- Nov 27, 2014
-
-
Matt Caswell authored
Minor changes made by Matt Caswell. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 34890ac1)
-
Matt Caswell authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit f6720383)
-
- Nov 26, 2014
-
-
Matt Caswell authored
PR#3608 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 8a35dbb6)
-
- Nov 25, 2014
-
-
Matt Caswell authored
PR#3574 Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 3a076588)
-
- Nov 20, 2014
-
-
David Benjamin authored
the session's version (server). See also BoringSSL's commit bdf5e72f50e25f0e45e825c156168766d8442dde. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 9e189b9d)
-
Emilia Kasper authored
once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. (Because the first CCS would latch the correct keys and subsequent CCS messages would have to be encrypted, a MitM attacker cannot exploit this, though.) Thanks to Joeri de Ruiter for reporting this issue. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit e94a6c0e) Conflicts: CHANGES ssl/s3_srvr.c
-
Emilia Kasper authored
The server must send a NewSessionTicket message if it advertised one in the ServerHello, so make a missing ticket message an alert in the client. An equivalent change was independently made in BoringSSL, see commit 6444287806d801b9a45baf1f6f02a0e3a16e144c. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit de2c7504) Conflicts: CHANGES
-
Emilia Kasper authored
The client sends a session ID with the session ticket, and uses the returned ID to detect resumption, so we do not need to peek at handshake messages: s->hit tells us explicitly if we're resuming. An equivalent change was independently made in BoringSSL, see commit 407886f589cf2dbaed82db0a44173036c3bc3317. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 980bc1ec) Conflicts: ssl/d1_clnt.c ssl/s3_clnt.c
-
Emilia Kasper authored
The same change was independently made in BoringSSL, see commit 9eaeef81fa2d4fd6246dc02b6203fa936a5eaf67 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 7b3ba508)
-
Emilia Kasper authored
This ensures that it's zeroed even if the SSL object is reused (as in ssltest.c). It also ensures that it applies to DTLS, too. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit a06cd5d0)
-
- Nov 19, 2014
-
-
Dr. Stephen Henson authored
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3 options for s_client/s_server/ssltest. When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3 options. We should document this somewhere, e.g. wiki, FAQ or manual page. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 3881d810) Conflicts: util/mkdef.pl
-
- Nov 18, 2014
-
-
Matt Caswell authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Nov 17, 2014
-
-
Jan Hykel authored
Don't attempt to access msg structure if recvmsg returns an error. PR#3483 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 012aa9ec)
-
- Nov 13, 2014
-
-
Dr. Stephen Henson authored
If the hash or public key algorithm is "undef" the signature type will receive special handling and shouldn't be included in the cross reference table. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 55f7fb88)
-
- Nov 12, 2014
-
-
Alok Menghrajani authored
Out is the buffer which needs to contain at least inl + cipher_block_size - 1 bytes. Outl is just an int*. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 5211e094)
-
Michal Bozon authored
PR#3535 Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit e04d426b)
-
- Nov 11, 2014
-
-
Kurt Roeckx authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Nov 10, 2014
-
-
Russell Coker authored
This doesn't really fix the datarace but changes it so it can only happens once. This isn't really a problem since we always just set it to the same value. We now just stop writing it after the first time. PR3584, https://bugs.debian.org/534534 Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Oct 29, 2014
-
-
Andy Polyakov authored
Reviewed-by: Stephen Henson <steve@openssl.org> (cherry picked from commit d45282fc)
-
- Oct 28, 2014
-
-
Samuel Neves authored
Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Emilia Kasper authored
Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Reviewed-by: Bodo Moeller <bodo@openssl.org> (cherry picked from commit d663df23) Conflicts: CHANGES
-
- Oct 27, 2014
-
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Geoff Thorpe <geoff@openssl.org> (cherry picked from commit fd28a41e) Conflicts: ssl/ssltest.c
-
- Oct 21, 2014
-
-
Bodo Moeller authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Bodo Moeller authored
listed after TLS_FALLBACK_SCSV. RT: 3575 Reviewed-by: Emilia Kasper <emilia@openssl.org>
-
Kurt Roeckx authored
When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set the method to NULL. We didn't used to do that, and it breaks things. This is a regression introduced in 62f45cc2 . Keep the old method since the code is not able to deal with a NULL method at this time. CVE-2014-3569, PR#3571 Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 392fa7a9)
-
- Oct 20, 2014
-
-
Tim Hudson authored
Reviewed-by: Geoff Thorpe <geoff@openssl.org> (cherry picked from commit c882abd5)
-
- Oct 17, 2014
-
-
Andy Polyakov authored
Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit 55c7a4cf)
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 40155f40)
-
Kurt Cancemi authored
Reviewed-by: Ben Laurie <ben@openssl.org> (cherry picked from commit 87d388c9)
-
- Oct 15, 2014
-
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Bodo Möller <bodo@openssl.org>
-
Geoff Thorpe authored
CVE-2014-3568 Reviewed-by: Emilia Kasper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
CVE-2014-3567 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 5dc6070a03779cd524f0e67f76c945cb0ac38320)
-
Matt Caswell authored
Related to CVE-2014-3513 This fix was developed by the OpenSSL Team Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
CVE-2014-3513 This issue was reported to OpenSSL on 26th September 2014, based on an origi issue and patch developed by the LibreSSL project. Further analysis of the i was performed by the OpenSSL team. The fix was developed by the OpenSSL team. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Bodo Moeller authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
RT: 3553 Reviewed-by: Emilia Kasper <emilia@openssl.org> (cherry picked from commit 69d5747f)
-