- Apr 28, 2017
-
-
Richard Levitte authored
When you want to debug a test that goes wrong, it's useful to know exactly what subprocess commands are run. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3342) (cherry picked from commit 46d5e2b4)
-
- Apr 27, 2017
-
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3336) (cherry picked from commit f2150cd7)
-
Bernd Edlinger authored
It is not necessary to remove leading zeros here because RSA_padding_check_PKCS1_OAEP_mgf1 appends them again. As this was not done in constant time, this might have leaked timing information. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3313) (cherry picked from commit 237bc6c9)
-
- Apr 26, 2017
-
-
Rob Percival authored
This resulted in the SCT timestamp check always failing, because the timestamp appeared to be in the future. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3260)
-
Rob Percival authored
The only SSL tests prior to this tested using certificates with no embedded Signed Certificate Timestamps (SCTs), which meant they couldn't confirm whether Certificate Transparency checks in "strict" mode were working. These tests reveal a bug in the validation of SCT timestamps, which is fixed by the next commit. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3260)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3260)
-
- Apr 25, 2017
-
-
Andy Polyakov authored
Trouble was that integer negation wasn't producing *formally* correct result in platform-neutral sense. Formally correct thing to do is -(int64_t)u, but this triggers undefined behaviour for one value that would still be representable in ASN.1. The trigger was masked with (int64_t)(0-u), but this is formally inappropriate for values other than the problematic one. [Also reorder branches to favour most-likely paths and harmonize asn1_string_set_int64 with asn1_get_int64].] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3231) (cherry picked from commit 786b6a45)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3192) (cherry picked from commit b997adb3)
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3192) (cherry picked from commit 6d4321fc)
-
Andy Polyakov authored
i.e. reduce amount of branches and favour likely ones. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3192) (cherry picked from commit a3ea6bf0)
-
Matt Caswell authored
We were incorrectly using "res" when we meant "ai" Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3287)
-
Matt Caswell authored
In SCTP the code was only allowing a send of a close_notify alert if the socket is dry. If the socket isn't dry then it was attempting to save away the close_notify alert to resend later when it is dry and then it returned success. However because the application then thinks that the close_notify alert has been successfully sent it never re-enters the DTLS code to actually resend the alert. A much simpler solution is to just fail with a retryable error in the event that the socket isn't dry. That way the application knows to retry sending the close_notify alert. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3287)
-
Matt Caswell authored
We were allocating the write buffer based on the size of max_send_fragment, but ignoring it when writing data. We should fragment handshake messages if they exceed max_send_fragment and reject application data writes that are too large. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3287)
-
Matt Caswell authored
There was code existing which attempted to handle the case where application data is received after a reneg handshake has started in SCTP. In normal DTLS we just fail the connection if this occurs, so there doesn't seem any reason to try and work around it for SCTP. In practice it didn't work properly anyway and is probably a bad idea to start with. Fixes #3251 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3287)
-
Bernard Spil authored
- unbuffer causes single-byte reads from stdin and poor performance Fixes #3281 CLA: trivial Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3299) (cherry picked from commit 65d62488)
-
- Apr 24, 2017
-
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3290)
-
Richard Levitte authored
... on the theme "I could have sworn I saved that fix!" Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3285) (cherry picked from commit cb2a6eb7)
-
Alex Gaynor authored
EV Guidelines section 9.2.5 says jurisdictionCountryName follows the same ASN.1 encoding rules as countryName. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3284) (cherry picked from commit e8d54212)
-
- Apr 23, 2017
-
-
Richard Levitte authored
As far as I know, there is no MMS / MMK with parallellism today. However, it might be added in the future (perhaps in MMK at least), so we may as well prepare for it now. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3282) (cherry picked from commit 75726420)
-
Richard Levitte authored
