Commits · 0ae9e2926654657862e104a111a4e3028b0be8f6 · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Feb 05, 2016

GH628: Add -help to all apps docs. · 0ae9e292

Rich Salz authored Feb 05, 2016



Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

0ae9e292

Ensure correct chain depth for policy checks with DANE bare key TA · 3921ded7
Viktor Dukhovni authored Jan 31, 2016
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
3921ded7

Long overdue cleanup of X509 policy tree verification · 895c2f84

Viktor Dukhovni authored Jan 31, 2016



Replace all magic numbers with #defined constants except in boolean
functions that return 0 for failure and 1 for success.  Avoid a
couple memory leaks in error recovery code paths.  Code style
improvements.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

895c2f84

Various RT doc fixes · a0474357

Rich Salz authored Feb 01, 2016



RT1556: doc/crypto/threads.pod
RT2024: Missing pages mentioned in crypto.pod
RT2890: Wrong size in ERR_string_error description.
RT3461: Better description of PEM Encryption
        (Jeffrey Walton <noloader@gmail.com>)
        Also, fix up formatting and removed some code examples
        that encourage unsafe patterns, like unencrypted private
        keys (Rich Salz)
RT4240: Document some speed flags (Tomas Mraz <tmraz@redhat.com>)
RT4260: Fix return value doc for X509_REQ_sign and X509_sign
        (Laetitia Baudoin <lbaudoin@google.com>)

Reviewed-by: Emilia Käsper <emilia@openssl.org>

a0474357

enable leak checking for danetest · e51511ce
Dr. Stephen Henson authored Feb 05, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
e51511ce
Fix return code in CRYPTO_mem_leaks_fp() · c26e5369
Dr. Stephen Henson authored Feb 05, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
c26e5369
If memory debugging enabled return error on leaks. · 541e9565
Dr. Stephen Henson authored Jan 14, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
541e9565
Restore -no_comp switch for backwards compatible behaviour · cc5a9ba4
Viktor Dukhovni authored Feb 03, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
cc5a9ba4

VMS lacks socklen_t, give it one · 424d5db2

Richard Levitte authored Feb 05, 2016



Fortunately, we only use socklen_t internally

Reviewed-by: Rich Salz <rsalz@openssl.org>

424d5db2

Initialize variable · 8a41fa6f
Richard Levitte authored Feb 05, 2016
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
8a41fa6f

Don't export local symbols on Solaris · 2baf8033

Matt Caswell authored Dec 16, 2015



Following on from earlier commits to prevent local symbols from being
exported in the shared libraries on Linux, this makes the equivalent changes
for Solaris.

Reviewed-by: Richard Levitte <levitte@openssl.org>

2baf8033

make update · 141c6095
Dr. Stephen Henson authored Feb 04, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
141c6095

Add EC_KEY_priv2buf() · 7fc7d1a7

Dr. Stephen Henson authored Feb 04, 2016

Add new function EC_KEY_priv2buf() to allocated and encode private
key octet in one call. Update and simplify ASN.1 and print routines.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

7fc7d1a7

Allocate ASN1_bn_print buffer internally. · ac3e3665

Dr. Stephen Henson authored Feb 04, 2016



Don't require an application to work out the appropriate buffer size for
ASN1_bn_print(), which is unsafe. Ignore the supplied buffer and allocate
it internally instead.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

ac3e3665

Use BN_bn2binpad · 907e9500
Dr. Stephen Henson authored Feb 03, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
907e9500
use enum type for do_EC_KEY_print · d6755bb6
Dr. Stephen Henson authored Feb 03, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
d6755bb6

update EC ASN1 and print routines · d810700b

Dr. Stephen Henson authored Feb 01, 2016



Update EC ASN.1 and print routines to use EC_KEY_oct2priv and
EC_KEY_priv2oct.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

d810700b

Add EC_KEY_oct2priv and EC_KEY_priv2oct · cf241395

Dr. Stephen Henson authored Feb 01, 2016



New functions EC_KEY_oct2priv and EC_KEY_priv2oct. These are private key
equivalents of EC_POINT_oct2point and EC_POINT_point2oct which convert
between the private key octet format and EC_KEY.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

cf241395

Add ASN1_buf_print to print a buffer in ASN1_bn_print format. · 26c255fc
Dr. Stephen Henson authored Jan 27, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
26c255fc

