- 17 8月, 2015 2 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Rich Salz 提交于
Best hope of keeping current. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 15 8月, 2015 4 次提交
-
-
由 Matt Caswell 提交于
Process CertificateRequest messages using the PACKET API Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Use the new PACKET code to process the CKE message Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
Process NewSessionTicket messages using the new PACKET API Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Commit 9ceb2426 (PACKETise ClientHello) broke session tickets by failing to detect the session ticket extension in an incoming ClientHello. This commit fixes the bug. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 14 8月, 2015 14 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Clarify and update documention for extra chain certificates. PR#3878. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
- select an actual file handle for devnull - do not declare $msgdata twice - SKE records sometimes seem to come without sig - in SKE parsing, use and use $pub_key_len when parsing $pub_key Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
Process the Certificate Status message using the PACKET API Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
Enhance the PACKET code readability, and fix a stale comment. Thanks to Ben Kaduk (bkaduk@akamai.com) for pointing this out. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Matt Caswell 提交于
The new ClientHello PACKET code is missing a return value check. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
由 Ismo Puustinen 提交于
Part of RT 3997 Per Ben, just jump to common exit code. Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 13 8月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Use the PACKET API to process an incoming server Certificate message. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 12 8月, 2015 16 次提交
-
-
由 Dr. Stephen Henson 提交于
PR#3974 PR#3975 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
This was obsolete in 2001. This is not the same as Gost94 digest. Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
When config'd with "sctp" running "make test" causes a seg fault. This is actually due to the way ssltest works - it dives under the covers and frees up BIOs manually and so some BIOs are NULL when the SCTP code does not expect it. The simplest fix is just to add some sanity checks to make sure the BIOs aren't NULL before we use them. This problem occurs in master and 1.0.2. The fix has also been applied to 1.0.1 to keep the code in sync. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
There are some missing return value checks in the SCTP code. In master this was causing a compilation failure when config'd with "--strict-warnings sctp". Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Run a "make update" for the OSSLTest Engine changes Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Richard Levitte 提交于
Use a dynamic engine for ossltest engine so that we can build it without subsequently deploying it during install. We do not want people accidentally using this engine. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
When using an anon DH ciphersuite a client should reject a 0 value for p. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Add ServerHello parsing to TLSProxy. Also add some (very) limited ServerKeyExchange parsing. Add the capability to set client and server cipher lists Fix a bug with fragment lengths Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Two tests are added: one is a simple version tolerance test; the second is a test to ensure that OpenSSL operates correctly in the case of a zero length extensions block. The latter was broken inadvertently (now fixed) and it would have been helpful to have a test case for it. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
This commit provides a set of perl modules that support the testing of libssl. The test harness operates as a man-in-the-middle proxy between s_server and s_client. Both s_server and s_client must be started using the "-testmode" option which loads the new OSSLTEST engine. The test harness enables scripts to be written that can examine the packets sent during a handshake, as well as (potentially) modifying them so that otherwise illegal handshake messages can be sent. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
This engine is for testing purposes only. It provides crippled crypto implementations and therefore must not be used in any instance where security is required. This will be used by the forthcoming libssl test harness which will operate as a man-in-the-middle proxy. The test harness will be able to modify TLS packets and read their contents. By using this test engine packets are not encrypted and MAC codes always verify. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
The function BN_MONT_CTX_set was assuming that the modulus was non-zero and therefore that |mod->top| > 0. In an error situation that may not be the case and could cause a seg fault. This is a follow on from CVE-2015-1794. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Guy Leaver (guleaver) 提交于
If a client receives a ServerKeyExchange for an anon DH ciphersuite with the value of p set to 0 then a seg fault can occur. This commits adds a test to reject p, g and pub key parameters that have a 0 value (in accordance with RFC 5246) The security vulnerability only affects master and 1.0.2, but the fix is additionally applied to 1.0.1 for additional confidence. CVE-2015-1794 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Matt Caswell 提交于
make errors wants things in a different order to the way things are currently defined in the header files. The easiest fix is to just let it reorder it. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 11 8月, 2015 3 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Especially since after the #ifdef cleanups this is not useful. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
-