Commit graph

81 commits

Author SHA1 Message Date
Bodo Möller
5b5464d525 Fix for "Record of death" vulnerability CVE-2010-0740.
Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010).
2010-03-25 11:22:42 +00:00
Dr. Stephen Henson
6b5f0458fe Send no_renegotiation alert as required by spec. 2009-12-08 19:06:09 +00:00
Dr. Stephen Henson
c8f759ec74 Stop warning of signed/unsigned compare. 2009-07-14 15:28:44 +00:00
Dr. Stephen Henson
cddd00166c PR: 1984
Submitted by: Michael Tüxen <Michael.Tuexen@lurchi.franken.de>
Approved by: steve@openssl.org

Don't concatenate reads in DTLS.
2009-07-13 11:44:04 +00:00
Dr. Stephen Henson
b452f43322 PR: 1751
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.
2009-04-19 18:03:13 +00:00
Dr. Stephen Henson
9990cb75c1 PR: 1894
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Fix various typos and stuff.
2009-04-16 17:22:51 +00:00
Dr. Stephen Henson
c184b140df Update from 0.9.8-stable. 2009-04-07 16:30:32 +00:00
Richard Levitte
c7ba21493a Hopefully resolve signed vs unsigned issue. 2009-01-28 07:09:23 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should
test for them!
2008-12-29 16:11:58 +00:00
Ben Laurie
8aa02e97a7 Make sure a bad parameter to RSA_verify_PKCS1_PSS() doesn't lead to a crash.
(Coverity ID 135).
2008-12-29 13:35:08 +00:00
Lutz Jänicke
b8dfde2a36 Remove the DTLS1_BAD_VER thing from 0.9.9-dev. It is present in 0.9.8
but has been omitted from HEAD (0.9.9), see commit
  http://cvs.openssl.org/chngview?cn=16627
by appro.
2008-10-13 06:45:59 +00:00
Lutz Jänicke
7e7af0bc51 When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().

The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-10-10 10:41:35 +00:00
Bodo Möller
1cbf663a6c sanity check
PR: 1679
2008-08-13 19:45:06 +00:00
Bodo Möller
474b3b1cc8 Fix error codes for memory-saving patch.
Also, get rid of compile-time switch OPENSSL_NO_RELEASE_BUFFERS
because it was rather pointless (the new behavior has to be explicitly
requested by setting SSL_MODE_RELEASE_BUFFERS anyway).
2008-08-04 22:10:38 +00:00
Ben Laurie
8671b89860 Memory saving patch. 2008-06-03 02:48:34 +00:00
Dr. Stephen Henson
8164032a2e Fix warnings: computed value not use, incompatible pointer initialization
and cast from pointer to int of different size (linux-x86_64 and align).
2007-09-07 13:03:25 +00:00
Dr. Stephen Henson
81025661a9 Update ssl code to support digests other than MD5+SHA1 in handshake.
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
2007-08-31 12:42:53 +00:00
Dr. Stephen Henson
b948e2c59e Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. 2007-06-04 17:04:40 +00:00
Bodo Möller
1e24b3a09e fix support for receiving fragmented handshake messages 2006-11-29 14:45:50 +00:00
Andy Polyakov
a4d64c7f49 Align data payload for better performance. 2006-10-20 11:26:00 +00:00
Dr. Stephen Henson
566dda07ba New option SSL_OP_NO_COMP to disable compression. New ctrls to set
maximum send fragment size. Allocate I/O buffers accordingly.
2005-10-08 00:18:53 +00:00
Dr. Stephen Henson
09b6c2ef15 Make OPENSSL_NO_COMP compile again. 2005-09-30 23:35:33 +00:00
Bodo Möller
fbeaa3c47d Update util/ck_errf.pl script, and have it run automatically
during "make errors" and thus during "make update".

