Commits · 5cd1a6fc3eae07ee6a8a627c5c31f5b38bc3a35c · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

May 20, 2014
- Fix signed/unsigned warning. · 5cd1a6fc
  Ben Laurie authored May 20, 2014
  
  5cd1a6fc
- Don't allocate more than is needed in BUF_strndup(). · 4ceb430a
  Ben Laurie authored May 20, 2014
  
  4ceb430a
- For portability use BUF_strndup instead of strndup. · 81ce94f8
  Dr. Stephen Henson authored May 20, 2014
```
(cherry picked from commit dcca7b13)
```
  81ce94f8
- Adding padding extension to trace code. · feaa3b38
  Dr. Stephen Henson authored May 20, 2014
```
(cherry picked from commit 6db14dbc)
```
  feaa3b38
May 19, 2014
- Fix a wrong parameter count ERR_add_error_data · 5d8e9f2a
  Janpopan authored May 04, 2014
  
  5d8e9f2a
- Merge branch 'mbland-heartbeat-test-1.0.2' into OpenSSL_1_0_2-stable · 6c1d36a6
  Ben Laurie authored May 19, 2014
  
  6c1d36a6
May 18, 2014

Unit/regression test for TLS heartbeats. · 2312a84c

Mike Bland authored Apr 16, 2014

Regression test against CVE-2014-0160 (Heartbleed).

More info: http://mike-bland.com/tags/heartbleed.html

(based on commit 35cb55988b75573105eefd00d27d0138eebe40b1)

2312a84c

May 15, 2014

Moved note about lack of support for AEAD modes out of BUGS section to... · a99d2a22

Matt Caswell authored May 15, 2014

Moved note about lack of support for AEAD modes out of BUGS section to SUPPORTED CIPHERS section (bug has been fixed, but still no support for AEAD)

a99d2a22

Enc doesn't support AEAD ciphers. · 2fa65aa7
Dr. Stephen Henson authored May 15, 2014
```
(cherry picked from commit 09184dddead165901700b31eb39d540ba30f93c5)
```
2fa65aa7

May 14, 2014
- Fix grammar error in verify pod. PR#3355 · 4907cf08
  Jeffrey Walton authored May 14, 2014
  
  4907cf08
- Add information to BUGS section of enc documentation. PR#3354 · 28b4820f
  Jeffrey Walton authored May 14, 2014
  
  28b4820f
- Corrected POD syntax errors. PR#3353 · 72967d5b
  Michal Bozon authored May 14, 2014
  
  72967d5b
May 12, 2014
- Have the .pc files depend on each other rather than duplicating the · 4aebb2c8
  Mike Frysinger authored May 12, 2014
```
various link settings. PR#3332
```
  4aebb2c8
- Check sk_SSL_CIPHER_num() after assigning sk. · 1f5bce2d
  Kurt Roeckx authored May 12, 2014
  
  1f5bce2d
- Correct the return type on the signature for X509_STORE_CTX_get_ex_data given in the pod file. · b953b028
  Jean-Paul Calderone authored Apr 02, 2014
  
  b953b028
- Replace manual ASN1 decoder with ASN1_get_object · d6e55b40
  Serguei E. Leontiev authored May 11, 2014
```
Replace manual ASN.1 decoder with ASN1_get object. This
will decode the tag and length properly and check against
it does not exceed the supplied buffer length.

PR#3335
(cherry picked from commit b0308dddd1cc6a8e1de803ef29ba6da25ee072c2)
```
  d6e55b40
May 11, 2014
- Fixed NULL pointer dereference. See PR#3321 · f710c3f1
  Matt Caswell authored May 12, 2014
  
  f710c3f1
- Set authkey to NULL and check malloc return value. · 99a3d167
  Kurt Roeckx authored May 01, 2014
  
  99a3d167
- dgram_sctp_ctrl: authkey memory leak · c6226495
  Martin Brejcha authored May 01, 2014
```
PR: 3327
```
  c6226495
- Avoid out-of-bounds write in SSL_get_shared_ciphers · 8571902e
  Günther Noack authored May 01, 2014
```
PR: 3317
```
  8571902e
- Fix infinite loop. PR#3347 · 711bb9bc
  Viktor Dukhovni authored May 11, 2014
  
  711bb9bc
- Move length check earlier to ensure we don't go beyond the end of the user's buffer. PR#3320 · f2ebe2a6
  Matt Caswell authored May 11, 2014
  
  f2ebe2a6
- safety check to ensure we dont send out beyond the users buffer · 011ee911
  Tim Hudson authored Apr 27, 2014
  
  011ee911
May 09, 2014

Return an error if no recipient type matches. · 2c414463

Dr. Stephen Henson authored May 08, 2014

If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.

