Commits · 569204be9095e6c706d887dd0359ca6e309db026 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Dec 15, 2016
- man3/OPENSSL_ia32cap.pod: clarify AVX512 support in clang context. · 569204be
  Andy Polyakov authored Dec 14, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  569204be
Dec 14, 2016

CRL critical extension bugfix · 2b406990

Rich Salz authored Nov 28, 2016



More importantly, port CRL test from boringSSL crypto/x509/x509_test.cc

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1775)

2b406990

Add function and reason checking to evp_test · 99f2f1dc

Dr. Stephen Henson authored Dec 10, 2016



Add options to check the function and reason code matches expected values.

Reviewed-by: Richard Levitte <levitte@openssl.org>

99f2f1dc

Dec 13, 2016

Add X509_VERIFY_PARAM inheritance flag set/get · a47bc283

Rich Salz authored Dec 13, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2079)

a47bc283

Fix various doc nits. · 3dfda1a6

Rich Salz authored Dec 12, 2016



find-doc-nits warns if you don't give a "what to do flag"
Don't use regexps for section names, just strings:  More consistency.
Rename "COMMAND OPTIONS" to OPTIONS.
Fix a couple of other nit-level things.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2076)

3dfda1a6

Dec 12, 2016

Remove ENGINE_load_dasync() (no OPENSSL_INIT_ENGINE_DASYNC already) · b9b5181d

Azat Khuzhin authored Nov 01, 2016

Fixes: 8d00e30f

 ("Don't try to init
dasync internally")

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial

b9b5181d

Typo fixed · 498180de

Dmitry Belyavskiy authored Dec 12, 2016



Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2075)

498180de

updated macro spacing for styling purposes · 6974fca4

Paul Hovey authored Dec 05, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial

6974fca4

fix undoes errors introduced by... · 8bd62abe

Paul Hovey authored Dec 05, 2016

fix undoes errors introduced by https://github.com/openssl/openssl/commit/fc6076ca272f74eb1364c29e6974ad5da5ef9777?diff=split#diff-1014acebaa2c13d44ca196b9a433ef2eR184

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial

8bd62abe

Restore the ERR_FATAL_ERROR() macro · 036ba500

Benjamin Kaduk authored Dec 08, 2016

Commit 0cd0a820

 removed this macro
along with many unused function and reason codes; ERR_FATAL_ERROR()
was not used in the tree, but did have external consumers.

Add it back to restore the API compatibility and avoid breaking
applications for no internal benefit.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2049)

036ba500

Fix a leak in SSL_clear() · 4bf08600

Matt Caswell authored Dec 06, 2016



SSL_clear() was resetting numwpipes to 0, but not freeing any allocated
memory for existing write buffers.

Fixes #2026

Reviewed-by: Rich Salz <rsalz@openssl.org>

4bf08600

perlasm/x86_64-xlate.pl: refine sign extension in ea package. · 82e08930

Andy Polyakov authored Dec 09, 2016



$1<<32>>32 worked fine with either 32- or 64-bit perl for a good while,
relying on quirk that [pure] 32-bit perl performed it as $1<<0>>0. But
this apparently changed in some version past minimally required 5.10,
and operation result became 0. Yet, it went unnoticed for another while,
because most perl package providers configure their packages with
-Duse64bitint option.

Reviewed-by: Rich Salz <rsalz@openssl.org>

82e08930

x86_64 assembly pack: add AVX512 ChaCha20 and Poly1305 code paths. · abb8c44f
Andy Polyakov authored Dec 09, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
abb8c44f
poly1305/poly1305_base2_44.c: add reference base 2^44 implementation. · f2d78649
Andy Polyakov authored Dec 09, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
f2d78649

Dec 10, 2016

Avoid the call to OPENSSL_malloc with a negative value (then casted to unsigned) · 210fe4ed

Davide Galassi authored Dec 02, 2016



CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2021)

210fe4ed

Fix reference to SSL_set_max_proto_version. · eb43101f

Markus Triska authored Dec 09, 2016



CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2059)

eb43101f

Additional error tests in evp_test.c · cce65266

Dr. Stephen Henson authored Dec 10, 2016



Support checking for errors during test initialisation and parsing.

