Commits · 3d81ec5b92e1141762eb72caf2aeb9b2cd019a78 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Sep 25, 2014

Remove #ifdef's for IRIX_CC_BUG · 3d81ec5b
Rich Salz authored Sep 25, 2014
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
3d81ec5b

RT3544: Must update TABLE after Configure change · 008bef52

Rich Salz authored Sep 25, 2014



Also add comment to Configure reminding people to do that.

Reviewed-by: Andy Polyakov <appro@openssl.org>

008bef52

Add missing tests · fdc35a9d

Emilia Kasper authored Sep 25, 2014

Accidentally omitted from commit 455b65df



Reviewed-by: Kurt Roeckx <kurt@openssl.org>

fdc35a9d

Sep 24, 2014

Use correct function name: CMS_add1_signer() · 5886354d
Dr. Stephen Henson authored Sep 20, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
5886354d
crypto/bn/bn_nist.c: work around MSC ARM compiler bug. · 8b07c005
Andy Polyakov authored Sep 25, 2014
```
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
```
8b07c005
e_os.h: allow inline functions to be compiled by legacy compilers. · 40155f40
Andy Polyakov authored Sep 25, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
40155f40

RT3544: Remove MWERKS support · 92c78463

Rich Salz authored Sep 24, 2014



The following #ifdef tests were all removed:
	__MWERKS__
	MAC_OS_pre_X
	MAC_OS_GUSI_SOURCE
	MAC_OS_pre_X
	OPENSSL_SYS_MACINTOSH_CLASSIC
	OPENSSL_SYS_MACOSX_RHAPSODY

Reviewed-by: Andy Polyakov <appro@openssl.org>

92c78463

RT3425: constant-time evp_enc · 4aac102f

Emilia Kasper authored Sep 05, 2014



Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>

4aac102f

RT3067: simplify patch · 455b65df

Emilia Kasper authored Sep 04, 2014

(Original commit adb46dbc

)

Use the new constant-time methods consistently in s3_srvr.c

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

455b65df

RT3066: rewrite RSA padding checks to be slightly more constant time. · 294d1e36

Emilia Kasper authored Aug 28, 2014



Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

294d1e36

Sep 23, 2014

make update · 51b7be8d

Emilia Kasper authored Sep 23, 2014



Sync libeay.num from 1.0.2

Reviewed-by: Dr Stephen Henson <steve@openssl.org>

51b7be8d

Note i2d_re_X509_tbs and related changes in CHANGES · 5f85f64f

Emilia Kasper authored Sep 23, 2014



Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit e9128d9401ad617e17c5eb3772512c24b038b967)

5f85f64f

CHANGES: mention ECP_NISTZ256. · 507efe73
Andy Polyakov authored Sep 23, 2014
```
Reviewed-by: Bodo Moeller <bodo@openssl.org>
```
507efe73

Sep 21, 2014

crypto/rsa/rsa_chk.c: harmonize error codes. · 4513b1b6
Andy Polyakov authored Sep 21, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
4513b1b6
crypto/ecp_nistz256.c: harmonize error codes. · be07ae9b
Andy Polyakov authored Sep 21, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
be07ae9b

Fixed error introduced in commit · b5ff559f

Tim Hudson authored Sep 21, 2014


that fixed PR#3450 where an existing cast masked an issue when i was changed
from int to long in that commit

Picked up on z/linux (s390) where sizeof(int)!=sizeof(long)

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

b5ff559f

Sep 20, 2014
- Harmonize Tru64 and Linux make rules. · d475b2a3
  Andy Polyakov authored Sep 20, 2014
```
RT: 3333,3165
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  d475b2a3
Sep 19, 2014
- Fix warning. · 16e5b45f
  Dr. Stephen Henson authored Sep 19, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  16e5b45f
- RT3291: Add -crl and -revoke options to CA.pl · e8185aea
  Rich Salz authored Sep 18, 2014
```
Document the new features

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  e8185aea
Sep 18, 2014

RT2301: GetDIBits, not GetBitmapBits in rand_win · 99b00fd9

Jake Goulding authored Sep 05, 2014



GetDIBits has been around since Windows2000 and
BitBitmapBits is an old Win16 compatibility function
that is much slower.

