Commits · ceb6d746941063eccf7655c7709ba56ca117044b · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Dec 16, 2016

test/ssl_test: give up if both client and server wait on read · ceb6d746

Richard Levitte authored Dec 16, 2016



In some cases, both client and server end of the test can end up in
SSL_ERROR_WANT_READ and never get out of it, making the test spin.
Detect it and give up instead of waiting endlessly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2096)

ceb6d746

Fix no-ct, skip tests recipes that try to test CT · a05bed19

Richard Levitte authored Dec 16, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2096)

a05bed19

e_afalg: Don't warn about kernel version when pedantic · 97043e46

Richard Levitte authored Dec 16, 2016



When built with --strict-warnings and the Linux kernel headers don't
match the kernel version, the preprocessor warnings in
engines/afalg/e_afalg.c cause compilation errors.  Use the macro
PEDANTIC to avoid those warnings in that case.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2095)

97043e46

evp_test: when function and reason strings aren't available, just skip · cd3fe0e0
Richard Levitte authored Dec 16, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2093)
```
cd3fe0e0

HP-UX doesn't have hstrerror(), so make our own for that platform · 7d9533bf

Richard Levitte authored Dec 16, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2092)
(cherry picked from commit 46766d00)

7d9533bf

Make client and server fuzzer support all ciphers · 4e995479

Kurt Roeckx authored Dec 15, 2016



Also send a SNI extension in the client so the fuzzer can react to it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088

4e995479

Document the recommended parameters for fuzzing · e104d01d

Kurt Roeckx authored Dec 15, 2016



We use those parameters for calculating the coverage.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088

e104d01d

Enable TLS1.3 and PEDANTIC in the coverage target · 2fd54eba

Kurt Roeckx authored Dec 15, 2016



This make sure that the coverage is the same for the fuzzers and this
coverage target

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088

2fd54eba

Dec 15, 2016
- Don't call memcpy with NULL as source · eeab356c
  Kurt Roeckx authored Dec 15, 2016
```
Calling it with lenght 0 and NULL as source is undefined behaviour.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2089
```
  eeab356c
- poly1305/asm/poly1305-x86_64.pl: allow nasm to assemble AVX512 code. · 1ea01427
  Andy Polyakov authored Dec 14, 2016
```
chacha/asm/chacha-x86_64.pl: refine nasm version detection logic.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  1ea01427
- perlasm/x86_64-xlate.pl: add support for AVX512 OPMASK-ing. · 526ab896
  Andy Polyakov authored Dec 14, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  526ab896
- man3/OPENSSL_ia32cap.pod: clarify AVX512 support in clang context. · 569204be
  Andy Polyakov authored Dec 14, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  569204be
Dec 14, 2016

CRL critical extension bugfix · 2b406990

Rich Salz authored Nov 28, 2016



More importantly, port CRL test from boringSSL crypto/x509/x509_test.cc

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1775)

2b406990

Add function and reason checking to evp_test · 99f2f1dc

Dr. Stephen Henson authored Dec 10, 2016



Add options to check the function and reason code matches expected values.

Reviewed-by: Richard Levitte <levitte@openssl.org>

99f2f1dc

Dec 13, 2016

Add X509_VERIFY_PARAM inheritance flag set/get · a47bc283

Rich Salz authored Dec 13, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2079)

a47bc283

Fix various doc nits. · 3dfda1a6

Rich Salz authored Dec 12, 2016



find-doc-nits warns if you don't give a "what to do flag"
Don't use regexps for section names, just strings:  More consistency.
Rename "COMMAND OPTIONS" to OPTIONS.
Fix a couple of other nit-level things.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2076)

3dfda1a6

Dec 12, 2016

Remove ENGINE_load_dasync() (no OPENSSL_INIT_ENGINE_DASYNC already) · b9b5181d

Azat Khuzhin authored Nov 01, 2016

Fixes: 8d00e30f

 ("Don't try to init
dasync internally")

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial

b9b5181d

Typo fixed · 498180de

Dmitry Belyavskiy authored Dec 12, 2016



Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2075)

498180de

updated macro spacing for styling purposes · 6974fca4

Paul Hovey authored Dec 05, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial

6974fca4

fix undoes errors introduced by... · 8bd62abe

Paul Hovey authored Dec 05, 2016

fix undoes errors introduced by https://github.com/openssl/openssl/commit/fc6076ca272f74eb1364c29e6974ad5da5ef9777?diff=split#diff-1014acebaa2c13d44ca196b9a433ef2eR184

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial

8bd62abe

Restore the ERR_FATAL_ERROR() macro · 036ba500

Benjamin Kaduk authored Dec 08, 2016

Commit 0cd0a820

 removed this macro
along with many unused function and reason codes; ERR_FATAL_ERROR()
was not used in the tree, but did have external consumers.

