Commits · eff1a4d24f3f23b48984b7b60d4c343a3a995f38 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Feb 13, 2015
- New macro to set mac key. · eff1a4d2
  Dr. Stephen Henson authored Feb 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  eff1a4d2
- Return error code is any tests fail. · 6906a7c1
  Dr. Stephen Henson authored Feb 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  6906a7c1
- Transfer a fix from 1.0.1 · 774ccae6
  Richard Levitte authored Feb 12, 2015
```
manually picked from e7b85bc4


Reviewed-by: Stephen Henson <steve@openssl.org>
```
  774ccae6
Feb 12, 2015
- RT937: Enable pilotAttributeType uniqueIdentifier · c81f425e
  Rich Salz authored Feb 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  c81f425e
- evp/evp.h: add missing camellia-ctr declarations. · 2b8f33a5
  Andy Polyakov authored Feb 12, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  2b8f33a5
- RT3670: Check return from BUF_MEM_grow_clean · b0333e69
  Graeme Perrow authored Feb 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  b0333e69
- RT3684: rand_egd needs stddef.h · 5006c322
  Clang via Jeffrey Walton authored Feb 12, 2015
```
And remove backup definition of offsetof.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  5006c322
- Missing OPENSSL_free on error path. · 1d2932de
  Eric Dequin authored Feb 12, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  1d2932de
Feb 11, 2015
- Engage ecp_nistz256-armv4 module. · 7b4a4b71
  Andy Polyakov authored Jan 23, 2015
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  7b4a4b71
- Add ec/asm/ecp_nistz256-armv4.pl module. · 7a6c9a2e
  Andy Polyakov authored Feb 11, 2015
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  7a6c9a2e
- Add Camellia CTR mode. · dda81999
  Andy Polyakov authored Feb 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  dda81999
- Add more Camellia OIDs. · c79e1773
  Andy Polyakov authored Feb 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  c79e1773
Feb 10, 2015

Add SSL_SESSION_get0_ticket API function. · b7c9187b
Matt Caswell authored Feb 08, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
b7c9187b

Correct reading back of tlsext_tick_lifetime_hint from ASN1. · ea6bd264

Matt Caswell authored Feb 08, 2015



When writing out the hint, if the hint > 0, then we write it out otherwise
we skip it.

Previously when reading the hint back in, if were expecting to see one
(because the ticket length > 0), but it wasn't present then we set the hint
to -1, otherwise we set it to 0. This fails to set the hint to the same as
when it was written out.

The hint should never be negative because the RFC states the hint is
unsigned. It is valid for a server to set the hint to 0 (this means the
lifetime is unspecified according to the RFC). If the server set it to 0, it
should still be 0 when we read it back in.

Reviewed-by: Tim Hudson <tjh@openssl.org>

ea6bd264

Provide the API functions SSL_SESSION_has_ticket and · f2baac27

Matt Caswell authored Feb 08, 2015


SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as
required to fix Qt for OpenSSL 1.1.0. I have also added the former in order
to determine whether a ticket is present or not - otherwise it is difficult
to know whether a zero lifetime hint is because the server set it to 0, or
because there is no ticket.

Reviewed-by: Tim Hudson <tjh@openssl.org>

f2baac27

Make tlsext_tick_lifetime_hint an unsigned long (from signed long). · 75ea3632

Matt Caswell authored Feb 08, 2015



From RFC4507:
"The ticket_lifetime_hint field contains a hint from the server about how
long the ticket should be stored.  The value indicates the lifetime in
seconds as a 32-bit unsigned integer in network byte order."

Reviewed-by: Tim Hudson <tjh@openssl.org>

75ea3632

ec/ecp_nistz256.c: fix compiler warnings. · 5afc296a
Andy Polyakov authored Feb 10, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
5afc296a
Configure: disable warning C4090 in Windows builds. · ea5f8411
Andy Polyakov authored Feb 10, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
ea5f8411
ec/asm/ecp_nistz256-x86.pl: fix typos (error shows in Windows build). · 50292917
Andy Polyakov authored Feb 10, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
50292917

New evp_test updates. · b033e5d5

Dr. Stephen Henson authored Feb 09, 2015



Print usage message.

Print expected and got values if mismatch.
Reviewed-by: Andy Polyakov <appro@openssl.org>

b033e5d5

Add new test file. · 7303b472
Dr. Stephen Henson authored Feb 09, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
7303b472
Initial version of new evp_test program. · 307e3978
Dr. Stephen Henson authored Feb 09, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
307e3978

Fix hostname validation in the command-line tool to honour negative return values. · 0923e7df

Emilia Kasper authored Feb 05, 2015



Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>

0923e7df

Remove some functions that are no longer used and break the build with: · efb45973
Matt Caswell authored Feb 10, 2015
```
./config --strict-warnings enable-deprecated