Feb 04, 2016

Don't use RDRAND if told not to · d698550f

Matt Caswell authored Feb 04, 2016



Ensure we respect OPENSSL_NO_RDRAND

Reviewed-by: Rich Salz <rsalz@openssl.org>

d698550f

Initialise with -1 rather than 1 · c4cbf9b3
Richard Levitte authored Feb 05, 2016
```
A small typo crept in.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
```
c4cbf9b3
Add new DTLS-SRTP protection profiles from RFC 7714 · 43e5faa2
Dmitry Sobinov authored Jan 02, 2016
```
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
```
43e5faa2

Add checks for IPv4 and IPv6 in OpenSSL::Test::Utils and use them · b7be6d22

Richard Levitte authored Feb 04, 2016



This uilds on the same way of checking for availability as we do in
TLSProxy.  We use all IP factories we know of, starting with those who
know both IPv6 and IPv4 and ending with the one that only knows IPv4
and cache their possible success as foundation for checking the
available of each IP domain.

80-test_ssl.t has bigger chances of working on platforms that do not
run both IP domains.

Reviewed-by: Rich Salz <rsalz@openssl.org>

b7be6d22

Update crypto/bio/build.info · b8c84b28
Richard Levitte authored Feb 04, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
b8c84b28
Fix pkeyutl inability to directly access keys on hardware tokens · 9880236e
Mouse authored Jan 13, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
9880236e

Change the transfer perl module so the real module gets properly registered · 1cc98f75

Richard Levitte authored Feb 04, 2016



This is an important move if scripts want to refer to the loaded
module without having perl think it needs to be loaded (again).

Reviewed-by: Rich Salz <rsalz@openssl.org>

1cc98f75

Add option to disable async · 52739e40

Todd Short authored Feb 04, 2016



Add no-async option to Configure that forces ASYNC_NULL.
Related to RT1979
An embedded system or replacement C library (e.g. musl or uClibc)
may not support the *context APIs that are needed for async operation.

Compiles with musl. Ran unit tests, async tests skipped as expected.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

52739e40

Make sure getaddrinfo and getnameinfo works as intended on Windows · ed03c461

Richard Levitte authored Feb 04, 2016



Both getaddrinfo() and getnameinfo() have to be preceeded with a call
to BIO_sock_init().

Also, make sure to give gai_strerror() the actual error code.

Reviewed-by: Stephen Henson <steve@openssl.org>

ed03c461

If egd is disabled by default, it should be possible to enable · b31feae6
Richard Levitte authored Feb 03, 2016
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
b31feae6
Add ec -check option · 7565cbc4
Dr. Stephen Henson authored Feb 04, 2016
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
7565cbc4

Fix potential buffer overrun · 947f9da1

Dmitry-Me authored Feb 04, 2016



Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>

947f9da1

Use WSAGetLastError() on windows · c86d1f19

Kurt Roeckx authored Feb 04, 2016



Windows doesn't have h_error or hstrerror()

Reviewed-by: Richard Levitte <levitte@openssl.org>

MR: #1848

c86d1f19

Restore xmm7 from the correct address on win64 · df057ea6
Kurt Roeckx authored Feb 03, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>

RT: #4288, MR: #1831
```
df057ea6
update OID tables · da15ce22
Dr. Stephen Henson authored Feb 04, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
da15ce22
Add Curve OIDs from draft-josefsson-pkix-newcurves · d8489448
Dr. Stephen Henson authored Feb 03, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
d8489448
RT2887: Add more packet and handshake types · 7429b398
Daniel Black authored Feb 03, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
7429b398

Fix BN_gcd errors for some curves · 3a6a4a93

Billy Brumley authored Jan 20, 2016



Those even order that do not play nicely with Montgomery arithmetic

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

3a6a4a93

RT3095: allow NULL key for single-shot HMAC · b1413d9b

Emilia Kasper authored Sep 10, 2015



In HMAC_Init_ex, NULL key signals reuse, but in single-shot HMAC,
we can allow it to signal an empty key for convenience.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

b1413d9b

bio_err.c: remove a reappeared filename comment · bdb7a621

Viktor Szakats authored Feb 04, 2016


Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

bdb7a621

Make fallback addresses static so that we can initialize it · 37e3daf4
Kurt Roeckx authored Feb 04, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>

MR: #1841
```
37e3daf4