Matt Caswell [Tue, 1 Aug 2017 14:46:29 +0000 (15:46 +0100)]
Update the tests for SNI changes
If there is no SNI in the session then s_client no longer sends the SNI
extension. Update the tests to take account of that
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Fri, 21 Jul 2017 10:39:01 +0000 (11:39 +0100)]
If no SNI has been explicitly set use the one from the session
If we have not decided on an SNI value yet, but we are attempting to reuse
a session, and SNI is set in that, then we should use that value by
default.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Wed, 19 Jul 2017 16:26:00 +0000 (17:26 +0100)]
Make sure we use the correct cipher when using the early_secret
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Thu, 13 Jul 2017 17:02:40 +0000 (18:02 +0100)]
Add HISTORY and SEE ALSO sections for the new TLSv1.3 PSK functions
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Thu, 13 Jul 2017 17:02:18 +0000 (18:02 +0100)]
Add documentation for SSL_SESSION_set_max_early_data()
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Thu, 13 Jul 2017 13:07:34 +0000 (14:07 +0100)]
Add some PSK early_data tests
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Sat, 8 Jul 2017 10:42:55 +0000 (11:42 +0100)]
Add SSL_SESSION_set_max_early_data()
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Matt Caswell [Wed, 5 Jul 2017 19:53:03 +0000 (20:53 +0100)]
Enable the ability to use an external PSK for sending early_data
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
Zhu Qun-Ying [Wed, 30 Aug 2017 21:52:50 +0000 (14:52 -0700)]
Fixed address family test error for AF_UNIX in BIO_ADDR_make
CLA: trivial
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4298)
Pauli [Wed, 30 Aug 2017 22:59:10 +0000 (08:59 +1000)]
Add documentation for ARIA GCM modes.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4300)
Pauli [Wed, 30 Aug 2017 22:40:11 +0000 (08:40 +1000)]
Add ARIA as an alias for all ARIA based modes.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4300)
Paul Yang [Tue, 22 Aug 2017 16:37:10 +0000 (00:37 +0800)]
Introduce SSL_CIPHER_get_protocol_id
The returned ID matches with what IANA specifies (or goes on the
wire anyway, IANA notwithstanding).
Doc is added.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4107)
Paul Yang [Mon, 7 Aug 2017 14:05:46 +0000 (22:05 +0800)]
Add two missing SSL_CIPHER_* functions
This is yet another 'code health' commit to respond to this round of code health
Tuesday
[skip ci]
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4107)
Todd Short [Fri, 25 Aug 2017 20:34:56 +0000 (16:34 -0400)]
Fix return value of ASN1_TIME_compare
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4264)
Andy Polyakov [Tue, 29 Aug 2017 13:47:08 +0000 (15:47 +0200)]
Configure: base compiler-specific decisions on pre-defines.
The commit subject is a bit misleading in sense that decisions affect
only gcc and gcc-alikes, like clang, recent icc...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4281)
Andy Polyakov [Tue, 29 Aug 2017 12:29:07 +0000 (14:29 +0200)]
Revert "Allow --strict-warnings with the icc compiler as well"
This reverts commit
a610934c3bdf2c0aafc633d4245efe3df289d716.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4281)
Jon Spillett [Mon, 21 Aug 2017 23:56:13 +0000 (09:56 +1000)]
Implement Aria GCM/CCM Modes and TLS cipher suites
AEAD cipher mode implementation is based on that used for AES:
https://tools.ietf.org/html/rfc5116
TLS GCM cipher suites as specified in:
https://tools.ietf.org/html/rfc6209
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4287)
Jon Spillett [Wed, 30 Aug 2017 04:04:08 +0000 (14:04 +1000)]
Fix potential null pointer dereference in ARIA implementation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4286)
Pauli [Wed, 23 Aug 2017 23:14:10 +0000 (09:14 +1000)]
Move OPENSSL_CONF from e_os.h to cryptlib.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)
Pauli [Wed, 23 Aug 2017 23:05:07 +0000 (09:05 +1000)]
Move e_os.h to be the very first include.
