Commits · 7f3e6f8c243710b8dc89f385196987ad83c7848d · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

18 Oct, 2015 1 commit
- set string type when embedding · 7f3e6f8c
  Dr. Stephen Henson authored Oct 18, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  7f3e6f8c
17 Oct, 2015 1 commit

Move contributing info to CONTRIBUTING · eb05f173

Manish Goregaokar authored Oct 17, 2015



Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

eb05f173

16 Oct, 2015 2 commits

Run tests on Travis for mingw builds as well · 1a3ae788

Rich Salz authored Oct 16, 2015



Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>

1a3ae788

Fix error message when loading engines from config · 1f08d945

Dmitry Belyavsky authored Oct 16, 2015

When using command line applications errors occur when trying to
load engines specified in a config file. Introduced by commit
a0a82324



RT#4093

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

1f08d945

15 Oct, 2015 9 commits
- Remove Obsolete engines · 8b7080b0
  Matt Caswell authored Oct 13, 2015
```
There are a number of engines in the OpenSSL source code which are now
obsolete. The following engines have been removed: 4758cca, aep, atalla,
cswift, nuron, sureware.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  8b7080b0
- Fix self signed handling. · f51e5ed6
  Dr. Stephen Henson authored Aug 05, 2015
```
Don't mark a certificate as self signed if keyUsage is present and
certificate signing not asserted.

PR#3979

Reviewed-by: Matt Caswell <matt@openssl.org>
```
  f51e5ed6
- embed CRL serial number and signature fields · 34a42e14
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  34a42e14
- embed certificate serial number and signature fields · 81e49438
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  81e49438
- embed value field of X509_EXTENSION · 4392479c
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  4392479c
- add CHANGES entry for embed · 272d917d
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  272d917d
- Handle embed flag in ASN1_STRING_copy(). · 4002da0f
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  4002da0f
- PACKET: fix __owur · f4f78ff7
  Emilia Kasper authored Oct 15, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  f4f78ff7
- Appease gcc's Wmaybe-uninitialized · bbafa47b
  Emilia Kasper authored Oct 15, 2015
```
False positive: gcc (4.8) can't figure out the SSL_IS_DTLS logic.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  bbafa47b
14 Oct, 2015 3 commits
- Remove EVP_CHECK_DES_KEY · 6f73d28c
  Emilia Kasper authored Oct 14, 2015
```
Thanks to the OpenBSD community for bringing this to our attention.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  6f73d28c
- ct_locl.h: fix some comments · b84939cc
  Emilia Kasper authored Oct 09, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  b84939cc
- make depend: prefer clang over makedepend · 58dd1ce9
  Emilia Kasper authored Oct 09, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  58dd1ce9
13 Oct, 2015 7 commits
- RFC5753 compliance. · 4ec36aff
  Dr. Stephen Henson authored Oct 12, 2015
```
RFC5753 requires that we omit parameters for AES key wrap and set them
to NULL for 3DES wrap. OpenSSL decrypt uses the received algorithm
parameters so can transparently handle either form.

Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  4ec36aff
- Add Clang 3.6 and additional GCC 5 builds to travis · 6220acf8
  Alessandro Ghedini authored Oct 06, 2015
```
Follow-up to f386742c

.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  6220acf8
- GH429: Add clang to travis · f386742c
  Alessandro Ghedini authored Oct 12, 2015
```
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  f386742c
- testlib/OpenSSL/Test.pm: remove redundant 'cmd /c', MSWin32 Perl can take care of itself. · 2d2a8354
  Andy Polyakov authored Oct 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  2d2a8354
- Harmonize do_rehash_rule with updated test/recipies/25-test_verify.t. · 82987e61
  Andy Polyakov authored Oct 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  82987e61
- Test suite: chomp->s/\R// to harmonize with mingw 'make test'. · 85833408
  Andy Polyakov authored Oct 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  85833408
- Test suite: minimal required to get mingw 'make test' work under Linux. · 4ada8be2
  Andy Polyakov authored Oct 12, 2015
```
(part by Alessandro Ghedini)

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  4ada8be2
12 Oct, 2015 4 commits

Rename -set-serial command to req · 1dce6c3f

Matt Caswell authored Oct 12, 2015



Previous OpenSSL versions used -set_serial, but master was using
-set-serial - so rename it back to the old version.

RT#4059

Reviewed-by: Richard Levitte <levitte@openssl.org>

1dce6c3f

Centralise loading default apps config file · a0a82324

Matt Caswell authored Oct 12, 2015



Loading the config file after processing command line options can
cause problems, e.g. where an engine provides new ciphers/digests
these are not then recoginised on the command line. Move the
default config file loading to before the command line option
processing. Whilst we're doing this we might as well centralise
this instead of doing it individually for each application. Finally
if we do it before the OpenSSL_add_ssl_algorithms() call then
ciphersuites provided by an engine (e.g. GOST) can be available to
the apps.

RT#4085
RT#4086

Reviewed-by: Richard Levitte <levitte@openssl.org>

a0a82324

Fix option name discrepancy · d175e8a6

Matt Caswell authored Oct 12, 2015



There used to be options -macopt and -sigopt in <=1.0.2 for the dgst
command line app. These were incorrectly spelled as -macop and -sigop in
master.

RT#4072

Reviewed-by: Andy Polyakov <appro@openssl.org>

d175e8a6

Configurations: move -Wno-pedantic-ms-format to .travis.yml. · dc898095

Andy Polyakov authored Oct 07, 2015



The option is not available in older toolchains and would cause breakage.

Reviewed-by: Richard Levitte <levitte@openssl.org>

dc898095

11 Oct, 2015 6 commits
- embed OCSP_CERTID · af170194
  Dr. Stephen Henson authored Oct 07, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  af170194
- embed support for ASN1_STRING · 47c9a1b5
  Dr. Stephen Henson authored Oct 07, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  47c9a1b5
- Embed various OCSP fields. · a332635e
  Dr. Stephen Henson authored Oct 06, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  a332635e
- embed support for CHOICE type · 44c734e9
  Dr. Stephen Henson authored Oct 06, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  44c734e9
- Skip PSK tests for no-psk · 71a64af3
  Dr. Stephen Henson authored Sep 12, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  71a64af3
- Make no-psk compile without warnings. · 9076bd25
  Dr. Stephen Henson authored Sep 11, 2015
```
PR#4035

Reviewed-by: Matt Caswell <matt@openssl.org>
```
  9076bd25
10 Oct, 2015 1 commit
- Typo. · c69ce935
  Dr. Stephen Henson authored Oct 11, 2015
```
PR#4079

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  c69ce935
09 Oct, 2015 3 commits

DTLS: remove unused cookie field · 31011544

Emilia Kasper authored Oct 06, 2015

Note that this commit constifies a user callback parameter and therefore
will break compilation for applications using this callback. But unless
they are abusing write access to the buffer, the fix is trivial.

Reviewed-by: Andy Polyakov <appro@openssl.org>

31011544

Fix Windows build · 0f0cfbe2

Matt Caswell authored Oct 09, 2015



Add the new ct directory to mkfiles.pl and fix the ct Makefile

Reviewed-by: Andy Polyakov <appro@openssl.org>

0f0cfbe2

Initial commit for Certificate Transparency support · 3149baf8

Adam Eijdenberg authored Sep 15, 2015



Original authors:
Rob Stradling <rob@comodo.com>
Dr. Stephen Henson <steve@openssl.org>

Reviewed-by: Emilia Kasper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

3149baf8

08 Oct, 2015 3 commits

PACKET: simplify ServerKeyExchange parsing · 32942870
Emilia Kasper authored Oct 02, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
32942870

Fix no-ripemd on Windows · 28dc5d19

Matt Caswell authored Oct 08, 2015



mkdef.pl was getting confused by:

 # ifdef OPENSSL_NO_RMD160
 #  error RIPEMD is disabled.
 # endif

Changing RIPEMD to RMD160 solves it. Fix suggested by Steve Henson.

Reviewed-by: Rich Salz <rsalz@openssl.org>

28dc5d19

Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify · dffe5109

Matt Caswell authored Oct 08, 2015

The function int_rsa_verify is an internal function used for verifying an
RSA signature. It takes an argument |dtype| which indicates the digest type
that was used. Dependant on that digest type the processing of the
signature data will vary. In particular if |dtype == NID_mdc2| and the
signature data is a bare OCTETSTRING then it is treated differently to the
default case where the signature data is treated as a DigestInfo (X509_SIG).

Due to a missing "else" keyword the logic actually correctly processes the
OCTETSTRING format signature first, and then attempts to continue and
process it as DigestInfo. This will invariably fail because we already know
that it is a bare OCTETSTRING.

This failure doesn't actualy make a real difference because it ends up at
the |err| label regardless and still returns a "success" result. This patch
just cleans things up to make it look a bit more sane.

RT#4076

Reviewed-by: Richard Levitte <levitte@openssl.org>

dffe5109