Commits · 8d054a5530defa35ad9a337c23968f8bdef9a6c7 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jun 02, 2016
- Add a warning about using enable-crypto-mdebug-backtrace · 8d054a55
  Richard Levitte authored Jun 02, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  8d054a55
- Testing symbol presence: also take note of small objects · a182e546
  Richard Levitte authored Jun 02, 2016
```
The S symbol class wasn't checked.

Notified by Sebastian Andrzej Siewior

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  a182e546
Jun 01, 2016

Rich Salz authored Jun 01, 2016



checkpoint before release.

Reviewed-by: Richard Levitte <levitte@openssl.org>

ade82832

Don't leak memory on set_reasons() error path · 723412d4

Matt Caswell authored Apr 28, 2016



The set_reasons() function in v3_crld.c leaks a STACK_OF(CONF_VALUE)
object on an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>

723412d4

Don't leak memory on int X509_PURPOSE_add() error path · 137e5555

Matt Caswell authored Apr 28, 2016



The int X509_PURPOSE_add() function was leaking an X509_PURPOSE object
on error.

Reviewed-by: Richard Levitte <levitte@openssl.org>

137e5555

Don't leak memory on X509_TRUST_add() error path · 42328100

Matt Caswell authored Apr 28, 2016



The X509_TRUST_add() function was leaking an X509_TRUST object on error.

Reviewed-by: Richard Levitte <levitte@openssl.org>

42328100

Don't leak memory on ASN1_item_pack() error path · 69e2bd32

Matt Caswell authored Apr 27, 2016



The ASN1_item_pack() function was leaking an ASN1_STRING object on error
paths.

Reviewed-by: Richard Levitte <levitte@openssl.org>

69e2bd32

Don't leak memory on ASN1_GENERALIZEDTIME_adj() error path · fe71bb3a

Matt Caswell authored Apr 27, 2016



The ASN1_GENERALIZEDTIME_adj() function leaks an ASN1_GENERALIZEDTIME
object on an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>

fe71bb3a

Don't leak memory in v2i_POLICY_MAPPINGS() on error path · 379a8ed1

Matt Caswell authored Apr 27, 2016



The v2i_POLICY_MAPPINGS() function leaked ASN1_OBJECT pointers on error
paths.

Reviewed-by: Richard Levitte <levitte@openssl.org>

379a8ed1

Don't leak memory from notice_section function on error path · 6eb311ee

Matt Caswell authored Apr 27, 2016



The notice_section() function allocates a STACK_OF(CONF_VALUE) but
then fails to free it on an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>

6eb311ee

Don't leak memory in v2i_AUTHORITY_KEYID · 97323d57

Matt Caswell authored Apr 27, 2016



The v2i_AUTHORITY_KEYID() function can leak memory under an error
condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>

97323d57

Fix memory leak in crl2pkcs7 app · 1c422164

Matt Caswell authored Apr 27, 2016



The crl2pkcs7 app leaks a stack of OPENSSL_STRINGs in error paths.

Reviewed-by: Richard Levitte <levitte@openssl.org>

1c422164

Free a temporary buffer used by dsaparam application · a855d1a1

Matt Caswell authored Apr 27, 2016



The dsaparam application allocates a temporary buffer but then doesn't
free it.

Reviewed-by: Richard Levitte <levitte@openssl.org>

a855d1a1

Free buffer on error in a2i_ASN1_INTEGER() · b0cb22b0

Matt Caswell authored Apr 27, 2016



The function a2i_ASN1_INTEGER() allocates a buffer |s| but then fails
to free it on error paths.

Reviewed-by: Richard Levitte <levitte@openssl.org>

b0cb22b0

Free memory on error in cms app · 6e4ab54b

Matt Caswell authored Apr 27, 2016



The make_receipt_request() function in the cms app can leak memory on
an error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>

6e4ab54b

Free tempory data on error in ec_wNAF_mul() · 0e9eb1a5

Matt Caswell authored Apr 27, 2016



The ec_wNAF_mul() function allocates some temporary storage that it
doesn't always free on an error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>

0e9eb1a5

Fix nits in crypto.pod,ssl.pod · ff3bb913

Rich Salz authored May 31, 2016



After this merge, the only things left (from doc-nit-check) is
74 pages without a "RETURN VALUES" section.

Reviewed-by: Richard Levitte <levitte@openssl.org>

ff3bb913

Fix various doc nits. · 0634424f
Rich Salz authored May 25, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
0634424f
Remove/rename some old files. · b8a9af68
Rich Salz authored May 20, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
b8a9af68

Add final(?) set of copyrights. · 44c8a5e2

Rich Salz authored Jun 01, 2016



Add copyright to missing assembler files.
