Commits · fdb0d5dd8f2856e2d008e4fc2f640dc307b4dc11 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Dec 01, 2013
- Change header order to pick up OPENSSL_SYS_WIN32 · fdb0d5dd
  Dr. Stephen Henson authored Dec 01, 2013
  
  fdb0d5dd
- Recongnise no-dane and no-libunbound · 81b6dfe4
  Dr. Stephen Henson authored Dec 01, 2013
  
  81b6dfe4
- make update · bc35b8e4
  Dr. Stephen Henson authored Dec 01, 2013
  
  bc35b8e4
- Fix warnings. · 6859f3fc
  Dr. Stephen Henson authored Dec 01, 2013
  
  6859f3fc
- WIN32 fixes. · 8b2d5cc4
  Dr. Stephen Henson authored Dec 01, 2013
  
  8b2d5cc4
- RSAX no longer compiled. · 74184b6f
  Dr. Stephen Henson authored Dec 01, 2013
  
  74184b6f
Nov 27, 2013
- Simplify and update openssl.spec · 6416aed5
  Dr. Stephen Henson authored Nov 27, 2013
  
  6416aed5
Nov 18, 2013
- New functions to retrieve certificate from SSL_CTX · 2a1b7bd3
  Dr. Stephen Henson authored Nov 18, 2013
```
New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().
(cherry picked from commit a25f9adc)
```
  2a1b7bd3
- Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set · 4bba0bda
  Dr. Stephen Henson authored Nov 18, 2013
```
(cherry picked from commit 60aeb187)
```
  4bba0bda
Nov 17, 2013
- Use correct header length in ssl3_send_certifcate_request · 27baa831
  Dr. Stephen Henson authored Nov 17, 2013
```
(cherry picked from commit fdeaf55b)
```
  27baa831
Nov 14, 2013
- Constify. · 1abfa78a
  Dr. Stephen Henson authored Nov 14, 2013
  
  1abfa78a
- Fix compilation with no-nextprotoneg. · edc687ba
  Piotr Sikora authored Nov 13, 2013
```
PR#3106
```
  edc687ba
Nov 13, 2013

Allow match selecting of current certificate. · ff0bdbed

Dr. Stephen Henson authored Nov 13, 2013

If pointer comparison for current certificate fails check
to see if a match using X509_cmp succeeds for the current
certificate: this is useful for cases where the certificate
pointer is not available.
(cherry picked from commit 6856b288a6e66edd23907b7fa264f42e05ac9fc7)

ff0bdbed

Additional "chain_cert" functions. · dc4bdf59

Rob Stradling authored Nov 11, 2013

PR#3169

This patch, which currently applies successfully against master and
1_0_2, adds the following functions:

SSL_[CTX_]select_current_cert() - set the current certificate without
disturbing the existing structure.

SSL_[CTX_]get0_chain_certs() - get the current certificate's chain.

SSL_[CTX_]clear_chain_certs() - clear the current certificate's chain.

The patch also adds these functions to, and fixes some existing errors
in, SSL_CTX_add1_chain_cert.pod.
(cherry picked from commit 2f56c9c015dbca45379c9a725915b3b8e765a119)

dc4bdf59

Delete duplicate entry. · b03d0513
Krzysztof Kwiatkowski authored Nov 13, 2013
```
PR#3172
(cherry picked from commit 4f055e34c3598cad00fca097d812fa3e6436d967)
```
b03d0513

Nov 12, 2013
- srp/srp_grps.h: make it Compaq C-friendly. · 0de70011
  Andy Polyakov authored Nov 12, 2013
```
PR: 3165
Submitted by: Daniel Richard G.
(cherry picked from commit 2df9ec01)
```
  0de70011
- modes/asm/ghash-alpha.pl: update from HEAD. · 220d1e53
  Andy Polyakov authored Nov 12, 2013
```
PR: 3165
```
  220d1e53
- Make Makefiles OSF-make-friendly. · ca44f729
  Andy Polyakov authored Nov 12, 2013
```
PR: 3165
(cherry picked from commit d1cf23ac)
```
  ca44f729
Nov 11, 2013
- Fix memory leak. · 18f49508
  Dr. Stephen Henson authored Nov 11, 2013
```
(cherry picked from commit 16bc45ba)
```
  18f49508
- Typo. · 5c50462e
  Dr. Stephen Henson authored Nov 11, 2013
  
  5c50462e
- Fix for some platforms where "char" is unsigned. · a2578653
  Dr. Stephen Henson authored Nov 08, 2013
```
(cherry picked from commit 08b433540416c5bc9a874ba0343e35ba490c65f1)
```
  a2578653
Nov 10, 2013
- Makefile.org: make FIPS build work with BSD make. · 60adefa6
  Andy Polyakov authored Nov 10, 2013
  
