Commits · c882abd52269a59ed8e0510e5febf667428ece85 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

20 Oct, 2014 1 commit
- no-ssl2 with no-ssl3 does not mean drop the ssl lib · c882abd5
  Tim Hudson authored Oct 20, 2014
```
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
```
  c882abd5
17 Oct, 2014 1 commit
- RT3547: Add missing static qualifier · 87d388c9
  Kurt Cancemi authored Sep 28, 2014
```
Reviewed-by: Ben Laurie <ben@openssl.org>
```
  87d388c9
15 Oct, 2014 12 commits

Add constant_time_locl.h to HEADERS, · c6e9b39c

Tim Hudson authored Sep 25, 2014


so the Win32 compile picks it up correctly.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Conflicts:
	crypto/Makefile

c6e9b39c

Include "constant_time_locl.h" rather than "../constant_time_locl.h". · 7f09a877

Richard Levitte authored Sep 24, 2014


The different -I compiler parameters will take care of the rest...

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	crypto/evp/evp_enc.c
	crypto/rsa/rsa_oaep.c
	crypto/rsa/rsa_pk1.c

7f09a877

Updates to NEWS file · ed13270d
Matt Caswell authored Oct 15, 2014
```
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
```
ed13270d
Updates CHANGES file · 53afbe12
Matt Caswell authored Oct 15, 2014
```
Reviewed-by: Bodo Möller <bodo@openssl.org>
```
53afbe12

Fix no-ssl3 configuration option · 62f45cc2

Geoff Thorpe authored Oct 15, 2014



CVE-2014-3568

Reviewed-by: Emilia Kasper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

62f45cc2

Fix for session tickets memory leak. · 74827055

Dr. Stephen Henson authored Oct 15, 2014



CVE-2014-3567

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

74827055

Fix SRTP compile issues for windows · 3dd814ac

Matt Caswell authored Oct 15, 2014



Related to CVE-2014-3513

This fix was developed by the OpenSSL Team

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	util/mkdef.pl
	util/ssleay.num

3dd814ac

Fix for SRTP Memory Leak · e659eff2

Matt Caswell authored Oct 15, 2014



CVE-2014-3513

This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.