Reviewed-by: Tim Hudson <tjh@openssl.org>

99b00fd9

Sep 11, 2014
- crypto/bn/asm/x86_64-mont*.pl: add missing clang detection. · 569e2d12
  Andy Polyakov authored Sep 12, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  569e2d12
- Configure: engage ECP_NISTZ256. · 84714790
  Andy Polyakov authored Sep 12, 2014
```
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  84714790
- Add ECP_NISTZ256 by Shay Gueron, Intel Corp. · 4d3fa06f
  Andy Polyakov authored Sep 12, 2014
```
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  4d3fa06f
- Reserve option to use BN_mod_exp_mont_consttime in ECDSA. · f54be179
  Andy Polyakov authored Sep 12, 2014
```
Submitted by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  f54be179
- perlasm/x86_64-xlate.pl: handle inter-bank movd. · 902b30df
  Andy Polyakov authored Sep 12, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  902b30df
- RT2772 update: c_rehash was broken · 6f46c3c3
  Rich Salz authored Sep 11, 2014
```
Move the readdir() lines out of the if statement, so
that flist is available globally.

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  6f46c3c3
Sep 10, 2014

RT3271 update; extra; semi-colon; confuses; some; · cb4bb56b
Rich Salz authored Sep 10, 2014
```
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
```
cb4bb56b

RT2560: missing NULL check in ocsp_req_find_signer · b2aa38a9

Rich Salz authored Sep 10, 2014



If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

b2aa38a9

Sep 09, 2014

RT2196: Clear up some README wording · 468ab1c2

Rich Salz authored Sep 09, 2014



Say where to email bug reports.
Mention general RT tracker info in a separate paragraph.

Reviewed-by: Tim Hudson <tjh@openssl.org>

468ab1c2

RT3192: spurious error in DSA verify · eb63bce0

Matt Caswell authored Sep 09, 2014



This is funny; Ben commented in the source, Matt opend a ticket,
and Rich is doing the submit.  Need more code-review? :)

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

eb63bce0

Merge branch 'master' of git.openssl.org:openssl · c939cca1

Rich Salz authored Sep 09, 2014



Previous commit was reviewed by Geoff, not Stephen:
Reviewed-by: Geoff Thorpe <geoff@openssl.org>

c939cca1

RT3271: Don't use "if !" in shell lines · 843921f2

Rich Salz authored Sep 09, 2014



For portability don't use "if ! expr"

Reviewed-by: Geoff Thorpe <geoff@openssl.org>

843921f2

RT3271: Don't use "if !" in shell lines · b999f66e

Rich Salz authored Sep 09, 2014



For portability don't use "if ! expr"

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

b999f66e

RT1909: Omit version for v1 certificates · 1f18f50c

Geoff Keating authored Sep 09, 2014



When calling X509_set_version to set v1 certificate, that
should mean that the version number field is omitted.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

1f18f50c

RT3506: typo's in ssltest · 4eadd11c
Kurt Cancemi authored Sep 09, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
4eadd11c

Sep 08, 2014

RT2841: Extra return in check_issued · 4cd1119d
Paul Suhler authored Sep 08, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
4cd1119d

RT2626: Change default_bits from 1K to 2K · 44e0c2ba

Kurt Roeckx authored Sep 08, 2014



This is a more comprehensive fix.  It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1.  This is from
Kurt's upstream Debian changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>

44e0c2ba

RT2600: Change Win line-endings to Unix. · 5f855569
Rich Salz authored Sep 08, 2014
```
For consistency.

Reviewed-by: Bodo Moeller <bodo@openssl.org>
```
5f855569

RT2272: Add old-style hash to c_rehash · a787c259

Matthias Andree authored Sep 07, 2014



In addition to Matthias's change, I also added -n to
not remove links. And updated the manpage.

Reviewed-by: Tim Hudson <tjh@openssl.org>

a787c259

RT671: export(i2s|s2i|i2v|v2i)_ASN1_(IA5|BIT)STRING · 6452a139

Bjoern Zeeb authored Aug 14, 2014



The EXT_BITSTRING and EXT_IA5STRING are defined in x509v3.h, but
the low-level functions are not public. They are useful, no need
to make them static. Note that BITSTRING already was exposed since
this RT was created, so now we just export IA5STRING functions.

Reviewed-by: Tim Hudson <tjh@openssl.org>

6452a139