Add errors and tests for key operation initalisation and ctrl errors.

Reviewed-by: Rich Salz <rsalz@openssl.org>

cce65266

VMS UI_OpenSSL: generate OpenSSL errors when things go wrong. · c922ebe2
Richard Levitte authored Dec 09, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)
```
c922ebe2

VMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error · 18edbe65

Richard Levitte authored Dec 09, 2016



On all platforms, if the controlling tty isn't an actual tty, this is
flagged by setting is_a_tty to zero...  except on VMS, where this was
treated as an error.  Change this to behave like the other platforms.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)

18edbe65

Dec 09, 2016

Add RSA PSS tests · 2d7bbd6c

Dr. Stephen Henson authored Dec 07, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)

2d7bbd6c

Check input length to pkey_rsa_verify() · 71bbc79b

Dr. Stephen Henson authored Dec 08, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)

71bbc79b

Update client fuzz corpus · 6c0e1e20
Kurt Roeckx authored Dec 09, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2060
```
6c0e1e20

Test framework: Add the possibility to have a test specific data dir · 6c6a2ae6

Richard Levitte authored Dec 05, 2016



This data directory is formed automatically by taking the recipe name
and changing '.t' to '_data'.  Files in there can be reached with the
new function data_file()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2027)

6c6a2ae6

Update client fuzzer corpus · af5a4b40
Kurt Roeckx authored Dec 09, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2053
```
af5a4b40

Dec 08, 2016

Remove extra bang · 949320c5

Richard Levitte authored Dec 08, 2016



A bang (!) slipped through in the recent UI cleanup

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2051)

949320c5

Only call memcpy when the length is larger than 0. · a19fc66a
Kurt Roeckx authored Dec 08, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2050
```
a19fc66a

UI code style cleanup · 120fb9e4

Richard Levitte authored Dec 08, 2016



Mostly condition check changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2047)

120fb9e4

Fuzz corpora update · 141ecc4e
Kurt Roeckx authored Dec 08, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
```
141ecc4e
And client fuzzer · 4410f9d7
Kurt Roeckx authored Dec 07, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
```
4410f9d7

Make the predictable numbers start from 1 · e512840d

Kurt Roeckx authored Dec 07, 2016



There is code that retries calling RAND_bytes() until it gets something
other than 0, which just hangs if we always return 0.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041

e512840d

Make asn1 fuzzer more reproducible · 231f1337
Kurt Roeckx authored Dec 07, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
```
231f1337

Fix the declaration of tls_parse_extension in statem_locl.h · 7d152a3c

Matt Caswell authored Dec 08, 2016



Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

7d152a3c

Fix a travis failure · 625b0d51

Matt Caswell authored Dec 08, 2016



Travis was indicating a bogus uninit var warning. This fixes it.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

625b0d51

Fix various indentation · 96153874

Matt Caswell authored Dec 08, 2016



The indentation was a bit off in some of the perl files following the
extensions refactor.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

96153874

Move the checkhandshake.pm module into test/testlib · 1e566129

Matt Caswell authored Dec 08, 2016



Move this module into the same place as other test helper modules. It
simplifies the code and keeps like things together.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

1e566129

Fix make update issues · 7fe97c07

Matt Caswell authored Dec 07, 2016



Various functions got renamed. We need to rename the error codes too.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

7fe97c07

Fix more style issues following extensions refactor feedback · ecc2f938

Matt Caswell authored Dec 07, 2016



Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

ecc2f938

Introduce TLSEXT_STATUSTYPE_nothing constant · cbb09544

Matt Caswell authored Dec 07, 2016



The existing code used the magic number -1 to represent the absence of
a status_type in the extension. This commit replaces it with a macro.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

cbb09544

Change TLSEXT_IDX_* values into an enum · d270de32

Matt Caswell authored Dec 07, 2016



Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

d270de32

Various style updates following extensions refactor · 1266eefd

Matt Caswell authored Dec 07, 2016



Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

1266eefd