- Oct 28, 2014
-
-
Emilia Kasper authored
Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Reviewed-by: Bodo Moeller <bodo@openssl.org>
-
- Oct 27, 2014
-
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Geoff Thorpe <geoff@openssl.org>
-
- Oct 24, 2014
-
-
Dr. Stephen Henson authored
SSL_set_SSL_CTX is used to change the SSL_CTX for SNI, keep the supported signature algorithms and raw cipherlist. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Oct 23, 2014
-
-
Andy Polyakov authored
Facilitate switch to custom scatter-gather routines. This modification does not change algorithms, only makes it possible to implement alternative. This is achieved by a) moving precompute table to assembly (perlasm parses ecp_nistz256_table.c and is free to rearrange data to match gathering algorithm); b) adhering to explicit scatter subroutine (which for now is simply a memcpy). First implementations that will use this option are 32-bit assembly implementations, ARMv4 and x86, where equivalent of current read-whole-table-select-single-value algorithm is too time-consuming. [On side note, switching to scatter-gather on x86_64 would allow to improve server-side ECDSA performance by ~5%]. Reviewed-by: Bodo Moeller <bodo@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Steve Marquess <marquess@openssl.org>
-
- Oct 22, 2014
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Oct 21, 2014
-
-
Bodo Moeller authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Bodo Moeller authored
listed after TLS_FALLBACK_SCSV. RT: 3575 Reviewed-by: Emilia Kasper <emilia@openssl.org>
-
Kurt Roeckx authored
When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set the method to NULL. We didn't used to do that, and it breaks things. This is a regression introduced in 62f45cc2 . Keep the old method since the code is not able to deal with a NULL method at this time. CVE-2014-3569, PR#3571 Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Oct 20, 2014
-
-
Tim Hudson authored
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
-
- Oct 17, 2014
-
-
Kurt Cancemi authored
Reviewed-by: Ben Laurie <ben@openssl.org>
-
- Oct 15, 2014
-
-
Tim Hudson authored
so the Win32 compile picks it up correctly. Reviewed-by: Richard Levitte <levitte@openssl.org> Conflicts: crypto/Makefile
-
Richard Levitte authored
The different -I compiler parameters will take care of the rest... Reviewed-by: Tim Hudson <tjh@openssl.org> Conflicts: crypto/evp/evp_enc.c crypto/rsa/rsa_oaep.c crypto/rsa/rsa_pk1.c
-
Matt Caswell authored
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Bodo Möller <bodo@openssl.org>
-
Geoff Thorpe authored
CVE-2014-3568 Reviewed-by: Emilia Kasper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
CVE-2014-3567 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
Matt Caswell authored
Related to CVE-2014-3513 This fix was developed by the OpenSSL Team Reviewed-by: Tim Hudson <tjh@openssl.org> Conflicts: util/mkdef.pl util/ssleay.num
-
Matt Caswell authored
CVE-2014-3513 This issue was reported to OpenSSL on 26th September 2014, based on an original issue and patch developed by the LibreSSL project. Further analysis of the issue was performed by the OpenSSL team. The fix was developed by the OpenSSL team. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Bodo Moeller authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
RT: 3553 Reviewed-by: Emilia Kasper <emilia@openssl.org>
-
Bodo Moeller authored
handling out of #ifndef OPENSSL_NO_DTLS1 section. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Bodo Moeller authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
- Oct 11, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- Oct 10, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Oct 06, 2014
-
-
Matt Caswell authored
Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also remove duplicate definition of PKCS7_type_is_digest. PR#3551 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Ben Laurie authored
Reviewed-by: Geoffrey Thorpe <geoff@geoffthorpe.net>
-
- Oct 03, 2014
-
-
Rich Salz authored
If data is NULL, return the size needed to hold the derived key. No other API to do this, so document the behavior. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Oct 02, 2014
-
-
Bodo Moeller authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Oct 01, 2014
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Sep 30, 2014
-
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
-
Andy Polyakov authored
RT: 3541 Reviewed-by: Emilia Kasper <emilia@openssl.org>
-
- Sep 29, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-