Dr. Stephen Henson
5421196eca
ABI compliance fixes.
...
Move new structure fields to end of structures.
2012-02-22 15:39:54 +00:00
Dr. Stephen Henson
74b4b49494
SSL export fixes (from Adam Langley) [original from 1.0.1]
2012-02-22 15:06:56 +00:00
Dr. Stephen Henson
de2b5b7439
initialise i if n == 0
2012-02-22 15:03:44 +00:00
Dr. Stephen Henson
206310c305
Fix bug in CVE-2011-4619: check we have really received a client hello
...
before rejecting multiple SGC restarts.
2012-02-16 15:26:04 +00:00
Dr. Stephen Henson
11eaec9ae4
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Further fixes for use_srtp extension.
2012-02-11 22:53:31 +00:00
Dr. Stephen Henson
1df80b6561
PR: 2704
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Fix srp extension.
2012-02-10 20:08:36 +00:00
Dr. Stephen Henson
5997efca83
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Fix encoding of use_srtp extension to be compliant with RFC5764
2012-02-10 00:07:18 +00:00
Dr. Stephen Henson
57559471bf
oops, revert unrelated changes
2012-02-09 15:43:58 +00:00
Dr. Stephen Henson
f4e1169341
Modify client hello version when renegotiating to enhance interop with
...
some servers.
2012-02-09 15:42:10 +00:00
Dr. Stephen Henson
febec8ff23
typo
2012-02-02 19:18:24 +00:00
Dr. Stephen Henson
f71c6e52f7
Add support for distinct certificate chains per key type and per SSL
...
structure.
Before this the only way to add a custom chain was in the parent SSL_CTX
(which is shared by all key types and SSL structures) or rely on auto
chain building (which is performed on each handshake) from the trust store.
2012-01-31 14:00:10 +00:00
Dr. Stephen Henson
9ade64dedf
code tidy
2012-01-27 14:21:38 +00:00
Dr. Stephen Henson
c526ed410c
Revise ssl code to use a CERT_PKEY structure when outputting a
...
certificate chain instead of an X509 structure.
This makes it easier to enhance code in future and the chain
output functions have access to the CERT_PKEY structure being
used.
2012-01-26 16:00:34 +00:00
Dr. Stephen Henson
4379d0e457
Tidy/enhance certificate chain output code.
...
New function ssl_add_cert_chain which adds a certificate chain to
SSL internal BUF_MEM. Use this function in ssl3_output_cert_chain
and dtls1_output_cert_chain instead of partly duplicating code.
2012-01-26 15:47:32 +00:00
Dr. Stephen Henson
08e4ea4884
initialise dh_clnt
2012-01-26 14:37:46 +00:00
Dr. Stephen Henson
0d60939515
add support for use of fixed DH client certificates
2012-01-25 14:51:49 +00:00
Dr. Stephen Henson
1db5f356f5
return error if md is NULL
2012-01-22 13:12:14 +00:00
Dr. Stephen Henson
855d29184e
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
...
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 18:15:27 +00:00
Dr. Stephen Henson
8e1dc4d7ca
Support for fixed DH ciphersuites.
...
The cipher definitions of these ciphersuites have been around since SSLeay
but were always disabled. Now OpenSSL supports DH certificates they can be
finally enabled.
Various additional changes were needed to make them work properly: many
unused fixed DH sections of code were untested.
2012-01-16 18:19:14 +00:00
Bodo Möller
7bb1cc9505
Fix for builds without DTLS support.
...
Submitted by: Brian Carlstrom
2012-01-05 10:22:41 +00:00
Dr. Stephen Henson
59e68615ce
PR: 2671
...
Submitted by: steve
Update maximum message size for certifiate verify messages to support
4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.
2012-01-05 00:28:43 +00:00
Dr. Stephen Henson
192540b522
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
...
Reviewed by: steve
Send fatal alert if heartbeat extension has an illegal value.
2012-01-05 00:23:17 +00:00
Dr. Stephen Henson
e745572493
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
...
