summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update PR#3925tls1.3-draft-19Roelof duToit2017-07-141-3/+9
| | | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3925)
* Retry SSL_read on ERROR_WANT_READ.Roelof duToit2017-07-141-5/+5
| | | | | | | | | This resolves the retry issue in general, but also the specific case where a TLS 1.3 server sends a post-handshake NewSessionTicket message prior to appdata. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3925)
* Limit padded record to max plaintextTodd Short2017-05-031-28/+31
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3374)
* Update the documentation for "Groups" and "Curves"Matt Caswell2017-05-031-8/+36
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3375)
* Add the -groups option to s_server/s_clientMatt Caswell2017-05-031-4/+7
| | | | | | This should have been added before but was missed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3375)
* Update serverinfo documentation based on feedback receivedMatt Caswell2017-05-031-2/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
* Clarify serverinfo usage with Certificate messagesMatt Caswell2017-05-032-1/+7
| | | | | | Ensure that serverinfo only gets added for the first Certificate in a list. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
* Document the new SSL_CTX_use_serverinfo_ex() functionMatt Caswell2017-05-031-11/+35
| | | | | | Also document other releated changes to the serverinfo capability. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
* Add an SSL_ prefix to SERVERINFOV2 and SERVERINFOV1Matt Caswell2017-05-032-8/+8
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
* Add a test for CT in TLSv1.3Matt Caswell2017-05-031-19/+25
| | | | | | This also tests the SERVERINFO2 file format. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
* Add a SERVERINFOV2 format test fileMatt Caswell2017-05-031-0/+8
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
* Only send custom extensions where we have received one in the ClientHelloMatt Caswell2017-05-031-5/+4
| | | | | | | We already did this for ServerHello and EncryptedExtensions. We should be doing it for Certificate and HelloRetryRequest as well. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
* Extend the SERVERINFO file format to include an extensions contextMatt Caswell2017-05-034-89/+164
| | | | | | | | This enables us to know what messages the extensions are relevant for in TLSv1.3. The new file format is not compatible with the previous one so we call it SERVERINFOV2. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3298)
* Added support for ESSCertIDv2Marek Klein2017-05-0318-34/+396
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/771)
* Update igetest to use the test framework.Pauli2017-05-032-159/+181
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3210)
* Convert uses of snprintf to BIO_snprintfRich Salz2017-05-021-10/+10
| | | | | | | Fixes #2360 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3366)
* Fix some error path logic in i2v_AUTHORITY_INFO_ACCESS and i2v_GENERAL_NAMEMatt Caswell2017-05-022-26/+43
| | | | | | Fixes #1653 reported by Guido Vranken Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3362)
* Fix comment around safari fingerprint checkMatt Caswell2017-05-021-0/+1
| | | | | | Fixes #2442 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3367)
* Fix URL links in commentRich Salz2017-05-021-3/+7
| | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3365)
* Add some man page cross-referencesRich Salz2017-05-022-5/+12
| | | | | | | | | | | | | The old/deprecated servername callback should refer back to the new/preferred early callback mechanism, as well as indicate that it is superseded by the early callback. The early callback should also mention the API for turning the raw cipherlist octets from the client into usable data structures. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3338)
* Convert danetest, ssl_test_ctx_testRich Salz2017-05-023-328/+173
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3256)
* TLS1.3 PaddingTodd Short2017-05-0214-7/+340
| | | | | | | | | | Add padding callback for application control Standard block_size callback Documentation and tests included Configuration file/s_client/s_srver option Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3130)
* Fix time offset calculation.Todd Short2017-05-025-3/+134
| | | | | | | | | | | ASN1_GENERALIZEDTIME and ASN1_UTCTIME may be specified using offsets, even though that's not supported within certificates. To convert the offset time back to GMT, the offsets are supposed to be subtracted, not added. e.g. 1759-0500 == 2359+0100 == 2259Z. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2654)
* Fix a stack smashRich Salz2017-05-012-162/+207
| | | | | | | | | | | It occurs when memory compares are made that are larger than the on stack temporary buffers (either malloced or supplied). Rework the test test so it doesn't use a macro with a branch. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3155)
* Remove duplicates from clang_devteam_warningsBenjamin Kaduk2017-05-011-5/+1
| | | | | | | | | | | Since the clang_devteam_warnings are appended to the gcc_devteam_warnings when strict-warnings are requested, any items present in both the gcc and clang variables will be duplicated in the cflags used for clang builds. Remove the extra copy from the clang-specific flags in favor of the gcc_devteam_warnings that are used for all strict-warnings builds. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3239)
* Address some -Wold-style-declaration warningsBenjamin Kaduk2017-05-016-22/+22
| | | | | | | | | | | | | | | | | | | gcc's -Wextra pulls in -Wold-style-declaration, which triggers when a declaration has a storage-class specifier as a non-initial qualifier. The ISO C formal grammar requires the storage-class to be the first component of the declaration, if present. Seeint as the register storage-class specifier does not really have any effect anymore with modern compilers, remove it entirely while we're here, instead of fixing up the order. Interestingly, the gcc devteam warnings do not pull in -Wextra, though the clang ones do. [extended tests] Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3239)
