Commits · 607f4d564f9540cda6cf5b127f2414625a11741a · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Sep 01, 2017

Fix OpenSSL::Test::Utils::config to actualy load the config data · 607f4d56
Richard Levitte authored Sep 01, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4319)
```
607f4d56

Fix long SNI lengths in test/handshake_helper.c · c4604e9b

Benjamin Kaduk authored Sep 01, 2017



If the server_name extension is long enough to require two bytes to
hold the length of either field, the test suite would not decode
the length properly.  Using the PACKET_ APIs would have avoided this,
but it was desired to avoid using private APIs in this part of the
test suite, to keep ourselves honest.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4318)

c4604e9b

Fixup include path in ossl_shim test after e_os.h work · de0dc006

Benjamin Kaduk authored Sep 01, 2017



The include search path was not picking up files in the root of
the tree.

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4316)

de0dc006

Tighten up SSL_get1_supported_ciphers() docs · e65dfa47

Benjamin Kaduk authored Aug 29, 2017



This function is really emulating what would happen in client mode,
and does not necessarily reflect what is usable for a server SSL.
Make this a bit more explicit, and do some wordsmithing while here.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4284)

e65dfa47

Fix Proxy where a timeout occurs waiting for both client and server · 41300166
Matt Caswell authored Aug 31, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4305)
```
41300166

crypto/cryptlib.c: mask more capability bits upon FXSR bit flip. · 6e5a853b

Andy Polyakov authored Aug 31, 2017



OPENSSL_ia32cap.pod discusses possibility to disable operations on
XMM register bank. This formally means that this flag has to be checked
in combination with other flags. But it customarily isn't. But instead
of chasing all the cases we can flip more bits together with FXSR one.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4303)

6e5a853b

ssl/statem/extensions_clnt.c: fix return code buglet. · 89bc9cf6

Andy Polyakov authored Aug 31, 2017



Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4297)

89bc9cf6

ssl/statem/*.c: address "enum mixed with another type" warnings. · eb5fd03b

Andy Polyakov authored Aug 31, 2017



This is actually not all warnings, only return values.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4297)

eb5fd03b

Aug 31, 2017

struct timeval include guards · 4cff10dc

Pauli authored Sep 01, 2017



Move struct timeval includes into e_os.h (where the Windows ones were).
Enaure that the include is guarded canonically.

Refer #4271

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4312)

4cff10dc

Address feedback · 75551e07

Rich Salz authored Aug 30, 2017



Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4294)

75551e07

Add CRYPTO_thread_glock_new · ed6b2c79

Rich Salz authored Aug 29, 2017



Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4294)

ed6b2c79

Fix potential null problem. · 3907872f

Pauli authored Sep 01, 2017



Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4313)

3907872f

Avoid possible uninitialized variable. · ccb76685

Rich Salz authored Aug 31, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4307)

ccb76685

OpenSSL::Test::__fixup_prg: don't check program existence · 721614a2

Richard Levitte authored Aug 31, 2017



The program will fail to run if it doesn't exist anyway, no need to
check its existence here.

Fixes #4306

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4309)

721614a2

util/mkdef.pl: handle line terminators correctly · e66b62b8

Richard Levitte authored Aug 31, 2017



When parsing the header files, mkdef.pl didn't clear the line
terminator properly.  In most cases, this didn't matter, but there
were moments when this caused parsing errors (such as CRLFs in certain
cases).

Fixes #4267

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4304)

e66b62b8

Various review fixes for PSK early_data support · 0ef28021

Matt Caswell authored Aug 31, 2017



Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)

0ef28021

Test for late client side detection of ALPN inconsistenties · 57dee9bb
Matt Caswell authored Aug 17, 2017
```
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
```
57dee9bb
Client side sanity check of ALPN after server has accepted early_data · 4be3a7c7
Matt Caswell authored Aug 16, 2017
```
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
```
4be3a7c7

Add some fixes for Travis failures · fff202e5

Matt Caswell authored Aug 03, 2017



Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)

fff202e5

Add PSK early_data tests · 976e5323

Matt Caswell authored Aug 03, 2017



Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)

976e5323

Add server side sanity checks of SNI/ALPN for use with early_data · 630369d9
Matt Caswell authored Aug 01, 2017
```
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
```
630369d9

Make sure we save ALPN data in the session · ae8d7d99

Matt Caswell authored Jul 31, 2017



Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)

ae8d7d99

Complain if we are writing early data but SNI or ALPN is incorrect · ffc5bbaa

Matt Caswell authored Jul 21, 2017



SNI and ALPN must be set to be consistent with the PSK. Otherwise this is
an error.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)

ffc5bbaa

Add functions for getting/setting SNI/ALPN info in SSL_SESSION · 67738645
Matt Caswell authored Aug 03, 2017
```
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
```
67738645
Show the error stack if there was an error writing early data in s_client · dd5b98c5
Matt Caswell authored Jul 21, 2017
```
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
```
dd5b98c5

Update the tests for SNI changes · db919b1e

Matt Caswell authored Aug 01, 2017



If there is no SNI in the session then s_client no longer sends the SNI
extension. Update the tests to take account of that

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)

db919b1e

If no SNI has been explicitly set use the one from the session · c5de99a2

Matt Caswell authored Jul 21, 2017



If we have not decided on an SNI value yet, but we are attempting to reuse
a session, and SNI is set in that, then we should use that value by
default.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)

c5de99a2

Make sure we use the correct cipher when using the early_secret · 08717544
Matt Caswell authored Jul 19, 2017
```
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
```
08717544
Add HISTORY and SEE ALSO sections for the new TLSv1.3 PSK functions · e105ae84
Matt Caswell authored Jul 13, 2017
```
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
```
e105ae84

Add documentation for SSL_SESSION_set_max_early_data() · e17e1df7

Matt Caswell authored Jul 13, 2017



Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)

e17e1df7

Add some PSK early_data tests · 02a3ed5a

Matt Caswell authored Jul 13, 2017



Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)

02a3ed5a

Add SSL_SESSION_set_max_early_data() · 98e1d934

Matt Caswell authored Jul 08, 2017



Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)

98e1d934

Enable the ability to use an external PSK for sending early_data · add8d0e9
Matt Caswell authored Jul 05, 2017
```
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
```
add8d0e9

Fixed address family test error for AF_UNIX in BIO_ADDR_make · 17750375

Zhu Qun-Ying authored Aug 30, 2017



CLA: trivial

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4298)

17750375

Aug 30, 2017

Add documentation for ARIA GCM modes. · 5859722c

Pauli authored Aug 31, 2017



Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4300)

5859722c

Add ARIA as an alias for all ARIA based modes. · ea78d1ec

Pauli authored Aug 31, 2017



Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4300)

ea78d1ec

Introduce SSL_CIPHER_get_protocol_id · 50966bfa

Paul Yang authored Aug 23, 2017



The returned ID matches with what IANA specifies (or goes on the
wire anyway, IANA notwithstanding).

Doc is added.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4107)

50966bfa

Add two missing SSL_CIPHER_* functions · 22d1a340

Paul Yang authored Aug 07, 2017



This is yet another 'code health' commit to respond to this round of code health
Tuesday

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4107)

22d1a340

Fix return value of ASN1_TIME_compare · e44d3761

Todd Short authored Aug 25, 2017



Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4264)

e44d3761

Configure: base compiler-specific decisions on pre-defines. · 54cf3b98

Andy Polyakov authored Aug 29, 2017



The commit subject is a bit misleading in sense that decisions affect
only gcc and gcc-alikes, like clang, recent icc...

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4281)

54cf3b98