wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
9687 commits 20 branches 302 tags 153 MiB
Commit graph

1145 commits

Author SHA1 Message Date
Dr. Stephen Henson
9f827ded1c fix signed/unsigned comparison warnings 2010-04-14 00:41:01 +00:00
Dr. Stephen Henson
1507f3abba PR: 2230 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix various DTLS fragment reassembly bugs.
 2010-04-14 00:17:29 +00:00
Dr. Stephen Henson
30e8defe52 PR: 2229 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Don't drop DTLS connection if mac or decryption failed.
 2010-04-14 00:09:55 +00:00
Dr. Stephen Henson
9f4dd3e3e3 PR: 2228 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS buffer record MAC failure bug.
 2010-04-14 00:03:13 +00:00
Richard Levitte
d2f098b33d Spelling 2010-04-13 14:34:48 +00:00
Richard Levitte
0a4fe6c8db Undo the previous change, it was incorrect in this branch. 2010-04-13 11:10:07 +00:00
Richard Levitte
7bba401d5d Third argument to dtls1_buffer_record is by reference 2010-04-13 08:41:58 +00:00
Dr. Stephen Henson
acc9938ba5 Add SHA2 algorithms to SSL_library_init(). Although these aren't used 
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
 2010-04-07 13:18:30 +00:00
Dr. Stephen Henson
6dfd3cf68e PR: 2218 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS replay bug.
 2010-04-06 12:44:55 +00:00
Dr. Stephen Henson
073775cbbb PR: 2219 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS buffering bug.
 2010-04-06 12:40:10 +00:00
Dr. Stephen Henson
e995d5044e PR: 2223 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS timeout bug
 2010-04-06 12:29:21 +00:00
Bodo Möller
5b5464d525 Fix for "Record of death" vulnerability CVE-2010-0740. 
Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010).
 2010-03-25 11:22:42 +00:00
Dr. Stephen Henson
7b52778eff PR: 1731 and maybe 2197 
Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.
 2010-03-24 23:16:49 +00:00
Dr. Stephen Henson
47333a34d5 Submitted by: Tomas Hoger <thoger@redhat.com> 
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
 2010-03-03 15:41:00 +00:00
Dr. Stephen Henson
90278430d9 make USE_CRYPTODEV_DIGESTS work 2010-03-01 01:19:36 +00:00
Dr. Stephen Henson
79363339b7 algorithms field has changed in 1.0.0 and later: update 2010-02-28 00:24:24 +00:00
Dr. Stephen Henson
fbe2c6b33e Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and 
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."
 2010-02-27 23:04:10 +00:00
Dr. Stephen Henson
8321bab39c OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved 2010-02-17 19:43:46 +00:00
Dr. Stephen Henson
989238802a Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:38:10 +00:00
Dr. Stephen Henson
45d6a15ae9 PR: 2171 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.

Also can now use SSL2 compatible client hello because RFC5746 supports it.
 2010-02-16 14:20:40 +00:00
Dr. Stephen Henson
8b354e776b PR: 2161 
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.

Make no-dsa, no-ecdsa and no-rsa compile again.
 2010-02-02 13:36:05 +00:00
Dr. Stephen Henson
868f5e44ca PR: 2160 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Make session tickets work with DTLS.
 2010-02-01 16:49:42 +00:00
Dr. Stephen Henson
4e5fdd11ea PR: 2159 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Typo in PR#1949 bug, oops!
 2010-02-01 12:44:11 +00:00
Dr. Stephen Henson
57749b1b9f PR: 1949 
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
 2010-01-26 19:46:30 +00:00
Dr. Stephen Henson
f4f2b52995 oops 2010-01-26 13:56:15 +00:00
Dr. Stephen Henson
c7d5edbf5e export OPENSSL_isservice and make update 2010-01-26 13:55:33 +00:00
Richard Levitte
c8ca769d3b Compile t1_reneg on VMS as well. 
Submitted by Steven M. Schweda <sms@antinode.info>
 2010-01-25 00:19:33 +00:00
Dr. Stephen Henson
a377811f15 PR: 2153, 2125 
Submitted by: steve@openssl.org

