- Nov 01, 2013
-
-
Piotr Sikora authored
Don't require a public key in tls1_set_ec_id if compression status is not needed. This fixes a bug where SSL_OP_SINGLE_ECDH_USE wouldn't work.
-
Dr. Stephen Henson authored
Add -ecdh_single option to set SSL_OP_SINGLE_ECDH_USE on the command line.
-
- Oct 30, 2013
-
-
Robin Seggelmann authored
PR: 2809 DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with SCTP-AUTH. It is checked if this has been activated successfully for the local and remote peer. Due to a bug, however, the gauth_number_of_chunks field of the authchunks struct is missing on FreeBSD, and was therefore not considered in the OpenSSL implementation. This patch sets the corresponding pointer for the check correctly whether or not this bug is present.
-
Robin Seggelmann authored
PR: 2808 With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and FORWARD-TSN chunks. The key for this extension is derived from the master secret and changed with the next ChangeCipherSpec, whenever a new key has been negotiated. The following Finished then already uses the new key. Unfortunately, the ChangeCipherSpec and Finished are part of the same flight as the ClientKeyExchange, which is necessary for the computation of the new secret. Hence, these messages are sent immediately following each other, leaving the server very little time to compute the new secret and pass it to SCTP before the finished arrives. So the Finished is likely to be discarded by SCTP and a retransmission becomes necessary. To prevent this issue, the Finished of the client is still sent with the old key.
-
- Oct 21, 2013
-
-
Ben Laurie authored
-
- Oct 20, 2013
-
-
Nick Mathewson authored
-
Nick Mathewson authored
Instead, send random bytes, unless SSL_SEND_{CLIENT,SERVER}RANDOM_MODE is set. This is a forward-port of commits: 4af79303 f4c93b46 3da721da 25832701 While the gmt_unix_time record was added in an ostensible attempt to mitigate the dangers of a bad RNG, its presence leaks the host's view of the current time in the clear. This minor leak can help fingerprint TLS instances across networks and protocols... and what's worse, it's doubtful thet the gmt_unix_time record does any good at all for its intended purpose, since: * It's quite possible to open two TLS connections in one second. * If the PRNG output is prone to repeat itself, ephemeral handshakes (and who knows what else besides) are broken.
-
Steve Marquess authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Removing RSA+MD5 from the default signature algorithm list prevents its use by default. If a broken implementation attempts to use RSA+MD5 anyway the sanity checking of signature algorithms will cause a fatal alert. (cherry picked from commit 77a0f740d00ecf8f6b01c0685a2f858c3f65a3dd)
-
Ben Laurie authored
-
- Oct 15, 2013
-
-
Andy Polyakov authored
Suggested by: Anton Blanchard (cherry picked from commit 76c15d79)
-
Dr. Stephen Henson authored
(cherry picked from commit 6699cb84)
-
Dr. Stephen Henson authored
(cherry picked from commit f6983769c1bcd6c3c6b6bbfbbc41848f6dccf127)
-
Dr. Stephen Henson authored
(cherry picked from commit 8ba2d4ed7f128e400693562efd35985068c45e4d)
-
Dr. Stephen Henson authored
(cherry picked from commit 695e8c36528f9c3275f5f56e9633ac6a0c11f2e3)
-
- Oct 14, 2013
-
-
Andy Polyakov authored
Includes multiple updates: AES module to comply with more ABI flavors, SHA512 for PPC32, .size directives.
-
Andy Polyakov authored
PR: 3110 Submitted by Corinna Vinschen. (cherry picked from commit b3ef742c)
-
- Oct 13, 2013
-
-
Andy Polyakov authored
(cherry picked from commit 039081b8)
-
Andy Polyakov authored
Latest MIPS ISA specification declared 'branch likely' instructions obsolete. To makes code future-proof replace them with equivalent. (cherry picked from commit 0c2adb0a)
-
- Oct 12, 2013
-
-
Andy Polyakov authored
Performance improvement and Windows-specific bugfix (PR#3139).
-
- Oct 10, 2013
-
-
Andy Polyakov authored
(cherry picked from commit fa104be3)
-
- Oct 07, 2013
-
-
Ben Laurie authored
-
- Oct 05, 2013
-
-
Ben Laurie authored
-
Andy Polyakov authored
Submitted by: Yuriy Kaminskiy (cherry picked from commit 524b00c0)
-
Andy Polyakov authored
PR: 3130 (cherry picked from commit 6b2cae0c)
-
- Oct 04, 2013
-
-
Ben Laurie authored
-
Ben Laurie authored
-
Ben Laurie authored
-
- Oct 03, 2013
-
-
Ben Laurie authored
-
Andy Polyakov authored
Submitted by: Yuriy Kaminskiy (cherry picked from commit 524b00c0)
-
Andy Polyakov authored
PR: 3130 (cherry picked from commit 6b2cae0c)
-
- Oct 01, 2013
-
-
Adam Langley authored
Add tests for AEAD functions: AES-128-GCM, AES-256-GCM and ChaCha20+Poly1305.
-
Adam Langley authored
Add support for Chacha20 + Poly1305.
-
Adam Langley authored
Switches AES-GCM ciphersuites to use AEAD interfaces.
-
Adam Langley authored
This change allows AEADs to be used in ssl/ to implement SSL/TLS ciphersuites.
-
Adam Langley authored
This change adds an AEAD interface to EVP and an AES-GCM implementation suitable for use in TLS.
-
Adam Langley authored
The previous version of the function made adding AEAD changes very difficult. This change should be a semantic no-op - it should be purely a cleanup.
-
Ben Laurie authored
-
Dr. Stephen Henson authored
(cherry picked from commit dfcb42c6)
-