- Feb 09, 2018
-
-
Matt Caswell authored
The no-tls1_2 option does not work properly in conjunction with TLSv1.3 being enabled (which is now the default). This commit fixes the issues. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5301)
-
Nick Mathewson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5150)
-
Nick Mathewson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5150)
-
Nick Mathewson authored
- pem2.h is empty, so pem.h doesn't need to include it. - pem2.h once declared ERR_load_PEM_strings(), so it should now include pemerr.h Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5150)
-
Nick Mathewson authored
In commit 52df25cf , the ERR_load_FOO_strings() functions were moved from their original location in foo.h into new headers called fooerr.h. But they were never removed from their original locations. This duplication causes redundant-declaration warnings on programs that use OpenSSL's headers with such warnings enabled. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5150)
-
Matt Caswell authored
In <= TLSv1.2 a Finished message always comes immediately after a CCS except in the case of NPN where there is an additional message between the CCS and Finished. Historically we always calculated the Finished MAC when we processed the CCS. However to deal with NPN we also calculated it when we receive the Finished message. Really this should only have been done if we hand negotiated NPN. This simplifies the code to only calculate the MAC when we receive the Finished. In 1.1.1 we need to do it this way anyway because there is no CCS (except in middlebox compat mode) in TLSv1.3. Coincidentally, this commit also fixes the fact that no-nextprotoneg does not currently work in master. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5285)
-
Richard Levitte authored
It was a bit absurd to have this being specially handled in the build file templates, especially that we have the 'includes' attribute. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5296)
-
Richard Levitte authored
Mac OS/X has a type for %j that doesn't agree with how we define it, which gives incorrect warnings. The easiest way out of that situation is simply to turn off that check on Mac OS/X. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5302)
-
FdaSilvaYY authored
As suggested in https://github.com/openssl/openssl/pull/5275 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5288)
-
Richard Levitte authored
Configurations/descrip.mms.tmpl didn't treat the includes config attribute very well. In fact, it didn't treat it at all! Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5295)
-
Pauli authored
Simplify Posix timer detection. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5279)
-
Richard Levitte authored
The contents of that attribute is C file names, not object file names. This went undetected because quite a lot of systems have assembler implementations anyway, so setting OPENSSL_CPUID_OBJ was correct for them. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5291)
-
Richard Levitte authored
Recent changes seem to have gotten OS X back on track, so we should be able to run our tests there again. This reverts commit e12e903e . Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5292)
-
Dr. Matthias St. Pierre authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5293)
-
- Feb 08, 2018
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5287)
-
Richard Levitte authored
%disabled_algorithms isn't necessarily initialised with the "algos" 'DEPRECATEDIN_1_1_0' etc. However, we know that @known_algorithms has them all, so use that to find them instead. Fixes #5157 (where this was reported) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5282)
-
Richard Levitte authored
The slash should be there according to Microsoft documentation, see https://msdn.microsoft.com/en-us/library/7cafx990.aspx Fixes #5277 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5278)
-
- Feb 07, 2018
-
-
Matt Caswell authored
tls13encryptiontest is an "internal" test. As with all the other internal tests it should not be run on a shared native Windows build. [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5266)
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5266)
-
Matt Caswell authored
If TLSv1.3 is enabled and combined with other options that extend the size of the ClientHello, then the clienthello test can sometimes fail because the ClientHello has grown too large. Part of the purpose of the test is to check that the padding extension works properly. This requires the ClientHello size to be kept within certain bounds. By restricting the number of ciphersuites sent we can reduce the size of the ClientHello. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5266)
-
Matt Caswell authored
[extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5266)
-
Richard Levitte authored
It turns out that even if you successfully build the engine, it might not load properly, so we cannot make the test program fail for it. See the message in commit 25b9d11c This reverts commit 227a1e3f . Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5276)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5275)
-
Richard Levitte authored
If a module is disablable (i.e. can be configured with 'no-FOO'), the resulting header file needs to be guarded with a check of the corresponding OPENSSL_NO_FOO. While this seem fairly innocuous, it has an impact on the information in util/*.num, generated by mkdef.pl. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5275)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5270)
-
Richard Levitte authored
The afalg engine was moved down from engines/afalg/ to engines/, but the test wasn't changed accordingly. This was undetected because the test program didn't fail when it couldn't load the engine. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5270)
-
Richard Levitte authored
If you know that there's no afalg engine, don't run this test. test/recipes/30-test_afalg.t checks this correctly. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5270)
-
Pauli authored
MacOS seems to define __GLIBC__ but not __GLIBC_PREREQ. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5269)
-
Pauli authored
Remove the timer and TSC additional input code and instead provide a single routine that attempts to use the "best" timer/counter available on the system. It attempts to use TSC, then various OS dependent resources and finally several tries to obtain the date. If any of these timer/counters is successful, the rest are skipped. No randomness is credited for this. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5231)
-
Pauli authored
If such a timer/counter register is not available, the return value is always zero. This matches the assembly implementations' behaviour. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5231)
-
Pauli authored
Patch by @levitte. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5231)
-
- Feb 06, 2018
-
-
Richard Levitte authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5268)
-
Rich Salz authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5267)
-
Patrick Steuer authored
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5230)
-
Patrick Steuer authored
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5230)
-
Richard Levitte authored
This script kept its own database of disablable algorithms, which is a maintenance problem, as it's not always perfectly in sync with what Configure does. However, we do have all the data in configdata.pm, produced by Configure, so let's use that instead. Also, make sure to parse the *err.h header files, as they contain function declarations that might not be present elsewhere. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5157)
-
- Feb 05, 2018
-
-
Dr. Matthias St. Pierre authored
The functions RAND_bytes() and RAND_priv_bytes() are now both based on a common implementation using RAND_DRBG_bytes() (if the default OpenSSL rand method is active). This not only simplifies the code but also has the advantage that additional input from a high precision timer is added on every generate call if the timer is available. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/5251)
-
Dr. Matthias St. Pierre authored
When comparing the implementations of drbg_bytes() and RAND_DRBG_bytes(), it was noticed that the former split the buffer into chunks when calling RAND_DRBG_generate() to circumvent the size limitation of the buffer to outlen <= drb->max_request. This loop was missing in RAND_DRBG_bytes(), so it was adopted from drbg_bytes(). Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/5251)
-
Dr. Matthias St. Pierre authored
This check not only prevented the automatic reinstantiation of the DRBG, which is implemented in RAND_DRBG_generate(), but also prevented an error message from being generated in the case of failure. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/5251)
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5244)
-