Commits · d97ed219860b3188b833a130a61d2438f3f249cf · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Dec 31, 2014

constify tls 1.2 lookup tables. · d97ed219

Cristian Rodríguez authored Apr 20, 2014



None of this should live in writable memory

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Geoff Thorpe <geoff@openssl.org>

d97ed219

Add missing include of sys/time.h · 97d5809c
Kurt Roeckx authored Dec 30, 2014
```
gettimeofday was undefined

Reviewed-by: Geoff Thorpe <geoff@openssl.org>
```
97d5809c

Dec 30, 2014

mark all block comments that need format preserving so that · 1d97c843

Tim Hudson authored Dec 28, 2014


indent will not alter them when reformatting comments

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

1d97c843

Make "run" volatile · aa8a9266
Kurt Roeckx authored Dec 16, 2014
```
RT#3629

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
aa8a9266

Document openssl dgst -hmac option · 5075e52e

Thorsten Glaser authored May 22, 2009



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>

5075e52e

dlfcn: always define _GNU_SOURCE · c1844095

Kurt Roeckx authored Dec 23, 2013

We need this for the freebsd kernel with glibc as used in the Debian kfreebsd
ports. There shouldn't be a problem defining this on systems not using glibc.

Reviewed-by: Richard Levitte <levitte@openssl.org>

c1844095

Fix memory leak in the apps · 8c00f4cf

Kurt Roeckx authored Dec 07, 2014



The BIO_free() allocated ex_data again that we already freed.

Reviewed-by: Richard Levitte <levitte@openssl.org>

8c00f4cf

Dec 28, 2014

RT3548: Remove unsupported platforms · 32dfde10

Rich Salz authored Dec 28, 2014



This commit removes DG-UX.
It also flushes out some left-behinds in config.
And regenerates TABLE from Configure (hadn't been done in awhile).

Reviewed-by: Richard Levitte <levitte@openssl.org>

32dfde10

Dec 25, 2014

RT3548: unsupported platforms · 6c23ca0c

Rich Salz authored Dec 25, 2014



This commit removes Sinix/ReliantUNIX RM400
(And a missed piece of BEOS fluff)

Reviewed-by: Richard Levitte <levitte@openssl.org>

6c23ca0c

Dec 22, 2014

RT3548: Remove unsupported platforms. · 5ad4fdce
Rich Salz authored Dec 22, 2014
```
This commit removes MPE/iX

Reviewed-by: Andy Polyakov <appro@openssl.org>
```
5ad4fdce

Improves certificates HOWTO · 67472bd8

Alok Menghrajani authored Nov 30, 2014



* adds links to various related documents.
* fixes a few typos.
* rewords a few sentences.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

67472bd8

Small typo · 7cfab40f
Richard Levitte authored Dec 22, 2014
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
7cfab40f

RT3548: Remvoe unsupported platforms · f2319414

Rich Salz authored Dec 21, 2014



This commit removes SunOS (a sentimental favorite of mine).

Reviewed-by: Richard Levitte <levitte@openssl.org>

f2319414

Dec 20, 2014

Fix incorrect OPENSSL_assert() usage. · 2521fcd8

Michael Tuexen authored Nov 16, 2014



Return an error code for I/O errors instead of an assertion failure.

PR#3470
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

2521fcd8

RT3548: Remove outdated platforms · e03b2987

Rich Salz authored Dec 19, 2014



This commit removes all mention of NeXT and NextStep.

Reviewed-by: Richard Levitte <levitte@openssl.org>

e03b2987

Dec 19, 2014
- Fix a problem if CFLAGS is too long cversion.c fails to compile when config · 488f16e3
  Matt Caswell authored Dec 19, 2014
```
is run with --strict-warnings.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  488f16e3
Dec 18, 2014

Made it an error to define OPENSSL_USE_DEPRECATED if OpenSSL has been built · c0fc27f8
Matt Caswell authored Dec 18, 2014
```
with OPENSSL_NO_DEPRECATED defined

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
c0fc27f8
Update CHANGES for deprecated updates · bd2bd374
Matt Caswell authored Dec 17, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
bd2bd374
make update following changes to default config settings · 6385043f
Matt Caswell authored Dec 17, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
6385043f
Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED · 53e95716
Matt Caswell authored Dec 17, 2014
```
Introduce use of DECLARE_DEPRECATED

