Commits · 05c3234ddfb41f4fdaae1162de3b825d741da828 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Feb 06, 2015

ui_compat cleanup; makefiles and vms · 05c3234d

Rich Salz authored Feb 06, 2015



Remove ui_compat.h from Makefile dependencies
And from two VMS build/install scripts.

Reviewed-by: Matt Caswell <matt@openssl.org>

05c3234d

Remove ui_compat · 7cd6069c

Rich Salz authored Feb 06, 2015



This is the last of the old DES API.

Reviewed-by: Richard Levitte <levitte@openssl.org>

7cd6069c

Remove X509_PAIR · fbf08b79

Rich Salz authored Feb 06, 2015



Unused type; a pair X509 certificates. Intended for LDAP support.

Reviewed-by: Richard Levitte <levitte@openssl.org>

fbf08b79

Live code cleanup: remove #if 1 stuff · 6f91b017

Rich Salz authored Feb 06, 2015



For code bracketed by "#if 1" then remove the alternate
"#else .. #endif" lines.

Reviewed-by: Andy Polyakov <appro@openssl.org>

6f91b017

dead code cleanup: #if 0 in ssl · 9e9858d1

Rich Salz authored Feb 06, 2015



I left many "#if 0" lines, usually because I thought we would
probably want to revisit them later, or because they provided
some useful internal documentation tips.

Reviewed-by: Andy Polyakov <appro@openssl.org>

9e9858d1

util/mkstack.pl now generates entire safestack.h · 5b18d302

Rich Salz authored Feb 06, 2015



The mkstack.pl script now generates the entire safestack.h file.
It generates output that follows the coding style.
Also, removed all instances of the obsolete IMPLEMENT_STACK_OF
macro.

Reviewed-by: Andy Polyakov <appro@openssl.org>

5b18d302

Have mkdef.pl ignore APPLINK settings. · 1a53f1d6
Rich Salz authored Feb 06, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
1a53f1d6

Remove OPENSSL_NO_HMAC · a283d2a8

Dr. Stephen Henson authored Feb 06, 2015



Disabling HMAC doesn't work. If it did it would end up disabling a lot of
OpenSSL functionality (it is required for all versions of TLS for example).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

a283d2a8

Remove support for SSL_OP_NETSCAPE_CA_DN_BUG. · 3c33c6f6

Matt Caswell authored Feb 05, 2015



This is an ancient bug workaround for Netscape clients. The documentation
talks about versions 3.x and 4.x beta.

Reviewed-by: Tim Hudson <tjh@openssl.org>

3c33c6f6

Fix error handling in ssltest · ae632974
Matt Caswell authored Feb 05, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
ae632974

Feb 05, 2015

Use memset in bn_mont · fe6d2a33

Rich Salz authored Feb 05, 2015



Use memset() not inline code.  Compilers are smarter now.

Reviewed-by: Richard Levitte <levitte@openssl.org>

fe6d2a33

Live code cleanup; #if 1 removal · 8dd94afb

Rich Salz authored Feb 05, 2015



A few minor cleanups to remove pre-processor "#if 1" stuff.

Reviewed-by: Richard Levitte <levitte@openssl.org>

8dd94afb

Fixed bad formatting in crypto/des/spr.h · 7e35f06e
Rich Salz authored Feb 05, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
7e35f06e

Feb 04, 2015

Fix various build breaks · 1f7103b6

Rich Salz authored Feb 04, 2015



TABLE wasn't updated from a previous Configure change
Missed an RMD160/RIPE/RIPEMD unification in mkdef.pl
Makefile install_sw referenced file doc/openssl-shared.txt (RT3686)
Needed to run 'make update' because
        - Various old code has been removed
        - Varous old #ifdef tests were removed

Reviewed-by: Richard Levitte <levitte@openssl.org>

1f7103b6

fix windows build · a479d72d
Dr. Stephen Henson authored Feb 04, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
a479d72d

Updates to reformat script. · f0983d39

Dr. Stephen Henson authored Feb 01, 2015



Don't change files if they're unmodified.

Indicate which files have changed and a summary.
Reviewed-by: Rich Salz <rsalz@openssl.org>

f0983d39

More unused FIPS module code. · 5496cd3e

Dr. Stephen Henson authored Feb 03, 2015



Remove fips_algvs.c

Remove unused fips module build code from Configure and Makefile.org
Reviewed-by: Tim Hudson <tjh@openssl.org>

5496cd3e

Make objxref.pl output in correct format · 6922ddee
Dr. Stephen Henson authored Feb 04, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
6922ddee

Feb 03, 2015

Preliminary ASN1_TIME documentation. · a724e79e
Dr. Stephen Henson authored Feb 03, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
a724e79e
Remove unused variables. · 3d47c1d3
Dr. Stephen Henson authored Feb 03, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
3d47c1d3

Dead code: crypto/dh,modes,pkcs12,ripemd,rsa,srp · dfb56425

Rich Salz authored Feb 03, 2015



And an uncompiled C++ test file.
Also remove srp_lcl.h, with help from Richard.

