summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2014-10-22Move openssl version from 1.0.1g to 1.0.1hsandbox/jkozerski/tizenJohn L. Whiteman2-1/+4
for CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 fixes Change-Id: Ifa69d7a46f9a000d0ee8cf4da86e3e1d7113cfdc Signed-off-by: John L. Whiteman <john.l.whiteman@intel.com>
2014-10-22Move openssl version to 1.0.1g for CVE-2014-160 (Heartbleed)Michael Demeter2-1/+4
Change-Id: Ia8dc1aada13143a27be097574f985414b998159f Signed-off-by: Michael Demeter <michael.demeter@intel.com>
2014-10-22Move to OpenSSL 1.0.1e from 1.0.1c.Ryan Ware1-1/+1
2014-10-22resetting manifest requested domain to floorAlexandru Cornea2-0/+12
2014-10-22Fixed package groupsAnas Nashif2-3/+16
2014-10-22Fixed package groupAnas Nashif1-0/+3
2014-10-22Fixed package groupsAnas Nashif1-59/+4
2014-10-22enable md2Anas Nashif1-1/+1
2014-10-22do not run tests for nowAnas Nashif1-4/+3
2014-10-22remove patchesAnas Nashif7-1679/+6
2014-10-22enable md2Anas Nashif1-19/+2
2014-10-22add packagingAnas Nashif8-0/+2060
2014-10-22Imported Upstream version 1.0.1eRyan Ware3-5/+10
2014-10-20Prepare for 1.0.1j releaseupstream/1.0.1jsandbox/jkozerski/upstreamMatt Caswell4-6/+6
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-10-20Updates to NEWSMatt Caswell1-1/+4
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-10-20Add updates to CHANGES fileMatt Caswell1-0/+33
Reviewed-by: Bodo Möller <bodo@openssl.org>
2014-10-20Fix no-ssl3 configuration optionGeoff Thorpe2-11/+16
CVE-2014-3568 Reviewed-by: Emilia Kasper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-20Fix for session tickets memory leak.Dr. Stephen Henson1-0/+3
CVE-2014-3567 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 5dc6070a03779cd524f0e67f76c945cb0ac38320)
2014-10-20Fix SRTP compile issues for windowsMatt Caswell4-5/+14
Related to CVE-2014-3513 This fix was developed by the OpenSSL Team Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-20Fix for SRTP Memory LeakMatt Caswell2-66/+36
CVE-2014-3513 This issue was reported to OpenSSL on 26th September 2014, based on an origi issue and patch developed by the LibreSSL project. Further analysis of the i was performed by the OpenSSL team. The fix was developed by the OpenSSL team. Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-20Fix SSL_R naming inconsistency.Bodo Moeller1-1/+1
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-20aesni-x86_64.pl: make ECB subroutine Windows ABI compliant.Andy Polyakov1-25/+27
RT: 3553 Reviewed-by: Emilia Kasper <emilia@openssl.org> (cherry picked from commit 69d5747f90136aa026a96204f26ab39549dfc69b)
2014-10-20Add constant_time_locl.h to HEADERS,Tim Hudson1-1/+2
so the Win32 compile picks it up correctly. Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-10-20Add the constant time test to the VMS build and testsRichard Levitte2-2/+8
Reviewed-by: Tim Hudson <tjh@openssl.org> Conflicts: test/maketests.com test/tests.com
2014-10-20Include "constant_time_locl.h" rather than "../constant_time_locl.h".Richard Levitte3-3/+3
The different -I compiler parameters will take care of the rest... Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-20Spaces were added in some strings for better readability. However, those ↵Richard Levitte2-4/+4
spaces do not belong in file names, so when picking out the individual parts, remove the spaces Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-20Adjust VMS build to Unix build. Most of all, make it so the disabledRichard Levitte5-31/+47
algorithms MD2 and RC5 don't get built. Also, disable building the test apps in crypto/des and crypto/pkcs7, as they have no support at all. Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-20Make sure test/tests.com exit gracefully, even when openssl.exe wasn't ↵Richard Levitte1-0/+2
properly built. Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-20Update the VMS build according to the latest unixly build. Partly provided ↵Richard Levitte3-3/+10
by Zoltan Arpadffy <arpadffy@polarhome.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-20Make sure that disabling the MAYLOSEDATA3 warning is only done when the ↵Richard Levitte4-11/+59
compiler supports it. Otherwise, there are warnings about it lacking everywhere, which is quite tedious to read through while trying to check for other warnings. Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-20Support TLS_FALLBACK_SCSV.Bodo Moeller16-25/+140
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-20Preserve digests for SNI.Dr. Stephen Henson1-2/+13
SSL_set_SSL_CTX is normally called for SNI after ClientHello has received and the digest to use for each certificate has been decided. The original ssl->cert contains the negotiated digests and is now copied to the new ssl->cert. PR: 3560 Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-20Removed duplicate definition of PKCS7_type_is_encryptedMatt Caswell1-4/+0
Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also remove duplicate definition of PKCS7_type_is_digest. PR#3551 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit e0fdea3e49e7454aa76bd5ecf3a3747641354c68)
2014-10-20Add additional DigestInfo checks.Dr. Stephen Henson2-2/+29