Reviewed by: steve
Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 23:52:26 +00:00
Dr. Stephen Henson
27dfffd5b7
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
2012-01-04 23:16:15 +00:00
Dr. Stephen Henson
d0dc991c62
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
2012-01-04 23:15:51 +00:00
Dr. Stephen Henson
25536ea6a7
Submitted by: Adam Langley <agl@chromium.org>
...
Reviewed by: steve
Fix memory leaks.
2012-01-04 14:25:42 +00:00
Dr. Stephen Henson
b3720c34e5
oops, revert wrong patch
2012-01-03 22:06:21 +00:00
Dr. Stephen Henson
5733919dbc
only send heartbeat extension from server if client sent one
2012-01-03 22:03:20 +00:00
Dr. Stephen Henson
4817504d06
PR: 2658
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
2011-12-31 22:59:57 +00:00
Dr. Stephen Henson
84b6e277d4
make update
2011-12-27 14:46:03 +00:00
Dr. Stephen Henson
c79f22c63a
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.
- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
2011-12-27 14:21:45 +00:00
Dr. Stephen Henson
f3d781bb43
PR: 2326
...
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve
Fix incorrect comma expressions and goto f_err as alert has been set.
2011-12-26 19:37:58 +00:00
Dr. Stephen Henson
7e159e0133
PR: 2535
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Add SCTP support for DTLS (RFC 6083).
2011-12-25 14:45:15 +00:00
Dr. Stephen Henson
b9e1488865
typo
2011-12-23 15:03:03 +00:00
Dr. Stephen Henson
9c52c3e07c
delete unimplemented function from header file, update ordinals
2011-12-23 14:09:30 +00:00
Dr. Stephen Henson
b646fc409d
remove prototype for deleted SRP function
2011-12-22 16:05:02 +00:00
Dr. Stephen Henson
f9b0b45238
New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
...
New function to retrieve compression method from SSL_SESSION structure.
Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.
2011-12-22 15:14:32 +00:00
Dr. Stephen Henson
f2fc30751e
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Remove unnecessary code for srp and to add some comments to
s_client.
- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable
- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
2011-12-14 22:17:06 +00:00
Ben Laurie
3c0ff9f939
Remove redundant TLS exporter.
2011-12-13 15:57:39 +00:00
Dr. Stephen Henson
7a2362611f
fix error discrepancy
2011-12-07 12:28:40 +00:00
Bodo Möller
19b0d0e75b
Resolve a stack set-up race condition (if the list of compression
...
methods isn't presorted, it will be sorted on first read).
Submitted by: Adam Langley
2011-12-02 12:52:00 +00:00
Dr. Stephen Henson
ebba6c4895
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Make SRP conformant to rfc 5054.
Changes are:
- removal of the addition state after client hello
- removal of all pre-rfc srp alert ids
- sending a fatal alert when there is no srp extension but when the
server wants SRP
- removal of unnecessary code in the client.
2011-11-25 00:17:44 +00:00
Bodo Möller
6f31dd72d2
Fix NPN implementation for renegotiation.
...
(Problem pointed out by Ben Murphy.)
Submitted by: Adam Langley
2011-11-24 21:07:01 +00:00
Dr. Stephen Henson
1c78c43bd3
move internal functions to ssl_locl.h
2011-11-21 22:52:13 +00:00
Dr. Stephen Henson
21b52dd3eb
bcmp doesn't exist on all platforms, replace with memcmp
2011-11-21 22:28:29 +00:00
Ben Laurie
e0af04056c
Add TLS exporter.
2011-11-15 23:50:52 +00:00
Ben Laurie
333f926d67
Add DTLS-SRTP.
2011-11-15 22:59:20 +00:00
Ben Laurie
ae55176091
Fix some warnings caused by __owur. Temporarily (I hope) remove the more
...
aspirational __owur annotations.
