wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
16053 commits 20 branches 302 tags 153 MiB
Commit graph

548 commits

Author SHA1 Message Date
Rich Salz
23d38992fc Remove ultrix/mips support. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-17 15:29:15 -04:00
Dr. Stephen Henson
a7e7bad168 Simplify define as we don't support MS-DOS anymore. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-03-17 14:29:01 +00:00
Richard Levitte
37d42aae2e Prepare for 1.1.0-pre5-dev 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2016-03-16 18:21:46 +01:00
Richard Levitte
e711d13af3 Prepare for 1.1.0-pre4 release 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2016-03-16 18:21:17 +01:00
Dr. Stephen Henson
a6eb1ce6a9 Make X509_SIG opaque. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-11 17:40:47 +00:00
Kurt Roeckx
208527a75d Review comments 
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-11 10:39:10 -05:00
Bill Cox
2d0b441267 Add blake2 support. 
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-11 10:39:10 -05:00
Rob Percival
680ddc996b constify CT_POLICY_EVAL_CTX getters 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-11 09:06:04 -05:00
Rob Percival
49e5db0b31 check reviewer --reviewer=emilia 
Pass entire CTLOG_STORE to SCT_print, rather than just the SCT's CTLOG

SCT_print now looks up the correct CT log for you.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-10 14:53:04 -05:00
Rob Percival
8359b57f27 check reviewer --reviewer=emilia 
Remove 'log' field from SCT and related accessors

In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store has been added.

Improved documentation for some CT functions in openssl/ssl.h.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-10 14:53:04 -05:00
Rich Salz
599eccfcbf RT3676 add: Export ASN.1 DHparams 
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2016-03-09 20:58:08 -05:00
Viktor Dukhovni
dd60efea95 Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag 
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2016-03-09 20:41:28 -05:00
Richard Levitte
29f082603a Remove duplicate typedef of ECPKPARAMETERS in ec.h 
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-03-10 02:35:12 +01:00
Kurt Roeckx
2b8fa1d56c Deprecate the use of version-specific methods 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1824
 2016-03-09 19:45:05 +01:00
Kurt Roeckx
1fc7d6664a Fix usage of OPENSSL_NO_*_METHOD 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1824
 2016-03-09 19:38:18 +01:00
Kurt Roeckx
b11836a63a Make SSL_CIPHER_get_version return a const char * 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
 2016-03-09 19:10:28 +01:00
Kurt Roeckx
e4646a8963 Constify security callbacks 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
 2016-03-09 19:10:28 +01:00
Rich Salz
60b350a3ef RT3676: Expose ECgroup i2d functions 
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2016-03-09 12:25:21 -05:00
Rob Percival
9ddff1e83c Document importance of CTLOG_STORE outliving SCT if SCT_set0_log is used 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
eac84e8127 Makes STACK_OF(SCT)* parameter of i2d_SCT_LIST const 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
14db9bbd71 Removes SCT_LIST_set_source and SCT_LIST_set0_logs 
Both of these functions can easily be implemented by callers instead.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
21b908a8f9 Makes SCT_get0_log return const CTLOG* 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
12d2d28185 Makes CTLOG_STORE_get0_log_by_id return const CTLOG* 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
70073f3e3a Treat boolean functions as booleans 
Use "!x" instead of "x <= 0", as these functions never return a negative
value.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
8c92c4eac0 Make parameters of CTLOG_get* const 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
5da65ef23c Extensive application of __owur to CT functions that return a boolean 
Also improves some documentation of those functions.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
8fbb93d0e2 Makes SCT_LIST_set_source return the number of successes 
No longer terminates on first error, but instead tries to set the source
of every SCT regardless of whether an error occurs with some.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Matt Caswell
2e52e7df51 Remove the old threading API 
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.

There is now no longer a need to set locking callbacks!!

