Commits · 208b2d541dcb3b8f62639d2a8cc5771af4ba8755 · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Aug 26, 2015

GH correct organizationalUnitName · 208b2d54

Viktor Dukhovni authored Apr 23, 2014



Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>

208b2d54

Clean up reset of read/write sequences · 95cdad63

Matt Caswell authored Aug 26, 2015



Use sizeof instead of an explicit size, and use the functions for the
purpose.

Reviewed-by: Rich Salz <rsalz@openssl.org>

95cdad63

PACKET: add methods for reading length-prefixed TLS vectors. · ec30e856
Emilia Kasper authored Aug 18, 2015
```
Rewrite ssl3_get_client_hello to use the new methods.

Reviewed-by: Matt Caswell <matt@openssl.org>
```
ec30e856

Fix SSLv2-compatible ClientHello processing. · 9cc3e8f1

Emilia Kasper authored Aug 18, 2015



If the client challenge is less than 32 bytes, it is padded with leading - not trailing - zero bytes.

Reviewed-by: Matt Caswell <matt@openssl.org>

9cc3e8f1

PACKET: constify where possible · 2aa815c3

Emilia Kasper authored Aug 18, 2015



The PACKET should hold a 'const unsigned char*' underneath as well
but the legacy code passes the record buffer around as 'unsigned char*'
(to callbacks, too) so that's a bigger refactor.

Reviewed-by: Matt Caswell <matt@openssl.org>

2aa815c3

GH371: Print debug info for ALPN extension · b48357d9

Alessandro Ghedini authored Aug 19, 2015



Also known as RT 4106
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>

b48357d9

Remove _locked memory functions. · 4c42ebd2

Rich Salz authored Aug 26, 2015



Undocumented, unused, unnecessary (replaced by secure arena).

Reviewed-by: Richard Levitte <levitte@openssl.org>

4c42ebd2

BN_bin2bn handle leading zero's · 22dc08d0

Rich Salz authored Aug 10, 2015



If a binary sequence is all zero's, call BN_zero.

Reviewed-by: Matt Caswell <matt@openssl.org>

22dc08d0

Add NewSessionTicket test suite · ddcc5e5b

Matt Caswell authored Aug 13, 2015



Add a set of tests for checking that NewSessionTicket messages are
behaving as expected.

Reviewed-by: Tim Hudson <tjh@openssl.org>

ddcc5e5b

Fix TLSProxy end of test detection · 8af538e5

Matt Caswell authored Aug 13, 2015



Previously TLSProxy would detect a successful handshake once it saw the
server Finished message. This causes problems with abbreviated handshakes,
or if the client fails to process a message from the last server flight.

This change additionally sends some application data and finishes when the
client sends a CloseNotify.

Reviewed-by: Tim Hudson <tjh@openssl.org>

8af538e5

Fix DTLS session ticket renewal · ee4ffd6f

Matt Caswell authored Aug 13, 2015



A DTLS client will abort a handshake if the server attempts to renew the
session ticket. This is caused by a state machine discrepancy between DTLS
and TLS discovered during the state machine rewrite work.

The bug can be demonstrated as follows:

Start a DTLS s_server instance:
openssl s_server -dtls

Start a client and obtain a session but no ticket:
openssl s_client -dtls -sess_out session.pem -no_ticket

Now start a client reusing the session, but allow a ticket:
openssl s_client -dtls -sess_in session.pem

The client will abort the handshake.

Reviewed-by: Tim Hudson <tjh@openssl.org>

ee4ffd6f

Aug 25, 2015

Ignore generated *.S ARM assembly files · d6dfa550

Chris Watts authored Aug 24, 2015



Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

d6dfa550

RT4019: Duplicate -hmac flag in dgst.pod · fe50cd7a

Markus Rinne authored Aug 24, 2015



Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

fe50cd7a

GH372: Remove duplicate flags · 32c5e0ba

Rich Salz authored Aug 24, 2015



Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

32c5e0ba

Aug 24, 2015

Small cleanup of crypto.pod · 2c496970

Rich Salz authored Aug 24, 2015



Came up on the mailing list, from Ken Goldman.

Reviewed-by: Tim Hudson <tjh@openssl.org>

2c496970

GH337: Need backslash before leading # · e0d26bb3

Peter Mosmans authored Aug 24, 2015



Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>

e0d26bb3

RT4015: Add missing date to CHANGES · a8471306

janpopan authored Aug 24, 2015



Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>

a8471306

More test cases. · 80eab79d

Dr. Stephen Henson authored Aug 24, 2015



Add DSA tests.

