Matt Caswell [Thu, 5 Nov 2015 14:31:11 +0000 (14:31 +0000)]
Fix error when server does not send CertificateStatus message
If a server sends the status_request extension then it may choose
to send the CertificateStatus message. However this is optional.
We were treating it as mandatory and the connection was failing.
Thanks to BoringSSL for reporting this issue.
RT#4120
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Matt Caswell [Thu, 5 Nov 2015 14:08:54 +0000 (14:08 +0000)]
Add test for missing CertificateStatus message
If the client sends a status_request extension in the ClientHello
and the server responds with a status_request extension in the
ServerHello then normally the server will also later send a
CertificateStatus message. However this message is *optional* even
if the extensions were sent. This adds a test to ensure that if
the extensions are sent then we can still omit the message.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Dr. Stephen Henson [Thu, 24 Dec 2015 00:23:29 +0000 (00:23 +0000)]
fix no-ec
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Thu, 17 Dec 2015 00:05:26 +0000 (00:05 +0000)]
Server side EVP_PKEY DH support
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Fri, 18 Dec 2015 15:58:28 +0000 (15:58 +0000)]
utility function
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Thu, 17 Dec 2015 01:07:46 +0000 (01:07 +0000)]
EVP_PKEY DH client support.
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Thu, 17 Dec 2015 02:57:20 +0000 (02:57 +0000)]
Always generate DH keys for ephemeral DH cipher suites.
Reviewed-by: Matt Caswell <matt@openssl.org>
Daniel Kahn Gillmor [Wed, 23 Dec 2015 20:03:32 +0000 (21:03 +0100)]
The functions take a SSL *, not a SSL_CTX *
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
RT: #4192, MR: #1533
Roumen Petrov [Mon, 21 Dec 2015 16:45:06 +0000 (18:45 +0200)]
redundant redeclaration of 'OPENSSL_strlcpy'
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #1523
Roumen Petrov [Thu, 3 Dec 2015 21:43:24 +0000 (23:43 +0200)]
__STDC_VERSION__ is not defined for c89 compilers
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #1522
Roumen Petrov [Sat, 21 Mar 2015 13:29:25 +0000 (15:29 +0200)]
remove duplicates in util/libeay.num
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
RT: #4195, MR: #1521
Kurt Roeckx [Tue, 22 Dec 2015 12:48:01 +0000 (13:48 +0100)]
Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER and SSL_OP_TLS_D5_BUG support.
Suggested by David Benjamin
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
MR: #1520
Kurt Roeckx [Tue, 22 Dec 2015 12:11:59 +0000 (13:11 +0100)]
Avoid using a dangling pointer when removing the last item
When it's the last item that is removed int_thread_hash == hash and we would
still call int_thread_release(&hash) while hash is already freed. So
int_thread_release would compare that dangling pointer to NULL which is
undefined behaviour. Instead do already what int_thread_release() would do,
and make the call do nothing instead.
Reviewed-by: Rich Salz <rsalz@openssl.org>
RT: #4155, MR: #1519
Todd Short [Tue, 22 Dec 2015 16:49:36 +0000 (11:49 -0500)]
Memory leak in state machine in error path
When EC is disabled, and an error occurs in ssl_generate_master_secret()
or RAND_bytes(), the error path does not free rsa_decrypt.
RT#4197
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Wed, 23 Dec 2015 10:40:43 +0000 (11:40 +0100)]
Refactor DTLS cookie generation and verification
DTLS cookie generation and verification were exact copies of each
other save the last few lines. This refactors them to avoid code
copying.
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Wed, 23 Dec 2015 09:45:02 +0000 (09:45 +0000)]
Fix inline build failure
After the recent change to use ossl_inline, builds were failing on some
platforms due to a missing usage of "inline".
