Commits · d6934a02b5e97c6548d18a74e7b6667dd2617c96 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

15 May, 2014 2 commits
- Moved note about lack of support for AEAD modes out of BUGS section to... · d6934a02
  Matt Caswell authored May 15, 2014
```
Moved note about lack of support for AEAD modes out of BUGS section to SUPPORTED CIPHERS section (bug has been fixed, but still no support for AEAD)
```
  d6934a02
- Enc doesn't support AEAD ciphers. · f9986e9a
  Dr. Stephen Henson authored May 15, 2014
  
  f9986e9a
14 May, 2014 3 commits
- Fix grammar error in verify pod. PR#3355 · 1f5e321e
  Jeffrey Walton authored May 14, 2014
  
  1f5e321e
- Add information to BUGS section of enc documentation. PR#3354 · b6adb6ef
  Jeffrey Walton authored May 14, 2014
  
  b6adb6ef
- Corrected POD syntax errors. PR#3353 · bfdaf451
  Michal Bozon authored May 14, 2014
  
  bfdaf451
12 May, 2014 3 commits
- Check sk_SSL_CIPHER_num() after assigning sk. · 69526a35
  Kurt Roeckx authored May 12, 2014
  
  69526a35
- Correct the return type on the signature for X509_STORE_CTX_get_ex_data given in the pod file. · 778f2b64
  Jean-Paul Calderone authored Apr 02, 2014
  
  778f2b64
- Replace manual ASN1 decoder with ASN1_get_object · 2223317b
  Serguei E. Leontiev authored May 11, 2014
```
Replace manual ASN.1 decoder with ASN1_get object. This
will decode the tag and length properly and check against
it does not exceed the supplied buffer length.

PR#3335
(cherry picked from commit b0308dddd1cc6a8e1de803ef29ba6da25ee072c2)
```
  2223317b
11 May, 2014 6 commits
- Fixed NULL pointer dereference. See PR#3321 · b107586c
  Matt Caswell authored May 12, 2014
  
  b107586c
- Set authkey to NULL and check malloc return value. · d5447553
  Kurt Roeckx authored May 01, 2014
  
  d5447553
- dgram_sctp_ctrl: authkey memory leak · 88398e9b
  Martin Brejcha authored May 01, 2014
```
PR: 3327
```
  88398e9b
- Avoid out-of-bounds write in SSL_get_shared_ciphers · 15c1ac03
  Günther Noack authored May 01, 2014
```
PR: 3317
```
  15c1ac03
- Fix infinite loop. PR#3347 · c3c6fc78
  Viktor Dukhovni authored May 11, 2014
  
  c3c6fc78
- safety check to ensure we dont send out beyond the users buffer · 4d8cca8a
  Tim Hudson authored May 11, 2014
  
  4d8cca8a
09 May, 2014 1 commit

Return an error if no recipient type matches. · d61be855

Dr. Stephen Henson authored May 08, 2014

If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.

PR#3348

d61be855

08 May, 2014 2 commits
- coverity 966576 - close socket in error path · 9e456a85
  Tim Hudson authored May 05, 2014
  
  9e456a85
- PR#3342 fix resource leak coverity issue 966577 · f179e2b8
  Tim Hudson authored May 05, 2014
  
  f179e2b8
07 May, 2014 2 commits
- fix coverity issue 966597 - error line is not always initialised · 6a60b414
  Tim Hudson authored May 05, 2014
  
  6a60b414
- Fixed NULL pointer dereference in PKCS7_dataDecode reported by David Ramos in PR#3339 · c6a47f98
  Matt Caswell authored May 07, 2014
  
  c6a47f98
06 May, 2014 5 commits

evp: prevent underflow in base64 decoding · d0666f28

Geoff Thorpe authored May 04, 2014



This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>

d0666f28

bignum: allow concurrent BN_MONT_CTX_set_locked() · d8afda60

Geoff Thorpe authored May 04, 2014

The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
noted by Daniel Sands and co at Sandia. This was to handle the case that
2 or more threads race to lazy-init the same context, but stunted all
scalability in the case where 2 or more threads are doing unrelated
things! We favour the latter case by punishing the former. The init work
gets done by each thread that finds the context to be uninitialised, and
we then lock the "set" logic after that work is done - the winning
thread's work gets used, the losing threads throw away what they've done.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>

d8afda60

dso: eliminate VMS code on non-VMS systems · 804ab36d

Geoff Thorpe authored Apr 27, 2014



Even though the meat of dso_vms.c is compiled out on non-VMS builds,
the (pre-)compiler still traverses some of the macro handling. This
trips up at least one non-VMS build configuration, so this commit
makes the skip-VMS case more robust.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>

