Matt Caswell [Mon, 11 Apr 2016 12:46:11 +0000 (13:46 +0100)]
Remove an unused function
The function pqueue_print is not exported and is never called. Therefore
we should delete it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Mon, 11 Apr 2016 12:39:45 +0000 (13:39 +0100)]
Fix the no-tls option
The no-tls option was failing in the tests. This fixes it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Mon, 11 Apr 2016 10:41:19 +0000 (11:41 +0100)]
Fix the no-nextprotoneg option
Misc fixes to get no-nextprotoneg config option working again.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Fri, 8 Apr 2016 18:15:15 +0000 (20:15 +0200)]
BIO: respect opening in text mode
When a file is opened with BIO_new_file(), make sure that the internal
mode TEXT vs BINARY setting reflects what's given in the mode string.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Emilia Kasper [Fri, 8 Apr 2016 16:55:28 +0000 (18:55 +0200)]
Disable some sanitizer checks without PEDANTIC
Code without PEDANTIC has intentional "undefined" behaviour. To get best
coverage for both PEDANTIC and non-PEDANTIC codepaths, run the sanitizer
builds in two different configurations:
1) Without PEDANTIC but with alignment checks disabled.
2) With PEDANTIC.
To not overload Travis too much, run one build with clang and the other
with gcc (chosen at random).
Also remove a micro-optimization in CAST code to be able to
-fsanitize=shift. Whether shift sanitization is meaningful for crypto or
an obstacle is debatable but since this appears to be the only offender,
we might as well keep the check for now.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Fri, 8 Apr 2016 14:19:00 +0000 (16:19 +0200)]
Fix warnings exposed by clang-3.8
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Tue, 5 Apr 2016 13:11:02 +0000 (15:11 +0200)]
Adjust --strict-warnings builds in Travis
In Travis, do --strict-warnings on BUILDONLY configurations. This
ensures that the tests run even if --strict-warnings fail, and avoids
hiding unrelated test failures.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Sat, 9 Apr 2016 09:15:16 +0000 (11:15 +0200)]
Don't check the generated ssl-tests configs on VMS
The simple reason is that the pre-generated files are mainly for Unix.
The VMS variants look slightly different, so comparing will always fail.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Richard Levitte [Sat, 9 Apr 2016 09:13:00 +0000 (11:13 +0200)]
VMS doesn't have directory separators in the same sense as Unix
Don't add / in file specs on VMS. The directory "separator" is part
of the directory spec.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Beat Bolli [Thu, 7 Apr 2016 21:32:59 +0000 (23:32 +0200)]
RSA: the docs still talk about RSA_PKCS1_SSLeay
Rename the function to RSA_PKCS1_OpenSSL.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Thu, 7 Apr 2016 14:47:28 +0000 (15:47 +0100)]
Add CHANGES entry for DH and DH_METHOD opacity
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 7 Apr 2016 14:24:23 +0000 (15:24 +0100)]
Add documentation for following DH and DH_METHOD opacity
A number of new functions have been added following the DH and DH_METHOD
opacity commits. This commit provides documentation for those functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 7 Apr 2016 13:08:52 +0000 (14:08 +0100)]
Fix double free bug in error path
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 7 Apr 2016 12:48:03 +0000 (13:48 +0100)]
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 7 Apr 2016 12:47:20 +0000 (13:47 +0100)]
Make DH_METHOD opaque
Move the dh_method structure into an internal header file and provide
relevant accessors for the internal fields.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 6 Apr 2016 16:50:22 +0000 (17:50 +0100)]
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 6 Apr 2016 16:49:48 +0000 (17:49 +0100)]
Make DH opaque
Move the dh_st structure into an internal header file and provide
relevant accessors for the internal fields.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Fri, 8 Apr 2016 13:10:06 +0000 (09:10 -0400)]
Add SSL_DANE typedef for consistency.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Rich Salz [Fri, 8 Apr 2016 12:02:41 +0000 (08:02 -0400)]
Add OCSP to mkdef
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Thu, 31 Mar 2016 16:47:17 +0000 (18:47 +0200)]
PPC assembly pack: remove branch hints.
