Commits · 663ece0faa3d87a81838011f81edb8ede97018fd · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

18 Nov, 2016 1 commit

Update the location of the pod files · 663ece0f

Beat Bolli authored Nov 18, 2016

CLA: trivial
Since 99d63d46

 ("Move manpages to man[1357] structure.", 2016-10-26), the location
of the pod files has changed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1951)

663ece0f

17 Nov, 2016 23 commits

Fix name of "locked" variable · 0a3dce82

Kurt Roeckx authored Sep 03, 2016



It's called with 0 when it's already locked, with 1 when it's not.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1500

0a3dce82

Add support for reference counting using C11 atomics · 2f545ae4

Kurt Roeckx authored Aug 27, 2016



Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1500

2f545ae4

Support MSBLOB format if RC4 is disabled · b6c68982
Dr. Stephen Henson authored Nov 17, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
b6c68982

sha/asm/sha512-armv8.pl: fix big-endian support in __KERNEL__ case. · 32bbb62e

Andy Polyakov authored Nov 13, 2016



In non-__KERNEL__ context 32-bit-style __ARMEB__/__ARMEL__ macros were
set in arm_arch.h, which is shared between 32- and 64-bit builds. Since
it's not included in __KERNEL__ case, we have to adhere to official
64-bit pre-defines, __AARCH64EB__/__AARCH64EL__.

[If we are to share more code, it would need similar adjustment.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

32bbb62e

Fix missing SSL_IS_TLS13(s) usage · 657a43f6

Matt Caswell authored Nov 16, 2016



We should use the macro for testing if we are using TLSv1.3 rather than
checking s->version directly.

Reviewed-by: Rich Salz <rsalz@openssl.org>

657a43f6

Handle "int_ctx_new:unsupported algorithm" error · 86ff6cc6

Nicola Tuveri authored Oct 07, 2016



Calling EVP_PKEY_CTX_new_id(curve_NID, NULL) causes an error for most
curves that are implemented through the EC low-level API, and in the
last commit we call it for every curve to avoid treating X25519 as a
special case.

Last commit code already handles correctly this failure, but does not
remove these events from the thread error queue, thus some
false-positive warnings are printed at the end of execution.

This commit ensures that the error queue is clean, without flushing
other errors.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

86ff6cc6

Do not handle R_EC_X25519 as a special case · b756d694

Nicola Tuveri authored Oct 07, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

b756d694

Remove leftover KDF pointer · 79438087

Nicola Tuveri authored Oct 07, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

79438087

Use CRYPTO_memcmp for comparing derived secrets · 9bffdebc

Nicola Tuveri authored Oct 06, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

9bffdebc

Reintroduce preliminary sanity check in ECDH speed and remove further checks in the benchmark loop. · f7d984dd

Nicola Tuveri authored Oct 04, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

f7d984dd

Remove ECDH_EVP_derive_key wrapper function · db1dd936

Nicola Tuveri authored Oct 04, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

db1dd936

More coding style fixes · 2e4c3b5c

Nicola Tuveri authored Oct 04, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

2e4c3b5c

Run util/openssl-format-source against apps/speed.c · 29dd15b1

Nicola Tuveri authored Oct 04, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

29dd15b1

bugfix: calculate outlen for each curve · cc98e639

Nicola Tuveri authored Oct 04, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

cc98e639

Handle EVP_PKEY_derive errors and fix coding style issues · dfdd45f7

Nicola Tuveri authored Oct 04, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

dfdd45f7

Fix coding style and remove some stale code/comments · c29c7aad

Nicola Tuveri authored Oct 03, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

c29c7aad

Use EVP interface for ECDH in apps/speed.c · ed7377db

Nicola Tuveri authored Oct 03, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)

ed7377db

Add conversion test for MSBLOB format. · d922634d
Dr. Stephen Henson authored Nov 16, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
d922634d
Make MSBLOB format work with dsa utility. · b3795987
Dr. Stephen Henson authored Nov 16, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
b3795987
Fix MSBLOB format with RSA. · 159f6e7e
Dr. Stephen Henson authored Nov 16, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
159f6e7e

