Commits · 80eab79de0377b42bc02e01e5d8bafaa4eb4c1a2 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Aug 24, 2015

Dr. Stephen Henson authored Aug 24, 2015



Add DSA tests.

Add tests to verify signatures against public keys. This will also check
that a public key is read in correctly.

Reviewed-by: Ben Laurie <ben@openssl.org>

80eab79d

Add DSA digest length checks. · 9d04f834
Dr. Stephen Henson authored Apr 30, 2015
```
Reviewed-by: Ben Laurie <ben@openssl.org>
```
9d04f834

Aug 21, 2015

Fix L<> content in manpages · 9b86974e

Rich Salz authored Aug 17, 2015



L<foo|foo> is sub-optimal  If the xref is the same as the title,
which is what we do, then you only need L<foo>.  This fixes all
1457 occurrences in 349 files.  Approximately.  (And pod used to
need both.)

Reviewed-by: Richard Levitte <levitte@openssl.org>

9b86974e

Aug 17, 2015
- Add new types to indent.pro · 3da9505d
  Richard Levitte authored Aug 17, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  3da9505d
- Add new GOST OIDs · 31001f81
  Dmitry Belyavsky authored Aug 17, 2015
```
Add new OIDs for latest GOST updates

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  31001f81
- Restore previous behaviour of only running one algorithm when -evp alg is used. · dfba17b4
  Tim Hudson authored Aug 17, 2015
```
Submitted by: Eric Young <eay@pobox.com>
Reviewed-by: Ben Laurie <ben@openssl.org>
```
  dfba17b4
- restore usage of -elapsed that was disabled in the ifdef reorg · 686e3449
  Tim Hudson authored Aug 17, 2015
```
Reviewed-by: Ben Laurie <ben@openssl.org>
```
  686e3449
- GH345: Remove stderr output · eb647452
  Rich Salz authored Aug 16, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  eb647452
Aug 16, 2015

Move FAQ to the web. · 4f46473a

Rich Salz authored Aug 16, 2015



Best hope of keeping current.

Reviewed-by: Tim Hudson <tjh@openssl.org>

4f46473a

Aug 14, 2015

PACKETise CertificateRequest · ac112332

Matt Caswell authored Aug 04, 2015



Process CertificateRequest messages using the PACKET API

Reviewed-by: Emilia Käsper <emilia@openssl.org>

ac112332

PACKETise ClientKeyExchange processing · efcdbcbe

Matt Caswell authored Aug 03, 2015



Use the new PACKET code to process the CKE message

Reviewed-by: Stephen Henson <steve@openssl.org>

efcdbcbe

PACKETise NewSessionTicket · 561e12bb

Matt Caswell authored Aug 05, 2015



Process NewSessionTicket messages using the new PACKET API

Reviewed-by: Emilia Käsper <emilia@openssl.org>

561e12bb

Fix session tickets · c83eda8c

Matt Caswell authored Aug 13, 2015

Commit 9ceb2426

 (PACKETise ClientHello) broke session tickets by failing
to detect the session ticket extension in an incoming ClientHello. This
commit fixes the bug.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

c83eda8c

add CCM docs · f8f5f836
Dr. Stephen Henson authored Aug 10, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
f8f5f836
Add CCM ciphersuites from RFC6655 and RFC7251 · 176f85a2
Dr. Stephen Henson authored Jul 31, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
176f85a2
ccm8 support · 3d3701ea
Dr. Stephen Henson authored Jul 31, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
3d3701ea
CCM support. · e75c5a79
Dr. Stephen Henson authored Jul 31, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
e75c5a79

Update docs. · 2fd7fb99

Dr. Stephen Henson authored Jun 17, 2015



Clarify and update documention for extra chain certificates.

PR#3878.

Reviewed-by: Rich Salz <rsalz@openssl.org>

2fd7fb99

Documentation for SSL_check_chain() · 6d5f8265
Dr. Stephen Henson authored Jul 23, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
6d5f8265

Aug 13, 2015

for test_sslvertol, add a value to display SSL version < 3 in debug · 00bf5001
Richard Levitte authored Aug 13, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
00bf5001

Fixups in libssl test harness · 4deefd65

Richard Levitte authored Aug 13, 2015



- select an actual file handle for devnull
- do not declare $msgdata twice
- SKE records sometimes seem to come without sig
- in SKE parsing, use and use $pub_key_len when parsing $pub_key

Reviewed-by: Matt Caswell <matt@openssl.org>

4deefd65

Use -I to add to @INC, and use -w to produce warnings · b3a231db
Richard Levitte authored Aug 13, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
b3a231db
Fix FAQ formatting for new website. · f25825c2
Rich Salz authored Aug 13, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
f25825c2

PACKETise Certificate Status message · ac63710a

Matt Caswell authored Aug 05, 2015



Process the Certificate Status message using the PACKET API

Reviewed-by: Emilia Käsper <emilia@openssl.org>

ac63710a

Enhance PACKET readability · bc6616a4

Matt Caswell authored Aug 03, 2015



Enhance the PACKET code readability, and fix a stale comment. Thanks
to Ben Kaduk (bkaduk@akamai.com) for pointing this out.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

bc6616a4

Add missing return check for PACKET_buf_init · f9f60534

Matt Caswell authored Aug 03, 2015



The new ClientHello PACKET code is missing a return value check.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

f9f60534

GH364: Free memory on an error path · cc2829e6

Ismo Puustinen authored Aug 07, 2015



Part of RT 3997
Per Ben, just jump to common exit code.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>

cc2829e6

PACKETise Server Certificate processing · df758a85

Matt Caswell authored Aug 04, 2015



Use the PACKET API to process an incoming server Certificate message.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

df758a85

Aug 12, 2015
- Return error for unsupported modes. · 2acdef5e
  Dr. Stephen Henson authored Aug 01, 2015
```
PR#3974
PR#3975

