Commits · b69817449315f3818a8472468b3328ea755819db · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Feb 01, 2016

Emilia Kasper authored Feb 01, 2016



PACKET contents should be read-only. To achieve this, also
- constify two user callbacks
- constify BUF_reverse.

Reviewed-by: Rich Salz <rsalz@openssl.org>

b6981744

update DSA docs · 0c787647
Dr. Stephen Henson authored Jan 28, 2016
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
0c787647
add option to exclude public key from EC keys · 16754806
Dr. Stephen Henson authored Jan 27, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
16754806
Fix memory leak and print out keygen errors. · f6de4eb7
Dr. Stephen Henson authored Jan 25, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
f6de4eb7

Better check for gcc/clang · f1f07a23

Rich Salz authored Jan 29, 2016



Iteratively improved with Richard and Andy.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

f1f07a23

Comment "secure memcmp" implementation · eb507efb

Dmitry-Me authored Feb 01, 2016



Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

eb507efb

Use PKCS#8 format EC key so test is skipped with no-ec · 995197ab
Dr. Stephen Henson authored Feb 01, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
995197ab
unified build scheme: add a personal configuration to test it · 8ffdf7ff
Richard Levitte authored Jan 29, 2016
```
Nothing else will run the unified scheme for now.

Reviewed-by: Andy Polyakov <appro@openssl.org>
```
8ffdf7ff

unified build scheme: add build.info files · 777a2882

Richard Levitte authored Jan 29, 2016



Now that we have the foundation for the "unified" build scheme in
place, we add build.info files.  They have been generated from the
Makefiles in the same directories.  Things that are platform specific
will appear in later commits.

Reviewed-by: Andy Polyakov <appro@openssl.org>

777a2882

unified build scheme: a first introduction · 9fe2bb77

Richard Levitte authored Jan 29, 2016

The "unified" build scheme revolves around small information files,
build.info, which each describe their own bit of everything that needs
to be built, using a mini-language described in Configurations/README.

The information in build.info file contain references to source files
and final result. Object files are not mentioned at all, they are
simply from source files. Because of this, all the *_obj items in
Configurations/*.conf are renamed to *_asm_src and the files listed
in the values are change from object files to their corresponding
source files. For the sake of the other build schemes, Configure
generates corresponding *_obj entries in %target.

Furthermore, the "unified" build scheme supports having a build
directory tree separate from the source directry tree.

All paths in a build.info file is assumed to be relative to its
location, either within the source tree or within the build tree.

Reviewed-by: Andy Polyakov <appro@openssl.org>

9fe2bb77

Add tests for non-ca trusted roots and intermediates · 1d852772
Viktor Dukhovni authored Jan 29, 2016
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
1d852772

Compat self-signed trust with reject-only aux data · 33cc5dde

Viktor Dukhovni authored Jan 29, 2016



When auxiliary data contains only reject entries, continue to trust
self-signed objects just as when no auxiliary data is present.

This makes it possible to reject specific uses without changing
what's accepted (and thus overring the underlying EKU).

Added new supported certs and doubled test count from 38 to 76.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

33cc5dde

Check chain extensions also for trusted certificates · 0daccd4d

Viktor Dukhovni authored Jan 28, 2016



This includes basic constraints, key usages, issuer EKUs and auxiliary
trust OIDs (given a trust suitably related to the intended purpose).

Added tests and updated documentation.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

0daccd4d

Jan 31, 2016

Zero newly allocated points · 1b4cf96f
Dr. Stephen Henson authored Jan 31, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
1b4cf96f

Remove redundant code. · aedc37e7

Dr. Stephen Henson authored Jan 31, 2016



d2i_ECPrivateKey always caculates the public key so there is
no need to caculate it again in eckey_priv_decode().

