Commits · f37879d07783a78cda66fd80eaae687dadc7269f · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

14 Feb, 2015 1 commit
- More RSA tests. · f37879d0
  Dr. Stephen Henson authored Feb 14, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  f37879d0
13 Feb, 2015 11 commits

remove unused method declaration · f9e31463
Dr. Stephen Henson authored Feb 13, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
f9e31463

Dr. Stephen Henson authored Feb 13, 2015



Change BUF_MEM_grow and BUF_MEM_grow_clean to return size_t.
Reviewed-by: Richard Levitte <levitte@openssl.org>

e5bf3c92

Add leak detection, fix leaks. · d5ec8efc
Dr. Stephen Henson authored Feb 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
d5ec8efc

Add EVP_PKEY test data. · b9d4e97c

Dr. Stephen Henson authored Feb 12, 2015



Add some EVP_PKEY test data for sign and verify tests including
failure cases.
Reviewed-by: Richard Levitte <levitte@openssl.org>

b9d4e97c

EVP_PKEY support for evp_test · 5824cc29

Dr. Stephen Henson authored Feb 11, 2015



Add two new keywords "PublicKey" and "PrivateKey". These will load a key
in PEM format from the lines immediately following the keyword and assign
it a name according to the value. These will be used later for public and
private key testing operations.

Add tests for Sign, Verify, VerifyRecover and Decrypt.
Reviewed-by: Richard Levitte <levitte@openssl.org>

5824cc29

Add CMAC test data. · 16cb8eb0
Dr. Stephen Henson authored Feb 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
16cb8eb0
Add HMAC test data. · b8c792dc
Dr. Stephen Henson authored Feb 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
b8c792dc
MAC support for evp_test · 83251f39
Dr. Stephen Henson authored Feb 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
83251f39
New macro to set mac key. · eff1a4d2
Dr. Stephen Henson authored Feb 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
eff1a4d2
Return error code is any tests fail. · 6906a7c1
Dr. Stephen Henson authored Feb 10, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
6906a7c1

