Commits · 1ee4b98e695cd041da931c10fbdaf82f0ee0f268 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Mar 28, 2017

FdaSilvaYY authored Feb 17, 2017



Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3066)

1ee4b98e

Add documentation for SSL_*_ex_data() functions · 09fdfa4b

Jon Spillett authored Mar 28, 2017



[skip ci]

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3050)

09fdfa4b

Add documentation for SSL version methods · 86fde069

Jon Spillett authored Mar 28, 2017



[skip ci]

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3049)

86fde069

Provide documentation for some state machine related functions · 249e3a1b

Matt Caswell authored Mar 24, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3051)

249e3a1b

update README · 8845e02a

Dr. Stephen Henson authored Mar 28, 2017



Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3059)

8845e02a

Add X25519 doc · d218f3c3

Dr. Stephen Henson authored Mar 27, 2017



Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3059)

d218f3c3

fix typo · 0af8fd60

Dr. Stephen Henson authored Mar 27, 2017



Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3059)

0af8fd60

Provide documentation for missing SSL_SESSION_* functions · b31db505

Matt Caswell authored Mar 24, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3052)

b31db505

Move PRIu64, OSSLzu to e_os.h · 43708c15

Rich Salz authored Mar 27, 2017



Those macros are private, not public.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3044)

43708c15

Add enable-aria where rc5 and md2 are built. · 9ff79fa3

Pauli authored Mar 28, 2017



Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3046)

9ff79fa3

asynctest: don't depend on apps · a0f44a34

Emilia Kasper authored Mar 28, 2017



Remove unnecessary include of apps.h. Tests shouldn't take a
dependency on apps. In this case, there is no dependency, the include
is unnecessary.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

a0f44a34

X509_cmp_time.pod: fix doc nits · 24053693
Emilia Kasper authored Mar 28, 2017
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
24053693

Remove redundant decl of 509_STORE_set_flags · feb89199

Hannes Magnusson authored Mar 27, 2017

a47bc283

 accidentally adds another define for X509_STORE_set_flags
It is already defined 5lines prior

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3047)

feb89199

Add documentation for X509 time functions · 4ac139b4
Emilia Kasper authored Mar 28, 2017
```
[ci skip]

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
4ac139b4

Mar 27, 2017

apps/passwd.c: 32 bits are sufficient to hold ROUNDS_MAX. · a4c74e88

Andy Polyakov authored Mar 26, 2017

Even though C standard defines 'z' modifier, recent mingw compilers break
the contract by defining __STDC_VERSION__ with non-compliant MSVCRT.DLL.
In other words we can't use %zu with mingw, but insteadl of cooking

Reviewed-by: Tim Hudson <tjh@openssl.org>

a4c74e88

In err_cleanup(), cleanup the thread local storage too · 165f1c3e

Richard Levitte authored Mar 26, 2017



Fixes #3033

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3035)

165f1c3e

Mar 26, 2017

aes/asm/bsaes-armv7.pl: relax stack alignment requirement. · 0822d41b

Andy Polyakov authored Mar 25, 2017



Even though Apple refers to Procedure Call Standard for ARM Architecture
(AAPCS), they apparently adhere to custom version that doesn't follow
stack alignment constraints in the said standard. [Why or why? If it's
vendor lock-in thing, then it would be like worst spot ever.] And since
bsaes-armv7 relied on standard alignment, it became problematic to
execute the code on iOS.

Reviewed-by: Rich Salz <rsalz@openssl.org>

0822d41b

Mar 25, 2017

engines/e_capi.c: formatting and styling fixes. · e08b444a
Andy Polyakov authored Mar 24, 2017
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
e08b444a

Don't access memory before checking the correct length in... · 1b6f5a4d

Bernd Edlinger authored Mar 24, 2017


Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3023)

1b6f5a4d

Mar 24, 2017

Move the downgrade sentinel declarations to a header file · 643a3580

Matt Caswell authored Mar 24, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)

643a3580

Add a test for the TLSv1.3 downgrade mechanism · b9647e34

Matt Caswell authored Mar 23, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)

b9647e34

Make the TLSv1.3 downgrade mechanism a configurable option · 3556b83e

Matt Caswell authored Mar 22, 2017



Make it disabled by default. When TLSv1.3 is out of draft we can remove
this option and have it enabled all the time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)

3556b83e

Add client side support for TLSv1.3 downgrade mechanism · c3043dcd

Matt Caswell authored Mar 22, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)

c3043dcd

Add server side support for TLSv1.3 downgrade mechanism · f7f2a01d

Matt Caswell authored Mar 22, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)

f7f2a01d

"any" instead of "and" · a41815f0

Zack Williams authored Mar 17, 2017

The "and" should be an "any"

Fixed in LibreSSL's docs: http://man.openbsd.org/man5/x509v3.cnf.5#Subject_alternative_name



CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2980)

a41815f0

Fix function documentation · f5fd3848

Ian Spence authored Mar 16, 2017



CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2972)

f5fd3848

bn/asm/sparcv9-mont.pl: fix squaring code path. · 120a9e1a

Andy Polyakov authored Mar 22, 2017



This module is used only with odd input lengths, i.e. not used in normal
PKI cases, on contemporary processors. The problem was "illuminated" by
fuzzing tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>

120a9e1a

Mar 23, 2017

Look for comma before - in POD pages · 3ba4dac6

Rich Salz authored Mar 23, 2017



[skip ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3021)

3ba4dac6

Fix find-doc-nits: { is significant in regexps · 5d583521

Richard Levitte authored Mar 23, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3019)

5d583521

Mar 22, 2017

Fix 80-test_ssl_old.t: only count the ciphers if there are any. · e8763c69
Richard Levitte authored Mar 22, 2017
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3014)
```
e8763c69