Reviewed-by: Rich Salz <rsalz@openssl.org>

aedc37e7

Add EC_GROUP_order_bits, EC_GROUP_get0_order and EC_GROUP_get0_cofactor · be2e334f

Dr. Stephen Henson authored Jan 31, 2016



New functions to return internal pointer for order and cofactor. This
avoids the need to allocate a new BIGNUM which to copy the value to.
Simplify code to use new functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>

be2e334f

Engage poly1305-sparcv9 module. · 81e03785
Andy Polyakov authored Jan 29, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
81e03785
Add poly1305/asm/poly1305-sparcv9.pl. · 0049eb46
Andy Polyakov authored Jan 29, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
0049eb46
Configure: restore original logic for -DWHIRLPOOL_ASM. · 46d4d865
Andy Polyakov authored Jan 29, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
46d4d865
RT4129: BUF_new_mem_buf should take const void * · 8ab31975
Daniel Kahn Gillmor authored Jan 30, 2016
```
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
8ab31975

Remove the extra checks for Intel's C compiler · 0e87e058

Richard Levitte authored Jan 31, 2016



When the target is {something}-icc, we're doing some extra checks of
the icc compiler.  However, all such targets were cleaned away in
March 2015, so this Configure section is dead code.

Reviewed-by: Rich Salz <rsalz@openssl.org>

0e87e058

RT3755: Remove duplicate #include · b59e1bed
Rich Salz authored Jan 30, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
b59e1bed
Don't go into dotted directories when copying Makefile.in to Makefile · fb36ca12
Richard Levitte authored Jan 31, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
fb36ca12
GH102: Extra volatile avoids GCC bug · 769adcfe
Rich Salz authored Jan 30, 2016
```
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
```
769adcfe

Jan 30, 2016

Remove extra level of indirection. · 9716b0b9

Rich Salz authored Jan 30, 2016



Remove OPENSSL_IMPORT as its only purpose is to define OPENSSL_EXTERN.

Reviewed-by: Richard Levitte <levitte@openssl.org>

9716b0b9

Move more BN internals to bn_lcl.h · 94af0cd7

Rich Salz authored Jan 28, 2016



There was an unused macro in ssl_locl.h that used an internal
type, so I removed it.
Move bio_st from bio.h to ossl_type.h

Reviewed-by: Andy Polyakov <appro@openssl.org>

94af0cd7

GH102: Add volatile to CRYPTO_memcmp · 98ab5764

Rich Salz authored Jan 29, 2016



Can't hurt and seems to prevent problems from some over-aggressive
(LTO?) compilers.

Reviewed-by: Richard Levitte <levitte@openssl.org>

98ab5764

When checking if there's a VMS directory spec, don't forget the possible device · c10d1bc8
Richard Levitte authored Jan 30, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
c10d1bc8

Fix test/recipes/25-test_verify.t · 9c626317

Richard Levitte authored Jan 30, 2016



top_dir() are used to create directory names, top_file() should be
used for files.  In a Unixly environment, that doesn't matter, but...

Reviewed-by: Rich Salz <rsalz@openssl.org>

9c626317

handle "Ctrl" in separate function · 4ddd5ace
Dr. Stephen Henson authored Jan 30, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
4ddd5ace
Add test data for ECDH · 404cc933
Dr. Stephen Henson authored Jan 30, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
404cc933
Add support for EVP_PKEY_derive in evp_test · d4ad48d7
Dr. Stephen Henson authored Jan 29, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
d4ad48d7
fix warning · bc9d9ce2
Dr. Stephen Henson authored Jan 29, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
bc9d9ce2
Add function to return internal enoding of X509_NAME. · 7ab50749
Dr. Stephen Henson authored Jan 30, 2016
```
PR#4280

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
7ab50749

Fix opt_imax() call · 33254e1c

Richard Levitte authored Jan 30, 2016



Not all architectures have a time_t defined the same way.  To make
sure we get the same result, we need to cast &checkoffset to (intmax_t *)
and make sure that intmax_t is defined somehow.

To make really sure we don't pass a variable with the wrong size down
to opt_imax(), we use a temporary intmax_t.

Reviewed-by: Rich Salz <rsalz@openssl.org>

33254e1c

Configure: Clarify the handling of $thread_cflags · 421e30ec
Richard Levitte authored Jan 29, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
421e30ec

Jan 29, 2016

Make opt_imax visible in all apps · ea5e0c1c
Viktor Dukhovni authored Jan 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
ea5e0c1c

Missed rc2_int from before. · 826e9e54

Rich Salz authored Jan 29, 2016



Also remove $Makefile variable :)

Reviewed-by: Andy Polyakov <appro@openssl.org>

826e9e54

Fix invalid policy detection · bc8c34d7

Viktor Dukhovni authored Jan 29, 2016



As a side-effect of opaque x509, ex_flags were looked up too early,
before additional policy cache updates.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

bc8c34d7

Templatize util/domd · ced2c2c5
Rich Salz authored Jan 29, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
ced2c2c5