- 22 1月, 2015 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 03 1月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 20 11月, 2014 1 次提交
-
-
由 Emilia Kasper 提交于
once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. (Because the first CCS would latch the correct keys and subsequent CCS messages would have to be encrypted, a MitM attacker cannot exploit this, though.) Thanks to Joeri de Ruiter for reporting this issue. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 15 10月, 2014 1 次提交
-
-
由 Bodo Moeller 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 29 8月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Since sanity checks are performed for all custom extensions the serverinfo checks are no longer needed. Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 04 7月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
-
- 05 6月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
Only accept change cipher spec when it is expected instead of at any time. This prevents premature setting of session keys before the master secret is determined which an attacker could use as a MITM attack. Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue and providing the initial fix this patch is based on. (cherry picked from commit bc8923b1ec9c467755cd86f7848c50ee8812e441)
-
- 06 2月, 2014 1 次提交
-
-
由 Scott Deboy 提交于
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake. Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.
-
- 26 1月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 09 1月, 2014 2 次提交
-
-
由 Daniel Kahn Gillmor 提交于
Replace the full ciphersuites with "EDH-" in their labels with "DHE-" so that all DHE ciphersuites are referred to in the same way. Leave backward-compatible aliases for the ciphersuites in question so that configurations which specify these explicitly will continue working.
-
由 Daniel Kahn Gillmor 提交于
This change normalizes the SSL_CK_DHE_ #defines to use the common term "DHE", while permitting older code that uses the more uncommon "EDH" constants to compile properly.
-
- 14 11月, 2013 1 次提交
-
-
由 Piotr Sikora 提交于
PR#3106
-
- 13 9月, 2013 1 次提交
-
-
由 Rob Stradling 提交于
-
- 08 9月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt To enable it set the appropriate extension number (0x10 for the test server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10 For non-compliant peers (i.e. just about everything) this should have no effect.
-
- 06 9月, 2013 1 次提交
-
-
由 Scott Deboy 提交于
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
-
- 05 9月, 2013 1 次提交
-
-
由 Rob Stradling 提交于
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
-
- 22 7月, 2013 1 次提交
-
-
由 Adam Langley 提交于
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF blessed version of NPN and we'll be supporting both ALPN and NPN for some time yet. [1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00 Conflicts: ssl/ssl3.h ssl/t1_lib.c
-
- 13 6月, 2013 1 次提交
-
-
由 Trevor 提交于
Contributed by Trevor Perrin.
-
- 18 3月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Revise DTLS code. There was a *lot* of code duplication in the DTLS code that generates records. This makes it harder to maintain and sometimes a TLS update is omitted by accident from the DTLS code. Specifically almost all of the record generation functions have code like this: some_pointer = buffer + HANDSHAKE_HEADER_LENGTH; ... Record creation stuff ... set_handshake_header(ssl, SSL_MT_SOMETHING, message_len); ... write_handshake_message(ssl); Where the "Record creation stuff" is identical between SSL/TLS and DTLS or in some cases has very minor differences. By adding a few fields to SSL3_ENC to include the header length, some flags and function pointers for handshake header setting and handshake writing the code can cope with both cases. Note: although this passes "make test" and some simple DTLS tests there may be some minor differences in the DTLS code that have to be accounted for.
-
- 08 2月, 2013 1 次提交
-
-
由 Andy Polyakov 提交于
Revert is appropriate because binary compatibility is not an issue in 1.1.
-
- 06 2月, 2013 2 次提交
-
-
由 Andy Polyakov 提交于
Kludge alert. This is arranged by passing padding length in unused bits of SSL3_RECORD->type, so that orig_len can be reconstructed. (cherry picked from commit 8bfd4c659f180a6ce34f21c0e62956b362067fba)
-
由 Ben Laurie 提交于
This patch makes the decoding of SSLv3 and TLS CBC records constant time. Without this, a timing side-channel can be used to build a padding oracle and mount Vaudenay's attack. This patch also disables the stitched AESNI+SHA mode pending a similar fix to that code. In order to be easy to backport, this change is implemented in ssl/, rather than as a generic AEAD mode. In the future this should be changed around so that HMAC isn't in ssl/, but crypto/ as FIPS expects. (cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e)
-
- 08 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 29 8月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
all derived keys to the message callback. Add code to SSL_trace to include support for printing out keys.
-
- 04 6月, 2012 1 次提交
-
-
由 Ben Laurie 提交于
-
- 30 5月, 2012 1 次提交
-
-
由 Ben Laurie 提交于
-
- 22 2月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Move new structure fields to end of structures.
-
- 09 2月, 2012 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
some servers.
-
- 05 1月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 04 1月, 2012 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 01 1月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Support for TLS/DTLS heartbeats.
-
- 25 12月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Add SCTP support for DTLS (RFC 6083).
-
- 25 11月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve Make SRP conformant to rfc 5054. Changes are: - removal of the addition state after client hello - removal of all pre-rfc srp alert ids - sending a fatal alert when there is no srp extension but when the server wants SRP - removal of unnecessary code in the client.
-
- 20 5月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com> Reviewed by: steve OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code elimination.
-
- 30 4月, 2011 2 次提交
-
-
由 Dr. Stephen Henson 提交于
checking added, SHA256 PRF support added. At present only RSA key exchange ciphersuites work with TLS v1.2 as the new signature format is not yet implemented.
-
由 Dr. Stephen Henson 提交于
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque and internals cannot be directly accessed. Many applications will need some modification to support this and most likely some additional functions added to OpenSSL. The advantage of this option is that any application supporting it will still be binary compatible if SSL structures change.
-