Andy Polyakov
5b2bbf37fa
s2_clnt.c: compensate for compiler bug [from HEAD].
2012-05-16 18:22:27 +00:00
Dr. Stephen Henson
6e164e5c3d
PR: 2811
...
Reported by: Phil Pennock <openssl-dev@spodhuis.org>
Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
version client hello workaround if renegotiating.
2012-05-11 13:32:26 +00:00
Dr. Stephen Henson
1b452133ae
PR: 2806
...
Submitted by: PK <runningdoglackey@yahoo.com>
Correct ciphersuite signature algorithm definitions.
2012-05-10 18:24:32 +00:00
Dr. Stephen Henson
d414a5a0f0
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
...
DTLS to fix DoS attack.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
2012-05-10 15:10:15 +00:00
Richard Levitte
9eb4460e68
Don't forget to install srtp.h as well
2012-05-10 15:01:22 +00:00
Dr. Stephen Henson
6984d16671
oops, revert unrelated change
2012-05-10 13:38:18 +00:00
Dr. Stephen Henson
5b9d0995a1
Reported by: Solar Designer of Openwall
...
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-05-10 13:34:22 +00:00
Dr. Stephen Henson
c76b7a1a82
Don't try to use unvalidated composite ciphers in FIPS mode
2012-04-26 18:49:45 +00:00
Dr. Stephen Henson
502dfeb8de
Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and
...
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
2012-04-25 23:08:44 +00:00
Andy Polyakov
5bbed29518
s23_clnt.c: ensure interoperability by maitaining client "version capability"
...
vector contiguous [from HEAD].
PR: 2802
2012-04-25 22:07:23 +00:00
Dr. Stephen Henson
dedfe959dd
correct error code
2012-04-18 14:53:48 +00:00
Bodo Möller
4d936ace08
Disable SHA-2 ciphersuites in < TLS 1.2 connections.
...
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)
Submitted by: Adam Langley
2012-04-17 15:20:17 +00:00
Dr. Stephen Henson
89bd25eb26
Additional workaround for PR#2771
...
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.
Document workarounds in CHANGES.
2012-04-17 14:41:23 +00:00
Dr. Stephen Henson
4a1cf50187
Partial workaround for PR#2771.
...
Some servers hang when presented with a client hello record length exceeding
255 bytes but will work with longer client hellos if the TLS record version
in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all
cases...
2012-04-17 13:20:19 +00:00
Andy Polyakov
32e12316e5
OPENSSL_NO_SOCK fixes [from HEAD].
...
PR: 2791
Submitted by: Ben Noordhuis
2012-04-16 17:43:15 +00:00
Andy Polyakov
c2770c0e0e
s3_srvr.c: fix typo [from HEAD].
...
PR: 2538
2012-04-15 17:23:41 +00:00
Andy Polyakov
371056f2b9
e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag
...
countermeasure [from HEAD].
PR: 2778
2012-04-15 14:23:03 +00:00
Andy Polyakov
3f98d7c0b5
ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444) [from HEAD].
...
PR: 2778
2012-04-04 20:51:27 +00:00
Dr. Stephen Henson
63e8f16737
PR: 2778(part)
...
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>
Time is always encoded as 4 bytes, not sizeof(Time).
2012-03-31 18:02:43 +00:00
Dr. Stephen Henson
418044cbab
Experimental workaround to large client hello issue (see PR#2771).
...
If OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
only.
2012-03-29 19:08:54 +00:00
Dr. Stephen Henson
78c5d2a9bb
use client version when deciding whether to send supported signature algorithms extension
2012-03-21 21:32:57 +00:00
Andy Polyakov
9cc42cb091
ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER [from HEAD].
2012-03-13 19:21:15 +00:00
Dr. Stephen Henson
267c950c5f
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
...
Add more extension names in s_cb.c extension printing code.
2012-03-09 18:37:41 +00:00
Dr. Stephen Henson
ce1605b508
PR: 2756
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS timeout handling.
2012-03-09 15:52:20 +00:00
Dr. Stephen Henson
25bfdca16a
PR: 2755
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reduce MTU after failed transmissions.
2012-03-06 13:47:27 +00:00
Dr. Stephen Henson
9c284f9651
PR: 2748
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix possible DTLS timer deadlock.
2012-03-06 13:24:16 +00:00
Dr. Stephen Henson
a54ce007e6
PR: 2739
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix padding bugs in Heartbeat support.
2012-02-27 16:38:10 +00:00
Dr. Stephen Henson
f1fa05b407
ABI compliance fixes.
...
Move new structure fields to end of structures.
Import library codes from 1.0.0 and recreate new ones.
2012-02-22 14:01:44 +00:00
Dr. Stephen Henson
b935714237
typo
2012-02-17 17:31:32 +00:00
Dr. Stephen Henson
a8314df902
Fix bug in CVE-2011-4619: check we have really received a client hello
...
before rejecting multiple SGC restarts.