Reviewed-by: Richard Levitte <levitte@openssl.org>

dfb56425

Add SSL_get_extms_support documentation. · 156a8722

Dr. Stephen Henson authored Jan 24, 2015



Document SSL_get_extms_support().

Modify behaviour of SSL_get_extms_support() so it returns -1 if the
master secret support of the peer is not known (e.g. handshake in progress).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

156a8722

Add CHANGES entry. · 6668b6b8

Dr. Stephen Henson authored Jan 23, 2015



Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

6668b6b8

Ctrl to retrieve extms support. · c5364614

Dr. Stephen Henson authored Jan 23, 2015



Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

c5364614

Add extms support to master key generation. · 0cfb0e75

Dr. Stephen Henson authored Jan 23, 2015



Update master secret calculation to support extended master secret.
TLS 1.2 client authentication adds a complication because we need to
cache the handshake messages. This is simpllified however because
the point at which the handshake hashes are calculated for extended
master secret is identical to that required for TLS 1.2 client
authentication (immediately after client key exchange which is also
immediately before certificate verify).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

0cfb0e75

Extended master secret extension support. · ddc06b35

Dr. Stephen Henson authored Jan 23, 2015



Add and retrieve extended master secret extension, setting the flag
SSL_SESS_FLAG_EXTMS appropriately.

Note: this just sets the flag and doesn't include the changes to
master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

ddc06b35

Rewrite ssl3_send_client_key_exchange to support extms. · c660ec63

Dr. Stephen Henson authored Jan 23, 2015



Rewrite ssl3_send_client_key_exchange to retain the premaster secret
instead of using it immediately.

This is needed because the premaster secret is used after the client key
exchange message has been sent to compute the extended master secret.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

c660ec63

Utility function to retrieve handshake hashes. · 48fbcbac

Dr. Stephen Henson authored Jan 23, 2015



Retrieve handshake hashes in a separate function. This tidies the existing
code and will be used for extended master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

48fbcbac

Add flags field to SSL_SESSION. · 6f152a15

Dr. Stephen Henson authored Jan 23, 2015



Add a "flags" field to SSL_SESSION. This will contain various flags
such as encrypt-then-mac and extended master secret support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

6f152a15

Check PKCS#8 pkey field is valid before cleansing. · 52e028b9
Dr. Stephen Henson authored Feb 01, 2015
```
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
52e028b9

old_des fix windows build, remove docs · c303d4d8

Rich Salz authored Feb 02, 2015



Remove outdated doc files.
Fix windows build after old_des was removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>

c303d4d8

Feb 02, 2015
- Remove old DES API · 24956ca0
  Rich Salz authored Feb 02, 2015
```
Includes VMS fixes from Richard.
Includes Kurt's destest fixes (RT 1290).
Closes tickets 1290 and 1291

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  24956ca0
- Dead code: if 0 removal from crypto/evp and an unused file. · fd22ab9e
  Rich Salz authored Feb 02, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  fd22ab9e
- Dead code removal; #if 0 from crypto/des · e2f80180
  Rich Salz authored Feb 02, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  e2f80180
- Dead code cleanup: crypto/ec,ecdh,ecdsa · c8fa2356
  Rich Salz authored Feb 02, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  c8fa2356
- Dead code cleanup; remove #if 0 from crypto/engine · f16a64d1
  Rich Salz authored Feb 02, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  f16a64d1
- Dead code cleanup: #if 0 dropped from tests · 9ccc00ef
  Rich Salz authored Feb 02, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  9ccc00ef
- Dead code cleanup: crypto/*.c, x509v3, demos · 7aa0b022
  Rich Salz authored Feb 02, 2015
```
Some of the #if 0 code in demo's was kept, but given helpful #ifdef
names, to show more sample code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  7aa0b022
- cms-test.pl: "localize" /dev/null even further [as follow-up to VMS]. · 5da05a26
  Andy Polyakov authored Jan 30, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  5da05a26
Jan 31, 2015
- Make the libssl opaque changes compile on VMS · 1d4d6857
  Richard Levitte authored Jan 30, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  1d4d6857