2011-11-14 00:36:10 +00:00
Dr. Stephen Henson
0c58d22ad9
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
2011-11-13 13:13:01 +00:00
Dr. Stephen Henson
930e801214
PR: 2628
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
2011-10-27 13:06:52 +00:00
Dr. Stephen Henson
fe0e302dff
PR: 2628
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix for ECC keys and DTLS.
2011-10-27 13:01:33 +00:00
Dr. Stephen Henson
45906fe63b
Use correct tag for SRP username.
2011-10-25 12:51:22 +00:00
Dr. Stephen Henson
ffbfbef943
more vxworks patches
2011-10-14 22:04:14 +00:00
Bodo Möller
3ddc06f082
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
...
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-13 13:05:58 +00:00
Dr. Stephen Henson
eb47b2fb13
add GCM ciphers in SSL_library_init
2011-10-10 12:56:18 +00:00
Dr. Stephen Henson
a0f21307e0
disable GCM if not available
2011-10-10 12:41:11 +00:00
Dr. Stephen Henson
7d7c13cbab
Don't disable TLS v1.2 by default now.
2011-10-09 23:26:39 +00:00
Dr. Stephen Henson
6dd547398a
use client version when eliminating TLS v1.2 ciphersuites in client hello
2011-10-07 15:07:19 +00:00
Dr. Stephen Henson
fca38e350b
fix signed/unsigned warning
2011-09-26 17:04:32 +00:00
Dr. Stephen Henson
d18a0df0a6
make sure eivlen is initialised
2011-09-24 23:06:20 +00:00
Dr. Stephen Henson
1d7392f219
PR: 2602
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS bug which prevents manual MTU setting
2011-09-23 13:34:48 +00:00
Bodo Möller
c519e89f5c
Fix session handling.
2011-09-05 13:36:23 +00:00
Bodo Möller
612fcfbd29
Fix d2i_SSL_SESSION.
2011-09-05 13:31:17 +00:00
Bodo Möller
e7928282d0
(EC)DH memory handling fixes.
...
Submitted by: Adam Langley
2011-09-05 10:25:31 +00:00
Dr. Stephen Henson
d41ce00b8c
PR: 2573
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS buffering and decryption bug.
2011-09-01 14:02:23 +00:00
Andy Polyakov
c608171d9c
Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.
2011-08-23 20:51:38 +00:00
Dr. Stephen Henson
1f59a84308
Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
...
using OBJ xref utilities instead of string comparison with OID name.
This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
2011-08-14 13:45:19 +00:00
Dr. Stephen Henson
28dd49faec
Expand range of ctrls for AES GCM to support retrieval and setting of
...
invocation field.
Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.
2011-08-03 15:37:22 +00:00
Dr. Stephen Henson
31475a370c
oops, remove debug option
2011-07-25 21:38:41 +00:00
Dr. Stephen Henson
d09677ac45
Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and
...
prohibit use of these ciphersuites for TLS < 1.2
2011-07-25 20:41:32 +00:00
Dr. Stephen Henson
0445ab3ae0
PR: 2555
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS sequence number bug
2011-07-20 15:17:51 +00:00
Dr. Stephen Henson
bb48f4ce6e
PR: 2550
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS HelloVerifyRequest Timer bug
2011-07-20 15:14:24 +00:00
Andy Polyakov
146e1fc7b3
ssl/ssl_ciph.c: allow to switch to predefined "composite" cipher/mac
...
combos that can be implemented as AEAD ciphers.
2011-07-11 14:00:43 +00:00
Andy Polyakov
7532071aa3
ssl/t1_enc.c: initial support for AEAD ciphers.
2011-07-11 13:58:59 +00:00
Dr. Stephen Henson
861a7e5c9f
PR: 2543
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Correctly handle errors in DTLSv1_handle_timeout()
2011-06-22 15:30:14 +00:00
Dr. Stephen Henson
70051b1d88
set FIPS allow before initialising ctx
2011-06-14 15:25:21 +00:00
Dr. Stephen Henson
ca9335760b
fix memory leak
2011-06-08 15:55:43 +00:00
Dr. Stephen Henson
1c13c122d8
Set SSL_FIPS flag in ECC ciphersuites.