2012-02-16 15:25:39 +00:00
Dr. Stephen Henson
d40abf1689
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Further fixes for use_srtp extension.
2012-02-11 22:53:48 +00:00
Dr. Stephen Henson
c489ea7d01
PR: 2704
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Fix srp extension.
2012-02-10 20:08:49 +00:00
Dr. Stephen Henson
943cc09d8a
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Fix encoding of use_srtp extension to be compliant with RFC5764
2012-02-10 00:03:37 +00:00
Dr. Stephen Henson
fc6800d19f
Modify client hello version when renegotiating to enhance interop with
...
some servers.
2012-02-09 15:41:44 +00:00
Dr. Stephen Henson
adcea5a043
return error if md is NULL
2012-01-22 13:12:50 +00:00
Dr. Stephen Henson
2dc4b0dbe8
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
...
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 18:14:56 +00:00
Andy Polyakov
c8e0b5d7b6
1.0.1-specific OPNESSL vs. OPENSSL typo.
...
PR: 2613
Submitted by: Leena Heino
2012-01-15 13:42:50 +00:00
Dr. Stephen Henson
285d9189c7
PR: 2652
...
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
OpenVMS fixes.
2012-01-05 14:30:08 +00:00
Bodo Möller
409d2a1b71
Fix for builds without DTLS support.
...
Submitted by: Brian Carlstrom
2012-01-05 10:22:39 +00:00
Dr. Stephen Henson
e0b9678d7f
PR: 2671
...
Submitted by: steve
Update maximum message size for certifiate verify messages to support
4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.
2012-01-05 00:28:29 +00:00
Dr. Stephen Henson
166dea6ac8
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
...
Reviewed by: steve
Send fatal alert if heartbeat extension has an illegal value.
2012-01-05 00:23:31 +00:00
Dr. Stephen Henson
0044739ae5
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
...
Reviewed by: steve
Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 23:52:05 +00:00
Dr. Stephen Henson
4e44bd3650
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
2012-01-04 23:13:29 +00:00
Dr. Stephen Henson
aaa3850ccd
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
2012-01-04 23:07:54 +00:00
Dr. Stephen Henson
1cb4d65b87
Submitted by: Adam Langley <agl@chromium.org>
...
Reviewed by: steve
Fix memory leaks.
2012-01-04 14:25:28 +00:00
Dr. Stephen Henson
7b2dd292bc
only send heartbeat extension from server if client sent one
2012-01-03 22:03:07 +00:00
Dr. Stephen Henson
d9834ff24b
make update
2012-01-02 16:41:11 +00:00
Dr. Stephen Henson
bd6941cfaa
PR: 2658
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
5c05f69450
make update
2011-12-27 14:38:27 +00:00
Dr. Stephen Henson
b300fb7734
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.
- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
2011-12-27 14:23:22 +00:00
Dr. Stephen Henson
f89af47438
PR: 2326
...
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve
Fix incorrect comma expressions and goto f_err as alert has been set.
2011-12-26 19:38:09 +00:00
Dr. Stephen Henson
e065e6cda2
PR: 2535
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Add SCTP support for DTLS (RFC 6083).
2011-12-25 14:45:40 +00:00
Dr. Stephen Henson
60553cc209
typo
2011-12-23 15:03:16 +00:00
Dr. Stephen Henson
2d4c9ab518
delete unimplemented function from header file, update ordinals
2011-12-23 14:10:35 +00:00
Dr. Stephen Henson
242f8d644c
remove prototype for deleted SRP function
2011-12-22 16:01:23 +00:00
Dr. Stephen Henson
f5575cd167
New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
...
New function to retrieve compression method from SSL_SESSION structure.
Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.
2011-12-22 15:01:16 +00:00
Ben Laurie
dd0ddc3e78
Fix DTLS.
2011-12-20 15:05:03 +00:00
Dr. Stephen Henson
b8a22c40e0
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Remove unnecessary code for srp and to add some comments to
s_client.
- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable
- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
2011-12-14 22:18:03 +00:00
Ben Laurie
96fe35e7d4
Remove redundant TLS exporter.
2011-12-13 14:35:12 +00:00
Ben Laurie
e87afb1518
SSL export fixes (from Adam Langley).
2011-12-13 14:25:11 +00:00
Dr. Stephen Henson
7454cba4fa
fix error discrepancy
2011-12-07 12:28:50 +00:00
Ben Laurie
a0cf79e841
Fix exporter.
2011-12-02 16:49:32 +00:00
Ben Laurie
825e1a7c56
Fix warnings.
2011-12-02 14:39:41 +00:00
Bodo Möller
9f2b453338
Resolve a stack set-up race condition (if the list of compression
...
methods isn't presorted, it will be sorted on first read).
Submitted by: Adam Langley
2011-12-02 12:51:41 +00:00
Dr. Stephen Henson
2c7d978c2d
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Make SRP conformant to rfc 5054.
