1. 11 12月, 2014 1 次提交
  2. 08 12月, 2014 1 次提交
  3. 06 12月, 2014 1 次提交
  4. 05 12月, 2014 2 次提交
    • E
      Add extra checks for odd-length EC curve lists. · 740580c2
      Emilia Kasper 提交于
      Odd-length lists should be rejected everywhere upon parsing. Nevertheless,
      be extra careful and add guards against off-by-one reads.
      
      Also, drive-by replace inexplicable double-negation with an explicit comparison.
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      740580c2
    • E
      Reject elliptic curve lists of odd lengths. · 33d5ba86
      Emilia Kasper 提交于
      The Supported Elliptic Curves extension contains a vector of NamedCurves
      of 2 bytes each, so the total length must be even. Accepting odd-length
      lists was observed to lead to a non-exploitable one-byte out-of-bounds
      read in the latest development branches (1.0.2 and master). Released
      versions of OpenSSL are not affected.
      
      Thanks to Felix Groebert of the Google Security Team for reporting this issue.
      Reviewed-by: NMatt Caswell <matt@openssl.org>
      33d5ba86
  5. 21 11月, 2014 1 次提交
  6. 20 11月, 2014 2 次提交
  7. 19 11月, 2014 2 次提交
  8. 18 11月, 2014 3 次提交
  9. 24 10月, 2014 1 次提交
  10. 15 10月, 2014 2 次提交
  11. 10 10月, 2014 1 次提交
  12. 01 10月, 2014 1 次提交
  13. 29 8月, 2014 4 次提交
    • D
      New extension callback features. · 33f653ad
      Dr. Stephen Henson 提交于
      Support separate parse and add callback arguments.
      Add new callback so an application can free extension data.
      Change return value for send functions so < 0 is an error 0
      omits extension and > 0 includes it. This is more consistent
      with the behaviour of other functions in OpenSSL.
      
      Modify parse_cb handling so <= 0 is an error.
      
      Make SSL_CTX_set_custom_cli_ext and SSL_CTX_set_custom_cli_ext argument
      order consistent.
      
      NOTE: these changes WILL break existing code.
      
      Remove (now inaccurate) in line documentation.
      Reviewed-by: NEmilia Käsper <emilia@openssl.org>
      33f653ad
    • D
      Remove serverinfo checks. · 707b026d
      Dr. Stephen Henson 提交于
      Since sanity checks are performed for all custom extensions the
      serverinfo checks are no longer needed.
      Reviewed-by: NEmilia Käsper <emilia@openssl.org>
      707b026d
    • D
      Add custom extension sanity checks. · 28ea0a0c
      Dr. Stephen Henson 提交于
      Reject attempts to use extensions handled internally.
      
      Add flags to each extension structure to indicate if an extension
      has been sent or received. Enforce RFC5246 compliance by rejecting
      duplicate extensions and unsolicited extensions and only send a
      server extension if we have sent the corresponding client extension.
      Reviewed-by: NEmilia Käsper <emilia@openssl.org>
      28ea0a0c
    • D
      Custom extension revision. · ecf4d660
      Dr. Stephen Henson 提交于
      Use the same structure for client and server custom extensions.
      
      Add utility functions in new file t1_ext.c.
      Use new utility functions to handle custom server and client extensions
      and remove a lot of code duplication.
      Reviewed-by: NEmilia Käsper <emilia@openssl.org>
      ecf4d660
  14. 18 8月, 2014 1 次提交
  15. 15 8月, 2014 1 次提交
  16. 07 8月, 2014 2 次提交
  17. 02 7月, 2014 1 次提交
  18. 30 6月, 2014 1 次提交
  19. 29 6月, 2014 1 次提交
  20. 03 6月, 2014 1 次提交
  21. 02 6月, 2014 1 次提交
    • D
      Option to disable padding extension. · 01f2f18f
      Dr. Stephen Henson 提交于
      Add TLS padding extension to SSL_OP_ALL so it is used with other
      "bugs" options and can be turned off.
      
      This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
      option referring to SSLv2 and SSLREF.
      
      PR#3336
      01f2f18f
  22. 26 5月, 2014 1 次提交
  23. 20 5月, 2014 1 次提交
  24. 08 4月, 2014 1 次提交
    • D
      Add heartbeat extension bounds check. · 731f4314
      Dr. Stephen Henson 提交于
      A missing bounds check in the handling of the TLS heartbeat extension
      can be used to reveal up to 64k of memory to a connected client or
      server.
      
      Thanks for Neel Mehta of Google Security for discovering this bug and to
      Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
      preparing the fix (CVE-2014-0160)
      (cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
      731f4314
  25. 06 4月, 2014 1 次提交
  26. 28 3月, 2014 4 次提交
    • D
      Security framework. · b362ccab
      Dr. Stephen Henson 提交于
      Security callback: selects which parameters are permitted including
      sensible defaults based on bits of security.
      
      The "parameters" which can be selected include: ciphersuites,
      curves, key sizes, certificate signature algorithms, supported
      signature algorithms, DH parameters, SSL/TLS version, session tickets
      and compression.
      
      In some cases prohibiting the use of a parameters will mean they are
      not advertised to the peer: for example cipher suites and ECC curves.
      In other cases it will abort the handshake: e.g DH parameters or the
      peer key size.
      
      Documentation to follow...
      b362ccab
    • D
      Allow return of supported ciphers. · 8b8e5bed
      Dr. Stephen Henson 提交于
      New function ssl_cipher_disabled.
      
      Check for disabled client ciphers using ssl_cipher_disabled.
      
      New function to return only supported ciphers.
      
      New option to ciphers utility to print only supported ciphers.
      8b8e5bed
    • D
      Auto DH support. · 09599b52
      Dr. Stephen Henson 提交于
      Add auto DH parameter support. This is roughly equivalent to the
      ECDH auto curve selection but for DH. An application can just call
      
      SSL_CTX_set_auto_dh(ctx, 1);
      
      and appropriate DH parameters will be used based on the size of the
      server key.
      
      Unlike ECDH there is no way a peer can indicate the range of DH parameters
      it supports. Some peers cannot handle DH keys larger that 1024 bits for
      example. In this case if you call:
      
      SSL_CTX_set_auto_dh(ctx, 2);
      
      Only 1024 bit DH parameters will be used.
      
      If the server key is 7680 bits or more in size then 8192 bit DH parameters
      will be used: these will be *very* slow.
      
      The old export ciphersuites aren't supported but those are very
      insecure anyway.
      09599b52
    • D
      Fix memory leak with client auth. · 4563da1d
      Dr. Stephen Henson 提交于
      (cherry picked from commit bc5ec653ba65fedb1619c8182088497de8a97a70)
      4563da1d
  27. 21 2月, 2014 1 次提交