Qin Long
cff55b90e9
Cleaning UEFI Build with additional OPENSSL_SYS_UEFI flags
...
Add OPENSSL_SYS_UEFI to remove unused syslog and uid stuffs for
more clean UEFI build.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2961 )
2017-03-29 07:35:59 +02:00
Benjamin Kaduk
0acee5045a
Further de-obfuscation
...
A similar change that probably should have been wrapped into
commit e0926ef49d
.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3010 )
2017-03-29 07:33:39 +02:00
Jon Spillett
8c55c46147
Add documentation for SNI APIs
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3071 )
2017-03-29 07:26:41 +02:00
Rich Salz
a01dbac232
Remove duplicate doc
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3068 )
2017-03-29 07:18:57 +02:00
FdaSilvaYY
69687aa829
More typo fixes
...
Fix some comments too
[skip ci]
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069 )
2017-03-29 07:14:29 +02:00
Jon Spillett
7bd278957d
Typo in SSL_CTX_sess_number.pod - started
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070 )
2017-03-29 07:10:18 +02:00
Jon Spillett
edb79c3a34
Tidy up the SSL options in SSL_CTX_set_options.pod
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070 )
2017-03-29 07:10:18 +02:00
Jon Spillett
3aaa1bd076
SSL_CTX_use_PrivateKey_file uses private key, not certificate
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070 )
2017-03-29 07:10:18 +02:00
Jon Spillett
d5d5b5fc77
Typo in SSL_CONF_cmd_argv.pod
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070 )
2017-03-29 07:10:18 +02:00
Jon Spillett
f5f85f755d
Typo in SSL_CONF_CTX_set1_prefix.pod - change SSL_CTX_cmd to SSL_CONF_cmd
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070 )
2017-03-29 07:10:18 +02:00
Jon Spillett
818f861756
Typo in SSL_CONF_CTX_set_flags.pod
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3070 )
2017-03-29 07:10:18 +02:00
Pauli
2fae041d6c
Test infrastructure additions.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3011 )
2017-03-29 08:51:43 +10:00
FdaSilvaYY
a6ac1ed686
Fix 0 -> NULL, indentation
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3066 )
2017-03-28 16:16:49 -04:00
FdaSilvaYY
cbe9524183
Refomat a few comments on 80 cols
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3066 )
2017-03-28 16:16:49 -04:00
FdaSilvaYY
a8cd439bf5
Spelling fixes
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3066 )
2017-03-28 16:16:49 -04:00
FdaSilvaYY
1ee4b98e69
Fix a few more typos
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3066 )
2017-03-28 16:16:49 -04:00
Jon Spillett
09fdfa4b2f
Add documentation for SSL_*_ex_data() functions
...
[skip ci]
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3050 )
2017-03-28 21:50:13 +02:00
Jon Spillett
86fde069d4
Add documentation for SSL version methods
...
[skip ci]
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3049 )
2017-03-28 20:13:30 +02:00
Matt Caswell
249e3a1b20
Provide documentation for some state machine related functions
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3051 )
2017-03-28 15:46:40 +01:00
Dr. Stephen Henson
8845e02a74
update README
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3059 )
2017-03-28 15:43:42 +01:00
Dr. Stephen Henson
d218f3c331
Add X25519 doc
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3059 )
2017-03-28 15:43:41 +01:00
Dr. Stephen Henson
0af8fd6085
fix typo
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3059 )
2017-03-28 15:43:41 +01:00
Matt Caswell
b31db50528
Provide documentation for missing SSL_SESSION_* functions
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3052 )
2017-03-28 15:15:41 +01:00
Rich Salz
43708c1545
Move PRIu64, OSSLzu to e_os.h
...
Those macros are private, not public.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3044 )
2017-03-28 08:43:48 -04:00
Pauli
9ff79fa3e1
Add enable-aria where rc5 and md2 are built.
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3046 )
2017-03-28 08:42:22 -04:00
Emilia Kasper
a0f44a34d2
asynctest: don't depend on apps
...
Remove unnecessary include of apps.h. Tests shouldn't take a
dependency on apps. In this case, there is no dependency, the include
is unnecessary.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-28 14:40:25 +02:00
Emilia Kasper
24053693b0
X509_cmp_time.pod: fix doc nits
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-28 14:40:25 +02:00
Hannes Magnusson
feb891990a
Remove redundant decl of 509_STORE_set_flags
...
a47bc283
accidentally adds another define for X509_STORE_set_flags
It is already defined 5lines prior
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3047 )
2017-03-28 08:37:44 -04:00
Emilia Kasper
4ac139b49a
Add documentation for X509 time functions
...
[ci skip]
Reviewed-by: Tim Hudson <tjh@openssl.org>
2017-03-28 12:22:32 +02:00
Andy Polyakov
a4c74e88e4
apps/passwd.c: 32 bits are sufficient to hold ROUNDS_MAX.
