Skip to content
  1. Jan 09, 2014
  3. Jan 08, 2014
  5. Jan 06, 2014
  7. Jan 04, 2014
    • Dr. Stephen Henson's avatar
      Restore SSL_OP_MSIE_SSLV2_RSA_PADDING · 25c9fa60
      Dr. Stephen Henson authored 
      The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
0.9.7h but deleting it will break source compatibility with any software
that references it. Restore it but #define to zero.
(cherry picked from commit b17d6b8d)
      25c9fa60
  9. Jan 02, 2014
  11. Dec 22, 2013
  13. Dec 20, 2013
  15. Dec 19, 2013
    • Dr. Stephen Henson's avatar
      Use version in SSL_METHOD not SSL structure. · ca989269
      Dr. Stephen Henson authored 
      When deciding whether to use TLS 1.2 PRF and record hash algorithms
use the version number in the corresponding SSL_METHOD structure
instead of the SSL structure. The SSL structure version is sometimes
inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449)
      ca989269
  17. Dec 18, 2013
  19. Dec 10, 2013
  21. Dec 09, 2013
  23. Dec 08, 2013
    • Dr. Stephen Henson's avatar
      make update · 60df657b
      Dr. Stephen Henson authored
      60df657b
    • Dr. Stephen Henson's avatar
      Avoid multiple locks in FIPS mode. · 17a2d080
      Dr. Stephen Henson authored 
      PR: 3176.

In FIPS mode ssleay_rand_bytes is only used for PRNG seeding and is
performed in either a single threaded context (when the PRNG is first
initialised) or under a lock (reseeding). To avoid multiple locks disable
use of CRYPTO_LOCK_RAND in FIPS mode in ssleay_rand_bytes.
(cherry picked from commit 53142f72c9b9c9bad2f39ca6200a4f04f5c8001c)
      17a2d080
  25. Dec 03, 2013
  27. Nov 27, 2013
  29. Nov 12, 2013
  31. Nov 11, 2013
  33. Nov 10, 2013
  35. Nov 09, 2013
  37. Nov 08, 2013
  39. Nov 06, 2013
  41. Nov 03, 2013
  43. Nov 01, 2013
    • Robin Seggelmann's avatar
      DTLS/SCTP Finished Auth Bug · 025f7dbd
      Robin Seggelmann authored 
      PR: 2808

With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and
FORWARD-TSN chunks. The key for this extension is derived from the
master secret and changed with the next ChangeCipherSpec, whenever a new
key has been negotiated. The following Finished then already uses the
new key.  Unfortunately, the ChangeCipherSpec and Finished are part of
the same flight as the ClientKeyExchange, which is necessary for the
computation of the new secret. Hence, these messages are sent
immediately following each other, leaving the server very little time to
compute the new secret and pass it to SCTP before the finished arrives.
So the Finished is likely to be discarded by SCTP and a retransmission
becomes necessary. To prevent this issue, the Finished of the client is
still sent with the old key.
(cherry picked from commit 9fb523ad)
(cherry picked from commit b9ef52b0)
      025f7dbd
    • Robin Seggelmann's avatar
      DTLS/SCTP struct authchunks Bug · 44f4934b
      Robin Seggelmann authored 
      PR: 2809

DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with
SCTP-AUTH.  It is checked if this has been activated successfully for
the local and remote peer. Due to a bug, however, the
gauth_number_of_chunks field of the authchunks struct is missing on
FreeBSD, and was therefore not considered in the OpenSSL implementation.
This patch sets the corresponding pointer for the check correctly
whether or not this bug is present.
(cherry picked from commit f596e3c4)
(cherry picked from commit b8140811)
      44f4934b