Commits · 2b687397fda5ebaa413a3f35b1c989c84114cefe · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

10 Oct, 2016 1 commit

Kurt Roeckx authored Oct 09, 2016



New minimal fuzz corpora for asn1, asn1parse, bndiv, crl and x509

Reviewed-by: Andy Polyakov <appro@openssl.org>

GH: #1678

2b687397

03 Oct, 2016 7 commits

Fix linebreaks in the tls_construct_client_certificate function · b90506e9
Matt Caswell authored Oct 03, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
b90506e9
Add a typedef for the construction function · a15c953f
Matt Caswell authored Oct 03, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
a15c953f

Move setting of the handshake header up one more level · 6392fb8e

Matt Caswell authored Sep 30, 2016



We now set the handshake header, and close the packet directly in the
write_state_machine. This is now possible because it is common for all
messages.

Reviewed-by: Rich Salz <rsalz@openssl.org>

6392fb8e

Remove the special case processing for finished construction · 229185e6

Matt Caswell authored Sep 30, 2016



tls_construct_finished() used to have different arguments to all of the
other construction functions. It doesn't anymore, so there is no neeed to
treat it as a special case.

Reviewed-by: Rich Salz <rsalz@openssl.org>

229185e6

Harmonise setting the header and closing construction · 4a01c59f

Matt Caswell authored Sep 30, 2016

Ensure all message types work the same way including CCS so that the state
machine doesn't need to know about special cases. Put all the special logic
into ssl_set_handshake_header() and ssl_close_construct_packet().

Reviewed-by: Rich Salz <rsalz@openssl.org>

4a01c59f

Don't set the handshake header in every message · 5923ad4b

Matt Caswell authored Sep 30, 2016



Move setting the handshake header up a level into the state machine code
in order to reduce boilerplate.

Reviewed-by: Rich Salz <rsalz@openssl.org>

5923ad4b

Move init of the WPACKET into write_state_machine() · 7cea05dc

Matt Caswell authored Sep 29, 2016



Instead of initialising, finishing and cleaning up the WPACKET in every
message construction function, we should do it once in
write_state_machine().

Reviewed-by: Rich Salz <rsalz@openssl.org>

7cea05dc

02 Oct, 2016 7 commits

Remove untrue comment. · b7c9aa64
Ben Laurie authored Oct 01, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
b7c9aa64
Make dependencies if Makefile is new. · d423c5ad
Ben Laurie authored Oct 01, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
d423c5ad

Rename ssl_set_handshake_header2() · a29fa98c

Matt Caswell authored Sep 29, 2016

ssl_set_handshake_header2() was only ever a temporary name while we had
to have ssl_set_handshake_header() for code that hadn't been converted to
WPACKET yet. No code remains that needed that so we can rename it.

Reviewed-by: Rich Salz <rsalz@openssl.org>

a29fa98c

Remove ssl_set_handshake_header() · e2726ce6

Matt Caswell authored Sep 29, 2016



Remove the old ssl_set_handshake_header() implementations. Later we will
rename ssl_set_handshake_header2() to ssl_set_handshake_header().

Reviewed-by: Rich Salz <rsalz@openssl.org>

e2726ce6

Remove the tls12_get_sigandhash_old() function · 42cde22f

Matt Caswell authored Sep 29, 2016



This is no longer needed now that all messages use WPACKET

Reviewed-by: Rich Salz <rsalz@openssl.org>

42cde22f

fix memory leak · bcaad809
Dr. Stephen Henson authored Oct 02, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
bcaad809
Don't use DES when disabled. · c1eba83f
Ben Laurie authored Oct 02, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
c1eba83f

01 Oct, 2016 3 commits

fix memory leak · eb67172a
Dr. Stephen Henson authored Oct 01, 2016
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
eb67172a
Add SRP test vectors from RFC5054 · 198d8059
Dr. Stephen Henson authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
198d8059

SRP code tidy. · 8f332ac9

Dr. Stephen Henson authored Sep 29, 2016



Tidy up srp_Calc_k and SRP_Calc_u by making them a special case of
srp_Calc_xy which performs SHA1(PAD(x) | PAD(y)).

