Commits · e774a3055bd89e4ed3a2800e795df9b46c8dce6b · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

23 Sep, 2014 4 commits

Emilia Kasper authored Sep 05, 2014



i2d_re_X509_tbs re-encodes the TBS portion of the certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 95b1752c)

e774a305

Revert "Add accessor for x509.cert_info." · d9f99d4e

Emilia Kasper authored Sep 23, 2014

This reverts commit 519ad9b3

.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

d9f99d4e

Revert "Add more accessors." · 6ce2a641

Emilia Kasper authored Sep 23, 2014

This reverts commit cacdfcb2

.

Conflicts:
	crypto/x509/x509.h

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

6ce2a641

CHANGES: mention ECP_NISTZ256. · d2a1226b

Andy Polyakov authored Sep 23, 2014



Reviewed-by: Bodo Moeller <bodo@openssl.org>
(cherry picked from commit 507efe73)

d2a1226b

21 Sep, 2014 9 commits

crypto/ecp_nistz256.c: harmonize error codes. · 9fa9370b
Andy Polyakov authored Sep 21, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit be07ae9b)
```
9fa9370b

Fix warning. · 12f14b1d

Dr. Stephen Henson authored Sep 19, 2014



Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 16e5b45f)

12f14b1d

crypto/ec: harmonize new code with FIPS module. · 27918b7c
Andy Polyakov authored Sep 22, 2014
```
RT: 3149
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
27918b7c

Configure: engage ECP_NISTZ256. · 2e31c47a

Andy Polyakov authored Sep 12, 2014



RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 84714790)

Resolved conflicts:

	Configure
	TABLE

2e31c47a

Add ECP_NISTZ256 by Shay Gueron, Intel Corp. · 3842a64d

Andy Polyakov authored Sep 12, 2014



RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4d3fa06f)

3842a64d

Reserve option to use BN_mod_exp_mont_consttime in ECDSA. · 8aed2a75

Andy Polyakov authored Sep 12, 2014



Submitted by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f54be179)

8aed2a75

perlasm/x86_64-xlate.pl: handle inter-bank movd. · f7835e1c
Andy Polyakov authored Sep 12, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 902b30df)
```
f7835e1c

Configure: add configuration for crypto/ec/asm extensions. · 11d8abb3

Andy Polyakov authored Aug 30, 2014



Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6019cdd3)

Resolved conflicts:

	Configure
	Makefile.org
	TABLE

11d8abb3

Fixed error introduced in commit · 320d9497

Tim Hudson authored Sep 21, 2014


that fixed PR#3450 where an existing cast masked an issue when i was changed
from int to long in that commit

Picked up on z/linux (s390) where sizeof(int)!=sizeof(long)

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit b5ff559f)

320d9497

20 Sep, 2014 1 commit

Harmonize Tru64 and Linux make rules. · dfb5de6f

Andy Polyakov authored Sep 20, 2014



RT: 3333,3165
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d475b2a3)

dfb5de6f

18 Sep, 2014 1 commit

RT2301: GetDIBits, not GetBitmapBits in rand_win · 5015a93d

Jake Goulding authored Sep 05, 2014



GetDIBits has been around since Windows2000 and
BitBitmapBits is an old Win16 compatibility function
that is much slower.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 99b00fd9)

5015a93d

11 Sep, 2014 1 commit

RT2772 update: c_rehash was broken · 478b3470

Rich Salz authored Sep 11, 2014



Move the readdir() lines out of the if statement, so
that flist is available globally.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6f46c3c3)

478b3470

10 Sep, 2014 2 commits

RT3271 update; extra; semi-colon; confuses; some; · 32584298
Rich Salz authored Sep 10, 2014
```
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit cb4bb56b)
```
32584298

RT2560: missing NULL check in ocsp_req_find_signer · a9d928a8

Rich Salz authored Sep 10, 2014



If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b2aa38a9)

a9d928a8

09 Sep, 2014 5 commits

RT2196: Clear up some README wording · 3aa2d2d0

Rich Salz authored Sep 09, 2014



Say where to email bug reports.
Mention general RT tracker info in a separate paragraph.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 468ab1c2)

3aa2d2d0

RT3192: spurious error in DSA verify · f33ce36a

Matt Caswell authored Sep 09, 2014



This is funny; Ben commented in the source, Matt opend a ticket,
and Rich is doing the submit.  Need more code-review? :)

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit eb63bce0)

f33ce36a

RT3271: Don't use "if !" in shell lines · e61c648f

Rich Salz authored Sep 09, 2014



For portability don't use "if ! expr"

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b999f66e)

e61c648f

RT1909: Omit version for v1 certificates · 8c0d19d8

Geoff Keating authored Sep 09, 2014



When calling X509_set_version to set v1 certificate, that
should mean that the version number field is omitted.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 1f18f50c)

8c0d19d8

RT3506: typo's in ssltest · 283a8fd1

Kurt Cancemi authored Sep 09, 2014



Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 4eadd11c)

283a8fd1

08 Sep, 2014 16 commits

RT2841: Extra return in check_issued · b8d687bb

Paul Suhler authored Sep 08, 2014



Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 4cd1119d)

b8d687bb

RT2626: Change default_bits from 1K to 2K · 57c932da

Kurt Roeckx authored Sep 08, 2014



This is a more comprehensive fix.  It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1.  This is from
Kurt's upstream Debian changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 44e0c2ba)

57c932da

RT2272: Add old-style hash to c_rehash · ef720a67

Matthias Andree authored Sep 07, 2014



In addition to Matthias's change, I also added -n to
not remove links. And updated the manpage.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a787c259)

ef720a67

RT468: SSL_CTX_sess_set_cache_size wrong · f28c48d0

Rich Salz authored Sep 03, 2014



The documentation is wrong about what happens when the
session cache fills up.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit e9edfc41)

f28c48d0

RT3301: Discard too-long heartbeat requests · ff89be85
Erik Auerswald authored Aug 26, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit af4c6e34)
```
ff89be85

