- Aug 17, 2015
-
-
Tim Hudson authored
Reviewed-by: Ben Laurie <ben@openssl.org>
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Aug 16, 2015
-
-
Rich Salz authored
Best hope of keeping current. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Aug 14, 2015
-
-
Matt Caswell authored
Process CertificateRequest messages using the PACKET API Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Use the new PACKET code to process the CKE message Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Process NewSessionTicket messages using the new PACKET API Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Commit 9ceb2426 (PACKETise ClientHello) broke session tickets by failing to detect the session ticket extension in an incoming ClientHello. This commit fixes the bug. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Clarify and update documention for extra chain certificates. PR#3878. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Aug 13, 2015
-
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
- select an actual file handle for devnull - do not declare $msgdata twice - SKE records sometimes seem to come without sig - in SKE parsing, use and use $pub_key_len when parsing $pub_key Reviewed-by: Matt Caswell <matt@openssl.org>
-
Richard Levitte authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Process the Certificate Status message using the PACKET API Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Enhance the PACKET code readability, and fix a stale comment. Thanks to Ben Kaduk (bkaduk@akamai.com) for pointing this out. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
The new ClientHello PACKET code is missing a return value check. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Ismo Puustinen authored
Part of RT 3997 Per Ben, just jump to common exit code. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Use the PACKET API to process an incoming server Certificate message. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Aug 12, 2015
-
-
Dr. Stephen Henson authored
PR#3974 PR#3975 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Aug 11, 2015
-
-
Rich Salz authored
This was obsolete in 2001. This is not the same as Gost94 digest. Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
When config'd with "sctp" running "make test" causes a seg fault. This is actually due to the way ssltest works - it dives under the covers and frees up BIOs manually and so some BIOs are NULL when the SCTP code does not expect it. The simplest fix is just to add some sanity checks to make sure the BIOs aren't NULL before we use them. This problem occurs in master and 1.0.2. The fix has also been applied to 1.0.1 to keep the code in sync. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
There are some missing return value checks in the SCTP code. In master this was causing a compilation failure when config'd with "--strict-warnings sctp". Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
Run a "make update" for the OSSLTest Engine changes Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Use a dynamic engine for ossltest engine so that we can build it without subsequently deploying it during install. We do not want people accidentally using this engine. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
When using an anon DH ciphersuite a client should reject a 0 value for p. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Add ServerHello parsing to TLSProxy. Also add some (very) limited ServerKeyExchange parsing. Add the capability to set client and server cipher lists Fix a bug with fragment lengths Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Two tests are added: one is a simple version tolerance test; the second is a test to ensure that OpenSSL operates correctly in the case of a zero length extensions block. The latter was broken inadvertently (now fixed) and it would have been helpful to have a test case for it. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
This commit provides a set of perl modules that support the testing of libssl. The test harness operates as a man-in-the-middle proxy between s_server and s_client. Both s_server and s_client must be started using the "-testmode" option which loads the new OSSLTEST engine. The test harness enables scripts to be written that can examine the packets sent during a handshake, as well as (potentially) modifying them so that otherwise illegal handshake messages can be sent. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
This engine is for testing purposes only. It provides crippled crypto implementations and therefore must not be used in any instance where security is required. This will be used by the forthcoming libssl test harness which will operate as a man-in-the-middle proxy. The test harness will be able to modify TLS packets and read their contents. By using this test engine packets are not encrypted and MAC codes always verify. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
The function BN_MONT_CTX_set was assuming that the modulus was non-zero and therefore that |mod->top| > 0. In an error situation that may not be the case and could cause a seg fault. This is a follow on from CVE-2015-1794. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Guy Leaver (guleaver) authored
If a client receives a ServerKeyExchange for an anon DH ciphersuite with the value of p set to 0 then a seg fault can occur. This commits adds a test to reject p, g and pub key parameters that have a 0 value (in accordance with RFC 5246) The security vulnerability only affects master and 1.0.2, but the fix is additionally applied to 1.0.1 for additional confidence. CVE-2015-1794 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
make errors wants things in a different order to the way things are currently defined in the header files. The easiest fix is to just let it reorder it. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Aug 10, 2015
-
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
Especially since after the #ifdef cleanups this is not useful. Reviewed-by: Matt Caswell <matt@openssl.org>
-