Commits · ddc06b35565d9f2888e8d946ee7ae292bc902afd · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Feb 03, 2015

Extended master secret extension support. · ddc06b35

Dr. Stephen Henson authored Jan 23, 2015



Add and retrieve extended master secret extension, setting the flag
SSL_SESS_FLAG_EXTMS appropriately.

Note: this just sets the flag and doesn't include the changes to
master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

ddc06b35

Rewrite ssl3_send_client_key_exchange to support extms. · c660ec63

Dr. Stephen Henson authored Jan 23, 2015



Rewrite ssl3_send_client_key_exchange to retain the premaster secret
instead of using it immediately.

This is needed because the premaster secret is used after the client key
exchange message has been sent to compute the extended master secret.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

c660ec63

Utility function to retrieve handshake hashes. · 48fbcbac

Dr. Stephen Henson authored Jan 23, 2015



Retrieve handshake hashes in a separate function. This tidies the existing
code and will be used for extended master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

48fbcbac

Add flags field to SSL_SESSION. · 6f152a15

Dr. Stephen Henson authored Jan 23, 2015



Add a "flags" field to SSL_SESSION. This will contain various flags
such as encrypt-then-mac and extended master secret support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

6f152a15

Check PKCS#8 pkey field is valid before cleansing. · 52e028b9
Dr. Stephen Henson authored Feb 01, 2015
```
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
52e028b9

old_des fix windows build, remove docs · c303d4d8

Rich Salz authored Feb 02, 2015



Remove outdated doc files.
Fix windows build after old_des was removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>

c303d4d8

Feb 02, 2015
- Remove old DES API · 24956ca0
  Rich Salz authored Feb 02, 2015
```
Includes VMS fixes from Richard.
Includes Kurt's destest fixes (RT 1290).
Closes tickets 1290 and 1291

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  24956ca0
- Dead code: if 0 removal from crypto/evp and an unused file. · fd22ab9e
  Rich Salz authored Feb 02, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  fd22ab9e
- Dead code removal; #if 0 from crypto/des · e2f80180
  Rich Salz authored Feb 02, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  e2f80180
- Dead code cleanup: crypto/ec,ecdh,ecdsa · c8fa2356
  Rich Salz authored Feb 02, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  c8fa2356
- Dead code cleanup; remove #if 0 from crypto/engine · f16a64d1
  Rich Salz authored Feb 02, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  f16a64d1
- Dead code cleanup: #if 0 dropped from tests · 9ccc00ef
  Rich Salz authored Feb 02, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  9ccc00ef
- Dead code cleanup: crypto/*.c, x509v3, demos · 7aa0b022
  Rich Salz authored Feb 02, 2015
```
Some of the #if 0 code in demo's was kept, but given helpful #ifdef
names, to show more sample code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  7aa0b022
- cms-test.pl: "localize" /dev/null even further [as follow-up to VMS]. · 5da05a26
  Andy Polyakov authored Jan 30, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  5da05a26
Jan 31, 2015
- Make the libssl opaque changes compile on VMS · 1d4d6857
  Richard Levitte authored Jan 30, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  1d4d6857
- Add changes entry for opaquifying of libssl structures · 78cc1f03
  Matt Caswell authored Jan 28, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  78cc1f03
- Remove OPENSSL_NO_SSL_INTERN as it is now redundant - all internals · 0c283756
  Matt Caswell authored Jan 28, 2015
```
previously protected by this have been moved into non-public headers

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  0c283756
- Make libssl opaque. Move all structures that were previously protected by · b6ba4014
  Matt Caswell authored Jan 27, 2015
```
OPENSSL_NO_SSL_INTERN into internal header files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  b6ba4014
Jan 30, 2015

Build correctly for me on FreeBSD 10. · 4de83857
Ben Laurie authored Jan 30, 2015
```
Reviewed-by: Rich Salz

