Commits · 2238119751bb95efc1dfafabf0e70e86f71fc6f6 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Aug 17, 2016
- VMS: no ENDIF on one line IF statements, in config.com · 22381197
  Richard Levitte authored Aug 17, 2016
```
Correct small error from last config.com change

Reviewed-by: Matt Caswell <matt@openssl.org>
```
  22381197
Aug 16, 2016

Convert SSL_SESSION* functions to use const getters · 48593cb1

Matt Caswell authored Aug 13, 2016



Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>

48593cb1

Convert PKCS8* functions to use const getters · b2e57e09

Matt Caswell authored Aug 13, 2016



Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>

b2e57e09

Convert TS_STATUS_INFO* functions to use const getters · bb2f62ba

Matt Caswell authored Aug 13, 2016



Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>

bb2f62ba

two typo fixes · 69b86d4b

FdaSilvaYY authored Aug 12, 2016



Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1461)

69b86d4b

Fix compilation when using MASM on x86 · 1bb7310b

Gergely Nagy authored Aug 16, 2016



The generated asm code from x86cpuid.pl contains CMOVE instructions
which are only available on i686 and later CPUs.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1459)

1bb7310b

Provide compat macros for SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() · 2ecb9f2d

Matt Caswell authored Aug 16, 2016



These functions are no longer relevant to 1.1.0 (we always have auto ecdh
on) - but no reason to break old code that tries to call it. The macros will
only return a dummy "success" result if the app was trying to enable ecdh.
Disabling can't be done in quite this way any more.

Fixes Github Issue #1437

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

2ecb9f2d

Ensure we unpad in constant time for read pipelining · f9cf774c

Matt Caswell authored Aug 16, 2016



The read pipelining code broke constant time unpadding. See GitHub
issue #1438

Reviewed-by: Rich Salz <rsalz@openssl.org>

f9cf774c

Corrupt signature earlier. · 0f022f5a

Dr. Stephen Henson authored Aug 16, 2016



If -badsig is selected corrupt the signature before printing out
any details so the output reflects the modified signature.

Reviewed-by: Rich Salz <rsalz@openssl.org>

0f022f5a

make update · 34d4d745
Dr. Stephen Henson authored Aug 16, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
34d4d745

Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data(). · 17ebf85a

Dr. Stephen Henson authored Aug 16, 2016



Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.

Reviewed-by: Rich Salz <rsalz@openssl.org>

17ebf85a

Remove duplicate ordinals · 1940aa6e
Richard Levitte authored Aug 16, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
1940aa6e
ARMv8 assembly pack: add Samsung Mongoose results. · 05ef4d19
Andy Polyakov authored Aug 14, 2016
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
05ef4d19
Configure: recognize -static as link option and disable incompatible options. · 9d46752d
Andy Polyakov authored Aug 14, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
9d46752d
test/ssl_test.tmpl: make it work with elderly perl. · f4941736
Andy Polyakov authored Aug 12, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
f4941736

Fix satsub64be() to unconditionally use 64-bit integers · 31c34a3e

David Woodhouse authored Aug 05, 2016



Now we support (u)int64_t this can be very much simpler.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

31c34a3e

SSL tests: send some application data · e0421bd8
Emilia Kasper authored Aug 11, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
e0421bd8
Add a "config" for verbosity and use it with Travis · ffb261ff
Richard Levitte authored Aug 15, 2016
```
Modify VMS config.com to match

Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
ffb261ff
Make "make" less verbose in Travis, except for the build only case · a4ffbbee
Richard Levitte authored Aug 15, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
a4ffbbee

Aug 15, 2016

Limit reads in do_b2i_bio() · 66bcba14

Dr. Stephen Henson authored Aug 15, 2016



Apply a limit to the maximum blob length which can be read in do_d2i_bio()
to avoid excessive allocation.

Thanks to Shi Lei for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>

66bcba14

Check for errors in a2d_ASN1_OBJECT() · 8b9afbc0
Dr. Stephen Henson authored Aug 05, 2016
```
Check for error return in BN_div_word().

