Commits · 15b5d6585de098e48acebc8366a9956ee57c8f2d · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Feb 22, 2015

typo · 15b5d658
Dr. Stephen Henson authored Feb 22, 2015
```
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
```
15b5d658

Edgar Pek authored Feb 21, 2015



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>

bcfa19a8

Fix memory leak · edac5dc2
Kurt Roeckx authored Feb 21, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
edac5dc2

Avoid a double-free in an error path. · 1549a265

Doug Hogan authored Jan 07, 2015



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>

1549a265

Restore -DTERMIO/-DTERMIOS on Windows platforms. · ba4bdee7

Richard Levitte authored Feb 22, 2015



The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a
bit too enthusiastically.  Windows/DOSish platforms of all sorts get
identified as OPENSSL_SYS_MSDOS, and they get a different treatment
altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the
configuration.  The answer is to restore those macro definitions for
the affected configuration targets.

Reviewed-by: Tim Hudson <tjh@openssl.org>

ba4bdee7

Feb 21, 2015

Assume TERMIOS is default, remove TERMIO on all Linux. · 64e6bf64

Richard Levitte authored Feb 12, 2015



The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux.  For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.

crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: Matt Caswell <matt@openssl.org>

64e6bf64

Add additional EC documentation. · 146ca72c
Dr. Stephen Henson authored Feb 19, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
146ca72c

Feb 19, 2015

Use named curve parameter encoding by default. · 86f300d3

Dr. Stephen Henson authored Feb 19, 2015



Many applications require named curve parameter encoding instead of explicit
parameter encoding (including the TLS library in OpenSSL itself). Set this
encoding by default instead of requiring an explicit call to set it.

Add OPENSSL_EC_EXPLICT_CURVE define.
Reviewed-by: Matt Caswell <matt@openssl.org>

86f300d3

Feb 14, 2015
- More RSA tests. · f37879d0
  Dr. Stephen Henson authored Feb 14, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  f37879d0
Feb 13, 2015

remove unused method declaration · f9e31463
Dr. Stephen Henson authored Feb 13, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
f9e31463

size_t for buffer functions. · e5bf3c92

Dr. Stephen Henson authored Feb 13, 2015



Change BUF_MEM_grow and BUF_MEM_grow_clean to return size_t.
Reviewed-by: Richard Levitte <levitte@openssl.org>

e5bf3c92

Add leak detection, fix leaks. · d5ec8efc
Dr. Stephen Henson authored Feb 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
d5ec8efc

Add EVP_PKEY test data. · b9d4e97c

Dr. Stephen Henson authored Feb 12, 2015



Add some EVP_PKEY test data for sign and verify tests including
failure cases.
Reviewed-by: Richard Levitte <levitte@openssl.org>

b9d4e97c

EVP_PKEY support for evp_test · 5824cc29

Dr. Stephen Henson authored Feb 11, 2015



Add two new keywords "PublicKey" and "PrivateKey". These will load a key
in PEM format from the lines immediately following the keyword and assign
it a name according to the value. These will be used later for public and
private key testing operations.

Add tests for Sign, Verify, VerifyRecover and Decrypt.
Reviewed-by: Richard Levitte <levitte@openssl.org>

5824cc29

Add CMAC test data. · 16cb8eb0
Dr. Stephen Henson authored Feb 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
16cb8eb0
Add HMAC test data. · b8c792dc
Dr. Stephen Henson authored Feb 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
b8c792dc
MAC support for evp_test · 83251f39
Dr. Stephen Henson authored Feb 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
83251f39
New macro to set mac key. · eff1a4d2
Dr. Stephen Henson authored Feb 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
eff1a4d2
Return error code is any tests fail. · 6906a7c1
Dr. Stephen Henson authored Feb 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
6906a7c1

Transfer a fix from 1.0.1 · 774ccae6

Richard Levitte authored Feb 12, 2015



manually picked from e7b85bc40200961984925604ca444517359a6067
Reviewed-by: Stephen Henson <steve@openssl.org>

