Commits · 1c98de6d81320ae256530df7d6a32135d56c9e6e · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Dec 08, 2014
- remove FIPS module code from crypto/ecdh · 1c98de6d
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  1c98de6d
- remove FIPS module code from crypto/ecdsa · dbfbe10a
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  dbfbe10a
- Remove FIPS module code from crypto/dh · 1bfffe9b
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  1bfffe9b
- remove FIPS module code from crypto/dsa · fce8311c
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  fce8311c
- remove FIPS module code from crypto/rsa · 8d73db28
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  8d73db28
- Remove FIPS error library from openssl.ec mkerr.pl · 05417a34
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  05417a34
- make depend · cc2f1045
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  cc2f1045
- Remove fips.h reference. · 4fa579c5
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  4fa579c5
- Remove fips_constseg references. · e4e5bc39
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  e4e5bc39
- remove another FIPSCANISTER reference · 85129ab5
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  85129ab5
- remove unnecessary OPENSSL_FIPS reference · b3da6f49
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  b3da6f49
- Remove OPENSSL_FIPSCANISTER code. · c603c723
  Dr. Stephen Henson authored Oct 18, 2014
```
OPENSSL_FIPSCANISTER is only set if the fips module is being built
(as opposed to being used). Since the fips module wont be built in
master this is redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  c603c723
- Remove FIPSCANISTERINTERNAL reference. · 225fce8a
  Dr. Stephen Henson authored Oct 18, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  225fce8a
- Remove fips utility build rules from test/Makefile · a42366a4
  Dr. Stephen Henson authored Oct 18, 2014
```
The fips test utilities are only build if an FIPS module is being
built from source. As this isn't done in master these are redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  a42366a4
- Remove fipscanister build functionality from makefiles. · f072785e
  Dr. Stephen Henson authored Oct 18, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  f072785e
- Remove fipscanister from Configure, delete fips directory · 78c990c1
  Dr. Stephen Henson authored Oct 18, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  78c990c1
- Remove some unnecessary OPENSSL_FIPS references · 00b4ee76
  Dr. Stephen Henson authored Oct 18, 2014
```
FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  00b4ee76
- Add CHANGES entry for OCB · 0c1bd7f0
  Matt Caswell authored Dec 08, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  0c1bd7f0
- Added OPENSSL_NO_OCB guards · 3feb6305
  Matt Caswell authored Dec 07, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  3feb6305
- Add documentation for OCB mode · e4bbee96
  Matt Caswell authored Dec 06, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  e4bbee96
- Add tests for OCB mode · d827c5ed
  Matt Caswell authored Dec 06, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  d827c5ed
- Add EVP support for OCB mode · e6b336ef
  Matt Caswell authored Dec 06, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  e6b336ef
- Add support for OCB mode as per RFC7253 · c857a80c
  Matt Caswell authored Dec 06, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  c857a80c
Dec 05, 2014

Clarify the return values for SSL_get_shared_curve. · 376e2ca3
Emilia Kasper authored Dec 04, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
376e2ca3

Add extra checks for odd-length EC curve lists. · 740580c2

Emilia Kasper authored Dec 01, 2014

Odd-length lists should be rejected everywhere upon parsing. Nevertheless,
be extra careful and add guards against off-by-one reads.

Also, drive-by replace inexplicable double-negation with an explicit comparison.

Reviewed-by: Matt Caswell <matt@openssl.org>

740580c2

Reject elliptic curve lists of odd lengths. · 33d5ba86

Emilia Kasper authored Dec 01, 2014

The Supported Elliptic Curves extension contains a vector of NamedCurves
of 2 bytes each, so the total length must be even. Accepting odd-length
lists was observed to lead to a non-exploitable one-byte out-of-bounds
read in the latest development branches (1.0.2 and master). Released
versions of OpenSSL are not affected.

Thanks to Felix Groebert of the Google Security Team for reporting this issue.

Reviewed-by: Matt Caswell <matt@openssl.org>

33d5ba86

Fix broken build · f50ffd10

Emilia Kasper authored Dec 05, 2014

Add includes missing from commit 33eab3f6



Reviewed-by: Geoff Thorpe <geoff@openssl.org>

f50ffd10

Dec 04, 2014
- Replace GOST_R_MALLOC_FAILURE and GOST_R_NO_MEMORY with ERR_R_MALLOC_FAILURE · 33eab3f6
  Kurt Roeckx authored Dec 04, 2014
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  33eab3f6
- capi_get_provname: Check return values · f6fa7c53
  Kurt Roeckx authored Dec 04, 2014
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  f6fa7c53
- ssl_create_cipher_list: check whether push onto cipherstack succeeds · f5905ba3
  Jonas Maebe authored Dec 02, 2013
```
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  f5905ba3
- ssl_cert_dup: Fix memory leak · b3b966fb
  Jonas Maebe authored Dec 02, 2013
```
Always use goto err on failure and call ssl_cert_free() on the error path so all
fields and "ret" itself are freed

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  b3b966fb
- dtls1_new: free s on error path · 6c42b39c
  Kurt Roeckx authored Dec 02, 2013
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  6c42b39c
- dtls1_heartbeat: check for NULL after allocating s->cert->ctypes · 241e2dc9
  Jonas Maebe authored Dec 08, 2013
```
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  241e2dc9
- dtls1_process_heartbeat: check for NULL after allocating buffer · d15f5df7
  Jonas Maebe authored Dec 08, 2013
```
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  d15f5df7
- capi_get_key: check for NULL after allocating key · b1a08ac7
  Jonas Maebe authored Dec 08, 2013
```
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  b1a08ac7
- capi_cert_get_fname: check for NULL after allocating wfname · 86073227
  Jonas Maebe authored Dec 08, 2013
```
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  86073227
- capi_get_provname: free name on error if it was malloc'ed · e2140501
  Jonas Maebe authored Dec 08, 2013
```
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  e2140501
- pkey_gost_mac_keygen: check for NULL after allocating keydata · 0716f9e4
  Jonas Maebe authored Dec 08, 2013
```
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  0716f9e4
- pkey_gost_ctrl: check for NULL after allocating pctx->shared_ukm · 787e9929
  Jonas Maebe authored Dec 08, 2013
```
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  787e9929
- Update changes to indicate that SSLv2 support has been removed · 12478cc4
  Kurt Roeckx authored Dec 04, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  12478cc4