summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2015-03-19Prepare for 0.9.8zg-devMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19Prepare for 0.9.8zf releaseOpenSSL_0_9_8zfMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19make updateMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19Fix unsigned/signed warningsMatt Caswell
Fix some unsigned/signed warnings introduced as part of the fix for CVE-2015-0293 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19Fix a failure to NULL a pointer freed on error.Matt Caswell
Reported by the LibreSSL project as a follow on to CVE-2015-0209 Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19VMS build fixRichard Levitte
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-19Update NEWS fileMatt Caswell
Update the NEWS file with the latest entries from CHANGES ready for the release. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19Update CHANGES for releaseMatt Caswell
Update CHANGES fiel with all the latest fixes ready for the release. Conflicts: CHANGES Conflicts: CHANGES Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19Fix reachable assert in SSLv2 servers.Emilia Kasper
This assert is reachable for servers that support SSLv2 and export ciphers. Therefore, such servers can be DoSed by sending a specially crafted SSLv2 CLIENT-MASTER-KEY. Also fix s2_srvr.c to error out early if the key lengths are malformed. These lengths are sent unencrypted, so this does not introduce an oracle. CVE-2015-0293 This issue was discovered by Sean Burford (Google) and Emilia Käsper of the OpenSSL development team. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-19PKCS#7: avoid NULL pointer dereferences with missing contentEmilia Kasper
In PKCS#7, the ASN.1 content component is optional. This typically applies to inner content (detached signatures), however we must also handle unexpected missing outer content correctly. This patch only addresses functions reachable from parsing, decryption and verification, and functions otherwise associated with reading potentially untrusted data. Correcting all low-level API calls requires further work. CVE-2015-0289 Thanks to Michal Zalewski (Google) for reporting this issue. Reviewed-by: Steve Henson <steve@openssl.org> Conflicts: crypto/pkcs7/pk7_doit.c
2015-03-19Fix ASN1_TYPE_cmpDr. Stephen Henson
Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. CVE-2015-0286 Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-18Free up ADB and CHOICE if already initialised.Dr. Stephen Henson
CVE-2015-0287 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-14Tolerate test_sqr errors for FIPS builds.Dr. Stephen Henson
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-14Disable export and SSLv2 ciphers by defaultKurt Roeckx
They are moved to the COMPLEMENTOFDEFAULT instead. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-03-11Cleanse buffersMatt Caswell
Cleanse various intermediate buffers used by the PRF (backported version from master). Conflicts: ssl/s3_enc.c Conflicts: ssl/t1_enc.c Conflicts: ssl/t1_enc.c Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-08Fix warnings.Dr. Stephen Henson
Fix compiler warnings (similar to commit 25012d5e79) Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-06Update mkerr.pl for new formatMatt Caswell
Make the output from mkerr.pl consistent with the newly reformatted code. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-02Check public key is not NULL.Dr. Stephen Henson
CVE-2015-0288 PR#3708 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9)
2015-03-02Fix format script.Dr. Stephen Henson
The format script didn't correctly recognise some ASN.1 macros and didn't reformat some files as a result. Fix script and reformat affected files. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a) Conflicts: crypto/asn1/x_long.c
2015-02-25Fix a failure to NULL a pointer freed on error.Matt Caswell
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org> CVE-2015-0209 Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-09Bring objects.pl output even closer to new format.Andy Polyakov
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 849037169d98d070c27d094ac341fc6aca1ed2ca)
2015-02-09Harmonize objects.pl output with new format.Andy Polyakov
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 7ce38623194f6df6a846cd01753b63f361c88e57)
2015-02-06Fix error handling in ssltestMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit ae632974f905c59176fa5f312826f8f692890b67)
2015-02-05Fixed bad formatting in crypto/des/spr.hRich Salz
Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 7e35f06ea908e47f87b723b5e951ffc55463eb8b)
2015-02-03Check PKCS#8 pkey field is valid before cleansing.Dr. Stephen Henson
PR:3683 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 52e028b9de371da62c1e51b46592517b1068d770)
2015-01-22Fix for reformat problems with e_padlock.cMatt Caswell
Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit d3b7cac41b957704932a0cdbc74d4d48ed507cd0)
2015-01-22Fix formatting error in pem.hMatt Caswell
Reviewed-by: Andy Polyakov <appro@openssl.org> Conflicts: crypto/pem/pem.h Conflicts: crypto/pem/pem.h
2015-01-22Re-align some comments after running the reformat script.OpenSSL_0_9_8-post-reformatMatt Caswell
This should be a one off operation (subsequent invokation of the script should not move them) This commit is for the 0.9.8 changes Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Rerun util/openssl-format-source -v -c .OpenSSL_0_9_8-post-auto-reformatMatt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22More comment changes required for indentOpenSSL_0_9_8-pre-auto-reformatMatt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Yet more changes to commentsMatt Caswell
Conflicts: ssl/t1_enc.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22More tweaks for comments due indent issuesMatt Caswell
Conflicts: ssl/ssl_ciph.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Backport hw_ibmca.c from master due to failed mergeMatt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Tweaks for comments due to indent's inability to handle themMatt Caswell
Conflicts: ssl/s3_srvr.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Move more comments that confuse indentMatt Caswell
Conflicts: crypto/dsa/dsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl_locl.h Conflicts: crypto/bn/rsaz_exp.c crypto/evp/e_aes_cbc_hmac_sha1.c crypto/evp/e_aes_cbc_hmac_sha256.c ssl/ssl_locl.h Conflicts: crypto/ec/ec2_oct.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ecp_nistputil.c crypto/ec/ecp_oct.c crypto/modes/gcm128.c ssl/ssl_locl.h Conflicts: apps/apps.c crypto/crypto.h crypto/rand/md_rand.c ssl/d1_pkt.c ssl/ssl.h ssl/ssl_locl.h ssl/ssltest.c ssl/t1_enc.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Delete trailing whitespace from output.Dr. Stephen Henson
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Add -d debug option to save preprocessed files.Dr. Stephen Henson
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Test option -ncDr. Stephen Henson
Add option -nc which sets COMMENTS=true but disables all indent comment reformatting options. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Add ecp_nistz256.c to list of files skipped by openssl-format-sourceMatt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Manually reformat aes_x86core.c and add it to the list of files skipped byMatt Caswell
openssl-format-source Conflicts: crypto/aes/aes_x86core.c Conflicts: crypto/aes/aes_x86core.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Fix indent comment corruption issueMatt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Amend openssl-format-source so that it give more repeatable outputMatt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22bn/bn_const.c: make it indent-friendly.Andy Polyakov
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22bn/asm/x86_64-gcc.cL make it indent-friendly.Andy Polyakov
Conflicts: crypto/bn/asm/x86_64-gcc.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22bn/bn_asm.c: make it indent-friendly.Andy Polyakov
Conflicts: crypto/bn/bn_asm.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22bn/bn_exp.c: make it indent-friendly.Andy Polyakov
Conflicts: crypto/bn/bn_exp.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Manually reformat aes_core.cMatt Caswell
Add aes_core.c to the list of files not processed by openssl-format-source Conflicts: crypto/aes/aes_core.c Conflicts: crypto/aes/aes_core.c Conflicts: crypto/aes/aes_core.c Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Add obj_dat.h to the list of files that will not be processed byMatt Caswell
openssl-format-source Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Fix strange formatting by indentMatt Caswell
Conflicts: crypto/hmac/hmac.h Conflicts: crypto/evp/e_aes_cbc_hmac_sha256.c Conflicts: crypto/ec/ecp_nistp224.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ectest.c Conflicts: crypto/asn1/asn1_par.c crypto/evp/e_des3.c crypto/hmac/hmac.h crypto/sparcv9cap.c engines/ccgost/gost94_keyx.c ssl/t1_enc.c Reviewed-by: Tim Hudson <tjh@openssl.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-15 00:41:45 +0000