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
53e95716
Remove redundant OPENSSL_NO_DEPRECATED suppression · 5bafb04d
Matt Caswell authored Dec 17, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
5bafb04d

Turn on OPENSSL_NO_DEPRECATED by default. · 07c4c14c

Matt Caswell authored Dec 17, 2014


Also introduce OPENSSL_USE_DEPRECATED. If OPENSSL_NO_DEPRECATED is
defined at config stage then OPENSSL_USE_DEPRECATED has no effect -
deprecated functions are not available.
If OPENSSL_NO_DEPRECATED is not defined at config stage then
applications must define OPENSSL_USE_DEPRECATED in order to access
deprecated functions.
Also introduce compiler warnings for gcc for applications using
deprecated functions

Reviewed-by: Rich Salz <rsalz@openssl.org>

07c4c14c

RT3548: Remove some obsolete platforms · 59ff1ce0

Rich Salz authored Dec 18, 2014



This commit removes Sony NEWS4

Reviewed-by: Richard Levitte <levitte@openssl.org>

59ff1ce0

Return error when a bit string indicates an invalid amount of bits left · 5a1e8c67
Kurt Roeckx authored Dec 15, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
5a1e8c67
Fix yet anoither 'make clean' breakage. · 040b60f6
Rich Salz authored Dec 18, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
040b60f6

Dec 17, 2014

RT3548: Remove some obsolete platforms · b317819b
Rich Salz authored Dec 17, 2014
```
This commit removes BEOS.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
b317819b
RT3544: Restore MWERKS for NetWare · 179f6b2f
Rich Salz authored Dec 17, 2014
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
179f6b2f

Reject invalid constructed encodings. · 89f40f36

Dr. Stephen Henson authored Dec 16, 2014



According to X6.90 null, object identifier, boolean, integer and enumerated
types can only have primitive encodings: return an error if any of
these are received with a constructed encoding.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

89f40f36

Add a comment noting the padding oracle. · 03af8430
Emilia Kasper authored Dec 17, 2014
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
03af8430

Revert "RT3425: constant-time evp_enc" · 4ad2d3ac

Emilia Kasper authored Dec 17, 2014

Causes more problems than it fixes: even though error codes
are not part of the stable API, several users rely on the
specific error code, and the change breaks them. Conversely,
we don't have any concrete use-cases for constant-time behaviour here.

This reverts commit 4aac102f

.

Reviewed-by: Andy Polyakov <appro@openssl.org>

4ad2d3ac

Build fixes · b597aab8

Emilia Kasper authored Dec 15, 2014



Various build fixes, mostly uncovered by clang's unused-const-variable
and unused-function errors.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 0e1c318e)

b597aab8

Premaster secret handling fixes · 4aecfd4d

Adam Langley authored Dec 16, 2014



From BoringSSL
- Send an alert when the client key exchange isn't correctly formatted.
- Reject overly short RSA ciphertexts to avoid a (benign) out-of-bounds memory access.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

4aecfd4d

Clear warnings/errors within RL_DEBUG code sections (RL_DEBUG should be renamed) · 57dc72e0
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
57dc72e0
Clear warnings/errors within TLS_DEBUG code sections · 6dec5e1c
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
6dec5e1c
Clear warnings/errors within KSSL_DEBUG code sections · 3ddb2914
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
3ddb2914
Clear warnings/errors within CIPHER_DEBUG code sections · a501f647
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
a501f647
Clear warnings/errors within CIPHER_DEBUG code sections · 72b5d03b
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
72b5d03b
Clear warnings/errors within BN_CTX_DEBUG code sections · a9389163
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
a9389163

Check for invalid divisors in BN_div. · a015758d

Emilia Kasper authored Dec 15, 2014



Invalid zero-padding in the divisor could cause a division by 0.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit a43bcd9e96c5180e5c6c82164ece643c0097485e)

a015758d

Dec 16, 2014
- The dtls1_output_cert_chain function no longer exists so remove it from · 789da2c7
  Matt Caswell authored Dec 03, 2014
```
ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  789da2c7