Skip to content
  1. Sep 29, 2014
  2. Sep 23, 2014
  3. Sep 05, 2014
  4. Aug 15, 2014
  5. Aug 01, 2014
  6. Jul 22, 2014
  7. Jul 04, 2014
  8. Jun 01, 2014
  9. May 23, 2014
  10. Apr 26, 2014
  11. Apr 22, 2014
  12. Apr 07, 2014
    • Dr. Stephen Henson's avatar
      Add heartbeat extension bounds check. · 731f4314
      Dr. Stephen Henson authored
      A missing bounds check in the handling of the TLS heartbeat extension
      can be used to reveal up to 64k of memory to a connected client or
      server.
      
      Thanks for Neel Mehta of Google Security for discovering this bug and to
      Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
      preparing the fix (CVE-2014-0160)
      (cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
      731f4314
  13. Apr 05, 2014
  14. Apr 01, 2014
  15. Mar 12, 2014
    • Dr. Stephen Henson's avatar
      Fix for CVE-2014-0076 · f9b6c0ba
      Dr. Stephen Henson authored
      Fix for the attack described in the paper "Recovering OpenSSL
      ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
      by Yuval Yarom and Naomi Benger. Details can be obtained from:
      http://eprint.iacr.org/2014/140
      
      Thanks to Yuval Yarom and Naomi Benger for discovering this
      flaw and to Yuval Yarom for supplying a fix.
      (cherry picked from commit 2198be3483259de374f91e57d247d0fc667aef29)
      
      Conflicts:
      
      	CHANGES
      f9b6c0ba
  16. Jan 03, 2014
  17. Dec 20, 2013
    • Dr. Stephen Henson's avatar
      Fix DTLS retransmission from previous session. · 20b82b51
      Dr. Stephen Henson authored
      For DTLS we might need to retransmit messages from the previous session
      so keep a copy of write context in DTLS retransmission buffers instead
      of replacing it after sending CCS. CVE-2013-6450.
      (cherry picked from commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b)
      20b82b51
  18. Dec 13, 2013
  19. Nov 06, 2013
    • Dr. Stephen Henson's avatar
      Experimental workaround TLS filler (WTF) extension. · 0467ea68
      Dr. Stephen Henson authored
      Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771):
      if the TLS Client Hello record length value would otherwise be > 255 and less
      that 512 pad with a dummy extension containing zeroes so it is at least 512.
      
      To enable it use an unused extension number (for example 0x4242) using
      e.g. -DTLSEXT_TYPE_wtf=0x4242
      
      WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
      0467ea68
  20. Oct 22, 2013
  21. Sep 18, 2013
  22. Sep 17, 2013
  23. Sep 16, 2013
  24. Sep 13, 2013
  25. Sep 08, 2013
  26. Sep 06, 2013
    • Scott Deboy's avatar
      Add callbacks supporting generation and retrieval of supplemental data... · 36086186
      Scott Deboy authored
      Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
      Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
      Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
      Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
      36086186
  27. Sep 05, 2013
  28. Jul 17, 2013
    • Dr. Stephen Henson's avatar
      EVP support for wrapping algorithms. · 97cf1f6c
      Dr. Stephen Henson authored
      Add support for key wrap algorithms via EVP interface.
      
      Generalise AES wrap algorithm and add to modes, making existing
      AES wrap algorithm a special case.
      
      Move test code to evptests.txt
      97cf1f6c
  29. Jul 04, 2013
  30. Jun 21, 2013
  31. Jun 12, 2013
  32. Apr 09, 2013
    • Dr. Stephen Henson's avatar
      Dual DTLS version methods. · c6913eeb
      Dr. Stephen Henson authored
      Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
      pick the highest version the peer supports during negotiation.
      
      As with SSL/TLS options can change this behaviour specifically
      SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
      c6913eeb