Commits · 71f60ef3376144885384f2b1b3f00c3d54806f38 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jan 05, 2017

Remove BIO_seek/BIO_tell from evp_test.c · 71f60ef3

Dr. Stephen Henson authored Jan 05, 2017



BIO_seek and BIO_tell can cause problems with evp_test.c on some platforms.
Avoid them by using a temporary memory BIO to store key PEM data.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2183)

71f60ef3

Jan 04, 2017

Don't run MSBLOB conversion tests when RSA or DSA are disabled · d8594555
Richard Levitte authored Jan 04, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2174)
```
d8594555

Don't run OCSP tests when OCSP is disabled · aec23ece

Richard Levitte authored Jan 04, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2173)

aec23ece

Don't build OCSP stuff when OCSP is disabled · 8f8c11d8

Richard Levitte authored Jan 04, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2173)

8f8c11d8

Don't test SRP when it's disabled · 327d38d0

Richard Levitte authored Jan 04, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2172)

327d38d0

Don't run NPN tests when NPN is disabled · e0c47b2c

Richard Levitte authored Jan 04, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2171)

e0c47b2c

Jan 01, 2017
- Add RSA decrypt and OAEP tests. · 13ab8708
  Dr. Stephen Henson authored Jan 01, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  13ab8708
- evptests.txt is not a shell script · 4fee75ca
  Dr. Stephen Henson authored Jan 01, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  4fee75ca
Dec 30, 2016

Don't run the sigalgs tests over a TLSv1.3 connection · d2e491f2

Matt Caswell authored Dec 30, 2016



We need a new API for TLSv1.3 sig algs

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)

d2e491f2

Provide some tests for the sig algs API · f1b25aae

Matt Caswell authored Dec 30, 2016



Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)

f1b25aae

Fix the SSL_set1_sigalgs() macro · fb3ae0e8

Matt Caswell authored Dec 30, 2016

This macro has a typo in it which makes it unusable. This issue was already
fixed in 1.0.2 in commit 75fdee04

, but the same fix was not applied to
other branches.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)

fb3ae0e8

Dec 29, 2016

70-test_sslvertol.t: skip test 1 and 2 if too few protocols are enabled · 2ed4c571

Richard Levitte authored Dec 29, 2016



These tests depend on there being at least one protocol version below
TLSv1.3 enabled.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)

2ed4c571

80-test_ssl_new.t: Make 19-mac-then-encrypt.conf work without TLSv1.2 · ac6eb152
Richard Levitte authored Dec 25, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)
```
ac6eb152
70-test_sslvertol.t: Make sure to check a max TLS version that matches configuration · 7638e378
Richard Levitte authored Dec 25, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)
```
7638e378
70-test_sslmessages.t: Don't check EXT_SIG_ALGS if TLS 1.2 is disabled · f6e752c0
Richard Levitte authored Dec 25, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2144)
```
f6e752c0

Fix CT test_sslmessages hangs · 0a6793c9

Matt Caswell authored Dec 29, 2016



The CT tests in test_sslmessages require EC to be available, therefore
we must skip these if no-ec

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

0a6793c9

Fix compilation with no-ec · 3cf96e88

Matt Caswell authored Dec 28, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

3cf96e88

Fix extension for various no- options · 0785274c

Matt Caswell authored Dec 28, 2016



Previously we were omitting the extension information from ext_defs if
the association no- option was defined. This doesn't work because the
indexes into the table are no longer valid.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

0785274c

Add a test to check the EC point formats extension appears when we expect · 397f4f78

Matt Caswell authored Dec 28, 2016



The previous commit fixed a bug where the EC point formats extensions did
not appear in the ServerHello. This should have been caught by
70-test_sslmessages but that test never tries an EC ciphersuite. This
updates the test to do that.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

397f4f78

Fix the EC point formats extension · 3b58c54f

Matt Caswell authored Dec 28, 2016



This should be sent in the ServerHello if a EC based ciphersuite is
negotiated. The relevant flag to do this was missed off in the recent
extensions refactor.