774ccae6

Feb 12, 2015
- RT937: Enable pilotAttributeType uniqueIdentifier · c81f425e
  Rich Salz authored Feb 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  c81f425e
- evp/evp.h: add missing camellia-ctr declarations. · 2b8f33a5
  Andy Polyakov authored Feb 12, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  2b8f33a5
- RT3670: Check return from BUF_MEM_grow_clean · b0333e69
  Graeme Perrow authored Feb 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  b0333e69
- RT3684: rand_egd needs stddef.h · 5006c322
  Clang via Jeffrey Walton authored Feb 12, 2015
```
And remove backup definition of offsetof.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  5006c322
- Missing OPENSSL_free on error path. · 1d2932de
  Eric Dequin authored Feb 12, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  1d2932de
Feb 11, 2015
- Engage ecp_nistz256-armv4 module. · 7b4a4b71
  Andy Polyakov authored Jan 23, 2015
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  7b4a4b71
- Add ec/asm/ecp_nistz256-armv4.pl module. · 7a6c9a2e
  Andy Polyakov authored Feb 11, 2015
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  7a6c9a2e
- Add Camellia CTR mode. · dda81999
  Andy Polyakov authored Feb 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  dda81999
- Add more Camellia OIDs. · c79e1773
  Andy Polyakov authored Feb 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  c79e1773
Feb 10, 2015

Add SSL_SESSION_get0_ticket API function. · b7c9187b
Matt Caswell authored Feb 08, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
b7c9187b

Correct reading back of tlsext_tick_lifetime_hint from ASN1. · ea6bd264

Matt Caswell authored Feb 08, 2015



When writing out the hint, if the hint > 0, then we write it out otherwise
we skip it.

Previously when reading the hint back in, if were expecting to see one
(because the ticket length > 0), but it wasn't present then we set the hint
to -1, otherwise we set it to 0. This fails to set the hint to the same as
when it was written out.

The hint should never be negative because the RFC states the hint is
unsigned. It is valid for a server to set the hint to 0 (this means the
lifetime is unspecified according to the RFC). If the server set it to 0, it
should still be 0 when we read it back in.

Reviewed-by: Tim Hudson <tjh@openssl.org>

ea6bd264

Provide the API functions SSL_SESSION_has_ticket and · f2baac27

Matt Caswell authored Feb 08, 2015


SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as
required to fix Qt for OpenSSL 1.1.0. I have also added the former in order
to determine whether a ticket is present or not - otherwise it is difficult
to know whether a zero lifetime hint is because the server set it to 0, or
because there is no ticket.

Reviewed-by: Tim Hudson <tjh@openssl.org>

f2baac27

Make tlsext_tick_lifetime_hint an unsigned long (from signed long). · 75ea3632

Matt Caswell authored Feb 08, 2015



From RFC4507:
"The ticket_lifetime_hint field contains a hint from the server about how
long the ticket should be stored.  The value indicates the lifetime in
seconds as a 32-bit unsigned integer in network byte order."

Reviewed-by: Tim Hudson <tjh@openssl.org>

75ea3632

ec/ecp_nistz256.c: fix compiler warnings. · 5afc296a
Andy Polyakov authored Feb 10, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
5afc296a
Configure: disable warning C4090 in Windows builds. · ea5f8411
Andy Polyakov authored Feb 10, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
ea5f8411
ec/asm/ecp_nistz256-x86.pl: fix typos (error shows in Windows build). · 50292917
Andy Polyakov authored Feb 10, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
50292917

New evp_test updates. · b033e5d5

Dr. Stephen Henson authored Feb 09, 2015



Print usage message.

Print expected and got values if mismatch.
Reviewed-by: Andy Polyakov <appro@openssl.org>

b033e5d5

Add new test file. · 7303b472
Dr. Stephen Henson authored Feb 09, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
7303b472
Initial version of new evp_test program. · 307e3978
Dr. Stephen Henson authored Feb 09, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
307e3978

Fix hostname validation in the command-line tool to honour negative return values. · 0923e7df

Emilia Kasper authored Feb 05, 2015



Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>

0923e7df