The original fix for PR#2125 broke compilation on some Unixware platforms:
revert and make conditional on VMS.
 2010-01-24 16:57:38 +00:00
Dr. Stephen Henson
ef1b6b2cf2 The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING 
ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.
 2010-01-24 13:54:07 +00:00
Dr. Stephen Henson
ad8ee3d7d1 If legacy renegotiation is not permitted then send a fatal alert if a patched 
server attempts to renegotiate with an unpatched client.
 2010-01-22 18:49:19 +00:00
Dr. Stephen Henson
2a4d0dcb89 The use of NIDs in the password based encryption table can result in 
algorithms not found when an application uses PKCS#12 and only calls
SSL_library_init() instead of OpenSSL_add_all_algorithms(). Simple
work around is to add the missing algorithm (40 bit RC2) in
SSL_library_init().
 2010-01-19 19:55:47 +00:00
Dr. Stephen Henson
04aa7441ab PR: 2144 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Better fix for PR#2144
 2010-01-19 19:11:21 +00:00
Dr. Stephen Henson
ddba003d5e PR: 2144 
Submitted by: steve@openssl.org

Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.
 2010-01-16 19:45:59 +00:00
Dr. Stephen Henson
e59d9a34c9 PR: 2133 
Submitted by: steve@openssl.org

Add missing DTLS state strings.
 2010-01-16 19:20:38 +00:00
Dr. Stephen Henson
8043f01b13 PR: 2125 
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>

Fix gcc-aix compilation issue.
 2010-01-14 17:51:52 +00:00
Dr. Stephen Henson
41c0f68630 Fix version handling so it can cope with a major version >3. 
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
 2010-01-13 19:08:29 +00:00
Dr. Stephen Henson
73ff97ad76 Simplify RI+SCSV logic: 
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
 2010-01-07 19:05:03 +00:00
Dr. Stephen Henson
eb17330837 Updates to conform with draft-ietf-tls-renegotiation-03.txt: 
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
 2010-01-06 17:37:38 +00:00
Dr. Stephen Henson
1f67a3a985 compress_meth should be unsigned 2010-01-05 16:46:39 +00:00
Dr. Stephen Henson
4cba294d79 Client side compression algorithm sanity checks: ensure old compression 
algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).
 2010-01-01 14:39:51 +00:00
Dr. Stephen Henson
e642fd7a1c Compression handling on session resume was badly broken: it always 
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
 2010-01-01 00:44:36 +00:00
Dr. Stephen Henson
986093affa Typo 2009-12-27 23:03:25 +00:00
Dr. Stephen Henson
f88e0acb0e Update RI to match latest spec. 
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
 2009-12-27 22:59:09 +00:00
Dr. Stephen Henson
54bc369ad7 Alert to use is now defined in spec: update code 2009-12-17 15:42:43 +00:00
Dr. Stephen Henson
675564835c New option to enable/disable connection to unpatched servers 2009-12-16 20:28:30 +00:00
Dr. Stephen Henson
2456cd58c4 Allow initial connection (but no renegoriation) to servers which don't support 
RI.

