Commits · ee4ffd6fccd169775ba74afb1dbfecff48ee413d · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

26 Aug, 2015 1 commit

Fix DTLS session ticket renewal · ee4ffd6f

Matt Caswell authored Aug 13, 2015



A DTLS client will abort a handshake if the server attempts to renew the
session ticket. This is caused by a state machine discrepancy between DTLS
and TLS discovered during the state machine rewrite work.

The bug can be demonstrated as follows:

Start a DTLS s_server instance:
openssl s_server -dtls

Start a client and obtain a session but no ticket:
openssl s_client -dtls -sess_out session.pem -no_ticket

Now start a client reusing the session, but allow a ticket:
openssl s_client -dtls -sess_in session.pem

The client will abort the handshake.

Reviewed-by: Tim Hudson <tjh@openssl.org>

ee4ffd6f

25 Aug, 2015 3 commits

Ignore generated *.S ARM assembly files · d6dfa550

Chris Watts authored Aug 24, 2015



Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

d6dfa550

RT4019: Duplicate -hmac flag in dgst.pod · fe50cd7a

Markus Rinne authored Aug 24, 2015



Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

fe50cd7a

GH372: Remove duplicate flags · 32c5e0ba

Rich Salz authored Aug 24, 2015



Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

32c5e0ba

24 Aug, 2015 5 commits

Small cleanup of crypto.pod · 2c496970

Rich Salz authored Aug 24, 2015



Came up on the mailing list, from Ken Goldman.

Reviewed-by: Tim Hudson <tjh@openssl.org>

2c496970

GH337: Need backslash before leading # · e0d26bb3

Peter Mosmans authored Aug 24, 2015



Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>

e0d26bb3

RT4015: Add missing date to CHANGES · a8471306

janpopan authored Aug 24, 2015



Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>

a8471306

More test cases. · 80eab79d

Dr. Stephen Henson authored Aug 24, 2015



Add DSA tests.

Add tests to verify signatures against public keys. This will also check
that a public key is read in correctly.

Reviewed-by: Ben Laurie <ben@openssl.org>

80eab79d

Add DSA digest length checks. · 9d04f834
Dr. Stephen Henson authored Apr 30, 2015
```
Reviewed-by: Ben Laurie <ben@openssl.org>
```
9d04f834

21 Aug, 2015 1 commit

Fix L<> content in manpages · 9b86974e

Rich Salz authored Aug 17, 2015



L<foo|foo> is sub-optimal  If the xref is the same as the title,
which is what we do, then you only need L<foo>.  This fixes all
1457 occurrences in 349 files.  Approximately.  (And pod used to
need both.)

