wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
16224 commits 20 branches 302 tags 153 MiB
Commit graph

16224 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kurt Roeckx
1fc7d6664a Fix usage of OPENSSL_NO_*_METHOD 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1824
 2016-03-09 19:38:18 +01:00
Kurt Roeckx
ca3895f0b5 Move disabling of RC4 for DTLS to the cipher list. 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
 2016-03-09 19:10:28 +01:00
Kurt Roeckx
82478521aa Remove DES cipher alias 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
 2016-03-09 19:10:28 +01:00
Kurt Roeckx
29c4cf0cd1 Update ciphers -s documentation 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
 2016-03-09 19:10:28 +01:00
Kurt Roeckx
cdc72e497d Document SSL_get1_supported_ciphers 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
 2016-03-09 19:10:28 +01:00
Kurt Roeckx
d7a474264b IDEA is not supported in TLS 1.2 
This currently seems to be the only cipher we still support that should get
disabled.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
 2016-03-09 19:10:28 +01:00
Kurt Roeckx
3eb2aff401 Add support for minimum and maximum protocol version supported by a cipher 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
 2016-03-09 19:10:28 +01:00
Kurt Roeckx
068c358ac3 Add ssl_get_client_min_max_version() function 
Adjust ssl_set_client_hello_version to get both the minimum and maximum and then
make ssl_set_client_hello_version use the maximum version.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
 2016-03-09 19:10:28 +01:00
Kurt Roeckx
b11836a63a Make SSL_CIPHER_get_version return a const char * 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
 2016-03-09 19:10:28 +01:00
Kurt Roeckx
6063453c5a Remove unused code 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
 2016-03-09 19:10:28 +01:00
Kurt Roeckx
7d65007238 Make function to convert version to string 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
 2016-03-09 19:10:28 +01:00
Kurt Roeckx
e4646a8963 Constify security callbacks 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #1595
 2016-03-09 19:10:28 +01:00
Rob Percival
ca74c38dc8 Documentation for ctx_set_ctlog_list_file() 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 13:07:09 -05:00
Rob Percival
6bea2a72a8 Minor improvement to formatting of SCT output in s_client 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 13:07:09 -05:00
Rob Percival
328f36c5c5 Do not display a CT log error message if CT validation is disabled 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 13:07:09 -05:00
Rich Salz
60b350a3ef RT3676: Expose ECgroup i2d functions 
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2016-03-09 12:25:21 -05:00
Richard Levitte
c471884996 Comment away the extra checks in Configure 
The "extra checks" is a debugging tool to check the config resolving
mechanism.  It uses Perl's smart match, which is experimental and
therefore always causes Perl to give out a warning, and it causes
older Perl versions to fail entirely.

So, it gets commented away, but stays otherwise in place, as it may be
useful again.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-03-09 17:59:14 +01:00
Richard Levitte
67336ea400 Make ct_dir and certs_dir static in test/ct_test.c 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-03-09 17:58:02 +01:00
Richard Levitte
1bee9d6b6c Fix ct_test to not assume it's in the source directory 
ct_test assumed it's run in the source directory and failed when built
elsewhere.  It still defaults to that, but can be told another story
with the environment variables CT_DIR and CERTS_DIR.

Test recipe updated to match.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:35:18 -05:00
Rob Percival
9ddff1e83c Document importance of CTLOG_STORE outliving SCT if SCT_set0_log is used 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
dc919c6935 Make SCT literals into const variables in ct_test.c 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
eac84e8127 Makes STACK_OF(SCT)* parameter of i2d_SCT_LIST const 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
14db9bbd71 Removes SCT_LIST_set_source and SCT_LIST_set0_logs 
Both of these functions can easily be implemented by callers instead.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
21b908a8f9 Makes SCT_get0_log return const CTLOG* 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
12d2d28185 Makes CTLOG_STORE_get0_log_by_id return const CTLOG* 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
98af731064 Improved documentation of SCT_CTX_* functions 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
e5a7ac446b Updates ct_err.c 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
5c081a8f74 Remove unnecessary call to SCT_set1_extensions(sct, "", 0) in ct_test.c 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
6d7fd9c142 Reset SCT validation_status if the SCT is modified 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
9c812014c8 Use SCT_VERSION_V1 in place of literal 0 in ct_test.c 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
70279a81a7 Fixes "usuable" typo in ct_locl.h 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
70073f3e3a Treat boolean functions as booleans 
Use "!x" instead of "x <= 0", as these functions never return a negative
value.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
8c92c4eac0 Make parameters of CTLOG_get* const 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
5da65ef23c Extensive application of __owur to CT functions that return a boolean 
Also improves some documentation of those functions.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Rob Percival
8fbb93d0e2 Makes SCT_LIST_set_source return the number of successes 
No longer terminates on first error, but instead tries to set the source
of every SCT regardless of whether an error occurs with some.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-09 11:34:48 -05:00
Todd Short
aeb5b95576 Fix locking in ssl_cert_dup() 
Properly check the return value of CRYPTO_THREAD_lock_new()

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-03-09 11:26:01 -05:00
Richard Levitte
b7aacc3ac3 Restore building out of source with the unified build scheme 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-03-09 17:13:56 +01:00
Richard Levitte
467bbe090b CT test can't run without EC, so skip it on that algo as well 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-03-09 17:13:23 +01:00
Richard Levitte
c469a9a81e Fix ct_test to not assume it's in the source directory 
ct_test assumed it's run in the source directory and failed when built
elsewhere.  It still defaults to that, but can be told another story
with the environment variables CT_DIR and CERTS_DIR.

Test recipe updated to match.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-03-09 17:13:23 +01:00
Matt Caswell
9b13e27c28 Update CHANGES and NEWS 
Update the CHANGES and NEWS files with information about the recently added
AFALG engine and pipelining.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-09 15:31:22 +00:00
Matt Caswell
651edc0d19 Fix classic build 
The Thread API changes broke classic build. This fixes it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-09 14:58:42 +00:00
Richard Levitte
635bd409b3 In build.info, an IF within a clause that's skipped over shouldn't apply 
If we find an IF within a clause that's skipped over, set it to be
skipped as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-03-09 14:53:30 +01:00
Matt Caswell
4a4e250c2a Add an entry in NEWS about the new threading API 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-09 12:41:39 +00:00
Matt Caswell
5818c2b839 Update CHANGES for the new threading API 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-09 12:41:39 +00:00
Matt Caswell
2e52e7df51 Remove the old threading API 
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.

There is now no longer a need to set locking callbacks!!

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-09 12:41:39 +00:00
Matt Caswell
4fc4faa7a7 Remove use of the old CRYPTO_LOCK_X5O9_STORE 
The locking here is a bit strange and unclear. Rather than refactor
anything and possibly break stuff I have just moved to using the new
thread API following as closely as possible what was there previously.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-03-09 12:41:39 +00:00
Richard Levitte
9749a07a1d Don't call ENGINE_cleanup when configured "no-engine" 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-03-09 12:52:50 +01:00
Richard Levitte
9ee3a5bb24 Don't add engines if configured "no-engine" 
Similarly, don't add e_capi if configured "no-capieng"

Also, indent a little deeper, for clarity.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-03-09 12:51:07 +01:00
Richard Levitte
707059a9ad Don't add afalg engine if configured "no-engine" 
Also, indent a little deeper, for clarity.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-03-09 12:51:07 +01:00
Richard Levitte
79fff39d71 Don't check the conditions to build e_afalg if configured "no-engine" 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-03-09 12:51:07 +01:00