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 22 Dec 2015 16:07:24 +0000 (16:07 +0000)]
Add ossl_inline
Add macro ossl_inline for use in public headers where a portable inline
is required. Change existing inline to use ossl_inline
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Dr. Stephen Henson [Tue, 22 Dec 2015 19:20:11 +0000 (19:20 +0000)]
add -unref option to mkerr.pl
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Tue, 22 Dec 2015 16:52:27 +0000 (16:52 +0000)]
In mkerr.pl look in directories under ssl/
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Tue, 22 Dec 2015 16:16:35 +0000 (16:16 +0000)]
remove unused error code
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Tue, 22 Dec 2015 15:16:56 +0000 (15:16 +0000)]
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 22 Dec 2015 03:49:02 +0000 (03:49 +0000)]
unload modules in ssltest
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Mon, 21 Dec 2015 19:34:23 +0000 (19:34 +0000)]
make errors
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 9 Jul 2015 17:43:30 +0000 (18:43 +0100)]
SSL configuration module docs
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 9 Jul 2015 17:24:24 +0000 (18:24 +0100)]
Demo server using SSL_CTX_config
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 8 Jul 2015 22:09:52 +0000 (23:09 +0100)]
Add ssl configuration support to s_server and s_client
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Thu, 23 Apr 2015 20:03:44 +0000 (21:03 +0100)]
Load module in SSL_library_init
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sun, 19 Apr 2015 12:14:40 +0000 (13:14 +0100)]
Add ssl_mcnf.c to Makefile
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sat, 14 Mar 2015 01:36:30 +0000 (01:36 +0000)]
SSL library configuration module.
This adds support for SSL/TLS configuration using configuration modules.
Sets of command value pairs are store and can be replayed through an
SSL_CTX or SSL structure using SSL_CTX_config or SSL_config.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Thu, 17 Dec 2015 04:02:47 +0000 (23:02 -0500)]
Cleanup CRYPTO_{push,pop}_info
Rename to OPENSSL_mem_debug_{push,pop}.
Remove simple calls; keep only calls used in recursive functions.
Ensure we always push, to simplify so that we can always pop
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Wed, 16 Dec 2015 21:51:12 +0000 (16:51 -0500)]
Rename *_realloc_clean to *_clear_realloc
Just like *_clear_free routines. Previously undocumented, used
a half-dozen times within OpenSSL source.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Kurt Roeckx [Tue, 22 Dec 2015 10:26:39 +0000 (11:26 +0100)]
Also change the non-debug versions to use size_t
Reviewed-by: Richard Levitte <levitte@openssl.org>
MR: #1518
David Benjamin [Thu, 17 Dec 2015 19:11:11 +0000 (20:11 +0100)]
Fix memory leak in DSA redo case.
Found by clang scan-build.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
RT: #4184, MR: #1496
Andy Polyakov [Mon, 21 Dec 2015 13:29:02 +0000 (14:29 +0100)]
Configure: refine 'reconf' logic.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Mon, 21 Dec 2015 13:26:12 +0000 (14:26 +0100)]
bn/asm/bn-c64xplus.asm: update commentary.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Tue, 15 Dec 2015 20:43:56 +0000 (21:43 +0100)]
sha/asm/sha256-armv4.pl: one of "universal" flags combination didn't compile.
(and unify table address calculation in ARMv8 code path).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Sat, 19 Dec 2015 14:38:17 +0000 (14:38 +0000)]
Fix URLs mangled by reformat
Some URLs in the source code ended up getting mangled by indent. This fixes
it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Fri, 18 Dec 2015 23:09:05 +0000 (00:09 +0100)]
Fix the etags action line, as etags doesn't take -R
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Tue, 15 Dec 2015 23:57:18 +0000 (23:57 +0000)]
Remove fixed DH ciphersuites.
Remove all fixed DH ciphersuites and associated logic.
