Commits · b34f691ddbf618978ed9e97a0b9209937c1da26e · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

29 Jun, 2015 2 commits
- make update · b34f691d
  Dr. Stephen Henson authored Jun 25, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  b34f691d
- Use single master secret generation function. · 57b272b0
  Dr. Stephen Henson authored Jun 17, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  57b272b0
28 Jun, 2015 2 commits
- Check dgram_sctp_write() return value. · 7f098cb4
  Kurt Roeckx authored Jun 20, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  7f098cb4
- Check BIO_dgram_sctp_wait_for_dry() return value for error · 03a1c850
  Kurt Roeckx authored Jun 20, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  03a1c850
25 Jun, 2015 2 commits
- missing break · 13cbe5e7
  Dr. Stephen Henson authored Jun 25, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  13cbe5e7
- Don't output bogus errors in PKCS12_parse · ffbf304d
  Dr. Stephen Henson authored Jun 24, 2015
```
PR#3923

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  ffbf304d
24 Jun, 2015 1 commit
- Add docs for ssl verification parameter functions. · 77672802
  Dr. Stephen Henson authored Jun 17, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  77672802
23 Jun, 2015 14 commits

Rich Salz authored Jun 23, 2015



Move #include's inside the #ifdef.

Reviewed-by: Matt Caswell <matt@openssl.org>

d4dfb0ba

Fix PSK client handling. · a16ca4e8

Dr. Stephen Henson authored Jun 22, 2015



The PSK identity hint should be stored in the SSL_SESSION structure
and not in the parent context (which will overwrite values used
by other SSL structures with the same SSL_CTX).

Reviewed-by: Matt Caswell <matt@openssl.org>

a16ca4e8

Add PSK GCM ciphersuites from RFC5487 · 547dba74
Dr. Stephen Henson authored Jun 17, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
547dba74
PSK trace keyex fixes. · 52f78269
Dr. Stephen Henson authored Jun 17, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
52f78269

Avoid duplication. · c7238204

Dr. Stephen Henson authored Jun 20, 2015



We always free the handshake buffer when digests are freed so move
it into ssl_free_digest_list()

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

c7238204

Tidy up ssl3_digest_cached_records logic. · 124037fd

Dr. Stephen Henson authored Jun 16, 2015



Rewrite ssl3_digest_cached_records handling. Only digest cached records
if digest array is NULL: this means it is safe to call
ssl3_digest_cached_records multiple times (subsequent calls are no op).

Remove flag TLS1_FLAGS_KEEP_HANDSHAKE instead only update handshake buffer
if digest array is NULL.

Add additional "keep" parameter to ssl3_digest_cached_records to indicate
if the handshake buffer should be retained after digesting cached records
(needed for TLS 1.2 client authentication).

Reviewed-by: Matt Caswell <matt@openssl.org>

124037fd

More secure storage of key material. · 74924dcb

Rich Salz authored Apr 24, 2015



Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.

Reviewed-by: Richard Levitte <levitte@openssl.org>

74924dcb

Add $! to errors, use script basename. · ce7e647b
Rich Salz authored Jun 23, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
ce7e647b
GH297: Fix NAME section of SSL_CTX_use_serverinfo.pod · 4ba81134
Vitezslav Cizek authored Jun 16, 2015
```
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
```
4ba81134
RT3682: Avoid double-free on OCSP parse error · 4b8d8e2a
Rich Salz authored Jun 13, 2015
```
Found by Kurt Cancemi.