Reviewed-by: Matt Caswell <matt@openssl.org>
```
  2acdef5e
- Fix memory leak if setup fails. · 891eac46
  Dr. Stephen Henson authored Aug 01, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  891eac46
- Err isn't always malloc failure. · a187e08d
  Dr. Stephen Henson authored Aug 01, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  a187e08d
Aug 11, 2015

Remove Gost94 signature algorithm. · ade44dcb

Rich Salz authored Aug 04, 2015



This was obsolete in 2001.  This is not the same as Gost94 digest.
Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice.

Reviewed-by: Matt Caswell <matt@openssl.org>

ade44dcb

Fix "make test" seg fault with SCTP enabled · f75d5171

Matt Caswell authored Aug 11, 2015



When config'd with "sctp" running "make test" causes a seg fault. This is
actually due to the way ssltest works - it dives under the covers and frees
up BIOs manually and so some BIOs are NULL when the SCTP code does not
expect it. The simplest fix is just to add some sanity checks to make sure
the BIOs aren't NULL before we use them.

This problem occurs in master and 1.0.2. The fix has also been applied to
1.0.1 to keep the code in sync.

Reviewed-by: Tim Hudson <tjh@openssl.org>

f75d5171

Fix missing return value checks in SCTP · d8e8590e

Matt Caswell authored Aug 11, 2015



There are some missing return value checks in the SCTP code. In master this
was causing a compilation failure when config'd with
"--strict-warnings sctp".

Reviewed-by: Tim Hudson <tjh@openssl.org>

d8e8590e

make update · 6142f5c6

Matt Caswell authored Aug 11, 2015



Run a "make update" for the OSSLTest Engine changes

Reviewed-by: Richard Levitte <levitte@openssl.org>

6142f5c6

Use dynamic engine for libssl test harness · c0cbb4c1

Richard Levitte authored Aug 10, 2015



Use a dynamic engine for ossltest engine so that we can build it without
subsequently deploying it during install. We do not want people accidentally
using this engine.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

c0cbb4c1

Add a test for 0 p value in anon DH SKE · c2a34c58

Matt Caswell authored Aug 07, 2015



When using an anon DH ciphersuite a client should reject a 0 value for p.

Reviewed-by: Richard Levitte <levitte@openssl.org>

c2a34c58

Extend TLSProxy capabilities · a1accbb1

Matt Caswell authored Aug 07, 2015



Add ServerHello parsing to TLSProxy.
Also add some (very) limited ServerKeyExchange parsing.
Add the capability to set client and server cipher lists
Fix a bug with fragment lengths

Reviewed-by: Richard Levitte <levitte@openssl.org>

a1accbb1

Add some libssl tests · 011467ee

Matt Caswell authored Jun 16, 2015

Two tests are added: one is a simple version tolerance test; the second is
a test to ensure that OpenSSL operates correctly in the case of a zero
length extensions block. The latter was broken inadvertently (now fixed)
and it would have been helpful to have a test case for it.

Reviewed-by: Richard Levitte <levitte@openssl.org>

011467ee

Add a libssl test harness · 631c1206

Matt Caswell authored Jun 16, 2015

This commit provides a set of perl modules that support the testing of
libssl. The test harness operates as a man-in-the-middle proxy between
s_server and s_client. Both s_server and s_client must be started using the
"-testmode" option which loads the new OSSLTEST engine.

The test harness enables scripts to be written that can examine the packets
sent during a handshake, as well as (potentially) modifying them so that
otherwise illegal handshake messages can be sent.

Reviewed-by: Richard Levitte <levitte@openssl.org>

631c1206