Commits · 8b527be2db48064673640dda2d57edc6b362ae64 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Oct 22, 2015

Add an explicit list of options that can be disabled, enabled, ... · 8b527be2

Richard Levitte authored Oct 22, 2015



Configure has, so far, had no control at all of which 'no-' options it
can be given.  This means that, for example, someone could configure
with something absurd like 'no-stack' and then watch the build crumble
to dust...  or file a bug report.

This introduces some sanity into the possible choices.

The added list comes from looking for the explicit ones used in
Configure, and from grepping after OPENSSL_NO_ in all source files.

Reviewed-by: Rich Salz <rsalz@openssl.org>

8b527be2

Oct 21, 2015

make update · 15db6a40
Richard Levitte authored Oct 19, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
15db6a40
Don't forget to load the CT error strings · a0e8da5d
Richard Levitte authored Oct 19, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
a0e8da5d

Handle CT error macros separately · cc79f06c

Richard Levitte authored Oct 19, 2015



Because the default error macro generator assumes the header file with
error macros is in include/openssl and therefore generates a C file
with error texts that include <openssl/{name}.h>, we need to generate
the error macros and texts for CT separately, since the CT module
doesn't follow the default criteria.

Reviewed-by: Matt Caswell <matt@openssl.org>

cc79f06c

Don't use SSLv23_server_method in an example · 21cd6e00

Matt Caswell authored Oct 21, 2015



The function SSLv23_server_method() is an old name. New code should use
TLS_server_method() instead. Therefore don't use SSLv23_server_method() in
an example in the docs.

Reviewed-by: Richard Levitte <levitte@openssl.org>

21cd6e00

Avoid undefined behaviour in PACKET_buf_init · 3fde6c92

Matt Caswell authored Oct 21, 2015



Change the sanity check in PACKET_buf_init to check for excessive length
buffers, which should catch the interesting cases where len has been cast
from a negative value whilst avoiding any undefined behaviour.

RT#4094

Reviewed-by: Richard Levitte <levitte@openssl.org>

3fde6c92

Oct 18, 2015
- ct_locl.h moved, reflect it in crypto/ct/Makefile · 788d72ba
  Richard Levitte authored Oct 18, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  788d72ba
- make update · 338cb762
  Richard Levitte authored Oct 18, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  338cb762
- Add crypto/include/internal to the directories to scan for stack declarations · d865cb13
  Richard Levitte authored Oct 18, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  d865cb13
- Because ct_locl.h is used between modules, move it to internal headers · eb6d5f99
  Richard Levitte authored Oct 18, 2015
```
Rename it to ct_int.h

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  eb6d5f99
- Move auto Host adding to query_responder · 76e0cd12
  Dr. Stephen Henson authored Oct 18, 2015
```
Check for Host header in query_responder instead of process_responder. This
also fixes a memory leak in the old code if the headers was NULL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  76e0cd12
- Fix memory leak with -issuer option. · bb7fc98c
  Dr. Stephen Henson authored Oct 18, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  bb7fc98c
- set string type when embedding · 7f3e6f8c
  Dr. Stephen Henson authored Oct 18, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  7f3e6f8c
Oct 17, 2015

Move contributing info to CONTRIBUTING · eb05f173

Manish Goregaokar authored Oct 17, 2015



Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

eb05f173

Oct 16, 2015

Run tests on Travis for mingw builds as well · 1a3ae788

Rich Salz authored Oct 16, 2015



Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>

1a3ae788

Fix error message when loading engines from config · 1f08d945

Dmitry Belyavsky authored Oct 16, 2015

When using command line applications errors occur when trying to
load engines specified in a config file. Introduced by commit
a0a82324



RT#4093

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

1f08d945

Oct 15, 2015
- Remove Obsolete engines · 8b7080b0
  Matt Caswell authored Oct 13, 2015
```
There are a number of engines in the OpenSSL source code which are now
obsolete. The following engines have been removed: 4758cca, aep, atalla,
cswift, nuron, sureware.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  8b7080b0
- Fix self signed handling. · f51e5ed6
  Dr. Stephen Henson authored Aug 05, 2015
```
Don't mark a certificate as self signed if keyUsage is present and
certificate signing not asserted.

