Skip to content
  1. Apr 08, 2014
  2. Apr 07, 2014
    • Dr. Stephen Henson's avatar
      Return if ssleay_rand_add called with zero num. · f74fa33b
      Dr. Stephen Henson authored
      Treat a zero length passed to ssleay_rand_add a no op: the existing logic
      zeroes the md value which is very bad. OpenSSL itself never does this
      internally and the actual call doesn't make sense as it would be passing
      zero bytes of entropy.
      
      Thanks to Marcus Meissner <meissner@suse.de> for reporting this bug.
      (cherry picked from commit 5be1ae28)
      f74fa33b
    • Dr. Stephen Henson's avatar
      Add heartbeat extension bounds check. · 731f4314
      Dr. Stephen Henson authored
      A missing bounds check in the handling of the TLS heartbeat extension
      can be used to reveal up to 64k of memory to a connected client or
      server.
      
      Thanks for Neel Mehta of Google Security for discovering this bug and to
      Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
      preparing the fix (CVE-2014-0160)
      (cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
      731f4314
    • Dr. Stephen Henson's avatar
      Document -verify_return_error option. · 4e6c12f3
      Dr. Stephen Henson authored
      4e6c12f3
  3. Apr 06, 2014
  4. Apr 05, 2014
  5. Apr 04, 2014
  6. Apr 03, 2014
  7. Apr 02, 2014
    • Eric Young's avatar
      Fix base64 decoding bug. · 10378fb5
      Eric Young authored
      A short PEM encoded sequence if passed to the BIO, and the file
      had 2 \n following would fail.
      
      PR#3289
      10378fb5
  8. Apr 01, 2014
  9. Mar 29, 2014
  10. Mar 28, 2014
    • Dr. Stephen Henson's avatar
      Add initial security framework docs. · 0f817d3b
      Dr. Stephen Henson authored
      0f817d3b
    • Dr. Stephen Henson's avatar
      Set security level in cipher string. · 21e0c1d2
      Dr. Stephen Henson authored
      Allow setting of security level in cipher string using the
      @SECLEVEL=N syntax.
      21e0c1d2
    • Dr. Stephen Henson's avatar
      Set security level to zero is ssltest · 77a926e6
      Dr. Stephen Henson authored
      Since ssltest needs to test low security ciphersuites and keys
      set security level to zero so they aren't rejected.
      77a926e6
    • Dr. Stephen Henson's avatar
      Security callback debug print out. · e03c5b59
      Dr. Stephen Henson authored
      Add a debugging security callback option to s_client/s_server. This will
      print out each security parameter as it is accepted or rejected.
      e03c5b59
    • Dr. Stephen Henson's avatar
      Security framework. · b362ccab
      Dr. Stephen Henson authored
      Security callback: selects which parameters are permitted including
      sensible defaults based on bits of security.
      
      The "parameters" which can be selected include: ciphersuites,
      curves, key sizes, certificate signature algorithms, supported
      signature algorithms, DH parameters, SSL/TLS version, session tickets
      and compression.
      
      In some cases prohibiting the use of a parameters will mean they are
      not advertised to the peer: for example cipher suites and ECC curves.
      In other cases it will abort the handshake: e.g DH parameters or the
      peer key size.
      
      Documentation to follow...
      b362ccab
    • Dr. Stephen Henson's avatar
      66f96fe2
    • Dr. Stephen Henson's avatar
      Allow return of supported ciphers. · 8b8e5bed
      Dr. Stephen Henson authored
      New function ssl_cipher_disabled.
      
      Check for disabled client ciphers using ssl_cipher_disabled.
      
      New function to return only supported ciphers.
      
      New option to ciphers utility to print only supported ciphers.
      8b8e5bed
    • Dr. Stephen Henson's avatar
      Auto DH support. · 09599b52
      Dr. Stephen Henson authored
      Add auto DH parameter support. This is roughly equivalent to the
      ECDH auto curve selection but for DH. An application can just call
      
      SSL_CTX_set_auto_dh(ctx, 1);
      
      and appropriate DH parameters will be used based on the size of the
      server key.
      
      Unlike ECDH there is no way a peer can indicate the range of DH parameters
      it supports. Some peers cannot handle DH keys larger that 1024 bits for
      example. In this case if you call:
      
      SSL_CTX_set_auto_dh(ctx, 2);
      
      Only 1024 bit DH parameters will be used.
      
      If the server key is 7680 bits or more in size then 8192 bit DH parameters
      will be used: these will be *very* slow.
      
      The old export ciphersuites aren't supported but those are very
      insecure anyway.
      09599b52
    • Dr. Stephen Henson's avatar
      Add functions returning security bits. · 2514fa79
      Dr. Stephen Henson authored
      Add functions to return the "bits of security" for various public key
      algorithms. Based on SP800-57.
      2514fa79
  11. Mar 27, 2014
  12. Mar 24, 2014
  13. Mar 19, 2014
  14. Mar 18, 2014
  15. Mar 12, 2014
    • Dr. Stephen Henson's avatar
      Update ordinals. · 14c67a70
      Dr. Stephen Henson authored
      Use a previously unused value as we will be updating multiple released
      branches.
      (cherry picked from commit 0737acd2a8cc688902b5151cab5dc6737b82fb96)
      14c67a70
    • Dr. Stephen Henson's avatar
      Fix for CVE-2014-0076 · f9b6c0ba
      Dr. Stephen Henson authored
      Fix for the attack described in the paper "Recovering OpenSSL
      ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
      by Yuval Yarom and Naomi Benger. Details can be obtained from:
      http://eprint.iacr.org/2014/140
      
      Thanks to Yuval Yarom and Naomi Benger for discovering this
      flaw and to Yuval Yarom for supplying a fix.
      (cherry picked from commit 2198be3483259de374f91e57d247d0fc667aef29)
      
      Conflicts:
      
      	CHANGES
      f9b6c0ba
  16. Mar 10, 2014
  17. Mar 07, 2014
  18. Mar 06, 2014