cryptilib.h is the second.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)
Pauli [Mon, 21 Aug 2017 21:29:41 +0000 (07:29 +1000)]
Remove the X_OK define, it is unused.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)
Pauli [Mon, 21 Aug 2017 21:17:35 +0000 (07:17 +1000)]
Move the REF_PRINT support from e_os.h to internal/refcount.h.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)
Pauli [Fri, 18 Aug 2017 03:52:46 +0000 (13:52 +1000)]
e_os.h removal from other headers and source files.
Removed e_os.h from all bar three headers (apps/apps.h crypto/bio/bio_lcl.h and
ssl/ssl_locl.h).
Added e_os.h into the files that need it now.
Directly reference internal/nelem.h when required.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)
Kurt Roeckx [Sun, 27 Aug 2017 21:13:05 +0000 (23:13 +0200)]
Make the global DRBGs static
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #4268
Kurt Roeckx [Sun, 27 Aug 2017 15:46:33 +0000 (17:46 +0200)]
Don't auto-instantiate a DRBG when trying to use it and it's not
The one creating the DRBG should instantiate it, it's there that we
know which parameters we should use to instantiate it.
This splits the rand init in two parts to avoid a deadlock
because when the global drbg is created it wands to call
rand_add on the global rand method.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #4268
Rich Salz [Tue, 22 Aug 2017 15:44:41 +0000 (11:44 -0400)]
Avoid out-of-bounds read
Fixes CVE 2017-3735
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4276)
Richard Levitte [Mon, 28 Aug 2017 13:41:49 +0000 (15:41 +0200)]
If 'tests' is disabled, then so should 'external-tests'
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4274)
Dr. Matthias St. Pierre [Fri, 25 Aug 2017 21:26:53 +0000 (23:26 +0200)]
DRBG: Remove 'randomness' buffer from 'RAND_DRBG'
The DRBG callbacks 'get_entropy()' and 'cleanup_entropy()' are designed
in such a way that the randomness buffer does not have to be allocated
by the calling function. It receives the address of a dynamically
allocated buffer from get_entropy() and returns this address to
cleanup_entropy(), where it is freed. If these two calls are properly
paired, the address can be stored in a stack local variable of the
calling function, so there is no need for having a 'randomness' member
(and a 'filled' member) in 'RAND_DRBG'.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4266)
Dr. Matthias St. Pierre [Fri, 25 Aug 2017 20:39:33 +0000 (22:39 +0200)]
RAND: Rename the RAND_poll_ex() callback and its typedef
With the introduction of RAND_poll_ex(), the `RAND_add()` calls were
replaced by meaningless cb(...). This commit changes the 'cb(...)'
calls back to 'rand_add(...)' calls by changing the signature as follows:
-int RAND_poll_ex(RAND_poll_fn cb, void *arg);
+int RAND_poll_ex(RAND_poll_cb rand_add, void *arg);
Changed the function typedef name to 'RAND_poll_cb' to emphasize the fact
that the function type represents a callback function.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4266)
Dr. Matthias St. Pierre [Sun, 20 Aug 2017 21:02:46 +0000 (23:02 +0200)]
DRBG: clarify difference between entropy counts and buffer lengths
Unlike the NIST DRBG standard, entropy counts are in bits and
buffer lengths are in bytes. This has lead to some confusion and
errors in the past, see my comment on PR 3789.
