Commits · 0baed5e90b5c211b092a1279b0dac50166cd34d2 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jan 06, 2017

Matt Caswell authored Jan 02, 2017



al can be used uninitialised in an error path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

0baed5e9

Update SSL_trace to understand TLSv1.3 Certificates · ac52c4be

Matt Caswell authored Dec 02, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

ac52c4be

Implement TLSv1.3 style CertificateStatus · f63e4288

Matt Caswell authored Dec 02, 2016



We remove the separate CertificateStatus message for TLSv1.3, and instead
send back the response in the appropriate Certificate message extension.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

f63e4288

Create Certificate messages in TLS1.3 format · e96e0f8e

Matt Caswell authored Dec 02, 2016



Also updates TLSProxy to be able to understand the format and parse the
contained extensions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

e96e0f8e

Extends extension parsing to take the Certificate · f97d4c37

Matt Caswell authored Dec 01, 2016



Continuing from the previous commit we also need to extend the extensions
framework to supply the Certificate we just read during parsing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

f97d4c37

Extend tls_construct_extensions() to enable passing of a certificate · 30aeba43

Matt Caswell authored Dec 01, 2016



The Certificate message in TLS1.3 has an extensions block for each
Certificate. Therefore we need to extend tls_construct_extensions() to pass
in the certificate we are working on. We also pass in the position in the
chain (with 0 being the first certificate).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

30aeba43

Jan 05, 2017

Remove BIO_seek/BIO_tell from evp_test.c · 71f60ef3

Dr. Stephen Henson authored Jan 05, 2017



BIO_seek and BIO_tell can cause problems with evp_test.c on some platforms.
Avoid them by using a temporary memory BIO to store key PEM data.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2183)

71f60ef3

Jan 04, 2017

Don't run MSBLOB conversion tests when RSA or DSA are disabled · d8594555
Richard Levitte authored Jan 04, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2174)
```
d8594555

Don't run OCSP tests when OCSP is disabled · aec23ece

Richard Levitte authored Jan 04, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2173)

aec23ece

Don't build OCSP stuff when OCSP is disabled · 8f8c11d8

Richard Levitte authored Jan 04, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2173)

8f8c11d8

Don't test SRP when it's disabled · 327d38d0

Richard Levitte authored Jan 04, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2172)

327d38d0

Don't run NPN tests when NPN is disabled · e0c47b2c

Richard Levitte authored Jan 04, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2171)

e0c47b2c

Jan 01, 2017
- Add RSA decrypt and OAEP tests. · 13ab8708
  Dr. Stephen Henson authored Jan 01, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  13ab8708
- evptests.txt is not a shell script · 4fee75ca
  Dr. Stephen Henson authored Jan 01, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  4fee75ca
Dec 30, 2016

Don't run the sigalgs tests over a TLSv1.3 connection · d2e491f2

Matt Caswell authored Dec 30, 2016



We need a new API for TLSv1.3 sig algs

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)

d2e491f2

Provide some tests for the sig algs API · f1b25aae

Matt Caswell authored Dec 30, 2016



Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)

f1b25aae

Fix the SSL_set1_sigalgs() macro · fb3ae0e8

Matt Caswell authored Dec 30, 2016

This macro has a typo in it which makes it unusable. This issue was already
fixed in 1.0.2 in commit 75fdee04

, but the same fix was not applied to
other branches.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)

fb3ae0e8

Dec 29, 2016

70-test_sslvertol.t: skip test 1 and 2 if too few protocols are enabled · 2ed4c571

Richard Levitte authored Dec 29, 2016



These tests depend on there being at least one protocol version below
TLSv1.3 enabled.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)

2ed4c571

80-test_ssl_new.t: Make 19-mac-then-encrypt.conf work without TLSv1.2 · ac6eb152
Richard Levitte authored Dec 25, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)
```
ac6eb152
70-test_sslvertol.t: Make sure to check a max TLS version that matches configuration · 7638e378
Richard Levitte authored Dec 25, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)
```
7638e378
70-test_sslmessages.t: Don't check EXT_SIG_ALGS if TLS 1.2 is disabled · f6e752c0
Richard Levitte authored Dec 25, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)
```
f6e752c0

