Commits · 02758836731658381580e282ff403ba07d87b2f8 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

19 Mar, 2015 1 commit

Dr. Stephen Henson authored Mar 09, 2015



Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

CVE-2015-0286

Reviewed-by: Richard Levitte <levitte@openssl.org>

02758836

18 Mar, 2015 1 commit

Free up ADB and CHOICE if already initialised. · 7746ff50

Dr. Stephen Henson authored Feb 23, 2015



CVE-2015-0287

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

7746ff50

12 Mar, 2015 1 commit

ASN.1 print fix. · 765db5f9

Dr. Stephen Henson authored Mar 11, 2015



When printing out an ASN.1 structure if the type is an item template don't
fall thru and attempt to interpret as a primitive type.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 5dc1247a)

765db5f9

11 Mar, 2015 1 commit

Cleanse buffers · 683f03e4

Matt Caswell authored Mar 09, 2015



Cleanse various intermediate buffers used by the PRF (backported version
from master).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 35fafc4d)

Conflicts:
	ssl/s3_enc.c

Conflicts:
	ssl/t1_enc.c

683f03e4

09 Mar, 2015 1 commit
- update ordinals · 765e2465
  Dr. Stephen Henson authored Mar 09, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  765e2465
08 Mar, 2015 3 commits

fix warning · f10dfa07

Dr. Stephen Henson authored Mar 08, 2015



Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit d6ca1cee)

Conflicts:
	ssl/ssl_locl.h

f10dfa07

Fix warnings. · 394a30c2

Dr. Stephen Henson authored Mar 08, 2015

Fix compiler warnings (similar to commit 25012d5e

)

Reviewed-by: Richard Levitte <levitte@openssl.org>

394a30c2

Cleanse PKCS#8 private key components. · 36971258

Dr. Stephen Henson authored Mar 03, 2015



New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.

Call ASN1_STRING_clear_free on PKCS#8 private key components.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a8ae0891)

Conflicts:
	crypto/dh/dh_ameth.c

36971258

07 Mar, 2015 1 commit

Remove export ciphers from the DEFAULT cipher list · 71b0bb76

Kurt Roeckx authored Mar 04, 2015



They are moved to the COMPLEMENTOFDEFAULT instead.
This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit bc2e18a3)

71b0bb76

06 Mar, 2015 1 commit

Update mkerr.pl for new format · 09712fd0

Matt Caswell authored Mar 06, 2015



Make the output from mkerr.pl consistent with the newly reformatted code.

Reviewed-by: Richard Levitte <levitte@openssl.org>

09712fd0

02 Mar, 2015 2 commits

Check public key is not NULL. · 4bf7b291

Dr. Stephen Henson authored Feb 18, 2015



CVE-2015-0288
PR#3708

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 28a00bcd)

4bf7b291

Fix format script. · 42ad0100

Dr. Stephen Henson authored Mar 02, 2015



The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 437b14b5)

42ad0100

25 Feb, 2015 1 commit

Fix a failure to NULL a pointer freed on error. · dac693c9

Matt Caswell authored Feb 09, 2015



Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>

dac693c9

24 Feb, 2015 1 commit

Document -no_explicit · 6e161ee3

Dr. Stephen Henson authored Feb 24, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 384dee51)

6e161ee3

09 Feb, 2015 2 commits
- Bring objects.pl output even closer to new format. · 0e5e7af9
  Andy Polyakov authored Feb 09, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 84903716)
```
  0e5e7af9
- Harmonize objects.pl output with new format. · 2487d771
  Andy Polyakov authored Feb 07, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 7ce38623)
```
  2487d771
06 Feb, 2015 1 commit

Fix error handling in ssltest · e5d2a44f

Matt Caswell authored Feb 05, 2015



Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit ae632974)

e5d2a44f

05 Feb, 2015 1 commit

Fixed bad formatting in crypto/des/spr.h · 189de545

Rich Salz authored Feb 05, 2015



Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 7e35f06e)

