- 21 11月, 2014 1 次提交
-
-
由 Annie Yousar 提交于
In keygen, return KEY_SIZE_TOO_SMALL not INVALID_KEYBITS. ** I also increased the minimum from 256 to 512, which is now documented in CHANGES file. ** Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 20 11月, 2014 4 次提交
-
-
由 David Benjamin 提交于
the session's version (server). See also BoringSSL's commit bdf5e72f50e25f0e45e825c156168766d8442dde. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Emilia Kasper 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Emilia Kasper 提交于
once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. (Because the first CCS would latch the correct keys and subsequent CCS messages would have to be encrypted, a MitM attacker cannot exploit this, though.) Thanks to Joeri de Ruiter for reporting this issue. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Emilia Kasper 提交于
The server must send a NewSessionTicket message if it advertised one in the ServerHello, so make a missing ticket message an alert in the client. An equivalent change was independently made in BoringSSL, see commit 6444287806d801b9a45baf1f6f02a0e3a16e144c. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 29 10月, 2014 1 次提交
-
-
由 Emilia Kasper 提交于
Tighten client-side session ticket handling during renegotiation: ensure that the client only accepts a session ticket if the server sends the extension anew in the ServerHello. Previously, a TLS client would reuse the old extension state and thus accept a session ticket if one was announced in the initial ServerHello. Reviewed-by: NBodo Moeller <bodo@openssl.org>
-
- 28 10月, 2014 2 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Emilia Kasper 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 22 10月, 2014 1 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 15 10月, 2014 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NBodo Möller <bodo@openssl.org>
-
由 Bodo Moeller 提交于
Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 02 10月, 2014 1 次提交
-
-
由 Bodo Moeller 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 29 9月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reencode DigestInto in DER and check against the original: this will reject any improperly encoded DigestInfo structures. Note: this is a precautionary measure, there is no known attack which can exploit this. Thanks to Brian Smith for reporting this issue. Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 24 9月, 2014 1 次提交
-
-
由 Emilia Kasper 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (cherry picked from commit e9128d9401ad617e17c5eb3772512c24b038b967)
-
- 23 9月, 2014 1 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NBodo Moeller <bodo@openssl.org>
-
- 05 9月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
-
- 15 8月, 2014 1 次提交
-
-
由 Claus Assmann 提交于
Fix a bunch of typo's and speling (sic) errors in the CHANGES file. Reviewed-by: NTim Hudson <tjh@cryptsoft.com>
-
- 02 8月, 2014 2 次提交
-
-
由 Bodo Moeller 提交于
(If a change is already present in 1.0.1f or 1.0.1h, don't list it again under changes between 1.0.1h and 1.0.2.)
-
由 Bodo Moeller 提交于
-
- 01 8月, 2014 1 次提交
-
-
由 Bodo Moeller 提交于
(which didn't always handle value 0 correctly). Reviewed-by: emilia@openssl.org
-
- 23 7月, 2014 1 次提交
-
-
由 Andy Polyakov 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 04 7月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
-
- 01 6月, 2014 1 次提交
-
-
由 Ben Laurie 提交于
Closes #116.
-
- 24 5月, 2014 1 次提交
-
-
由 Martin Kaiser 提交于
Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352
-
- 26 4月, 2014 2 次提交
- 22 4月, 2014 1 次提交
-
-
由 Ben Laurie 提交于
-
- 08 4月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix (CVE-2014-0160) (cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
-
- 06 4月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Enable TLS padding extension using official value from: http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
-
- 01 4月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add additional check to catch this in ASN1_item_verify too. (cherry picked from commit 66e8211c0b1347970096e04b18aa52567c325200)
-
- 12 3月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. (cherry picked from commit 2198be3483259de374f91e57d247d0fc667aef29) Conflicts: CHANGES
-
- 04 1月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm specific chains instead of the shared chain. Update docs.
-
- 21 12月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. CVE-2013-6450. (cherry picked from commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b)
-
- 13 12月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix padding calculation for different SSL_METHOD types. Use the standard name as used in draft-agl-tls-padding-02
-
- 07 11月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS Client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512. To enable it use an unused extension number (for example 0x4242) using e.g. -DTLSEXT_TYPE_wtf=0x4242 WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
-
- 22 10月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 18 9月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add various functions to allocate and set the fields of an ECDSA_METHOD structure.
-
- 17 9月, 2013 2 次提交
-
-
由 Bodo Moeller 提交于
(This went into 1.0.2 too, so it's not actually a change between 1.0.x and 1.1.0.)
-
由 Bodo Moeller 提交于
the main branch (http://cvs.openssl.org/chngview?cn=19322) later added to the 1.0.2 branch (http://cvs.openssl.org/chngview?cn=23113), and thus not a change "between 1.0.2 and 1.1.0".
-