wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
17719 commits 20 branches 302 tags 153 MiB
Commit graph

17719 commits

This branch
This branch
All branches
Author SHA1 Message Date
Benjamin Kaduk
a9c27fe19f Sort %disabled in Configure 
@disablables is sorted, but these were just added at the end of
%disabled in commits c2e27310 and 22e3dcb7.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-19 10:51:21 +01:00
Viktor Dukhovni
bc87fb6bcd Fix missing dane_tlsa_rrdata option error message 
The error message said "dane_tlsa_rrset" instead of "dane_tlsa_rrdata".

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-18 17:04:45 -04:00
Dr. Stephen Henson
095d2f0f8a Constify i2a* 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-18 17:20:36 +01:00
Richard Levitte
a3a0b41057 Simplify indentation of DECLARE_ and IMPLEMENT_ lines 
There's no reason we should enumerate every type of IMPLEMENT_ and
DECLARE_ line (and forget the ones we add a little now and then).
They all start with the same first word, let's just take'm all.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-18 14:40:37 +02:00
Emilia Kasper
a230b26e09 Indent ssl/ 
Run util/openssl-format-source on ssl/

Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-18 14:02:29 +02:00
Matt Caswell
604f6eff31 Convert X509_REVOKED* functions to use const getters 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-18 11:59:39 +01:00
Emilia Kasper
dd8e5a5732 Test that the peers send at most one fatal alert 
Duplicate alerts have happened, see
70c22888c1

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-18 12:49:32 +02:00
Emilia Kasper
6dc9974547 Port multi-buffer tests 
Make maximum fragment length configurable and add various fragmentation
tests, in addition to the existing multi-buffer tests.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-18 12:46:00 +02:00
Rich Salz
9d8c2dfe14 Fix some doc nits. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 19:41:47 -04:00
Richard Levitte
8d00e30f96 Don't try to init dasync internally 
Since dasync isn't installed, and is only ever used as a dynamic
engine, there's no reason to consider it for initialization when
building static engines.

Reviewed-by: Ben Laurie <ben@openssl.org>
 2016-08-17 21:34:42 +02:00
Dr. Stephen Henson
67a014bfda make update 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 17:48:44 +01:00
Dr. Stephen Henson
59b4da05b4 Constify X509_SIG. 
Constify X509_SIG_get0() and order arguments to mactch new standard.

Add X509_SIG_get0_mutable() to support modification or initialisation
of an X509_SIG structure.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 17:48:43 +01:00
FdaSilvaYY
d6073e27eb Small nits and cleanups 
using util/openssl-format-source on s_derver, s_client, ca.c, speed.c only...

Fix/merge some #ifndef

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 17:09:19 +01:00
FdaSilvaYY
cc69629626 Constify char* input parameters in apps code 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 17:09:19 +01:00
FdaSilvaYY
e7917e38be Simplify and add help about OPT_PVK* options 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 17:09:19 +01:00
FdaSilvaYY
cfd451d47f Improve error message 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 17:09:19 +01:00
FdaSilvaYY
54463e4f33 Relocalise some globals variables 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 17:09:19 +01:00
Dr. Stephen Henson
2e5ead831b Constify ssl_cert_type() 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 15:49:44 +01:00
Dr. Stephen Henson
5ebd2fcbc7 Constify X509_certificate_type() 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 14:59:54 +01:00
Dr. Stephen Henson
8adc1cb851 Constify X509_get0_signature() 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 14:12:55 +01:00
Dr. Stephen Henson
8900f3e398 Convert X509* functions to use const getters 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 13:59:04 +01:00
Matt Caswell
5e6089f0eb Convert X509_CRL* functions to use const getters 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-17 13:38:03 +01:00
Matt Caswell
6eabcc839f Make X509_NAME_get0_der() conform to OpenSSL style 
Put the main object first in the params list.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-17 13:03:04 +01:00
Dr. Stephen Henson
a0754084f8 Corrupt signature in place. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 12:34:22 +01:00
Matt Caswell
79613ea844 Convert OCSP* functions to use const getters 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-17 12:29:03 +01:00
Dr. Stephen Henson
245c6bc33b Constify private key decode. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 12:01:29 +01:00
Dr. Stephen Henson
ac4e257747 constify X509_ALGOR_get0() 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 12:01:29 +01:00
Dr. Stephen Henson
0c8006480f Constify ASN1_item_unpack(). 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-17 12:01:29 +01:00
Remi Gacogne
fddfc0afc8 Add missing session id and tlsext_status accessors 
* SSL_SESSION_set1_id()
 * SSL_SESSION_get0_id_context()
 * SSL_CTX_get_tlsext_status_cb()
 * SSL_CTX_get_tlsext_status_arg()