As it turns out branch hints grew as kind of a misconception. In
addition their interpretation by GNU assembler is affected by
assembler flags and can end up with opposite meaning on different
processors. As we have to loose quite a lot on misinterprerations,
especially on newer processors, we just omit them altogether.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 6 Apr 2016 10:47:35 +0000 (12:47 +0200)]
Clean-up *_DEBUG options.
Since NDEBUG is defined unconditionally on command line for release
builds, we can omit *_DEBUG options in favour of effective "all-on"
in debug builds exercised though CI.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Andy Polyakov [Wed, 6 Apr 2016 15:33:03 +0000 (17:33 +0200)]
Configurations/10-main.conf: omit now redundant -D_WINDLL.
... and refine /MT vs. /MD flag handling.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 6 Apr 2016 15:27:01 +0000 (17:27 +0200)]
windows-makefile.tmpl: clean up after DLL link failure.
Without proper cleanup after DLL link failure second attempt to
run nmake would actually proceed and failure will be "shifted" to
run time. This is because libcrypto.lib import library is generated
even if DLL link fails.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 6 Apr 2016 09:31:31 +0000 (11:31 +0200)]
test/[dane|evp_]test.c: BIO-fy file I/O.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Wed, 6 Apr 2016 09:21:14 +0000 (11:21 +0200)]
bio/bss_file.c: since VS2015 one can't tell apart own and "alien" FILE
pointers, except for minimal std[in|out|err].
Reviewed-by: Richard Levitte <levitte@openssl.org>
Viktor Dukhovni [Thu, 7 Apr 2016 18:19:16 +0000 (14:19 -0400)]
make update
Signed-off-by: Rob Percival <robpercival@google.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Viktor Dukhovni [Thu, 7 Apr 2016 18:17:37 +0000 (14:17 -0400)]
Suppress CT callback as appropriate
Suppress CT callbacks with aNULL or PSK ciphersuites that involve
no certificates. Ditto when the certificate chain is validated via
DANE-TA(2) or DANE-EE(3) TLSA records. Also skip SCT processing
when the chain is fails verification.
Move and consolidate CT callbacks from libcrypto to libssl. We
also simplify the interface to SSL_{,CTX_}_enable_ct() which can
specify either a permissive mode that just collects information or
a strict mode that requires at least one valid SCT or else asks to
abort the connection.
Simplified SCT processing and options in s_client(1) which now has
just a simple pair of "-noct" vs. "-ct" options, the latter enables
the permissive callback so that we can complete the handshake and
report all relevant information. When printing SCTs, print the
validation status if set and not valid.
Signed-off-by: Rob Percival <robpercival@google.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Viktor Dukhovni [Sat, 2 Apr 2016 20:47:48 +0000 (16:47 -0400)]
Fix client verify mode to check SSL_VERIFY_PEER
The original check for != SSL_VERIFY_NONE can give surprising results
when flags SSL_VERIFY_PEER is not set, but other flags are. Note
that SSL_VERIFY_NONE (0) is not a flag bit, it is rather the absense
of all other flag bits.
Signed-off-by: Rob Percival <robpercival@google.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
David Benjamin [Mon, 14 Mar 2016 19:03:07 +0000 (15:03 -0400)]
Fix memory leak on invalid CertificateRequest.
Free up parsed X509_NAME structure if the CertificateRequest message
contains excess data.
The security impact is considered insignificant. This is a client side
only leak and a large number of connections to malicious servers would
be needed to have a significant impact.
This was found by libFuzzer.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Richard Levitte [Thu, 7 Apr 2016 12:30:15 +0000 (14:30 +0200)]
OpenSSL::Test: when moving directory, affect env as well
The environment variables TOP, SRCTOP, BLDTOP, ... are used to affect
the testing framework. However, subprocesses may want to use them as
well, and therefore need their values corrected when we move to a
different directory.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Emilia Kasper [Thu, 7 Apr 2016 12:48:50 +0000 (14:48 +0200)]
Allow generate_ssl_tests.pl to find testlib
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Thu, 7 Apr 2016 11:35:13 +0000 (13:35 +0200)]
Remove redundant symlink
We used to symlink generate_ssl_tests.pl to the build directory.
