- Nov 08, 2013
-
-
Andy Polyakov authored
Original definition depended on __LONG_MAX__ that is not guaranteed to be present. As we don't support platforms with int narrower that 32 bits it's appropriate to make defition inconditional. PR: 3165 (cherry picked from commit 96180cac)
-
Andy Polyakov authored
PR: 3165 (cherry picked from commit d24d1d7d)
-
- Nov 06, 2013
-
-
Dr. Stephen Henson authored
Enable PSK ciphersuites with AES or DES3 in FIPS mode. (cherry picked from commit e0ffd129)
-
Dr. Stephen Henson authored
(cherry picked from commit a4947e4e)
-
- Nov 03, 2013
-
-
Ben Laurie authored
<christian@python.org>.
-
- Nov 01, 2013
-
-
Robin Seggelmann authored
PR: 2808 With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and FORWARD-TSN chunks. The key for this extension is derived from the master secret and changed with the next ChangeCipherSpec, whenever a new key has been negotiated. The following Finished then already uses the new key. Unfortunately, the ChangeCipherSpec and Finished are part of the same flight as the ClientKeyExchange, which is necessary for the computation of the new secret. Hence, these messages are sent immediately following each other, leaving the server very little time to compute the new secret and pass it to SCTP before the finished arrives. So the Finished is likely to be discarded by SCTP and a retransmission becomes necessary. To prevent this issue, the Finished of the client is still sent with the old key. (cherry picked from commit 9fb523ad) (cherry picked from commit b9ef52b0)
-
Robin Seggelmann authored
PR: 2809 DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with SCTP-AUTH. It is checked if this has been activated successfully for the local and remote peer. Due to a bug, however, the gauth_number_of_chunks field of the authchunks struct is missing on FreeBSD, and was therefore not considered in the OpenSSL implementation. This patch sets the corresponding pointer for the check correctly whether or not this bug is present. (cherry picked from commit f596e3c4) (cherry picked from commit b8140811)
-
- Oct 20, 2013
-
-
Nick Mathewson authored
-
Dr. Stephen Henson authored
Since the TLS 1.2 supported signature algorithms extension is less sophisticaed in OpenSSL 1.0.1 this has to be done in two stages. RSA+MD5 is removed from supported signature algorithms extension: any compliant implementation should never use RSA+MD5 as a result. To cover the case of a broken implementation using RSA+MD5 anyway disable lookup of MD5 algorithm in TLS 1.2.
-
- Oct 19, 2013
-
-
Ben Laurie authored
-
Ben Laurie authored
-
-
- Oct 13, 2013
-
-
Andy Polyakov authored
Latest MIPS ISA specification declared 'branch likely' instructions obsolete. To makes code future-proof replace them with equivalent. (cherry picked from commit 0c2adb0a)
-
- Oct 12, 2013
-
-
Andy Polyakov authored
Performance improvement and Windows-specific bugfix (PR#3139). (cherry picked from commit 9ed6fba2)
-
- Oct 09, 2013
-
-
Nick Mathewson authored
(I'd rather use an option, but it appears that the options field is full.) Now, we send the time in the gmt_unix_time field if the appropriate one of these mode options is set, but randomize the field if the flag is not set.
-
Nick Mathewson authored
I'll be using this to make an option for randomizing the time.
-
- Oct 03, 2013
-
-
Andy Polyakov authored
Submitted by: Yuriy Kaminskiy (cherry picked from commit 524b00c0) Resolved conflicts: crypto/evp/e_des3.c
-
- Oct 01, 2013
-
-
Ben Laurie authored
-
- Sep 30, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit 415ece73)
-
- Sep 22, 2013
-
-
Dr. Stephen Henson authored
Return an error if an attempt is made to enable the Dual EC DRBG: it is not used by default.
-
Dr. Stephen Henson authored
-
- Sep 16, 2013
-
-
Nick Mathewson authored
Instead, send random bytes.
-
Nick Mathewson authored
Instead, send random bytes. While the gmt_unix_time record was added in an ostensible attempt to mitigate the dangers of a bad RNG, its presence leaks the host's view of the current time in the clear. This minor leak can help fingerprint TLS instances across networks and protocols... and what's worse, it's doubtful thet the gmt_unix_time record does any good at all for its intended purpose, since: * It's quite possible to open two TLS connections in one second. * If the PRNG output is prone to repeat itself, ephemeral * handshakes (and who knows what else besides) are broken.
-
Rob Stradling authored
-
Rob Stradling authored
-
Rob Stradling authored
-
Rob Stradling authored
-
Rob Stradling authored
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
-
Ben Laurie authored
-
Andy Polyakov authored
-
Andy Polyakov authored
previous cbc128.c commit].
-
Andy Polyakov authored
-
Bodo Moeller authored
-
Bodo Moeller authored
- EC_GROUP_cmp shouldn't consider curves equal just because the curve name is the same. (They really *should* be the same in this case, but there's an EC_GROUP_set_curve_name API, which could be misused.) - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates equality (not an error). Reported by: king cope (cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
-
- Sep 15, 2013
-
-
Andy Polyakov authored
PR: 3125 Submitted by: Kyle McMartin (cherry picked from commit 8e52a906)
-
- Aug 20, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit 3a918ea2bbf4175d9461f81be1403d3781b2c0dc)
-
- Aug 13, 2013
-
-
Michael Tuexen authored
This fix ensures that * A HelloRequest is retransmitted if not responded by a ClientHello * The HelloRequest "consumes" the sequence number 0. The subsequent ServerHello uses the sequence number 1. * The client also expects the sequence number of the ServerHello to be 1 if a HelloRequest was received earlier. This patch fixes the RFC violation. (cherry picked from commit b62f4daa)
-
- Aug 08, 2013
-
-
Michael Tuexen authored
Reported by: Prashant Jaikumar <rmstar@gmail.com> Fix handling of application data received before a handshake. (cherry picked from commit 0c75eeac)
-
- Aug 06, 2013
-
-
Dr. Stephen Henson authored
PR #3090 Reported by: Franck Youssef <fry@open.ch> If no new reason codes are obtained after checking a CRL exit with an error to avoid repeatedly checking the same CRL. This will only happen if verify errors such as invalid CRL scope are overridden in a callback. (cherry picked from commit 4b26645c)
-
Kaspar Brand authored
PR: 3028 Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys correctly if they appeared first. (cherry picked from commit 5ae8d6bc)
-