Commits · 44e0c2bae4bfd87d770480902618dbccde84fd81 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Sep 08, 2014

RT2626: Change default_bits from 1K to 2K · 44e0c2ba

Kurt Roeckx authored Sep 08, 2014



This is a more comprehensive fix.  It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1.  This is from
Kurt's upstream Debian changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>

44e0c2ba

RT2600: Change Win line-endings to Unix. · 5f855569
Rich Salz authored Sep 08, 2014
```
For consistency.

Reviewed-by: Bodo Moeller <bodo@openssl.org>
```
5f855569

RT2272: Add old-style hash to c_rehash · a787c259

Matthias Andree authored Sep 07, 2014



In addition to Matthias's change, I also added -n to
not remove links. And updated the manpage.

Reviewed-by: Tim Hudson <tjh@openssl.org>

a787c259

RT671: export(i2s|s2i|i2v|v2i)_ASN1_(IA5|BIT)STRING · 6452a139

Bjoern Zeeb authored Aug 14, 2014



The EXT_BITSTRING and EXT_IA5STRING are defined in x509v3.h, but
the low-level functions are not public. They are useful, no need
to make them static. Note that BITSTRING already was exposed since
this RT was created, so now we just export IA5STRING functions.

Reviewed-by: Tim Hudson <tjh@openssl.org>

6452a139

RT468: SSL_CTX_sess_set_cache_size wrong · e9edfc41

Rich Salz authored Sep 03, 2014



The documentation is wrong about what happens when the
session cache fills up.

Reviewed-by: Tim Hudson <tjh@openssl.org>

e9edfc41

RT3301: Discard too-long heartbeat requests · af4c6e34
Erik Auerswald authored Aug 26, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
af4c6e34

RT3291: Add -crl and -revoke options to CA.pl · 98ecf60b

Dario B authored Sep 04, 2014



I added some error-checking while integrating this patch.

Reviewed-by: Tim Hudson <tjh@openssl.org>

98ecf60b

RT2518: fix pod2man errors · fe757304

Scott Schaefer authored Aug 13, 2014



pod2man now complains when item tags are not sequential.
Also complains about missing =back and other tags.
Silence the warnings; most were already done.

Reviewed-by: Tim Hudson <tjh@openssl.org>

fe757304

RT992: RSA_check_key should have a callback arg · 2afb29b4

Rich Salz authored Aug 14, 2014



The original RT request included a patch.  By the time
we got around to doing it, however, the callback scheme
had changed. So I wrote a new function RSA_check_key_ex()
that uses the BN_GENCB callback.  But thanks very much
to Vinet Sharma <vineet.sharma@gmail.com> for the
initial implementation.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

2afb29b4

RT3108: OPENSSL_NO_SOCK should imply OPENSSL_NO_DGRAM · be0bd11d
Rich Salz authored Sep 04, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
be0bd11d

RT3031: Need to #undef some names for win32 · 83e4e03e

Robin Lee authored Sep 04, 2014



Copy the ifdef/undef stanza from x509.h to x509v3.h

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

83e4e03e

RT2849: Redundant check of "dsa" variable. · 3173622e

Rich Salz authored Sep 04, 2014



In the current code, the check isn't redundant.
And in fact the REAL check was missing.
This avoids a NULL-deref crash.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

3173622e

RT2843: Remove another spurious close-comment token · 683cd7c9
Martin Olsson authored Sep 04, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
683cd7c9

RT2842: Remove spurious close-comment marker. · 6b0dc6ef

Martin Olsson authored Sep 04, 2014



Also, I (rsalz) changed "#ifdef undef" to "#if 0"

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

6b0dc6ef

Merge branch 'master' of git.openssl.org:openssl · 76e8671c
Rich Salz authored Sep 08, 2014
```
empty merge; script hiccup.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
76e8671c

RT1834: Fix PKCS7_verify return value · 4f13dabe

Rich Salz authored Sep 05, 2014



The function returns 0 or 1, only.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

4f13dabe

RT1832: Fix PKCS7_verify return value · b0e659cf

Rich Salz authored Sep 05, 2014



The function returns 0 or 1, only.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

b0e659cf

RT1771: Add string.h include. · 8842987e
Alon Bar-Lev authored Sep 05, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
8842987e

Sep 07, 2014
- RT1325,2973: Add more extensions to c_rehash · 5a8addc4
  Viktor Dkhovni authored Sep 07, 2014
```
Regexp was bracketed wrong.

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  5a8addc4
Sep 05, 2014

make update · 2f32016b
Emilia Kasper authored Sep 05, 2014
```
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
```
2f32016b

Add i2d_re_X509_tbs · 95b1752c

Emilia Kasper authored Sep 05, 2014



i2d_re_X509_tbs re-encodes the TBS portion of the certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>

95b1752c

Add CHANGES entry for SCT viewer code. · b2774f6e
Dr. Stephen Henson authored Sep 05, 2014
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
b2774f6e
sync ordinals with 1.0.2 · b0bbe493
Dr. Stephen Henson authored Aug 28, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
b0bbe493

psk_client_callback, 128-byte id bug. · be0d8517

Adam Langley authored Jun 20, 2014



Fix a bug in handling of 128 byte long PSK identity in
psk_client_callback.

