Skip to content
  1. May 20, 2014
  2. May 19, 2014
    • Janpopan's avatar
      Fix a wrong parameter count ERR_add_error_data · ff626ba5
      Janpopan authored
      ff626ba5
    • Ben Laurie's avatar
      Merge branch 'mbland-heartbeat-test' · 814972e1
      Ben Laurie authored
      814972e1
    • Ben Laurie's avatar
      Fixup for ancient compilers. · 2ec52dc3
      Ben Laurie authored
      2ec52dc3
    • Mike Bland's avatar
      Zero-initialize heartbeat test write buffer · 39dd6f45
      Mike Bland authored
      The previous calls to memset() were added to tear_down() when I noticed the
      test spuriously failing in opt mode, with different results each time. This
      appeared to be because the allocator zeros out memory in debug mode, but not
      in opt mode. Since the heartbeat functions silently drop the request on error
      without modifying the contents of the write buffer, whatever random contents
      were in memory before being reallocated to the write buffer used in the test
      would cause nondeterministic test failures in the Heartbleed regression cases.
      Adding these calls allowed the test to pass in both debug and opt modes.
      
      Ben Laurie notified me offline that the test was aborting in
      debug-ben-debug-64-clang mode, configured with GitConfigure and built with
      GitMake. Looking into this, I realized the first memset() call was zeroing out
      a reference count used by SSL_free() that was checked in
      debug-ben-debug-64-clang mode but not in the normal debug mode.
      
      Removing the memset() calls from tear_down() and adding a memset() for the
      write buffer in set_up() addresses the issue and allows the test to
      successfully execute in debug, opt, and debug-ben-debug-64-clang modes.
      39dd6f45
    • Mike Bland's avatar
      More through error checks in set_up · f5ad068b
      Mike Bland authored
      Checks the return values of ssl_init_wbio_buffer() and ssl3_setup_buffers().
      f5ad068b
    • Ben Laurie's avatar
      Make it build/run. · f41231d6
      Ben Laurie authored
      f41231d6
    • Mike Bland's avatar
      Unit/regression test for TLS heartbeats. · 6af080ac
      Mike Bland authored
      Regression test against CVE-2014-0160 (Heartbleed).
      
      More info: http://mike-bland.com/tags/heartbleed.html
      6af080ac
    • Andy Polyakov's avatar
      Add "teaser" AES module for ARMv8. · 5727e4da
      Andy Polyakov authored
      "Teaser" means that it's initial proof-of-concept to build EVP module
      upon.
      5727e4da
  3. May 15, 2014
  4. May 14, 2014
  5. May 12, 2014
  6. May 11, 2014
  7. May 10, 2014
  8. May 09, 2014
    • Dr. Stephen Henson's avatar
      Return an error if no recipient type matches. · 0bcb17a7
      Dr. Stephen Henson authored
      If the key type does not match any CMS recipient type return
      an error instead of using a random key (MMA mitigation). This
      does not leak any useful information to an attacker.
      
      PR#3348
      0bcb17a7
    • Geoff Thorpe's avatar
      s_client/s_server: support unix domain sockets · a9351320
      Geoff Thorpe authored
      
      
      The "-unix <path>" argument allows s_server and s_client to use a unix
      domain socket in the filesystem instead of IPv4 ("-connect", "-port",
      "-accept", etc). If s_server exits gracefully, such as when "-naccept"
      is used and the requested number of SSL/TLS connections have occurred,
      then the domain socket file is removed. On ctrl-C, it is likely that
      the stale socket file will be left over, such that s_server would
      normally fail to restart with the same arguments. For this reason,
      s_server also supports an "-unlink" option, which will clean up any
      stale socket file before starting.
      
      If you have any reason to want encrypted IPC within an O/S instance,
      this concept might come in handy. Otherwise it just demonstrates that
      there is nothing about SSL/TLS that limits it to TCP/IP in any way.
      
      (There might also be benchmarking and profiling use in this path, as
      unix domain sockets are much lower overhead than connecting over local
      IP addresses).
      
      Signed-off-by: default avatarGeoff Thorpe <geoff@openssl.org>
      a9351320
  9. May 08, 2014
  10. May 07, 2014
  11. May 06, 2014