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-09 12:41:39 +00:00
Matt Caswell
8eed7e873b Convert rand code to new threading API 
Replace the CRYPTO_LOCK_RAND and CRYPTO_LOCK_RAND2 locks with new thread
API style locks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 01:14:57 +00:00
Alessandro Ghedini
0b1a07c8a7 Convert RSA blinding to new multi-threading API 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 23:52:48 +00:00
Alessandro Ghedini
16203f7b71 Convert CRYPTO_LOCK_SSL_* to new multi-threading API 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 18:48:38 -05:00
Richard Levitte
be1251f73d Remove the transfer of lock hooks from bind_engine 
With the new threads API, this is no longer needed.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-03-09 00:33:38 +01:00
Richard Levitte
6d5667110a Engine API repair - memory management hooks 
The Engine API lost the setting of memory management hooks in
bind_engine.  Here's putting that back.

EX_DATA and ERR functions need the same treatment.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-03-09 00:33:38 +01:00
Matt Caswell
9471f7760d Convert mem_dbg and mem_sec to the new Thread API 
Use new Thread API style locks, and thread local storage for mem_dbg

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 21:06:04 +00:00
Rich Salz
040d43b3ff OpenSSLDie --> OPENSSL_die 
Also removed a bunch of unused define's from e_os.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-08 14:46:17 -05:00
Dr. Stephen Henson
706a13f112 Make DSA_SIG opaque. 
This adds a new accessor function DSA_SIG_get0.
The customisation of DSA_SIG structure initialisation has been removed this
means that the 'r' and 's' components are automatically allocated when
DSA_SIG_new() is called. Update documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 17:02:16 +00:00
Alessandro Ghedini
c001ce3313 Convert CRYPTO_LOCK_X509_* to new multi-threading API 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 11:10:34 -05:00
Alessandro Ghedini
41cfbccc99 Convert CRYPTO_LOCK_UI to new multi-threading API 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 11:10:34 -05:00
Alessandro Ghedini
9b398ef297 Convert CRYPTO_LOCK_EC_* to new multi-threading API 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 11:10:34 -05:00
Alessandro Ghedini
03273d61e7 Convert CRYPTO_LOCK_EVP_PKEY to new multi-threading API 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 11:10:34 -05:00
Alessandro Ghedini
fb46be0348 Convert CRYPTO_LOCK_BIO to new multi-threading API 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 11:10:34 -05:00
Todd Short
3ec13237f0 Add cipher query functions 
Add functions to determine authentication, key-exchange, FIPS and AEAD.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 09:19:15 -05:00
Alessandro Ghedini
7b8e12d24e Convert ERR_STRING_DATA to new multi-threading API 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 14:11:59 +00:00
Alessandro Ghedini
8509dcc9f3 Convert ERR_STATE to new multi-threading API 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 14:11:09 +00:00
Alessandro Ghedini
f75200115d Convert CRYPTO_LOCK_EX_DATA to new multi-threading API 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 09:07:32 -05:00
Alessandro Ghedini
c74471d293 Convert CRYPTO_LOCK_DSO to new multi-threading API 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 09:07:32 -05:00
Alessandro Ghedini
d188a53617 Convert CRYPTO_LOCK_{DH,DSA,RSA} to new multi-threading API 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 09:07:32 -05:00
Alessandro Ghedini
f989cd8c0b Convert CRYPTO_LOCK_GET*BYNAME to new multi-threading API 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-08 09:07:32 -05:00
Todd Short
817cd0d52f GH787: Fix ALPN 
* Perform ALPN after the SNI callback; the SSL_CTX may change due to
  that processing
* Add flags to indicate that we actually sent ALPN, to properly error
  out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2016-03-08 09:03:05 -05:00
Dr. Stephen Henson
e1d9f1ab39 Remove kinv/r fields from DSA structure. 
The kinv/r fields in the DSA structure are not used by OpenSSL internally
and should not be used in general.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-07 22:15:04 +00:00