Don't debug.
```
4de83857

Dead code removal: #if 0 asn1, pkcs7 · 02a938c9

Rich Salz authored Jan 30, 2015



Keep one #if 0 but rename the symbol to be more descriptive of what
it's doing (you can disable support for old broken Netscape software).

Reviewed-by: Tim Hudson <tjh@openssl.org>

02a938c9

Dead code clean: #if 0 removal in apps · 75d0ebef
Rich Salz authored Jan 30, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
75d0ebef
Dead code removal #if 0 engines · d6fbb194
Rich Salz authored Jan 30, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
d6fbb194

Dead code removal: #if 0 conf, dso, pqueue, threads · 6f1a93ad

Rich Salz authored Jan 30, 2015



Mostly, but not completely, debugging print statements.
Some old logic kept for internal documentation reasons, perhaps.

Reviewed-by: Richard Levitte <levitte@openssl.org>

6f1a93ad

modes/gcm128.c: harmonize ctx->ghash assignment, shortcut *_ctr32 · 2e635aa8

Andy Polyakov authored Jan 25, 2015


in OPENSSL_SMALL_FOOTPRINT build, remove undesired reformat artefact
and inconsistency in pre-processor logic.

Reviewed-by: Rich Salz <rsalz@openssl.org>

2e635aa8

modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure · b2991c08

Andy Polyakov authored Jan 25, 2015


on affected platforms (PowerPC and AArch64).

For reference, minimalistic #ifdef GHASH is sufficient, because
it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash
is never referred.

Reviewed-by: Rich Salz <rsalz@openssl.org>

b2991c08

Since SHA0 was completely removed, also remove the related test · 4938ebc4
Richard Levitte authored Jan 30, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
4938ebc4
Update on the use of logical names for OpenSSL configuration · 4fdde1aa
Richard Levitte authored Jan 30, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
4fdde1aa

VMS exit codes weren't handled well enough and were unclear · e00ab250

Richard Levitte authored Jan 30, 2015



Making a specific variable $failure_code and a bit of commenting in the
VMS section should help clear things up.

Reviewed-by: Andy Polyakov <appro@openssl.org>

e00ab250

VMS adjustments: · 09ebad72

Richard Levitte authored Jan 29, 2015



Add missing crypto modules and files to copy to crypto/install-crypto.com

Reviewed-by: Andy Polyakov <appro@openssl.org>

09ebad72

VMS adjustments: · 36ed7adf

Richard Levitte authored Jan 29, 2015



test/cms-test.pl adjusted to handle NL: instead of /dev/null on VMS

Reviewed-by: Andy Polyakov <appro@openssl.org>

36ed7adf

VMS build changes · 36759bb7

Richard Levitte authored Jan 29, 2015



crypto/crypto-lib.com:
 Remove all APPS building, as they are gone.
 Depend on the variable SDIRS that's defined by makevms.com.
 Remake the whole partial module list mechanism to check for variables with a counter.
 Define the logical name INTERNAL to allow for '#include "internal/foo.h"'.

makevms.com:
 Define SDIRS, to allow for removal of crypto modules and pass that information to crypto/crypto-lib.com.
 Allow for experimental modules.
 Update the allowed things to disable.
 Update the things disabled by default to match Configure.
 Update headers to be copied.

Reviewed-by: Andy Polyakov <appro@openssl.org>

36759bb7

VMS adjustments: · 132536f9

Richard Levitte authored Jan 29, 2015



catch up with the Unix build.
A number of new tests, among others test/tocsp.com
Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"'

Reviewed-by: Andy Polyakov <appro@openssl.org>

132536f9

VMS adjustments: · c168a027

Richard Levitte authored Jan 29, 2015



Add new symbols that are longer than 31 chars to symhacks.
VMS doesn't have <sys/un.h>, reflect that in e_os.h.
MS_CALLBACK has been removed, ssl_task.c needs adjustment.

Reviewed-by: Andy Polyakov <appro@openssl.org>

c168a027

dso_vms needs to add the .EXE extension if there is none already · be7b1097
Richard Levitte authored Jan 30, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
be7b1097

Dead code removal: #if 0 bio, comp, rand · 4d428cd2

Rich Salz authored Jan 29, 2015



The start of removing dead code.
A remaining #if 0 in bss_conn.c needs more thought.

Reviewed-by: Richard Levitte <levitte@openssl.org>

4d428cd2

Jan 29, 2015

Make output consistency: remove blank line · 33fc38ff

Rich Salz authored Jan 29, 2015



When you use "-s" in the make flag, you see that engines outputs
a blank line because EDIRS isn't set.  This is a debug echo that
isn't needed.

Reviewed-by: Richard Levitte <levitte@openssl.org>

33fc38ff

clang on Linux x86_64 complains about unreachable code. · c6ef15c4
Richard Levitte authored Jan 29, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
c6ef15c4

Jan 28, 2015

Fix various windows compilation issues · 7317192c
Matt Caswell authored Jan 28, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
7317192c
Fix int/unsigned compiler complaint · 537bf438
Rich Salz authored Jan 28, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
537bf438

Remove support for opaque-prf · 68fd6dce

Rich Salz authored Jan 28, 2015



An expired IETF Internet-Draft (seven years old) that nobody
implements, and probably just as good as NSA DRBG work.

Reviewed-by: Richard Levitte <levitte@openssl.org>

68fd6dce