Commits · 0ba5a9eaa0a6ae7fc25ee70eefc1f4fbdaf09483 · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Jan 25, 2017

Don't use magic numbers in aes_ocb_cipher() · 0ba5a9ea

Matt Caswell authored Jan 23, 2017



Lots of references to 16 replaced by AES_BLOCK_SIZE. Also a few other style
tweaks in that function

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2275)

0ba5a9ea

Style · e705fcf1

FdaSilvaYY authored Dec 09, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1618)

e705fcf1

Few nit's · d2a56999

FdaSilvaYY authored Sep 24, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1618)

d2a56999

Fix some extra or missing whitespaces... · 28b86f31

FdaSilvaYY authored Aug 24, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1618)

28b86f31

Jan 24, 2017

Cleanup EVP_CIPH/EP_CTRL duplicate defines · 9d6fcd42

Todd Short authored Jan 09, 2017



Remove duplicate defines from EVP source files.
Most of them were in evp.h, which is always included.
Add new ones evp_int.h
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK is now always defined in evp.h, so
remove conditionals on it

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2201)

9d6fcd42

Fix error handling in compute_key, BN_CTX_get can return NULL · 7928ee4d

Bernd Edlinger authored Dec 22, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2132)

7928ee4d

Add support for Poly1305 in EVP_PKEY · 52ad5b60

Todd Short authored Dec 16, 2016



Add Poly1305 as a "signed" digest.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2128)

52ad5b60

Add missing flags for EVP_chacha20() · c83680a0

Kazuki Yamaguchi authored Dec 30, 2016



ChaCha20 code uses its own custom cipher_data. Add EVP_CIPH_CUSTOM_IV
and EVP_CIPH_ALWAYS_CALL_INIT so that the key and the iv can be set by
different calls of EVP_CipherInit_ex().

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2156)

c83680a0

RAND_egd_bytes: No need to check RAND_status on connection error. · c2114afc

ganesh authored Nov 11, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1886)

c2114afc

Fixed the return code for RAND_egd_bytes. · 3ed93c86

ganesh authored Nov 10, 2016



According to the documentation, the return code should be -1 when
RAND_status does not return 1.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1886)

3ed93c86

Fixed the return code of RAND_query_egd_bytes when connect fails. · 1381684d

ganesh authored Nov 09, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1886)

1381684d

Jan 21, 2017
- poly1305/poly1305_base2_44.c: clarify shift boundary condition. · 9872238e
  Andy Polyakov authored Dec 25, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  9872238e
- ec/asm/ecp_nistz256-ppc64.pl: minor POWER8-specific optimization. · 6f553edb
  Andy Polyakov authored Dec 29, 2016
```
Up to 4% depending on benchmark.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  6f553edb
Jan 20, 2017

Fix DSA parameter generation control error · 8a05c4d3

Richard Levitte authored Jan 18, 2017



When setting the digest parameter for DSA parameter generation, the
signature MD was set instead of the parameter generation one.
Fortunately, that's also the one that was used for parameter
generation, but it ultimately meant the parameter generator MD and the
signature MD would always be the same.

Fixes github issue #2016

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2250)

8a05c4d3

Jan 18, 2017

Defines and strings for special salt length values, add tests · 137096a7
Dr. Stephen Henson authored Jan 17, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
```
137096a7
Add support for -1, -2 salt lengths for PSS only keys. · 79ebfc46
Dr. Stephen Henson authored Jan 16, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
```
79ebfc46

Clean one unused variable, plus an useless one. · 2191dc84

FdaSilvaYY authored Nov 10, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1906)

2191dc84

Jan 16, 2017
- Add missing braces. · c4a60150
  Kurt Roeckx authored Jan 16, 2017
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #2234
```
  c4a60150
Jan 15, 2017
- Fix undefined behaviour when printing the X509 and CRL version · c2ce477f
  Kurt Roeckx authored Jan 14, 2017
```
Found by oss-fuzz

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2231
```
  c2ce477f
- Fix VC warnings about unary minus to an unsigned type. · 68d4bcfd
  Kurt Roeckx authored Jan 15, 2017
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2230
```
  68d4bcfd
- Fix undefined behaviour when printing the X509 serial · 244d7b28
  Kurt Roeckx authored Jan 14, 2017
```
Found by afl

