 will result in FIPS_module_mode() returning n. This
will support future expansion of more FIPS modes e.g. a Suite B mode.
```
  2f38b389
- Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in · c2fd5989
  Dr. Stephen Henson authored May 11, 2011
```
the FIPS capable OpenSSL.
```
  c2fd5989
- Inlcude README.ECC in FIPS restricted tarball. · 5024b79f
  Dr. Stephen Henson authored May 11, 2011
  
  5024b79f
- Add NSA sublicense info. · c5ee394b
  Dr. Stephen Henson authored May 11, 2011
  
  c5ee394b
May 10, 2011
- Update instructions. · 21a40da0
  Dr. Stephen Henson authored May 10, 2011
  
  21a40da0
- Typo. · 7919c079
  Dr. Stephen Henson authored May 10, 2011
  
  7919c079
- fips_canister.c: fix typo. · ab67c517
  Andy Polyakov authored May 10, 2011
  
  ab67c517