Commits · 0bc09ecd263acb25f04f373f31a50f50af8541bb · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Aug 04, 2015

PACKETise ClientCertificate processing · 0bc09ecd

Matt Caswell authored Aug 04, 2015



Use the PACKET API for processing ClientCertificate messages

Reviewed-by: Tim Hudson <tjh@openssl.org>

0bc09ecd

Fix a bug in the new PACKET implementation · 44128847

Matt Caswell authored Aug 04, 2015



Some of the PACKET functions were returning incorrect data. An unfortunate
choice of test data in the unit test was masking the failure.

Reviewed-by: Tim Hudson <tjh@openssl.org>

44128847

Aug 03, 2015

Fix warning when compiling with no-ec2m · 8d11b7c7

Matt Caswell authored Jul 09, 2015



EC_KEY_set_public_key_affine_coordinates was using some variables that only
apply if OPENSSL_NO_EC2M is not defined.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

8d11b7c7

Fix make errors for the CCS changes · 496dbe18

Matt Caswell authored Jul 30, 2015



The move of CCS into the state machine was causing make errors to fail. This
fixes it.

Reviewed-by: Tim Hudson <tjh@openssl.org>

496dbe18

Fix ssl3_read_bytes handshake fragment bug · e9f6b9a1

Matt Caswell authored Jun 30, 2015

The move of CCS into the state machine introduced a bug in ssl3_read_bytes.
The value of |recvd_type| was not being set if we are satisfying the request
from handshake fragment storage. This can occur, for example, with
renegotiation and causes the handshake to fail.

Reviewed-by: Tim Hudson <tjh@openssl.org>

e9f6b9a1

Move DTLS CCS processing into the state machine · c69f2adf

Matt Caswell authored Jun 02, 2015



Continuing on from the previous commit this moves the processing of DTLS
CCS messages out of the record layer and into the state machine.

Reviewed-by: Tim Hudson <tjh@openssl.org>

c69f2adf

Move TLS CCS processing into the state machine · 657da85e

Matt Caswell authored May 11, 2015

The handling of incoming CCS records is a little strange. Since CCS is not
a handshake message it is handled differently to normal handshake messages.
Unfortunately whilst technically it is not a handhshake message the reality
is that it must be processed in accordance with the state of the handshake.
Currently CCS records are processed entirely within the record layer. In
order to ensure that it is handled in accordance with the handshake state
a flag is used to indicate that it is an acceptable time to receive a CCS.

Previously this flag did not exist (see CVE-2014-0224), but the flag should
only really be considered a workaround for the problem that CCS is not
visible to the state machine.

Outgoing CCS messages are already handled within the state machine.

This patch makes CCS visible to the TLS state machine. A separate commit
will handle DTLS.

Reviewed-by: Tim Hudson <tjh@openssl.org>

657da85e

PACKETise ClientHello processing · 9ceb2426

Matt Caswell authored Apr 16, 2015



Uses the new PACKET code to process the incoming ClientHello including all
extensions etc.

Reviewed-by: Tim Hudson <tjh@openssl.org>

9ceb2426

PACKET unit tests · 6fc2ef20

Matt Caswell authored Apr 17, 2015



Add some unit tests for the new PACKET API

Reviewed-by: Tim Hudson <tjh@openssl.org>

6fc2ef20

Add initial packet parsing code · 7e729bb5

Matt Caswell authored Apr 14, 2015



Provide more robust (inline) functions to replace n2s, n2l, etc. These
functions do the same thing as the previous macros, but also keep track
of the amount of data remaining and return an error if we try to read more
data than we've got.

Reviewed-by: Tim Hudson <tjh@openssl.org>

7e729bb5

Aug 02, 2015
- Fix refactoring breakage. · bb484020
  Ben Laurie authored Aug 02, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  bb484020
- don't reset return value to 0 · 5a168057
  Dr. Stephen Henson authored Aug 02, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  5a168057
- Add -Wconditional-uninitialized to clang strict warnings. · 480405e4
  Ben Laurie authored Aug 02, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  480405e4
- Build with --strict-warnings on FreeBSD. · d237a273
  Ben Laurie authored Aug 02, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  d237a273
Aug 01, 2015
- Make BSD make happy with subdirectories. · 9e83e6cd
  Ben Laurie authored Aug 01, 2015
```
Reviewed-by: Richard Levitte
```
  9e83e6cd
- GH336: Return an exit code if report fails · e36ce2d9
  Dirk Wetter authored Jul 31, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  e36ce2d9
Jul 31, 2015

Only define PAGE_SIZE if not already defined. · 34750dc2
Ben Laurie authored Jul 31, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
34750dc2

Remove erroneous server_random filling · e1e088ec

Matt Caswell authored Jun 25, 2015

Commit e481f9b9 removed OPENSSL_NO_TLSEXT from the code.