Add tests to verify signatures against public keys. This will also check
that a public key is read in correctly.

Reviewed-by: Ben Laurie <ben@openssl.org>

80eab79d

Add DSA digest length checks. · 9d04f834
Dr. Stephen Henson authored Apr 30, 2015
```
Reviewed-by: Ben Laurie <ben@openssl.org>
```
9d04f834

Aug 21, 2015

Fix L<> content in manpages · 9b86974e

Rich Salz authored Aug 17, 2015



L<foo|foo> is sub-optimal  If the xref is the same as the title,
which is what we do, then you only need L<foo>.  This fixes all
1457 occurrences in 349 files.  Approximately.  (And pod used to
need both.)

Reviewed-by: Richard Levitte <levitte@openssl.org>

9b86974e

Aug 17, 2015
- Add new types to indent.pro · 3da9505d
  Richard Levitte authored Aug 17, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  3da9505d
- Add new GOST OIDs · 31001f81
  Dmitry Belyavsky authored Aug 17, 2015
```
Add new OIDs for latest GOST updates

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  31001f81
- Restore previous behaviour of only running one algorithm when -evp alg is used. · dfba17b4
  Tim Hudson authored Aug 17, 2015
```
Submitted by: Eric Young <eay@pobox.com>
Reviewed-by: Ben Laurie <ben@openssl.org>
```
  dfba17b4
- restore usage of -elapsed that was disabled in the ifdef reorg · 686e3449
  Tim Hudson authored Aug 17, 2015
```
Reviewed-by: Ben Laurie <ben@openssl.org>
```
  686e3449
- GH345: Remove stderr output · eb647452
  Rich Salz authored Aug 16, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  eb647452
Aug 16, 2015

Move FAQ to the web. · 4f46473a

Rich Salz authored Aug 16, 2015



Best hope of keeping current.

Reviewed-by: Tim Hudson <tjh@openssl.org>

4f46473a

Aug 14, 2015

PACKETise CertificateRequest · ac112332

Matt Caswell authored Aug 04, 2015



Process CertificateRequest messages using the PACKET API

Reviewed-by: Emilia Käsper <emilia@openssl.org>

ac112332

PACKETise ClientKeyExchange processing · efcdbcbe

Matt Caswell authored Aug 03, 2015



Use the new PACKET code to process the CKE message

Reviewed-by: Stephen Henson <steve@openssl.org>

efcdbcbe

PACKETise NewSessionTicket · 561e12bb

Matt Caswell authored Aug 05, 2015



Process NewSessionTicket messages using the new PACKET API

Reviewed-by: Emilia Käsper <emilia@openssl.org>

561e12bb

Fix session tickets · c83eda8c

Matt Caswell authored Aug 13, 2015

Commit 9ceb2426

 (PACKETise ClientHello) broke session tickets by failing
to detect the session ticket extension in an incoming ClientHello. This
commit fixes the bug.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

c83eda8c

add CCM docs · f8f5f836
Dr. Stephen Henson authored Aug 10, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
f8f5f836
Add CCM ciphersuites from RFC6655 and RFC7251 · 176f85a2
Dr. Stephen Henson authored Jul 31, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
176f85a2
ccm8 support · 3d3701ea
Dr. Stephen Henson authored Jul 31, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
3d3701ea
CCM support. · e75c5a79
Dr. Stephen Henson authored Jul 31, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
e75c5a79

Update docs. · 2fd7fb99

Dr. Stephen Henson authored Jun 17, 2015



Clarify and update documention for extra chain certificates.

PR#3878.

Reviewed-by: Rich Salz <rsalz@openssl.org>

2fd7fb99

Documentation for SSL_check_chain() · 6d5f8265
Dr. Stephen Henson authored Jul 23, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
6d5f8265

Aug 13, 2015
- for test_sslvertol, add a value to display SSL version < 3 in debug · 00bf5001
  Richard Levitte authored Aug 13, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  00bf5001
- Fixups in libssl test harness · 4deefd65
  Richard Levitte authored Aug 13, 2015
```
- select an actual file handle for devnull
- do not declare $msgdata twice
- SKE records sometimes seem to come without sig
- in SKE parsing, use and use $pub_key_len when parsing $pub_key

Reviewed-by: Matt Caswell <matt@openssl.org>
```
  4deefd65
- Use -I to add to @INC, and use -w to produce warnings · b3a231db
  Richard Levitte authored Aug 13, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  b3a231db
- Fix FAQ formatting for new website. · f25825c2
  Rich Salz authored Aug 13, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  f25825c2