Now that the build scripts look for sources in both directories, this
is no longer necessary (see commit
fbd361eaf84446e8d6860ab2b7ecf9d04585f2ef).
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Thu, 7 Apr 2016 11:03:29 +0000 (13:03 +0200)]
Better use BIO_snprintf() than snprintf(), in case the later isn't available
Reviewed-by: Tim Hudson <tjh@openssl.org>
Richard Levitte [Wed, 6 Apr 2016 22:37:03 +0000 (00:37 +0200)]
Fix forgotten adaptation to opaque RSA and RSA_METHOD
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Wed, 6 Apr 2016 17:57:48 +0000 (18:57 +0100)]
always use field names
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 6 Apr 2016 15:30:01 +0000 (17:30 +0200)]
Perl: foreach (@list) { code } is better
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Richard Levitte [Wed, 6 Apr 2016 14:04:55 +0000 (16:04 +0200)]
Add apps/tsget and test/ssltest_old to .gitignore
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Sat, 2 Apr 2016 17:54:51 +0000 (19:54 +0200)]
make update
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Sat, 2 Apr 2016 17:54:30 +0000 (19:54 +0200)]
Update CHANGES with the new about RSA and RSA_METHOD
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Sat, 2 Apr 2016 17:52:14 +0000 (19:52 +0200)]
Document RSA_METHOD creators/destructor/accessors/writers
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Sat, 2 Apr 2016 16:46:17 +0000 (18:46 +0200)]
Make the RSA_METHOD structure opaque
Move rsa_meth_st away from public headers.
Add RSA_METHOD creator/destructor functions.
Add RSA_METHOD accessor/writer functions.
Adapt all other source to use the creator, destructor, accessors and writers.
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Sat, 2 Apr 2016 14:43:21 +0000 (16:43 +0200)]
Document RSA accessors/writers
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Sat, 2 Apr 2016 13:12:58 +0000 (15:12 +0200)]
Make the RSA structure opaque
Move rsa_st away from public headers.
Add accessor/writer functions for the public RSA data.
Adapt all other source to use the accessors and writers.
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Mon, 21 Mar 2016 16:54:53 +0000 (16:54 +0000)]
Fix no-ocsp
Misc fixes for no-ocsp
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Thu, 17 Mar 2016 17:06:28 +0000 (17:06 +0000)]
Remove some OPENSSL_NO_ASYNC guards in init
When config'd with "no-async" the ASYNC_NULL implementation is used, so
async symbols still exist. We should still init the NULL implementation so
that when we get the async ctx it is NULL rather than undefined.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 6 Apr 2016 13:02:57 +0000 (15:02 +0200)]
Perl cleanup: don't create lists unnecessarily
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Wed, 6 Apr 2016 11:56:49 +0000 (13:56 +0200)]
VMS: Fix special case for [.test]ssltest_old.c
[.test]ssltest.c was renamed to [.test]ssltest_old.c, reflect that in
descrip.mms.tmpl.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Thu, 31 Mar 2016 20:09:04 +0000 (22:09 +0200)]
Configure: add BLAKE_DEBUG to --strict-warnings set.
Reviewed-by: Rich Salz <rsalz@openssl.org>
FdaSilvaYY [Fri, 18 Mar 2016 22:17:39 +0000 (23:17 +0100)]
Add missing mem leak test activation and checks
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andrea Grandi [Fri, 25 Mar 2016 04:19:30 +0000 (04:19 +0000)]
Add a check of the FD_SETSIZE before the call to select()
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Emilia Kasper [Tue, 5 Apr 2016 12:04:05 +0000 (14:04 +0200)]
Rename ssltest -> ssltest_old
ssltest_old.c is deprecated. New tests should use ssl_test.c, and the
recipes in 80-test_ssl_new.t
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Tue, 5 Apr 2016 12:29:06 +0000 (14:29 +0200)]
testutil: return 1 on success
Require that test methods return 1 on success (not 0). This is more
customary for OpenSSL.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Tue, 5 Apr 2016 13:06:28 +0000 (14:06 +0100)]
fix memory leak in ca
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Thu, 17 Mar 2016 14:14:30 +0000 (15:14 +0100)]
New SSL test framework
Currently, SSL tests are configured via command-line switches to
ssltest.c. This results in a lot of duplication between ssltest.c and
apps, and a complex setup. ssltest.c is also simply old and needs
maintenance.
