Commits · fd7d252060c427b2e567295845a61d824539443b · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Nov 26, 2015

Tighten up BN_with_flags usage and avoid a reachable assert · fd7d2520

Matt Caswell authored Nov 24, 2015

The function rsa_ossl_mod_exp uses the function BN_with_flags to create a
temporary copy (local_r1) of a BIGNUM (r1) with modified flags. This
temporary copy shares some state with the original r1. If the state of r1
gets updated then local_r1's state will be stale. This was occurring in the
function so that when local_r1 was freed a call to bn_check_top was made
which failed an assert due to the stale state. To resolve this we must free
local_r1 immediately after we have finished using it and not wait until the
end of the function.

This problem prompted a review of all BN_with_flag usage within the
codebase. All other usage appears to be correct, although often not
obviously so. This commit refactors things to make it much clearer for
these other uses.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

fd7d2520

Nov 25, 2015
- Remove unused cert_verify_mac code · 6938c954
  Dr. Stephen Henson authored Nov 25, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  6938c954
Nov 24, 2015

Configuratons: add -DFILIO_H to harmonized Solaris targets. · f6739c3d
Andy Polyakov authored Nov 23, 2015
```
Triggered by RT#4144.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
```
f6739c3d

Remove useless locking code · da950fd3

Alessandro Ghedini authored Oct 28, 2015

Follow-up to 070c2332

.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>

GH: #454

da950fd3

Fix typo: _REENTERANT -> _REENTRANT · c98d63f2

Finn Hakansson authored Nov 24, 2015



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>

GH: #484

c98d63f2

mark openssl configuration as loaded at end of OPENSSL_config · 434b5845
Marcus Meissner authored Nov 04, 2015
```
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>

GH: #466
```
434b5845

Fix grammar errors · c7944cf1

Quanah Gibson-Mount authored Nov 22, 2015



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>

GH: #481

c7944cf1

ssl3_free(): Return if it wasn't created · a60c151a

Pascal Cuoq authored Nov 23, 2015



If somewhere in SSL_new() there is a memory allocation failure, ssl3_free() can
get called with s->s3 still being NULL.

Patch also provided by Willy Tarreau <wtarreau@haproxy.com>

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>

a60c151a

Add ctrl for SHA1 and SSLv3 · 00f5263b

Dr. Stephen Henson authored Nov 24, 2015



Add SSLv3 ctrl to EVP_sha1() this is only needed if SSLv3 client
authentication is used with DSA/ECDSA.

Reviewed-by: Tim Hudson <tjh@openssl.org>

00f5263b

make update · 9cc6fa1c
Dr. Stephen Henson authored Nov 24, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
9cc6fa1c
Use EVP_md5_sha1() to process client verify · 28f4580c
Dr. Stephen Henson authored Nov 24, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
28f4580c
Use EVP_md5_sha1() to generate client verify · a0f63828
Dr. Stephen Henson authored Nov 24, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
a0f63828
Add EVP_MD_CTX_ctrl function. · 396d5fd0
Dr. Stephen Henson authored Nov 23, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
396d5fd0

Add ssl3 ctrl to EVP_md5_sha1(). · 93972b8c

Dr. Stephen Henson authored Nov 23, 2015



Add a ctrl to EVP_md5_sha1() to handle the additional operations needed
to handle SSL v3 client authentication and finished message.

Reviewed-by: Tim Hudson <tjh@openssl.org>

93972b8c

Remove RSA exception when generating server key exchange. · e3e11e99
Dr. Stephen Henson authored Nov 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
e3e11e99
Remove RSA exception when processing server key exchange. · 192e4bbb
Dr. Stephen Henson authored Nov 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
192e4bbb
Use MD5+SHA1 for default digest if appropriate. · d18d31a1
Dr. Stephen Henson authored Aug 29, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
d18d31a1

Add MD5+SHA1 · 2f142ada

Dr. Stephen Henson authored Nov 20, 2014



Add digest combining MD5 and SHA1. This is used by RSA signatures for
TLS 1.1 and earlier.

Reviewed-by: Tim Hudson <tjh@openssl.org>

2f142ada

Fix uninitialised p error. · 63eb10a0
Dr. Stephen Henson authored Nov 24, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
63eb10a0

Limit depth of ASN1 parse printing. · 158e5207

Dr. Stephen Henson authored Sep 03, 2015



Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue.

