Dr. Stephen Henson
0d60939515
add support for use of fixed DH client certificates
2012-01-25 14:51:49 +00:00
Dr. Stephen Henson
855d29184e
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
...
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 18:15:27 +00:00
Dr. Stephen Henson
ac07bc8602
fix CHANGES entry
2012-01-17 14:20:32 +00:00
Dr. Stephen Henson
8e1dc4d7ca
Support for fixed DH ciphersuites.
...
The cipher definitions of these ciphersuites have been around since SSLeay
but were always disabled. Now OpenSSL supports DH certificates they can be
finally enabled.
Various additional changes were needed to make them work properly: many
unused fixed DH sections of code were untested.
2012-01-16 18:19:14 +00:00
Bodo Möller
8e85545284
Update for 0.9.8s and 1.0.0f, and for 1.0.1 branch.
...
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in HEAD, the actual code is here already.)
2012-01-05 13:48:55 +00:00
Dr. Stephen Henson
4d0bafb4ae
update CHANGES
2012-01-04 23:54:17 +00:00
Dr. Stephen Henson
e745572493
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
...
Reviewed by: steve
Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 23:52:26 +00:00
Dr. Stephen Henson
27dfffd5b7
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
2012-01-04 23:16:15 +00:00
Dr. Stephen Henson
2ec0497f08
fix CHANGES
2012-01-04 23:10:44 +00:00
Dr. Stephen Henson
6bf896d9b1
Check GOST parameters are not NULL (CVE-2012-0027)
2012-01-04 23:03:40 +00:00
Dr. Stephen Henson
be71c37296
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
2012-01-04 23:01:54 +00:00
Dr. Stephen Henson
0b9f5ef809
update CHANGES
2011-12-31 23:08:15 +00:00
Dr. Stephen Henson
4817504d06
PR: 2658
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
2011-12-31 22:59:57 +00:00
Dr. Stephen Henson
ad89bf7894
PR: 2563
...
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve
Improved PRNG seeding for VOS.
2011-12-19 17:01:37 +00:00
Andy Polyakov
e75440d2c9
update CHANGES.
2011-12-19 14:48:49 +00:00
Dr. Stephen Henson
188c53f7e8
update CHANGES
2011-12-19 14:41:03 +00:00
Ben Laurie
9a436c0f89
Back out redundant verification time change.
2011-12-13 15:00:43 +00:00
Ben Laurie
7fd5df6b12
Make it possible to set a time for verification.
2011-12-13 14:38:12 +00:00
Dr. Stephen Henson
627b044536
update CHANGES
2011-12-10 00:49:05 +00:00
Dr. Stephen Henson
2ca873e8d8
transparently handle X9.42 DH parameters
2011-12-07 12:44:03 +00:00
Dr. Stephen Henson
afb14cda8c
Initial experimental support for X9.42 DH parameter format to handle
...
RFC5114 parameters and X9.42 DH public and private keys.
2011-12-07 00:32:34 +00:00
Bodo Möller
19b0d0e75b
Resolve a stack set-up race condition (if the list of compression
...
methods isn't presorted, it will be sorted on first read).
Submitted by: Adam Langley
2011-12-02 12:52:00 +00:00
Bodo Möller
ea8c77a55b
Fix ecdsatest.c.
...
Submitted by: Emilia Kasper
2011-12-02 12:41:17 +00:00
Bodo Möller
a7c71d8955
Update HEAD CHANGES file.
2011-12-02 12:28:20 +00:00
Bodo Möller
390c579568
Fix BIO_f_buffer().
...
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
2011-12-02 12:25:03 +00:00
Ben Laurie
e0af04056c
Add TLS exporter.
2011-11-15 23:50:52 +00:00
Ben Laurie
333f926d67
Add DTLS-SRTP.
2011-11-15 22:59:20 +00:00
Dr. Stephen Henson
20bee9684d
Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest.
2011-11-13 14:07:36 +00:00
Dr. Stephen Henson
a98b8ce652
Update fips_test_suite to take multiple command line options and
...
an induced error checking function.
2011-11-06 12:53:13 +00:00
Dr. Stephen Henson
f4324e51dd
Add single call public key sign and verify functions.
2011-11-05 01:34:36 +00:00
Dr. Stephen Henson
3ec9dceb15
Add fips_algvs utility (from FIPS 2.0 stable branch).
2011-11-02 00:57:22 +00:00
Dr. Stephen Henson
5e4eb9954b
add authentication parameter to FIPS_module_mode_set
2011-10-19 22:34:53 +00:00
Bodo Möller
e5641d7f05
BN_BLINDING multi-threading fix.
...
Submitted by: Emilia Kasper (Google)
2011-10-19 14:59:27 +00:00
Bodo Möller
e0d6132b8c
Fix warnings.
...
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
2011-10-19 08:59:53 +00:00
Bodo Möller
3e00b4c9db
Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and
...
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)
Submitted by: Google Inc.
2011-10-18 19:43:16 +00:00
Bodo Möller
8b37d33a94
typo
2011-10-13 13:20:33 +00:00
Bodo Möller
3ddc06f082
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
...
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-13 13:05:58 +00:00
Dr. Stephen Henson
ccbb9badba
fix CHANGES entry
2011-10-09 23:11:55 +00:00
Dr. Stephen Henson
2bfeb7dc83
Add FIPS selftests for ECDH algorithm.
2011-09-29 23:08:23 +00:00
Dr. Stephen Henson
cb71870dfa
Use function name FIPS_drbg_health_check() for health check function.
...
Add explanatory comments to health check code.
2011-09-22 14:01:25 +00:00
Dr. Stephen Henson
4420b3b17a
Revise DRBG to split between internal and external flags.
...
One demand health check function.
Perform generation test in fips_test_suite.
Option to skip dh test if fips_test_suite.
2011-09-21 17:04:56 +00:00
Dr. Stephen Henson
15094852de
new function to lookup FIPS supported ciphers by NID
2011-09-14 13:25:48 +00:00
Dr. Stephen Henson
a11f06b2dc
More extensive DRBG health check. New function to call health check
...
for all DRBG combinations.
2011-09-12 18:47:39 +00:00
Dr. Stephen Henson
7fdcb45745
Add support for Dual EC DRBG from SP800-90. Include updates to algorithm
...
tests and POST code.
2011-09-09 17:16:43 +00:00
Dr. Stephen Henson
0486cce653
Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
...
produce an error (CVE-2011-3207)
2011-09-06 15:15:09 +00:00
Bodo Möller
c519e89f5c
Fix session handling.
2011-09-05 13:36:23 +00:00
Bodo Möller
612fcfbd29
Fix d2i_SSL_SESSION.
2011-09-05 13:31:17 +00:00
Bodo Möller
e7928282d0
(EC)DH memory handling fixes.
...
Submitted by: Adam Langley
2011-09-05 10:25:31 +00:00
Bodo Möller
837e1b6812
Fix memory leak on bad inputs.
2011-09-05 09:57:20 +00:00
Bodo Möller
acb4ab34a4
Synchronize with 1.0.1 CHANGES file.
2011-09-05 09:30:50 +00:00