Fix CT test_sslmessages hangs · 0a6793c9

Matt Caswell authored Dec 29, 2016



The CT tests in test_sslmessages require EC to be available, therefore
we must skip these if no-ec

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

0a6793c9

Fix compilation with no-ec · 3cf96e88

Matt Caswell authored Dec 28, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

3cf96e88

Fix extension for various no- options · 0785274c

Matt Caswell authored Dec 28, 2016



Previously we were omitting the extension information from ext_defs if
the association no- option was defined. This doesn't work because the
indexes into the table are no longer valid.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

0785274c

Add a test to check the EC point formats extension appears when we expect · 397f4f78

Matt Caswell authored Dec 28, 2016



The previous commit fixed a bug where the EC point formats extensions did
not appear in the ServerHello. This should have been caught by
70-test_sslmessages but that test never tries an EC ciphersuite. This
updates the test to do that.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

397f4f78

Fix the EC point formats extension · 3b58c54f

Matt Caswell authored Dec 28, 2016



This should be sent in the ServerHello if a EC based ciphersuite is
negotiated. The relevant flag to do this was missed off in the recent
extensions refactor.

Fixes GitHub Issue #2133

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

3b58c54f

replace "will lookup up" by "will look up" · 67adf0a7

Markus Triska authored Dec 25, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2145)

67adf0a7

Dec 25, 2016
- chacha/asm/chacha-x86_64.pl: add AVX512 path optimized for shorter inputs. · 3c274a6e
  Andy Polyakov authored Dec 19, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  3c274a6e
Dec 22, 2016

Fix EVP_MD_meth_get_flags · 8bfa99f0

Todd Short authored Dec 22, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2134)

8bfa99f0

Dec 21, 2016

Travis: The TLS 1.3 code isn't interoperable yet, move it to its own build · 1307af22

Richard Levitte authored Dec 20, 2016



We should move it back to the BORINGTEST build when we are approaching
interoperability.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2123)

1307af22

Dec 20, 2016

Reformat M_check_autoarg to match our coding style · 2629440d

Richard Levitte authored Dec 20, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2121)

2629440d

M_check_autoarg: sanity check the key · d7c8f142

Richard Levitte authored Dec 20, 2016



For now, checking that the size is non-zero will suffice.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2120)

d7c8f142

Dec 19, 2016
- Add bwrite_conv and bread_conv values to methods_dgramp_sctp · 992155d0
  Richard Levitte authored Dec 19, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2116)
```
  992155d0
- Fix erroneous goto lable · c0aa6b81
  Richard Levitte authored Dec 19, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2116)
```
  c0aa6b81
- x86 assembly pack: update performance results. · a30b0522
  Andy Polyakov authored Dec 17, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  a30b0522
Dec 18, 2016

Update fuzz corpora · f15eed3b
Kurt Roeckx authored Dec 15, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #2090
```
f15eed3b
Fix memory leak in tls_parse_stoc_key_share · a1d6a0b6
Kurt Roeckx authored Dec 18, 2016
```
Found by oss-fuzz

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #2102
```
a1d6a0b6

Fix typo. · 0b742f93

Finn Hakansson authored Dec 15, 2016



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2086)

0b742f93

Dec 16, 2016

test/ssl_test: give up if both client and server wait on read · ceb6d746

Richard Levitte authored Dec 16, 2016



In some cases, both client and server end of the test can end up in
SSL_ERROR_WANT_READ and never get out of it, making the test spin.
Detect it and give up instead of waiting endlessly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2096)

ceb6d746

Fix no-ct, skip tests recipes that try to test CT · a05bed19

Richard Levitte authored Dec 16, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2096)

a05bed19