Reviewed-by: Tim Hudson <tjh@openssl.org>

158e5207

Drop the old perl start magic and replace it with a normal shebang · de17db91
Richard Levitte authored Nov 24, 2015
```
perlrun(1) leads the way.

Reviewed-by: Matt Caswell <matt@openssl.org>
```
de17db91

Add perl modeline to Configure scripts · f4d8f037

Jacob Bandes-Storch authored Nov 23, 2015



Encourages GitHub to perform proper syntax highlighting.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

f4d8f037

Nov 23, 2015

"make update" after async merge. · b83fb854
Rich Salz authored Nov 23, 2015
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
b83fb854
Fix a few missed "if (!ptr)" cleanups · cc99bfa7
Rich Salz authored Nov 23, 2015
```
And a scalar !x --> x==0 test
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
```
cc99bfa7

Patch containing TLS implementation for GOST 2012 · e44380a9

Dmitry Belyavsky authored Nov 17, 2015



This patch contains the necessary changes to provide GOST 2012
ciphersuites in TLS. It requires the use of an external GOST 2012 engine.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

e44380a9

x86_64 assembly pack: tune clang version detection. · 76eba0d9
Andy Polyakov authored Nov 21, 2015
```
RT#4142

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
76eba0d9
Makefile.org: add LC_ALL=C to unify error [and other] messages. · 193ed2d7
Andy Polyakov authored Nov 21, 2015
```
RT#4138

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
193ed2d7
e_os.h: __sun done right. · 2f2c805a
Andy Polyakov authored Nov 22, 2015
```
RT #4144

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
2f2c805a

Nov 22, 2015

Fix a rebase error · 46ddbcf2

Matt Caswell authored Nov 22, 2015



During rebasing of the async changes some error codes ended up being
duplicated so that "make errors" fails. This removes the duplication.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>

46ddbcf2

Async error handling and MacOS/X fixes · 6e8ac508

Viktor Dukhovni authored Nov 21, 2015



In the async code for MacOS/X define _XOPEN_SOURCE (if not already
defined) as early as possible.  We must do this before including
any header files, because on MacOS/X <stlib.h> includes <signal.h>
which includes <ucontext.h>.  If we delay defining _XOPEN_SOURCE
and include <ucontext.h> after various system headers are included,
we are very likely to end up with the wrong (truncated) definition
of ucontext_t.

Also, better error handling and some code cleanup in POSIX fibre
construction and destruction.  We make sure that async_fibre_makecontext()
always initializes the fibre to a state that can be freed.

For all implementations, check for error returns from
async_fibre_makecontext().

Reviewed-by: Matt Caswell <matt@openssl.org>

6e8ac508

Use defined(__sun) instead of defined(sun) · 3d322188

Kurt Roeckx authored Nov 22, 2015



Strict ISO confirming C compilers only define __sun

Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>

RT #4144, MR #1353

3d322188

Update dasync to use size_t for the sha1 update · 652d4a8c
Kurt Roeckx authored Nov 21, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>

MR #1350
```
652d4a8c

Nov 21, 2015

Add initial AppVeyor configuration · 68db80e2

Alessandro Ghedini authored Oct 28, 2015



Original patch by Frank Morgner.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>

GH: #456

68db80e2

Turn B<...()> into ...() · 35cb565a

Rich Salz authored Nov 19, 2015



For all functions, consistently use asdf() not B<asdf()>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

35cb565a

Fix "primarility" typo · e61434b4

Michal Bozon authored Oct 29, 2015



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>

GH: #458

e61434b4

Minor correction to comment. · 00a8e146

Finn Hakansson authored Nov 12, 2015



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>

00a8e146

Fix STRICT_ALIGNMENT for whrlpool · 58a816d6

Andy Polyakov authored Oct 28, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

58a816d6

Declare cleanse_ctr variable as extern · d011253f

Alessandro Ghedini authored Oct 23, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

d011253f

Add no-asm builds to Travis · fc47ad3b

Alessandro Ghedini authored Oct 22, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

fc47ad3b

Fix (minor) problems found by ubsan · 3003e0a4

Alessandro Ghedini authored Oct 17, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

3003e0a4