Fix lots of bugs that util/ck_errf.pl can detect automatically.
Various others of these are still left to fix; that's why
"make update" will complain loudly when run now.
2005-05-09 00:27:37 +00:00
Nils Larsch
9e5790ce21 backport fix from the stable branch 2005-05-03 10:00:16 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00
Dr. Stephen Henson
4843acc868 Fixes so alerts are sent properly in s3_pkt.c
PR: 851
2004-05-15 17:55:07 +00:00
Richard Levitte
5b0b0e98ce Security fix: Vaudenay timing attack on CBC.
An advisory will be posted to the web.  Expect a release within the hour.
2003-02-19 12:03:59 +00:00
Lutz Jänicke
7b63c0fa8c Reorder inclusion of header files:
des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:
2002-07-10 07:01:54 +00:00
Bodo Möller
b889d6a8e8 fix warning 2002-05-06 10:44:59 +00:00
Bodo Möller
3def5a010e fix casts 2002-05-05 23:00:28 +00:00
Richard Levitte
9738f395c6 Synchronise with 0.9.7-stable. 2002-04-29 10:28:29 +00:00
Richard Levitte
8b07f23c30 Signedness mismatch.
Notified by Bernd Matthes <bernd.matthes@gemplus.com>
2002-04-20 10:23:19 +00:00
Bodo Möller
82b0bf0b87 Implement known-IV countermeasure.
Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().
2002-04-13 22:47:20 +00:00
Ben Laurie
45d87a1ffe Prototype info function. 2002-01-12 15:56:13 +00:00
Ulf Möller
dcbbf83dba ssl3_read_bytes bug fix
Submitted by: D P Chang <dpc@qualys.com>
Reviewed by: Bodo
2001-12-28 17:14:35 +00:00
Bodo Möller
a661b65357 New functions SSL[_CTX]_set_msg_callback().
New macros SSL[_CTX]_set_msg_callback_arg().

Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).

New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.


In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.

Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).

Add/update some OpenSSL copyright notices.
2001-10-20 17:56:36 +00:00
Bodo Möller
bf21446a2a Add per-SSL 'msg_callback' with 'msg_callback_arg'.
Both have per-SSL_CTX defaults.
These new values can be set by calling SSL[_CTX]_[callback_]ctrl
with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG.

So far, the callback is never actually called.


Also rearrange some SSL_CTX struct members (some exist just in
SSL_CTXs, others are defaults for SSLs and are either copied
during SSL_new, or used if the value in the SSL is not set;
these three classes of members were not in a logical order),
and add some missing assignments to SSL_dup.
2001-10-16 13:09:24 +00:00
Bodo Möller
ee60d9fb28 Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
2001-09-20 18:35:52 +00:00
Bodo Möller
5277d7cb7c Fix ERR_R_... problems. 2001-03-07 01:19:07 +00:00
Richard Levitte
bc36ee6227 Use new-style system-id macros everywhere possible. I hope I haven't
missed any.

This compiles and runs on Linux, and external applications have no
problems with it.  The definite test will be to build this on VMS.
2001-02-20 08:13:47 +00:00
Bodo Möller
a0aae68cf6 Fix SSL_peek and SSL_pending. 2000-12-25 18:40:46 +00:00
Bodo Möller
5a4fbc69c3 First step towards SSL_peek fix. 2000-12-14 17:36:59 +00:00
Bodo Möller
54f10e6adc New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default
behaviour that SSL_read may result in SSL_ERROR_WANT_READ.
2000-09-12 20:28:30 +00:00
Bodo Möller
c129544f0f Avoid sprintf 2000-05-21 14:21:24 +00:00
Dr. Stephen Henson
8ab59e7a49 Fix shadow warning. 2000-02-26 02:16:36 +00:00
Bodo Möller
87a025cbb4 Use unsigned loop index to make compilers happy 2000-02-25 16:36:07 +00:00
Bodo Möller
b08b07b8ae The previous revision should have generated _more_ warnings, not less ...
The return value of handshake_func is signed, not unsigned.
2000-02-25 15:32:36 +00:00
Geoff Thorpe
4621a00063 More VC++ pickiness. (destest.c doesn't have a "return" and the usual
signed/unsigned stuff in s3_pkt.c)

Submitted by:
Reviewed by:
PR:
2000-02-25 15:09:04 +00:00
Bodo Möller
e01eed0fae Fix off-by-one error :-) 2000-02-25 14:40:11 +00:00
Bodo Möller
e5599db448 Fix warnings by using unsigned int where appropriate. 2000-02-25 14:27:31 +00:00