Commits · b4322e1de8be66ff230e26999b766ca1a42f9476 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jun 05, 2014

Fix CVE-2014-0221 · b4322e1d

Dr. Stephen Henson authored May 16, 2014

Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
(cherry picked from commit d3152655d5319ce883c8e3ac4b99f8de4c59d846)

b4322e1d

Fix CVE-2014-3470 · a5362db4

Dr. Stephen Henson authored May 29, 2014

Check session_cert is not NULL before dereferencing it.
(cherry picked from commit 8011cd56e39a433b1837465259a9bd24a38727fb)

a5362db4

Jun 04, 2014
- aesp8-ppc.pl: fix typos. · d86689e1
  Andy Polyakov authored Jun 04, 2014
  
  d86689e1
- evp/e_aes.c: add erroneously omitted break; · 53a224bb
  Andy Polyakov authored Jun 04, 2014
  
  53a224bb
Jun 03, 2014
- Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370 · 8e323164
  Libor Krystek authored Jun 03, 2014
  
  8e323164
Jun 02, 2014
- Check there is enough room for extension. · c7f26739
  David Benjamin authored Jun 02, 2014
  
  c7f26739
- Free up s->d1->buffered_app_data.q properly. · 470990fe
  zhu qun-ying authored Jun 02, 2014
```
PR#3286
```
  470990fe
- evp/e_aes.c: populate HWAES_* to remaning modes. · 030a3f95
  Andy Polyakov authored Jun 02, 2014
```
Submitted by: Ard Biesheuvel.
```
  030a3f95
- Allow reordering of certificates when signing. · 14f47acf
  Dr. Stephen Henson authored Jun 02, 2014
```
Add certificates if -nocerts and -certfile specified when signing
in smime application. This can be used this to specify the
order certificates appear in the PKCS#7 structure: some broken
applications require a certain ordering.

PR#3316
```
  14f47acf
- Typo: set i to -1 before goto. · 13b78960
  Sami Farin authored Jun 02, 2014
```
PR#3302
```
  13b78960
Jun 01, 2014
- Engage POWER8 AES support. · de51e830
  Andy Polyakov authored Jun 01, 2014
  
  de51e830
- Added SSLErr call for internal error in dtls1_buffer_record · a5510df3
  Matt Caswell authored Jun 01, 2014
  
  a5510df3
- Delays the queue insertion until after the ssl3_setup_buffers() call due to... · d1e1aeef
  David Ramos authored Jun 01, 2014
```
Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362
```
  d1e1aeef
- armv4cpuid.S: switch to CNTVCT tick counter. · 72346328
  Andy Polyakov authored Jun 01, 2014
  
  72346328
- sha[1|256]-armv4: harmonize with arm_arch.h. · 797d24be
  Andy Polyakov authored Jun 01, 2014
  
  797d24be
- Engage ARMv8 AES support. · ddacb8f2
  Andy Polyakov authored Jun 01, 2014
  
  ddacb8f2
- Recognise padding extension. · a09220d8
  Dr. Stephen Henson authored Jun 01, 2014
  
  a09220d8
- Option to disable padding extension. · 01f2f18f
  Dr. Stephen Henson authored Jun 01, 2014
```
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.

This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.

PR#3336
```
  01f2f18f
- linux-aarch64: engage SHA modules. · f8aab617
  Andy Polyakov authored Jun 01, 2014
  
  f8aab617
- Add SHA for ARMv8. · ddb6b965
  Andy Polyakov authored Jun 01, 2014
  
  ddb6b965
- Add linux-aarch64 taget. · e8d93e34
  Andy Polyakov authored Jun 01, 2014
```
armcap.c is shared between 32- and 64-bit builds and features link-time
detection of getauxval.

Submitted by: Ard Biesheuvel.
```
  e8d93e34
- Merge branch 'erbridge-probable_primes' · 992bba11
  Ben Laurie authored Jun 01, 2014
  
  992bba11
- Credit to Felix. · 5fc3a5fe
  Ben Laurie authored Jun 01, 2014
```
Closes #116.
```
  5fc3a5fe
- Tidy up, don't exceed the number of requested bits. · c93233db
  Ben Laurie authored Jun 01, 2014
  
  c93233db
- Constify and reduce coprime random bits to allow for multiplier. · 46838817
  Ben Laurie authored May 31, 2014
  
  46838817
- Zero prime doits. · 0382950c
  Ben Laurie authored May 31, 2014
  
  0382950c
- Add option to run all prime tests. · 5efa13ca
  Ben Laurie authored May 31, 2014
  
  5efa13ca
- Add a test to check we're really generating probable primes. · 8927c278
  Felix Laurie von Massenbach authored May 27, 2014
  
  8927c278
- Remove unused BIGNUMs. · 9a3a9974
  Felix Laurie von Massenbach authored May 27, 2014
  
  9a3a9974
- Only count successful generations. · a77889f5
  Felix Laurie von Massenbach authored May 27, 2014
  
  a77889f5
- Refactor the first prime index. · c74e1487
  Felix Laurie von Massenbach authored May 27, 2014
  
  c74e1487
- Try skipping over the adding and just picking a new random number. · 982c42cb
  Felix Laurie von Massenbach authored May 27, 2014
```
Generates a number coprime to 2, 3, 5, 7, 11.

Speed:
Trial div (add) : trial div (retry) : coprime
1 : 0.42 : 0.84
```
  982c42cb
- Remove editor barf on updating copyright. · 7e965dcc
  Felix Laurie von Massenbach authored May 27, 2014
  
  7e965dcc
- Add python script to generate the bits needed for the prime generator. · 8a120852
  Felix Laurie von Massenbach authored May 27, 2014
  
  8a120852
- Generate safe primes not divisible by 3, 5 or 7. · c09ec5d2
  Felix Laurie von Massenbach authored May 27, 2014
```
~2% speed improvement on trial division.
```
  c09ec5d2
- Add a method to generate a prime that is guaranteed not to be divisible by 3 or 5. · b0513819
  Felix Laurie von Massenbach authored May 27, 2014
```
Possibly some reduction in bias, but no speed gains.
```
  b0513819
- Run the prime speed tests for 10 seconds. · b359642f
  Felix Laurie von Massenbach authored May 27, 2014
  
  b359642f
- Tidy up speed.c a little. · 8c9336ce
  Felix Laurie von Massenbach authored May 26, 2014
  
  8c9336ce
- Add speed test for prime trial division. · b5419b81
  Felix Laurie von Massenbach authored May 26, 2014
  
  b5419b81
- Remove static from probable_prime_dh. · e46a059e
  Felix Laurie von Massenbach authored May 26, 2014
  
  e46a059e