Commit graph

12869 commits

Author SHA1 Message Date
Dr. Stephen Henson
3d47c1d331 Remove unused variables.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-03 16:47:57 +00:00
Rich Salz
dfb56425b6 Dead code: crypto/dh,modes,pkcs12,ripemd,rsa,srp
And an uncompiled C++ test file.
Also remove srp_lcl.h, with help from Richard.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-03 11:20:56 -05:00
Dr. Stephen Henson
156a872233 Add SSL_get_extms_support documentation.
Document SSL_get_extms_support().

Modify behaviour of SSL_get_extms_support() so it returns -1 if the
master secret support of the peer is not known (e.g. handshake in progress).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:08 +00:00
Dr. Stephen Henson
6668b6b8b0 Add CHANGES entry.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Dr. Stephen Henson
c536461499 Ctrl to retrieve extms support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Dr. Stephen Henson
0cfb0e75b9 Add extms support to master key generation.
Update master secret calculation to support extended master secret.
TLS 1.2 client authentication adds a complication because we need to
cache the handshake messages. This is simpllified however because
the point at which the handshake hashes are calculated for extended
master secret is identical to that required for TLS 1.2 client
authentication (immediately after client key exchange which is also
immediately before certificate verify).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Dr. Stephen Henson
ddc06b3556 Extended master secret extension support.
Add and retrieve extended master secret extension, setting the flag
SSL_SESS_FLAG_EXTMS appropriately.

Note: this just sets the flag and doesn't include the changes to
master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Dr. Stephen Henson
c660ec63a8 Rewrite ssl3_send_client_key_exchange to support extms.
Rewrite ssl3_send_client_key_exchange to retain the premaster secret
instead of using it immediately.

This is needed because the premaster secret is used after the client key
exchange message has been sent to compute the extended master secret.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Dr. Stephen Henson
48fbcbacd2 Utility function to retrieve handshake hashes.
Retrieve handshake hashes in a separate function. This tidies the existing
code and will be used for extended master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Dr. Stephen Henson
6f152a15d4 Add flags field to SSL_SESSION.
Add a "flags" field to SSL_SESSION. This will contain various flags
such as encrypt-then-mac and extended master secret support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Dr. Stephen Henson
52e028b9de Check PKCS#8 pkey field is valid before cleansing.
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-03 13:58:14 +00:00
Rich Salz
c303d4d868 old_des fix windows build, remove docs
Remove outdated doc files.
Fix windows build after old_des was removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-02 22:40:36 -05:00
Rich Salz
24956ca00f Remove old DES API
Includes VMS fixes from Richard.
Includes Kurt's destest fixes (RT 1290).
Closes tickets 1290 and 1291

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-02 18:46:01 -05:00
Rich Salz
fd22ab9edf Dead code: if 0 removal from crypto/evp and an unused file.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-02 16:53:54 -05:00
Rich Salz
e2f8018027 Dead code removal; #if 0 from crypto/des
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 12:43:17 -05:00
Rich Salz
c8fa2356a0 Dead code cleanup: crypto/ec,ecdh,ecdsa
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 11:56:47 -05:00
Rich Salz
f16a64d11f Dead code cleanup; remove #if 0 from crypto/engine
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-02 11:40:36 -05:00
Rich Salz
9ccc00ef6e Dead code cleanup: #if 0 dropped from tests
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 11:11:34 -05:00
Rich Salz
7aa0b02246 Dead code cleanup: crypto/*.c, x509v3, demos
Some of the #if 0 code in demo's was kept, but given helpful #ifdef
names, to show more sample code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 11:08:16 -05:00
Andy Polyakov
5da05a26f2 cms-test.pl: "localize" /dev/null even further [as follow-up to VMS].
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-02 15:27:07 +01:00
Richard Levitte
1d4d68570b Make the libssl opaque changes compile on VMS
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-31 18:07:32 +00:00
Matt Caswell
78cc1f03e8 Add changes entry for opaquifying of libssl structures
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-31 18:07:22 +00:00
Matt Caswell
0c2837564c Remove OPENSSL_NO_SSL_INTERN as it is now redundant - all internals
previously protected by this have been moved into non-public headers

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-31 18:07:11 +00:00
Matt Caswell
b6ba401497 Make libssl opaque. Move all structures that were previously protected by
OPENSSL_NO_SSL_INTERN into internal header files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-31 18:06:45 +00:00
Ben Laurie
4de8385796 Build correctly for me on FreeBSD 10.
Reviewed-by: Rich Salz

Don't debug.
2015-01-30 22:23:17 +00:00
Rich Salz
02a938c953 Dead code removal: #if 0 asn1, pkcs7
Keep one #if 0 but rename the symbol to be more descriptive of what
it's doing (you can disable support for old broken Netscape software).