Instead, we already have a way to configure SSL servers and clients, so
we leverage that. SSL tests can now be configured from a configuration
file. Test servers and clients are configured using the standard
ssl_conf module. Additional test settings are configured via a test
configuration.
Moreover, since the CONF language involves unnecessary boilerplate, the
test conf itself is generated from a shorter Perl syntax.
The generated testcase files are checked in to the repo to make
it easier to verify that the intended test cases are in fact run; and to
simplify debugging failures.
To demonstrate the approach, min/max protocol tests are converted to the
new format. This change also fixes MinProtocol and MaxProtocol
handling. It was previously requested that an SSL_CTX have both the
server and client flags set for these commands; this clearly can never work.
Guide to this PR:
- test/ssl_test.c - test framework
- test/ssl_test_ctx.* - test configuration structure
- test/handshake_helper.* - new SSL test handshaking code
- test/ssl-tests/ - test configurations
- test/generate_ssl_tests.pl - script for generating CONF-style test
configurations from perl inputs
Reviewed-by: Richard Levitte <levitte@openssl.org>
FdaSilvaYY [Mon, 4 Apr 2016 22:13:06 +0000 (00:13 +0200)]
Fix a shadow symbol warning
... comes from
c5137473bdc7.
Fix Travis builds.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Viktor Szakats [Tue, 29 Mar 2016 19:30:11 +0000 (21:30 +0200)]
set exec attribute for .pl files
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Viktor Szakats [Tue, 29 Mar 2016 19:26:39 +0000 (21:26 +0200)]
fix perl shebang
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Viktor Szakats [Tue, 29 Mar 2016 14:25:18 +0000 (16:25 +0200)]
use whitespace more consistently
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Mon, 4 Apr 2016 20:11:43 +0000 (16:11 -0400)]
Revert "various spelling fixes"
This reverts commit
620d540bd47a96fb6905fbbdd8ea5167a8841a3e.
It wasn't reviewed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Mon, 4 Apr 2016 20:11:04 +0000 (16:11 -0400)]
Revert "Fix an error code spelling."
This reverts commit
2b0bcfaf834e2fb7cd52888d7330b247e3878115.
It wasn't reviewed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
FdaSilvaYY [Mon, 4 Apr 2016 18:42:27 +0000 (20:42 +0200)]
Fix an error code spelling.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
FdaSilvaYY [Thu, 10 Mar 2016 20:34:48 +0000 (21:34 +0100)]
various spelling fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
FdaSilvaYY [Sun, 3 Apr 2016 21:37:58 +0000 (23:37 +0200)]
Fix a possible leak on NETSCAPE_SPKI_verify failure.
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
FdaSilvaYY [Sun, 3 Apr 2016 21:37:32 +0000 (23:37 +0200)]
Use X509_REQ_get0_pubkey
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
FdaSilvaYY [Sun, 3 Apr 2016 21:24:51 +0000 (23:24 +0200)]
Add X509_REQ_get0_pubkey method
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
FdaSilvaYY [Wed, 16 Mar 2016 23:15:48 +0000 (00:15 +0100)]
Fix two leaks in X509_REQ_to_X509
Issue #182
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Mon, 4 Apr 2016 14:55:12 +0000 (16:55 +0200)]
Make sure the rand_byte buffer in padlock engine is cleansed.
Submitted by Michael McConville <mmcco@mykolab.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Tue, 29 Mar 2016 08:02:45 +0000 (10:02 +0200)]
crypto/poly1305: don't break carry chains.
