Revision f7fe3d235abf201343c20a59f9d9c8957acc62ff authored by Dr. Stephen Henson on 23 October 2014, 19:36:17 UTC, committed by Matt Caswell on 08 January 2015, 14:14:56 UTC
Fix to prevent use of DH client certificates without sending certificate verify message. If we've used a client certificate to generate the premaster secret ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is never called. We can only skip the certificate verify message in ssl3_get_cert_verify if the client didn't send a certificate. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2015-0205 Reviewed-by: Matt Caswell <matt@openssl.org>
1 parent b2688c9
trsa
#!/bin/sh
if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
echo skipping rsa conversion test
exit 0
fi
cmd='../util/shlib_wrap.sh ../apps/openssl rsa'
if [ "$1"x != "x" ]; then
t=$1
else
t=testrsa.pem
fi
echo testing rsa conversions
cp $t fff.p
echo "p -> d"
$cmd -in fff.p -inform p -outform d >f.d
if [ $? != 0 ]; then exit 1; fi
#echo "p -> t"
#$cmd -in fff.p -inform p -outform t >f.t
#if [ $? != 0 ]; then exit 1; fi
echo "p -> p"
$cmd -in fff.p -inform p -outform p >f.p
if [ $? != 0 ]; then exit 1; fi
echo "d -> d"
$cmd -in f.d -inform d -outform d >ff.d1
if [ $? != 0 ]; then exit 1; fi
#echo "t -> d"
#$cmd -in f.t -inform t -outform d >ff.d2
#if [ $? != 0 ]; then exit 1; fi
echo "p -> d"
$cmd -in f.p -inform p -outform d >ff.d3
if [ $? != 0 ]; then exit 1; fi
#echo "d -> t"
#$cmd -in f.d -inform d -outform t >ff.t1
#if [ $? != 0 ]; then exit 1; fi
#echo "t -> t"
#$cmd -in f.t -inform t -outform t >ff.t2
#if [ $? != 0 ]; then exit 1; fi
#echo "p -> t"
#$cmd -in f.p -inform p -outform t >ff.t3
#if [ $? != 0 ]; then exit 1; fi
echo "d -> p"
$cmd -in f.d -inform d -outform p >ff.p1
if [ $? != 0 ]; then exit 1; fi
#echo "t -> p"
#$cmd -in f.t -inform t -outform p >ff.p2
#if [ $? != 0 ]; then exit 1; fi
echo "p -> p"
$cmd -in f.p -inform p -outform p >ff.p3
if [ $? != 0 ]; then exit 1; fi
cmp fff.p f.p
if [ $? != 0 ]; then exit 1; fi
cmp fff.p ff.p1
if [ $? != 0 ]; then exit 1; fi
#cmp fff.p ff.p2
#if [ $? != 0 ]; then exit 1; fi
cmp fff.p ff.p3
if [ $? != 0 ]; then exit 1; fi
#cmp f.t ff.t1
#if [ $? != 0 ]; then exit 1; fi
#cmp f.t ff.t2
#if [ $? != 0 ]; then exit 1; fi
#cmp f.t ff.t3
#if [ $? != 0 ]; then exit 1; fi
cmp f.p ff.p1
if [ $? != 0 ]; then exit 1; fi
#cmp f.p ff.p2
#if [ $? != 0 ]; then exit 1; fi
cmp f.p ff.p3
if [ $? != 0 ]; then exit 1; fi
/bin/rm -f f.* ff.* fff.*
exit 0

Computing file changes ...