- Sep 29, 2014
-
-
Dr. Stephen Henson authored
Reencode DigestInto in DER and check against the original: this will reject any improperly encoded DigestInfo structures. Note: this is a precautionary measure, there is no known attack which can exploit this. Thanks to Brian Smith for reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 23, 2014
-
-
Emilia Kasper authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit e9128d94)
-
Andy Polyakov authored
Reviewed-by: Bodo Moeller <bodo@openssl.org>
-
- Sep 05, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Aug 15, 2014
-
-
Claus Assmann authored
Fix a bunch of typo's and speling (sic) errors in the CHANGES file. Reviewed-by: Tim Hudson <tjh@cryptsoft.com>
-
- Aug 01, 2014
-
-
Bodo Moeller authored
(If a change is already present in 1.0.1f or 1.0.1h, don't list it again under changes between 1.0.1h and 1.0.2.)
-
Bodo Moeller authored
-
Bodo Moeller authored
(which didn't always handle value 0 correctly). Reviewed-by: <emilia@openssl.org>
-
- Jul 22, 2014
-
-
Andy Polyakov authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Jul 04, 2014
-
-
Dr. Stephen Henson authored
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
-
- Jun 01, 2014
-
-
Ben Laurie authored
Closes #116.
-
- May 23, 2014
-
-
Martin Kaiser authored
Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352
-
- Apr 26, 2014
- Apr 22, 2014
-
-
Ben Laurie authored
-
- Apr 07, 2014
-
-
Dr. Stephen Henson authored
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix (CVE-2014-0160) (cherry picked from commit 96db9023)
-
- Apr 05, 2014
-
-
Dr. Stephen Henson authored
Enable TLS padding extension using official value from: http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
-
- Apr 01, 2014
-
-
Dr. Stephen Henson authored
Add additional check to catch this in ASN1_item_verify too. (cherry picked from commit 66e8211c)
-
- Mar 12, 2014
-
-
Dr. Stephen Henson authored
Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. (cherry picked from commit 2198be34) Conflicts: CHANGES
-
- Jan 03, 2014
-
-
Dr. Stephen Henson authored
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm specific chains instead of the shared chain. Update docs.
-
- Dec 20, 2013
-
-
Dr. Stephen Henson authored
For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. CVE-2013-6450. (cherry picked from commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b)
-
- Dec 13, 2013
-
-
Dr. Stephen Henson authored
Fix padding calculation for different SSL_METHOD types. Use the standard name as used in draft-agl-tls-padding-02
-
- Nov 06, 2013
-
-
Dr. Stephen Henson authored
Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS Client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512. To enable it use an unused extension number (for example 0x4242) using e.g. -DTLSEXT_TYPE_wtf=0x4242 WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
-
- Oct 22, 2013
-
-
Dr. Stephen Henson authored
-
- Sep 18, 2013
-
-
Dr. Stephen Henson authored
Add various functions to allocate and set the fields of an ECDSA_METHOD structure.
-
- Sep 17, 2013
-
-
Bodo Moeller authored
(This went into 1.0.2 too, so it's not actually a change between 1.0.x and 1.1.0.)
-
Bodo Moeller authored
the main branch (http://cvs.openssl.org/chngview?cn=19322) later added to the 1.0.2 branch (http://cvs.openssl.org/chngview?cn=23113), and thus not a change "between 1.0.2 and 1.1.0".
-
- Sep 16, 2013
-
-
Bodo Moeller authored
(Various changes from the master branch are now in the 1.0.2 branch too.)
-
- Sep 13, 2013
-
-
Rob Stradling authored
-
- Sep 08, 2013
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt To enable it set the appropriate extension number (0x10 for the test server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10 For non-compliant peers (i.e. just about everything) this should have no effect.
-
- Sep 06, 2013
-
-
Scott Deboy authored
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
-
- Sep 05, 2013
-
-
- Jul 17, 2013
-
-
Dr. Stephen Henson authored
Add support for key wrap algorithms via EVP interface. Generalise AES wrap algorithm and add to modes, making existing AES wrap algorithm a special case. Move test code to evptests.txt
-
- Jul 04, 2013
-
-
Jeff Walton authored
-
- Jun 21, 2013
-
-
Dr. Stephen Henson authored
-
- Jun 12, 2013
-
-
Dr. Stephen Henson authored
Extend OAEP support. Generalise the OAEP padding functions to support arbitrary digests. Extend EVP_PKEY RSA method to handle the new OAEP padding functions and add ctrls to set the additional parameters.
-
Trevor authored
Contributed by Trevor Perrin.
-
- Apr 09, 2013
-
-
Dr. Stephen Henson authored
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
-
- Dec 19, 2012
-
-
Dr. Stephen Henson authored
-