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Sat, 19 Dec 2015 14:59:40 +0000 (14:59 +0000)]
delete unused context
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Fri, 18 Dec 2015 18:18:31 +0000 (13:18 -0500)]
Remove some L<asdf|asdf> which crept back in.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Fri, 18 Dec 2015 18:26:17 +0000 (13:26 -0500)]
Remove err and prime demo's
ERR is not really a public facility; remove the demo.
prime shows how to generate a prime. See apps.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Fri, 18 Dec 2015 12:08:40 +0000 (13:08 +0100)]
Remove the "eay" c-file-style indicators
Since we don't use the eay style any more, there's no point tryint to
tell emacs to use it.
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Thu, 17 Dec 2015 10:01:14 +0000 (10:01 +0000)]
Add SSL_CIPHER_description() for Chacha20/Poly1305
SSL_CIPHER_description() was returning "unknown" for the encryption
in the new ChaCha20/Poly1305 TLS ciphersuites.
RT#4183
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Thu, 17 Dec 2015 07:24:26 +0000 (08:24 +0100)]
Modify the lower level memory allocation routines to take size_t
We've been using int for the size for a long time, it's about time...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Wed, 16 Dec 2015 21:31:02 +0000 (16:31 -0500)]
mem-cleanup, cont'd.
Remove LEVITTE_DEBUG_MEM.
Remove {OPENSSL,CRYPTO}_remalloc.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Rich Salz [Wed, 16 Dec 2015 22:05:20 +0000 (17:05 -0500)]
Rename sec_mem to mem_sec, like other files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Wed, 16 Dec 2015 22:58:32 +0000 (17:58 -0500)]
Fix typo.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Thu, 10 Dec 2015 17:31:01 +0000 (12:31 -0500)]
Provide better "make depend" warning.
Reviewed-by: Matt Caswell <matt@openssl.org>
Ben Laurie [Wed, 16 Dec 2015 13:25:07 +0000 (13:25 +0000)]
Fix no-dgram.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Wed, 16 Dec 2015 21:12:24 +0000 (16:12 -0500)]
Rename some BUF_xxx to OPENSSL_xxx
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Wed, 16 Dec 2015 14:45:40 +0000 (14:45 +0000)]
fix for no-ec
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Wed, 16 Dec 2015 13:21:52 +0000 (13:21 +0000)]
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Mon, 14 Dec 2015 00:33:33 +0000 (00:33 +0000)]
Use EVP_PKEY for client side EC.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sun, 13 Dec 2015 13:41:32 +0000 (13:41 +0000)]
Use EVP_PKEY for server EC.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 15 Dec 2015 18:15:16 +0000 (18:15 +0000)]
Add ECDH/DH utility functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sun, 13 Dec 2015 00:18:31 +0000 (00:18 +0000)]
remove unnecessary key copy
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sun, 13 Dec 2015 00:11:42 +0000 (00:11 +0000)]
Constify EC_KEY in ECDH_compute_key.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sat, 12 Dec 2015 17:41:18 +0000 (17:41 +0000)]
Remove ECDH client auth code.
Remove incomplete non-functional ECDH client authentication code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sat, 12 Dec 2015 14:00:01 +0000 (14:00 +0000)]
Remove SSL_OP_SINGLE_ECDH_USE code.
Since auto ecdh is now always used SSL_OP_SINGLE_ECDH_USE is
redundant. Simplify associated code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sat, 12 Dec 2015 01:13:42 +0000 (01:13 +0000)]
Use EC_KEY_key2buf and EC_oct2key in libssl.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sat, 12 Dec 2015 01:04:25 +0000 (01:04 +0000)]
New EC functions.
New functions EC_POINT_point2buf and EC_KEY_key2buf which encode
a point and allocate a buffer in one call.
New function EC_KEY_oct2key() which sets public key in an EC_KEY
structure from an encoded point.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 15 Dec 2015 23:35:31 +0000 (23:35 +0000)]
Fix build on Solaris
Solaris builds were failing during async compilation because the .o files
created from compiling the corresponding .c files held in async/arch were
ending up in the top level async directory. Consequently the link fails
because it can't find the .o files.
