- Apr 19, 2012
-
-
Dr. Stephen Henson authored
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
-
- Apr 17, 2012
-
-
Bodo Möller authored
(TLS 1.2 clients could end up negotiating these with an OpenSSL server with TLS 1.2 disabled, which is problematic.) Submitted by: Adam Langley
-
Dr. Stephen Henson authored
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client ciphersuites to this value. A value of 50 should be sufficient. Document workarounds in CHANGES.
-
- Apr 05, 2012
-
-
Dr. Stephen Henson authored
enabled instead of requiring an application to hard code a (possibly inappropriate) parameter set and delve into EC internals we just automatically use the preferred curve.
-
- Mar 31, 2012
-
-
Andy Polyakov authored
-
- Mar 28, 2012
-
-
Dr. Stephen Henson authored
Tidy some code up. Don't allocate a structure to handle ECC extensions when it is used for default values. Make supported curves configurable. Add ctrls to retrieve shared curves: not fully integrated with rest of ECC code yet.
-
- Mar 06, 2012
-
-
Dr. Stephen Henson authored
extensions to s_client and s_server to print out retrieved valued. Extend CERT structure to cache supported signature algorithm data.
-
- Feb 21, 2012
-
-
Dr. Stephen Henson authored
between NIDs and the more common NIST names such as "P-256". Enhance ecparam utility and ECC method to recognise the NIST names for curves.
-
- Feb 16, 2012
-
-
Dr. Stephen Henson authored
before rejecting multiple SGC restarts.
-
- Feb 15, 2012
-
-
Dr. Stephen Henson authored
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature: this will make all versions of MDC2 signature equivalent.
-
Dr. Stephen Henson authored
signatures and MDC2 using EVP or RSA_sign. This has become more apparent when the dgst utility in OpenSSL 1.0.0 and later switched to using the EVP_DigestSign functions which call RSA_sign. This means that the signature format OpenSSL 1.0.0 and later used with dgst -sign and MDC2 is incompatible with previous versions. Add detection in RSA_verify so either format works. Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
-
- Feb 09, 2012
-
-
Dr. Stephen Henson authored
some servers.
-
- Jan 31, 2012
-
-
Dr. Stephen Henson authored
structure. Before this the only way to add a custom chain was in the parent SSL_CTX (which is shared by all key types and SSL structures) or rely on auto chain building (which is performed on each handshake) from the trust store.
-
- Jan 25, 2012
-
-
Dr. Stephen Henson authored
-
- Jan 18, 2012
-
-
Dr. Stephen Henson authored
Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050)
-
- Jan 17, 2012
-
-
Dr. Stephen Henson authored
-
- Jan 16, 2012
-
-
Dr. Stephen Henson authored
The cipher definitions of these ciphersuites have been around since SSLeay but were always disabled. Now OpenSSL supports DH certificates they can be finally enabled. Various additional changes were needed to make them work properly: many unused fixed DH sections of code were untested.
-
- Jan 05, 2012
-
-
Bodo Möller authored
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing in HEAD, the actual code is here already.)
-
- Jan 04, 2012
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson.
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Dec 31, 2011
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Support for TLS/DTLS heartbeats.
-
- Dec 19, 2011
-
-
Dr. Stephen Henson authored
Submitted by: Paul Green <Paul.Green@stratus.com> Reviewed by: steve Improved PRNG seeding for VOS.
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
-
- Dec 13, 2011
-
-
Ben Laurie authored
-
Ben Laurie authored
-
- Dec 10, 2011
-
-
Dr. Stephen Henson authored
-
- Dec 07, 2011
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
RFC5114 parameters and X9.42 DH public and private keys.
-
- Dec 02, 2011
-
-
Bodo Möller authored
methods isn't presorted, it will be sorted on first read). Submitted by: Adam Langley
-
Bodo Möller authored
Submitted by: Emilia Kasper
-
Bodo Möller authored
-
Bodo Möller authored
Submitted by: Adam Langley Reviewed by: Bodo Moeller
-
- Nov 15, 2011
-
-
Ben Laurie authored
-
Ben Laurie authored
-