To clarify the destinction between entropy counts and buffer lengths,
a 'len' suffix has been added to all member names of RAND_DRBG which
represent buffer lengths:
- {min,max}_{entropy,adin,nonce,pers}
+ {min,max}_{entropy,adin,nonce,pers}len
This change makes naming also more consistent, as can be seen in the
diffs, for example:
- else if (adinlen > drbg->max_adin) {
+ else if (adinlen > drbg->max_adinlen) {
Also replaced all 'ent's by 'entropy's, following a suggestion of Paul Dale.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4266)
Rich Salz [Fri, 25 Aug 2017 20:05:18 +0000 (16:05 -0400)]
MSC_VER <= 1200 isn't supported; remove dead code
VisualStudio 6 and earlier aren't supported.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4263)
Rich Salz [Fri, 25 Aug 2017 13:11:09 +0000 (09:11 -0400)]
Remove NO_DIRENT; it isn't used anywhere
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4261)
Richard Levitte [Fri, 25 Aug 2017 12:48:04 +0000 (14:48 +0200)]
Fix guarding macro in include/internal/sockets.h
The guard was checked but never defined. Also, rename it to reflect
that this is an internal header file, not a public one.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4254)
Richard Levitte [Fri, 25 Aug 2017 12:36:01 +0000 (14:36 +0200)]
Move more socket stuff
The socket stuff for DJGPP and VMS was only partially moved to
include/internal/sockets.h...
Remains vxWorks.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4254)
Paul Yang [Tue, 22 Aug 2017 17:36:49 +0000 (01:36 +0800)]
This part fixes braces around if-else.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4223)
Paul Yang [Tue, 22 Aug 2017 17:25:23 +0000 (01:25 +0800)]
Fix coding style in crypto/rsa directory
this part contains only the return (x) fix.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4223)
Rich Salz [Fri, 25 Aug 2017 13:01:17 +0000 (09:01 -0400)]
Use strcpy instead of sprintf %s
Also use a local variable, collapse some code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4258)
Bernd Edlinger [Thu, 24 Aug 2017 06:09:31 +0000 (08:09 +0200)]
Clear secret stack values after use in the
ED25519-functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4242)
Bernd Edlinger [Thu, 24 Aug 2017 05:53:13 +0000 (07:53 +0200)]
Clear secret stack values after use in curve25519.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4242)
Matt Caswell [Fri, 25 Aug 2017 12:58:46 +0000 (13:58 +0100)]
Fix no-tls and no-tls1_2
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4257)
Matt Caswell [Fri, 25 Aug 2017 10:18:23 +0000 (11:18 +0100)]
Fix no-scrypt
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4252)
Richard Levitte [Fri, 25 Aug 2017 12:51:45 +0000 (14:51 +0200)]
NO_SYS_TYPES_H isn't defined anywhere, stop using it as a guard
This is a vestige from pre-1.1.0 OpenSSL
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4256)
Matt Caswell [Fri, 25 Aug 2017 13:16:20 +0000 (14:16 +0100)]
Fix description of how to report a bug in INSTALL
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4259)
Matt Caswell [Fri, 25 Aug 2017 13:14:27 +0000 (14:14 +0100)]
Clarify the meaning of no-stdio in INSTALL
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4259)
Kazuki Yamaguchi [Fri, 31 Mar 2017 13:52:56 +0000 (22:52 +0900)]
Do not lookup zero-length session ID
A condition was removed by commit
1053a6e2281d; presumably it was an
unintended change. Restore the previous behavior so the get_session_cb
won't be called with zero-length session ID.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4236)
Matt Caswell [Fri, 25 Aug 2017 10:02:47 +0000 (11:02 +0100)]
Fix no-chacha and no-poly1305
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4251)
Matt Caswell [Thu, 24 Aug 2017 08:52:11 +0000 (09:52 +0100)]
Ensure we exchange cookies in s_server even if SCTP is disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4243)
Matt Caswell [Thu, 24 Aug 2017 13:49:32 +0000 (14:49 +0100)]
Don't run a CT specifc test if CT is disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4245)
Meena Vyas [Thu, 24 Aug 2017 16:42:43 +0000 (02:42 +1000)]
Allow --strict-warnings with the icc compiler as well
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4250)
Meena Vyas [Thu, 24 Aug 2017 16:38:45 +0000 (02:38 +1000)]
passed TARFILE="$(TARFILE)" NAME="$(NAME)" to tar target
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4249)
Pauli [Tue, 22 Aug 2017 22:10:31 +0000 (08:10 +1000)]
Check range of test values using isascii before diving into the full
range of ctype functions.
