Commit graph

65 commits

Author SHA1 Message Date
Matt Caswell
47050853f1 Rerun util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:38:49 +00:00
Matt Caswell
10621efd32 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:38:39 +00:00
Dr. Stephen Henson
37580f43b5 Only allow ephemeral RSA keys in export ciphersuites.
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 4b4c1fcc88)

Conflicts:
	doc/ssl/SSL_CTX_set_options.pod
2015-01-06 13:14:05 +00:00
Matt Caswell
9beb948c0d Checkout return value of dtls1_output_cert_chain
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-15 21:27:19 +00:00
Matt Caswell
7516eaf492 Fixed memory leak if BUF_MEM_grow fails
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit bb1ddd3d9a)
2014-12-13 00:05:52 +00:00
Emilia Kasper
249a3e362f Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset
once the ChangeCipherSpec message is received. Previously, the server would
set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED.
This would allow a second CCS to arrive and would corrupt the server state.

(Because the first CCS would latch the correct keys and subsequent CCS
messages would have to be encrypted, a MitM attacker cannot exploit this,
though.)

Thanks to Joeri de Ruiter for reporting this issue.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit e94a6c0ede)

Conflicts:
	CHANGES
	ssl/s3_srvr.c
2014-11-20 15:32:08 +01:00
Dr. Stephen Henson
67bde7d465 Fix DTLS certificate requesting code.
Use same logic when determining when to expect a client
certificate for both TLS and DTLS.

PR#3452
(cherry picked from commit c8d710dc5f)
2014-07-15 18:23:44 +01:00
Dr. Stephen Henson
2054eb771e Add ECC extensions with DTLS.
PR#3449
2014-07-15 12:20:30 +01:00
Ben Laurie
9c8dc84ac1 Fix double frees. 2014-04-22 17:02:37 +01:00
Robin Seggelmann
025f7dbdd1 DTLS/SCTP Finished Auth Bug
PR: 2808

With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and
FORWARD-TSN chunks. The key for this extension is derived from the
master secret and changed with the next ChangeCipherSpec, whenever a new
key has been negotiated. The following Finished then already uses the
new key.  Unfortunately, the ChangeCipherSpec and Finished are part of
the same flight as the ClientKeyExchange, which is necessary for the
computation of the new secret. Hence, these messages are sent
immediately following each other, leaving the server very little time to
compute the new secret and pass it to SCTP before the finished arrives.
So the Finished is likely to be discarded by SCTP and a retransmission
becomes necessary. To prevent this issue, the Finished of the client is
still sent with the old key.
(cherry picked from commit 9fb523adce)
(cherry picked from commit b9ef52b078)
2013-11-01 22:44:20 +00:00
Ben Laurie
62036c6fc3 Merge branch 'no_gmt_unix_time' of git://github.com/nmathewson/openssl into OpenSSL_1_0_1-stable 2013-10-19 11:46:32 +01:00
Nick Mathewson
3da721dac9 Refactor {client,server}_random to call an intermediate function
I'll be using this to make an option for randomizing the time.
2013-10-09 10:28:42 -04:00
Nick Mathewson
f4c93b46ed Do not include a timestamp in the ServerHello Random field.
Instead, send random bytes.
2013-09-16 13:44:10 -04:00
Michael Tuexen
83a3af9f4e DTLS message_sequence number wrong in rehandshake ServerHello
This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.
(cherry picked from commit b62f4daac0)
2013-08-13 18:55:41 +01:00
Dr. Stephen Henson
63e8f16737 PR: 2778(part)
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).
2012-03-31 18:02:43 +00:00
Dr. Stephen Henson
9c284f9651 PR: 2748
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
2012-03-06 13:24:16 +00:00
Dr. Stephen Henson
bd6941cfaa PR: 2658
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
e065e6cda2 PR: 2535
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Add SCTP support for DTLS (RFC 6083).
2011-12-25 14:45:40 +00:00
Dr. Stephen Henson
6d24c09a69 PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix for ECC keys and DTLS.
2011-10-27 13:01:20 +00:00
Bodo Möller
3c3f025923 Fix session handling. 2011-09-05 13:36:55 +00:00
Bodo Möller
61ac68f9f6 (EC)DH memory handling fixes.
Submitted by: Adam Langley
2011-09-05 10:25:27 +00:00
Dr. Stephen Henson
f1c8db9f8c PR: 2555
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS sequence number bug
2011-07-20 15:17:42 +00:00
Dr. Stephen Henson
2c9abbd554 PR: 2550
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS HelloVerifyRequest Timer bug
2011-07-20 15:13:43 +00:00
Dr. Stephen Henson
4159ac43aa Oops use up to date patch for PR#2506 2011-05-25 14:30:05 +00:00
Dr. Stephen Henson
9472baae0d Backport TLS v1.2 support from HEAD.
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
2011-05-11 13:37:52 +00:00
Dr. Stephen Henson
ac2024ccbf PR: 2458
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Don't change state when answering DTLS ClientHello.
2011-04-03 16:25:54 +00:00
Dr. Stephen Henson
c6dd154b3e oops, revert previous patch 2010-08-27 12:10:12 +00:00
Dr. Stephen Henson
35cae95032 PR: 1833
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix other cases not covered by original patch.
2010-08-27 11:57:42 +00:00
Dr. Stephen Henson
48ae85b6ff PR: 1833
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Support for abbreviated handshakes when renegotiating.
2010-08-26 14:22:40 +00:00
Dr. Stephen Henson
868f5e44ca PR: 2160
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Make session tickets work with DTLS.
2010-02-01 16:49:42 +00:00
Dr. Stephen Henson
4e5fdd11ea PR: 2159
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Typo in PR#1949 bug, oops!
2010-02-01 12:44:11 +00:00
Dr. Stephen Henson
57749b1b9f PR: 1949
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
2010-01-26 19:46:30 +00:00
Dr. Stephen Henson
04aa7441ab PR: 2144
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Better fix for PR#2144
2010-01-19 19:11:21 +00:00
Dr. Stephen Henson
ddba003d5e PR: 2144
Submitted by: steve@openssl.org

Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.
2010-01-16 19:45:59 +00:00
Dr. Stephen Henson
675564835c New option to enable/disable connection to unpatched servers 2009-12-16 20:28:30 +00:00
Dr. Stephen Henson
593222afe1 PR: 2121
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.
2009-12-08 11:38:18 +00:00
Dr. Stephen Henson
d5b8c46499 PR: 2115
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:41:42 +00:00
Dr. Stephen Henson
53f062d050 PR: 2033
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS listen support.
2009-09-09 17:05:42 +00:00
Dr. Stephen Henson
2e9802b7a7 PR: 2028
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.
2009-09-04 17:42:06 +00:00
Dr. Stephen Henson
4e63da0669 PR: 1950
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve@openssl.org

DTLS fragment retransmission bug.
2009-06-05 14:46:49 +00:00
Dr. Stephen Henson
e1f09dfd84 PR: 1921
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve@openssl.org

Add ECDHE and PSK support to DTLS.
2009-05-31 17:11:24 +00:00
Dr. Stephen Henson
d6584eba8c PR: 1922
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Timer bug fix.
2009-05-15 22:58:13 +00:00
Dr. Stephen Henson
b452f43322 PR: 1751
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.
2009-04-19 18:03:13 +00:00
Dr. Stephen Henson
aab790a656 PR: 1829
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Timer Bug fix.
2009-04-14 14:33:12 +00:00
Dr. Stephen Henson
1319aad994 PR: 1647
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Update patch for PR#1647.
2009-04-14 14:22:26 +00:00
Bodo Möller
e65bcbcef0 Fix SSL state transitions.
Submitted by: Nagendra Modadugu
2008-09-14 14:02:07 +00:00
Geoff Thorpe
1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism,
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
2008-03-16 21:05:46 +00:00
Andy Polyakov
a2115c5d17 Respect cookie length set by app_gen_cookie_cb.
Submitted by: Alex Lam
2007-10-09 19:31:18 +00:00
Andy Polyakov
0d97d00b6c DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. 2007-09-30 19:34:36 +00:00
Andy Polyakov
7432d073af Switch to RFC-compliant version encoding in DTLS. 2007-09-30 18:53:54 +00:00