Changes are:
- removal of the addition state after client hello
- removal of all pre-rfc srp alert ids
- sending a fatal alert when there is no srp extension but when the
server wants SRP
- removal of unnecessary code in the client.
2011-11-25 00:18:10 +00:00
Ben Laurie
8cd897a42c
Don't send NPN during renegotiation.
2011-11-24 18:22:06 +00:00
Ben Laurie
1dc44d3130
Indent.
2011-11-24 16:51:15 +00:00
Dr. Stephen Henson
d7125d8d85
move internal functions to ssl_locl.h
2011-11-21 22:52:01 +00:00
Dr. Stephen Henson
43716567f5
bcmp doesn't exist on all platforms, replace with memcmp
2011-11-21 22:29:16 +00:00
Ben Laurie
b1d7429186
Add TLS exporter.
2011-11-15 23:51:22 +00:00
Ben Laurie
060a38a2c0
Add DTLS-SRTP.
2011-11-15 23:02:16 +00:00
Ben Laurie
68b33cc5c7
Add Next Protocol Negotiation.
2011-11-13 21:55:42 +00:00
Ben Laurie
4c02cf8ecc
make depend.
2011-11-13 20:23:34 +00:00
Ben Laurie
271daaf768
Fix one of the no-tlsext build errors (there are more).
2011-11-13 20:19:21 +00:00
Dr. Stephen Henson
efbb7ee432
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
2011-11-13 13:13:14 +00:00
Dr. Stephen Henson
5372f5f989
PR: 2628
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
2011-10-27 13:06:43 +00:00
Dr. Stephen Henson
6d24c09a69
PR: 2628
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix for ECC keys and DTLS.
2011-10-27 13:01:20 +00:00
Dr. Stephen Henson
1f713e0106
Use correct tag for SRP username.
2011-10-25 12:52:47 +00:00
Bodo Möller
f72c1a58cb
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
...
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-13 13:05:35 +00:00
Dr. Stephen Henson
06afa6eb94
add GCM ciphers in SSL_library_init
2011-10-10 12:56:11 +00:00
Dr. Stephen Henson
58e4205d6c
disable GCM if not available
2011-10-10 12:40:13 +00:00
Dr. Stephen Henson
6bd173fced
Don't disable TLS v1.2 by default any more.
2011-10-09 23:28:25 +00:00
Dr. Stephen Henson
b08b158b44
use client version when eliminating TLS v1.2 ciphersuites in client hello
2011-10-07 15:07:36 +00:00
Dr. Stephen Henson
928bd9a149
fix signed/unsigned warning
2011-09-26 17:04:41 +00:00
Dr. Stephen Henson
e53113b8ac
make sure eivlen is initialised
2011-09-24 23:06:35 +00:00
Dr. Stephen Henson
56f5ab43c2
PR: 2602
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS bug which prevents manual MTU setting
2011-09-23 13:35:05 +00:00
Bodo Möller
3c3f025923
Fix session handling.
2011-09-05 13:36:55 +00:00
Bodo Möller
5ff6e2dfbb
Fix d2i_SSL_SESSION.
2011-09-05 13:31:07 +00:00
Bodo Möller
61ac68f9f6
(EC)DH memory handling fixes.
...
Submitted by: Adam Langley
2011-09-05 10:25:27 +00:00
Dr. Stephen Henson
ec5d74f868
PR: 2573
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS buffering and decryption bug.
2011-09-01 14:02:14 +00:00
Andy Polyakov
84e7485bfb
Add RC4-MD5 and AESNI-SHA1 "stitched" implementations [from HEAD].
2011-08-23 20:53:34 +00:00
Dr. Stephen Henson
cf199fec52
Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
...
using OBJ xref utilities instead of string comparison with OID name.
This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
2011-08-14 13:47:30 +00:00
Dr. Stephen Henson
aed53d6c5a
Backport GCM support from HEAD.
2011-08-04 11:13:28 +00:00
Dr. Stephen Henson
c8c6e9ecd9
Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and
...
prohibit use of these ciphersuites for TLS < 1.2
2011-07-25 21:45:17 +00:00
Andy Polyakov
90f3e4cf05
Back-port TLS AEAD framework [from HEAD].
2011-07-21 19:22:57 +00:00
Dr. Stephen Henson
f1c8db9f8c
PR: 2555
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS sequence number bug
2011-07-20 15:17:42 +00:00
Dr. Stephen Henson
2c9abbd554
PR: 2550
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS HelloVerifyRequest Timer bug
2011-07-20 15:13:43 +00:00
Dr. Stephen Henson
6abc406a69
PR: 2543
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Correctly handle errors in DTLSv1_handle_timeout()
2011-06-22 15:30:04 +00:00
Dr. Stephen Henson
4bea454021
set FIPS allow before initialising ctx
2011-06-14 15:25:41 +00:00
Dr. Stephen Henson
8e2f3c1c83
fix memory leak
2011-06-08 15:55:57 +00:00