2011-06-06 14:14:41 +00:00
Dr. Stephen Henson
4f8f8bf3a4
fix error discrepancy
2011-06-03 18:50:24 +00:00
Dr. Stephen Henson
654ac273c1
typo
2011-06-01 11:10:35 +00:00
Dr. Stephen Henson
8f119a0357
set FIPS permitted flag before initalising digest
2011-05-31 16:24:19 +00:00
Dr. Stephen Henson
1b2047c5c0
Don't round up partitioned premaster secret length if there is only one
...
digest in use: this caused the PRF to fail for an odd premaster secret
length.
2011-05-31 10:34:43 +00:00
Dr. Stephen Henson
eda3766b53
Output supported curves in preference order instead of numerically.
2011-05-30 17:58:13 +00:00
Dr. Stephen Henson
ebc5e72fe5
Don't advertise or use MD5 for TLS v1.2 in FIPS mode
2011-05-25 15:31:32 +00:00
Dr. Stephen Henson
3d52f1d52b
PR: 2533
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes
the program to crash. This is due to missing version checks and is fixed with
this patch.
2011-05-25 15:20:49 +00:00
Dr. Stephen Henson
fd60dfa0f2
PR: 2529
...
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve
Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.
2011-05-25 15:16:10 +00:00
Dr. Stephen Henson
bbcf3a9b30
Some nextproto patches broke DTLS: fix
2011-05-25 14:31:47 +00:00
Dr. Stephen Henson
006b54a8eb
Oops use up to date patch for PR#2506
2011-05-25 14:30:20 +00:00
Dr. Stephen Henson
7832d6ab1c
PR: 2506
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fully implement SSL_clear for DTLS.
2011-05-25 12:28:06 +00:00
Dr. Stephen Henson
ee4b5cebef
PR: 2505
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS session resumption timer bug.
2011-05-25 12:25:01 +00:00
Dr. Stephen Henson
238b63613b
use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS
2011-05-25 11:43:07 +00:00
Dr. Stephen Henson
f37f20ffd3
PR: 2295
...
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2011-05-20 14:56:29 +00:00
Dr. Stephen Henson
086e32a6c7
Implement FIPS_mode and FIPS_mode_set
2011-05-19 18:09:02 +00:00
Dr. Stephen Henson
4f7533eb84
set encodedPoint to NULL after freeing it
2011-05-19 16:17:47 +00:00
Dr. Stephen Henson
855a54a9a5
Provisional support for TLS v1.2 client authentication: client side only.
...
Parse certificate request message and set digests appropriately.
Generate new TLS v1.2 format certificate verify message.
Keep handshake caches around for longer as they are needed for client auth.
2011-05-12 17:35:03 +00:00
Dr. Stephen Henson
8f82912460
Process signature algorithms during TLS v1.2 client authentication.
...
Make sure message is long enough for signature algorithms.
2011-05-12 14:38:01 +00:00
Dr. Stephen Henson
4f7a2ab8b1
make kerberos work with OPENSSL_NO_SSL_INTERN
2011-05-11 22:50:18 +00:00
Dr. Stephen Henson
fc101f88b6
Reorder signature algorithms in strongest hash first order.
2011-05-11 16:33:28 +00:00
Dr. Stephen Henson
a2f9200fba
Initial TLS v1.2 client support. Include a default supported signature
...
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.
Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
2011-05-09 15:44:01 +00:00
Dr. Stephen Henson
6b7be581e5
Continuing TLS v1.2 support: add support for server parsing of
...
signature algorithms extension and correct signature format for
server key exchange.
All ciphersuites should now work on the server but no client support and
no client certificate support yet.
2011-05-06 13:00:07 +00:00
Dr. Stephen Henson
823df31be7
Disable SHA256 if not supported.
2011-05-01 15:36:16 +00:00
Dr. Stephen Henson
7409d7ad51
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
...
checking added, SHA256 PRF support added.