Reorganise RI checking code and handle some missing cases.
 2009-12-14 13:55:39 +00:00
Ben Laurie
43a107026d Missing error code. 2009-12-12 15:57:53 +00:00
Dr. Stephen Henson
f1784f2fd2 Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL 2009-12-11 00:20:58 +00:00
Dr. Stephen Henson
b41a614686 Check s3 is not NULL 2009-12-09 14:53:51 +00:00
Dr. Stephen Henson
52a08e90d1 Add ctrls to clear options and mode. 
Change RI ctrl so it doesn't clash.
 2009-12-09 13:25:38 +00:00
Dr. Stephen Henson
6b5f0458fe Send no_renegotiation alert as required by spec. 2009-12-08 19:06:09 +00:00
Dr. Stephen Henson
b52a2738d4 Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
10f99d7b77 Add support for magic cipher suite value (MCSV). Make secure renegotiation 
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
 2009-12-08 13:15:12 +00:00
Dr. Stephen Henson
593222afe1 PR: 2121 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.
 2009-12-08 11:38:18 +00:00
Dr. Stephen Henson
d5b8c46499 PR: 2115 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
 2009-12-01 17:41:42 +00:00
Dr. Stephen Henson
3e8e12a6b6 Servers can't end up talking SSLv2 with legacy renegotiation disabled 2009-11-18 15:09:35 +00:00
Dr. Stephen Henson
5ddbb8f41a Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation 2009-11-18 14:45:32 +00:00
Dr. Stephen Henson
3c44e92bcb Include a more meaningful error message when rejecting legacy renegotiation 2009-11-18 14:19:52 +00:00
Dr. Stephen Henson
73582b8117 add missing parts of reneg port, fix apps patch 2009-11-11 14:51:29 +00:00
Dr. Stephen Henson
56327ebe6a make update 2009-11-10 13:23:04 +00:00
Dr. Stephen Henson
ec4346f6f9 oops, add missing prototypes 2009-11-09 18:58:50 +00:00
Dr. Stephen Henson
bc9058d041 First cut of renegotiation extension. (port to 1.0.0-stable) 2009-11-09 18:45:42 +00:00
Dr. Stephen Henson
e3738c49b8 If it is a new session don't send the old TLS ticket: send a zero length 
ticket to request a new session.
 2009-11-08 14:36:32 +00:00
Dr. Stephen Henson
23b97c6bb5 PR: 2089 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Fragment size bug fix.
 2009-11-02 13:37:17 +00:00
Dr. Stephen Henson
036b3f331b Generate stateless session ID just after the ticket is received instead 
of when a session is loaded. This will mean that applications that
just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()
will still work.
 2009-10-30 14:06:18 +00:00
Dr. Stephen Henson
3d0b604c14 Fix statless session resumption so it can coexist with SNI 2009-10-30 13:22:44 +00:00
Dr. Stephen Henson
257b2bfb6c Don't attempt session resumption if no ticket is present and session 
ID length is zero.
 2009-10-28 19:52:35 +00:00
Dr. Stephen Henson
a9bb9d0eb4 PR: 2072 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Avoid potential doublefree and reuse of freed handshake_buffer.
 2009-10-16 15:24:19 +00:00
Dr. Stephen Henson
cc6688d796 PR: 2073 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Don't access freed SSL_CTX in SSL_free().
 2009-10-16 13:41:52 +00:00
Dr. Stephen Henson
ad187f8905 Fix unitialized warnings 2009-10-04 16:52:35 +00:00
Dr. Stephen Henson
3d1dab4404 PR: 2055 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_ctrl error handling in s2_srvr.c
 2009-10-01 00:07:10 +00:00
Dr. Stephen Henson
29c2fd46d2 PR: 2054 
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_ctrl error handling
 2009-10-01 00:03:50 +00:00
Dr. Stephen Henson
af3d4e1b02 PR: 2039 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS listen bug fix,
 2009-09-15 22:48:30 +00:00
Dr. Stephen Henson
80afb40ae3 Submitted by: Julia Lawall <julia@diku.dk> 
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
 2009-09-13 11:27:27 +00:00
Dr. Stephen Henson
a131de9bb2 PR: 2025 
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Constify SSL_CIPHER_description
 2009-09-12 23:18:09 +00:00
Dr. Stephen Henson
0ddd002f60 PR: 1411 
Submitted by: steve@openssl.org

