- Mar 28, 2014
-
-
Dr. Stephen Henson authored
Add auto DH parameter support. This is roughly equivalent to the ECDH auto curve selection but for DH. An application can just call SSL_CTX_set_auto_dh(ctx, 1); and appropriate DH parameters will be used based on the size of the server key. Unlike ECDH there is no way a peer can indicate the range of DH parameters it supports. Some peers cannot handle DH keys larger that 1024 bits for example. In this case if you call: SSL_CTX_set_auto_dh(ctx, 2); Only 1024 bit DH parameters will be used. If the server key is 7680 bits or more in size then 8192 bit DH parameters will be used: these will be *very* slow. The old export ciphersuites aren't supported but those are very insecure anyway.
-
Dr. Stephen Henson authored
Add functions to return the "bits of security" for various public key algorithms. Based on SP800-57.
-
- Mar 27, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit bc5ec653ba65fedb1619c8182088497de8a97a70)
-
Dr. Stephen Henson authored
(cherry picked from commit 1f44dac2)
-
Dr. Stephen Henson authored
Don't clear verification errors from the error queue unless SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is set. If errors occur during verification and SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR is set return 2 so applications can issue warnings. (cherry picked from commit 2dd6976f6d02f98b30c376951ac38f780a86b3b5)
-
- Mar 24, 2014
-
-
Emilia Kasper authored
-
- Mar 19, 2014
-
-
Dr. Stephen Henson authored
Some CMS SignedData structure use a signature algorithm OID such as SHA1WithRSA instead of the RSA algorithm OID. Workaround this case by tolerating the signature if we recognise the OID.
-
- Mar 18, 2014
-
-
Piotr Sikora authored
-
- Mar 12, 2014
-
-
Dr. Stephen Henson authored
Use a previously unused value as we will be updating multiple released branches. (cherry picked from commit 0737acd2a8cc688902b5151cab5dc6737b82fb96)
-
Dr. Stephen Henson authored
Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. (cherry picked from commit 2198be34) Conflicts: CHANGES
-
- Mar 10, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Mar 07, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit 7a3e67f029969620966b8a627b8485d83692cca5)
-
Andy Polyakov authored
PR: 3275
-
Andy Polyakov authored
The problem is that OpenSSH calls EVP_Cipher, which is not as protective as EVP_CipherUpdate. Formally speaking we ought to do more checks in *_cipher methods, including rejecting lengths not divisible by block size (unless ciphertext stealing is in place). But for now I implement check for zero length in low-level based on precedent. PR: 3087, 2775
-
- Mar 06, 2014
-
-
Andy Polyakov authored
-
Andy Polyakov authored
Submitted by: Roumen Petrov
-
Andy Polyakov authored
Submitted by: Roumen Petrov
-
- Mar 03, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit bdfc0e284c89dd5781259cc19aa264aded538492)
-
- Mar 01, 2014
-
-
Dr. Stephen Henson authored
Add option to set an alternative to the default hmacWithSHA1 PRF for PKCS#8 private key encryptions. This is used automatically by PKCS8_encrypt if the nid specified is a PRF. Add option to pkcs8 utility. Update docs. (cherry picked from commit b60272b0)
-
Dr. Stephen Henson authored
(cherry picked from commit 124d218889dfca33d277404612f1319afe04107e)
-
Dr. Stephen Henson authored
Although the memory allocated by compression methods is fixed and cannot grow over time it can cause warnings in some leak checking tools. The function SSL_COMP_free_compression_methods() will free and zero the list of supported compression methods. This should *only* be called in a single threaded context when an application is shutting down to avoid interfering with existing contexts attempting to look up compression methods. (cherry picked from commit 976c5830)
-
- Feb 28, 2014
-
-
Andy Polyakov authored
PR: 3271
-
- Feb 27, 2014
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Feb 26, 2014
-
-
Rob Stradling authored
-
Dr. Stephen Henson authored
(cherry picked from commit 3eddd1706a30cdf3dc9278692d8ee9038eac8a0d)
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Feb 25, 2014
-
-
Andy Polyakov authored
PR: 3201
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
(cherry picked from commit 3678161d)
-
Dr. Stephen Henson authored
Not all platforms define BN_ULLONG. Define SCTS_TIMESTAMP as a type which should work on all platforms. (cherry picked from commit 66344167)
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Windows 8 SDKs complain that GetVersion() is deprecated. We only use GetVersion like this: (GetVersion() < 0x80000000) which checks if the Windows version is NT based. Use a macro check_winnt() which uses GetVersion() on older SDK versions and true otherwise.
-
Rob Stradling authored
-