Commits · 76b2a0227433af6c100aadf9a3df78ea4d52803a · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

08 Dec, 2014 36 commits
- Implement internally opaque bn access from asn1 · 76b2a022
  Matt Caswell authored Oct 31, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  76b2a022
- Prepare exptest for bn opaquify · 7a523311
  Matt Caswell authored Nov 24, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  7a523311
- Prepare for bn opaquify. Implement internal helper functions. · 85bcf27c
  Matt Caswell authored Nov 24, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  85bcf27c
- Remove internal bn dependancies from speed.c · dd703de0
  Matt Caswell authored Nov 24, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  dd703de0
- Include <openssl/foo.h> instead of "foo.h" · e52a3c3d
  Geoff Thorpe authored Oct 11, 2014
```
Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.

Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  e52a3c3d
- Fixed memory leak in the event of a failure of BUF_MEM_grow · 41bf2501
  Matt Caswell authored Dec 04, 2014
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  41bf2501
- Fix memory leak in SSL_new if errors occur. · 76e65090
  Matt Caswell authored Dec 04, 2014
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  76e65090
- Remove fips directories from mkfiles.pl · 7bca0a1d
  Dr. Stephen Henson authored Dec 08, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  7bca0a1d
- Remove references to deleted fips directory from Makefile.org · 71a5f534
  Dr. Stephen Henson authored Dec 08, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  71a5f534
- remove OPENSSL_FIPSAPI · 73e45b2d
  Dr. Stephen Henson authored Oct 20, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  73e45b2d
- remove FIPS_*_SIZE_T · b2ecc05a
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  b2ecc05a
- remove FIPS module code from crypto/evp · 916e5620
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  916e5620
- remove FIPS module code from crypto/bn · ebdf37e4
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  ebdf37e4
- remove FIPS module code from crypto/ecdh · 1c98de6d
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  1c98de6d
- remove FIPS module code from crypto/ecdsa · dbfbe10a
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  dbfbe10a
- Remove FIPS module code from crypto/dh · 1bfffe9b
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  1bfffe9b
- remove FIPS module code from crypto/dsa · fce8311c
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  fce8311c
- remove FIPS module code from crypto/rsa · 8d73db28
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  8d73db28
- Remove FIPS error library from openssl.ec mkerr.pl · 05417a34
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  05417a34
- make depend · cc2f1045
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  cc2f1045
- Remove fips.h reference. · 4fa579c5
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  4fa579c5
- Remove fips_constseg references. · e4e5bc39
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  e4e5bc39
- remove another FIPSCANISTER reference · 85129ab5
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  85129ab5
- remove unnecessary OPENSSL_FIPS reference · b3da6f49
  Dr. Stephen Henson authored Oct 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  b3da6f49
- Remove OPENSSL_FIPSCANISTER code. · c603c723
  Dr. Stephen Henson authored Oct 18, 2014
```
OPENSSL_FIPSCANISTER is only set if the fips module is being built
(as opposed to being used). Since the fips module wont be built in
master this is redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  c603c723
- Remove FIPSCANISTERINTERNAL reference. · 225fce8a
  Dr. Stephen Henson authored Oct 18, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  225fce8a
- Remove fips utility build rules from test/Makefile · a42366a4
  Dr. Stephen Henson authored Oct 18, 2014
```
The fips test utilities are only build if an FIPS module is being
built from source. As this isn't done in master these are redundant.
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  a42366a4
- Remove fipscanister build functionality from makefiles. · f072785e
  Dr. Stephen Henson authored Oct 18, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  f072785e
- Remove fipscanister from Configure, delete fips directory · 78c990c1
  Dr. Stephen Henson authored Oct 18, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  78c990c1
- Remove some unnecessary OPENSSL_FIPS references · 00b4ee76
  Dr. Stephen Henson authored Oct 18, 2014
```
FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  00b4ee76
- Add CHANGES entry for OCB · 0c1bd7f0
  Matt Caswell authored Dec 08, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  0c1bd7f0
- Added OPENSSL_NO_OCB guards · 3feb6305
  Matt Caswell authored Dec 07, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  3feb6305
- Add documentation for OCB mode · e4bbee96
  Matt Caswell authored Dec 06, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  e4bbee96
- Add tests for OCB mode · d827c5ed
  Matt Caswell authored Dec 06, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  d827c5ed
- Add EVP support for OCB mode · e6b336ef
  Matt Caswell authored Dec 06, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  e6b336ef
- Add support for OCB mode as per RFC7253 · c857a80c
  Matt Caswell authored Dec 06, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  c857a80c
05 Dec, 2014 4 commits

Clarify the return values for SSL_get_shared_curve. · 376e2ca3
Emilia Kasper authored Dec 04, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
376e2ca3

Add extra checks for odd-length EC curve lists. · 740580c2

Emilia Kasper authored Dec 01, 2014

Odd-length lists should be rejected everywhere upon parsing. Nevertheless,
be extra careful and add guards against off-by-one reads.

Also, drive-by replace inexplicable double-negation with an explicit comparison.

Reviewed-by: Matt Caswell <matt@openssl.org>

740580c2

Reject elliptic curve lists of odd lengths. · 33d5ba86

Emilia Kasper authored Dec 01, 2014

The Supported Elliptic Curves extension contains a vector of NamedCurves
of 2 bytes each, so the total length must be even. Accepting odd-length
lists was observed to lead to a non-exploitable one-byte out-of-bounds
read in the latest development branches (1.0.2 and master). Released
versions of OpenSSL are not affected.

Thanks to Felix Groebert of the Google Security Team for reporting this issue.

Reviewed-by: Matt Caswell <matt@openssl.org>

33d5ba86

Fix broken build · f50ffd10

Emilia Kasper authored Dec 05, 2014

Add includes missing from commit 33eab3f6



Reviewed-by: Geoff Thorpe <geoff@openssl.org>

f50ffd10