Reviewed-by: Richard Levitte <levitte@openssl.org>

9b86974e

17 Aug, 2015 5 commits
- Add new types to indent.pro · 3da9505d
  Richard Levitte authored Aug 17, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  3da9505d
- Add new GOST OIDs · 31001f81
  Dmitry Belyavsky authored Aug 17, 2015
```
Add new OIDs for latest GOST updates

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  31001f81
- Restore previous behaviour of only running one algorithm when -evp alg is used. · dfba17b4
  Tim Hudson authored Aug 17, 2015
```
Submitted by: Eric Young <eay@pobox.com>
Reviewed-by: Ben Laurie <ben@openssl.org>
```
  dfba17b4
- restore usage of -elapsed that was disabled in the ifdef reorg · 686e3449
  Tim Hudson authored Aug 17, 2015
```
Reviewed-by: Ben Laurie <ben@openssl.org>
```
  686e3449
- GH345: Remove stderr output · eb647452
  Rich Salz authored Aug 16, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  eb647452
16 Aug, 2015 1 commit

Move FAQ to the web. · 4f46473a

Rich Salz authored Aug 16, 2015



Best hope of keeping current.

Reviewed-by: Tim Hudson <tjh@openssl.org>

4f46473a

14 Aug, 2015 10 commits

PACKETise CertificateRequest · ac112332

Matt Caswell authored Aug 04, 2015



Process CertificateRequest messages using the PACKET API

Reviewed-by: Emilia Käsper <emilia@openssl.org>

ac112332

PACKETise ClientKeyExchange processing · efcdbcbe

Matt Caswell authored Aug 03, 2015



Use the new PACKET code to process the CKE message

Reviewed-by: Stephen Henson <steve@openssl.org>

efcdbcbe

PACKETise NewSessionTicket · 561e12bb

Matt Caswell authored Aug 05, 2015



Process NewSessionTicket messages using the new PACKET API

Reviewed-by: Emilia Käsper <emilia@openssl.org>

561e12bb

Fix session tickets · c83eda8c

Matt Caswell authored Aug 13, 2015

Commit 9ceb2426

 (PACKETise ClientHello) broke session tickets by failing
to detect the session ticket extension in an incoming ClientHello. This
commit fixes the bug.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

c83eda8c

add CCM docs · f8f5f836
Dr. Stephen Henson authored Aug 10, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
f8f5f836
Add CCM ciphersuites from RFC6655 and RFC7251 · 176f85a2
Dr. Stephen Henson authored Jul 31, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
176f85a2
ccm8 support · 3d3701ea
Dr. Stephen Henson authored Jul 31, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
3d3701ea
CCM support. · e75c5a79
Dr. Stephen Henson authored Jul 31, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
e75c5a79

Update docs. · 2fd7fb99

Dr. Stephen Henson authored Jun 17, 2015



Clarify and update documention for extra chain certificates.

PR#3878.

Reviewed-by: Rich Salz <rsalz@openssl.org>

2fd7fb99

Documentation for SSL_check_chain() · 6d5f8265
Dr. Stephen Henson authored Jul 23, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
6d5f8265

13 Aug, 2015 9 commits

for test_sslvertol, add a value to display SSL version < 3 in debug · 00bf5001
Richard Levitte authored Aug 13, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
00bf5001

Fixups in libssl test harness · 4deefd65

Richard Levitte authored Aug 13, 2015



- select an actual file handle for devnull
- do not declare $msgdata twice
- SKE records sometimes seem to come without sig
- in SKE parsing, use and use $pub_key_len when parsing $pub_key

Reviewed-by: Matt Caswell <matt@openssl.org>

4deefd65

Use -I to add to @INC, and use -w to produce warnings · b3a231db
Richard Levitte authored Aug 13, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
b3a231db
Fix FAQ formatting for new website. · f25825c2
Rich Salz authored Aug 13, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
f25825c2

PACKETise Certificate Status message · ac63710a

Matt Caswell authored Aug 05, 2015



Process the Certificate Status message using the PACKET API

Reviewed-by: Emilia Käsper <emilia@openssl.org>

ac63710a

Enhance PACKET readability · bc6616a4

Matt Caswell authored Aug 03, 2015



Enhance the PACKET code readability, and fix a stale comment. Thanks
to Ben Kaduk (bkaduk@akamai.com) for pointing this out.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

bc6616a4

Add missing return check for PACKET_buf_init · f9f60534

Matt Caswell authored Aug 03, 2015



The new ClientHello PACKET code is missing a return value check.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

f9f60534

GH364: Free memory on an error path · cc2829e6

Ismo Puustinen authored Aug 07, 2015



Part of RT 3997
Per Ben, just jump to common exit code.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>

cc2829e6

PACKETise Server Certificate processing · df758a85

Matt Caswell authored Aug 04, 2015



Use the PACKET API to process an incoming server Certificate message.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

df758a85

12 Aug, 2015 3 commits
- Return error for unsupported modes. · 2acdef5e
  Dr. Stephen Henson authored Aug 01, 2015
```
PR#3974
PR#3975

Reviewed-by: Matt Caswell <matt@openssl.org>
```
  2acdef5e
- Fix memory leak if setup fails. · 891eac46
  Dr. Stephen Henson authored Aug 01, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  891eac46
- Err isn't always malloc failure. · a187e08d
  Dr. Stephen Henson authored Aug 01, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  a187e08d
11 Aug, 2015 2 commits

Remove Gost94 signature algorithm. · ade44dcb

Rich Salz authored Aug 04, 2015



This was obsolete in 2001.  This is not the same as Gost94 digest.
Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice.

Reviewed-by: Matt Caswell <matt@openssl.org>

ade44dcb

Fix "make test" seg fault with SCTP enabled · f75d5171

Matt Caswell authored Aug 11, 2015



When config'd with "sctp" running "make test" causes a seg fault. This is
actually due to the way ssltest works - it dives under the covers and frees
up BIOs manually and so some BIOs are NULL when the SCTP code does not
expect it. The simplest fix is just to add some sanity checks to make sure
the BIOs aren't NULL before we use them.

This problem occurs in master and 1.0.2. The fix has also been applied to
1.0.1 to keep the code in sync.

Reviewed-by: Tim Hudson <tjh@openssl.org>

f75d5171