Commits · 59fd40d4e5030a7257edd11d758eab1dcebb3787 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

08 Jan, 2016 5 commits

DANE CHANGES · 59fd40d4
Viktor Dukhovni authored Jan 07, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
59fd40d4
Fix some typos in comments · 60d8edbc
Viktor Dukhovni authored Jan 06, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
60d8edbc

Backwards-compatibility subject to OPENSSL_API_COMPAT · 98186eb4

Viktor Dukhovni authored Jan 04, 2016



Provide backwards-compatiblity for functions, macros and include
files if OPENSSL_API_COMPAT is either not defined or defined less
than the version number of the release in which the feature was
deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>

98186eb4

DANE s_client support · cddd424a
Viktor Dukhovni authored Dec 29, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
cddd424a
Remove all remaining traces if PEM_Seal · 0c1badc8
Richard Levitte authored Jan 07, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
0c1badc8

07 Jan, 2016 14 commits

Minor test update · 21fa90b2

Viktor Dukhovni authored Jan 07, 2016



* Remove extraneous test/Makefile.orig
* Use basedomain instead of argv[1] in test/danetest.c

Reviewed-by: Rich Salz <rsalz@openssl.org>

21fa90b2

Fix another build break for no-mem-debug · 7b0a09f9
Rich Salz authored Jan 07, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
7b0a09f9

Fix build-break; 'make update' · ebd8df0e

Rich Salz authored Jan 07, 2016

Commit bbd86bf5 broke certain builds.
Commit 0674427f

 missing 'make update'

Reviewed-by: Richard Levitte <levitte@openssl.org>

ebd8df0e

mem functions cleanup · bbd86bf5

Rich Salz authored Jan 07, 2016



Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
        (Thanks to Jakob Bohm for the suggestion!)
Make the "change wrapper functions" be the only paradigm.
Wrote documentation!
Format the 'set func' functions so their paramlists are legible.
Format some multi-line comments.
Remove ability to get/set the "memory debug" functions at runtme.
Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
Add CRYPTO_mem_debug(int flag) function.
Add test/memleaktest.
Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.

Reviewed-by: Richard Levitte <levitte@openssl.org>

bbd86bf5

Remove the old VMS linker option file creator for shlibs · 3cb8c326
Richard Levitte authored Jan 07, 2016
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
3cb8c326
Enhance util/mkdef.pl to provide a VMS linker option file for shlibs · a388633d
Richard Levitte authored Jan 07, 2016
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
a388633d

Remove crypto/pem/pem_seal.c · 0674427f

Richard Levitte authored Jan 07, 2016



It's functionality appears unused.  If we're wrong, we will revert.

Reviewed-by: Rich Salz <rsalz@openssl.org>

0674427f

DANE support for X509_verify_cert() · 170b7358
Viktor Dukhovni authored Dec 29, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
170b7358
use more descriptive name DEFINE_STACK_OF_CONST · a8eba56e
Dr. Stephen Henson authored Jan 07, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
a8eba56e

Only declare stacks in headers · 4a1f3f27

Dr. Stephen Henson authored Jan 06, 2016



Don't define stacks in C source files: it causes warnings
about unused functions in some compilers.

Reviewed-by: Richard Levitte <levitte@openssl.org>

4a1f3f27

Rename DECLARE*STACK_OF to DEFINE*STACK_OF · 85885715

Dr. Stephen Henson authored Dec 28, 2015



Applications wishing to include their own stacks now just need to include

DEFINE_STACK_OF(foo)

in a header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>

85885715

remove unused PREDECLARE · c5e0c540
Dr. Stephen Henson authored Dec 27, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
c5e0c540
Fix declarations and constification for inline stack. · 4a640fb6
Dr. Stephen Henson authored Dec 23, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
4a640fb6

Change STACK_OF to use inline functions. · 411abf2d

Dr. Stephen Henson authored Dec 23, 2015

Change DECLARE_STACK_OF into inline functions. This avoids the need for
auto generated mkstack.pl macros and now handles const properly.