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
8b9afbc0

Check for errors in BN_bn2dec() · 07bed46f

Dr. Stephen Henson authored Aug 05, 2016



If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.

Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.

Thanks to Shi Lei for reporting this bug.

CVE-2016-2182

Reviewed-by: Tim Hudson <tjh@openssl.org>

07bed46f

Avoid truncating the pointer on x32 platform. · 40c60b0d

Tomas Mraz authored Aug 15, 2016



The 64 bit pointer must not be cast to 32bit unsigned long on
x32 platform.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

40c60b0d

Add a comment for the added cast with explanation. · e7e5d608
Tomas Mraz authored Aug 10, 2016
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
```
e7e5d608

Fix af_alg engine failure on 32 bit architectures. · 3f8d1216

Tomas Mraz authored Aug 09, 2016



Add extra cast to unsigned long to avoid sign extension when
converting pointer to 64 bit data.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

3f8d1216

Remove a stray unneeded line in 70-test_sslrecords.t · bb982ce7
Matt Caswell authored Aug 04, 2016
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
bb982ce7
Address feedback on SSLv2 ClientHello processing · 78fcddbb
Matt Caswell authored Aug 03, 2016
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
78fcddbb

Add some SSLv2 ClientHello tests · a2a0c86b

Matt Caswell authored Aug 02, 2016



Test that we handle a TLS ClientHello in an SSLv2 record correctly.

Reviewed-by: Tim Hudson <tjh@openssl.org>

a2a0c86b

Send an alert if we get a non-initial record with the wrong version · a01c86a2

Matt Caswell authored Aug 02, 2016



If we receive a non-initial record but the version number isn't right then
we should send an alert.

Reviewed-by: Tim Hudson <tjh@openssl.org>

a01c86a2

Address feedback on SSLv2 ClientHello processing · 44efb88a

Matt Caswell authored Aug 01, 2016



Feedback on the previous SSLv2 ClientHello processing fix was that it
breaks layering by reading init_num in the record layer. It also does not
detect if there was a previous non-fatal warning.

This is an alternative approach that directly tracks in the record layer
whether this is the first record.

GitHub Issue #1298

Reviewed-by: Tim Hudson <tjh@openssl.org>

44efb88a

Replaces CT_POLICY_EVAL_CTX_set0 entries with new setters in libcrypto.num · c35d339d

Rob Percival authored Aug 15, 2016



Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)

c35d339d

Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions · 11c68cea

Rob Percival authored Aug 15, 2016



They may fail if they cannot increment the reference count of the
certificate they are storing a pointer for. They should return 0 if this
occurs.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)

11c68cea

Improves CTLOG_STORE setters · a1bb7708

Rob Percival authored Aug 05, 2016

Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196

.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)

a1bb7708

Skip the SRP tests in 80-test_ssl_old.t if no TLS versions is enabled · a0ef6bb6
Richard Levitte authored Aug 15, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
a0ef6bb6

Fix no-ec · 0a699a07

Dr. Stephen Henson authored Aug 15, 2016



Fix no-ec builds by having separate functions to create keys based on
an existing EVP_PKEY and a curve id.

Reviewed-by: Rich Salz <rsalz@openssl.org>

0a699a07

Aug 14, 2016

Never return -1 from BN_exp · 0818dbad

Jakub Zelenka authored Aug 14, 2016



Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1455)

0818dbad

Aug 13, 2016
- update CHANGES · 3d9a51f7
  Dr. Stephen Henson authored Aug 13, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  3d9a51f7
- add documentation · c082201a
  Dr. Stephen Henson authored Aug 12, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  c082201a
- Print out names of other temp key algorithms. · 23143e4d
  Dr. Stephen Henson authored Aug 11, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  23143e4d
- Remove old EC based X25519 code. · bc7bfb83
  Dr. Stephen Henson authored Aug 11, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  bc7bfb83