Commits · 156561b0ade98b22df0e3ebc63682e54129c2cb4 · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Sep 29, 2015

Fix pedantic warnings in mingw builds. · 156561b0
Andy Polyakov authored Sep 28, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
156561b0

Fix prototypes in e_ossttest.c. · 16a9542a

Andy Polyakov authored Sep 28, 2015



Problem was exposed in mingw64 build, or in other words on P64 platform.

Reviewed-by: Rich Salz <rsalz@openssl.org>

16a9542a

asn1t.h: silence -Wmissing-prototype in Windows builds. · 03cbd3b8

Andy Polyakov authored Sep 28, 2015



On Windows OPENSSL_EXPORT_VAR_AS_FUNCTION is defined and in a sense
this modification simply harmonizes it with "VAR_AS_VAR".

Reviewed-by: Rich Salz <rsalz@openssl.org>

03cbd3b8

Rationalize .gitignore and harmonize pair of Makefiles. · 8be7438f
Andy Polyakov authored Sep 28, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
8be7438f
RT3948: Some structs have confusing names. · ef853206
Nicholas Cooper authored Sep 28, 2015
```
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
ef853206

Sep 28, 2015

Print debug info for extended master secret extension · fecd04e9
Alessandro Ghedini authored Sep 17, 2015
```
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
fecd04e9

RT4053: Typo in error message · 5573ee36

Michal Bozon authored Sep 28, 2015



Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

5573ee36

Remove obsolete b64 demo's · 85a7007c
Rich Salz authored Sep 25, 2015
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
85a7007c
PACKET: simplify ServerHello parsing · fc5ce51d
Emilia Kasper authored Sep 18, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
fc5ce51d
Empty NewSessionTicket: test session resumption · cf7f8592
Emilia Kasper authored Sep 16, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
cf7f8592
Empty session ticket: add a test · 7f6d90ac
Emilia Kasper authored Sep 15, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
7f6d90ac

RT2772: accept empty SessionTicket · e711da71

Emilia Kasper authored Sep 10, 2015



RFC 5077 section 3.3 says:
If the server determines that it does not want to include a
ticket after it has included the SessionTicket extension in the
ServerHello, then it sends a zero-length ticket in the
NewSessionTicket handshake message.

Previously the client would fail upon attempting to allocate a
zero-length buffer. Now, we have the client ignore the empty ticket and
keep the existing session.

Reviewed-by: Matt Caswell <matt@openssl.org>

e711da71

Update year in Windows builds. · 51cbee35
Andy Polyakov authored Sep 27, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
51cbee35
Harmonize util/mkrc.pl with header move. · 0589680e
Andy Polyakov authored Sep 26, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
0589680e
SRP memory leak fix · d40a1f72
Dr. Stephen Henson authored Sep 20, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
d40a1f72
Silence Wconditional-uninitialized · 3a796184
Emilia Kasper authored Sep 23, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
3a796184

Fixing typo in PROBLEMS · 8f4e661f

Jack Danger Canty authored Sep 23, 2015



Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>

8f4e661f

Sep 26, 2015

Skylake performance results. · b7f5503f
Andy Polyakov authored Sep 25, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
b7f5503f

GH408 follow-on: update buflen · c9c84a13

Alessandro Ghedini authored Sep 25, 2015

Some builds break, as documented in:
  https://github.com/openssl/openssl/pull/408#issuecomment-142971427


This fixes it.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>

c9c84a13

Sep 25, 2015

Fix typo in previous commit. · 5db6336d
Rich Salz authored Sep 25, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
5db6336d
Change --debug to -d for compat with old releases. · 1d4ddb4e
Rich Salz authored Sep 25, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
1d4ddb4e
Remove obsolete OCSP demo · 0c71c88b
Rich Salz authored Sep 25, 2015
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
0c71c88b

Change ossltest engine to manually allocate cipher_data · 51a60817

Matt Caswell authored Sep 22, 2015



The ossltest engine wraps the built-in implementation of aes128-cbc.
Normally in an engine the cipher_data structure is automatically allocated
by the EVP layer. However this relies on the engine specifying up front
the size of that cipher_data structure. In the case of ossltest this value
isn't available at compile time. This change makes the ossltest engine
allocate its own cipher_data structure instead of leaving it to the EVP
layer.

Reviewed-by: Andy Polyakov <appro@openssl.org>

51a60817

Properly format linux-arm64ilp32 target config · a2c1dedc

Alessandro Ghedini authored Sep 25, 2015

Otherwise the ./config script fails with errors like:

> Operating system: x86_64-whatever-linux2
> This system (linux-x86_64) is not supported. See file INSTALL for details.