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
efb45973
HMAC_cleanup, and HMAC_Init are stated as deprecated in the docs and source. · 00a5a74b
Matt Caswell authored Feb 10, 2015
```
Mark them as such with OPENSSL_USE_DEPRECATED

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
00a5a74b

Remove -DOPENSSL_NO_DEPRECATED from --strict-warnings flags. · a8b4e057

Matt Caswell authored Feb 10, 2015



In master OPENSSL_NO_DEPRECATED is the default anyway. By including it in
--strict-warnings as well this means you cannot combine enable-deprecated
with --strict-warnings.

Reviewed-by: Tim Hudson <tjh@openssl.org>

a8b4e057

Feb 09, 2015
- Engage ecp_nistz256-x86 module. · 79ee5afa
  Andy Polyakov authored Feb 09, 2015
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  79ee5afa
- Add ec/asm/ecp_nistz256-x86.pl module. · aa9db2d2
  Andy Polyakov authored Feb 09, 2015
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  aa9db2d2
- Support for alternative KDFs. · d6c5462e
  Dr. Stephen Henson authored Feb 06, 2015
```
Don't hard code NID_id_pbkdf2 in PBES2: look it up in PBE table.
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  d6c5462e
- Bring objects.pl output even closer to new format. · 84903716
  Andy Polyakov authored Feb 09, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  84903716
- bn/bn_add.c: fix dead code elimination that went bad. · c2cfc956
  Andy Polyakov authored Feb 09, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  c2cfc956
- Fix memory leak reporting. · 9c7a780b
  Dr. Stephen Henson authored Feb 08, 2015
```
Free up bio_err after memory leak data has been printed to it.

In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  9c7a780b
- Remove obsolete IMPLEMENT_ASN1_SET_OF · 259c360d
  Dr. Stephen Henson authored Feb 09, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  259c360d
- evp/e_aes.c: fix pair of SPARC T4-specific problems: · bdc985b1
  Andy Polyakov authored Feb 09, 2015
```
- SIGSEGV/ILL in CCM (RT#3688);
- SIGBUS in OCB;

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  bdc985b1
- Remove stray "=back". This was causing newer versions of pod2man to choke. · 0350ef69
  Matt Caswell authored Feb 08, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  0350ef69
- Harmonize objects.pl output with new format. · 7ce38623
  Andy Polyakov authored Feb 07, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  7ce38623
- des/asm/des_enc.m4: fix brown-bag typo in last commit. · 719122c7
  Andy Polyakov authored Feb 09, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  719122c7
Feb 08, 2015

Final (for me, for now) dead code cleanup · 06cf881a

Rich Salz authored Feb 08, 2015



This is a final pass looking for '#if 0'/'#if 1' controls and
removing the appropriate pieces.

Reviewed-by: Andy Polyakov <appro@openssl.org>

06cf881a

Feb 07, 2015

Apache Traffic Server has a need to set the rbio without touching the wbio. · 3ffbe008

Matt Caswell authored Feb 07, 2015


There is no mechanism to do that at the moment - SSL_set_bio makes changes
to the wbio even if you pass in SSL_get_wbio().

This commit introduces two new API functions SSL_set_rbio() and
SSL_set_wbio(). These do the same job as SSL_set_bio() except they enable
you to manage the rbio and wbio individually.

Reviewed-by: Tim Hudson <tjh@openssl.org>

3ffbe008

Feb 06, 2015

ui_compat cleanup; makefiles and vms · 05c3234d

Rich Salz authored Feb 06, 2015



Remove ui_compat.h from Makefile dependencies
And from two VMS build/install scripts.

Reviewed-by: Matt Caswell <matt@openssl.org>

05c3234d