Commits · c3be59a47cdb959e9bfc33880dc29b7b66334747 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

09 Jan, 2016 3 commits
- Correct header defines · c3be59a4
  Dr. Stephen Henson authored Jan 08, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
  c3be59a4
- remove hard coded algorithms · a9988d54
  Dr. Stephen Henson authored Jan 08, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
  a9988d54
- Recognise disabled algorithms automatically. · 2854c798
  Dr. Stephen Henson authored Jan 07, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
  2854c798
08 Jan, 2016 11 commits

Fix no CRYPTO_MDEBUG build (windows) · 6ac11bd0

Rich Salz authored Jan 07, 2016



In order for mkdep to find #ifdef'd functions, they must be
wrapped (in the header file) with
        #ifndef OPENSSL_NO_...
So do that for various CRYPTO_mem_debug... things.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

6ac11bd0

Fixup actually update danetest.c · 8da94770
Viktor Dukhovni authored Jan 07, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
8da94770
Another portability fix. · f232d6ec
Rich Salz authored Jan 08, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
f232d6ec
Update comment as bn_dup_expand is gone · 8707e3be
Viktor Dukhovni authored Jan 07, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
8707e3be
Simplify deprecated declaration exception · 64c711cd
Viktor Dukhovni authored Jan 07, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
64c711cd

Portability fix for apps/s_client.c · 7ff970ef

Rich Salz authored Jan 08, 2016



Make some local variables and a table of them be static.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

7ff970ef

DANE CHANGES · 59fd40d4
Viktor Dukhovni authored Jan 07, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
59fd40d4
Fix some typos in comments · 60d8edbc
Viktor Dukhovni authored Jan 06, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
60d8edbc

Backwards-compatibility subject to OPENSSL_API_COMPAT · 98186eb4

Viktor Dukhovni authored Jan 04, 2016



Provide backwards-compatiblity for functions, macros and include
files if OPENSSL_API_COMPAT is either not defined or defined less
than the version number of the release in which the feature was
deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>

98186eb4

DANE s_client support · cddd424a
Viktor Dukhovni authored Dec 29, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
cddd424a
Remove all remaining traces if PEM_Seal · 0c1badc8
Richard Levitte authored Jan 07, 2016
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
0c1badc8

07 Jan, 2016 14 commits

Minor test update · 21fa90b2

Viktor Dukhovni authored Jan 07, 2016



* Remove extraneous test/Makefile.orig
* Use basedomain instead of argv[1] in test/danetest.c

Reviewed-by: Rich Salz <rsalz@openssl.org>

21fa90b2

Fix another build break for no-mem-debug · 7b0a09f9
Rich Salz authored Jan 07, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
7b0a09f9

Fix build-break; 'make update' · ebd8df0e

Rich Salz authored Jan 07, 2016

Commit bbd86bf5 broke certain builds.
Commit 0674427f

 missing 'make update'

Reviewed-by: Richard Levitte <levitte@openssl.org>

ebd8df0e

mem functions cleanup · bbd86bf5

Rich Salz authored Jan 07, 2016



Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
        (Thanks to Jakob Bohm for the suggestion!)
Make the "change wrapper functions" be the only paradigm.
Wrote documentation!
Format the 'set func' functions so their paramlists are legible.
Format some multi-line comments.
Remove ability to get/set the "memory debug" functions at runtme.
Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
Add CRYPTO_mem_debug(int flag) function.
Add test/memleaktest.
Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.

Reviewed-by: Richard Levitte <levitte@openssl.org>

bbd86bf5

Remove the old VMS linker option file creator for shlibs · 3cb8c326
Richard Levitte authored Jan 07, 2016
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
3cb8c326
Enhance util/mkdef.pl to provide a VMS linker option file for shlibs · a388633d
Richard Levitte authored Jan 07, 2016
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
a388633d

Remove crypto/pem/pem_seal.c · 0674427f

Richard Levitte authored Jan 07, 2016



It's functionality appears unused.  If we're wrong, we will revert.