jom is an nmake clone that does parallell building, via the same -j argument as GNU make. To make it work, we need to apply the same dependeency build up as done in 27c40a93 Fixes #3272 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3277) (cherry picked from commit f919c12f)
-
- Apr 22, 2017
-
-
Camille Guérin authored
'X509_XTORE_CTX_cleanup' -> 'X509_STORE_CTX_cleanup' Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3271) (cherry picked from commit 7643a172)
-
David Benjamin authored
BN_is_prime_fasttest_ex begins by rejecting if a <= 1. Then it goes to set A := abs(a), but a cannot be negative at this point. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3275) (cherry picked from commit 8b24f942)
-
- Apr 19, 2017
-
-
Rich Salz authored
Add callback function prototypes, fix description Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3084) (cherry picked from commit 87b81496)
-
- Apr 18, 2017
-
-
Thiago Arrais authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3132) (cherry picked from commit 800b5dac)
-
- Apr 17, 2017
-
-
Rich Salz authored
If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an hint to an unsupported algorithm/curve (e.g. if binary EC support is disabled). Before this commit the issue arise for example if binary EC keys are added in evptests.txt, and the test is run when EC is enabled but EC2m is disabled. E.g. adding these lines to evptests.txt would reproduce the issue: ~~~ PrivateKey=KAS-ECC-CDH_K-163_C0 -----BEGIN PRIVATE KEY----- MGMCAQAwEAYHKoZIzj0CAQYFK4EEAAEETDBKAgEBBBUAZlO2B3OY+tx79eYBWBcB SMPcRSehLgMsAAQHH4sod9YCfZwa3kJE8t6hJpLvI9UFwV7ndiIccrhLNHzjg/OA Z7icPpo= -----END PRIVATE KEY----- PublicKey=KAS-ECC-CDH_K-163_C0-PUBLIC -----BEGIN PUBLIC KEY----- MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBx+LKHfWAn2cGt5CRPLeoSaS7yPVBcFe 53YiHHK4SzR844PzgGe4nD6a -----END PUBLIC KEY----- PublicKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC -----BEGIN PUBLIC KEY----- MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBXQjbxQoxDITCUZ4Ols6q7bCfqXWB5CM JRuNoCHLrCgfEj969PrFs9u4 -----END PUBLIC KEY----- Derive=KAS-ECC-CDH_K-163_C0 PeerKey=KAS-ECC-CDH_K-163_C0-Peer-PUBLIC Ctrl=ecdh_cofactor_mode:1 SharedSecret=04325bff38f1b0c83c27f554a6c972a80f14bc23bc ~~~ Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3226) (cherry picked from commit 0c44545c)
-
- Apr 14, 2017
-
-
Nicola Tuveri authored
When compiling without EC support the test fails abruptly reading some keys. Some keys merged in commit db040557c8bf4449e0a0b43510a2b30d89d58a83 start with ------BEGIN EC PRIVATE KEY----- this format is not supported without EC support. This commit reformat those keys with the generic format. After this change the test simply skips the unsupported EC keys when EC is disabled, without parsing errors. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3222)
-
- Apr 13, 2017
-
-
Nicola Tuveri authored
All tests from ecdhtest.c have been ported to evptests.txt Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3218)
-
Nicola Tuveri authored
move NIST SP800-56A co-factor ECDH KATs from ecdhtest.c to evptests.txt Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3218)
-
Richard Levitte authored
Fixes #3191 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3200)
-
Richard Levitte authored
Fixes #3191 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3200)
-
Richard Levitte authored
Also, when "allocating" or "deallocating" an embedded item, never call prim_new() or prim_free(). Call prim_clear() instead. Fixes #3191 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3200)
-
- Apr 12, 2017
-
-
Nicola Tuveri authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3188)
-
Nicola Tuveri authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3188)
-
Nicola Tuveri authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3188)
-
Nicola Tuveri authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3188)
-
- Apr 11, 2017
-
-
Frank Morgner authored
fixes segmentation fault in case of not enough memory for object creation CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3157) (cherry picked from commit 487a73de)
-
Richard Levitte authored
Clearing a misunderstanding. The routines c2i_uint64_int() and i2c_uint64_int() expect to receive that internal values are absolute and with a separate sign flag, and the x_int64.c code handles values that aren't absolute and have the sign bit embedded. We therefore need to convert between absolute and non-absolute values for the encoding of negative values to be correct. [extended tests] Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3160) (cherry picked from commit 429223d1)
-
Todd Short authored
SSLv3 does not support TLS extensions, and thus, cannot provide any curves for ECDH(E). With the removal of the default (all) list of curves being used for connections that didn't provide any curves, ECDHE is no longer possible. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3181) (cherry picked from commit fe55c4a2)
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3123)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3159) (cherry picked from commit 0856e3f1)
-