1. 06 2月, 2015 2 次提交
  2. 03 2月, 2015 2 次提交
  3. 28 1月, 2015 1 次提交
    • R
      OPENSSL_NO_xxx cleanup: SHA · 474e469b
      Rich Salz 提交于
      Remove support for SHA0 and DSS0 (they were broken), and remove
      the ability to attempt to build without SHA (it didn't work).
      For simplicity, remove the option of not building various SHA algorithms;
      you could argue that SHA_224/256/384/512 should be kept, since they're
      like crypto algorithms, but I decided to go the other way.
      So these options are gone:
      	GENUINE_DSA         OPENSSL_NO_SHA0
      	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
      	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
      	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      474e469b
  4. 22 1月, 2015 4 次提交
  5. 08 1月, 2015 1 次提交
  6. 06 1月, 2015 2 次提交
  7. 31 12月, 2014 1 次提交
  8. 17 12月, 2014 1 次提交
  9. 16 12月, 2014 1 次提交
    • A
      Don't set client_version to the ServerHello version. · ec1af3c4
      Adam Langley 提交于
      The client_version needs to be preserved for the RSA key exchange.
      
      This change also means that renegotiation will, like TLS, repeat the old
      client_version rather than advertise only the final version. (Either way,
      version change on renego is not allowed.) This is necessary in TLS to work
      around an SChannel bug, but it's not strictly necessary in DTLS.
      
      (From BoringSSL)
      Reviewed-by: NEmilia Käsper <emilia@openssl.org>
      ec1af3c4
  10. 11 12月, 2014 1 次提交
  11. 08 12月, 2014 1 次提交
  12. 20 11月, 2014 6 次提交
  13. 29 10月, 2014 1 次提交
    • E
      Tighten session ticket handling · d663df23
      Emilia Kasper 提交于
      Tighten client-side session ticket handling during renegotiation:
      ensure that the client only accepts a session ticket if the server sends
      the extension anew in the ServerHello. Previously, a TLS client would
      reuse the old extension state and thus accept a session ticket if one was
      announced in the initial ServerHello.
      Reviewed-by: NBodo Moeller <bodo@openssl.org>
      d663df23
  14. 24 10月, 2014 1 次提交
  15. 21 9月, 2014 1 次提交
  16. 05 9月, 2014 1 次提交
    • A
      psk_client_callback, 128-byte id bug. · be0d8517
      Adam Langley 提交于
      Fix a bug in handling of 128 byte long PSK identity in
      psk_client_callback.
      
      OpenSSL supports PSK identities of up to (and including) 128 bytes in
      length. PSK identity is obtained via the psk_client_callback,
      implementors of which are expected to provide a NULL-terminated
      identity. However, the callback is invoked with only 128 bytes of
      storage thus making it impossible to return a 128 byte long identity and
      the required additional NULL byte.
      
      This CL fixes the issue by passing in a 129 byte long buffer into the
      psk_client_callback. As a safety precaution, this CL also zeroes out the
      buffer before passing it into the callback, uses strnlen for obtaining
      the length of the identity returned by the callback, and aborts the
      handshake if the identity (without the NULL terminator) is longer than
      128 bytes.
      
      (Original patch amended to achieve strnlen in a different way.)
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      be0d8517
  17. 16 8月, 2014 1 次提交
  18. 09 8月, 2014 1 次提交
    • D
      Fix SRP authentication ciphersuites. · 9e72d496
      Dr. Stephen Henson 提交于
      The addition of SRP authentication needs to be checked in various places
      to work properly. Specifically:
      
      A certificate is not sent.
      A certificate request must not be sent.
      Server key exchange message must not contain a signature.
      If appropriate SRP authentication ciphersuites should be chosen.
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      9e72d496
  19. 07 8月, 2014 2 次提交
  20. 04 7月, 2014 1 次提交
  21. 15 6月, 2014 1 次提交
    • D
      Accept CCS after sending finished. · 3b77f017
      Dr. Stephen Henson 提交于
      Allow CCS after finished has been sent by client: at this point
      keys have been correctly set up so it is OK to accept CCS from
      server. Without this renegotiation can sometimes fail.
      
      PR#3400
      3b77f017
  22. 07 6月, 2014 1 次提交
  23. 05 6月, 2014 2 次提交
    • D
      Fix for CVE-2014-0224 · a91be108
      Dr. Stephen Henson 提交于
      Only accept change cipher spec when it is expected instead of at any
      time. This prevents premature setting of session keys before the master
      secret is determined which an attacker could use as a MITM attack.
      
      Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
      and providing the initial fix this patch is based on.
      (cherry picked from commit bc8923b1ec9c467755cd86f7848c50ee8812e441)
      a91be108
    • D
      Fix CVE-2014-3470 · a5362db4
      Dr. Stephen Henson 提交于
      Check session_cert is not NULL before dereferencing it.
      (cherry picked from commit 8011cd56e39a433b1837465259a9bd24a38727fb)
      a5362db4
  24. 28 3月, 2014 3 次提交
    • D
      Security framework. · b362ccab
      Dr. Stephen Henson 提交于
      Security callback: selects which parameters are permitted including
      sensible defaults based on bits of security.
      
      The "parameters" which can be selected include: ciphersuites,
      curves, key sizes, certificate signature algorithms, supported
      signature algorithms, DH parameters, SSL/TLS version, session tickets
      and compression.
      
      In some cases prohibiting the use of a parameters will mean they are
      not advertised to the peer: for example cipher suites and ECC curves.
      In other cases it will abort the handshake: e.g DH parameters or the
      peer key size.
      
      Documentation to follow...
      b362ccab
    • D
      Check return value of ssl3_output_cert_chain · 66f96fe2
      Dr. Stephen Henson 提交于
      66f96fe2
    • D
      Allow return of supported ciphers. · 8b8e5bed
      Dr. Stephen Henson 提交于
      New function ssl_cipher_disabled.
      
      Check for disabled client ciphers using ssl_cipher_disabled.
      
      New function to return only supported ciphers.
      
      New option to ciphers utility to print only supported ciphers.
      8b8e5bed
  25. 21 2月, 2014 1 次提交