- Jan 06, 2015
-
-
Dr. Stephen Henson authored
OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Jan 05, 2015
-
-
Dr. Stephen Henson authored
Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2014-3572 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Adam Langley authored
when its SSL_CTX is updated. From BoringSSL commit https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3a Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Dec 28, 2014
-
-
Rich Salz authored
This commit removes DG-UX. It also flushes out some left-behinds in config. And regenerates TABLE from Configure (hadn't been done in awhile). Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Dec 25, 2014
-
-
Rich Salz authored
This commit removes Sinix/ReliantUNIX RM400 (And a missed piece of BEOS fluff) Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Dec 22, 2014
-
-
Rich Salz authored
This commit removes MPE/iX Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
This commit removes SunOS (a sentimental favorite of mine). Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Dec 20, 2014
-
-
Rich Salz authored
This commit removes all mention of NeXT and NextStep. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Dec 18, 2014
-
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
This commit removes Sony NEWS4 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Dec 17, 2014
-
-
Rich Salz authored
This commit removes BEOS. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Dec 08, 2014
-
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Dec 04, 2014
-
-
Kurt Roeckx authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Nov 20, 2014
-
-
Annie Yousar authored
In keygen, return KEY_SIZE_TOO_SMALL not INVALID_KEYBITS. ** I also increased the minimum from 256 to 512, which is now documented in CHANGES file. ** Reviewed-by: Matt Caswell <matt@openssl.org>
-
David Benjamin authored
the session's version (server). See also BoringSSL's commit bdf5e72f50e25f0e45e825c156168766d8442dde. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. (Because the first CCS would latch the correct keys and subsequent CCS messages would have to be encrypted, a MitM attacker cannot exploit this, though.) Thanks to Joeri de Ruiter for reporting this issue. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
The server must send a NewSessionTicket message if it advertised one in the ServerHello, so make a missing ticket message an alert in the client. An equivalent change was independently made in BoringSSL, see commit 6444287806d801b9a45baf1f6f02a0e3a16e144c. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Oct 28, 2014
-
-
Emilia Kasper authored
Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Reviewed-by: Bodo Moeller <bodo@openssl.org>
-
- Oct 27, 2014
-
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Oct 22, 2014
-
-
Andy Polyakov authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Oct 15, 2014
-
-
Matt Caswell authored
Reviewed-by: Bodo Möller <bodo@openssl.org>
-
Bodo Moeller authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
- Oct 02, 2014
-
-
Bodo Moeller authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Sep 29, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reencode DigestInto in DER and check against the original: this will reject any improperly encoded DigestInfo structures. Note: this is a precautionary measure, there is no known attack which can exploit this. Thanks to Brian Smith for reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 23, 2014
-
-
Emilia Kasper authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit e9128d94)
-
Andy Polyakov authored
Reviewed-by: Bodo Moeller <bodo@openssl.org>
-
- Sep 05, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Aug 15, 2014
-
-
Claus Assmann authored
Fix a bunch of typo's and speling (sic) errors in the CHANGES file. Reviewed-by: Tim Hudson <tjh@cryptsoft.com>
-
- Aug 01, 2014
-
-
Bodo Moeller authored
(If a change is already present in 1.0.1f or 1.0.1h, don't list it again under changes between 1.0.1h and 1.0.2.)
-
Bodo Moeller authored
-
Bodo Moeller authored
(which didn't always handle value 0 correctly). Reviewed-by: <emilia@openssl.org>
-
- Jul 22, 2014
-
-
Andy Polyakov authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Jul 04, 2014
-
-
Dr. Stephen Henson authored
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
-
- Jun 01, 2014
-
-
Ben Laurie authored
Closes #116.
-
- May 23, 2014
-
-
Martin Kaiser authored
Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352
-
- Apr 26, 2014
-
-
mancha authored
Specify -f is for compilation flags. Add -d to synopsis section. Closes #77.
-