RT#4483
[poly1305-armv4.pl: remove redundant #ifdef __thumb2__]
[poly1305-ppc*.pl: presumably more accurate benchmark results]
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Wed, 30 Mar 2016 20:37:05 +0000 (22:37 +0200)]
Fix memory leaks in ASN.1
These leaks affect 1.1.0 dev branch only; introduced around commit
f93ad22f6adb00e722c130e792799467f3927b56
Found with LibFuzzer
Reviewed-by: Ben Laurie <ben@openssl.org>
Michał Trojnara [Sun, 3 Apr 2016 18:01:09 +0000 (20:01 +0200)]
Removed no-ops for the old locking API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Viktor Dukhovni [Mon, 4 Apr 2016 00:58:09 +0000 (20:58 -0400)]
Fix mixed declarations and code
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Richard Levitte [Sun, 3 Apr 2016 22:11:20 +0000 (00:11 +0200)]
Don't shadow known symbols write, read, puts, gets
It was harmless in this case, but best avoid the annoying warnings.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Richard Levitte [Sun, 3 Apr 2016 12:11:12 +0000 (14:11 +0200)]
Makefile et al template: only modify static library with new object files
Previously, we updated the static libraries (libcrypto.a on Unix,
libcrypto.lib on Windows) with all the object files, regardless of if
they were rebuilt or not. With this change, we only update them with
the object files were rebuilt.
NOTE: this does not apply on VMS, as the expansion of $? may be too
large for a command line.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Andy Polyakov [Fri, 1 Apr 2016 16:17:01 +0000 (18:17 +0200)]
apps/Makefile.in: add tsget rule.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Viktor Dukhovni [Sun, 3 Apr 2016 19:21:34 +0000 (15:21 -0400)]
After saving errno clear it before calls to strtol et. al.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Viktor Dukhovni [Sun, 20 Mar 2016 08:12:52 +0000 (04:12 -0400)]
make update
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Viktor Dukhovni [Sat, 19 Mar 2016 02:09:41 +0000 (22:09 -0400)]
Move peer chain security checks into x509_vfy.c
A new X509_VERIFY_PARAM_set_auth_level() function sets the
authentication security level. For verification of SSL peers, this
is automatically set from the SSL security level. Otherwise, for
now, the authentication security level remains at (effectively) 0
by default.
The new "-auth_level" verify(1) option is available in all the
command-line tools that support the standard verify(1) options.
New verify(1) tests added to check enforcement of chain signature
and public key security levels. Also added new tests of enforcement
of the verify_depth limit.
Updated documentation.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Viktor Dukhovni [Sat, 27 Feb 2016 19:17:28 +0000 (14:17 -0500)]
Tidy up x509_vfy callback handling
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Richard Levitte [Sun, 3 Apr 2016 07:15:19 +0000 (09:15 +0200)]
Ordinals adjustment
Two renamed functions were forgotten in util/libcrypto.num
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Sat, 2 Apr 2016 22:08:14 +0000 (23:08 +0100)]
Rename get/set_app_data to get0/set0_app_data
Also fixed a style issue
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Sat, 2 Apr 2016 18:41:41 +0000 (19:41 +0100)]
Various DSA opacity fixups
Numerous fixups based on feedback of the DSA opacity changes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Fri, 1 Apr 2016 14:43:17 +0000 (15:43 +0100)]
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Fri, 1 Apr 2016 13:09:57 +0000 (14:09 +0100)]
Added DSA opacity to CHANGES
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Thu, 31 Mar 2016 13:22:39 +0000 (14:22 +0100)]
Document functions added as a result of DSA opacity changes
A number of getters/setters have been added for examining DSA objects, as
well as a whole set of functions for creating and buildingup DSA_METHODs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Wed, 30 Mar 2016 16:18:55 +0000 (17:18 +0100)]
Make DSA_METHOD opaque
Move the dsa_method structure out of the public header file, and provide
getter and setter functions for creating and modifying custom DSA_METHODs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Wed, 30 Mar 2016 14:21:39 +0000 (15:21 +0100)]
Make the DSA structure opaque
Move the dsa_st structure out of the public header file. Add some accessor
functions to enable access to the internal fields, and update all internal
usage to use the new functions.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Richard Levitte [Fri, 1 Apr 2016 13:09:28 +0000 (15:09 +0200)]
Adapt some test recipes to the newer cmdstr()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Fri, 1 Apr 2016 13:05:52 +0000 (15:05 +0200)]
Enhance OpenSSL::Test::cmdstr to give cmd string variants
Within OpenSSL::Test, all commands end up existing in two variants,
one that has redirections that are needed internally to work well
together with the test harness, and one without those redirections.
