Skip to content
  1. Nov 11, 2013
  2. Nov 10, 2013
  3. Nov 09, 2013
  4. Nov 08, 2013
  5. Nov 06, 2013
  6. Nov 03, 2013
  7. Nov 02, 2013
  8. Nov 01, 2013
    • Robin Seggelmann's avatar
      DTLS/SCTP struct authchunks Bug · b8140811
      Robin Seggelmann authored
      PR: 2809
      
      DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with
      SCTP-AUTH.  It is checked if this has been activated successfully for
      the local and remote peer. Due to a bug, however, the
      gauth_number_of_chunks field of the authchunks struct is missing on
      FreeBSD, and was therefore not considered in the OpenSSL implementation.
      This patch sets the corresponding pointer for the check correctly
      whether or not this bug is present.
      (cherry picked from commit f596e3c491035fe80db5fc0c3ff6b647662b0003)
      b8140811
    • Robin Seggelmann's avatar
      DTLS/SCTP Finished Auth Bug · b9ef52b0
      Robin Seggelmann authored
      PR: 2808
      
      With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and
      FORWARD-TSN chunks. The key for this extension is derived from the
      master secret and changed with the next ChangeCipherSpec, whenever a new
      key has been negotiated. The following Finished then already uses the
      new key.  Unfortunately, the ChangeCipherSpec and Finished are part of
      the same flight as the ClientKeyExchange, which is necessary for the
      computation of the new secret. Hence, these messages are sent
      immediately following each other, leaving the server very little time to
      compute the new secret and pass it to SCTP before the finished arrives.
      So the Finished is likely to be discarded by SCTP and a retransmission
      becomes necessary. To prevent this issue, the Finished of the client is
      still sent with the old key.
      (cherry picked from commit 9fb523ad)
      b9ef52b0
    • Piotr Sikora's avatar
      Fix SSL_OP_SINGLE_ECDH_USE · 29b490a4
      Piotr Sikora authored
      Don't require a public key in tls1_set_ec_id if compression status is
      not needed. This fixes a bug where SSL_OP_SINGLE_ECDH_USE wouldn't work.
      (cherry picked from commit 5ff68e8f6dac3b0d8997b8bc379f9111c2bab74f)
      29b490a4
    • Dr. Stephen Henson's avatar
      Add -ecdh_single option. · a9bc1af9
      Dr. Stephen Henson authored
      Add -ecdh_single option to set SSL_OP_SINGLE_ECDH_USE on the command line.
      (cherry picked from commit f14a4a86)
      a9bc1af9
    • Dr. Stephen Henson's avatar
      Fix warning. · 96e16bdd
      Dr. Stephen Henson authored
      96e16bdd
    • Dr. Stephen Henson's avatar
      Fix warning. · 3f9b187b
      Dr. Stephen Henson authored
      3f9b187b
  9. Oct 31, 2013
  10. Oct 28, 2013
  11. Oct 25, 2013
  12. Oct 22, 2013
  13. Oct 21, 2013
    • Dr. Stephen Henson's avatar
      Constification. · 27f3b65f
      Dr. Stephen Henson authored
      27f3b65f
    • Dr. Stephen Henson's avatar
      Update demos/bio/README · ea131a06
      Dr. Stephen Henson authored
      ea131a06
    • Ben Laurie's avatar
      Remove unused variable. · 9f944107
      Ben Laurie authored
      9f944107
    • Nick Mathewson's avatar
      2927791d
    • Nick Mathewson's avatar
      Do not include a timestamp in the Client/ServerHello Random field. · 2016265d
      Nick Mathewson authored
      Instead, send random bytes, unless SSL_SEND_{CLIENT,SERVER}RANDOM_MODE
      is set.
      
      This is a forward-port of commits:
        4af793036f6ef4f0a1078e5d7155426a98d50e37
        f4c93b46edb51da71f09eda99e83eaf193a33c08
        3da721dac9382c48812c8eba455528fd59af2eef
        2583270191a8b27eed303c03ece1da97b9b69fd3
      
      While the gmt_unix_time record was added in an ostensible attempt to
      mitigate the dangers of a bad RNG, its presence leaks the host's view
      of the current time in the clear.  This minor leak can help
      fingerprint TLS instances across networks and protocols... and what's
      worse, it's doubtful thet the gmt_unix_time record does any good at
      all for its intended purpose, since:
      
          * It's quite possible to open two TLS connections in one second.
      
          * If the PRNG output is prone to repeat itself, ephemeral
            handshakes (and who knows what else besides) are broken.
      2016265d
  14. Oct 20, 2013