Transfer a fix from 1.0.1 · 774ccae6

Richard Levitte authored Feb 12, 2015

manually picked from e7b85bc4


Reviewed-by: Stephen Henson <steve@openssl.org>

774ccae6

12 Feb, 2015 5 commits
- RT937: Enable pilotAttributeType uniqueIdentifier · c81f425e
  Rich Salz authored Feb 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  c81f425e
- evp/evp.h: add missing camellia-ctr declarations. · 2b8f33a5
  Andy Polyakov authored Feb 12, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  2b8f33a5
- RT3670: Check return from BUF_MEM_grow_clean · b0333e69
  Graeme Perrow authored Feb 12, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  b0333e69
- RT3684: rand_egd needs stddef.h · 5006c322
  Clang via Jeffrey Walton authored Feb 12, 2015
```
And remove backup definition of offsetof.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  5006c322
- Missing OPENSSL_free on error path. · 1d2932de
  Eric Dequin authored Feb 12, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  1d2932de
11 Feb, 2015 4 commits
- Engage ecp_nistz256-armv4 module. · 7b4a4b71
  Andy Polyakov authored Jan 23, 2015
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  7b4a4b71
- Add ec/asm/ecp_nistz256-armv4.pl module. · 7a6c9a2e
  Andy Polyakov authored Feb 11, 2015
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  7a6c9a2e
- Add Camellia CTR mode. · dda81999
  Andy Polyakov authored Feb 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  dda81999
- Add more Camellia OIDs. · c79e1773
  Andy Polyakov authored Feb 11, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  c79e1773
10 Feb, 2015 14 commits

Add SSL_SESSION_get0_ticket API function. · b7c9187b
Matt Caswell authored Feb 08, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
b7c9187b

Correct reading back of tlsext_tick_lifetime_hint from ASN1. · ea6bd264

Matt Caswell authored Feb 08, 2015



When writing out the hint, if the hint > 0, then we write it out otherwise
we skip it.

Previously when reading the hint back in, if were expecting to see one
(because the ticket length > 0), but it wasn't present then we set the hint
to -1, otherwise we set it to 0. This fails to set the hint to the same as
when it was written out.

The hint should never be negative because the RFC states the hint is
unsigned. It is valid for a server to set the hint to 0 (this means the
lifetime is unspecified according to the RFC). If the server set it to 0, it
should still be 0 when we read it back in.

Reviewed-by: Tim Hudson <tjh@openssl.org>

ea6bd264

Provide the API functions SSL_SESSION_has_ticket and · f2baac27

Matt Caswell authored Feb 08, 2015


SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as
required to fix Qt for OpenSSL 1.1.0. I have also added the former in order
to determine whether a ticket is present or not - otherwise it is difficult
to know whether a zero lifetime hint is because the server set it to 0, or
because there is no ticket.

Reviewed-by: Tim Hudson <tjh@openssl.org>

f2baac27

Make tlsext_tick_lifetime_hint an unsigned long (from signed long). · 75ea3632

Matt Caswell authored Feb 08, 2015



From RFC4507:
"The ticket_lifetime_hint field contains a hint from the server about how
long the ticket should be stored.  The value indicates the lifetime in
seconds as a 32-bit unsigned integer in network byte order."

Reviewed-by: Tim Hudson <tjh@openssl.org>

75ea3632

ec/ecp_nistz256.c: fix compiler warnings. · 5afc296a
Andy Polyakov authored Feb 10, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
5afc296a
Configure: disable warning C4090 in Windows builds. · ea5f8411
Andy Polyakov authored Feb 10, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
ea5f8411
ec/asm/ecp_nistz256-x86.pl: fix typos (error shows in Windows build). · 50292917
Andy Polyakov authored Feb 10, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
50292917

New evp_test updates. · b033e5d5

Dr. Stephen Henson authored Feb 09, 2015



Print usage message.

Print expected and got values if mismatch.
Reviewed-by: Andy Polyakov <appro@openssl.org>

b033e5d5

Add new test file. · 7303b472
Dr. Stephen Henson authored Feb 09, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
7303b472
Initial version of new evp_test program. · 307e3978
Dr. Stephen Henson authored Feb 09, 2015
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
307e3978

Fix hostname validation in the command-line tool to honour negative return values. · 0923e7df

Emilia Kasper authored Feb 05, 2015



Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>

0923e7df

Remove some functions that are no longer used and break the build with: · efb45973
Matt Caswell authored Feb 10, 2015
```
./config --strict-warnings enable-deprecated

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
efb45973
HMAC_cleanup, and HMAC_Init are stated as deprecated in the docs and source. · 00a5a74b
Matt Caswell authored Feb 10, 2015
```
Mark them as such with OPENSSL_USE_DEPRECATED

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
00a5a74b

Remove -DOPENSSL_NO_DEPRECATED from --strict-warnings flags. · a8b4e057

Matt Caswell authored Feb 10, 2015



In master OPENSSL_NO_DEPRECATED is the default anyway. By including it in
--strict-warnings as well this means you cannot combine enable-deprecated
with --strict-warnings.

Reviewed-by: Tim Hudson <tjh@openssl.org>

a8b4e057

09 Feb, 2015 5 commits
- Engage ecp_nistz256-x86 module. · 79ee5afa
  Andy Polyakov authored Feb 09, 2015
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  79ee5afa
- Add ec/asm/ecp_nistz256-x86.pl module. · aa9db2d2
  Andy Polyakov authored Feb 09, 2015
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  aa9db2d2
- Support for alternative KDFs. · d6c5462e
  Dr. Stephen Henson authored Feb 06, 2015
```
Don't hard code NID_id_pbkdf2 in PBES2: look it up in PBE table.
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
  d6c5462e
- Bring objects.pl output even closer to new format. · 84903716
  Andy Polyakov authored Feb 09, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  84903716
- bn/bn_add.c: fix dead code elimination that went bad. · c2cfc956
  Andy Polyakov authored Feb 09, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  c2cfc956