804ab36d

Initialize num properly. · a41d5174
Dr. Stephen Henson authored May 06, 2014
```
PR#3289
PR#3345
(cherry picked from commit 3ba1e406)
```
a41d5174
Set Enveloped data version to 2 if ktri version not zero. · 9c5d953a
Dr. Stephen Henson authored May 06, 2014

9c5d953a

05 May, 2014 1 commit
- - fix coverity issues 966593-966596 · 7b7b18c5
  Tim Hudson authored May 05, 2014
  
  7b7b18c5
03 May, 2014 1 commit
- Double free in i2o_ECPublicKey · 8eb094b9
  David Ramos authored May 03, 2014
```
PR: 3338
```
  8eb094b9
01 May, 2014 1 commit
- typo in SSL_get_peer_cert_chain docs · 7fa18a63
  Jeff Trawick authored Apr 13, 2014
```
RT: 3304
```
  7fa18a63
30 Apr, 2014 2 commits

Fixed spelling error in error message. Fix supplied by Marcos Marado · 90600a5e
Matt Caswell authored May 01, 2014

90600a5e

POD: Fix item numbering · 23f5908a

Lubomir Rintel authored Oct 21, 2013

Newer pod2man considers =item [1-9] part of a numbered list, while =item
0 starts an unnumbered list. Add a zero effect formatting mark to override
this.

doc/apps/smime.pod around line 315: Expected text after =item, not a
number
...

PR#3146

23f5908a

26 Apr, 2014 1 commit

Fix version documentation. · e622237d

mancha authored Apr 25, 2014

Specify -f is for compilation flags. Add -d to synopsis section.

(cherry picked from commit 006397ea62bbcae22c8664d53c2222b808c4bdd1)

Closes #79.

e622237d

24 Apr, 2014 2 commits

Fix eckey_priv_encode() · f0816174

mancha authored Apr 24, 2014

Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.

f0816174

Add new sponsors · 057444f8
Steve Marquess authored Apr 24, 2014
```
(cherry picked from commit 351f0a124bffaa94d2a8abdec2e7dde5ae9c457d)
```
057444f8

23 Apr, 2014 1 commit
- Fix use after free. · 725c5f1a
  Ben Laurie authored Apr 23, 2014
  
  725c5f1a
22 Apr, 2014 1 commit
- Fix double frees. · 9c8dc84a
  Ben Laurie authored Apr 22, 2014
  
  9c8dc84a
16 Apr, 2014 1 commit
- Document -debug_decrypt option. · e3899aba
  Dr. Stephen Henson authored Apr 16, 2014
```
(cherry picked from commit 0dd5b94a)
```
  e3899aba
15 Apr, 2014 2 commits

Extension checking fixes. · 3fc880ac

Dr. Stephen Henson authored Apr 15, 2014

When looking for an extension we need to set the last found
position to -1 to properly search all extensions.

PR#3309.
(cherry picked from commit 300b9f0b)

3fc880ac

Clarify CMS_decrypt behaviour. · 602b2790
Dr. Stephen Henson authored Apr 15, 2014
```
(cherry picked from commit 5f8e9a47)
```
602b2790

11 Apr, 2014 1 commit
- Add new key fingerprint. · b05a3ad7
  Dr. Stephen Henson authored Apr 11, 2014
```
(cherry picked from commit 3143a332)
```
  b05a3ad7
09 Apr, 2014 1 commit

Fix free errors in ocsp utility. · 3d8f4f23

Dr. Stephen Henson authored Apr 09, 2014

Keep copy of any host, path and port values allocated by
OCSP_parse_url and free as necessary.
(cherry picked from commit 5219d3dd)

3d8f4f23

08 Apr, 2014 1 commit
- VMS build fix #2. · a74bee5f
  Steven M. Schweda authored Apr 08, 2014
  
  a74bee5f