...
Even though C standard defines 'z' modifier, recent mingw compilers break
the contract by defining __STDC_VERSION__ with non-compliant MSVCRT.DLL.
In other words we can't use %zu with mingw, but insteadl of cooking
Reviewed-by: Tim Hudson <tjh@openssl.org>
2017-03-27 21:09:06 +02:00
Richard Levitte
165f1c3ef3
In err_cleanup(), cleanup the thread local storage too
...
Fixes #3033
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3035 )
2017-03-27 12:54:40 +02:00
Andy Polyakov
0822d41b6d
aes/asm/bsaes-armv7.pl: relax stack alignment requirement.
...
Even though Apple refers to Procedure Call Standard for ARM Architecture
(AAPCS), they apparently adhere to custom version that doesn't follow
stack alignment constraints in the said standard. [Why or why? If it's
vendor lock-in thing, then it would be like worst spot ever.] And since
bsaes-armv7 relied on standard alignment, it became problematic to
execute the code on iOS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-26 18:29:03 +02:00
Andy Polyakov
e08b444ac0
engines/e_capi.c: formatting and styling fixes.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-25 11:23:39 +01:00
Bernd Edlinger
1b6f5a4d3b
Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD.
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3023 )
2017-03-25 11:12:18 +01:00
Matt Caswell
643a358042
Move the downgrade sentinel declarations to a header file
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022 )
2017-03-24 14:07:11 +00:00
Matt Caswell
b9647e34ff
Add a test for the TLSv1.3 downgrade mechanism
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022 )
2017-03-24 14:07:11 +00:00
Matt Caswell
3556b83ea2
Make the TLSv1.3 downgrade mechanism a configurable option
...
Make it disabled by default. When TLSv1.3 is out of draft we can remove
this option and have it enabled all the time.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022 )
2017-03-24 14:07:11 +00:00
Matt Caswell
c3043dcd55
Add client side support for TLSv1.3 downgrade mechanism
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022 )
2017-03-24 14:07:11 +00:00
Matt Caswell
f7f2a01d63
Add server side support for TLSv1.3 downgrade mechanism
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022 )
2017-03-24 14:07:11 +00:00
Zack Williams
a41815f05e
"any" instead of "and"
...
The "and" should be an "any"
Fixed in LibreSSL's docs: http://man.openbsd.org/man5/x509v3.cnf.5#Subject_alternative_name
CLA: trivial
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2980 )
2017-03-24 13:43:21 +01:00
Ian Spence
f5fd3848fe
Fix function documentation
...
CLA: trivial
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2972 )
2017-03-24 13:39:02 +01:00
Andy Polyakov
120a9e1a82
bn/asm/sparcv9-mont.pl: fix squaring code path.
...
This module is used only with odd input lengths, i.e. not used in normal
PKI cases, on contemporary processors. The problem was "illuminated" by
fuzzing tests.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-24 12:18:35 +01:00
Rich Salz
3ba4dac67a
Look for comma before - in POD pages
...
[skip ci]
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3021 )
2017-03-23 13:18:31 -04:00
Richard Levitte
5d5835219e
Fix find-doc-nits: { is significant in regexps
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3019 )
2017-03-23 15:09:41 +01:00
Richard Levitte
e8763c6974
Fix 80-test_ssl_old.t: only count the ciphers if there are any.
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3014 )
2017-03-22 11:12:48 +01:00
Andy Polyakov
a2bb183623
modes/ocb128.c: fix misaligned access in ILP32 builds on 64-bit processors.
...
One could have fixed the problem by arranging 64-bit alignment of
EVP_AES_OCB_CTX.aad_buf in evp/e_aes.c, but CRYPTO_ocb128_aad
prototype doesn't imply alignment and we have to honour it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2994 )
2017-03-22 11:09:12 +01:00
Andy Polyakov
08d09628d2
aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
...
Initial IV was disregarded on SHAEXT-capable processors. Amazingly
enough bulk AES128-SHA* talk-to-yourself tests were passing.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2992 )
2017-03-22 11:02:56 +01:00
Andy Polyakov
0a5d1a38f2
poly1305/asm/poly1305-x86_64.pl: add poly1305_blocks_vpmadd52_8x.
...
As hinted by its name new subroutine processes 8 input blocks in
parallel by loading data to 512-bit registers. It still needs more
work, as it needs to handle some specific input lengths better.
In this sense it's yet another intermediate step...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-22 10:59:59 +01:00
Andy Polyakov
6cbfd94d08
x86_64 assembly pack: add some Ryzen performance results.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2017-03-22 10:58:01 +01:00
Richard Levitte
089a45c5df
Change exit_checker comment on returned status
...
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3012 )
2017-03-22 08:49:57 +01:00