Commits · ea7cb5397457c59554155935b677a1dab23bd864 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

06 Aug, 2014 2 commits

Added comment for the frag->reassembly == NULL case as per feedback from Emilia · ea7cb539
Matt Caswell authored Jul 24, 2014
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
ea7cb539

Avoid double free when processing DTLS packets. · 49850075

Adam Langley authored Jun 06, 2014

The |item| variable, in both of these cases, may contain a pointer to a
|pitem| structure within |s->d1->buffered_messages|. It was being freed
in the error case while still being in |buffered_messages|. When the
error later caused the |SSL*| to be destroyed, the item would be double
freed.

Thanks to Wah-Teh Chang for spotting that the fix in 1632ef74

 was
inconsistent with the other error paths (but correct).

Fixes CVE-2014-3505

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

49850075

01 Aug, 2014 5 commits

make update · 89d2f8f1
Dr. Stephen Henson authored Aug 01, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
89d2f8f1

Fix error discrepancy. · 2c3673cd

Dr. Stephen Henson authored Jul 31, 2014

We can't rename ssleay_rand_bytes to md_rand_bytes_lock as this will cause
an error code discrepancy. Instead keep ssleay_rand_bytes and add an
extra parameter: since ssleay_rand_bytes is not part of the public API
this wont cause any binary compatibility issues.
Reviewed-by: Kurt Roeckx <kurt@openssl.org >

2c3673cd

Update $default_depflags to match current defaults. · ba5f75d5
Bodo Moeller authored Aug 01, 2014

ba5f75d5
Clean up CHANGES files: If a change is already present in 1.0.1f or 1.0.1h, · be804523
Bodo Moeller authored Aug 01, 2014
```
don't list it again under changes between 1.0.1h and 1.0.2.
```
be804523
Simplify and fix ec_GFp_simple_points_make_affine · d5213519
Bodo Moeller authored Aug 01, 2014
```
(which didn't always handle value 0 correctly).

Reviewed-by:  <emilia@openssl.org>
```
d5213519

30 Jul, 2014 1 commit

Avoid multiple lock using FIPS DRBG. · a3efe1b6

Dr. Stephen Henson authored Jul 30, 2014



Don't use multiple locks when SP800-90 DRBG is used outside FIPS mode.

PR#3176
Reviewed-by: Rich Salz <rsalz@openssl.org>

a3efe1b6

24 Jul, 2014 1 commit

Add conditional unit testing interface. · 789b1259

Dr. Stephen Henson authored Jul 23, 2014



Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.

By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit e0fc7961)

Conflicts:

	ssl/heartbeat_test.c
	ssl/ssl.h
	util/mkdef.pl

789b1259

22 Jul, 2014 5 commits
- Prepare for 1.0.2-beta3-dev · 371d9a62
  Matt Caswell authored Jul 22, 2014
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  371d9a62
- Prepare for 1.0.2-beta2 release · 2f63ad1c
  Matt Caswell authored Jul 22, 2014
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  OpenSSL_1_0_2-beta2
  
  2f63ad1c
- make update · 0e320352
  Matt Caswell authored Jul 22, 2014
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  0e320352
- update $default_depflags · f5ce8d6a
  Dr. Stephen Henson authored Jul 22, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  f5ce8d6a
- CHANGES: mention new platforms. · 0ae6ba18
  Andy Polyakov authored Jul 22, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
  0ae6ba18
21 Jul, 2014 4 commits

"EC_POINT_invert" was checking "dbl" function pointer instead of "invert". · 4ccc2c19
Billy Brumley authored Jul 21, 2014
```
PR#2569

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit cba11f57)
```
4ccc2c19
Remove old unused and unmaintained demonstration code. · b5e611a9
Tim Hudson authored Jul 22, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 62352b81)
```
b5e611a9

sha1-ppc.pl: shave off one cycle from BODY_20_39 · a2f34441

Andy Polyakov authored Jul 21, 2014


and improve performance by 10% on POWER[78].

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 5c359830)

a2f34441

Minor documentation update removing "really" and a · 2be94255

Tim Hudson authored Jul 21, 2014


statement of opinion rather than a fact.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit c8d133e4)

2be94255

20 Jul, 2014 2 commits
- Add test header to Makefile, update ordinals · f284fc7c
  Dr. Stephen Henson authored Jul 20, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  f284fc7c
- Initial POWER8 support from development branch. · c991d8ae
  Andy Polyakov authored Jul 20, 2014
```
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  c991d8ae
19 Jul, 2014 1 commit

