Commits · af4f2ad9dd7d7a5f5b3fd64d1ffa14a4eb59216a · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Feb 28, 2016

Dr. Stephen Henson authored Feb 02, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

af4f2ad9

Add no signing flag. · 4b0555ec

Dr. Stephen Henson authored Feb 23, 2016



Add a flag to EC_METHOD for curves which do not support signing.
New function EC_KEY_can_sign() returns 1 is key can be used for signing.
Return an explicit error is an attempt is made to sign with
no signing curves.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

4b0555ec

Add new EC_METHOD for X25519. · 8dcfdbf5

Dr. Stephen Henson authored Feb 02, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

8dcfdbf5

Add group_order_bits to EC_METHOD. · e5b2ea0a

Dr. Stephen Henson authored Feb 01, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

e5b2ea0a

Add custom_data field for EC_POINT, EC_KEY. · 3e8ee475

Dr. Stephen Henson authored Feb 01, 2016



In some cases the EC_POINT and EC_KEY BIGNUM components are suboptimal
or inappropriate. Add an "custom_data" field which curves can populate with
a custom structure to suit their needs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

3e8ee475

Extract compression form in EC_KEY_oct2key(). · 6ea04154

Dr. Stephen Henson authored Feb 17, 2016



Extract compression form in EC_KEY_oct2key() instead of manually in the
ASN.1 code. For custom curves do not assume the initial octet is the
compression form: it isn't for X25519 et al.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

6ea04154

Extended EC_METHOD customisation support. · 6903e2e7

Dr. Stephen Henson authored Feb 01, 2016



Add support for optional overrides of various private key operations
in EC_METHOD.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

6903e2e7

EC_METHOD customisation operations. · 474d84ec

Dr. Stephen Henson authored Feb 01, 2016



Extend EC_METHOD to permit additional customisation of private key and
ECDH operations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

474d84ec

Rename OIDs. · 899cf48f

Dr. Stephen Henson authored Feb 22, 2016



Use standard X25519 and X448 names for OIDs. Delete EdDSA OIDs: for now they
wont be used and EdDSA may use a different format.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

899cf48f

GH715: Missed some null-check-removals. follow commits 412bafdc, and 7c96dbcd · 17fa4e8e
FdaSilvaYY authored Feb 28, 2016
```
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
17fa4e8e

Fix mk1mf build · 31ba0e17

Rich Salz authored Feb 28, 2016



Removing certs broke the mk1mf build.

Reviewed-by: Richard Levitte <levitte@openssl.org>

31ba0e17

GH715: Missed some null-check-removals. · 412bafdc
Rich Salz authored Feb 25, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
412bafdc
RT4351: Update doc for OPENSSL_cleanse · 91a61513
Jeffrey Walton authored Feb 26, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
91a61513

VMS - don't exit out of a MMS recipe · 687237e9

Richard Levitte authored Feb 28, 2016



Exiting out of a recipe more than necessary leaves an ugly message.

Reviewed-by: Rich Salz <rsalz@openssl.org>

687237e9

Make generation of dependency files more efficient when possible · 340da949

Richard Levitte authored Feb 28, 2016



When building with GNU C, clang or VMS C, it's more efficient to
generate dependency file and object file in one call rather than two.
Have the dependency output in a temporary file and compare it with the
previous one if available to see if replacement is waranted, thereby
avoiding unnecessary reconstruction of Makefile / descrip.mms.

Github issue #750

Reviewed-by: Rich Salz <rsalz@openssl.org>

340da949

Feb 27, 2016

RT4354: Add some cross-refs · e0b5108c

Jeffrey Walton authored Feb 27, 2016

Stack Overflow has a number of questions related to mutual authentication,
the client and its certificate. Those visiting the man pages for functions
like SSL_CTX_use_certificate and SSL_CTX_load_verify_locations don't
receive the benefit of a cross reference to SSL_CTX_set_client_CA_list.

Reviewed-by: Richard Levitte <levitte@openssl.org>

e0b5108c

using macro inside the case. · d6316025

J Mohan Rao Arisankala authored Feb 27, 2016



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

d6316025

fix build with no-srtp · b07c703f

J Mohan Rao Arisankala authored Feb 27, 2016



- srtp_profiles variable is defined when building with SRTP, keeping
the variable usage also under ifndef OPENSSL_NO_SRTP
- alpn help option was kept under ifndef OPENSSL_NO_SRTP

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

b07c703f

ct_test.c doesn't need to include from source top, only testutil.c does · b37d6abf

Richard Levitte authored Feb 27, 2016



The INCLUDE statement can handle setting extra include directories for
individual object files, let's use it.

Reviewed-by: Andy Polyakov <appro@openssl.org>

b37d6abf

Remove last remains of old config strings · e5ed5f6a
Richard Levitte authored Feb 27, 2016
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
e5ed5f6a

modes/asm/ghash-x86_64.pl: refine GNU assembler version detection. · d3cdab17

Andy Polyakov authored Feb 24, 2016



Even though AVX support was added in GAS 2.19 vpclmulqdq was apparently
added in 2.20.

Reviewed-by: Rich Salz <rsalz@openssl.org>

d3cdab17

chacha/asm/chacha-*.pl: fix typos in tail processing. · f2188228
Andy Polyakov authored Feb 21, 2016
```
RT#4323