Fixes GitHub Issue #2133

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

3b58c54f

replace "will lookup up" by "will look up" · 67adf0a7

Markus Triska authored Dec 25, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2145)

67adf0a7

Dec 25, 2016
- chacha/asm/chacha-x86_64.pl: add AVX512 path optimized for shorter inputs. · 3c274a6e
  Andy Polyakov authored Dec 19, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  3c274a6e
Dec 22, 2016

Fix EVP_MD_meth_get_flags · 8bfa99f0

Todd Short authored Dec 22, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2134)

8bfa99f0

Dec 21, 2016

Travis: The TLS 1.3 code isn't interoperable yet, move it to its own build · 1307af22

Richard Levitte authored Dec 20, 2016



We should move it back to the BORINGTEST build when we are approaching
interoperability.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2123)

1307af22

Dec 20, 2016

Reformat M_check_autoarg to match our coding style · 2629440d

Richard Levitte authored Dec 20, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2121)

2629440d

M_check_autoarg: sanity check the key · d7c8f142

Richard Levitte authored Dec 20, 2016



For now, checking that the size is non-zero will suffice.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2120)

d7c8f142

Dec 19, 2016
- Add bwrite_conv and bread_conv values to methods_dgramp_sctp · 992155d0
  Richard Levitte authored Dec 19, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2116)
```
  992155d0
- Fix erroneous goto lable · c0aa6b81
  Richard Levitte authored Dec 19, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2116)
```
  c0aa6b81
- x86 assembly pack: update performance results. · a30b0522
  Andy Polyakov authored Dec 17, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  a30b0522
Dec 18, 2016

Update fuzz corpora · f15eed3b
Kurt Roeckx authored Dec 15, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #2090
```
f15eed3b
Fix memory leak in tls_parse_stoc_key_share · a1d6a0b6
Kurt Roeckx authored Dec 18, 2016
```
Found by oss-fuzz

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #2102
```
a1d6a0b6

Fix typo. · 0b742f93

Finn Hakansson authored Dec 15, 2016



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2086)

0b742f93

Dec 16, 2016

test/ssl_test: give up if both client and server wait on read · ceb6d746

Richard Levitte authored Dec 16, 2016



In some cases, both client and server end of the test can end up in
SSL_ERROR_WANT_READ and never get out of it, making the test spin.
Detect it and give up instead of waiting endlessly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2096)

ceb6d746

Fix no-ct, skip tests recipes that try to test CT · a05bed19

Richard Levitte authored Dec 16, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2096)

a05bed19

e_afalg: Don't warn about kernel version when pedantic · 97043e46

Richard Levitte authored Dec 16, 2016



When built with --strict-warnings and the Linux kernel headers don't
match the kernel version, the preprocessor warnings in
engines/afalg/e_afalg.c cause compilation errors.  Use the macro
PEDANTIC to avoid those warnings in that case.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2095)

97043e46

evp_test: when function and reason strings aren't available, just skip · cd3fe0e0
Richard Levitte authored Dec 16, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2093)
```
cd3fe0e0

HP-UX doesn't have hstrerror(), so make our own for that platform · 7d9533bf

Richard Levitte authored Dec 16, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2092)
(cherry picked from commit 46766d003666da5f90346da7e6d09e109355f5c6)

7d9533bf

Make client and server fuzzer support all ciphers · 4e995479

Kurt Roeckx authored Dec 15, 2016



Also send a SNI extension in the client so the fuzzer can react to it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088

4e995479

Document the recommended parameters for fuzzing · e104d01d

Kurt Roeckx authored Dec 15, 2016



We use those parameters for calculating the coverage.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088

e104d01d

Enable TLS1.3 and PEDANTIC in the coverage target · 2fd54eba

Kurt Roeckx authored Dec 15, 2016



This make sure that the coverage is the same for the fuzzers and this
coverage target

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088

2fd54eba