Fix documentation for RSA_set_method(3) · be12cb3e

Dr. Stephen Henson authored Jul 19, 2014



PR#1675
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 197400c3f0d617d71ad8167b52fb73046d334320)

be12cb3e

17 Jul, 2014 3 commits

Make *Final work for key wrap again. · 4c05b1f8
Dr. Stephen Henson authored Jul 17, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 58f4698f)
```
4c05b1f8
Sanity check lengths for AES wrap algorithm. · 6e1e5996
Dr. Stephen Henson authored Jul 17, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit d12eef15)
```
6e1e5996

Fix typo, add reference. · 6ccd120f

Jeffrey Walton authored Jul 17, 2014



PR#3456
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit d48e78f0)

6ccd120f

16 Jul, 2014 1 commit

Disabled XTS mode in enc utility as it is not supported · ca818b32

Matt Caswell authored Jul 13, 2014



PR#3442

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2097a17c)

ca818b32

15 Jul, 2014 4 commits

Add Matt Caswell's fingerprint, and general update on the fingerprints file to bring it up to date · b11c2411
Matt Caswell authored Jul 15, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 3bd54819)
```
b11c2411
Clarify -Verify and PSK. · beac6cb5
Dr. Stephen Henson authored Jul 15, 2014
```
PR#3452
(cherry picked from commit ca2015a6)
```
beac6cb5

Fix DTLS certificate requesting code. · 666a597f

Dr. Stephen Henson authored Jul 15, 2014

Use same logic when determining when to expect a client
certificate for both TLS and DTLS.

PR#3452
(cherry picked from commit c8d710dc)

666a597f

Don't allow -www etc options with DTLS. · d4dbabb8

Dr. Stephen Henson authored Jul 15, 2014

The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.

PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)

d4dbabb8

14 Jul, 2014 3 commits

Use case insensitive compare for servername. · c71e37aa
Dr. Stephen Henson authored Jul 14, 2014
```
PR#3445
(cherry picked from commit 1c3e9a7c)
```
c71e37aa

document -nextprotoneg option in man pages · cdae9a58

Hubert Kario authored Jun 06, 2014

Add description of the option to advertise support of
Next Protocol Negotiation extension (-nextprotoneg) to
man pages of s_client and s_server.

PR#3444
(cherry picked from commit 7efd0e77)

cdae9a58

Use more common name for GOST key exchange. · fa2b54c8
Dr. Stephen Henson authored Jul 14, 2014
```
(cherry picked from commit 7aabd9c92fe6f0ea2a82869e5171dcc4518cee85)
```
fa2b54c8

13 Jul, 2014 3 commits

Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data. · 14b5d0d0

Matt Caswell authored Jul 10, 2014

This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415

(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)

14b5d0d0

Add names of GOST algorithms. · 2fbd9425
Peter Mosmans authored Jul 13, 2014
```
PR#3440
(cherry picked from commit 924e5eda)
```
2fbd9425
* crypto/ui/ui_lib.c: misplaced brace in switch statement. · 5b918845
Richard Levitte authored Jul 13, 2014
```
  Detected by dcruette@qualitesys.com

(cherry picked from commit 8b5dd340)
```
5b918845

10 Jul, 2014 1 commit
- Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259). · 5e189b4b
  Ben Laurie authored Jul 10, 2014
```
(cherry picked from commit c1d1b011)
```
  5e189b4b
09 Jul, 2014 4 commits
- Fix memory leak in BIO_free if there is no destroy function. · 23bd6287
  Matt Caswell authored Jul 09, 2014
```
Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com>

PR#3439

(cherry picked from commit 66816c53)
```
  23bd6287
- x86_64 assembly pack: improve masm support. · 371feee8
  Andy Polyakov authored Jul 09, 2014
```
(cherry picked from commit 1b0fe79f)
```
  371feee8
- Please Clang's sanitizer, addendum. · f50f0c6a
  Andy Polyakov authored Jul 08, 2014
```
(cherry picked from commit d11c70b2)
```
  f50f0c6a
- Please Clang's sanitizer. · 2064e2db
  Andy Polyakov authored Jul 08, 2014
```
PR: #3424,#3423,#3422
(cherry picked from commit 021e5043)
```
  2064e2db