  60adefa6
Nov 09, 2013

Check for missing components in RSA_check. · b5dde6bc
Dr. Stephen Henson authored Nov 07, 2013
```
(cherry picked from commit 01be36ef70525e81fc358d2e559bdd0a0d9427a5)
```
b5dde6bc
Document RSAPublicKey_{in,out} options. · 024dbfd4
Dr. Stephen Henson authored Nov 07, 2013
```
(cherry picked from commit 7040d73d22987532faa503630d6616cf2788c975)
```
024dbfd4

Add CMS_SignerInfo_get0_signature function. · 233069f8

Dr. Stephen Henson authored Nov 07, 2013

Add function to retrieve the signature from a CMS_SignerInfo structure:
applications can then read or modify it.
(cherry picked from commit e8df6cec4c09b9a94c4c07abcf0402d31ec82cc1)

233069f8

Nov 08, 2013

engines/ccgost/gost89.h: make word32 defintion unconditional. · c76d6922

Andy Polyakov authored Nov 08, 2013

Original definition depended on __LONG_MAX__ that is not guaranteed to
be present. As we don't support platforms with int narrower that 32 bits
it's appropriate to make defition inconditional.

PR: 3165
(cherry picked from commit 96180cac)

c76d6922

modes/asm/ghash-alpha.pl: make it work with older assembler. · 32414961
Andy Polyakov authored Nov 08, 2013
```
PR: 3165
(cherry picked from commit d24d1d7d)
```
32414961

Nov 06, 2013
- Enable PSK in FIPS mode. · 63fe69c1
  Dr. Stephen Henson authored Nov 06, 2013
```
Enable PSK ciphersuites with AES or DES3 in FIPS mode.
(cherry picked from commit e0ffd129)
```
  63fe69c1
- Initialise context before using it. · a4947e4e
  Dr. Stephen Henson authored Nov 06, 2013
  
  a4947e4e
Nov 03, 2013
- PBKDF2 should be efficient. Contributed by Christian Heimes · 262f1c52
  Ben Laurie authored Nov 03, 2013
```
<christian@python.org>.
```
  262f1c52
Nov 02, 2013
- Add brainpool curves to trace output. · bd80d022
  Dr. Stephen Henson authored Nov 02, 2013
  
  bd80d022
- Fix warning. · 163d7948
  Dr. Stephen Henson authored Nov 01, 2013
```
(cherry picked from commit 96e16bdd)
```
  163d7948
- Add SSL_CONF command to set DH Parameters. · 0b33466b
  Dr. Stephen Henson authored Oct 22, 2013
```
(cherry picked from commit c557f921)
```
  0b33466b
- Fix argument processing. · bed27f4d
  Dr. Stephen Henson authored Oct 22, 2013
```
(cherry picked from commit abf840e4)
```
  bed27f4d
- Constification. · 738a224b
  Dr. Stephen Henson authored Oct 21, 2013
```
(cherry picked from commit 27f3b65f)
```
  738a224b
- Extend SSL_CONF · 044f8ca8
  Dr. Stephen Henson authored Oct 18, 2013
```
Extend SSL_CONF to return command value types.

Add certificate and key options.

Update documentation.
(cherry picked from commit ec2f7e56)
```
  044f8ca8
- Typo. · 45ee08d9
  Dr. Stephen Henson authored Oct 17, 2013
```
(cherry picked from commit 13af1451)
```
  45ee08d9
Nov 01, 2013

Fix SSL_OP_SINGLE_ECDH_USE · 5ff68e8f

Piotr Sikora authored Nov 01, 2013

Don't require a public key in tls1_set_ec_id if compression status is
not needed. This fixes a bug where SSL_OP_SINGLE_ECDH_USE wouldn't work.

5ff68e8f

Add -ecdh_single option. · f14a4a86
Dr. Stephen Henson authored Nov 01, 2013
```
Add -ecdh_single option to set SSL_OP_SINGLE_ECDH_USE on the command line.
```
f14a4a86

Oct 30, 2013

DTLS/SCTP struct authchunks Bug · f596e3c4

Robin Seggelmann authored May 09, 2012

PR: 2809

DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with
SCTP-AUTH.  It is checked if this has been activated successfully for
the local and remote peer. Due to a bug, however, the
gauth_number_of_chunks field of the authchunks struct is missing on
FreeBSD, and was therefore not considered in the OpenSSL implementation.
This patch sets the corresponding pointer for the check correctly
whether or not this bug is present.

f596e3c4