Commits · e42c208235a86beee16ff0d0e6ca4e164a57d21a · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jun 27, 2014
- Memory leak and NULL dereference fixes. · e42c2082
  Dr. Stephen Henson authored Jun 27, 2014
```
PR#3403
(cherry picked from commit d2aea038)
```
  e42c2082
- Remove ancient obsolete files under pkcs7. · e86951ca
  Dr. Stephen Henson authored Jun 26, 2014
```
(cherry picked from commit 7be6b27a)
```
  e86951ca
Jun 26, 2014

Make sure BN_sqr can never return a negative value. · b7a4f98b
Huzaifa Sidhpurwala authored Jun 26, 2014
```
PR#3410
(cherry picked from commit e14e764c0d5d469da63d0819c6ffc0e1e9e7f0bb)
```
b7a4f98b

bn_exp.c: move check for AD*X to rsaz-avx2.pl. · 82a9dafe

Andy Polyakov authored Jun 27, 2014

This ensures high performance is situations when assembler supports
AVX2, but not AD*X.
(cherry picked from commit f3f620e1)

Resolved conflicts:

	crypto/bn/asm/rsaz-avx2.pl

82a9dafe

Jun 25, 2014
- aesv8-armx.pl: rigid input verification in key setup. · 1536bcfd
  Andy Polyakov authored Jun 25, 2014
```
(cherry picked from commit 7b8c8c4d)
```
  1536bcfd
- X509_check_mumble() failure is <= 0, not just 0 · 3fc0b1ed
  Viktor Dukhovni authored Jun 22, 2014
```
(cherry picked from commit a48fb040)
```
  3fc0b1ed
- More complete input validation of X509_check_mumble · 3d15d58e
  Viktor Dukhovni authored Jun 22, 2014
```
(cherry picked from commit 29edebe9)
```
  3d15d58e
- Drop hostlen from X509_VERIFY_PARAM_ID. · d93edc0a
  Viktor Dukhovni authored Jun 22, 2014
```
Just store NUL-terminated strings.  This works better when we add
support for multiple hostnames.
(cherry picked from commit b3012c69)
```
  d93edc0a
- More complete X509_check_host documentation. · 609daaba
  Viktor Dukhovni authored Jun 22, 2014
```
(cherry picked from commit d241b804)
```
  609daaba
Jun 24, 2014
- aesv8-armx.pl: inclrease interleave factor. · a073ceef
  Andy Polyakov authored Jun 24, 2014
```
This is to compensate for higher aes* instruction latency on Cortex-A57.
(cherry picked from commit 015364ba)
```
  a073ceef
- ARMv8 assembly pack: add Cortex performance numbers. · 5cd8ce42
  Andy Polyakov authored Jun 24, 2014
```
(cherry picked from commit 0f777aeb)
```
  5cd8ce42
Jun 22, 2014
- Fix off-by-one errors in ssl_cipher_get_evp() · d15f2d98
  Miod Vallat authored Jun 04, 2014
```
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

Bug discovered and fixed by Miod Vallat from the OpenBSD team.

PR#3375
```
  d15f2d98
- Revert "Fix off-by-one errors in ssl_cipher_get_evp()" · 00f5ee44
  Matt Caswell authored Jun 22, 2014
```
This reverts commit 3d860774.

Incorrect attribution.
```
  00f5ee44
- Fixed Windows compilation failure · e7911530
  Matt Caswell authored May 27, 2014
  
  e7911530
Jun 18, 2014
- Make sure test/tests.com exit gracefully, even when openssl.exe wasn't · 6ff73426
  Richard Levitte authored Jun 18, 2014
```
properly built.
```
  6ff73426
- Adjust VMS build to Unix build. Most of all, make it so the disabled · a61e509e
  Richard Levitte authored Jun 17, 2014
```
algorithms MD2 and RC5 don't get built.
Also, disable building the test apps in crypto/des and crypto/pkcs7, as
they have no support at all.
```
  a61e509e
Jun 17, 2014
- Fix signed/unsigned comparisons. · 1b823494
  Felix Laurie von Massenbach authored Jun 15, 2014
```
(cherry picked from commit 50cc4f7b)
```
  1b823494
- Fix shadow declaration. · 6657e68b
  Felix Laurie von Massenbach authored Jun 15, 2014
```
(cherry picked from commit 1f61d8b5)
```
  6657e68b
- Remove unused DANE macros. This should be the last DANE stuff... · 23351c60
  Richard Levitte authored Jun 17, 2014
  
  23351c60
Jun 16, 2014
- DCL doesn't do well with empty lines, or lines starting with # · 9a6112d1
  Richard Levitte authored Jun 16, 2014
  