Thanks to Richard Levitte for pointing me in the right direction on this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 15 Dec 2015 13:06:26 +0000 (13:06 +0000)]
Fix updating via mkdef.pl
The previous commit introduced a new file format for ssleay.num and
libeay.num, i.e. the introduction of a version field. Therefore the update
capability in mkdef.pl needs updating to take account of the new format.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 14 Dec 2015 09:22:58 +0000 (09:22 +0000)]
Don't export internal symbols
On Linux when creating the .so file we were exporting all symbols. We should
only be exporting public symbols. This commit fixes the issue. It is only
applicable to linux currently although the same technique may work for other
platforms (e.g. Solaris should work the same way).
This also adds symbol version information to our exported symbols.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Tue, 15 Dec 2015 15:54:22 +0000 (16:54 +0100)]
Better splitting regexp for test_ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Mon, 14 Dec 2015 18:34:14 +0000 (13:34 -0500)]
Remove GMP engine.
Reviewed-by: Ben Laurie <ben@openssl.org>
Matt Caswell [Tue, 15 Dec 2015 10:43:44 +0000 (10:43 +0000)]
Fix s_server problem with no-ec
s_server was trying to set the ECDH curve when no-ec was defined. This also
highlighted the fact that the -no_ecdhe option to s_server is broken, and
doesn't make any sense any more (ECDHE is on by default and the only way it
can be disabled is through the cipherstring). Therefore this commit removes
the option.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Matt Caswell [Mon, 14 Dec 2015 09:58:55 +0000 (09:58 +0000)]
Fix no-psk compile failure
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Mon, 14 Dec 2015 09:57:06 +0000 (09:57 +0000)]
Fix compile failure with no-srp
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Mon, 14 Dec 2015 18:10:16 +0000 (18:10 +0000)]
Update EVP_PKEY documentation.
Add EVP_PKEY_up_ref() documentation and fix various typos.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Dr. Stephen Henson [Mon, 14 Dec 2015 14:15:45 +0000 (14:15 +0000)]
make update
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Dr. Stephen Henson [Mon, 14 Dec 2015 13:13:32 +0000 (13:13 +0000)]
New function X509_get0_pubkey
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Dr. Stephen Henson [Sun, 13 Dec 2015 17:57:01 +0000 (17:57 +0000)]
Add EVP_PKEY_get0_* functions.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Dr. Stephen Henson [Sun, 13 Dec 2015 17:28:40 +0000 (17:28 +0000)]
Extend EVP_PKEY_copy_parameters()
Make EVP_PKEY_copy_parameters() work if the destination has no type
(e.g. if obtained from EVP_PKEY_new()) or the underlying key is NULL.
This is useful where we want to copy the parameters from an existing
key to a new key.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Emilia Kasper [Mon, 14 Dec 2015 15:38:15 +0000 (16:38 +0100)]
Fix a ** 0 mod 1 = 0 for real this time.
Commit
2b0180c37fa6ffc48ee40caa831ca398b828e680 attempted to do this but
only hit one of many BN_mod_exp codepaths. Fix remaining variants and add
a test for each method.
Thanks to Hanno Boeck for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Andy Polyakov [Fri, 13 Nov 2015 23:16:37 +0000 (00:16 +0100)]
crpyto/ppccpuid.pl: add FPU probe and fix OPENSSL_rdtsc.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Andy Polyakov [Fri, 13 Nov 2015 23:10:19 +0000 (00:10 +0100)]
crypto/ppccap.c: add SIGILL-free processor capability detection code.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Hongze Zhu [Mon, 14 Dec 2015 09:38:56 +0000 (17:38 +0800)]
add malloc fail check & fix memory leak
Signed-off-by: Hongze Zhu <hongze.zhu@gmail.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Viktor Dukhovni [Mon, 14 Dec 2015 01:30:16 +0000 (20:30 -0500)]
Fix erroneous SO suffix in darwin64-debug-test-64-clang target
Reviewed-by: Richard Levitte <levitte@openssl.org>
Ben Kaduk [Mon, 14 Dec 2015 03:02:52 +0000 (22:02 -0500)]
Fix typo
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Viktor Dukhovni [Mon, 14 Dec 2015 01:25:16 +0000 (20:25 -0500)]
Fix option value parsing in crl2pkcs7 -certfile
Reviewed-by: Rich Saltz <rsalz@openssl.org>
Viktor Dukhovni [Sun, 13 Dec 2015 07:51:44 +0000 (02:51 -0500)]
Avoid erroneous "assert(private)" failures.
