Commits · 28bd8e945ff0bf50183af2481cc36180fbccaedb · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

21 Jun, 2016 5 commits

Fix typo · 28bd8e94

Petr Vaněk authored Jun 21, 2016



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1241)

28bd8e94

Appveyor: test install as well, via a fake deploy_script · 14c42019
Richard Levitte authored Jun 02, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
14c42019
Travis: When testing install, install docs as well · a3414dc8
Richard Levitte authored Jun 02, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
a3414dc8

OpenSSL::Test: Fix directory calculations in __cwd() · 3da9eeb1

Richard Levitte authored Jun 20, 2016



We recalculate the location of the directories we keep track of.
However, we did so after having moved to the new directory already, so
the data we did the calculations from were possibly not quite correct.

This change moves the calculations to happen before moving to the new
directory.

This issue is sporadic, and possibly dependent on the platform.

Reviewed-by: Matt Caswell <matt@openssl.org>

3da9eeb1

More doc cleanup · c952780c

Rich Salz authored Jun 21, 2016



Add missing entries to NAME section
Add SYNOPSIS lines, remove old NAME entries
Update find-doc-nits; better regexp's for parsing SYNOPSIS sections.
Rename a couple of files to have an API name.
Remove RSA_private_decrypt; it was duplicate content
Update for recent doc additions

Reviewed-by: Matt Caswell <matt@openssl.org>

c952780c

20 Jun, 2016 24 commits

Avoid using latest clang since repo not available · 6feb3c58
Rich Salz authored Jun 20, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
6feb3c58

Make arm-xlate.pl set use strict. · abeae4d3

David Benjamin authored Jun 20, 2016



It was already nearly clean. Just one undeclared variable.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1240)

abeae4d3

Add verification of proxy certs to 25-test_verify.t · aa951ef3
Richard Levitte authored Jun 19, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
```
aa951ef3

Create some proxy certificates · 8dfb2021

Richard Levitte authored Jun 19, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>

8dfb2021

Make it possible to generate proxy certs with test/certs/mkcert.sh · 71c8cd20

Richard Levitte authored Jun 19, 2016



This extends 'req' to take more than one DN component, and to take
them as full DN components and not just CN values.  All other commands
are changed to pass "CN = $cn" instead of just a CN value.

This adds 'genpc', which differs from the other 'gen*' commands by not
calling 'req', and expect the result from 'req' to come through stdin.

Finally, test/certs/setup.sh gets the commands needed to generate a
few proxy certificates.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>

71c8cd20

make update · d0ba7bc8

Richard Levitte authored Jun 19, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>

d0ba7bc8

Allow proxy certs to be present when verifying a chain · a392ef20
Richard Levitte authored Jun 19, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
```
a392ef20

Fix proxy certificate pathlength verification · ed17c7c1

Richard Levitte authored Jun 19, 2016



While travelling up the certificate chain, the internal
proxy_path_length must be updated with the pCPathLengthConstraint
value, or verification will not work properly.  This corresponds to
RFC 3820, 4.1.4 (a).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>

ed17c7c1

Check that the subject name in a proxy cert complies to RFC 3820 · c8223538

Richard Levitte authored Jun 19, 2016



The subject name MUST be the same as the issuer name, with a single CN
entry added.

RT#1852

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>

c8223538

RT3925: Remove trailing semi from macro · 54f24e3e
Dr. Matthias St. Pierre authored Jun 20, 2016
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
54f24e3e
apps/req.c: Increment the right variable when parsing '+' · 14d3c0dd
Richard Levitte authored Jun 20, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
14d3c0dd

Remove pointless free loop in X509_TRUST_cleanup() · 5e6e650d

Kurt Cancemi authored Jun 09, 2016



Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1194)

5e6e650d

Remove pointless free loop in X509_PURPOSE_cleanup() · fa3a0286

Kurt Cancemi authored Jun 08, 2016



Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1194)

fa3a0286

doc and comment fixes · 14f46560

huangqinjin authored Jun 20, 2016



Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1233)

14f46560

crypto/evp/e_aes_cbc_hmac_sha256.c: Remove spurious memset · b88e95f3

Kurt Cancemi authored May 28, 2016



Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1231)

b88e95f3

RT3136: Remove space after issuer/subject · fb0303f3
Jiri Horky authored Jun 12, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
fb0303f3

Make DSA_SIG and ECDSA_SIG getters const. · 9267c11b

Emilia Kasper authored Jun 09, 2016



Reorder arguments to follow convention.