OpenSSL supports PSK identities of up to (and including) 128 bytes in
length. PSK identity is obtained via the psk_client_callback,
implementors of which are expected to provide a NULL-terminated
identity. However, the callback is invoked with only 128 bytes of
storage thus making it impossible to return a 128 byte long identity and
the required additional NULL byte.

This CL fixes the issue by passing in a 129 byte long buffer into the
psk_client_callback. As a safety precaution, this CL also zeroes out the
buffer before passing it into the callback, uses strnlen for obtaining
the length of the identity returned by the callback, and aborts the
handshake if the identity (without the NULL terminator) is longer than
128 bytes.

(Original patch amended to achieve strnlen in a different way.)

Reviewed-by: Rich Salz <rsalz@openssl.org>

be0d8517

Sep 03, 2014

Followup on RT3334 fix: make sure that a directory that's the empty · 360928b7
Richard Levitte authored Aug 15, 2014
```
string returns 0 with errno = ENOENT.

Reviewed-by: Andy Polyakov <appro@openssl.org>
```
360928b7

RT3334: Fix crypto/LPdir_win.c · 6a14fe75

Phil Mesnier authored Aug 14, 2014



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>

6a14fe75

RT3140: Possibly-unit variable in pem_lib.c · 0ff3687e

Clang via Jeffrey Walton authored Sep 02, 2014



Can't really happen, but the flow of control isn't obvious.
Add an initializer.

Reviewed-by: Matt Caswell <matt@openssl.org>

0ff3687e

Sep 02, 2014

Make the inline const-time functions static. · 86f50b36

Emilia Kasper authored Aug 28, 2014

"inline" without static is not correct as the compiler may choose to ignore it
and will then either emit an external definition, or expect one.

Reviewed-by: Geoff Thorpe <geoff@openssl.org>

86f50b36

Sep 01, 2014

RT3508: Remove unused variable introduced by b09eb246 · b0426a0f
Kurt Cancemi authored Aug 31, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
b0426a0f

RT3511: doc fix; req default serial is random · 3aba132d

Adam Williamson authored Aug 31, 2014



RT842, closed back in 2004, changed the default serial number
to be a random number rather than zero.  Finally time to update
the doc

Reviewed-by: Tim Hudson <tjh@openssl.org>

3aba132d

Aug 31, 2014

Add explanatory note to crypto/store/README · 9fc8dc54
Rich Salz authored Aug 31, 2014
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
9fc8dc54

RT1325,2973: Add more extensions to c_rehash · 80ec8d4e

TANABE Hiroyasu authored Aug 30, 2014



Add .crt/.cer/.crl to the filenames parsed.

I also updated the podpage (since it didn't exist when
this ticket was first created, nor when it was re-created
seven years later).

Reviewed-by: Tim Hudson <tjh@openssl.org>

80ec8d4e

Aug 30, 2014

Configure: add configuration for crypto/ec/asm extensions. · 6019cdd3
Andy Polyakov authored Aug 30, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
6019cdd3
md5-x86_64.pl: work around warning. · 4d86e8df
Andy Polyakov authored Aug 30, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
4d86e8df
x86[_64] assembly pack: add Silvermont performance data. · b59f92e7
Andy Polyakov authored Aug 30, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
b59f92e7
Remove some outdated README files, to avoid confusing people. · 0f957287
Rich Salz authored Aug 30, 2014
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
0f957287

RT2820: case-insensitive filenames on Darwin · 457f7b14

Rich Salz authored Aug 30, 2014



Andy pointed out there is also darwin64, so tweak the pattern.

Reviewed-by: Andy Polyakov <appro@openssl.org>

457f7b14

RT2119,3407: Updated to dgst.pod · d1bea969

Rich Salz authored Aug 28, 2014



Re-order algorithm list.
Be consistent in command synopsis.
Add content about signing.
Add EXAMPLE section
Add some missing options: -r, -fips-fingerprint -non-fips-allow
Various other fixes.

Reviewed-by: Andy Polyakov <appro@openssl.org>

d1bea969

RT2379: Additional typo fix · 8b77d64e

Rich Salz authored Aug 30, 2014



Andy found an additional typo "can be can be".
Now I have that silly "Que sera sera" song stuck in my head.

Reviewed-by: Andy Polyakov <appro@openssl.org>

8b77d64e

RT1941: c_rehash.pod is missing · cf2239b3

James Westby authored Aug 14, 2014



Add the file written by James Westby, graciously contributed
under the terms of the OpenSSL license.

Reviewed-by: Andy Polyakov <appro@openssl.org>

cf2239b3