Commits · b1931d432f4b53ceb2e2eacec09c2e32e043830b · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Dec 27, 2015

Simplify calling of the OCSP callback · b1931d43

Matt Caswell authored Dec 10, 2015



Move all calls of the OCSP callback into one place, rather than repeating it
in two different places.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

b1931d43

Add some documentation for the OCSP callback functions · 43c34894

Matt Caswell authored Nov 30, 2015



Describe the usage of the OCSP callback functions on both the client and
the server side.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

43c34894

Ensure we don't call the OCSP callback if resuming a session · 80e339fd

Matt Caswell authored Nov 30, 2015



It makes no sense to call the OCSP status callback if we are resuming a
session because no certificates will be sent.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

80e339fd

Fix error when server does not send CertificateStatus message · bb1aaab4

Matt Caswell authored Nov 05, 2015



If a server sends the status_request extension then it may choose
to send the CertificateStatus message. However this is optional.
We were treating it as mandatory and the connection was failing.

Thanks to BoringSSL for reporting this issue.

RT#4120

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

bb1aaab4

Add test for missing CertificateStatus message · ef96e4a2

Matt Caswell authored Nov 05, 2015



If the client sends a status_request extension in the ClientHello
and the server responds with a status_request extension in the
ServerHello then normally the server will also later send a
CertificateStatus message. However this message is *optional* even
if the extensions were sent. This adds a test to ensure that if
the extensions are sent then we can still omit the message.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

ef96e4a2

Dec 24, 2015
- fix no-ec · b22d7113
  Dr. Stephen Henson authored Dec 24, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  b22d7113
Dec 23, 2015

Server side EVP_PKEY DH support · e2b420fd
Dr. Stephen Henson authored Dec 17, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
e2b420fd
utility function · 6c4e6670
Dr. Stephen Henson authored Dec 18, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
6c4e6670
EVP_PKEY DH client support. · fb79abe3
Dr. Stephen Henson authored Dec 17, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
fb79abe3
Always generate DH keys for ephemeral DH cipher suites. · ffaef3f1
Dr. Stephen Henson authored Dec 17, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
ffaef3f1

The functions take a SSL *, not a SSL_CTX * · d938e8df

Daniel Kahn Gillmor authored Dec 23, 2015



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: #4192, MR: #1533

d938e8df

redundant redeclaration of 'OPENSSL_strlcpy' · 0b081fcd

Roumen Petrov authored Dec 21, 2015



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #1523

0b081fcd

__STDC_VERSION__ is not defined for c89 compilers · b9b154d1

Roumen Petrov authored Dec 03, 2015



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #1522

b9b154d1

remove duplicates in util/libeay.num · 3eabad02

Roumen Petrov authored Mar 21, 2015



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: #4195, MR: #1521

3eabad02

Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER and SSL_OP_TLS_D5_BUG support. · 1c9ed1d8

Kurt Roeckx authored Dec 22, 2015



Suggested by David Benjamin

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>

MR: #1520

1c9ed1d8

Avoid using a dangling pointer when removing the last item · 933d1085

Kurt Roeckx authored Dec 22, 2015



When it's the last item that is removed int_thread_hash == hash and we would
still call int_thread_release(&hash) while hash is already freed.  So
int_thread_release would compare that dangling pointer to NULL which is
undefined behaviour.  Instead do already what int_thread_release() would do,
and make the call do nothing instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>

RT: #4155, MR: #1519

933d1085

Memory leak in state machine in error path · c849c6d9

Todd Short authored Dec 22, 2015



When EC is disabled, and an error occurs in ssl_generate_master_secret()
or RAND_bytes(), the error path does not free rsa_decrypt.

RT#4197

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

c849c6d9

Refactor DTLS cookie generation and verification · 87a595e5

Richard Levitte authored Dec 23, 2015



DTLS cookie generation and verification were exact copies of each
other save the last few lines.  This refactors them to avoid code
copying.