  9a6112d1
- Spaces were added in some strings for better readability. However, those... · b9c0dae2
  Richard Levitte authored Jun 16, 2014
```
Spaces were added in some strings for better readability.  However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces
```
  b9c0dae2
- aesni-sha[1|256]-x86_64.pl: fix logical error and MacOS X build. · d940b3b9
  Andy Polyakov authored Jun 16, 2014
```
(cherry picked from commit 9024b84b)
```
  d940b3b9
Jun 14, 2014
- Enforce _X509_CHECK_FLAG_DOT_SUBDOMAINS internal-only · cfbc10fb
  Viktor Dukhovni authored Jun 13, 2014
```
(cherry picked from commit d435e23959f1c2cb4feadbfba9ad884c59f37db9)
```
  cfbc10fb
- Accept CCS after sending finished. · 90d94ce3
  Dr. Stephen Henson authored Jun 14, 2014
```
Allow CCS after finished has been sent by client: at this point
keys have been correctly set up so it is OK to accept CCS from
server. Without this renegotiation can sometimes fail.

PR#3400
(cherry picked from commit 99cd6a91fcb0931feaebbb4832681d40a66fad41)
```
  90d94ce3
- evp/e_aes_cbc_sha[1|256].c: fix -DPEDANTIC build. · 79b960c0
  Andy Polyakov authored Jun 14, 2014
```
(cherry picked from commit ce00c64d)
```
  79b960c0
- Adjust VMS build files to the Unix ones · 66a6e2b2
  Richard Levitte authored Jun 14, 2014
  
  66a6e2b2
- Make sure that disabling the MAYLOSEDATA3 warning is only done when the · 1be1d051
  Richard Levitte authored Jun 14, 2014
```
compiler supports it.  Otherwise, there are warnings about it lacking
everywhere, which is quite tedious to read through while trying to check
for other warnings.
```
  1be1d051
- Update the VMS tests according to the latest unixly tests. · 9f8c1832
  Richard Levitte authored Jun 12, 2014
```
Partly provided by Zoltan Arpadffy <arpadffy@polarhome.com>
```
  9f8c1832
- aesni-sha256-x86_64.pl: add missing rex in shaext. · 8301245a
  Andy Polyakov authored Jun 14, 2014
```
PR: 3405
(cherry picked from commit 91a6bf80)
```
  8301245a
- sha1-x86_64.pl: add missing rex prefix in shaext. · 1f6d2076
  Andy Polyakov authored Jun 14, 2014
```
PR: 3405
(cherry picked from commit c9cf29cc)
```
  1f6d2076
Jun 13, 2014
- Fixed incorrect return code handling in ssl3_final_finish_mac. · 561ba124
  Matt Caswell authored Jun 10, 2014
```
Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.
```
  561ba124
- Revert "Fixed incorrect return code handling in ssl3_final_finish_mac" · 7f133c35
  Matt Caswell authored Jun 13, 2014
```
This reverts commit 728bd41a.

Missing attribution.
```
  7f133c35
Jun 12, 2014
- Client-side namecheck wildcards. · 3cc8a3f2
  Viktor Dukhovni authored Jun 12, 2014
```
A client reference identity of ".example.com" matches a server
certificate presented identity that is any sub-domain of "example.com"
(e.g. "www.sub.example.com).

With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches
only direct child sub-domains (e.g. "www.sub.example.com").
(cherry picked from commit e52c52f10bb8e34aaf8f28f3e5b56939e8f6b357)
```
  3cc8a3f2
- Fix off-by-one errors in ssl_cipher_get_evp() · 3d860774
  Kurt Cancemi authored Jun 04, 2014
```
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

PR#3375
```
  3d860774
- Facilitate back-porting of AESNI and SHA modules. · 56ba280c
  Andy Polyakov authored Jun 12, 2014
```
Fix SEH and stack handling in Win64 build.
(cherry picked from commit 977f32e8)
```
  56ba280c
- Added OPENSSL_assert check as per PR#3377 reported by Rainer Jung <rainer.jung@kippdata.de> · 955bfbc2
  Matt Caswell authored Jun 12, 2014
  
  955bfbc2
- remove some more DANE code · 2eab488c
  Dr. Stephen Henson authored Jun 12, 2014
  
  2eab488c
- make update · fa7a0efb
  Dr. Stephen Henson authored Jun 12, 2014
  
  fa7a0efb
- Fix Windows build. · 3fe8f005
  Dr. Stephen Henson authored Jun 12, 2014
  
  3fe8f005
- Remove unimplemented functions. · 5af09776
  Dr. Stephen Henson authored Jun 12, 2014
  
  5af09776