Commits · 53e95716f5c11a8a9cbdcbbb3be0e8e538b5a2ea · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Dec 18, 2014

Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED · 53e95716
Matt Caswell authored Dec 17, 2014
```
Introduce use of DECLARE_DEPRECATED

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
53e95716
Remove redundant OPENSSL_NO_DEPRECATED suppression · 5bafb04d
Matt Caswell authored Dec 17, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
5bafb04d

Turn on OPENSSL_NO_DEPRECATED by default. · 07c4c14c

Matt Caswell authored Dec 17, 2014


Also introduce OPENSSL_USE_DEPRECATED. If OPENSSL_NO_DEPRECATED is
defined at config stage then OPENSSL_USE_DEPRECATED has no effect -
deprecated functions are not available.
If OPENSSL_NO_DEPRECATED is not defined at config stage then
applications must define OPENSSL_USE_DEPRECATED in order to access
deprecated functions.
Also introduce compiler warnings for gcc for applications using
deprecated functions

Reviewed-by: Rich Salz <rsalz@openssl.org>

07c4c14c

RT3548: Remove some obsolete platforms · 59ff1ce0

Rich Salz authored Dec 18, 2014



This commit removes Sony NEWS4

Reviewed-by: Richard Levitte <levitte@openssl.org>

59ff1ce0

Return error when a bit string indicates an invalid amount of bits left · 5a1e8c67
Kurt Roeckx authored Dec 15, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
5a1e8c67
Fix yet anoither 'make clean' breakage. · 040b60f6
Rich Salz authored Dec 18, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
040b60f6

Dec 17, 2014

RT3548: Remove some obsolete platforms · b317819b
Rich Salz authored Dec 17, 2014
```
This commit removes BEOS.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
b317819b
RT3544: Restore MWERKS for NetWare · 179f6b2f
Rich Salz authored Dec 17, 2014
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
179f6b2f

Reject invalid constructed encodings. · 89f40f36

Dr. Stephen Henson authored Dec 16, 2014



According to X6.90 null, object identifier, boolean, integer and enumerated
types can only have primitive encodings: return an error if any of
these are received with a constructed encoding.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

89f40f36

Add a comment noting the padding oracle. · 03af8430
Emilia Kasper authored Dec 17, 2014
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
03af8430

Revert "RT3425: constant-time evp_enc" · 4ad2d3ac

Emilia Kasper authored Dec 17, 2014

Causes more problems than it fixes: even though error codes
are not part of the stable API, several users rely on the
specific error code, and the change breaks them. Conversely,
we don't have any concrete use-cases for constant-time behaviour here.

This reverts commit 4aac102f

.

Reviewed-by: Andy Polyakov <appro@openssl.org>

4ad2d3ac

Build fixes · b597aab8

Emilia Kasper authored Dec 15, 2014



Various build fixes, mostly uncovered by clang's unused-const-variable
and unused-function errors.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 0e1c318e)

b597aab8

Premaster secret handling fixes · 4aecfd4d

Adam Langley authored Dec 16, 2014



From BoringSSL
- Send an alert when the client key exchange isn't correctly formatted.
- Reject overly short RSA ciphertexts to avoid a (benign) out-of-bounds memory access.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

4aecfd4d

Clear warnings/errors within RL_DEBUG code sections (RL_DEBUG should be renamed) · 57dc72e0
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
57dc72e0
Clear warnings/errors within TLS_DEBUG code sections · 6dec5e1c
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
6dec5e1c
Clear warnings/errors within KSSL_DEBUG code sections · 3ddb2914
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
3ddb2914
Clear warnings/errors within CIPHER_DEBUG code sections · a501f647
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
a501f647
Clear warnings/errors within CIPHER_DEBUG code sections · 72b5d03b
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
72b5d03b
Clear warnings/errors within BN_CTX_DEBUG code sections · a9389163
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
a9389163

