Commits · 3240e7cf5f651d9d94814b4d494fbe294e463b72 · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Oct 23, 2015

Fix references to various RFCs · 3240e7cf

Alessandro Ghedini authored Oct 08, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

3240e7cf

Fix typos · d900a015

Alessandro Ghedini authored Oct 08, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

d900a015

Set salt length after the malloc has succeeded · c2319cf9
Alessandro Ghedini authored Oct 08, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
c2319cf9

Fix memory leaks and other mistakes on errors · 3f6c7691

Alessandro Ghedini authored Oct 08, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

3f6c7691

Replace malloc+strlcpy with strdup · 8acaabec

Alessandro Ghedini authored Oct 08, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

8acaabec

Do not treat 0 return value from BIO_get_fd() as error · 4428c7db

Alessandro Ghedini authored Oct 02, 2015



0 is a valid file descriptor.

RT#4068

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

4428c7db

Remove bugs/ and crypto/threads/ · dad0b512

Alessandro Ghedini authored Oct 23, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

dad0b512

Oct 22, 2015

Clarify return values for EVP_DigestVerifyFinal. · 8cbb048c

Adam Eijdenberg authored Oct 19, 2015



Previous language was unclear.  New language isn't pretty but I believe
it is more accurate.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

8cbb048c

Only include SRP headers when OPENSSL_NO_SRP is undefined · 5212d39b
Richard Levitte authored Oct 22, 2015
```
[fixes github issue #447]

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
5212d39b
Make Configure die when unsupported options are given · 489eb740
Richard Levitte authored Oct 22, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
489eb740

Add an explicit list of options that can be disabled, enabled, ... · 8b527be2

Richard Levitte authored Oct 22, 2015



Configure has, so far, had no control at all of which 'no-' options it
can be given.  This means that, for example, someone could configure
with something absurd like 'no-stack' and then watch the build crumble
to dust...  or file a bug report.

This introduces some sanity into the possible choices.

The added list comes from looking for the explicit ones used in
Configure, and from grepping after OPENSSL_NO_ in all source files.

Reviewed-by: Rich Salz <rsalz@openssl.org>

8b527be2

Oct 21, 2015

make update · 15db6a40
Richard Levitte authored Oct 19, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
15db6a40
Don't forget to load the CT error strings · a0e8da5d
Richard Levitte authored Oct 19, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
a0e8da5d

Handle CT error macros separately · cc79f06c

Richard Levitte authored Oct 19, 2015



Because the default error macro generator assumes the header file with
error macros is in include/openssl and therefore generates a C file
with error texts that include <openssl/{name}.h>, we need to generate
the error macros and texts for CT separately, since the CT module
doesn't follow the default criteria.

Reviewed-by: Matt Caswell <matt@openssl.org>

cc79f06c

Don't use SSLv23_server_method in an example · 21cd6e00

Matt Caswell authored Oct 21, 2015



The function SSLv23_server_method() is an old name. New code should use
TLS_server_method() instead. Therefore don't use SSLv23_server_method() in
an example in the docs.

Reviewed-by: Richard Levitte <levitte@openssl.org>

21cd6e00

Avoid undefined behaviour in PACKET_buf_init · 3fde6c92

Matt Caswell authored Oct 21, 2015



Change the sanity check in PACKET_buf_init to check for excessive length
buffers, which should catch the interesting cases where len has been cast
from a negative value whilst avoiding any undefined behaviour.

RT#4094

Reviewed-by: Richard Levitte <levitte@openssl.org>

3fde6c92

Oct 18, 2015
- ct_locl.h moved, reflect it in crypto/ct/Makefile · 788d72ba
  Richard Levitte authored Oct 18, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  788d72ba
- make update · 338cb762
  Richard Levitte authored Oct 18, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  338cb762
- Add crypto/include/internal to the directories to scan for stack declarations · d865cb13
  Richard Levitte authored Oct 18, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  d865cb13
- Because ct_locl.h is used between modules, move it to internal headers · eb6d5f99
  Richard Levitte authored Oct 18, 2015
```
Rename it to ct_int.h

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  eb6d5f99
- Move auto Host adding to query_responder · 76e0cd12
  Dr. Stephen Henson authored Oct 18, 2015
```
Check for Host header in query_responder instead of process_responder. This
also fixes a memory leak in the old code if the headers was NULL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  76e0cd12
- Fix memory leak with -issuer option. · bb7fc98c
  Dr. Stephen Henson authored Oct 18, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  bb7fc98c
- set string type when embedding · 7f3e6f8c
  Dr. Stephen Henson authored Oct 18, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  7f3e6f8c
Oct 17, 2015

Move contributing info to CONTRIBUTING · eb05f173

Manish Goregaokar authored Oct 17, 2015



Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

eb05f173

Oct 16, 2015

Run tests on Travis for mingw builds as well · 1a3ae788

Rich Salz authored Oct 16, 2015



Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>

1a3ae788

Fix error message when loading engines from config · 1f08d945

Dmitry Belyavsky authored Oct 16, 2015

When using command line applications errors occur when trying to
load engines specified in a config file. Introduced by commit
a0a82324



RT#4093

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

1f08d945

Oct 15, 2015
- Remove Obsolete engines · 8b7080b0
  Matt Caswell authored Oct 13, 2015
```
There are a number of engines in the OpenSSL source code which are now
obsolete. The following engines have been removed: 4758cca, aep, atalla,
cswift, nuron, sureware.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  8b7080b0
- Fix self signed handling. · f51e5ed6
  Dr. Stephen Henson authored Aug 05, 2015
```
Don't mark a certificate as self signed if keyUsage is present and
certificate signing not asserted.

PR#3979

Reviewed-by: Matt Caswell <matt@openssl.org>
```
  f51e5ed6
- embed CRL serial number and signature fields · 34a42e14
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  34a42e14
- embed certificate serial number and signature fields · 81e49438
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  81e49438
- embed value field of X509_EXTENSION · 4392479c
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  4392479c
- add CHANGES entry for embed · 272d917d
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  272d917d
- Handle embed flag in ASN1_STRING_copy(). · 4002da0f
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  4002da0f
- PACKET: fix __owur · f4f78ff7
  Emilia Kasper authored Oct 15, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  f4f78ff7
- Appease gcc's Wmaybe-uninitialized · bbafa47b
  Emilia Kasper authored Oct 15, 2015
```
False positive: gcc (4.8) can't figure out the SSL_IS_DTLS logic.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  bbafa47b
Oct 14, 2015
- Remove EVP_CHECK_DES_KEY · 6f73d28c
  Emilia Kasper authored Oct 14, 2015
```
Thanks to the OpenBSD community for bringing this to our attention.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  6f73d28c
- ct_locl.h: fix some comments · b84939cc
  Emilia Kasper authored Oct 09, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  b84939cc
- make depend: prefer clang over makedepend · 58dd1ce9
  Emilia Kasper authored Oct 09, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  58dd1ce9
Oct 13, 2015

RFC5753 compliance. · 4ec36aff

Dr. Stephen Henson authored Oct 12, 2015



RFC5753 requires that we omit parameters for AES key wrap and set them
to NULL for 3DES wrap. OpenSSL decrypt uses the received algorithm
parameters so can transparently handle either form.

Reviewed-by: Andy Polyakov <appro@openssl.org>

4ec36aff

Add Clang 3.6 and additional GCC 5 builds to travis · 6220acf8

Alessandro Ghedini authored Oct 06, 2015

Follow-up to f386742c

.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>

6220acf8