Commits · 497d0b00dca876beb6c81f2ea6d7160897434c2e · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Mar 19, 2015

Dr. Stephen Henson authored Mar 09, 2015



Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

CVE-2015-0286

Reviewed-by: Richard Levitte <levitte@openssl.org>

497d0b00

Mar 18, 2015

Free up ADB and CHOICE if already initialised. · 674341f1

Dr. Stephen Henson authored Feb 23, 2015



CVE-2015-0287

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

674341f1

Mar 14, 2015
- Tolerate test_sqr errors for FIPS builds. · c58f4f73
  Dr. Stephen Henson authored Mar 14, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  c58f4f73
- Disable export and SSLv2 ciphers by default · c85c1e08
  Kurt Roeckx authored Mar 08, 2015
```
They are moved to the COMPLEMENTOFDEFAULT instead.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
  c85c1e08
Mar 11, 2015

Cleanse buffers · c2f5de13

Matt Caswell authored Mar 09, 2015



Cleanse various intermediate buffers used by the PRF (backported version
from master).

Conflicts:
	ssl/s3_enc.c

Conflicts:
	ssl/t1_enc.c

Conflicts:
	ssl/t1_enc.c

Reviewed-by: Richard Levitte <levitte@openssl.org>

c2f5de13

Mar 08, 2015

Fix warnings. · 01320ad3

Dr. Stephen Henson authored Mar 08, 2015

Fix compiler warnings (similar to commit 25012d5e

)

Reviewed-by: Richard Levitte <levitte@openssl.org>

01320ad3

Mar 06, 2015

Update mkerr.pl for new format · a065737a

Matt Caswell authored Mar 06, 2015



Make the output from mkerr.pl consistent with the newly reformatted code.

Reviewed-by: Richard Levitte <levitte@openssl.org>

a065737a

Mar 02, 2015

Check public key is not NULL. · 241cff62

Dr. Stephen Henson authored Feb 18, 2015



CVE-2015-0288
PR#3708

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 28a00bcd)

241cff62

Fix format script. · 8a8ba071

Dr. Stephen Henson authored Mar 02, 2015



The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 437b14b5)

Conflicts:
	crypto/asn1/x_long.c

8a8ba071

Feb 25, 2015

Fix a failure to NULL a pointer freed on error. · 1b4a8df3

Matt Caswell authored Feb 09, 2015



Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>

1b4a8df3

Feb 09, 2015
- Bring objects.pl output even closer to new format. · 6d4655c2
  Andy Polyakov authored Feb 09, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 84903716)
```
  6d4655c2
- Harmonize objects.pl output with new format. · 9eca2cbc
  Andy Polyakov authored Feb 07, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 7ce38623)
```
  9eca2cbc
Feb 06, 2015

Fix error handling in ssltest · d7efe7ea

Matt Caswell authored Feb 05, 2015



Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit ae632974)

d7efe7ea

Feb 05, 2015

Fixed bad formatting in crypto/des/spr.h · 49fa6b6c

Rich Salz authored Feb 05, 2015



Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 7e35f06e)

49fa6b6c

Feb 03, 2015
- Check PKCS#8 pkey field is valid before cleansing. · d64a227f
  Dr. Stephen Henson authored Feb 01, 2015
```
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 52e028b9)
```
  d64a227f
Jan 22, 2015

Fix for reformat problems with e_padlock.c · 6844c129
Matt Caswell authored Jan 22, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit d3b7cac4)
```
6844c129

Fix formatting error in pem.h · ead95e76

Matt Caswell authored Jan 22, 2015



Reviewed-by: Andy Polyakov <appro@openssl.org>

Conflicts:
	crypto/pem/pem.h

Conflicts:
	crypto/pem/pem.h

ead95e76

Re-align some comments after running the reformat script. · 02f0c26c

Matt Caswell authored Jan 05, 2015


This should be a one off operation (subsequent invokation of the
script should not move them)

This commit is for the 0.9.8 changes

Reviewed-by: Tim Hudson <tjh@openssl.org>

OpenSSL_0_9_8-post-reformat

02f0c26c

Rerun util/openssl-format-source -v -c . · 6f1f3c66
Matt Caswell authored Jan 22, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
OpenSSL_0_9_8-post-auto-reformat

6f1f3c66
Run util/openssl-format-source -v -c . · 40720ce3
Matt Caswell authored Jan 22, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
40720ce3
More comment changes required for indent · 9d03aabe
Matt Caswell authored Jan 22, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
OpenSSL_0_9_8-pre-auto-reformat