At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
2011-04-29 22:56:51 +00:00
Dr. Stephen Henson
08557cf22c
Initial "opaque SSL" framework. If an application defines
...
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.
The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
2011-04-29 22:37:12 +00:00
Dr. Stephen Henson
b93e331ba4
Reorder headers to get definitions before they are used.
2011-04-11 14:01:33 +00:00
Dr. Stephen Henson
4058861f69
PR: 2462
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS Retransmission Buffer Bug
2011-04-03 17:14:35 +00:00
Dr. Stephen Henson
f74a0c0c93
PR: 2458
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Don't change state when answering DTLS ClientHello.
2011-04-03 16:25:29 +00:00
Dr. Stephen Henson
6e28b60aa5
PR: 2457
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS fragment reassembly bug.
2011-04-03 15:47:58 +00:00
Richard Levitte
3a660e7364
Corrections to the VMS build system.
...
Submitted by Steven M. Schweda <sms@antinode.info>
2011-03-25 16:20:35 +00:00
Richard Levitte
4ec3e8ca51
For VMS, implement the possibility to choose 64-bit pointers with
...
different options:
"64" The build system will choose /POINTER_SIZE=64=ARGV if
the compiler supports it, otherwise /POINTER_SIZE=64.
"64=" The build system will force /POINTER_SIZE=64.
"64=ARGV" The build system will force /POINTER_SIZE=64=ARGV.
2011-03-25 09:40:48 +00:00
Richard Levitte
487b023f3d
make update (1.1.0-dev)
...
This meant alarger renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable and 1.0.1-stable. However, since there's
been no release on this branch yet, it should be harmless.
2011-03-23 00:11:32 +00:00
Richard Levitte
537c982306
After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS
...
submitted by Steven M. Schweda <sms@antinode.info>
2011-03-19 10:58:14 +00:00
Dr. Stephen Henson
23bc7961d2
Fix broken SRP error/function code assignment.
2011-03-16 16:17:46 +00:00
Dr. Stephen Henson
d70fcb96ac
Fix warnings: signed/unisgned comparison, shadowing (in some cases global
...
functions such as rand() ).
2011-03-12 17:27:03 +00:00
Dr. Stephen Henson
5e374d2ee8
Remove redundant check to stop compiler warning.
2011-03-12 17:06:35 +00:00
Ben Laurie
edc032b5e3
Add SRP support.
2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
a3654f0586
Include openssl/crypto.h first in several other files so FIPS renaming
...
is picked up.
2011-02-16 17:25:01 +00:00
Dr. Stephen Henson
b331016124
New option to disable characteristic two fields in EC code.
2011-02-12 17:23:32 +00:00
Bodo Möller
9770924f9b
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
...
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
2011-02-08 17:48:57 +00:00
Bodo Möller
e2b798c8b3
Assorted bugfixes:
...
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check
Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
2011-02-03 12:03:51 +00:00
Bodo Möller
88f2a4cf9c
CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)
2011-02-03 10:43:00 +00:00
Bodo Möller
9d0397e977
make update
2011-02-03 10:17:53 +00:00
Dr. Stephen Henson
9bafd8f7b3
FIPS_allow_md5() no longer exists and is no longer required
2011-01-26 12:23:58 +00:00
Dr. Stephen Henson
722521594c
Don't use decryption_failed alert for TLS v1.1 or later.
2011-01-04 19:39:27 +00:00
Dr. Stephen Henson
a47577164c
Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
...
alert.
2011-01-04 19:34:20 +00:00
Richard Levitte
b7ef916c38
First attempt at adding the possibility to set the pointer size for the builds on VMS.
...
PR: 2393
2010-12-14 19:19:04 +00:00
Dr. Stephen Henson
d0205686bb
PR: 2240
...
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve
As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.