Allow use of trusted certificates in SSL_CTX_use_chain_file()
 2009-09-12 23:09:26 +00:00
Dr. Stephen Henson
53f062d050 PR: 2033 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS listen support.
 2009-09-09 17:05:42 +00:00
Dr. Stephen Henson
9769137a43 Typo presumably... 2009-09-06 17:55:40 +00:00
Dr. Stephen Henson
c0688f1aef Make update, deleting bogus DTLS error code 2009-09-06 15:55:54 +00:00
Dr. Stephen Henson
2e9802b7a7 PR: 2028 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.
 2009-09-04 17:42:06 +00:00
Dr. Stephen Henson
54ed003ace PR: 2009 
Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov@opera.com>
Approved by: steve@openssl.org

Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although
the ticket mentions buffer overruns this isn't a security issue because
the SSL_SESSION structure is generated internally and it should never be
possible to supply its contents from an untrusted application (this would
among other things destroy session cache security).
 2009-09-02 13:20:22 +00:00
Dr. Stephen Henson
f18e10253d PR: 2022 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS record header length bug.
 2009-09-02 12:53:32 +00:00
Dr. Stephen Henson
17f8d8db61 PR: 2006 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Do not use multiple DTLS records for a single user message
 2009-08-26 11:51:23 +00:00
Richard Levitte
3798c36686 Include proper header files for time functions. 
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
 2009-08-25 07:10:09 +00:00
Dr. Stephen Henson
5a96822f2c Update default dependency flags. 
Make error name discrepancies a fatal error.
Fix error codes.
make update
 2009-08-12 17:08:44 +00:00
Dr. Stephen Henson
a4bade7aac PR: 1997 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.
 2009-08-12 13:21:26 +00:00
Dr. Stephen Henson
f45e8c7bdd PR: 2000 
Submitted by: 	Vadim Zeitlin <vz-openssl@zeitlins.org>
Approved by: steve@openssl.org

Make no-comp compile without warnings.
 2009-08-05 15:29:14 +00:00
Dr. Stephen Henson
d7406b1528 PR: 1993 
Fix from 0.9.8-stable.
 2009-07-24 11:52:32 +00:00
Dr. Stephen Henson
5135d6b985 Fix error codes and indentation. 2009-07-15 11:32:58 +00:00
Dr. Stephen Henson
c8f759ec74 Stop warning of signed/unsigned compare. 2009-07-14 15:28:44 +00:00
Dr. Stephen Henson
cddd00166c PR: 1984 
Submitted by: Michael Tüxen <Michael.Tuexen@lurchi.franken.de>
Approved by: steve@openssl.org

Don't concatenate reads in DTLS.
 2009-07-13 11:44:04 +00:00
Dr. Stephen Henson
c155d83f5b Delete MD2 from algorithm tables and default compilation. 2009-07-08 08:50:53 +00:00
Dr. Stephen Henson
5a03e3ac3f Fix from HEAD. 2009-07-04 12:05:14 +00:00
Dr. Stephen Henson
08b2097967 Update from HEAD. 2009-07-04 11:44:01 +00:00
Dr. Stephen Henson
2b3cd246e5 PR: 1962 
Submitted by: Daniel Mentz <daniel.m@sent.com>
Reviewed by: steve@openssl.org

Fix "for dtls1_get_record() returns a bad record in one edge case" bug.
 2009-07-01 11:29:01 +00:00
Dr. Stephen Henson
76ec9151d1 Update from 0.9.8-stable. 2009-06-30 22:26:28 +00:00
Dr. Stephen Henson
6c24dd9005 Typo. 2009-06-30 20:55:55 +00:00
Dr. Stephen Henson
29b0c4a01c Add "missing" functions for setting all verify parameters for SSL_CTX and SSL 
structures.
 2009-06-30 11:57:24 +00:00
Dr. Stephen Henson
b824f0f458 Redundant check: s->param is always non-NULL, it is set in SSL_new(). 2009-06-30 11:41:35 +00:00
Dr. Stephen Henson
43ea53a04a Inherit parameters properly in SSL contexts: any parameters set should 
replace those in the current list.
 2009-06-30 11:21:00 +00:00