* Add -Wextra to gcc devteam warningsBenjamin Kaduk2017-05-011-0/+3
| | | | | | | | | | | clang already has it; let's flip the switch and deal with the fallout. Exclude -Wunused-parameter, as we have many places where we keep unused parameters to conform to a uniform vtable-like interface. Also exclude -Wmissing-field-initializers; it's okay to rely on the standard-mandated behavior of filling out with 0/NULL. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3239)
* test/asn1_encode_test.c: test "next negative minimum" corner case.Andy Polyakov2017-04-301-0/+10
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* asn1/a_int.c: fix "next negative minimum" corner case in c2i_ibuf.Andy Polyakov2017-04-301-3/+14
| | | | | | | | | | | "Next" refers to negative minimum "next" to one presentable by given number of bytes. For example, -128 is negative minimum presentable by one byte, and -256 is "next" one. Thanks to Kazuki Yamaguchi for report, GH#3339 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Check fflush on BIO_ctrl callRich Salz2017-04-283-4/+11
| | | | | | | | Bug found and fix suggested by Julian RĂ¼th. Push error if fflush fails Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3266)
* Update the pyca-cryptography submodule to version 1.8.1Richard Levitte2017-04-281-0/+0
| | | | | | | | It was released a couple of days after our latest update [extended tests] Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3346)
* Ensure blank lines between tests.Rich Salz2017-04-281-12/+161
| | | | | | | Also add a comment describing the file format. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3337)
* Refactor crltest.c to separate the test cases into individual functions.Pauli2017-04-281-90/+84
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3327)
* testutil: Remove test_puts_std{out,err}, they are superfluousRichard Levitte2017-04-285-41/+7
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3345)
* testutil: Add OpenSSL error stack printing wrapper TEST_openssl_errorsRichard Levitte2017-04-286-9/+31
| | | | | | | | Also added a internal error printing callback to be used both with ERR_print_errors_cb() and with CRYPTO_mem_leaks_cb Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3345)
* testutil: Add commodity printing functions test_printf_std{out,err}Richard Levitte2017-04-285-37/+59
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3345)
* testutil: make subtest_level() internalRichard Levitte2017-04-284-3/+12
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3345)
* testutil: Move printing function declarations to "internal" headerRichard Levitte2017-04-287-17/+36
| | | | | | | | | These functions aren't meant to be used directly by the test programs, reflect that by making the declarations a little harder to reach, but still available enough if there's a need to override them. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3345)
* Add checks on return code when applying some settings.FdaSilvaYY2017-04-282-75/+40
| | | | | | | | Remove hardcoded bound checkings. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3141)
* Output prog name within error messageFdaSilvaYY2017-04-282-6/+6
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3141)
* Add a 'max_send_frag' option to configure maximum size of send fragmentsFdaSilvaYY2017-04-284-11/+64
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3141)
* Fix s_client when no-dtlsTodd Short2017-04-281-0/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3344)
* Fix a pedantic gcc-7 warning.Bernd Edlinger2017-04-281-1/+1
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3328)
* TLSProxy: When in debug mode, show the exact subprocess commandsRichard Levitte2017-04-281-0/+6
| | | | | | | | When you want to debug a test that goes wrong, it's useful to know exactly what subprocess commands are run. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3342)
* Remove (broken) diagnostic printRich Salz2017-04-271-6/+0
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3336)
* fuzz/{client,server}.c: omit _time64 "overload method".Andy Polyakov2017-04-272-16/+12
| | | | | | | | | | | Approach was opportunistic in Windows context from its inception and on top of that it was proven to be error-prone at link stage. Correct answer is to introduce library-specific time function that we can control in platform-neutral manner. Meanwhile we just let be attempts to override time on Windows. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3320)
* Ensure s_client sends an SNI extension by defaultMatt Caswell2017-04-276-18/+58
| | | | | | | | | Enforcement of an SNI extension in the initial ClientHello is becoming increasingly common (e.g. see GitHub issue #2580). This commit changes s_client so that it adds SNI be default, unless explicitly told not to via the new "-noservername" option. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2614)
* Add parentheses on public macros where appropriate.Bernd Edlinger2017-04-2711-147/+168
| | | | | | | Fixes #3063. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3100)
* Remove unnecessary loop in pkey_rsa_decrypt.Bernd Edlinger2017-04-261-7/+2
| | | | | | | | | It is not necessary to remove leading zeros here because RSA_padding_check_PKCS1_OAEP_mgf1 appends them again. As this was not done in constant time, this might have leaked timing information. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3313)
* Fix ISO C function/object pointer issueRich Salz2017-04-261-12/+12
| | | | | | | Showed up on GCC with strict warnings. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3325)
View Lorry Controller Status