Commit graph

12897 commits

Author SHA1 Message Date
Andy Polyakov
c2cfc956e5 bn/bn_add.c: fix dead code elimination that went bad.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-09 15:54:58 +01:00
Dr. Stephen Henson
9c7a780bbe Fix memory leak reporting.
Free up bio_err after memory leak data has been printed to it.

In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-09 12:53:36 +00:00
Dr. Stephen Henson
259c360d0b Remove obsolete IMPLEMENT_ASN1_SET_OF
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-09 12:47:28 +00:00
Andy Polyakov
bdc985b133 evp/e_aes.c: fix pair of SPARC T4-specific problems:
- SIGSEGV/ILL in CCM (RT#3688);
- SIGBUS in OCB;

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-09 10:26:20 +01:00
Matt Caswell
0350ef69ad Remove stray "=back". This was causing newer versions of pod2man to choke.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-09 09:13:09 +00:00
Andy Polyakov
7ce3862319 Harmonize objects.pl output with new format.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-09 09:53:24 +01:00
Andy Polyakov
719122c759 des/asm/des_enc.m4: fix brown-bag typo in last commit.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-09 08:58:43 +01:00
Rich Salz
06cf881a3a Final (for me, for now) dead code cleanup
This is a final pass looking for '#if 0'/'#if 1' controls and
removing the appropriate pieces.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-08 18:48:09 -05:00
Matt Caswell
3ffbe00808 Apache Traffic Server has a need to set the rbio without touching the wbio.
There is no mechanism to do that at the moment - SSL_set_bio makes changes
to the wbio even if you pass in SSL_get_wbio().

This commit introduces two new API functions SSL_set_rbio() and
SSL_set_wbio(). These do the same job as SSL_set_bio() except they enable
you to manage the rbio and wbio individually.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-07 14:29:16 +00:00
Rich Salz
05c3234ddf ui_compat cleanup; makefiles and vms
Remove ui_compat.h from Makefile dependencies
And from two VMS build/install scripts.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-06 16:49:17 -05:00
Rich Salz
7cd6069c74 Remove ui_compat
This is the last of the old DES API.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06 14:52:40 -05:00
Rich Salz
fbf08b79ff Remove X509_PAIR
Unused type; a pair X509 certificates. Intended for LDAP support.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06 10:55:31 -05:00
Rich Salz
6f91b017bb Live code cleanup: remove #if 1 stuff
For code bracketed by "#if 1" then remove the alternate
"#else .. #endif" lines.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-06 10:54:20 -05:00
Rich Salz
9e9858d1cf dead code cleanup: #if 0 in ssl
I left many "#if 0" lines, usually because I thought we would
probably want to revisit them later, or because they provided
some useful internal documentation tips.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-06 10:52:12 -05:00
Rich Salz
5b18d3025c util/mkstack.pl now generates entire safestack.h
The mkstack.pl script now generates the entire safestack.h file.
It generates output that follows the coding style.
Also, removed all instances of the obsolete IMPLEMENT_STACK_OF
macro.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-06 10:47:53 -05:00
Rich Salz
1a53f1d68b Have mkdef.pl ignore APPLINK settings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06 10:45:29 -05:00
Dr. Stephen Henson
a283d2a80a Remove OPENSSL_NO_HMAC
Disabling HMAC doesn't work. If it did it would end up disabling a lot of
OpenSSL functionality (it is required for all versions of TLS for example).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06 12:16:58 +00:00
Matt Caswell
3c33c6f6b1 Remove support for SSL_OP_NETSCAPE_CA_DN_BUG.
This is an ancient bug workaround for Netscape clients. The documentation
talks about versions 3.x and 4.x beta.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-06 11:35:07 +00:00
Matt Caswell
ae632974f9 Fix error handling in ssltest
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-06 10:08:16 +00:00
Rich Salz
fe6d2a339b Use memset in bn_mont
Use memset() not inline code.  Compilers are smarter now.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-05 15:07:40 -05:00
Rich Salz
8dd94afb18 Live code cleanup; #if 1 removal
A few minor cleanups to remove pre-processor "#if 1" stuff.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-05 11:47:02 -05:00
Rich Salz
7e35f06ea9 Fixed bad formatting in crypto/des/spr.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-05 09:44:30 -05:00
Rich Salz
1f7103b6eb Fix various build breaks
TABLE wasn't updated from a previous Configure change
Missed an RMD160/RIPE/RIPEMD unification in mkdef.pl
Makefile install_sw referenced file doc/openssl-shared.txt (RT3686)
Needed to run 'make update' because
        - Various old code has been removed
        - Varous old #ifdef tests were removed

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-04 18:50:00 -05:00
Dr. Stephen Henson
a479d72dba fix windows build
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-04 22:51:01 +00:00
Dr. Stephen Henson
f0983d3953 Updates to reformat script.
Don't change files if they're unmodified.