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-30 15:35:49 -05:00
Rich Salz
75d0ebef2a Dead code clean: #if 0 removal in apps
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-30 14:52:57 -05:00
Rich Salz
d6fbb19409 Dead code removal #if 0 engines
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-30 13:24:35 -05:00
Rich Salz
6f1a93ad11 Dead code removal: #if 0 conf, dso, pqueue, threads
Mostly, but not completely, debugging print statements.
Some old logic kept for internal documentation reasons, perhaps.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-30 12:46:49 -05:00
Andy Polyakov
2e635aa81c modes/gcm128.c: harmonize ctx->ghash assignment, shortcut *_ctr32
in OPENSSL_SMALL_FOOTPRINT build, remove undesired reformat artefact
and inconsistency in pre-processor logic.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-01-30 16:37:21 +01:00
Andy Polyakov
b2991c081a modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure
on affected platforms (PowerPC and AArch64).

For reference, minimalistic #ifdef GHASH is sufficient, because
it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash
is never referred.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-01-30 16:36:27 +01:00
Richard Levitte
4938ebc406 Since SHA0 was completely removed, also remove the related test
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-30 15:14:48 +01:00
Richard Levitte
4fdde1aa0c Update on the use of logical names for OpenSSL configuration
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-30 14:44:46 +01:00
Richard Levitte
e00ab250c8 VMS exit codes weren't handled well enough and were unclear
Making a specific variable $failure_code and a bit of commenting in the
VMS section should help clear things up.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-30 14:44:36 +01:00
Richard Levitte
09ebad72df VMS adjustments:
Add missing crypto modules and files to copy to crypto/install-crypto.com

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-30 14:44:27 +01:00
Richard Levitte
36ed7adfbc VMS adjustments:
test/cms-test.pl adjusted to handle NL: instead of /dev/null on VMS

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-30 14:44:18 +01:00
Richard Levitte
36759bb751 VMS build changes
crypto/crypto-lib.com:
 Remove all APPS building, as they are gone.
 Depend on the variable SDIRS that's defined by makevms.com.
 Remake the whole partial module list mechanism to check for variables with a counter.
 Define the logical name INTERNAL to allow for '#include "internal/foo.h"'.

makevms.com:
 Define SDIRS, to allow for removal of crypto modules and pass that information to crypto/crypto-lib.com.
 Allow for experimental modules.
 Update the allowed things to disable.
 Update the things disabled by default to match Configure.
 Update headers to be copied.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-30 14:44:06 +01:00
Richard Levitte
132536f96e VMS adjustments:
catch up with the Unix build.
A number of new tests, among others test/tocsp.com
Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"'

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-30 14:43:57 +01:00
Richard Levitte
c168a027cf VMS adjustments:
Add new symbols that are longer than 31 chars to symhacks.
VMS doesn't have <sys/un.h>, reflect that in e_os.h.
MS_CALLBACK has been removed, ssl_task.c needs adjustment.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-30 14:43:40 +01:00
Richard Levitte
be7b1097e2 dso_vms needs to add the .EXE extension if there is none already
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-01-30 04:44:17 +01:00
Rich Salz
4d428cd250 Dead code removal: #if 0 bio, comp, rand
The start of removing dead code.
A remaining #if 0 in bss_conn.c needs more thought.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-29 21:38:57 -05:00
Rich Salz
33fc38ff8e Make output consistency: remove blank line
When you use "-s" in the make flag, you see that engines outputs
a blank line because EDIRS isn't set.  This is a debug echo that
isn't needed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-29 12:09:14 -05:00
Richard Levitte
c6ef15c494 clang on Linux x86_64 complains about unreachable code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-01-29 01:54:09 +01:00
Matt Caswell
7317192c64 Fix various windows compilation issues
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-28 22:55:15 +00:00
Rich Salz
537bf4381b Fix int/unsigned compiler complaint
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-28 15:41:14 -05:00
Rich Salz
68fd6dce73 Remove support for opaque-prf
An expired IETF Internet-Draft (seven years old) that nobody
implements, and probably just as good as NSA DRBG work.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-28 15:37:16 -05:00
Rich Salz
31b446e212 Add missing declaration for lh_node_usage_stats
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-28 12:27:23 -05:00
Rich Salz
49b05c7d50 Rename index to idx to avoid symbol conflicts.
Picky compilers with old index() string functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-28 12:23:01 -05:00
Rich Salz
625a9baf11 Finish removal of DSS
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-28 12:21:55 -05:00
Matt Caswell
55467a16c2 Fix warning on some compilers where variable index shadows a global
declaration

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-01-28 10:57:14 +00:00