- Nov 20, 2014
-
-
David Benjamin authored
the session's version (server). See also BoringSSL's commit bdf5e72f50e25f0e45e825c156168766d8442dde. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. (Because the first CCS would latch the correct keys and subsequent CCS messages would have to be encrypted, a MitM attacker cannot exploit this, though.) Thanks to Joeri de Ruiter for reporting this issue. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
The server must send a NewSessionTicket message if it advertised one in the ServerHello, so make a missing ticket message an alert in the client. An equivalent change was independently made in BoringSSL, see commit 6444287806d801b9a45baf1f6f02a0e3a16e144c. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Oct 28, 2014
-
-
Emilia Kasper authored
Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Reviewed-by: Bodo Moeller <bodo@openssl.org>
-
- Oct 27, 2014
-
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Oct 22, 2014
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Oct 15, 2014
-
-
Matt Caswell authored
Reviewed-by: Bodo Möller <bodo@openssl.org>
-
Bodo Moeller authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
- Oct 02, 2014
-
-
Bodo Moeller authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Sep 29, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reencode DigestInto in DER and check against the original: this will reject any improperly encoded DigestInfo structures. Note: this is a precautionary measure, there is no known attack which can exploit this. Thanks to Brian Smith for reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 23, 2014
-
-
Emilia Kasper authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit e9128d94)
-
Andy Polyakov authored
Reviewed-by: Bodo Moeller <bodo@openssl.org>
-
- Sep 05, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Aug 15, 2014
-
-
Claus Assmann authored
Fix a bunch of typo's and speling (sic) errors in the CHANGES file. Reviewed-by: Tim Hudson <tjh@cryptsoft.com>
-
- Aug 01, 2014
-
-
Bodo Moeller authored
(If a change is already present in 1.0.1f or 1.0.1h, don't list it again under changes between 1.0.1h and 1.0.2.)
-
Bodo Moeller authored
-
Bodo Moeller authored
(which didn't always handle value 0 correctly). Reviewed-by: <emilia@openssl.org>
-
- Jul 22, 2014
-
-
Andy Polyakov authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Jul 04, 2014
-
-
Dr. Stephen Henson authored
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
-
- Jun 01, 2014
-
-
Ben Laurie authored
Closes #116.
-
- May 23, 2014
-
-
Martin Kaiser authored
Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352
-
- Apr 26, 2014
- Apr 22, 2014
-
-
Ben Laurie authored
-
- Apr 07, 2014
-
-
Dr. Stephen Henson authored
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix (CVE-2014-0160) (cherry picked from commit 96db9023)
-
- Apr 05, 2014
-
-
Dr. Stephen Henson authored
Enable TLS padding extension using official value from: http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
-
- Apr 01, 2014
-
-
Dr. Stephen Henson authored
Add additional check to catch this in ASN1_item_verify too. (cherry picked from commit 66e8211c)
-
- Mar 12, 2014
-
-
Dr. Stephen Henson authored
Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. (cherry picked from commit 2198be34) Conflicts: CHANGES
-
- Jan 03, 2014
-
-
Dr. Stephen Henson authored
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm specific chains instead of the shared chain. Update docs.
-
- Dec 20, 2013
-
-
Dr. Stephen Henson authored
For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. CVE-2013-6450. (cherry picked from commit 34628967)
-
- Dec 13, 2013
-
-
Dr. Stephen Henson authored
Fix padding calculation for different SSL_METHOD types. Use the standard name as used in draft-agl-tls-padding-02
-
- Nov 06, 2013
-
-
Dr. Stephen Henson authored
Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS Client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512. To enable it use an unused extension number (for example 0x4242) using e.g. -DTLSEXT_TYPE_wtf=0x4242 WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
-
- Oct 22, 2013
-
-
Dr. Stephen Henson authored
-
- Sep 18, 2013
-
-
Dr. Stephen Henson authored
Add various functions to allocate and set the fields of an ECDSA_METHOD structure.
-
- Sep 17, 2013
-
-
Bodo Moeller authored
(This went into 1.0.2 too, so it's not actually a change between 1.0.x and 1.1.0.)
-
Bodo Moeller authored
the main branch (http://cvs.openssl.org/chngview?cn=19322) later added to the 1.0.2 branch (http://cvs.openssl.org/chngview?cn=23113), and thus not a change "between 1.0.2 and 1.1.0".
-
- Sep 16, 2013
-
-
Bodo Moeller authored
(Various changes from the master branch are now in the 1.0.2 branch too.)
-