When processing a public key input via "-pubin", "private" was
sometimes erroneously set, or else not set and incorrectly asserted.
Reviewed-by: Rich salz <rsalz@openssl.org>
Andy Polyakov [Mon, 7 Dec 2015 21:59:11 +0000 (22:59 +0100)]
x86_64 assembly pack: tune clang version detection even further.
RT#4171
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Andy Polyakov [Sat, 12 Dec 2015 11:29:37 +0000 (12:29 +0100)]
Configure: add framework for ChaCha and Poly1305 assembly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Sat, 12 Dec 2015 11:23:41 +0000 (12:23 +0100)]
Configure: 'reconf' to respect CROSS_COMPILE and CC.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Ben Laurie [Sun, 13 Dec 2015 15:07:54 +0000 (15:07 +0000)]
Don't use EC when no-ec.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Ben Laurie [Sun, 13 Dec 2015 05:51:03 +0000 (05:51 +0000)]
Remove no longer existant structure member and direct references to EVP_MD_CTX internals.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Ben Laurie [Sun, 13 Dec 2015 09:34:36 +0000 (09:34 +0000)]
Fix (incorrect) uninitialised variable warning.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Sun, 13 Dec 2015 03:01:26 +0000 (03:01 +0000)]
fix warning
Reviewed-by: Ben Laurie <ben@openssl.org>
Dr. Stephen Henson [Sat, 12 Dec 2015 18:39:38 +0000 (18:39 +0000)]
remove ancient SSLeay bug workaround
Reviewed-by: Matt Caswell <matt@openssl.org>
tjmao [Fri, 11 Dec 2015 19:48:09 +0000 (14:48 -0500)]
Allow ChaCha20-Poly1305 in DTLS
GCM and CCM are modes of operation for block ciphers only. ChaCha20-Poly1305
operates in neither of them but it is AEAD. This change also enables future
AEAD ciphers to be available for use with DTLS.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Sun, 13 Dec 2015 00:28:31 +0000 (19:28 -0500)]
Revert "Allow ChaCha20-Poly1305 in DTLS"
This reverts commit
777f482d993322d69025014bf1b99c270c978fc0.
Author credit missing. Reverting this and re-committing with
an Author line.
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Sun, 13 Dec 2015 00:25:25 +0000 (19:25 -0500)]
Use SHA256 not MD5 as default digest.
(Documentation update was in the MR but not the commit. Oops.)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Ben Laurie [Sat, 12 Dec 2015 13:33:20 +0000 (13:33 +0000)]
Support ccache.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Sat, 12 Dec 2015 14:26:22 +0000 (14:26 +0000)]
Fix compile failure with no-threads
The async code was causing a compile failure if no-threads was used.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Dr. Stephen Henson [Fri, 11 Dec 2015 02:59:10 +0000 (02:59 +0000)]
Add extension utility documentation.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Dr. Stephen Henson [Fri, 11 Dec 2015 00:36:06 +0000 (00:36 +0000)]
add X509_up_ref() documentation
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Dr. Stephen Henson [Thu, 10 Dec 2015 19:13:57 +0000 (19:13 +0000)]
extension documentation
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Kurt Roeckx [Sat, 12 Dec 2015 10:12:22 +0000 (11:12 +0100)]
Use OPENSSL_NO_DTLS instead of OPENSSL_NO_DTLS1
Reviewed-by: Richard Levitte <levitte@openssl.org>