9d03aabe
Yet more changes to comments · 117e79dd
Matt Caswell authored Jan 22, 2015
```
Conflicts:
	ssl/t1_enc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
117e79dd
More tweaks for comments due indent issues · bc912216
Matt Caswell authored Jan 21, 2015
```
Conflicts:
	ssl/ssl_ciph.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
bc912216
Backport hw_ibmca.c from master due to failed merge · b9006da5
Matt Caswell authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
b9006da5
Tweaks for comments due to indent's inability to handle them · d26667b2
Matt Caswell authored Jan 21, 2015
```
Conflicts:
	ssl/s3_srvr.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
d26667b2

Move more comments that confuse indent · 13270477

Matt Caswell authored Jan 21, 2015



Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Conflicts:
	crypto/bn/rsaz_exp.c
	crypto/evp/e_aes_cbc_hmac_sha1.c
	crypto/evp/e_aes_cbc_hmac_sha256.c
	ssl/ssl_locl.h

Conflicts:
	crypto/ec/ec2_oct.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ecp_nistputil.c
	crypto/ec/ecp_oct.c
	crypto/modes/gcm128.c
	ssl/ssl_locl.h

Conflicts:
	apps/apps.c
	crypto/crypto.h
	crypto/rand/md_rand.c
	ssl/d1_pkt.c
	ssl/ssl.h
	ssl/ssl_locl.h
	ssl/ssltest.c
	ssl/t1_enc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>

13270477

Delete trailing whitespace from output. · 3600d5a7
Dr. Stephen Henson authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
3600d5a7
Add -d debug option to save preprocessed files. · 2b2f5ac0
Dr. Stephen Henson authored Jan 20, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
2b2f5ac0

Test option -nc · 7d3081c5

Dr. Stephen Henson authored Jan 20, 2015



Add option -nc which sets COMMENTS=true but disables all indent comment
reformatting options.

Reviewed-by: Tim Hudson <tjh@openssl.org>

7d3081c5

Add ecp_nistz256.c to list of files skipped by openssl-format-source · 9a5d7753
Matt Caswell authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
9a5d7753

Manually reformat aes_x86core.c and add it to the list of files skipped by · e29126f9

Matt Caswell authored Jan 21, 2015


openssl-format-source

Conflicts:
	crypto/aes/aes_x86core.c

Conflicts:
	crypto/aes/aes_x86core.c

Reviewed-by: Tim Hudson <tjh@openssl.org>

e29126f9

Fix indent comment corruption issue · 175af9de
Matt Caswell authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
175af9de
Amend openssl-format-source so that it give more repeatable output · 53d6e678
Matt Caswell authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
53d6e678
bn/bn_const.c: make it indent-friendly. · 4191a11f
Andy Polyakov authored Jan 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
4191a11f
bn/asm/x86_64-gcc.cL make it indent-friendly. · f6e4701f
Andy Polyakov authored Jan 21, 2015
```
Conflicts:
	crypto/bn/asm/x86_64-gcc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
f6e4701f
bn/bn_asm.c: make it indent-friendly. · 86183798
Andy Polyakov authored Jan 21, 2015
```
Conflicts:
	crypto/bn/bn_asm.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
86183798
bn/bn_exp.c: make it indent-friendly. · b5279593
Andy Polyakov authored Jan 21, 2015
```
Conflicts:
	crypto/bn/bn_exp.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
b5279593

Manually reformat aes_core.c · 25ca15e9

Matt Caswell authored Jan 21, 2015


Add aes_core.c to the list of files not processed by openssl-format-source

Conflicts:
	crypto/aes/aes_core.c

Conflicts:
	crypto/aes/aes_core.c

Conflicts:
	crypto/aes/aes_core.c

Reviewed-by: Tim Hudson <tjh@openssl.org>

25ca15e9

Add obj_dat.h to the list of files that will not be processed by · d1d4b4f3
Matt Caswell authored Jan 21, 2015
```
openssl-format-source

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
d1d4b4f3

Fix strange formatting by indent · 2a3e745a

Matt Caswell authored Jan 21, 2015



Conflicts:
	crypto/hmac/hmac.h

Conflicts:
	crypto/evp/e_aes_cbc_hmac_sha256.c

Conflicts:
	crypto/ec/ecp_nistp224.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ectest.c

Conflicts:
	crypto/asn1/asn1_par.c
	crypto/evp/e_des3.c
	crypto/hmac/hmac.h
	crypto/sparcv9cap.c
	engines/ccgost/gost94_keyx.c
	ssl/t1_enc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>

2a3e745a