Revert "Don't try to compare the ctype functions on values > 127"
This reverts commit
6ac589081b53a62bff5f0abe62c1c109c419c7a0.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4225)
Richard Levitte [Wed, 23 Aug 2017 14:03:18 +0000 (16:03 +0200)]
apps/passwd.c: Make MD5 and SHA password making EBCDIC aware
This mimics the behaviour of DES_crypt, where the salt and password
are expected to be in EBCDIC when CHARSET_EBCDIC is defined, and are
converted internally to ASCII. This is also done with the magic ID
string if it's not already ASCII. The resulting output is entirely
built up of ASCII components and is converted back to EBCDIC at the
end.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4229)
Richard Levitte [Wed, 23 Aug 2017 09:43:36 +0000 (11:43 +0200)]
apps/passwd.c: Fix code layout
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4229)
Richard Levitte [Wed, 23 Aug 2017 09:41:20 +0000 (11:41 +0200)]
apps/passwd.c: Don't disable MD5 and SHA when CHARSET_EBCDIC is defined
Fixes #4130
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4229)
Pauli [Thu, 24 Aug 2017 00:46:31 +0000 (10:46 +1000)]
Check for EOF in ASCII conversions.
The C standard defines EOF as:
... an integer constant expression, with type int and a negative value...
This means a conforming implemenetation could define this as a one of the
printable characters. This won't be a problem for ASCII.
A specific test case has been added for EOF.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4240)
Matt Caswell [Thu, 24 Aug 2017 11:25:09 +0000 (12:25 +0100)]
Fix enable-sctp
Commit
b99fe5f4 broke SCTP. This fixes it again.
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4244)
Matt Caswell [Mon, 21 Aug 2017 07:44:14 +0000 (08:44 +0100)]
Add documentation for SRTP functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4205)
Dr. Stephen Henson [Wed, 23 Aug 2017 12:07:23 +0000 (13:07 +0100)]
Correct GCM docs.
Fix GCM documentation: the tag does not have to be supplied before
decrypting any data any more.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4231)
Rich Salz [Wed, 23 Aug 2017 16:06:41 +0000 (12:06 -0400)]
Tweak wording to be more clear.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4234)
Kazuki Yamaguchi [Wed, 23 Aug 2017 16:28:05 +0000 (01:28 +0900)]
Fix BN_print()
Fix a typo made in commit
27c6d63dad08 (#4202).
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4235)
Rich Salz [Tue, 22 Aug 2017 22:24:23 +0000 (18:24 -0400)]
Move randomness to allocated buffer
Don't keep it in the DRBG object, just allocate/free as needed.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4226)
Pauli [Sun, 20 Aug 2017 21:23:36 +0000 (07:23 +1000)]
Improvement the formatting in bn_print.c
Movely removal of unnecessary brackets but some could be bugs addressed too.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4202)
Rich Salz [Mon, 21 Aug 2017 21:22:19 +0000 (17:22 -0400)]
(Re)move some things from e_os.h
Remove GETPID_IS_MEANINGLESS and osslargused.
Move socket-related things to new file internal/sockets.h; this is now
only needed by four(!!!) files. Compiles should be a bit faster.
Remove USE_SOCKETS ifdef's
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4209)
Paul Yang [Tue, 22 Aug 2017 17:04:28 +0000 (01:04 +0800)]
Remove useless macros in apps/speed.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4221)
Rich Salz [Tue, 22 Aug 2017 15:07:56 +0000 (11:07 -0400)]
Use "" not <> on e_os.h include
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4220)
Rich Salz [Mon, 21 Aug 2017 16:51:36 +0000 (12:51 -0400)]
Remove custom base64 code.