The failure was introduced by a93d3e06

.

RT#4062

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

a2c1dedc

Fix the OCSP test on Windows · 349b3107

Matt Caswell authored Sep 22, 2015



The windows test uses the pseudo file "nul" to indicate no file for the
-CApath option. This does not work on all versions of Windows. Instead use
the new -no-CApath option.

Reviewed-by: Andy Polyakov <appro@openssl.org>

349b3107

Document -no-CApath and -no-CAfile · 40e2d76b

Matt Caswell authored Sep 22, 2015



Add documentation to all the appropriate apps for the new -no-CApath and
-no-CAfile options.

Reviewed-by: Andy Polyakov <appro@openssl.org>

40e2d76b

Add support for -no-CApath and -no-CAfile options · 2b6bcb70

Matt Caswell authored Sep 22, 2015



For those command line options that take the verification options
-CApath and -CAfile, if those options are absent then the default path or
file is used instead. It is not currently possible to specify *no* path or
file at all. This change adds the options -no-CApath and -no-CAfile to
specify that the default locations should not be used to all relevant
applications.

Reviewed-by: Andy Polyakov <appro@openssl.org>

2b6bcb70

Document the default CA path functions · 631fb6af
Matt Caswell authored Sep 22, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
631fb6af

Add ability to set default CA path and file locations individually · d84a7b20

Matt Caswell authored Sep 22, 2015



Previously you could only set both the default path and file locations
together. This adds the ability to set one without the other.

Reviewed-by: Andy Polyakov <appro@openssl.org>

d84a7b20

Configurations: add linux-arm64ilp32 target. · a93d3e06
Andy Polyakov authored Sep 23, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
a93d3e06
Allow ILP32 compilation in AArch64 assembly pack. · 5e5ece56
Andy Polyakov authored Sep 21, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
5e5ece56

ARMv4 assembly pack: implement support for Thumb2. · 11208dcf

Andy Polyakov authored Sep 23, 2015



As some of ARM processors, more specifically Cortex-Mx series, are
Thumb2-only, we need to support Thumb2-only builds even in assembly.

Reviewed-by: Tim Hudson <tjh@openssl.org>

11208dcf

Sep 24, 2015
- fix compilation on Solaris · e7a68985
  Vladimir Kotal authored Sep 21, 2015
```
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  e7a68985
- Restore the old interactive prompt. · 1c9c2435
  Rich Salz authored Sep 07, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  1c9c2435
Sep 23, 2015

Sanity check cookie_len · 373dc6e1

Matt Caswell authored Sep 23, 2015



Add a sanity check that the cookie_len returned by app_gen_cookie_cb is
valid.

Reviewed-by: Andy Polyakov <appro@openssl.org>

373dc6e1

Clarify DTLSv1_listen documentation · 468f043e

Matt Caswell authored Sep 23, 2015



Clarify that user code is required to allocate sufficient space for the
addressing scheme in use in the call to DTLSv1_listen.

Reviewed-by: Andy Polyakov <appro@openssl.org>

468f043e

Fix s_server DTLSv1_listen issues · d8249e99

Matt Caswell authored Sep 23, 2015



Use sockaddr_storage not sockaddr for the client IP address to allow for
IPv6.
Also fixed a section of code which was conditional on OPENSSL_NO_DTLS1
which should not have been.

Reviewed-by: Andy Polyakov <appro@openssl.org>

d8249e99

Add DTLSv1_listen documentation · ca7256fb

Matt Caswell authored Apr 10, 2015



Adds a new man page to cover the DTLSv1_listen() function.

Reviewed-by: Andy Polyakov <appro@openssl.org>

ca7256fb

Add -listen documentation · 35d15a39

Matt Caswell authored Apr 10, 2015



This commit adds documentation for the new -listen option to s_server. Along
the way it also adds documentation for -dtls, -dtls1 and -dtls1_2 which was
missing.

Reviewed-by: Andy Polyakov <appro@openssl.org>

35d15a39

Add support for DTLSv1_listen in s_server · fd4e98ec

Matt Caswell authored Apr 09, 2015



DTLSv1_listen is a commonly used function within DTLS solutions for
listening for new incoming connections. This commit adds support to s_server
for using it.

Reviewed-by: Andy Polyakov <appro@openssl.org>

fd4e98ec