Reviewed-by: Tim Hudson <tjh@openssl.org>

e659eff2

Fix SSL_R naming inconsistency. · 0b382a8e
Bodo Moeller authored Oct 15, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
0b382a8e
aesni-x86_64.pl: make ECB subroutine Windows ABI compliant. · 69d5747f
Andy Polyakov authored Oct 15, 2014
```
RT: 3553
Reviewed-by: Emilia Kasper <emilia@openssl.org>
```
69d5747f
Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv · fb0e87fb
Bodo Moeller authored Oct 15, 2014
```
handling out of #ifndef OPENSSL_NO_DTLS1 section.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
fb0e87fb
Support TLS_FALLBACK_SCSV. · cf6da053
Bodo Moeller authored Oct 15, 2014
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
cf6da053

11 Oct, 2014 1 commit
- Remove reference to deleted md4.c · ffa08b32
  Dr. Stephen Henson authored Oct 11, 2014
```
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
```
  ffa08b32
10 Oct, 2014 1 commit
- Disable encrypt them mac for SSL 3.0 and stream ciphers (RC4 only). · f3014206
  Dr. Stephen Henson authored Sep 30, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  f3014206
06 Oct, 2014 2 commits

Removed duplicate definition of PKCS7_type_is_encrypted · e0fdea3e

Matt Caswell authored Oct 03, 2014



Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also
remove duplicate definition of PKCS7_type_is_digest.

PR#3551

Reviewed-by: Rich Salz <rsalz@openssl.org>

e0fdea3e

Fix single makefile. · 71614df4
Ben Laurie authored Oct 04, 2014
```
Reviewed-by: Geoffrey Thorpe <geoff@geoffthorpe.net>
```
71614df4

03 Oct, 2014 1 commit

RT3462: Document actions when data==NULL · 5aed1693

Rich Salz authored Sep 08, 2014



If data is NULL, return the size needed to hold the
derived key.  No other API to do this, so document
the behavior.

Reviewed-by: Richard Levitte <levitte@openssl.org>

5aed1693

02 Oct, 2014 1 commit
- DTLS 1.2 support has been added to 1.0.2. · 429a25b9
  Bodo Moeller authored Oct 02, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  429a25b9
01 Oct, 2014 2 commits
- crypto/cast/asm/cast-586.pl: +5% on PIII and remove obsolete readme. · ae4af7a0
  Andy Polyakov authored Oct 01, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  ae4af7a0
- RT3549: Remove obsolete files in crypto · df8c39d5
  Rich Salz authored Sep 30, 2014
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  df8c39d5
30 Sep, 2014 5 commits
- RT2910: Remove des.c and its Makefile target · d5f34443
  Rich Salz authored Sep 30, 2014
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  d5f34443
- RT2309: Fix podpage MMNNFFPPS->MNNFFPPS · 9208640a
  Rich Salz authored Sep 30, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  9208640a
- Parse custom extensions after internal extensions. · 4b6dee2b
  Dr. Stephen Henson authored Sep 29, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  4b6dee2b
- e_os.h: refine inline override logic (to address warnings in debug build). · 55c7a4cf
  Andy Polyakov authored Sep 30, 2014
```
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
```
  55c7a4cf
- crypto/bn/bn_nist.c: bring original failing code back for reference. · 323154be
  Andy Polyakov authored Sep 30, 2014
```
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
```
  323154be
29 Sep, 2014 2 commits

Add additional explanation to CHANGES entry. · 7c477625
Dr. Stephen Henson authored Sep 29, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
7c477625

Add additional DigestInfo checks. · 1cfd255c

Dr. Stephen Henson authored Sep 25, 2014



Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.

Note: this is a precautionary measure, there is no known attack
which can exploit this.

Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>

1cfd255c

25 Sep, 2014 3 commits

Remove #ifdef's for IRIX_CC_BUG · 3d81ec5b
Rich Salz authored Sep 25, 2014
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
3d81ec5b

RT3544: Must update TABLE after Configure change · 008bef52

Rich Salz authored Sep 25, 2014



Also add comment to Configure reminding people to do that.

Reviewed-by: Andy Polyakov <appro@openssl.org>

008bef52

Add missing tests · fdc35a9d

Emilia Kasper authored Sep 25, 2014

Accidentally omitted from commit 455b65df



Reviewed-by: Kurt Roeckx <kurt@openssl.org>

fdc35a9d

24 Sep, 2014 7 commits

Use correct function name: CMS_add1_signer() · 5886354d
Dr. Stephen Henson authored Sep 20, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
5886354d
crypto/bn/bn_nist.c: work around MSC ARM compiler bug. · 8b07c005
Andy Polyakov authored Sep 25, 2014
```
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
```
8b07c005
e_os.h: allow inline functions to be compiled by legacy compilers. · 40155f40
Andy Polyakov authored Sep 25, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
40155f40

RT3544: Remove MWERKS support · 92c78463

Rich Salz authored Sep 24, 2014



The following #ifdef tests were all removed:
	__MWERKS__
	MAC_OS_pre_X
	MAC_OS_GUSI_SOURCE
	MAC_OS_pre_X
	OPENSSL_SYS_MACINTOSH_CLASSIC
	OPENSSL_SYS_MACOSX_RHAPSODY

Reviewed-by: Andy Polyakov <appro@openssl.org>

92c78463

RT3425: constant-time evp_enc · 4aac102f

Emilia Kasper authored Sep 05, 2014



Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>

4aac102f

RT3067: simplify patch · 455b65df

Emilia Kasper authored Sep 04, 2014

(Original commit adb46dbc

)

Use the new constant-time methods consistently in s3_srvr.c

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

455b65df

RT3066: rewrite RSA padding checks to be slightly more constant time. · 294d1e36

Emilia Kasper authored Aug 28, 2014



Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

294d1e36

23 Sep, 2014 1 commit

make update · 51b7be8d

Emilia Kasper authored Sep 23, 2014



Sync libeay.num from 1.0.2

Reviewed-by: Dr Stephen Henson <steve@openssl.org>

51b7be8d