- Mar 14, 2017
-
-
Richard Levitte authored
On some platforms, setting stdout to binary mode isn't quite enough, which makes the result unusable. With -out, we have better control. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2939)
-
Matt Caswell authored
The Boring runner attempts to enable the NULL-SHA ciphersuite using the cipherstring "DEFAULT:NULL-SHA". However in OpenSSL DEFAULT permanently switches off NULL ciphersuites, so we fix this up to be "ALL:NULL-SHA" instead. We can't change the runner so we have to change the shim to detect this. (Merged from https://github.com/openssl/openssl/pull/2933 ) Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Emilia Kasper authored
We already test DTLS protocol versions. For good measure, add some DTLS tests with client auth to the new test framework, so that we can remove the old tests without losing coverage. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
Also add negative tests for password mismatch. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Update the list of suppressions so that we can run a later BoringSSL set of tests. This also adds an ErrorMap to greatly reduce the number of failing tests. The remaining tests that still fail are just disabled for now. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2930)
-
Matt Caswell authored
The boring tests are currently failing because they send a PSK extension which isn't in the last place. This is not allowed in the latest TLS1.3 specs. However the Boring tests we have are based on an old commit that pre-date when that rule first appeared. The proper solution is to update the tests to a later commit. But for now to get travis to go green we disable the failing tests. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2928)
-
Pauli authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2926)
-
- Mar 13, 2017
-
-
Bernd Edlinger authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2801)
-
Bernd Edlinger authored
and RSA_verify_PKCS1_PSS_mgf1 with 512-bit RSA vs. sha-512. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2801)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2922)
-
Andy Polyakov authored
As hinted by its name new subroutine processes 4 input blocks in parallel. It still operates on 256-bit registers and is just another step toward full-blown AVX512IFMA procedure. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Exteneded feature flags were not pulled on AMD processors, as result a number of extensions were effectively masked on Ryzen. Original fix for x86_64cpuid.pl addressed this problem, but messed up processor vendor detection. This fix moves extended feature detection past basic feature detection where it belongs. 32-bit counterpart is harmonized too. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2917)
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2914)
-
- Mar 12, 2017
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2909)
-
Matt Caswell authored
conf has the ability to expand variables in config files. Repeatedly doing this can lead to an exponential increase in the amount of memory required. This places a limit on the length of a value that can result from an expansion. Credit to OSS-Fuzz for finding this problem. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2894)
-
- Mar 11, 2017
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
Add 2017 copyright year Add missing typedef to NAME Remove ec(7) and bn(7) doc links Remove .pod link errors, bogus links, make a few typo corrections Fix some typo's in links and some missing items. Don't link to C runtime functions (See OPENSSL_malloc for example/precedent) Document ASN1_tag2str(), add a few typedef's that were missing from NAME Update doc-nits target; addresses https://github.com/openssl/openssl/pull/1900#issuecomment-259943891, Merge check-doc-links into find-doc-nits; if run regularly, would have found https://github.com/openssl/openssl/pull/2825 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2862)
-
Richard Levitte authored
It seems the =item isn't supposed to have pure numbers, or so tells me perldoc. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2906)
-
Richard Levitte authored
It shouldn't try to return an action description for UIT_PROMPT type UI strings. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2904)
-
- Mar 10, 2017
-
-
Richard Levitte authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2903)
-
Pauli authored
... in functions dealing with the SSL object rather than the context. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2870)
-
Richard Levitte authored
This will make the individual external tests more easily selectable / deselectable through the usual test selection mechanism. This also moves external tests to group 95. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2902)
-
Bernd Edlinger authored
that refers to space deallocated by a call to the free function in tls_decrypt_ticket. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2897) (cherry picked from commit 13ed1afa923f4ffb553e389de08f26e9ce84e8a2)
-
Richard Levitte authored
This allows a finer granularity when selecting which tests to run, and makes the tests more vidible. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2901)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2892)
-
Todd Short authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2900)
-
Matt Caswell authored
RSA_private_encrypt(), RSA_public_decrypt(), RSA_public_encrypt() and RSA_private_decrypt() are declared with a "const" from parameter, but this is not reflected in the docs. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2899)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2898)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2896)
-
Matt Caswell authored
We need to check that the PSK extension in a ClientHello is the last one. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2896)
-
Bernd Edlinger authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2703)
-
- Mar 09, 2017
-
-
Richard Levitte authored
Examples of possible expressions (adapt to your platform): make test TESTS=-99 make test TESTS=10 make test TESTS=-9? make test TESTS=-[89]0 make test TESTS=[89]0 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2887)
-
Pauli authored
This amounts to moving the column counter so it isn't a function local static variable and reinitialising it each time. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2884)
-
Jon Spillett authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2805)
-
- Mar 08, 2017
-
-
Todd Short authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2882)
-
Pauli authored
process. This means no AEAD ciphers and no XTS mode. Update the test script that uses this output to test cipher suites to not filter out the now missing cipher modes. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2876)
-
Roberto Guimaraes authored
this change will prevent undefined behavior when src and dst are equal (memcpy), effectively allowing setting length only in both functions. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2750)
-
Matt Caswell authored
The value of SSL3_RT_MAX_ENCRYPTED_LENGTH normally includes the compression overhead (even if no compression is negotiated for a connection). Except in a build where no-comp is used the value of SSL3_RT_MAX_ENCRYPTED_LENGTH does not include the compression overhead. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2872)
-