Commits · 9872238eb6fb981fc7c36ba4180d193cab077b34 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jan 21, 2017

poly1305/poly1305_base2_44.c: clarify shift boundary condition. · 9872238e
Andy Polyakov authored Dec 25, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
9872238e
ec/asm/ecp_nistz256-ppc64.pl: minor POWER8-specific optimization. · 6f553edb
Andy Polyakov authored Dec 29, 2016
```
Up to 4% depending on benchmark.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
6f553edb

'openssl passwd' command can now compute AIX MD5-based passwords hashes. · 037f2c3f

Gaétan Njinang authored Jan 20, 2017



The difference between the AIX MD5 password algorithm and the standard MD5
password algorithm is that in AIX there is no magic string while in the
standard MD5 password algorithm the magic string is "$1$"

Documentation of '-aixmd5' option of 'openssl passwd' command is added.

1 test is added in test/recipes/20-test-passwd.t

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2251)

037f2c3f

Jan 20, 2017

Fix DSA parameter generation control error · 8a05c4d3

Richard Levitte authored Jan 18, 2017



When setting the digest parameter for DSA parameter generation, the
signature MD was set instead of the parameter generation one.
Fortunately, that's also the one that was used for parameter
generation, but it ultimately meant the parameter generator MD and the
signature MD would always be the same.

Fixes github issue #2016

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2250)

8a05c4d3

Add signing hash tests · 062540cb

Dr. Stephen Henson authored Jan 15, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2235)

062540cb

Add options to check TLS signing hashes · ee5b6a42

Dr. Stephen Henson authored Jan 13, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2235)

ee5b6a42

Jan 19, 2017

correct 3 mistakes · 424baabd

Markus Triska authored Jan 19, 2017



CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2257)

424baabd

Jan 18, 2017

Skip ECDH tests for SSLv3 · 4f326dd8

Rich Salz authored Jan 16, 2017



Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1597)

4f326dd8

If client doesn't send curves list, don't assume all. · 3e373518

Rich Salz authored Sep 19, 2016



Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1597)

3e373518

Defines and strings for special salt length values, add tests · 137096a7
Dr. Stephen Henson authored Jan 17, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
```
137096a7

additional PSS tests for -1 and invalid salt length · 3c441c2e

Dr. Stephen Henson authored Jan 16, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)

3c441c2e

Add support for -1, -2 salt lengths for PSS only keys. · 79ebfc46
Dr. Stephen Henson authored Jan 16, 2017
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
```
79ebfc46

Clean dead macros and defines · 31a51151

FdaSilvaYY authored Nov 08, 2016



... mostly related to some old discarded modules .

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1906)

31a51151

Clean one unused variable, plus an useless one. · 2191dc84

FdaSilvaYY authored Nov 10, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1906)

2191dc84

Correct reference to SSL_get_peer_cert_chain(). · 1f164c6f

Markus Triska authored Jan 18, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2247)

1f164c6f

Jan 17, 2017

Fix list -disabled for blake2 alg · 487d3a72

EasySec authored Jan 17, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2241)

487d3a72

Jan 16, 2017

Fix man3 reference to CRYPTO_secure_used · ef3f621e

xemdetia authored Jan 16, 2017



CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2238)

ef3f621e

Add missing braces. · c4a60150
Kurt Roeckx authored Jan 16, 2017
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #2234
```
c4a60150

Jan 15, 2017

Fix undefined behaviour when printing the X509 and CRL version · c2ce477f
Kurt Roeckx authored Jan 14, 2017
```
Found by oss-fuzz

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2231
```
c2ce477f
Fix VC warnings about unary minus to an unsigned type. · 68d4bcfd
Kurt Roeckx authored Jan 15, 2017
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2230
```
68d4bcfd
Fix undefined behaviour when printing the X509 serial · 244d7b28
Kurt Roeckx authored Jan 14, 2017
```
Found by afl