Check for invalid divisors in BN_div. · a015758d

Emilia Kasper authored Dec 15, 2014



Invalid zero-padding in the divisor could cause a division by 0.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit a43bcd9e96c5180e5c6c82164ece643c0097485e)

a015758d

Dec 16, 2014

The dtls1_output_cert_chain function no longer exists so remove it from · 789da2c7
Matt Caswell authored Dec 03, 2014
```
ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
789da2c7

Don't set client_version to the ServerHello version. · ec1af3c4

Adam Langley authored Dec 13, 2014



The client_version needs to be preserved for the RSA key exchange.

This change also means that renegotiation will, like TLS, repeat the old
client_version rather than advertise only the final version. (Either way,
version change on renego is not allowed.) This is necessary in TLS to work
around an SChannel bug, but it's not strictly necessary in DTLS.

(From BoringSSL)

Reviewed-by: Emilia Käsper <emilia@openssl.org>

ec1af3c4

Add more meaningful OPENSSL_NO_ECDH error message for suite b mode · db812f2d
Matt Caswell authored Dec 16, 2014
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
db812f2d

Rename gost2814789t.c to gost2814789test.c. The old name caused problems · ad500fdc

Matt Caswell authored Nov 19, 2014

for dummytest if gost is compiled out, since the name of the test is not
standard (dummytest segfaults). Also the old name caused problems for git
because the executable was not in the .gitignore file

Reviewed-by: Emilia Käsper <emilia@openssl.org>

ad500fdc

Add missing OPENSSL_NO_EC guards · fd86c2b1
Matt Caswell authored Nov 18, 2014
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
fd86c2b1
Add OPENSSL_NO_ECDH guards · af6e2d51
Matt Caswell authored Nov 18, 2014
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
af6e2d51
Remove extraneous white space, and add some braces · 55e53026
Matt Caswell authored Dec 15, 2014
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
55e53026

Dec 15, 2014

DTLS fixes for signed/unsigned issues · 1904d211
Matt Caswell authored Dec 12, 2014
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
1904d211

RT3497: The ticket that keeps on giving. · 129c81b9

Rich Salz authored Dec 15, 2014



Don't remove c_rehash that wasn't created by make; this script
is created by configure.

This fix brought to you by the letter "f" and
Reviewed-by: Emilia Kasper <emilia@openssl.org>

129c81b9

Allow using -SSLv2 again when setting Protocol in the config. · 995207be
Kurt Roeckx authored Dec 10, 2014
```
RT#3625

Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
995207be

RT3497: Fix; don't remove header files · 56999ba5

Rich Salz authored Dec 15, 2014



Doing 'config ; make clean' broke because clean removed
header files that normal build didn't create.  So don't
remove those files.  Hopefully will be better addressed by
Geoff's no-symlinks patch.

Reviewed-by: Matt Caswell <matt@openssl.org>

56999ba5

Fix unused variable warning · 9669d2e1

Emilia Kasper authored Dec 12, 2014



The temporary variable causes unused variable warnings in opt mode with clang,
because the subsequent assert is compiled out.

Reviewed-by: Rich Salz <rsalz@openssl.org>

9669d2e1

Dec 13, 2014

Fixed memory leak if BUF_MEM_grow fails · 24097938

Matt Caswell authored Dec 12, 2014



Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>

24097938

Dec 12, 2014
- RT1688: Add dependencies for parallel make · c3f22253
  Rich Salz authored Dec 12, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
  c3f22253
Dec 11, 2014

make update · fd0ba777
Matt Caswell authored Dec 11, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
fd0ba777

Minor doc fixes. · e03af178

Rich Salz authored Dec 11, 2014



In EVP_EncryptInit remove duplicate mention of EVP_idea_cbc()
In EVP_PKEY_CTX_ctrl.pod remove EVP_PKEY_get_default_digest_nid
since it is documented elsewhere.

Reviewed-by: Richard Levitte <levitte@openssl.org>

e03af178

RT3497: Clean up "dclean" targets · 5ab65c50

Rich Salz authored Dec 11, 2014



Some Makefiles had actions for "dclean" that really belonged
to the "clean" target.  This is wrong because clean ends up,
well, not really cleaning everything.

Reviewed-by: Richard Levitte <levitte@openssl.org>

5ab65c50

Dec 10, 2014

RT3543: Remove #ifdef LINT · 5cf37957

Rich Salz authored Sep 23, 2014



I also replaced some exit/return wrappers in various
programs (from main) to standardize on return.

Reviewed-by: Richard Levitte <levitte@openssl.org>

5cf37957

Remove old private pod2man · a4a93411

Rich Salz authored Dec 10, 2014



Include Richard's point to remove the 'sh -c' wrapper

Reviewed-by: Richard Levitte <levitte@openssl.org>

a4a93411

capi_ctrl, capi_vtrace: check for NULL after allocating and free it · 5b17b79a
Kurt Roeckx authored Dec 09, 2013
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
5b17b79a