Commits · 447402e628b15861233456736eaec6f9cb2994bf · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

May 09, 2016

Fix error in the loop of ECDH · 447402e6

Andrea Grandi authored May 03, 2016



The tests was incorrectly repeated multiple times when using the
async_jobs options

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

447402e6

Free any existing SRTP connection profile · fbdf0299

Matt Caswell authored May 05, 2016



When setting a new SRTP connection profile using
SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() we should
free any existing profile first to avoid a memory leak.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

fbdf0299

Configurations/windows-makefile.tmpl: expand environments early. · 9921b7b6

Andy Polyakov authored May 06, 2016



If environment variables are not explanded early enough, expanded
strings are passed with single backslash to C compiler, e.g.
C:\Program Files, which effectively results in OpenSSL looking for
engines and certificates in C:Program Files.

Reviewed-by: Richard Levitte <levitte@openssl.org>

9921b7b6

fix tab-space mixed indentation · dccd20d1

FdaSilvaYY authored May 03, 2016



No code change

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

dccd20d1

fix check · e0d32e98

J Mohan Rao Arisankala authored May 06, 2016



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

e0d32e98

few missing allocation failure checks and releases on error paths · cb1d435c

J Mohan Rao Arisankala authored May 05, 2016



- Missing checks for allocation failure.
- releasing memory in few missing error paths

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

cb1d435c

May 07, 2016
- memset() doesn't take NULL. · 5cf14ce0
  Ben Laurie authored May 04, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  5cf14ce0
- Add fuzzing! · c38bb727
  Ben Laurie authored Mar 26, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  c38bb727
May 06, 2016
- Constify PKCS12_newpass() · 049f5bbc
  Dr. Stephen Henson authored May 06, 2016
```
PR#4449

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  049f5bbc
- Add documentation of PKCS12_newpass() · c95a8b4e
  Jeffrey Walton authored May 05, 2016
```
PR#4478

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  c95a8b4e
- Tidy up PKCS12_newpass() fix memory leaks. · d800d0f4
  Dr. Stephen Henson authored May 05, 2016
```
PR#4466

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  d800d0f4
- Only set CMS parameter when encrypting · 708cf5de
  Dr. Stephen Henson authored May 06, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  708cf5de
- RT3513: req doesn't display attributes using utf8string · ec5b56f3
  isnotnick authored Dec 16, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  ec5b56f3
- README.PERL: clarify "matching" Perl requirement on Windows. · 4b16fa79
  Andy Polyakov authored May 05, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  4b16fa79
- poly1305/asm/poly1305-x86_64.pl: contain symbols within shared lib. · 3992e8c0
  Andy Polyakov authored May 04, 2016
```
We don't need it, but external users might find it handy.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  3992e8c0
- poly1305/asm/poly1305-x86_64.pl: make it cross-compile. · 28411657
  Andy Polyakov authored May 04, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  28411657
- testlib/OpenSSL/Test.pm: address 5.10 warnings. · 3732f12c
  Andy Polyakov authored May 04, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  3732f12c
- test/evp_test.c: exercise different combinations of data misalignment. · 9a2d2fb3
  Andy Polyakov authored Apr 23, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  9a2d2fb3
May 05, 2016

Use default ASN.1 for SEED. · c0aa8c27

Dr. Stephen Henson authored May 05, 2016



The default ASN.1 handling can be used for SEED. This also makes
CMS work with SEED.

PR#4504

Reviewed-by: Rich Salz <rsalz@openssl.org>

c0aa8c27

typo · 5ff73fb2
Dr. Stephen Henson authored May 05, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
5ff73fb2
Move 3DES from HIGH to MEDIUM · 4a8e9c22
Rich Salz authored May 05, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
4a8e9c22

Always try to set ASN.1 parameters for CMS. · 3fd60dc4

Dr. Stephen Henson authored Mar 21, 2016



Try to set the ASN.1 parameters for CMS encryption even if the IV
length is zero as the underlying cipher should still set the type.

