Commits · 0c14d442545aaea01067308c39d7c644239adc23 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Dec 13, 2015

Configure: 'reconf' to respect CROSS_COMPILE and CC. · 0c14d442
Andy Polyakov authored Dec 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
0c14d442
Don't use EC when no-ec. · d25aeabc
Ben Laurie authored Dec 13, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
d25aeabc
Remove no longer existant structure member and direct references to EVP_MD_CTX internals. · 6c3b5664
Ben Laurie authored Dec 13, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
6c3b5664
Fix (incorrect) uninitialised variable warning. · 4eacfade
Ben Laurie authored Dec 13, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
4eacfade
fix warning · 14e8e4d3
Dr. Stephen Henson authored Dec 13, 2015
```
Reviewed-by: Ben Laurie <ben@openssl.org>
```
14e8e4d3
remove ancient SSLeay bug workaround · 7538cb82
Dr. Stephen Henson authored Dec 12, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
7538cb82

Allow ChaCha20-Poly1305 in DTLS · 3e166c13

tjmao authored Dec 11, 2015



GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305
operates in neither of them but it is AEAD. This change also enables future
AEAD ciphers to be available for use with DTLS.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>

3e166c13

Revert "Allow ChaCha20-Poly1305 in DTLS" · 5320c071

Rich Salz authored Dec 12, 2015

This reverts commit 777f482d

.
Author credit missing.  Reverting this and re-committing with
an Author line.

Reviewed-by: Matt Caswell <matt@openssl.org>

5320c071

Use SHA256 not MD5 as default digest. · 9e8b6f04

Rich Salz authored Dec 12, 2015



(Documentation update was in the MR but not the commit.  Oops.)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

9e8b6f04

Dec 12, 2015
- Support ccache. · 40abdf8e
  Ben Laurie authored Dec 12, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  40abdf8e
- Fix compile failure with no-threads · 7a93c858
  Matt Caswell authored Dec 12, 2015
```
The async code was causing a compile failure if no-threads was used.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
```
  7a93c858
- Add extension utility documentation. · 9391ba1b
  Dr. Stephen Henson authored Dec 11, 2015
```
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
```
  9391ba1b
- add X509_up_ref() documentation · 3a59ad98
  Dr. Stephen Henson authored Dec 11, 2015
```
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
```
  3a59ad98
- extension documentation · e989e54f
  Dr. Stephen Henson authored Dec 10, 2015
```
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
```
  e989e54f
- Use OPENSSL_NO_DTLS instead of OPENSSL_NO_DTLS1 · a5ecdc6a
  Kurt Roeckx authored Dec 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  a5ecdc6a
Dec 11, 2015
- Fix compile failure · 8ca8fc48
  Matt Caswell authored Dec 11, 2015
```
Fix compile failure introduced by commit 94d61512

 due to a typo.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  8ca8fc48
- evp/e_chacha20_poly1305.c: TLS interop fixes. · 30a5f322
  Andy Polyakov authored Dec 10, 2015
```
Thanks to: David Benjamin of Chromuim.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  30a5f322
- Configurations/10-main.conf: fix typos in mingw/cygwin configs. · 80b1247f
  Andy Polyakov authored Dec 10, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  80b1247f
- Allow ChaCha20-Poly1305 in DTLS · 777f482d
  Rich Salz authored Dec 11, 2015
```
GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305
operates in neither of them but it is AEAD. This change also enables future
AEAD ciphers to be available for use with DTLS.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  777f482d
- Make no-dh work, plus other no-dh problems found by Richard. · 94d61512
  Ben Laurie authored Sep 12, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  94d61512
- make update, missed file · ea11c6e9
  Richard Levitte authored Dec 11, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  ea11c6e9
- Use SHA256 not MD5 as default digest. · f8547f62
  Rich Salz authored Jun 13, 2015
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
  f8547f62
- make update · 6ebe8dac
  Richard Levitte authored Dec 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  6ebe8dac
- Adapt EVP tests to the opaque EVP_ENCODE_CTX · 254b26af
  Richard Levitte authored Dec 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  254b26af
- Adapt PEM routines to the opaque EVP_ENCODE_CTX · 601ab315
  Richard Levitte authored Dec 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  601ab315
- Adapt BIO_f_base64 to the opaque EVP_ENCODE_CTX · b518d2d5
  Richard Levitte authored Dec 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  b518d2d5
- Make EVP_ENCODE_CTX opaque · a0be4fd1
  Richard Levitte authored Dec 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  a0be4fd1
- Fix OCB link · 1ee3b17f
  Matt Caswell authored Dec 10, 2015
```
The link to the OCB patent pdf changed, so the link in CHANGES needs to be
updated.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  1ee3b17f
Dec 10, 2015

Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633). · ba67253d

Rob Stradling authored Dec 04, 2015



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

GH: #495, MR: #1435

ba67253d

Restore full support for EVP_CTX_create() etc. · f8137a62

Viktor Dukhovni authored Dec 10, 2015



Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

f8137a62

Prepare for 1.1.0-pre2-dev · 278d6b36
Matt Caswell authored Dec 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
278d6b36
Prepare for 1.1.0-pre1 release · 22c21b60
Matt Caswell authored Dec 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
OpenSSL_1_1_0-pre1

22c21b60
OpenSSL 1.1.0 is now in pre release · ac7f47dc
Matt Caswell authored Dec 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
ac7f47dc
make update · b0cae88c
Matt Caswell authored Dec 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
b0cae88c
Don't run rehash as part of building the openssl app · e7986647
Richard Levitte authored Dec 10, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
e7986647

Update CHANGES and NEWS for alpha release · 7c314196

Matt Caswell authored Dec 10, 2015



Misc updates to the CHANGES and NEWS files ready for the alpha release.

Reviewed-by: Richard Levitte <levitte@openssl.org>

7c314196

Ensure |rwstate| is set correctly on BIO_flush · 67f60be8

Matt Caswell authored Nov 04, 2015

A BIO_flush call in the DTLS code was not correctly setting the |rwstate|
variable to SSL_WRITING. This means that SSL_get_error() will not return
SSL_ERROR_WANT_WRITE in the event of an IO retry.

Reviewed-by: Richard Levitte <levitte@openssl.org>

67f60be8

Fix DTLS handshake fragment retries · 2ad226e8

Matt Caswell authored Nov 03, 2015



If using DTLS and NBIO then if a second or subsequent handshake message
fragment hits a retry, then the retry attempt uses the wrong fragment
offset value. This commit restores the fragment offset from the last
attempt.

Reviewed-by: Richard Levitte <levitte@openssl.org>

2ad226e8

evp/e_aes.c: wire hardware-assisted block function to OCB. · 02dc0b82
Andy Polyakov authored Dec 08, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
02dc0b82
x86[_64] assembly pack: add optimized AES-NI OCB subroutines. · bd30091c
Andy Polyakov authored Dec 02, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
bd30091c