- 28 3月, 2014 8 次提交
-
-
由 Dr. Stephen Henson 提交于
Add a debugging security callback option to s_client/s_server. This will print out each security parameter as it is accepted or rejected.
-
由 Dr. Stephen Henson 提交于
Security callback: selects which parameters are permitted including sensible defaults based on bits of security. The "parameters" which can be selected include: ciphersuites, curves, key sizes, certificate signature algorithms, supported signature algorithms, DH parameters, SSL/TLS version, session tickets and compression. In some cases prohibiting the use of a parameters will mean they are not advertised to the peer: for example cipher suites and ECC curves. In other cases it will abort the handshake: e.g DH parameters or the peer key size. Documentation to follow...
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
New function ssl_cipher_disabled. Check for disabled client ciphers using ssl_cipher_disabled. New function to return only supported ciphers. New option to ciphers utility to print only supported ciphers.
-
由 Dr. Stephen Henson 提交于
Add auto DH parameter support. This is roughly equivalent to the ECDH auto curve selection but for DH. An application can just call SSL_CTX_set_auto_dh(ctx, 1); and appropriate DH parameters will be used based on the size of the server key. Unlike ECDH there is no way a peer can indicate the range of DH parameters it supports. Some peers cannot handle DH keys larger that 1024 bits for example. In this case if you call: SSL_CTX_set_auto_dh(ctx, 2); Only 1024 bit DH parameters will be used. If the server key is 7680 bits or more in size then 8192 bit DH parameters will be used: these will be *very* slow. The old export ciphersuites aren't supported but those are very insecure anyway.
-
由 Dr. Stephen Henson 提交于
Add functions to return the "bits of security" for various public key algorithms. Based on SP800-57.
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit bc5ec653ba65fedb1619c8182088497de8a97a70)
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 1f44dac24d1cb752b1a06be9091bb03a88a8598e)
-
- 27 3月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Don't clear verification errors from the error queue unless SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is set. If errors occur during verification and SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR is set return 2 so applications can issue warnings. (cherry picked from commit 2dd6976f6d02f98b30c376951ac38f780a86b3b5)
-
- 24 3月, 2014 1 次提交
-
-
由 Emilia Kasper 提交于
-
- 20 3月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Some CMS SignedData structure use a signature algorithm OID such as SHA1WithRSA instead of the RSA algorithm OID. Workaround this case by tolerating the signature if we recognise the OID.
-
- 19 3月, 2014 1 次提交
-
-
由 Piotr Sikora 提交于
-
- 12 3月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Use a previously unused value as we will be updating multiple released branches. (cherry picked from commit 0737acd2a8cc688902b5151cab5dc6737b82fb96)
-
由 Dr. Stephen Henson 提交于
Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. (cherry picked from commit 2198be3483259de374f91e57d247d0fc667aef29) Conflicts: CHANGES
-
- 10 3月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 08 3月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 7a3e67f029969620966b8a627b8485d83692cca5)
-
- 07 3月, 2014 2 次提交
-
-
由 Andy Polyakov 提交于
PR: 3275
-
由 Andy Polyakov 提交于
The problem is that OpenSSH calls EVP_Cipher, which is not as protective as EVP_CipherUpdate. Formally speaking we ought to do more checks in *_cipher methods, including rejecting lengths not divisible by block size (unless ciphertext stealing is in place). But for now I implement check for zero length in low-level based on precedent. PR: 3087, 2775
-
- 06 3月, 2014 3 次提交
-
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
Submitted by: Roumen Petrov
-
由 Andy Polyakov 提交于
Submitted by: Roumen Petrov
-
- 04 3月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit bdfc0e284c89dd5781259cc19aa264aded538492)
-
- 02 3月, 2014 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Add option to set an alternative to the default hmacWithSHA1 PRF for PKCS#8 private key encryptions. This is used automatically by PKCS8_encrypt if the nid specified is a PRF. Add option to pkcs8 utility. Update docs. (cherry picked from commit b60272b01fcb4f69201b3e1659b4f7e9e9298dfb)
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 124d218889dfca33d277404612f1319afe04107e)
-
由 Dr. Stephen Henson 提交于
Although the memory allocated by compression methods is fixed and cannot grow over time it can cause warnings in some leak checking tools. The function SSL_COMP_free_compression_methods() will free and zero the list of supported compression methods. This should *only* be called in a single threaded context when an application is shutting down to avoid interfering with existing contexts attempting to look up compression methods. (cherry picked from commit 976c58302b13d085edb3ab822f5eac4b2f1bff95)
-
- 01 3月, 2014 1 次提交
-
-
由 Andy Polyakov 提交于
PR: 3271
-
- 27 2月, 2014 5 次提交
-
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
-
- 26 2月, 2014 7 次提交
-
-
由 Rob Stradling 提交于
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 3eddd1706a30cdf3dc9278692d8ee9038eac8a0d)
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
-
由 Andy Polyakov 提交于
PR: 3201
-
由 Andy Polyakov 提交于
-
- 25 2月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit 3678161d717d0f46c5b5b052a6d6a33438b1df00)
-