Use EVP_EncodeBlock/EVP_DecodeBlock
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4207)
Richard Levitte [Tue, 22 Aug 2017 13:53:39 +0000 (15:53 +0200)]
Don't try to compare the ctype functions on values > 127
Our internal replacement functions return 0 for those values.
However, depending on locale, the C RTL functions may return 1.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4219)
Richard Levitte [Tue, 22 Aug 2017 13:51:35 +0000 (15:51 +0200)]
Don't try to test ctype functions for values < 0 or > 255
Values that aren't representable as unsigned give undefined results.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4219)
Rich Salz [Tue, 22 Aug 2017 12:35:43 +0000 (08:35 -0400)]
Use "" not <> for internal/ includes
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4217)
Richard Levitte [Tue, 22 Aug 2017 08:48:08 +0000 (10:48 +0200)]
Fix the lack of isblank() with VMS C
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4216)
Rich Salz [Wed, 16 Aug 2017 19:49:25 +0000 (15:49 -0400)]
Add random serial# support.
Add -rand_serial to CA command and "serial_rand" config option.
Up RAND_BITS to 159, and comment why: now confirms to CABForum
guidelines (Ballot 164) as well as IETF RFC 5280 (PKIX).
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4185)
Pauli [Tue, 22 Aug 2017 03:05:30 +0000 (13:05 +1000)]
Avoid a self-assignment.
Clang is generating a warning over an assignment of a variable to itself.
This occurs on an ASCII based machine where the convert to ASCII macro doesn't
do anything. The fix is to introduce a temporary variable.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4214)
Pauli [Tue, 22 Aug 2017 00:36:26 +0000 (10:36 +1000)]
Dead code elimination.
Remove the exit_main function which is never used.
Remove the exit_options array which is also unreferenced.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4213)
Pauli [Sun, 20 Aug 2017 21:19:17 +0000 (07:19 +1000)]
This has been added to avoid the situation where some host ctype.h functions
return true for characters > 127. I.e. they are allowing extended ASCII
characters through which then cause problems. E.g. marking superscript '2' as
a number then causes the common (ch - '0') conversion to number to fail
miserably. Likewise letters with diacritical marks can also cause problems.
If a non-ASCII character set is being used (currently only EBCDIC), it is
adjusted for.
The implementation uses a single table with a bit for each of the defined
classes. These functions accept an int argument and fail for
values out of range or for characters outside of the ASCII set. They will
work for both signed and unsigned character inputs.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4102)
Pauli [Sun, 20 Aug 2017 21:36:23 +0000 (07:36 +1000)]
Fix ctype arguments.