Reviewed-by: Matt Caswell <matt@openssl.org>

87a595e5

Fix inline build failure · 7ab09630

Matt Caswell authored Dec 23, 2015



After the recent change to use ossl_inline, builds were failing on some
platforms due to a missing usage of "inline".

Reviewed-by: Richard Levitte <levitte@openssl.org>

7ab09630

Dec 22, 2015

Add ossl_inline · 80e0ecbf

Dr. Stephen Henson authored Dec 22, 2015



Add macro ossl_inline for use in public headers where a portable inline
is required. Change existing inline to use ossl_inline

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

80e0ecbf

add -unref option to mkerr.pl · 02a60ae2
Dr. Stephen Henson authored Dec 22, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
02a60ae2
In mkerr.pl look in directories under ssl/ · 0f6a2a97
Dr. Stephen Henson authored Dec 22, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
0f6a2a97

remove unused error code · e091c83e

Dr. Stephen Henson authored Dec 22, 2015



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

e091c83e

make update · 53781861
Dr. Stephen Henson authored Dec 22, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
53781861
unload modules in ssltest · a470fdab
Dr. Stephen Henson authored Dec 22, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
a470fdab
make errors · a2074b92
Dr. Stephen Henson authored Dec 21, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
a2074b92
SSL configuration module docs · 913592d2
Dr. Stephen Henson authored Jul 09, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
913592d2
Demo server using SSL_CTX_config · 43d956fa
Dr. Stephen Henson authored Jul 09, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
43d956fa
Add ssl configuration support to s_server and s_client · 287d0b94
Dr. Stephen Henson authored Jul 08, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
287d0b94
Load module in SSL_library_init · f33bad33
Dr. Stephen Henson authored Apr 23, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
f33bad33
Add ssl_mcnf.c to Makefile · 540912cd
Dr. Stephen Henson authored Apr 19, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
540912cd

SSL library configuration module. · 59b1696c

Dr. Stephen Henson authored Mar 14, 2015

This adds support for SSL/TLS configuration using configuration modules.
Sets of command value pairs are store and can be replayed through an
SSL_CTX or SSL structure using SSL_CTX_config or SSL_config.

Reviewed-by: Richard Levitte <levitte@openssl.org>

59b1696c

Cleanup CRYPTO_{push,pop}_info · 4fae386c

Rich Salz authored Dec 16, 2015



Rename to OPENSSL_mem_debug_{push,pop}.
Remove simple calls; keep only calls used in recursive functions.
Ensure we always push, to simplify so that we can always pop

Reviewed-by: Richard Levitte <levitte@openssl.org>

4fae386c

Rename *_realloc_clean to *_clear_realloc · c99de053

Rich Salz authored Dec 16, 2015



Just like *_clear_free routines.  Previously undocumented, used
a half-dozen times within OpenSSL source.

Reviewed-by: Richard Levitte <levitte@openssl.org>

c99de053

Also change the non-debug versions to use size_t · f5d97098
Kurt Roeckx authored Dec 22, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
MR: #1518
```
f5d97098

Fix memory leak in DSA redo case. · 679d8751

David Benjamin authored Dec 17, 2015



Found by clang scan-build.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>

RT: #4184, MR: #1496

679d8751

Configure: refine 'reconf' logic. · 91cf7551
Andy Polyakov authored Dec 21, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
91cf7551
bn/asm/bn-c64xplus.asm: update commentary. · b859d70d
Andy Polyakov authored Dec 21, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
b859d70d

Dec 21, 2015
- sha/asm/sha256-armv4.pl: one of "universal" flags combination didn't compile. · cfe67073
  Andy Polyakov authored Dec 15, 2015
```
(and unify table address calculation in ARMv8 code path).

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  cfe67073
Dec 19, 2015

Fix URLs mangled by reformat · 79caf5d3

Matt Caswell authored Dec 19, 2015

Some URLs in the source code ended up getting mangled by indent. This fixes
it. Based on a patch supplied by Arnaud Lacombe <al@aerilon.ca>

Reviewed-by: Richard Levitte <levitte@openssl.org>

79caf5d3