2010-11-25 12:27:09 +00:00
Dr. Stephen Henson
290be870d6
using_ecc doesn't just apply to TLSv1
2010-11-25 11:51:31 +00:00
Dr. Stephen Henson
6f678c4081
oops, revert invalid change
2010-11-24 14:03:25 +00:00
Dr. Stephen Henson
e9be051f3a
use generalise mac API for SSL key generation
2010-11-24 13:16:59 +00:00
Richard Levitte
ec44f0ebfa
Taken from OpenSSL_1_0_0-stable:
...
Include proper header files for time functions.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
2010-11-22 18:25:04 +00:00
Dr. Stephen Henson
b71f815f6b
remove duplicate statement
2010-11-18 17:33:17 +00:00
Dr. Stephen Henson
ac7797a722
oops, reinstate TLSv1 string
2010-11-17 18:17:08 +00:00
Dr. Stephen Henson
7d5686d355
Don't assume a decode error if session tlsext_ecpointformatlist is not NULL: it can be legitimately set elsewhere.
2010-11-17 17:37:23 +00:00
Dr. Stephen Henson
732d31beee
bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files
2010-11-16 14:18:51 +00:00
Dr. Stephen Henson
e15320f652
Only use explicit IV if cipher is in CBC mode.
2010-11-14 17:47:45 +00:00
Dr. Stephen Henson
e827b58711
Get correct GOST private key instead of just assuming the last one is
...
correct: this isn't always true if we have more than one certificate.
2010-11-14 13:50:55 +00:00
Dr. Stephen Henson
5759425810
PR: 2314
...
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve
Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
2010-10-10 12:15:47 +00:00
Ben Laurie
bf48836c7c
Fixes to NPN from Adam Langley.
2010-09-05 17:14:01 +00:00
Ben Laurie
d9a268b9f9
NPN tests.
2010-09-05 16:35:10 +00:00
Ben Laurie
5df2a2497a
Fix warnings.
2010-09-05 16:34:49 +00:00
Dr. Stephen Henson
bdd5350804
PR: 1833
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix other cases not covered by original patch.
2010-08-27 11:29:15 +00:00
Bodo Möller
7c2d4fee25
For better forward-security support, add functions
...
SSL_[CTX_]set_not_resumable_session_callback.
Submitted by: Emilia Kasper (Google)
[A part of this change affecting ssl/s3_lib.c was accidentally commited
separately, together with a compilation fix for that file;
see s3_lib.c CVS revision 1.133 (http://cvs.openssl.org/chngview?cn=19855 ).]
2010-08-26 15:15:47 +00:00
Bodo Möller
f16176dab4
Patch from PR #1833 was broken: there's no s->s3->new_session
...
(only s->new_session).
2010-08-26 14:54:16 +00:00
Dr. Stephen Henson
44959ee456
PR: 1833
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Support for abbreviated handshakes when renegotiating.
2010-08-26 14:23:52 +00:00
Ben Laurie
ee2ffc2794
Add Next Protocol Negotiation.
2010-07-28 10:06:55 +00:00
Dr. Stephen Henson
f96ccf36ff
PR: 1830
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson
Support for RFC5705 key extractor.
2010-07-18 17:43:18 +00:00
Dr. Stephen Henson
b9e7793dd7
oops, revert wrong patch..
2010-07-18 17:43:01 +00:00
Dr. Stephen Henson
d135da5192
Fix warnings (From HEAD, original patch by Ben).
2010-07-18 16:52:47 +00:00
Dr. Stephen Henson
9674de7d3d
no need for empty fragments with TLS 1.1 and later due to explicit IV
2010-06-27 14:43:03 +00:00
Ben Laurie
c8bbd98a2b
Fix warnings.
2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
7837c7ec45
PR: 2259
...
Submitted By: Artem Chuprina <ran@cryptocom.ru>
Check return values of HMAC in tls_P_hash and tls1_generate_key_block.
Although the previous version could in theory crash that would only happen if a
digest call failed. The standard software methods can never fail and only one
ENGINE currently uses digests and it is not compiled in by default.