PR#3348
(cherry picked from commit bd43b4cf778a53ffa5d77510ecd408a009dc00d2)

2c414463

May 08, 2014
- coverity 966576 - close socket in error path · 2fc04cb8
  Tim Hudson authored May 05, 2014
  
  2fc04cb8
- PR#3342 fix resource leak coverity issue 966577 · 62cc5ff6
  Tim Hudson authored May 05, 2014
  
  62cc5ff6
May 07, 2014
- fix coverity issue 966597 - error line is not always initialised · afe343c3
  Tim Hudson authored May 05, 2014
  
  afe343c3
- Fixed NULL pointer dereference in PKCS7_dataDecode reported by David Ramos in PR#3339 · e0d21390
  Matt Caswell authored May 07, 2014
  
  e0d21390
May 06, 2014

dso: eliminate VMS code on non-VMS systems · d60f0193

Geoff Thorpe authored Apr 27, 2014



Even though the meat of dso_vms.c is compiled out on non-VMS builds,
the (pre-)compiler still traverses some of the macro handling. This
trips up at least one non-VMS build configuration, so this commit
makes the skip-VMS case more robust.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>

d60f0193

evp: prevent underflow in base64 decoding · 65402586

Geoff Thorpe authored May 04, 2014



This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>

65402586

bignum: allow concurrent BN_MONT_CTX_set_locked() · bf434468

Geoff Thorpe authored May 04, 2014

The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
noted by Daniel Sands and co at Sandia. This was to handle the case that
2 or more threads race to lazy-init the same context, but stunted all
scalability in the case where 2 or more threads are doing unrelated
things! We favour the latter case by punishing the former. The init work
gets done by each thread that finds the context to be uninitialised, and
we then lock the "set" logic after that work is done - the winning
thread's work gets used, the losing threads throw away what they've done.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>

bf434468

Initialize num properly. · 7169e56d
Dr. Stephen Henson authored May 06, 2014
```
PR#3289
PR#3345
(cherry picked from commit 3ba1e406)
```
7169e56d
Set Enveloped data version to 2 if ktri version not zero. · 1047b8c8
Dr. Stephen Henson authored May 05, 2014
```
(cherry picked from commit 546b1b43)
```
1047b8c8

May 05, 2014
- - fix coverity issues 966593-966596 · 9740a036
  Tim Hudson authored May 05, 2014
  
  9740a036
May 03, 2014
- Double free in i2o_ECPublicKey · e34af3ec
  David Ramos authored May 03, 2014
```
PR: 3338
```
  e34af3ec
May 01, 2014
- typo in SSL_get_peer_cert_chain docs · d576146e
  Jeff Trawick authored Apr 13, 2014
```
RT: 3304
```
  d576146e
Apr 30, 2014

Fixed spelling error in error message. Fix supplied by Marcos Marado · 7441e7db
Matt Caswell authored May 01, 2014

7441e7db
Fixed various pod errors · 1d3f432b
Matt Caswell authored May 01, 2014

1d3f432b

POD: Fix item numbering · 15a4add7

Lubomir Rintel authored Oct 21, 2013

Newer pod2man considers =item [1-9] part of a numbered list, while =item
0 starts an unnumbered list. Add a zero effect formatting mark to override
this.

doc/apps/smime.pod around line 315: Expected text after =item, not a
number
...

PR#3146

15a4add7

bignum: fix boundary condition in montgomery logic · 3cc546a3

Geoff Thorpe authored Apr 30, 2014



It's not clear whether this inconsistency could lead to an actual
computation error, but it involved a BIGNUM being passed around the
montgomery logic in an inconsistent state. This was found using flags
-DBN_DEBUG -DBN_DEBUG_RAND, and working backwards from this assertion
in 'ectest';

ectest: bn_mul.c:960: BN_mul: Assertion `(_bnum2->top == 0) ||
(_bnum2->d[_bnum2->top - 1] != 0)' failed

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit a5292618)

3cc546a3