RT2518: fix pod2man errors · 61a44b76

Scott Schaefer authored Aug 13, 2014



pod2man now complains when item tags are not sequential.
Also complains about missing =back and other tags.
Silence the warnings; most were already done.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit fe757304)

61a44b76

RT3108: OPENSSL_NO_SOCK should imply OPENSSL_NO_DGRAM · 45236ed6
Rich Salz authored Sep 04, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit be0bd11d)
```
45236ed6

RT3031: Need to #undef some names for win32 · 240635c0

Robin Lee authored Sep 04, 2014



Copy the ifdef/undef stanza from x509.h to x509v3.h

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 83e4e03e)

240635c0

RT2843: Remove another spurious close-comment token · 610ac052
Martin Olsson authored Sep 04, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 683cd7c9)
```
610ac052

RT2842: Remove spurious close-comment marker. · 9c096d0b

Martin Olsson authored Sep 04, 2014



Also, I (rsalz) changed "#ifdef undef" to "#if 0"

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 6b0dc6ef)

9c096d0b

Merge branch 'OpenSSL_1_0_2-stable' of git.openssl.org:openssl into OpenSSL_1_0_2-stable · 1915744a
Rich Salz authored Sep 08, 2014
```
another empty merge???

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
1915744a

Empty merge · c387f7d0

Rich Salz authored Sep 08, 2014



Merge branch 'OpenSSL_1_0_2-stable' of git.openssl.org:openssl into OpenSSL_1_0_2-stable

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

c387f7d0

Empty merge · eee95fc6

Rich Salz authored Sep 08, 2014



Merge branch 'OpenSSL_1_0_2-stable' of git.openssl.org:openssl into OpenSSL_1_0_2-stable

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

eee95fc6

RT1834: Fix PKCS7_verify return value · dd3c21b2

Rich Salz authored Sep 05, 2014



The function returns 0 or 1, only.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b0e659cf)

dd3c21b2

RT1832: Fix PKCS7_verify return value · dd13aadf

Rich Salz authored Sep 05, 2014



The function returns 0 or 1, only.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b0e659cf)

dd13aadf

RT1771: Add string.h include. · 2a49fef2

Alon Bar-Lev authored Sep 05, 2014



Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 8842987e)

2a49fef2

07 Sep, 2014 1 commit

RT1325,2973: Add more extensions to c_rehash · c56be26d

Viktor Dkhovni authored Sep 07, 2014



Regexp was bracketed wrong.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 5a8addc4)

c56be26d