2010-05-17 11:27:22 +00:00
Dr. Stephen Henson
6006ae148c
PR: 2230
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix bug in bitmask macros and stop warnings.
2010-05-03 13:01:40 +00:00
Dr. Stephen Henson
45106caab7
fix signed/unsigned comparison warnings
2010-04-14 00:41:14 +00:00
Dr. Stephen Henson
934e22e814
PR: 2230
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix various DTLS fragment reassembly bugs.
2010-04-14 00:17:55 +00:00
Dr. Stephen Henson
3122d1d382
PR: 2229
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Don't drop DTLS connection if mac or decryption failed.
2010-04-14 00:10:05 +00:00
Dr. Stephen Henson
b7463c8818
PR: 2228
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS buffer record MAC failure bug.
2010-04-14 00:03:27 +00:00
Dr. Stephen Henson
c0b8eb606f
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
...
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.
Update docs.
2010-04-07 13:18:07 +00:00
Dr. Stephen Henson
ff12f88b8e
PR: 2218
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS replay bug.
2010-04-06 12:45:04 +00:00
Dr. Stephen Henson
47e6a60e42
PR: 2219
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS buffering bug.
2010-04-06 12:40:19 +00:00
Dr. Stephen Henson
87a37cbadd
PR: 2223
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS timeout bug
2010-04-06 12:29:31 +00:00
Dr. Stephen Henson
00a37b5a9b
PR: 2220
...
Fixes to make OpenSSL compile with no-rc4
2010-04-06 11:18:59 +00:00
Bodo Möller
3e8b6485b3
Fix for "Record of death" vulnerability CVE-2010-0740.
...
Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010),
and further harmonize this version of CHANGES with the versions in the current branches.
2010-03-25 11:25:30 +00:00
Dr. Stephen Henson
a3a06e6543
PR: 1731 and maybe 2197
...
Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.
2010-03-24 23:17:15 +00:00
Dr. Stephen Henson
cca1cd9a34
Submitted by: Tomas Hoger <thoger@redhat.com>
...
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
2010-03-03 15:41:18 +00:00
Dr. Stephen Henson
2b13f80360
algorithms field has changed in 1.0.0 and later: update
2010-02-28 00:24:04 +00:00
Dr. Stephen Henson
c1ca9d3238
Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and
...
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."
2010-02-27 23:02:41 +00:00
Dr. Stephen Henson
7512141162
OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved
2010-02-17 19:43:56 +00:00
Dr. Stephen Henson
c2c49969e2
Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
...
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
2010-02-17 18:38:31 +00:00
Dr. Stephen Henson
8d934c2585
PR: 2171
...
Submitted by: Tomas Mraz <tmraz@redhat.com>
Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.
Also can now use SSL2 compatible client hello because RFC5746 supports it.
2010-02-16 14:21:11 +00:00
Dr. Stephen Henson
17ebc10ffa
PR: 2161
...
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.
Make no-dsa, no-ecdsa and no-rsa compile again.
2010-02-02 13:35:27 +00:00
Dr. Stephen Henson
434745dc19
PR: 2160
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Make session tickets work with DTLS.
2010-02-01 16:51:09 +00:00
Dr. Stephen Henson
b380f9b884
PR: 2159
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Typo in PR#1949 bug, oops!
2010-02-01 12:43:45 +00:00
Dr. Stephen Henson
00b525781b
oops revert test code accidentally committed
2010-01-28 16:48:39 +00:00
Dr. Stephen Henson
d5e7f2f2c3
PR: 1949
...
Submitted by: steve@openssl.org
More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
2010-01-26 19:47:37 +00:00
Richard Levitte
c3502985b2
Compile t1_reneg on VMS as well.
...
Submitted by Steven M. Schweda <sms@antinode.info>
2010-01-25 00:19:31 +00:00
Dr. Stephen Henson
bc120a54c9
PR: 2153, 2125
...
Submitted by: steve@openssl.org
The original fix for PR#2125 broke compilation on some Unixware platforms:
revert and make conditional on VMS.