Previously if OPENSSL_NO_TLSEXT *was not* defined then the server random was
filled during getting of the ClientHello. If it *was* defined then the
server random would be filled in ssl3_send_server_hello(). Unfortunately in
commit e481f9b9

 the OPENSSL_NO_TLSEXT guards were removed but *both*
server random fillings were left in. This could cause problems for session
ticket callbacks.

Reviewed-by: Stephen Henson <steve@openssl.org>

e1e088ec

Clear BN-mont values when free'ing it. · 1a586b39
Loganaden Velvindron authored Jul 31, 2015
```
From a CloudFlare patch.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
1a586b39

Various doc fixes from GH pull requests · 740ceb5b

Rich Salz authored Jul 31, 2015



Thanks folks:
        348 Benjamin Kaduk
        317 Christian Brueffer
        254 Erik Tews
        253 Erik Tews
        219 Carl Mehner
        155 (ghost)
        95 mancha
        51 DominikNeubauer

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

740ceb5b

RT3742: Add xmpp_server to s_client. · 898ea7b8
Kai Engert authored Jul 29, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
898ea7b8
RT3963: Allow OCSP stapling with -rev and -www · be0c0361
Adam Eijdenberg authored Jul 29, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
be0c0361
RT3962: Check accept_count only if not unlimited · e46bcca2
Adam Eijdenberg authored Jul 29, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
e46bcca2
RT3961: Fix switch/case errors in flag parsing · 902c6b95
Adam Eijdenberg authored Jul 29, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
902c6b95
RT3959: Fix misleading comment · 119ab03a
Nicholas Cooper authored Jul 29, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
119ab03a

Jul 30, 2015

cleanse psk_identity on error · 3df16cc2
Dr. Stephen Henson authored Jul 28, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
3df16cc2
Free and cleanse pms on error · a784665e
Dr. Stephen Henson authored Jul 28, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
a784665e
Don't request certificates for any PSK ciphersuite · a3f7ff2b
Dr. Stephen Henson authored Jul 11, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
a3f7ff2b
CAMELLIA PSK ciphersuites from RFC6367 · 69a3a9f5
Dr. Stephen Henson authored Jun 30, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
69a3a9f5
Add PSK ciphersuites to docs · b2f8ab86
Dr. Stephen Henson authored Jun 29, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
b2f8ab86
Update CHANGES · 23237159
Dr. Stephen Henson authored Jun 29, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
23237159
Add RFC4785 ciphersuites · 5516fcc0
Dr. Stephen Henson authored Jun 29, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
5516fcc0

Add RFC4279, RFC5487 and RFC5489 ciphersuites. · ea6114c6

Dr. Stephen Henson authored Jun 28, 2015



Note: some of the RFC4279 ciphersuites were originally part of PR#2464.

Reviewed-by: Matt Caswell <matt@openssl.org>

ea6114c6

Initial new PSK ciphersuite defines · f40ecbc3
Dr. Stephen Henson authored Jun 28, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
f40ecbc3
Add full PSK trace support · 2a1a04e1
Dr. Stephen Henson authored Jun 28, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
2a1a04e1

PSK premaster secret derivation. · 8a0a12e5

Dr. Stephen Henson authored Jun 28, 2015



Move PSK premaster secret algorithm to ssl_generate_master secret so
existing key exchange code can be used and modified slightly to add
the PSK wrapping structure.

Reviewed-by: Matt Caswell <matt@openssl.org>

8a0a12e5

Extended PSK server support. · 85269210

Dr. Stephen Henson authored Jun 28, 2015



Add support for RSAPSK, DHEPSK and ECDHEPSK server side.

Update various checks to ensure certificate and server key exchange messages
are only sent when required.

Update message handling. PSK server key exchange parsing now include an
identity hint prefix for all PSK server key exchange messages. PSK
client key exchange message expects PSK identity and requests key for
all PSK key exchange ciphersuites.

Update flags for RSA, DH and ECDH so they are also used in PSK.

Reviewed-by: Matt Caswell <matt@openssl.org>

85269210

Extended PSK client support. · 7689082b

Dr. Stephen Henson authored Jun 28, 2015



Add support for RSAPSK, DHEPSK and ECDHEPSK client side.

Update various checks to ensure certificate and server key exchange messages
are only expected when required.

Update message handling. PSK server key exchange parsing now expects an
identity hint prefix for all PSK server key exchange messages. PSK
client key exchange message requests PSK identity and key for all PSK
key exchange ciphersuites and includes identity in message.

Update flags for RSA, DH and ECDH so they are also used in PSK.

Reviewed-by: Matt Caswell <matt@openssl.org>

7689082b

PSK PRF correction. · 12053a81

Dr. Stephen Henson authored Jun 28, 2015



For SHA384 PRF PSK ciphersuites we have to switch to default PRF for
TLS < 1.2

Reviewed-by: Matt Caswell <matt@openssl.org>

12053a81

Make auto DH work with DHEPSK · adc5506a
Dr. Stephen Henson authored Jun 28, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
adc5506a