Also allow r/s to be NULL in DSA_SIG_get0, similarly to ECDSA_SIG_get0.

This complements GH1193 which adds non-const setters.

Reviewed-by: Rich Salz <rsalz@openssl.org>

9267c11b

rand/randfile.c: remove obsolete commentary. · b73cfb13
Andy Polyakov authored Jun 20, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
b73cfb13

Tests should check validation status directly · 876a1a83

Rob Percival authored Jun 07, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

876a1a83

Test SCT lists · 4fc31f75

Rob Percival authored Jun 07, 2016



This encompasses what was previously tested.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

4fc31f75

aes/asm/bsaes-armv7.pl: omit redundant stores in XTS subroutines. · 4973a60c
Andy Polyakov authored Jun 18, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
4973a60c
aes/asm/bsaes-armv7.pl: fix XTS decrypt test failure. · 3d32bab8
Andy Polyakov authored Jun 18, 2016
```
RT#4578

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
3d32bab8
Change the RAND_file_name documentation accordingly · 2be7014c
Richard Levitte authored Jun 20, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
2be7014c

Change default directory for the .rnd file on Windows and VMS · b8f304f7

Richard Levitte authored Jun 20, 2016



The previous change for Windows wasn't quite right.  Corrected to use
%HOME%, %USERPROFILE% and %SYSTEMPROFILE%, in that order.

Also adding the default home for VMS, SYS$LOGIN:

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>

b8f304f7

18 Jun, 2016 11 commits

Add a comment after some #endif at end of apps source code. · a8db2cfa

FdaSilvaYY authored Jun 10, 2016



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)

a8db2cfa

Useless header include of openssl/rand.h · 823146d6

FdaSilvaYY authored Jun 05, 2016



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)

823146d6

Useless includes · 93b8981d

FdaSilvaYY authored Mar 25, 2016



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)

93b8981d

Missing NULL check on OBJ_dup result in x509_name_canon · 5ab0b7e6

FdaSilvaYY authored Jun 04, 2016



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)

5ab0b7e6

Fix an MSVC warning. · b1b1cba4

FdaSilvaYY authored May 10, 2016



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)

b1b1cba4

Use a STACK_OF(OPENSSL_CSTRING) for const char * stacks · 1dcb8ca2
Matt Caswell authored Jun 15, 2016
```
Better than losing the const qualifier.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
1dcb8ca2

OpenBSD has intypes.h · 6b44f259

Matt Caswell authored Jun 15, 2016



Update e_os2.h so that inttypes.h is included.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>

6b44f259

Replace 4 casts with 1 · d012c1a1

Matt Caswell authored Jun 15, 2016



Changing the type of the |str| variable in asn1pars enables us to remove
4 casts with just 1. This silences an OpenBSD warning along the way.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>

d012c1a1

Improve const correctness for stacks of EVP_MD · ac94c8fd

Matt Caswell authored Jun 15, 2016



EVP_MDs are always const, so stacks of them should be too. This silences
a warning about type punning on OpenBSD.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>

ac94c8fd

constify SRP · 98370c2d

Matt Caswell authored Jun 15, 2016



Add const qualifiers to lots of SRP stuff. This started out as an effort
to silence some "type-punning" warnings on OpenBSD...but the fix was to
have proper const correctness in SRP.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>

98370c2d

Avoid type punning warnings in b_addr.c · 7fb4b92c
Matt Caswell authored Jun 15, 2016
```
RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
7fb4b92c