Reviewed-by: Richard Levitte <levitte@openssl.org>

411abf2d

06 Jan, 2016 5 commits

DANE make update · 249d9719
Viktor Dukhovni authored Dec 29, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
249d9719
DANE documentation typos · 63b65834
Viktor Dukhovni authored Jan 06, 2016
```
Reported-by: Claus Assmann

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
63b65834
Remove more (rest?) of FIPS build stuff. · 700b4a4a
Rich Salz authored Dec 14, 2015
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
700b4a4a
Remove some unused perl scripts · 0b0443af
Rich Salz authored Dec 17, 2015
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
0b0443af

DANE support structures, constructructors and accessors · 919ba009

Viktor Dukhovni authored Dec 29, 2015



Also tweak some of the code in demos/bio, to enable interactive
testing of BIO_s_accept's use of SSL_dup.  Changed the sconnect
client to authenticate the server, which now exercises the new
SSL_set1_host() function.

Reviewed-by: Richard Levitte <levitte@openssl.org>

919ba009

03 Jan, 2016 4 commits
- Fix X509_STORE_CTX_cleanup() · e29c73c9
  Viktor Dukhovni authored Jan 01, 2016
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
  e29c73c9
- Drop incorrect id == -1 case from X509_check_trust · 0e7abc90
  Viktor Dukhovni authored Dec 29, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  0e7abc90
- X509_verify_cert() cleanup · d9b8b89b
  Viktor Dukhovni authored Dec 29, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  d9b8b89b
- Cleanup of verify(1) failure output · 63c6aa6b
  Viktor Dukhovni authored Jan 01, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  63c6aa6b
02 Jan, 2016 5 commits

Instead of a local hack, implement SIZE_MAX in numbers.h if it's missing · 1de1d768
Richard Levitte authored Jan 02, 2016
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
1de1d768

Fix a possible memleak · 6aa0ba4b

Richard Levitte authored Dec 18, 2015



If there's a failure allocating md_data, the destination pctx will have
a shared pointer with the source EVP_MD_CTX, which will lead to problems
when either the source or the destination is freed.

Reviewed-by: Stephen Henson <steve@openssl.org>

6aa0ba4b

Protocol version selection and negotiation rewrite · 4fa52141

Viktor Dukhovni authored Dec 29, 2015



The protocol selection code is now consolidated in a few consecutive
short functions in a single file and is table driven.  Protocol-specific
constraints that influence negotiation are moved into the flags
field of the method structure.  The same protocol version constraints
are now applied in all code paths.  It is now much easier to add
new protocol versions without reworking the protocol selection
logic.

In the presence of "holes" in the list of enabled client protocols
we no longer select client protocols below the hole based on a
subset of the constraints and then fail shortly after when it is
found that these don't meet the remaining constraints (suiteb, FIPS,
security level, ...).  Ideally, with the new min/max controls users
will be less likely to create "holes" in the first place.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

4fa52141

Refine and re-wrap Min/Max protocol docs · 57ce7b61
Viktor Dukhovni authored Dec 29, 2015
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
57ce7b61
Add support for minimum and maximum protocol version · 7946ab33
Kurt Roeckx authored Dec 06, 2015
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
7946ab33

01 Jan, 2016 2 commits
- Fix no-dh. · 1e0784ff
  Ben Laurie authored Jan 01, 2016
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  1e0784ff
- remove invalid free · f2c14768
  Dr. Stephen Henson authored Jan 01, 2016
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  f2c14768
31 Dec, 2015 1 commit
- Use X509_get0_pubkey where appropriate · 8382fd3a
  Dr. Stephen Henson authored Dec 20, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  8382fd3a
30 Dec, 2015 4 commits
- Update to SHA256 for TSA signing digest. · 39a6a4a7
  Rich Salz authored Dec 30, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  39a6a4a7
- Fix faulty check in the VMS version of opt_progname · 211a68b4
  Richard Levitte authored Dec 30, 2015
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  211a68b4
- Remove the #ifndef OPENSSL_SYS_VMS around SSL_add_dir_cert_subjects_to_stack · 579415de
  Richard Levitte authored Dec 30, 2015
```
It served a purpose, but not any more.

Reviewed-by: Stephen Henson <steve@openssl.org>
```
  579415de
- Correct missing prototype · e6578078
  Richard Levitte authored Dec 30, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  e6578078