This addresses an OCAP Audit issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>

8f332ac9

29 Sep, 2016 22 commits

Convert NewSessionTicket construction to WPACKET · a00d75e1
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
a00d75e1

Fix an error in packet_locl.h · b36017fe

Matt Caswell authored Sep 29, 2016



A convenience macro was using the wrong underlying function.

Reviewed-by: Rich Salz <rsalz@openssl.org>

b36017fe

Convert CertStatus message construction to WPACKET · cc59ad10
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
cc59ad10

Fix mis-named macro in packet_locl.h · f308416e

Matt Caswell authored Sep 29, 2016



A couple of the WPACKET_sub_memcpy* macros were mis-named.

Reviewed-by: Rich Salz <rsalz@openssl.org>

f308416e

Convert SeverDone construction to WPACKET · 4346a8fa
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
4346a8fa
make update · b1b4f0a5
Dr. Stephen Henson authored Sep 28, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
b1b4f0a5

Print <ABSENT> if a STACK is NULL. · 73a9f60d

Dr. Stephen Henson authored Sep 28, 2016



If a STACK (corresponding to SEQUENCE OF or SET OF) is NULL then the
field is absent as opposed to empty (present but has zero elements).

Reviewed-by: Rich Salz <rsalz@openssl.org>

73a9f60d

add item list support to d2i_test · adffae15
Dr. Stephen Henson authored Sep 28, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
adffae15
ASN1_ITEM should use type name not structure name. · 2171a071
Dr. Stephen Henson authored Sep 27, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
2171a071
Add -item option to asn1parse · 5fb10059
Dr. Stephen Henson authored Sep 27, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
5fb10059
Add ASN1_ITEM lookup and enumerate functions. · 56501ebd
Dr. Stephen Henson authored Sep 27, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
56501ebd
Fix missing NULL checks in NewSessionTicket construction · 83ae4661
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
83ae4661
Fix an mis-matched function code so that "make update" doesn't fail · e4e1aa90
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
e4e1aa90
Add an example of usage to the WPACKET_reserve_bytes() documentation · 0023baff
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
0023baff
Address style feedback comments · ff819477
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
ff819477

Fix a bug in CKE construction for PSK · 4a424545

Matt Caswell authored Sep 29, 2016

In plain PSK we don't need to do anymore construction after the preamble.
We weren't detecting this case and treating it as an unknown cipher.

Reviewed-by: Rich Salz <rsalz@openssl.org>

4a424545

Convert ServerKeyExchange construction to WPACKET · c13d2a5b
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
c13d2a5b

Add the WPACKET_reserve_bytes() function · 1ff84340

Matt Caswell authored Sep 29, 2016



WPACKET_allocate_bytes() requires you to know the size of the data you
are allocating for, before you create it. Sometimes this isn't the case,
for example we know the maximum size that a signature will be before we
create it, but not the actual size. WPACKET_reserve_bytes() enables us to
reserve bytes in the WPACKET, but not count them as written yet. We then
subsequently need to acall WPACKET_allocate_bytes to actually count them as
written.

Reviewed-by: Rich Salz <rsalz@openssl.org>

1ff84340

Remove tls12_copy_sigalgs_old() · ac8cc3ef

Matt Caswell authored Sep 29, 2016



This was a temporary function needed during the conversion to WPACKET. All
callers have now been converted to the new way of doing this so this
function is no longer required.

Reviewed-by: Rich Salz <rsalz@openssl.org>

ac8cc3ef

Convert CertificateRequest construction to WPACKET · 28ff8ef3
Matt Caswell authored Sep 29, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
28ff8ef3

Address style feedback comments · 25849a8f

Matt Caswell authored Sep 29, 2016



Merge declarations of same type together.

Reviewed-by: Rich Salz <rsalz@openssl.org>

25849a8f

Fix a bug in the construction of the ClienHello SRTP extension · 7facdbd6
Matt Caswell authored Sep 28, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
7facdbd6