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
f2188228

Reformat and update EC_KEY_new manual page. · 80757ad4

Dr. Stephen Henson authored Feb 27, 2016



Add some missing parentheses and reformat.

Document EC_KEY_oct2key(), EC_KEY_key2buf(), EC_KEY_oct2priv(),
EC_KEY_priv2oct() and EC_KEY_priv2buf()

Reviewed-by: Rich Salz <rsalz@openssl.org>

80757ad4

RT2275: use BIO_sock_nbio() · ba810815

Rich Salz authored Feb 27, 2016



Now that BIO_sock_nbio is available, use it in the apps.

Reviewed-by: Richard Levitte <levitte@openssl.org>

ba810815

Remove some old files. · 6ab36414

Rich Salz authored Feb 27, 2016



I read the PROBLEMS, and they're outdated; nothing I'd put in the
online FAQ, for example.  Test-builds work without using these files.
Had to remove the rehash.time stuff from Makefile.in

Reviewed-by: Richard Levitte <levitte@openssl.org>

6ab36414

Keep a cache of files that already have a recipe, in common.tmpl · b23238f9
Richard Levitte authored Feb 27, 2016
```
We don't want recipes for the same files generated more than once

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
b23238f9

FreeBSD, at least, can restrict symbols in a shared library - so use the · 150a4790

Ben Laurie authored Feb 27, 2016


Linux target that does that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

150a4790

testutil.c includes e_os.h. · c490b9b5
Ben Laurie authored Feb 27, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
c490b9b5

GH753: More spelling fix · b6453a68

FdaSilvaYY authored Feb 26, 2016



Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>

b6453a68

Apply default after having checked the given config target is valid · 79302211
Richard Levitte authored Feb 27, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
79302211
Drop support for printing SSLv2 ciphers names. · 800fe8e3
Kurt Roeckx authored Feb 21, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #2083
```
800fe8e3

Update and clarify EC_POINT documentation. · 43986596

Dr. Stephen Henson authored Feb 27, 2016



Reformat EC_POINT_new.pod and add parentheses to function names.
Clarify the octet form.
Add documentation for EC_POINT_oct2buf().

Reviewed-by: Rich Salz <rsalz@openssl.org>

43986596

Feb 26, 2016
- Remove Ubsec engine · 766579ec
  Matt Caswell authored Feb 26, 2016
```
The ubsec engine is now considered obsolete and therefore has been
removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  766579ec
- Moves SCT struct typedef into ossl_typ.h · a8d177ac
  Rob Percival authored Feb 25, 2016
```
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  a8d177ac
- Fix for potential deferencing of null pointer in o2i_SCT_signature · 2882e96a
  Rob Percival authored Feb 24, 2016
```
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  2882e96a
- Public API for Certificate Transparency · 0cea8832
  Rob Percival authored Feb 25, 2016
```
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  0cea8832
- GH752 ct_test uses testutil, so include that · 186d04a5
  Rob Percival authored Feb 26, 2016
```
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  186d04a5
- Revert "EC_KEY_priv2buf (): check parameter sanity" · afcee950
  Rich Salz authored Feb 26, 2016
```
This reverts commit acae59bb

.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
  afcee950
- Don't build sanitizer builds with --debug · 875856ef
  Emilia Kasper authored Feb 26, 2016
```
They're too slow.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  875856ef
- Fix master compile error · b6e78584
  Matt Caswell authored Feb 26, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  b6e78584