189de545

04 Feb, 2015 1 commit
- Make objxref.pl output in correct format · beac071b
  Dr. Stephen Henson authored Feb 04, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6922ddee)
```
  beac071b
03 Feb, 2015 1 commit
- Check PKCS#8 pkey field is valid before cleansing. · 99ff4051
  Dr. Stephen Henson authored Feb 01, 2015
```
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 52e028b9)
```
  99ff4051
22 Jan, 2015 20 commits
- Fix for reformat problems with e_padlock.c · 192e1481
  Matt Caswell authored Jan 22, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit d3b7cac4)
```
  192e1481
- Fix formatting error in pem.h · 1804f782
  Matt Caswell authored Jan 22, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>

Conflicts:
	crypto/pem/pem.h
```
  1804f782
- Re-align some comments after running the reformat script. · 3d7a9aca
  Matt Caswell authored Jan 05, 2015
```
This should be a one off operation (subsequent invokation of the
script should not move them)

This commit is for the 1.0.0 changes

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  OpenSSL_1_0_0-post-reformat
  
  3d7a9aca
- Rerun util/openssl-format-source -v -c . · 4bc99138
  Matt Caswell authored Jan 22, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  OpenSSL_1_0_0-post-auto-reformat
  
  4bc99138
- Run util/openssl-format-source -v -c . · a8b966f4
  Matt Caswell authored Jan 22, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  a8b966f4
- Yet more changes to comments · e3db68b7
  Matt Caswell authored Jan 22, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  OpenSSL_1_0_0-pre-auto-reformat
  
  e3db68b7
- More tweaks for comments due indent issues · c583d406
  Matt Caswell authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  c583d406
- Fix modes.h so that indent doesn't complain · 31082f21
  Matt Caswell authored Jan 21, 2015
```
Conflicts:
	crypto/modes/modes.h

Conflicts:
	crypto/modes/modes.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  31082f21
- Backport hw_ibmca.c from master due to failed merge · 2c783509
  Matt Caswell authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  2c783509
- Tweaks for comments due to indent's inability to handle them · 6bd72a27
  Matt Caswell authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  6bd72a27
- Move more comments that confuse indent · 5011589a
  Matt Caswell authored Jan 21, 2015
```
Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Conflicts:
	crypto/bn/rsaz_exp.c
	crypto/evp/e_aes_cbc_hmac_sha1.c
	crypto/evp/e_aes_cbc_hmac_sha256.c
	ssl/ssl_locl.h

Conflicts:
	crypto/ec/ec2_oct.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ecp_nistputil.c
	crypto/ec/ecp_oct.c
	crypto/modes/gcm128.c
	ssl/ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  5011589a
- Delete trailing whitespace from output. · 7b0ec6a4
  Dr. Stephen Henson authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  7b0ec6a4
- Add -d debug option to save preprocessed files. · e5ebff7b
  Dr. Stephen Henson authored Jan 20, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  e5ebff7b
- Test option -nc · 9c392088
  Dr. Stephen Henson authored Jan 20, 2015
```
Add option -nc which sets COMMENTS=true but disables all indent comment
reformatting options.

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  9c392088
- Add ecp_nistz256.c to list of files skipped by openssl-format-source · a75d7245
  Matt Caswell authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  a75d7245
- Manually reformat aes_x86core.c and add it to the list of files skipped by · b10a8451
  Matt Caswell authored Jan 21, 2015
```
openssl-format-source

Conflicts:
	crypto/aes/aes_x86core.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  b10a8451
- crypto/ofb128.c: make it indent-friendly. · 679fee0e
  Andy Polyakov authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  679fee0e
- modes/ctr128.c: make it indent-friendly. · 74c1dc90
  Andy Polyakov authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  74c1dc90
- modes/cfb128.c: make it indent-friendly. · 638f75b6
  Andy Polyakov authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  638f75b6
- Fix indent comment corruption issue · 510edea8
  Matt Caswell authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  510edea8