Add copyrights to missing test/* files.
Add copyrights
Various source and misc files.

Reviewed-by: Richard Levitte <levitte@openssl.org>

44c8a5e2

Fix some RAND bugs · 0f91e1df

Rich Salz authored May 29, 2016



RT2630 -- segfault for int overlow
RT2877 -- check return values in apps/rand
Update CHANGES file for previous "windows rand" changes.

Reviewed-by: Richard Levitte <levitte@openssl.org>

0f91e1df

Ensure an ASN1_OBJECT is freed in error paths · f83b85fb
Matt Caswell authored Apr 26, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
f83b85fb
Free allocated password strings on exit · 7b0ee135
Matt Caswell authored Apr 26, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
7b0ee135
Free a BIO_ADDR if DTLSv1_listen return <=0 · a3768e0c
Matt Caswell authored Apr 26, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
a3768e0c
Ensure BIGNUM is freed in an error path · 5bf7c772
Matt Caswell authored Apr 26, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
5bf7c772
Free an X509_CRL in an error path · fe2b7dfd
Matt Caswell authored Apr 26, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
fe2b7dfd

Don't leak X509_OBJECT in an error path · 0461b7ea

Matt Caswell authored Apr 26, 2016



Swap the ordering of some code to avoid a leak in an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>

0461b7ea

RT4337: Crash in DES · 6493e480

Rich Salz authored May 31, 2016



Salt must be two ASCII characters.  Add tests to check for that,
and a test to test the checks.

Reviewed-by: Matt Caswell <matt@openssl.org>

6493e480

Fix printing of DH Parameters · 1d54ef34

Matt Caswell authored May 27, 2016



The -text argument to dhparam is broken, because the DHparams_print()
function always returns an error. The problem is that always expects a
public or private key to be present, even though that is never the case
with parameters.

Reviewed-by: Richard Levitte <levitte@openssl.org>

1d54ef34

Add dhparam sanity check and update DH_check documentation · eeb21772

Matt Caswell authored May 27, 2016



The -check argument to dhparam should never identify any problems if we
have just generated the parameters. Add a sanity check for this and print
an error and fail if necessary.

Also updates the documentation for the -check argument, and the DH_check()
function.

RT#4244

Reviewed-by: Richard Levitte <levitte@openssl.org>

eeb21772

Raise an Err when CRYPTO_THREAD_lock_new fails · b2b361f6

FdaSilvaYY authored Apr 30, 2016



Add missing error raise call, as it is done everywhere else.
and as CRYPTO_THREAD_lock_new don't do it internally.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

b2b361f6

req command incorrectly displays the bits for an EC key · 57358a83

Matt Caswell authored Jun 01, 2016



When the "req" command is used to generate a new EC key using the -newkey
option it will incorrectly display:

 Generating a 2048 bit EC private key

This commit fixes the message to not display the bit length for EC keys
because we don't currently support getting that during generation.

GitHub Issue #1068

Reviewed-by: Richard Levitte <levitte@openssl.org>

57358a83

OpenBSD doesn't have ucontext.h so don't try and include it · e51329d3

Matt Caswell authored May 11, 2016



On OpenBSD we turn off async capabilities due to no ucontext.h.

RT#4379

Reviewed-by: Richard Levitte <levitte@openssl.org>

e51329d3

May 31, 2016

make update · befe31cd
Matt Caswell authored May 31, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
befe31cd

Updates from review · af9895cb

Mat authored May 10, 2016


Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

af9895cb

Fix: PEM_read_bio_PrivateKey with no-ui / no-stdio · b01e1644

Mat authored May 09, 2016

If openssl is compiled with no-ui or no-stdio, then PEM_read_bio_PrivateKey fails if a password but no callback is provided.

The reason is that the premature return in the PEM_def_callback implementation when OPENSSL_NO_STDIO or OPENSSL_NO_UI is defined, comes too early.

This patch moves the ifdef block to the correct place.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

b01e1644

Remove null check, per review feedback. Note this in the docs. · 80c630f6

TJ Saunders authored May 31, 2016



Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1135)

80c630f6

Add requested HISTORY section, remove copy/pastos, per review feedback. · 73271290

TJ Saunders authored May 27, 2016



Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1135)

73271290

Add an SSL_SESSION accessor for obtaining the protocol version number, with · bd01f649

TJ Saunders authored May 26, 2016


accompanying documentation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1135)

bd01f649

RT4539: Add section for renamed ciphers. · 6d1e7709
Rich Salz authored May 31, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
6d1e7709