Skip to content
  1. Apr 29, 2015
  3. Apr 28, 2015
  5. Apr 27, 2015
  7. Apr 26, 2015
  9. Apr 25, 2015
  11. Apr 24, 2015
    • Rich Salz's avatar
      Big apps cleanup (option-parsing, etc) · 7e1b7485
      Rich Salz authored 
      This is merges the old "rsalz-monolith" branch over to master.  The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt.  Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that.  There have been many other changes and code-cleanup, see
bullet list below.

Special thanks to Matt for the long and detailed code review.

TEMPORARY:
        For now, comment out CRYPTO_mem_leaks() at end of main

Tickets closed:
        RT3515: Use 3DES in pkcs12 if built with no-rc2
        RT1766: s_client -reconnect and -starttls broke
        RT2932: Catch write errors
        RT2604: port should be 'unsigned short'
        RT2983: total_bytes undeclared #ifdef RENEG
        RT1523: Add -nocert to fix output in x509 app
        RT3508: Remove unused variable introduced by b09eb246


        RT3511: doc fix; req default serial is random
        RT1325,2973: Add more extensions to c_rehash
        RT2119,3407: Updated to dgst.pod
        RT2379: Additional typo fix
        RT2693: Extra include of string.h
        RT2880: HFS is case-insensitive filenames
        RT3246: req command prints version number wrong

Other changes; incompatibilities marked with *:
        Add SCSV support
        Add -misalign to speed command
        Make dhparam, dsaparam, ecparam, x509 output C in proper style
        Make some internal ocsp.c functions void
        Only display cert usages with -help in verify
        Use global bio_err, remove "BIO*err" parameter from functions
        For filenames, - always means stdin (or stdout as appropriate)
        Add aliases for -des/aes "wrap" ciphers.
        *Remove support for IISSGC (server gated crypto)
        *The undocumented OCSP -header flag is now "-header name=value"
        *Documented the OCSP -header flag

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      7e1b7485
    • Emilia Kasper's avatar
      Fix error checking and memory leaks in NISTZ256 precomputation. · 53dd4ddf
      Emilia Kasper authored 
      

Thanks to Brian Smith for reporting these issues.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      53dd4ddf
    • Emilia Kasper's avatar
      Correctly set Z_is_one on the return value in the NISTZ256 implementation. · c028254b
      Emilia Kasper authored 
      

Also add a few comments about constant-timeness.

Thanks to Brian Smith for reporting this issue.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      c028254b
  13. Apr 22, 2015
    • Loganaden Velvindron's avatar
      Fix CRYPTO_strdup · 8031d26b
      Loganaden Velvindron authored 
      

The function CRYPTO_strdup (aka OPENSSL_strdup) fails to check the return
value from CRYPTO_malloc to see if it is NULL before attempting to use it.
This patch adds a NULL check.

RT3786

Signed-off-by: default avatarMatt Caswell <matt@openssl.org>
(cherry picked from commit 37b0cf936744d9edb99b5dd82cae78a7eac6ad60)

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(cherry picked from commit 20d21389c8b6f5b754573ffb6a4dc4f3986f2ca4)
      8031d26b
    • Dr. Stephen Henson's avatar
      SSL_CIPHER lookup functions. · 98c9ce2f
      Dr. Stephen Henson authored 
      

Add tables to convert between SSL_CIPHER fields and indices for ciphers
and MACs.

Reorganise ssl_ciph.c to use tables to lookup values and load them.

New functions SSL_CIPHER_get_cipher_nid and SSL_CIPHER_get_digest_nid.

Add documentation.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      98c9ce2f
  15. Apr 21, 2015