PR#3979

Reviewed-by: Matt Caswell <matt@openssl.org>
```
  f51e5ed6
- embed CRL serial number and signature fields · 34a42e14
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  34a42e14
- embed certificate serial number and signature fields · 81e49438
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  81e49438
- embed value field of X509_EXTENSION · 4392479c
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  4392479c
- add CHANGES entry for embed · 272d917d
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  272d917d
- Handle embed flag in ASN1_STRING_copy(). · 4002da0f
  Dr. Stephen Henson authored Oct 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  4002da0f
- PACKET: fix __owur · f4f78ff7
  Emilia Kasper authored Oct 15, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  f4f78ff7
- Appease gcc's Wmaybe-uninitialized · bbafa47b
  Emilia Kasper authored Oct 15, 2015
```
False positive: gcc (4.8) can't figure out the SSL_IS_DTLS logic.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  bbafa47b
Oct 14, 2015
- Remove EVP_CHECK_DES_KEY · 6f73d28c
  Emilia Kasper authored Oct 14, 2015
```
Thanks to the OpenBSD community for bringing this to our attention.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  6f73d28c
- ct_locl.h: fix some comments · b84939cc
  Emilia Kasper authored Oct 09, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  b84939cc
- make depend: prefer clang over makedepend · 58dd1ce9
  Emilia Kasper authored Oct 09, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  58dd1ce9
Oct 13, 2015
- RFC5753 compliance. · 4ec36aff
  Dr. Stephen Henson authored Oct 12, 2015
```
RFC5753 requires that we omit parameters for AES key wrap and set them
to NULL for 3DES wrap. OpenSSL decrypt uses the received algorithm
parameters so can transparently handle either form.

Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  4ec36aff
- Add Clang 3.6 and additional GCC 5 builds to travis · 6220acf8
  Alessandro Ghedini authored Oct 06, 2015
```
Follow-up to f386742c

.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  6220acf8
- GH429: Add clang to travis · f386742c
  Alessandro Ghedini authored Oct 12, 2015
```
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  f386742c
- testlib/OpenSSL/Test.pm: remove redundant 'cmd /c', MSWin32 Perl can take care of itself. · 2d2a8354
  Andy Polyakov authored Oct 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  2d2a8354
- Harmonize do_rehash_rule with updated test/recipies/25-test_verify.t. · 82987e61
  Andy Polyakov authored Oct 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  82987e61
- Test suite: chomp->s/\R// to harmonize with mingw 'make test'. · 85833408
  Andy Polyakov authored Oct 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  85833408
- Test suite: minimal required to get mingw 'make test' work under Linux. · 4ada8be2
  Andy Polyakov authored Oct 12, 2015
```
(part by Alessandro Ghedini)

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  4ada8be2
Oct 12, 2015

Rename -set-serial command to req · 1dce6c3f

Matt Caswell authored Oct 12, 2015



Previous OpenSSL versions used -set_serial, but master was using
-set-serial - so rename it back to the old version.

RT#4059

Reviewed-by: Richard Levitte <levitte@openssl.org>

1dce6c3f

Centralise loading default apps config file · a0a82324

Matt Caswell authored Oct 12, 2015



Loading the config file after processing command line options can
cause problems, e.g. where an engine provides new ciphers/digests
these are not then recoginised on the command line. Move the
default config file loading to before the command line option
processing. Whilst we're doing this we might as well centralise
this instead of doing it individually for each application. Finally
if we do it before the OpenSSL_add_ssl_algorithms() call then
ciphersuites provided by an engine (e.g. GOST) can be available to
the apps.

RT#4085
RT#4086

Reviewed-by: Richard Levitte <levitte@openssl.org>

a0a82324

Fix option name discrepancy · d175e8a6

Matt Caswell authored Oct 12, 2015



There used to be options -macopt and -sigopt in <=1.0.2 for the dgst
command line app. These were incorrectly spelled as -macop and -sigop in
master.

RT#4072

Reviewed-by: Andy Polyakov <appro@openssl.org>

d175e8a6

Configurations: move -Wno-pedantic-ms-format to .travis.yml. · dc898095

Andy Polyakov authored Oct 07, 2015



The option is not available in older toolchains and would cause breakage.

Reviewed-by: Richard Levitte <levitte@openssl.org>

dc898095

Oct 11, 2015
- embed OCSP_CERTID · af170194
  Dr. Stephen Henson authored Oct 07, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  af170194