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2230
```
244d7b28

Add client cert type tests · a470f023

Dr. Stephen Henson authored Jan 13, 2017



Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2224)

a470f023

Add certificate selection tests. · edb8a5eb

Dr. Stephen Henson authored Jan 12, 2017



Add certifcate selection tests: the certificate type is selected by cipher
string and signature algorithm.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2224)

edb8a5eb

add ECDSA test server certificate · 7289ab49

Dr. Stephen Henson authored Jan 12, 2017



Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2224)

7289ab49

Add options to check certificate types. · 7f5f35af

Dr. Stephen Henson authored Jan 08, 2017



Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2224)

7f5f35af

Jan 13, 2017

Fix "failure rate" bugs · 50718243

Rich Salz authored Jan 13, 2017



Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2228)

50718243

Clarify what RUN_ONCE returns · 37b8f1e2

Richard Levitte authored Jan 12, 2017



RUN_ONCE really just returns 0 on failure or whatever the init
function returned.  By convention, however, the init function must
return 0 on failure and 1 on success.  This needed to be clarified.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2225)

37b8f1e2

Fix no-ocsp · d62210af

Richard Levitte authored Jan 13, 2017



The use of EXFLAG_SET requires the inclusion of openssl/x509v3.h.
openssl/ocsp.h does that, except when OCSP is disabled.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2227)

d62210af

UI: Use RUN_ONCE differently · 37cbabbd

Richard Levitte authored Jan 13, 2017



Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2222)

37cbabbd

UI: Ensure there will be no race condition when getting the UI_METHOD ex_data · 7eb26c49
Richard Levitte authored Jan 12, 2017
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2222)
```
7eb26c49

Jan 12, 2017

Make X509_Digest,others public · 3e5d9da5

Rich Salz authored Jan 12, 2017



Also, if want SHA1 then use the pre-computed value if there.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2223)

3e5d9da5

Rename file so "ls" works on 80 columns · d49661ce

Rich Salz authored Jan 12, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2221)

d49661ce

Add documentation · a68d8c7b

Rich Salz authored Jan 12, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1252)

a68d8c7b

Add "random malloc failure" tooling · f7edeced

Rich Salz authored Jul 08, 2016



Still needs to be documented, somehow/somewhere.

The env var OPENSSL_MALLOC_FAILURES controls how often malloc/realloc
should fail.  It's a set of fields separated by semicolons.  Each field
is a count and optional percentage (separated by @) which defaults to 100.
If count is zero then it lasts "forever."  For example: 100;@25 means the
first 100 allocations pass, then the rest have a 25% chance of failing
until the program exits or crashes.

If env var OPENSSL_MALLOC_FD parses as a positive integer, a record
of all malloc "shouldfail" tests is written to that file descriptor.
If a malloc will fail, and OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE is not set
(platform specific), then a backtrace will be written to the descriptor
when a malloc fails.  This can be useful because a malloc may fail but
not be checked, and problems will only occur later.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1252)

f7edeced

GH2176: Add X509_VERIFY_PARAM_get_time · 329f2f4a

Rich Salz authored Jan 10, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2208)

329f2f4a

Review comments; fail build if nits found · 65c1f979

Rich Salz authored Jan 12, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2202)

65c1f979

Run find-doc-nits in travis · 29ee1be5

Richard Levitte authored Jan 09, 2017



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2202)

29ee1be5

UI documentation fixup · 23103a52

Richard Levitte authored Jan 12, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2218)

23103a52

UI: fix uitest for VMS · 6a15d5b6

Richard Levitte authored Jan 12, 2017



- On VMS, apps/apps.c depends on apps/vms_term_sock.c, so add it to
  the build
- On VMS, apps/*.c are compiled with default symbol settings,
  i.e. uppercased and truncated symbols, which differs from test
  programs.  Make sure uitest.c knows that with a few pragmas.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2218)

6a15d5b6

UI: fix uitest for no-ui configuration · 027609f9

Richard Levitte authored Jan 12, 2017



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2218)

027609f9