- Oct 28, 2014
-
-
Emilia Kasper authored
Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Reviewed-by:
Bodo Moeller <bodo@openssl.org> (cherry picked from commit d663df23) Conflicts: CHANGES
-
- Oct 27, 2014
-
-
Emilia Kasper authored
Reviewed-by:
Rich Salz <rsalz@openssl.org> Reviewed-by:
Geoff Thorpe <geoff@openssl.org> (cherry picked from commit fd28a41e) Conflicts: ssl/ssltest.c
-
- Oct 21, 2014
-
-
Bodo Moeller authored
Reviewed-by: -
Bodo Moeller authored
listed after TLS_FALLBACK_SCSV. RT: 3575 Reviewed-by:Emilia Kasper <emilia@openssl.org>
-
Kurt Roeckx authored
When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set the method to NULL. We didn't used to do that, and it breaks things. This is a regression introduced in 62f45cc2 . Keep the old method since the code is not able to deal with a NULL method at this time. CVE-2014-3569, PR#3571 Reviewed-by:
-
- Oct 20, 2014
-
-
Tim Hudson authored
Reviewed-by:
-
- Oct 17, 2014
-
-
Andy Polyakov authored
Reviewed-by:
Dr Stephen Henson <steve@openssl.org> (cherry picked from commit 55c7a4cf)
-
Andy Polyakov authored
Reviewed-by:
Matt Caswell <matt@openssl.org> (cherry picked from commit 40155f40)
-
Kurt Cancemi authored
Reviewed-by:
Ben Laurie <ben@openssl.org> (cherry picked from commit 87d388c9)
-
- Oct 15, 2014
-
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Geoff Thorpe authored
CVE-2014-3568 Reviewed-by:
-
Dr. Stephen Henson authored
CVE-2014-3567 Reviewed-by:
-
Matt Caswell authored
Related to CVE-2014-3513 This fix was developed by the OpenSSL Team Reviewed-by:Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
CVE-2014-3513 This issue was reported to OpenSSL on 26th September 2014, based on an origi issue and patch developed by the LibreSSL project. Further analysis of the i was performed by the OpenSSL team. The fix was developed by the OpenSSL team. Reviewed-by: -
Bodo Moeller authored
Reviewed-by: -
Andy Polyakov authored
RT: 3553 Reviewed-by:
-
Tim Hudson authored
so the Win32 compile picks it up correctly. Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
The different -I compiler parameters will take care of the rest... Reviewed-by: -
Richard Levitte authored
Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces Reviewed-by: -
Richard Levitte authored
algorithms MD2 and RC5 don't get built. Also, disable building the test apps in crypto/des and crypto/pkcs7, as they have no support at all. Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Update the VMS build according to the latest unixly build. Partly provided by Zoltan Arpadffy <arpadffy@polarhome.com> Reviewed-by: -
Richard Levitte authored
Make sure that disabling the MAYLOSEDATA3 warning is only done when the compiler supports it. Otherwise, there are warnings about it lacking everywhere, which is quite tedious to read through while trying to check for other warnings. Reviewed-by: -
Bodo Moeller authored
Reviewed-by:
-
- Oct 10, 2014
-
-
Dr. Stephen Henson authored
SSL_set_SSL_CTX is normally called for SNI after ClientHello has received and the digest to use for each certificate has been decided. The original ssl->cert contains the negotiated digests and is now copied to the new ssl->cert. PR: 3560 Reviewed-by:
-
- Oct 06, 2014
-
-
Matt Caswell authored
Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also remove duplicate definition of PKCS7_type_is_digest. PR#3551 Reviewed-by:
-
- Sep 29, 2014
-
-
Dr. Stephen Henson authored
Reencode DigestInto in DER and check against the original: this will reject any improperly encoded DigestInfo structures. Note: this is a precautionary measure, there is no known attack which can exploit this. Thanks to Brian Smith for reporting this issue. Reviewed-by:
-
- Sep 25, 2014
-
-
Emilia Kasper authored
Accidentally omitted from commit 455b65df Reviewed-by:
Kurt Roeckx <kurt@openssl.org> (cherry picked from commit fdc35a9d)
-
- Sep 24, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by:
-
Andy Polyakov authored
RT: 3541 Reviewed-by:
-
Emilia Kasper authored
Do the final padding check in EVP_DecryptFinal_ex in constant time to avoid a timing leak from padding failure. Reviewed-by:
-
Emilia Kasper authored
(Original commit adb46dbc ) Use the new constant-time methods consistently in s3_srvr.c Reviewed-by:
-
Adam Langley authored
that bad encryptions are treated like random session keys in constant time. (cherry picked from commit adb46dbc ) Reviewed-by:
-
Emilia Kasper authored
Also tweak s3_cbc.c to use new constant-time methods. Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1 This patch is based on the original RT submission by Adam Langley <agl@chromium.org>, as well as code from BoringSSL and OpenSSL. Reviewed-by:
-
- Sep 21, 2014
-
-
Tim Hudson authored
that fixed PR#3450 where an existing cast masked an issue when i was changed from int to long in that commit Picked up on z/linux (s390) where sizeof(int)!=sizeof(long) Reviewed-by:
-
- Sep 10, 2014
-
-
Rich Salz authored
If we don't find a signer in the internal list, then fall through and look at the internal list; don't just return NULL. Reviewed-by:
-
