Skip to content
  1. Apr 28, 2015
  2. Apr 27, 2015
  3. Apr 26, 2015
  4. Apr 25, 2015
  5. Apr 24, 2015
    • Rich Salz's avatar
      Big apps cleanup (option-parsing, etc) · 7e1b7485
      Rich Salz authored
      This is merges the old "rsalz-monolith" branch over to master.  The biggest
      change is that option parsing switch from cascasding 'else if strcmp("-foo")'
      to a utility routine and somethin akin to getopt.  Also, an error in the
      command line no longer prints the full summary; use -help (or --help :)
      for that.  There have been many other changes and code-cleanup, see
      bullet list below.
      
      Special thanks to Matt for the long and detailed code review.
      
      TEMPORARY:
              For now, comment out CRYPTO_mem_leaks() at end of main
      
      Tickets closed:
              RT3515: Use 3DES in pkcs12 if built with no-rc2
              RT1766: s_client -reconnect and -starttls broke
              RT2932: Catch write errors
              RT2604: port should be 'unsigned short'
              RT2983: total_bytes undeclared #ifdef RENEG
              RT1523: Add -nocert to fix output in x509 app
              RT3508: Remove unused variable introduced by b09eb246
      
      
              RT3511: doc fix; req default serial is random
              RT1325,2973: Add more extensions to c_rehash
              RT2119,3407: Updated to dgst.pod
              RT2379: Additional typo fix
              RT2693: Extra include of string.h
              RT2880: HFS is case-insensitive filenames
              RT3246: req command prints version number wrong
      
      Other changes; incompatibilities marked with *:
              Add SCSV support
              Add -misalign to speed command
              Make dhparam, dsaparam, ecparam, x509 output C in proper style
              Make some internal ocsp.c functions void
              Only display cert usages with -help in verify
              Use global bio_err, remove "BIO*err" parameter from functions
              For filenames, - always means stdin (or stdout as appropriate)
              Add aliases for -des/aes "wrap" ciphers.
              *Remove support for IISSGC (server gated crypto)
              *The undocumented OCSP -header flag is now "-header name=value"
              *Documented the OCSP -header flag
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      7e1b7485
    • Emilia Kasper's avatar
      Fix error checking and memory leaks in NISTZ256 precomputation. · 53dd4ddf
      Emilia Kasper authored
      
      
      Thanks to Brian Smith for reporting these issues.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      53dd4ddf
    • Emilia Kasper's avatar
      Correctly set Z_is_one on the return value in the NISTZ256 implementation. · c028254b
      Emilia Kasper authored
      
      
      Also add a few comments about constant-timeness.
      
      Thanks to Brian Smith for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      c028254b
  6. Apr 22, 2015
    • Loganaden Velvindron's avatar
      Fix CRYPTO_strdup · 8031d26b
      Loganaden Velvindron authored
      
      
      The function CRYPTO_strdup (aka OPENSSL_strdup) fails to check the return
      value from CRYPTO_malloc to see if it is NULL before attempting to use it.
      This patch adds a NULL check.
      
      RT3786
      
      Signed-off-by: default avatarMatt Caswell <matt@openssl.org>
      (cherry picked from commit 37b0cf936744d9edb99b5dd82cae78a7eac6ad60)
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 20d21389c8b6f5b754573ffb6a4dc4f3986f2ca4)
      8031d26b
    • Dr. Stephen Henson's avatar
      SSL_CIPHER lookup functions. · 98c9ce2f
      Dr. Stephen Henson authored
      
      
      Add tables to convert between SSL_CIPHER fields and indices for ciphers
      and MACs.
      
      Reorganise ssl_ciph.c to use tables to lookup values and load them.
      
      New functions SSL_CIPHER_get_cipher_nid and SSL_CIPHER_get_digest_nid.
      
      Add documentation.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      98c9ce2f
  7. Apr 21, 2015
  8. Apr 20, 2015