Cast arguments to the various ctype functions to unsigned char to match their
documentation.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4203)
Rich Salz [Mon, 21 Aug 2017 19:28:56 +0000 (15:28 -0400)]
Safely display SNI (just in case)
Thanks to Hubert Kario for pointing this out.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4193)
Paul Yang [Mon, 21 Aug 2017 15:47:17 +0000 (11:47 -0400)]
Document missing EVP_PKEY_method_* items
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4104)
Rich Salz [Sun, 20 Aug 2017 21:10:48 +0000 (17:10 -0400)]
Check # of arguments for remaining commands.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4201)
Johannes Bauer [Sat, 19 Aug 2017 16:05:30 +0000 (18:05 +0200)]
Add PKEY_CTX setter tests for TLS1-PRF
PKEY_CTX setters tests were previously present for HKDF and scrypt; this
patch also adds tests for the third currently supported KDF, TLS1-PRF.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4196)
Matt Caswell [Wed, 2 Aug 2017 14:29:31 +0000 (15:29 +0100)]
More updates following review feedback
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
Matt Caswell [Mon, 3 Jul 2017 10:47:10 +0000 (11:47 +0100)]
Updates following feedback on OPENSSL_assert() removal
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
Matt Caswell [Wed, 21 Jun 2017 14:56:56 +0000 (15:56 +0100)]
Remove OPENSSL_assert() from crypto/x509v3
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
Matt Caswell [Wed, 21 Jun 2017 14:56:36 +0000 (15:56 +0100)]
Remove OPENSSL_assert() from crypto/x509
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
Matt Caswell [Wed, 21 Jun 2017 14:56:12 +0000 (15:56 +0100)]
Remove OPENSSL_assert() from crypto/threads_none.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
Matt Caswell [Wed, 21 Jun 2017 14:55:56 +0000 (15:55 +0100)]
Remove OPENSSL_assert() from crypto/pem
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
Matt Caswell [Wed, 21 Jun 2017 14:55:38 +0000 (15:55 +0100)]
Remove OPENSSL_assert() from crypto/kdf
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
Matt Caswell [Wed, 21 Jun 2017 14:55:20 +0000 (15:55 +0100)]
Remove OPENSSL_assert() from crypto/hmac
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
Matt Caswell [Wed, 21 Jun 2017 14:54:45 +0000 (15:54 +0100)]
Remove OPENSSL_assert() from crypto/ec
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
Matt Caswell [Wed, 21 Jun 2017 14:54:25 +0000 (15:54 +0100)]
Remove OPENSSL_assert() from conf_api.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
Matt Caswell [Wed, 21 Jun 2017 14:52:52 +0000 (15:52 +0100)]
Remove OPENSSL_assert() usage from crypto/bn
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
Matt Caswell [Wed, 21 Jun 2017 14:52:11 +0000 (15:52 +0100)]
Remove OPENSSL_assert() from various crypto/bio files
bss_dgram.c is deferred until later due to ongoing discussions.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
Matt Caswell [Wed, 21 Jun 2017 14:51:27 +0000 (15:51 +0100)]
Remove OPENSSL_assert() from crypto/asn1/bio_asn1.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
Pauli [Mon, 21 Aug 2017 00:37:34 +0000 (10:37 +1000)]
Remove double error messages
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4204)
Richard Levitte [Sat, 19 Aug 2017 16:45:43 +0000 (18:45 +0200)]
Fix ui_write in apps/apps.c
It used the default UI reader as fallback instead of the UI writer.
Fixes #4147
Fixes #4195
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4198)
Rich Salz [Fri, 18 Aug 2017 15:47:21 +0000 (11:47 -0400)]
Put thread-fork-init inside a run-once guard
Thanks to Christian Heimes for pointing this out.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4191)
Todd Short [Fri, 18 Aug 2017 13:32:29 +0000 (09:32 -0400)]
Reorder extensions to put SigAlgs last
Force non-empty padding extension.
When enabled, force the padding extension to be at least 1 byte long.
WebSphere application server cannot handle having an empty
extension (e.g. EMS/EtM) as the last extension in a client hello.
This moves the SigAlgs extension last for TLSv1.2 to avoid this
issue.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3921)
Balaji Marisetti [Tue, 1 Aug 2017 11:24:13 +0000 (16:54 +0530)]
Addressed build failure because of missing #ifdef AF_UNIX guard
CLA: trivial
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4067)
Richard Levitte [Thu, 17 Aug 2017 12:08:43 +0000 (14:08 +0200)]
Add a comment on expectations in the "tar" target
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4179)
Richard Levitte [Thu, 17 Aug 2017 12:04:36 +0000 (14:04 +0200)]
Prepare tarball in dist directory
We changed directory to the wrong directory.
This change also separates the preparation phase from the tarball
building phase.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4179)
Richard Levitte [Thu, 17 Aug 2017 12:04:18 +0000 (14:04 +0200)]
Turn on error sensitivity in the "tar" target
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4179)