Reencode DigestInto in DER and check against the original: this will reject any improperly encoded DigestInfo structures. Note: this is a precautionary measure, there is no known attack which can exploit this. Thanks to Brian Smith for reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-20Add missing testsEmilia Kasper1-5/+7
Accidentally omitted from commit 455b65dfab0de51c9f67b3c909311770f2b3f801 Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit fdc35a9d3e8cf4cfd9330d5df9883f42cf5648ad)
2014-10-20Use correct function name: CMS_add1_signer()Dr. Stephen Henson1-7/+7
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 5886354dcca4f8445ed35b6995a035b75409590c)
2014-10-20crypto/bn/bn_nist.c: work around MSC ARM compiler bug.Andy Polyakov1-3/+3
RT: 3541 Reviewed-by: Emilia Kasper <emilia@openssl.org> (cherry picked from commit 8b07c005fe006044d0e4a795421447deca3c9f2c)
2014-10-20RT3425: constant-time evp_encEmilia Kasper2-26/+32
Do the final padding check in EVP_DecryptFinal_ex in constant time to avoid a timing leak from padding failure. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e) Conflicts: crypto/evp/evp_enc.c (cherry picked from commit 738911cde68b2b3706e502cf8daf5b14738f2f42)
2014-10-20RT3067: simplify patchEmilia Kasper4-74/+97
(Original commit adb46dbc6dd7347750df2468c93e8c34bcb93a4b) Use the new constant-time methods consistently in s3_srvr.c Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 455b65dfab0de51c9f67b3c909311770f2b3f801)
2014-10-20This change alters the processing of invalid, RSA pre-master secrets soAdam Langley1-45/+89
that bad encryptions are treated like random session keys in constant time. (cherry picked from commit adb46dbc6dd7347750df2468c93e8c34bcb93a4b) Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-20RT3066: rewrite RSA padding checks to be slightly more constant time.Emilia Kasper8-116/+307
Also tweak s3_cbc.c to use new constant-time methods. Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1 This patch is based on the original RT submission by Adam Langley <agl@chromium.org>, as well as code from BoringSSL and OpenSSL. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Conflicts: crypto/rsa/rsa_oaep.c
2014-10-20Fixed error introduced in commit f2be92b94dad3c6cbdf79d99a324804094cf1617Tim Hudson1-3/+4
that fixed PR#3450 where an existing cast masked an issue when i was changed from int to long in that commit Picked up on z/linux (s390) where sizeof(int)!=sizeof(long) Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit b5ff559ff90124c6fd53bbb49dae5edb4e821e0a)
2014-10-20RT2560: missing NULL check in ocsp_req_find_signerRich Salz1-2/+5
If we don't find a signer in the internal list, then fall through and look at the internal list; don't just return NULL. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit b2aa38a980e9fbf158aafe487fb729c492b241fb)
2014-10-20RT3301: Discard too-long heartbeat requestsErik Auerswald1-0/+3
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit af4c6e348e4bad6303e7d214cdcf2536487aabe4)
2014-10-20psk_client_callback, 128-byte id bug.Adam Langley1-9/+20
Fix a bug in handling of 128 byte long PSK identity in psk_client_callback. OpenSSL supports PSK identities of up to (and including) 128 bytes in length. PSK identity is obtained via the psk_client_callback, implementors of which are expected to provide a NULL-terminated identity. However, the callback is invoked with only 128 bytes of storage thus making it impossible to return a 128 byte long identity and the required additional NULL byte. This CL fixes the issue by passing in a 129 byte long buffer into the psk_client_callback. As a safety precaution, this CL also zeroes out the buffer before passing it into the callback, uses strnlen for obtaining the length of the identity returned by the callback, and aborts the handshake if the identity (without the NULL terminator) is longer than 128 bytes. (Original patch amended to achieve strnlen in a different way.) Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit be0d851732bad7370640702bc9c4a33189ede287)
2014-10-20Ensure that x**0 mod 1 = 0.Adam Langley2-2/+52
(cherry picked from commit 2b0180c37fa6ffc48ee40caa831ca398b828e680) Reviewed-by: Ben Laurie <ben@openssl.org>
2014-10-20Followup on RT3334 fix: make sure that a directory that's the emptyRichard Levitte2-1/+12
string returns 0 with errno = ENOENT. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 360928b7d0f16dde70e26841bbf9e1af727e8b8f)
2014-10-20RT3334: Fix crypto/LPdir_win.cPhil Mesnier1-7/+35
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 6a14fe7576e7a14a46ba14df8be8fe478536b4fb)
2014-10-20Make the inline const-time functions static.Emilia Kasper1-16/+16
"inline" without static is not correct as the compiler may choose to ignore it and will then either emit an external definition, or expect one. Reviewed-by: Geoff Thorpe <geoff@openssl.org> (cherry picked from commit 86f50b36e63275a916b147f9d8764e3c0c060fdb)
2014-10-20md5-x86_64.pl: work around warning.Andy Polyakov1-1/+1
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4d86e8df6be69ed13abb73fd564f1f894eea0a98)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 12:28:07 +0000