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2230
```
  244d7b28
Jan 13, 2017

Fix "failure rate" bugs · 50718243

Rich Salz authored Jan 13, 2017



Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2228)

50718243

Fix no-ocsp · d62210af

Richard Levitte authored Jan 13, 2017



The use of EXFLAG_SET requires the inclusion of openssl/x509v3.h.
openssl/ocsp.h does that, except when OCSP is disabled.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2227)

d62210af

UI: Use RUN_ONCE differently · 37cbabbd

Richard Levitte authored Jan 13, 2017



Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2222)

37cbabbd

UI: Ensure there will be no race condition when getting the UI_METHOD ex_data · 7eb26c49
Richard Levitte authored Jan 12, 2017
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2222)
```
7eb26c49

Jan 12, 2017

Make X509_Digest,others public · 3e5d9da5

Rich Salz authored Jan 12, 2017



Also, if want SHA1 then use the pre-computed value if there.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2223)

3e5d9da5

Add "random malloc failure" tooling · f7edeced

Rich Salz authored Jul 08, 2016



Still needs to be documented, somehow/somewhere.

The env var OPENSSL_MALLOC_FAILURES controls how often malloc/realloc
should fail.  It's a set of fields separated by semicolons.  Each field
is a count and optional percentage (separated by @) which defaults to 100.
If count is zero then it lasts "forever."  For example: 100;@25 means the
first 100 allocations pass, then the rest have a 25% chance of failing
until the program exits or crashes.

If env var OPENSSL_MALLOC_FD parses as a positive integer, a record
of all malloc "shouldfail" tests is written to that file descriptor.
If a malloc will fail, and OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE is not set
(platform specific), then a backtrace will be written to the descriptor
when a malloc fails.  This can be useful because a malloc may fail but
not be checked, and problems will only occur later.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1252)

f7edeced

GH2176: Add X509_VERIFY_PARAM_get_time · 329f2f4a

Rich Salz authored Jan 10, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2208)

329f2f4a

Jan 11, 2017
- Add a UI utility function with which to wrap pem_callback_cb in a UI_METHOD · 0fe1fc85
  Richard Levitte authored Dec 06, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)
```
  0fe1fc85
- Add an application data field in the UI_METHOD · 18cfc668
  Richard Levitte authored Dec 06, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)
```
  18cfc668
- Constify the input parameter to UI_method_get_* · a223ffe6
  Richard Levitte authored Dec 06, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)
```
  a223ffe6
Jan 10, 2017

Print the X509 version signed, and convert to unsigned for the hex version. · 676befbe
Kurt Roeckx authored Oct 20, 2016
```
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1754
```
676befbe
Only enable CRYPTO_3DES_ECB if that name is an existing macro · d9574304
Richard Levitte authored Jan 10, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)
```
d9574304

Small fixes of cryptodev engine · 374d543f

Richard Levitte authored Jan 10, 2017



- guard CRYPTO_3DES_CBC
- add a missing cast

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)

374d543f

use EVP_CIPHER_CTX_ functions instead of accessing EVP_CIPHER_CTX internals · f61c5ca6

Iaroslav Gridin authored Oct 29, 2016



by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

f61c5ca6

fix for BSD cryptodev · 349b653a

Iaroslav Gridin authored Oct 29, 2016



by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

349b653a

Remove commented-out HMAC code · 2c5998dd

Iaroslav Gridin authored Oct 29, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

2c5998dd

Style the code · 098eb1a7

Iaroslav Gridin authored Oct 29, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

098eb1a7

Remove unused ret variable · 807d2106

Iaroslav Gridin authored Oct 29, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

807d2106

Remove non-functional CRYPTO_AES_CTR ifdef disabling AES-CTR in cryptodev · 60cd1196

Iaroslav Gridin authored Oct 29, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)

60cd1196