Reviewed-by: Matt Caswell <matt@openssl.org>
```
4b8d8e2a
RT3856: Fix memory leaks in test code · 2d540402
Russell Webb authored Jun 13, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
2d540402
make update · a1c506ae
Richard Levitte authored Jun 23, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
a1c506ae

Rearrange rsaz · ed45f3c2

Richard Levitte authored Jun 23, 2015



A small rearrangement so the inclusion of rsaz_exp.h would be
unconditional, but what that header defines becomes conditional.

This solves the weirdness where rsaz_exp.h gets in and out of the
dependency list for bn_exp.c, depending on the present architecture.

Reviewed-by: Rich Salz <rsalz@openssl.org>

ed45f3c2

RT3907-fix · cc3f3fc2

Rich Salz authored Jun 22, 2015



Typo in local variable name; introduced by previous fix.

Reviewed-by: Richard Levitte <levitte@openssl.org>

cc3f3fc2

22 Jun, 2015 6 commits

RT3907: avoid "local" in testssl script · 75ba5c58
Rich Salz authored Jun 13, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
75ba5c58
Remove SESS_CERT entirely. · 389ebcec
Dr. Stephen Henson authored Jun 21, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
389ebcec
Move peer chain to SSL_SESSION structure. · c34b0f99
Dr. Stephen Henson authored Jun 21, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
c34b0f99

Remove unnuecessary ifdefs. · 8df53b7a

Dr. Stephen Henson authored Jun 21, 2015



If RSA or DSA is disabled we will never use a ciphersuite with
RSA/DSA authentication as it is already filtered out by the cipher
list logic.

Reviewed-by: Richard Levitte <levitte@openssl.org>

8df53b7a

Remove certificates from sess_cert · a273c6ee

Dr. Stephen Henson authored Jun 21, 2015



As numerous comments indicate the certificate and key array is not an
appopriate structure to store the peers certificate: so remove it and
just the s->session->peer instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>

a273c6ee

Remove peer temp keys from SESS_CERT · 8d92c1f8
Dr. Stephen Henson authored Jun 21, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
8d92c1f8

21 Jun, 2015 13 commits
- RT3917: add cleanup on an error path · 7fba8407
  Rich Salz authored Jun 21, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  7fba8407
- Cleanup mttest.c : because we no longer use stdio here, don't include it · 8ca96efd
  Richard Levitte authored Jun 21, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  8ca96efd
- Add -ldl to the build of mttest.c · d62c98c8
  Richard Levitte authored Jun 21, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  d62c98c8
- Cleanup mttest.c : use BIO_free only, no preceding hacks · 03b672de
  Richard Levitte authored Jun 21, 2015
```
Since [sc]_ssl->[rw]bio aren't available, do not try to fiddle with
them.  Surely, a BIO_free on the "main" BIOs should be enough

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  03b672de
- Cleanup mttest.c : do not try to output reference counts when threads are done · 96462695
  Richard Levitte authored Jun 21, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  96462695
- Cleanup mttest.c : better error reporting when certs are miggins · 7a1789d2
  Richard Levitte authored Jun 21, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  7a1789d2
- Cleanup mttest.c : make ssl_method a pointer to const · f4c73bfe
  Richard Levitte authored Jun 21, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  f4c73bfe
- Cleanup mttest.c : modernise output · bb8abd67
  Richard Levitte authored Jun 21, 2015
```
Construct bio_err and bio_stdout from file handles instead of FILE
pointers, since the latter might not be implemented (when OPENSSL_NO_STDIO
is defined).
Convert all output to use BIO_printf.
Change lh_foo to lh_SSL_SESSION_foo.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  bb8abd67
- Cleanup mttest.c : modernise the threads setup · 5c78e183
  Richard Levitte authored Jun 21, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  5c78e183
- Cleanup mttest.c : remove MS_CALLBACK · a3f92865
  Richard Levitte authored Jun 21, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  a3f92865
- Revert "Avoid duplication." · f6a10313
  Dr. Stephen Henson authored Jun 21, 2015
```
This reverts commit d480e182

.

Commit broke TLS handshakes due to fragility of digest caching: that will be
fixed separately.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  f6a10313
- Avoid duplication. · d480e182
  Dr. Stephen Henson authored Jun 20, 2015
```
We always free the handshake buffer when digests are freed so move
it into ssl_free_digest_list()

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  d480e182
- remove unnecessary NULL checks · 85fb6fda
  Dr. Stephen Henson authored Jun 20, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  85fb6fda