Depending on what the result is going to be used for, the caller may
want one for or the other, so we give them the possibility.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Kirill Marinushkin [Wed, 30 Mar 2016 16:39:42 +0000 (18:39 +0200)]
moved structure bio_buf_mem_st from headers to bss_mem.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Kirill Marinushkin [Wed, 16 Mar 2016 21:05:59 +0000 (22:05 +0100)]
sizeof() updated to cover coding style
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Kirill Marinushkin [Sun, 13 Mar 2016 12:20:52 +0000 (13:20 +0100)]
Optimized BIO mem read - without reallocation
Currently on every BIO mem read operation the remaining data is reallocated.
This commit solves the issue.
BIO mem structure includes additional pointer to the read position.
On every read the pointer moves instead of reallocating the memory for the remaining data.
Reallocation accures before write and some ioctl operations, if the read pointer doesn't point on the beginning of the buffer.
Also the flag is added to rewind the read pointer without losing the data.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Mat [Fri, 1 Apr 2016 00:00:03 +0000 (02:00 +0200)]
Fix: CRYPTO_THREAD_run_once
InitOnceExecuteOnce returns nonzero on success:
MSDN: "If the function succeeds, the return value is nonzero."
So return 1 if it is nonzero, 0 others.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Sat, 2 Apr 2016 17:59:19 +0000 (19:59 +0200)]
apps/opt.c: next was only used when NDEBUG undefined, move it inside guard
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Sat, 2 Apr 2016 15:10:03 +0000 (17:10 +0200)]
make depend: Check that find returned a non-empty string rather than an empty
The logic to find out of there are any .d files newer than Makefile is
sound. Checking the result was less so.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Wed, 30 Mar 2016 20:46:13 +0000 (21:46 +0100)]
Fix X509_PUBKEY cached key handling.
Don't decode a public key in X509_PUBKEY_get0(): that is handled when
the key is parsed using x509_pubkey_decode() instead.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Coty Sutherland [Fri, 1 Apr 2016 18:20:11 +0000 (14:20 -0400)]
Correcting typo that causes make install fail
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Fri, 1 Apr 2016 14:03:46 +0000 (16:03 +0200)]
Add the C macro NDEBUG when configuring for release
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Richard Levitte [Fri, 1 Apr 2016 10:36:51 +0000 (12:36 +0200)]
Force argv to be an array of long pointers on VMS
Reverts commit
087ca80ad83071dde0bb6bc1c28c743caa00eaf8
Instead of battling the odd format of argv given to main() in default
P64 mode, tell the compiler to make it an array of 64-bit pointers
when compiling in P64 mode.
A note is added in NOTES.VMS regarding minimum DEC C version.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Richard Levitte [Thu, 31 Mar 2016 07:27:15 +0000 (09:27 +0200)]
Make the use of perl more consistent
- In Configure, register the perl interpreter used to run Configure,
so that's the one being used throughout instead of something else
that Configure happens to find. This is helpful for using a perl
version that's not necessarely first in $PATH:
/opt/perl/5.22.1/bin/perl ./Configure
- Make apps/tsget a generated file, just like apps/CA.pl, so the
perl interpreter registered by Configure becomes the hashbang path
instead of a hardcoded /usr/bin/perl
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Tue, 22 Mar 2016 14:52:13 +0000 (10:52 -0400)]
Use return "" not set a var and return.
Reviewed-by: Emilia Käsper <emilia@openssl.org>