- Feb 12, 2018
-
-
Matt Caswell authored
Updated the NEWS file with the most significant items from CHANGES Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5333)
-
Matt Caswell authored
Fix a typo in INSTALL and update the link in CHANGES Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5329)
-
Bernd Edlinger authored
when the data block ends with SPACEs or NULs. The problem is, you can't see if the data ends with SPACE or NUL or a combination of both. This can happen for instance with openssl rsautl -decrypt -hexdump Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5328)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
We should always check the return code. This fixes a coverity issue. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5308)
-
Matt Caswell authored
On the client we calculate the age of the ticket in seconds but the server may work in ms. Due to rounding errors we could overestimate the age by up to 1s. It is better to underestimate it. Otherwise, if the RTT is very short, when the server calculates the age reported by the client it could be bigger than the age calculated on the server - which should never happen. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5306)
-
- Feb 11, 2018
-
-
Daniël van Eeden authored
Fixes Issue #5255 CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5256)
-
- Feb 10, 2018
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5318)
-
Viktor Dukhovni authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Feb 09, 2018
-
-
Bernd Edlinger authored
the possibly indeterminate pointer value in wpend_buf. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5305)
-
Matt Caswell authored
The no-tls1_2 option does not work properly in conjunction with TLSv1.3 being enabled (which is now the default). This commit fixes the issues. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5301)
-
Nick Mathewson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5150)
-
Nick Mathewson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5150)
-
Nick Mathewson authored
- pem2.h is empty, so pem.h doesn't need to include it. - pem2.h once declared ERR_load_PEM_strings(), so it should now include pemerr.h Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5150)
-
Nick Mathewson authored
In commit 52df25cf , the ERR_load_FOO_strings() functions were moved from their original location in foo.h into new headers called fooerr.h. But they were never removed from their original locations. This duplication causes redundant-declaration warnings on programs that use OpenSSL's headers with such warnings enabled. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5150)
-
Matt Caswell authored
In <= TLSv1.2 a Finished message always comes immediately after a CCS except in the case of NPN where there is an additional message between the CCS and Finished. Historically we always calculated the Finished MAC when we processed the CCS. However to deal with NPN we also calculated it when we receive the Finished message. Really this should only have been done if we hand negotiated NPN. This simplifies the code to only calculate the MAC when we receive the Finished. In 1.1.1 we need to do it this way anyway because there is no CCS (except in middlebox compat mode) in TLSv1.3. Coincidentally, this commit also fixes the fact that no-nextprotoneg does not currently work in master. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5285)
-
Richard Levitte authored
It was a bit absurd to have this being specially handled in the build file templates, especially that we have the 'includes' attribute. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5296)
-
Richard Levitte authored
Mac OS/X has a type for %j that doesn't agree with how we define it, which gives incorrect warnings. The easiest way out of that situation is simply to turn off that check on Mac OS/X. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5302)
-
FdaSilvaYY authored
As suggested in https://github.com/openssl/openssl/pull/5275 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5288)
-
Richard Levitte authored
Configurations/descrip.mms.tmpl didn't treat the includes config attribute very well. In fact, it didn't treat it at all! Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5295)
-
Pauli authored
Simplify Posix timer detection. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5279)
-
Richard Levitte authored
The contents of that attribute is C file names, not object file names. This went undetected because quite a lot of systems have assembler implementations anyway, so setting OPENSSL_CPUID_OBJ was correct for them. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5291)
-
Richard Levitte authored
Recent changes seem to have gotten OS X back on track, so we should be able to run our tests there again. This reverts commit e12e903e . Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5292)
-
Dr. Matthias St. Pierre authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5293)
-
- Feb 08, 2018
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5287)
-
Richard Levitte authored
%disabled_algorithms isn't necessarily initialised with the "algos" 'DEPRECATEDIN_1_1_0' etc. However, we know that @known_algorithms has them all, so use that to find them instead. Fixes #5157 (where this was reported) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5282)
-
Richard Levitte authored
The slash should be there according to Microsoft documentation, see https://msdn.microsoft.com/en-us/library/7cafx990.aspx Fixes #5277 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5278)
-
- Feb 07, 2018
-
-
Matt Caswell authored
tls13encryptiontest is an "internal" test. As with all the other internal tests it should not be run on a shared native Windows build. [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5266)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5266)
-
Matt Caswell authored
If TLSv1.3 is enabled and combined with other options that extend the size of the ClientHello, then the clienthello test can sometimes fail because the ClientHello has grown too large. Part of the purpose of the test is to check that the padding extension works properly. This requires the ClientHello size to be kept within certain bounds. By restricting the number of ciphersuites sent we can reduce the size of the ClientHello. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5266)
-
Matt Caswell authored
[extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5266)
-
Richard Levitte authored
It turns out that even if you successfully build the engine, it might not load properly, so we cannot make the test program fail for it. See the message in commit 25b9d11c This reverts commit 227a1e3f . Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5276)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5275)
-
Richard Levitte authored
If a module is disablable (i.e. can be configured with 'no-FOO'), the resulting header file needs to be guarded with a check of the corresponding OPENSSL_NO_FOO. While this seem fairly innocuous, it has an impact on the information in util/*.num, generated by mkdef.pl. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5275)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5270)
-
Richard Levitte authored
The afalg engine was moved down from engines/afalg/ to engines/, but the test wasn't changed accordingly. This was undetected because the test program didn't fail when it couldn't load the engine. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5270)
-
Richard Levitte authored
If you know that there's no afalg engine, don't run this test. test/recipes/30-test_afalg.t checks this correctly. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5270)
-
Pauli authored
MacOS seems to define __GLIBC__ but not __GLIBC_PREREQ. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5269)
-
Pauli authored
Remove the timer and TSC additional input code and instead provide a single routine that attempts to use the "best" timer/counter available on the system. It attempts to use TSC, then various OS dependent resources and finally several tries to obtain the date. If any of these timer/counters is successful, the rest are skipped. No randomness is credited for this. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5231)
-