Add it back to restore the API compatibility and avoid breaking
applications for no internal benefit.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2049)

036ba500

Fix a leak in SSL_clear() · 4bf08600

Matt Caswell authored Dec 06, 2016



SSL_clear() was resetting numwpipes to 0, but not freeing any allocated
memory for existing write buffers.

Fixes #2026

Reviewed-by: Rich Salz <rsalz@openssl.org>

4bf08600

perlasm/x86_64-xlate.pl: refine sign extension in ea package. · 82e08930

Andy Polyakov authored Dec 09, 2016



$1<<32>>32 worked fine with either 32- or 64-bit perl for a good while,
relying on quirk that [pure] 32-bit perl performed it as $1<<0>>0. But
this apparently changed in some version past minimally required 5.10,
and operation result became 0. Yet, it went unnoticed for another while,
because most perl package providers configure their packages with
-Duse64bitint option.

Reviewed-by: Rich Salz <rsalz@openssl.org>

82e08930

x86_64 assembly pack: add AVX512 ChaCha20 and Poly1305 code paths. · abb8c44f
Andy Polyakov authored Dec 09, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
abb8c44f
poly1305/poly1305_base2_44.c: add reference base 2^44 implementation. · f2d78649
Andy Polyakov authored Dec 09, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
f2d78649

Dec 10, 2016

Avoid the call to OPENSSL_malloc with a negative value (then casted to unsigned) · 210fe4ed

Davide Galassi authored Dec 02, 2016



CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2021)

210fe4ed

Fix reference to SSL_set_max_proto_version. · eb43101f

Markus Triska authored Dec 09, 2016



CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2059)

eb43101f

Additional error tests in evp_test.c · cce65266

Dr. Stephen Henson authored Dec 10, 2016



Support checking for errors during test initialisation and parsing.

Add errors and tests for key operation initalisation and ctrl errors.

Reviewed-by: Rich Salz <rsalz@openssl.org>

cce65266

VMS UI_OpenSSL: generate OpenSSL errors when things go wrong. · c922ebe2
Richard Levitte authored Dec 09, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)
```
c922ebe2

VMS UI_OpenSSL: if the TT device isn't a tty, flag instead of error · 18edbe65

Richard Levitte authored Dec 09, 2016



On all platforms, if the controlling tty isn't an actual tty, this is
flagged by setting is_a_tty to zero...  except on VMS, where this was
treated as an error.  Change this to behave like the other platforms.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2063)

18edbe65

Dec 09, 2016

Add RSA PSS tests · 2d7bbd6c

Dr. Stephen Henson authored Dec 07, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)

2d7bbd6c

Check input length to pkey_rsa_verify() · 71bbc79b

Dr. Stephen Henson authored Dec 08, 2016



Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2065)

71bbc79b

Update client fuzz corpus · 6c0e1e20
Kurt Roeckx authored Dec 09, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2060
```
6c0e1e20

Test framework: Add the possibility to have a test specific data dir · 6c6a2ae6

Richard Levitte authored Dec 05, 2016



This data directory is formed automatically by taking the recipe name
and changing '.t' to '_data'.  Files in there can be reached with the
new function data_file()

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2027)

6c6a2ae6

Update client fuzzer corpus · af5a4b40
Kurt Roeckx authored Dec 09, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2053
```
af5a4b40

Dec 08, 2016

Remove extra bang · 949320c5

Richard Levitte authored Dec 08, 2016



A bang (!) slipped through in the recent UI cleanup

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2051)

949320c5

Only call memcpy when the length is larger than 0. · a19fc66a
Kurt Roeckx authored Dec 08, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2050
```
a19fc66a

UI code style cleanup · 120fb9e4

Richard Levitte authored Dec 08, 2016



Mostly condition check changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2047)

120fb9e4

Fuzz corpora update · 141ecc4e
Kurt Roeckx authored Dec 08, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
```
141ecc4e
And client fuzzer · 4410f9d7
Kurt Roeckx authored Dec 07, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
```
4410f9d7