Reviewed-by: Rich Salz <rsalz@openssl.org>

0674427f

DANE support for X509_verify_cert() · 170b7358
Viktor Dukhovni authored Dec 29, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
170b7358
use more descriptive name DEFINE_STACK_OF_CONST · a8eba56e
Dr. Stephen Henson authored Jan 07, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
a8eba56e

Only declare stacks in headers · 4a1f3f27

Dr. Stephen Henson authored Jan 06, 2016



Don't define stacks in C source files: it causes warnings
about unused functions in some compilers.

Reviewed-by: Richard Levitte <levitte@openssl.org>

4a1f3f27

Rename DECLARE*STACK_OF to DEFINE*STACK_OF · 85885715

Dr. Stephen Henson authored Dec 28, 2015



Applications wishing to include their own stacks now just need to include

DEFINE_STACK_OF(foo)

in a header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>

85885715

remove unused PREDECLARE · c5e0c540
Dr. Stephen Henson authored Dec 27, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
c5e0c540
Fix declarations and constification for inline stack. · 4a640fb6
Dr. Stephen Henson authored Dec 23, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
4a640fb6

Change STACK_OF to use inline functions. · 411abf2d

Dr. Stephen Henson authored Dec 23, 2015

Change DECLARE_STACK_OF into inline functions. This avoids the need for
auto generated mkstack.pl macros and now handles const properly.

Reviewed-by: Richard Levitte <levitte@openssl.org>

411abf2d

06 Jan, 2016 5 commits

DANE make update · 249d9719
Viktor Dukhovni authored Dec 29, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
249d9719
DANE documentation typos · 63b65834
Viktor Dukhovni authored Jan 06, 2016
```
Reported-by: Claus Assmann

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
63b65834
Remove more (rest?) of FIPS build stuff. · 700b4a4a
Rich Salz authored Dec 14, 2015
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
700b4a4a
Remove some unused perl scripts · 0b0443af
Rich Salz authored Dec 17, 2015
```
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
```
0b0443af

DANE support structures, constructructors and accessors · 919ba009

Viktor Dukhovni authored Dec 29, 2015



Also tweak some of the code in demos/bio, to enable interactive
testing of BIO_s_accept's use of SSL_dup.  Changed the sconnect
client to authenticate the server, which now exercises the new
SSL_set1_host() function.

Reviewed-by: Richard Levitte <levitte@openssl.org>

919ba009

03 Jan, 2016 4 commits
- Fix X509_STORE_CTX_cleanup() · e29c73c9
  Viktor Dukhovni authored Jan 01, 2016
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
  e29c73c9
- Drop incorrect id == -1 case from X509_check_trust · 0e7abc90
  Viktor Dukhovni authored Dec 29, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  0e7abc90
- X509_verify_cert() cleanup · d9b8b89b
  Viktor Dukhovni authored Dec 29, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  d9b8b89b
- Cleanup of verify(1) failure output · 63c6aa6b
  Viktor Dukhovni authored Jan 01, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  63c6aa6b
02 Jan, 2016 3 commits

Instead of a local hack, implement SIZE_MAX in numbers.h if it's missing · 1de1d768
Richard Levitte authored Jan 02, 2016
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
1de1d768

Fix a possible memleak · 6aa0ba4b

Richard Levitte authored Dec 18, 2015



If there's a failure allocating md_data, the destination pctx will have
a shared pointer with the source EVP_MD_CTX, which will lead to problems
when either the source or the destination is freed.

Reviewed-by: Stephen Henson <steve@openssl.org>

6aa0ba4b

Protocol version selection and negotiation rewrite · 4fa52141

Viktor Dukhovni authored Dec 29, 2015



The protocol selection code is now consolidated in a few consecutive
short functions in a single file and is table driven.  Protocol-specific
constraints that influence negotiation are moved into the flags
field of the method structure.  The same protocol version constraints
are now applied in all code paths.  It is now much easier to add
new protocol versions without reworking the protocol selection
logic.

In the presence of "holes" in the list of enabled client protocols
we no longer select client protocols below the hole based on a
subset of the constraints and then fail shortly after when it is
found that these don't meet the remaining constraints (suiteb, FIPS,
security level, ...).  Ideally, with the new min/max controls users
will be less likely to create "holes" in the first place.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

4fa52141