Skip to content
  1. May 17, 2017
    • Matt Caswell's avatar
      Don't allow fragmented alerts · bd990e25
      Matt Caswell authored
      
      
      An alert message is 2 bytes long. In theory it is permissible in SSLv3 -
      TLSv1.2 to fragment such alerts across multiple records (some of which
      could be empty). In practice it make no sense to send an empty alert
      record, or to fragment one. TLSv1.3 prohibts this altogether and other
      libraries (BoringSSL, NSS) do not support this at all. Supporting it adds
      significant complexity to the record layer, and its removal is unlikely
      to cause inter-operability issues.
      
      The DTLS code for this never worked anyway and it is not supported at a
      protocol level for DTLS. Similarly fragmented DTLS handshake records only
      work at a protocol level where at least the handshake message header
      exists within the record. DTLS code existed for trying to handle fragmented
      handshake records smaller than this size. This code didn't work either so
      has also been removed.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/3476)
      bd990e25
  2. Apr 27, 2017
  3. Apr 20, 2017
  4. Apr 10, 2017
  5. Apr 07, 2017
  6. Mar 30, 2017
  7. Mar 29, 2017
  8. Mar 28, 2017
  9. Mar 15, 2017
  10. Mar 14, 2017
  11. Mar 13, 2017
  12. Mar 02, 2017
  13. Feb 28, 2017
  14. Feb 24, 2017
  15. Feb 16, 2017
  16. Feb 01, 2017
  17. Jan 26, 2017
  18. Nov 28, 2016
    • Emilia Kasper's avatar
      Test mac-then-encrypt · b3618f44
      Emilia Kasper authored
      
      
      Verify that the encrypt-then-mac negotiation is handled
      correctly. Additionally, when compiled with no-asm, this test ensures
      coverage for the constant-time MAC copying code in
      ssl3_cbc_copy_mac. The proxy-based CBC padding test covers that as
      well but it's nevertheless better to have an explicit handshake test
      for mac-then-encrypt.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      b3618f44
  19. Nov 13, 2016
  20. Nov 10, 2016
  21. Nov 02, 2016
  22. Nov 01, 2016
  23. Oct 31, 2016
  24. Oct 25, 2016
  25. Oct 13, 2016
  26. Sep 26, 2016
  27. Sep 22, 2016
  28. Sep 14, 2016
  29. Aug 25, 2016
  30. Aug 24, 2016
  31. Aug 13, 2016
  32. Aug 05, 2016
  33. Aug 04, 2016
  34. Jun 20, 2016