Indicate which files have changed and a summary.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-04 19:03:44 +00:00
Dr. Stephen Henson
5496cd3e5d More unused FIPS module code.
Remove fips_algvs.c

Remove unused fips module build code from Configure and Makefile.org
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-04 18:54:36 +00:00
Dr. Stephen Henson
6922ddee1b Make objxref.pl output in correct format
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-04 03:50:09 +00:00
Dr. Stephen Henson
a724e79ed7 Preliminary ASN1_TIME documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-03 16:47:57 +00:00
Dr. Stephen Henson
3d47c1d331 Remove unused variables.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-03 16:47:57 +00:00
Rich Salz
dfb56425b6 Dead code: crypto/dh,modes,pkcs12,ripemd,rsa,srp
And an uncompiled C++ test file.
Also remove srp_lcl.h, with help from Richard.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-03 11:20:56 -05:00
Dr. Stephen Henson
156a872233 Add SSL_get_extms_support documentation.
Document SSL_get_extms_support().

Modify behaviour of SSL_get_extms_support() so it returns -1 if the
master secret support of the peer is not known (e.g. handshake in progress).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:08 +00:00
Dr. Stephen Henson
6668b6b8b0 Add CHANGES entry.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Dr. Stephen Henson
c536461499 Ctrl to retrieve extms support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Dr. Stephen Henson
0cfb0e75b9 Add extms support to master key generation.
Update master secret calculation to support extended master secret.
TLS 1.2 client authentication adds a complication because we need to
cache the handshake messages. This is simpllified however because
the point at which the handshake hashes are calculated for extended
master secret is identical to that required for TLS 1.2 client
authentication (immediately after client key exchange which is also
immediately before certificate verify).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Dr. Stephen Henson
ddc06b3556 Extended master secret extension support.
Add and retrieve extended master secret extension, setting the flag
SSL_SESS_FLAG_EXTMS appropriately.

Note: this just sets the flag and doesn't include the changes to
master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Dr. Stephen Henson
c660ec63a8 Rewrite ssl3_send_client_key_exchange to support extms.
Rewrite ssl3_send_client_key_exchange to retain the premaster secret
instead of using it immediately.

This is needed because the premaster secret is used after the client key
exchange message has been sent to compute the extended master secret.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Dr. Stephen Henson
48fbcbacd2 Utility function to retrieve handshake hashes.
Retrieve handshake hashes in a separate function. This tidies the existing
code and will be used for extended master secret generation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Dr. Stephen Henson
6f152a15d4 Add flags field to SSL_SESSION.
Add a "flags" field to SSL_SESSION. This will contain various flags
such as encrypt-then-mac and extended master secret support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:07 +00:00
Dr. Stephen Henson
52e028b9de Check PKCS#8 pkey field is valid before cleansing.
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-03 13:58:14 +00:00
Rich Salz
c303d4d868 old_des fix windows build, remove docs
Remove outdated doc files.
Fix windows build after old_des was removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-02 22:40:36 -05:00
Rich Salz
24956ca00f Remove old DES API
Includes VMS fixes from Richard.
Includes Kurt's destest fixes (RT 1290).
Closes tickets 1290 and 1291

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-02 18:46:01 -05:00
Rich Salz
fd22ab9edf Dead code: if 0 removal from crypto/evp and an unused file.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-02 16:53:54 -05:00
Rich Salz
e2f8018027 Dead code removal; #if 0 from crypto/des
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 12:43:17 -05:00
Rich Salz
c8fa2356a0 Dead code cleanup: crypto/ec,ecdh,ecdsa
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 11:56:47 -05:00
Rich Salz
f16a64d11f Dead code cleanup; remove #if 0 from crypto/engine
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-02 11:40:36 -05:00
Rich Salz
9ccc00ef6e Dead code cleanup: #if 0 dropped from tests
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 11:11:34 -05:00
Rich Salz
7aa0b02246 Dead code cleanup: crypto/*.c, x509v3, demos
Some of the #if 0 code in demo's was kept, but given helpful #ifdef
names, to show more sample code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-02 11:08:16 -05:00
Andy Polyakov
5da05a26f2 cms-test.pl: "localize" /dev/null even further [as follow-up to VMS].
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-02 15:27:07 +01:00
Richard Levitte
1d4d68570b Make the libssl opaque changes compile on VMS
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-31 18:07:32 +00:00
Matt Caswell
78cc1f03e8 Add changes entry for opaquifying of libssl structures
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-31 18:07:22 +00:00