Raise an error on memory alloc failure. · bad6b116

FdaSilvaYY authored Nov 10, 2016



Both strdup or malloc failure should raise à err.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1905)

bad6b116

Missing free item on push failure · 2d13250f

FdaSilvaYY authored Nov 11, 2016



Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1905)

2d13250f

Merge find-undoc-api into find-doc-nits · 71a8b855

Rich Salz authored Nov 13, 2016



Use \b on NOEXIST and EXPORT_VAR_AS_FUNC patterns as suggested by Andy.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1912)

71a8b855

16 Nov, 2016 16 commits

Move SCT_LIST_free definition into a more logical place · e1940e9f

Rob Percival authored Oct 19, 2016



This reflects its position in include/openssl/ct.h.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)

e1940e9f

Make sure things get deleted when test setup fails in ct_test.c · 765731a8

Rob Percival authored Oct 19, 2016



Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)

765731a8

Use valid signature in test_decode_tls_sct() · e2635c49

Rob Percival authored Oct 19, 2016



Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)

e2635c49

Pass a temporary pointer to o2i_SCT_signature from SCT_new_from_base64 · 73ccf3ca

Rob Percival authored Oct 19, 2016



Otherwise, |dec| gets moved past the end of the signature by
o2i_SCT_signature and then can't be correctly freed afterwards.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)

73ccf3ca

Subtract padding from outlen in ct_base64_decode · 70a06fc1

Rob Percival authored Oct 19, 2016



Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)

70a06fc1

Construct SCT from base64 in ct_test · f7a39a5a

Rob Percival authored Sep 07, 2016



This gives better code coverage and is more representative of how a
user would likely construct an SCT (using the base64 returned by a CT log).

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)

f7a39a5a

On x86 machines where the compiler supports -m32, use 'linux-x86' · 27a451e3

Richard Levitte authored Nov 15, 2016



The rationale is that the linux-x86 is the most likely config target
to evolve and should therefore be chosen when possible, while
linux-elf is mostly reserved for older Linux machines.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1924)

27a451e3

Add a modern linux-x86 config target · 7fbc0bfd

Richard Levitte authored Nov 15, 2016



'linux-x86' is similar to 'linux-x86_64' but uses -m32 rather than -m64.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1924)

7fbc0bfd

Fix a "defined but not used" warning when enabling ssl-trace · f43cb3f8
Matt Caswell authored Nov 15, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
f43cb3f8

Remove a hack from ssl_test_old · e304d3e2

Matt Caswell authored Nov 15, 2016



ssl_test_old was reaching inside the SSL structure and changing the internal
BIO values. This is completely unneccessary, and was causing an abort in the
test when enabling TLSv1.3.

I also removed the need for ssl_test_old to include ssl_locl.h. This
required the addition of some missing accessors for SSL_COMP name and id
fields.

Reviewed-by: Rich Salz <rsalz@openssl.org>

e304d3e2

Add SSL_peek() and SSL_peek_ex() to NAME section · 5a2443ae
Matt Caswell authored Nov 14, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
5a2443ae
Fix a typo in a comment · 395cc5cd
Matt Caswell authored Nov 15, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
395cc5cd

Move getting the curvelist for client and server out of the loop · 9a519880

Matt Caswell authored Nov 15, 2016



No need to continually get the list of supported curves for the client
and server. Just do it once.

Reviewed-by: Rich Salz <rsalz@openssl.org>

9a519880

Fixed various style issues in the key_share code · 94ed2c67

Matt Caswell authored Nov 14, 2016



Numerous style issues as well as references to TLS1_3_VERSION instead of
SSL_IS_TLS13(s)

Reviewed-by: Rich Salz <rsalz@openssl.org>

94ed2c67

Add some tests for the key_share extension · 5a8e54d9
Matt Caswell authored Nov 03, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
5a8e54d9
Check key_exchange data length is not 0 · 323f212a
Matt Caswell authored Nov 04, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
323f212a