This will correctly result in errors if an attempt is made to use
an unsupported cipher type.

Reviewed-by: Rich Salz <rsalz@openssl.org>

3fd60dc4

GH356: Change assert to normal error · 50b4a9ba

Sergio Garcia Murillo authored May 05, 2016



Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

50b4a9ba

Handle no async jobs in libssl · fc7f190c

Matt Caswell authored May 03, 2016

If the application has limited the size of the async pool using
ASYNC_init_thread() then we could run out of jobs while trying to start a
libssl io operation. However libssl was failing to handle this and treating
it like a fatal error. It should not be fatal...we just need to retry when
there are jobs available again.

Reviewed-by: Richard Levitte <levitte@openssl.org>

fc7f190c

Document inversion ladder in curve25519 · 0eadff03

Emilia Kasper authored Apr 29, 2016



This demystifies two for-loops that do nothing. They were used to write
the ladder in a unified way. Now that the ladder is otherwise commented,
remove the dead loops.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

0eadff03

Script changed; update the generated file. · fb37410e
Rich Salz authored May 05, 2016
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
fb37410e

Improve heartbeats coding style · 485b78dd

Matt Caswell authored May 05, 2016



Based on an orignal commit by GitHub user BertramScharpf. Rebased and
updated to take account of all the updates since this was first raised.

GH PR#62

Reviewed-by: Rich Salz <rsalz@openssl.org>

485b78dd

Tweak generated warning lines. · e8b7c0c4
Rich Salz authored May 01, 2016
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
e8b7c0c4

remove unused macros in list -disabled · c3d93da0

J Mohan Rao Arisankala authored Feb 26, 2016



list -disabled was checking OPENSSL_NO_SSL/OPENSSL_NO_TLS, which are
not used to disable SSL/TLS respectively.
Building with these macros wrongly show as SSL/TLS disabled, hence
removing this code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

c3d93da0

Fix spelling · d5e86796

FdaSilvaYY authored May 03, 2016



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1021

d5e86796

May 04, 2016

support embed in ASN.1 print · 9d103dbb
Dr. Stephen Henson authored May 04, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
9d103dbb
Complete the list of names in doc/ssl/SSL_CTX_load_verify_locations.pod · c7e6ae6a
Richard Levitte authored May 04, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
c7e6ae6a

Fix name length limit check. · 4e0d184a

Dr. Stephen Henson authored May 04, 2016



The name length limit check in x509_name_ex_d2i() includes
the containing structure as well as the actual X509_NAME. This will
cause large CRLs to be rejected.

Fix by limiting the length passed to ASN1_item_ex_d2i() which will
then return an error if the passed X509_NAME exceeds the length.

RT#4531

Reviewed-by: Rich Salz <rsalz@openssl.org>

4e0d184a

Check return of PEM_write_* functions and report possible errors · c73aa309
Richard Levitte authored May 04, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1025)
```
c73aa309

DEFINE_STACK_OF(ASN1_UTF8STRING) moved from ts_lcl.h to asn1.h · e6c5dbc8

Marek Klein authored May 03, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1020)

e6c5dbc8

Handle malloc failures in BIO_accept · ad9a0562

Matt Caswell authored May 04, 2016



The old BIO_accept() function can encounter errors during malloc. We need
to ensure we properly clean up if that occurs.

GH Issue #817

Reviewed-by: Richard Levitte <levitte@openssl.org>

ad9a0562

reject zero block length in PKCS12 keygen · d5975c8d
Dr. Stephen Henson authored May 04, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
d5975c8d
Fix Blake block length · 6dccec2b
Dr. Stephen Henson authored May 04, 2016
```
PR#4514

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
6dccec2b
add documentation · b1b3e14f
Dr. Stephen Henson authored May 03, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
b1b3e14f
Fix double free in d2i_PrivateKey(). · 3340e8bb
Dr. Stephen Henson authored May 03, 2016
```
RT#4527

Reviewed-by: Matt Caswell <matt@openssl.org>
```
3340e8bb