2010-01-24 16:57:20 +00:00
Dr. Stephen Henson
21a5c040e5
The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING
...
ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.
2010-01-24 13:54:20 +00:00
Dr. Stephen Henson
3a88efd48c
If legacy renegotiation is not permitted then send a fatal alert if a patched
...
server attempts to renegotiate with an unpatched client.
2010-01-22 18:49:34 +00:00
Dr. Stephen Henson
49371e3acb
oops
2010-01-20 17:59:53 +00:00
Dr. Stephen Henson
eb125795d2
update NEWS file
2010-01-20 17:56:34 +00:00
Dr. Stephen Henson
071ef65cfa
The use of NIDs in the password based encryption table can result in
...
algorithms not found when an application uses PKCS#12 and only calls
SSL_library_init() instead of OpenSSL_add_all_algorithms(). Simple
work around is to add the missing algorithm (40 bit RC2) in
SSL_library_init().
2010-01-19 19:56:06 +00:00
Dr. Stephen Henson
0debb681e1
PR: 2144
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Better fix for PR#2144
2010-01-19 19:11:35 +00:00
Dr. Stephen Henson
8d39d2800a
PR: 2144
...
Submitted by: steve@openssl.org
Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.
2010-01-16 19:46:10 +00:00
Dr. Stephen Henson
598b562a7f
PR: 2133
...
Submitted by: steve@openssl.org
Add missing DTLS state strings.
2010-01-16 19:20:52 +00:00
Dr. Stephen Henson
031c78901b
make update
2010-01-15 15:24:19 +00:00
Dr. Stephen Henson
ce1ec9c35e
PR: 2125
...
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>
Fix gcc-aix compilation issue.
2010-01-14 17:51:29 +00:00
Dr. Stephen Henson
bd5f21a4ae
Fix version handling so it can cope with a major version >3.
...
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
2010-01-13 19:08:02 +00:00
Dr. Stephen Henson
423c66f10e
Simplify RI+SCSV logic:
...
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
2010-01-07 19:04:52 +00:00
Dr. Stephen Henson
76998a71bc
Updates to conform with draft-ietf-tls-renegotiation-03.txt:
...
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
2010-01-06 17:37:09 +00:00
Dr. Stephen Henson
dd792d6222
Missing commit from change ofr compress_meth to unsigned
2010-01-06 17:35:27 +00:00
Dr. Stephen Henson
82a107eaa8
compress_meth should be unsigned
2010-01-06 14:01:45 +00:00
Dr. Stephen Henson
2be3d6ebc8
Client side compression algorithm sanity checks: ensure old compression
...
algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).
2010-01-01 14:39:37 +00:00
Dr. Stephen Henson
e6f418bcb7
Compression handling on session resume was badly broken: it always
...
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
2009-12-31 14:13:30 +00:00
Dr. Stephen Henson
76774c5ea1
return v1.1 methods for client/server
2009-12-28 00:31:16 +00:00
Dr. Stephen Henson
73527122c9
Typo
2009-12-27 23:02:50 +00:00
Dr. Stephen Henson
d68015764e
Update RI to match latest spec.
...
MCSV is now called SCSV.
Don't send SCSV if renegotiating.
Also note if RI is empty in debug messages.
2009-12-27 22:58:55 +00:00
Dr. Stephen Henson
fbed9f8158
Alert to use is now defined in spec: update code
2009-12-17 15:42:52 +00:00
Dr. Stephen Henson
ef51b4b9b4
New option to enable/disable connection to unpatched servers
2009-12-16 20:25:59 +00:00
Dr. Stephen Henson
c27c9cb4f7
Allow initial connection (but no renegoriation) to servers which don't support
...
RI.
Reorganise RI checking code and handle some missing cases.
2009-12-14 13:56:04 +00:00
Dr. Stephen Henson
22c2155595
Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL and move SSL_OP_NO_TLSv1_1
2009-12-11 00:23:12 +00:00