modes/ocb128.c: fix misaligned access in ILP32 builds on 64-bit processors. · a2bb1836

Andy Polyakov authored Mar 20, 2017



One could have fixed the problem by arranging 64-bit alignment of
EVP_AES_OCB_CTX.aad_buf in evp/e_aes.c, but CRYPTO_ocb128_aad
prototype doesn't imply alignment and we have to honour it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2994)

a2bb1836

aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths. · 08d09628

Andy Polyakov authored Mar 20, 2017



Initial IV was disregarded on SHAEXT-capable processors. Amazingly
enough bulk AES128-SHA* talk-to-yourself tests were passing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2992)

08d09628

poly1305/asm/poly1305-x86_64.pl: add poly1305_blocks_vpmadd52_8x. · 0a5d1a38

Andy Polyakov authored Mar 18, 2017



As hinted by its name new subroutine processes 8 input blocks in
parallel by loading data to 512-bit registers. It still needs more
work, as it needs to handle some specific input lengths better.
In this sense it's yet another intermediate step...

Reviewed-by: Rich Salz <rsalz@openssl.org>

0a5d1a38

x86_64 assembly pack: add some Ryzen performance results. · 6cbfd94d
Andy Polyakov authored Mar 18, 2017
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
6cbfd94d

Change exit_checker comment on returned status · 089a45c5

Richard Levitte authored Mar 22, 2017



Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3012)

089a45c5

Mar 21, 2017

Refuse to run the PYCA external test if configured 'no-shared' · 34fffdb5

Richard Levitte authored Mar 21, 2017



[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3007)

34fffdb5

Travis: make a separate job for external tests · cd838c65

Richard Levitte authored Mar 21, 2017



Some of the external tests do not run well with 'no-shared'

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3007)

cd838c65

95-test_external_pyca_data/cryptography.py: only install for testing · 8c1054ae

Richard Levitte authored Mar 21, 2017



Also, be less silent when installing, so possible errors are shown.

[extended tests]

Fixes #3005

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3007)

8c1054ae

Adapt 20-test_enc.t and 20-test_enc_more.t to use statusvar · 30f1c9c4
Richard Levitte authored Mar 21, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3004)
```
30f1c9c4

Adapt 80-test_ssl_old.t to use statusvar · 7e46e56a

Richard Levitte authored Mar 21, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3004)

7e46e56a