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 10:38:20 +01:00
Richard Levitte
46117d31fe dasync is an internal testing engine, so don't install it 
Unfortunately, it means that the VMS IVP gets a bit crippled.  This
will be fixed later on.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 10:50:31 +02:00
Richard Levitte
2238119751 VMS: no ENDIF on one line IF statements, in config.com 
Correct small error from last config.com change

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-17 10:48:43 +02:00
Matt Caswell
48593cb12a Convert SSL_SESSION* functions to use const getters 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-16 23:36:28 +01:00
Matt Caswell
b2e57e094d Convert PKCS8* functions to use const getters 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-16 23:36:27 +01:00
Matt Caswell
bb2f62baba Convert TS_STATUS_INFO* functions to use const getters 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
 2016-08-16 23:36:27 +01:00
FdaSilvaYY
69b86d4b98 two typo fixes 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1461)
 2016-08-16 15:51:58 -04:00
Gergely Nagy
1bb7310bf8 Fix compilation when using MASM on x86 
The generated asm code from x86cpuid.pl contains CMOVE instructions
which are only available on i686 and later CPUs.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1459)
 2016-08-16 14:46:55 -04:00
Matt Caswell
2ecb9f2d18 Provide compat macros for SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() 
These functions are no longer relevant to 1.1.0 (we always have auto ecdh
on) - but no reason to break old code that tries to call it. The macros will
only return a dummy "success" result if the app was trying to enable ecdh.
Disabling can't be done in quite this way any more.

Fixes Github Issue #1437

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
 2016-08-16 17:11:43 +01:00
Matt Caswell
f9cf774cbd Ensure we unpad in constant time for read pipelining 
The read pipelining code broke constant time unpadding. See GitHub
issue #1438

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 16:53:17 +01:00
Dr. Stephen Henson
0f022f5a22 Corrupt signature earlier. 
If -badsig is selected corrupt the signature before printing out
any details so the output reflects the modified signature.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 16:05:36 +01:00
Dr. Stephen Henson
34d4d74575 make update 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 16:05:36 +01:00
Dr. Stephen Henson
17ebf85abd Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data(). 
Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 16:05:35 +01:00
Richard Levitte
1940aa6e6b Remove duplicate ordinals 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 14:16:53 +02:00
Andy Polyakov
05ef4d1980 ARMv8 assembly pack: add Samsung Mongoose results. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-16 12:47:49 +02:00
Andy Polyakov
9d46752dfe Configure: recognize -static as link option and disable incompatible options. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 12:45:51 +02:00
Andy Polyakov
f4941736a9 test/ssl_test.tmpl: make it work with elderly perl. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 12:43:44 +02:00
David Woodhouse
31c34a3e2f Fix satsub64be() to unconditionally use 64-bit integers 
Now we support (u)int64_t this can be very much simpler.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-16 10:24:57 +01:00
Emilia Kasper
e0421bd8b2 SSL tests: send some application data 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 11:00:15 +02:00
Richard Levitte
ffb261ff19 Add a "config" for verbosity and use it with Travis 
Modify VMS config.com to match

Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2016-08-16 10:38:45 +02:00
Richard Levitte
a4ffbbeef6 Make "make" less verbose in Travis, except for the build only case 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2016-08-16 10:38:45 +02:00
Dr. Stephen Henson
66bcba1457 Limit reads in do_b2i_bio() 
Apply a limit to the maximum blob length which can be read in do_d2i_bio()
to avoid excessive allocation.

Thanks to Shi Lei for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-16 00:27:10 +01:00