Commit graph

1551 commits

Author SHA1 Message Date
Dr. Stephen Henson
502dfeb8de Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
2012-04-25 23:08:44 +00:00
Andy Polyakov
5bbed29518 s23_clnt.c: ensure interoperability by maitaining client "version capability"
vector contiguous [from HEAD].
PR: 2802
2012-04-25 22:07:23 +00:00
Dr. Stephen Henson
dedfe959dd correct error code 2012-04-18 14:53:48 +00:00
Bodo Möller
4d936ace08 Disable SHA-2 ciphersuites in < TLS 1.2 connections.
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)

Submitted by: Adam Langley
2012-04-17 15:20:17 +00:00
Dr. Stephen Henson
89bd25eb26 Additional workaround for PR#2771
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.

Document workarounds in CHANGES.
2012-04-17 14:41:23 +00:00
Dr. Stephen Henson
4a1cf50187 Partial workaround for PR#2771.
Some servers hang when presented with a client hello record length exceeding
255 bytes but will work with longer client hellos if the TLS record version
in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all
cases...
2012-04-17 13:20:19 +00:00
Andy Polyakov
32e12316e5 OPENSSL_NO_SOCK fixes [from HEAD].
PR: 2791
Submitted by: Ben Noordhuis
2012-04-16 17:43:15 +00:00
Andy Polyakov
c2770c0e0e s3_srvr.c: fix typo [from HEAD].
PR: 2538
2012-04-15 17:23:41 +00:00
Andy Polyakov
371056f2b9 e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag
countermeasure [from HEAD].

PR: 2778
2012-04-15 14:23:03 +00:00
Andy Polyakov
3f98d7c0b5 ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444) [from HEAD].
PR: 2778
2012-04-04 20:51:27 +00:00
Dr. Stephen Henson
63e8f16737 PR: 2778(part)
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).
2012-03-31 18:02:43 +00:00
Dr. Stephen Henson
418044cbab Experimental workaround to large client hello issue (see PR#2771).
If OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
only.
2012-03-29 19:08:54 +00:00
Dr. Stephen Henson
78c5d2a9bb use client version when deciding whether to send supported signature algorithms extension 2012-03-21 21:32:57 +00:00
Andy Polyakov
9cc42cb091 ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER [from HEAD]. 2012-03-13 19:21:15 +00:00
Dr. Stephen Henson
267c950c5f Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Add more extension names in s_cb.c extension printing code.
2012-03-09 18:37:41 +00:00
Dr. Stephen Henson
ce1605b508 PR: 2756
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
2012-03-09 15:52:20 +00:00
Dr. Stephen Henson
25bfdca16a PR: 2755
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
2012-03-06 13:47:27 +00:00
Dr. Stephen Henson
9c284f9651 PR: 2748
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
2012-03-06 13:24:16 +00:00
Dr. Stephen Henson
a54ce007e6 PR: 2739
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix padding bugs in Heartbeat support.
2012-02-27 16:38:10 +00:00
Dr. Stephen Henson
f1fa05b407 ABI compliance fixes.
Move new structure fields to end of structures.

Import library codes from 1.0.0 and recreate new ones.
2012-02-22 14:01:44 +00:00
Dr. Stephen Henson
b935714237 typo 2012-02-17 17:31:32 +00:00
Dr. Stephen Henson
a8314df902 Fix bug in CVE-2011-4619: check we have really received a client hello
before rejecting multiple SGC restarts.
2012-02-16 15:25:39 +00:00
Dr. Stephen Henson
d40abf1689 Submitted by: Eric Rescorla <ekr@rtfm.com>
Further fixes for use_srtp extension.
2012-02-11 22:53:48 +00:00
Dr. Stephen Henson
c489ea7d01 PR: 2704
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>

Fix srp extension.
2012-02-10 20:08:49 +00:00
Dr. Stephen Henson
943cc09d8a Submitted by: Eric Rescorla <ekr@rtfm.com>
Fix encoding of use_srtp extension to be compliant with RFC5764
2012-02-10 00:03:37 +00:00
Dr. Stephen Henson
fc6800d19f Modify client hello version when renegotiating to enhance interop with
some servers.
2012-02-09 15:41:44 +00:00
Dr. Stephen Henson
adcea5a043 return error if md is NULL 2012-01-22 13:12:50 +00:00
Dr. Stephen Henson
2dc4b0dbe8 Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 18:14:56 +00:00
Andy Polyakov
c8e0b5d7b6 1.0.1-specific OPNESSL vs. OPENSSL typo.
PR: 2613
Submitted by: Leena Heino
2012-01-15 13:42:50 +00:00
Dr. Stephen Henson
285d9189c7 PR: 2652
Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

OpenVMS fixes.
2012-01-05 14:30:08 +00:00
Bodo Möller
409d2a1b71 Fix for builds without DTLS support.
Submitted by: Brian Carlstrom
2012-01-05 10:22:39 +00:00
Dr. Stephen Henson
e0b9678d7f PR: 2671
Submitted by: steve

Update maximum message size for certifiate verify messages to support
4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.
2012-01-05 00:28:29 +00:00
Dr. Stephen Henson
166dea6ac8 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send fatal alert if heartbeat extension has an illegal value.
2012-01-05 00:23:31 +00:00
Dr. Stephen Henson
0044739ae5 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 23:52:05 +00:00
Dr. Stephen Henson
4e44bd3650 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 23:13:29 +00:00
Dr. Stephen Henson
aaa3850ccd Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 23:07:54 +00:00
Dr. Stephen Henson
1cb4d65b87 Submitted by: Adam Langley <agl@chromium.org>
Reviewed by: steve

Fix memory leaks.
2012-01-04 14:25:28 +00:00
Dr. Stephen Henson
7b2dd292bc only send heartbeat extension from server if client sent one 2012-01-03 22:03:07 +00:00
Dr. Stephen Henson
d9834ff24b make update 2012-01-02 16:41:11 +00:00
Dr. Stephen Henson
bd6941cfaa PR: 2658
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
5c05f69450 make update 2011-12-27 14:38:27 +00:00
Dr. Stephen Henson
b300fb7734 PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.

- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
2011-12-27 14:23:22 +00:00
Dr. Stephen Henson
f89af47438 PR: 2326
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve

Fix incorrect comma expressions and goto f_err as alert has been set.
2011-12-26 19:38:09 +00:00
Dr. Stephen Henson
e065e6cda2 PR: 2535
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Add SCTP support for DTLS (RFC 6083).
2011-12-25 14:45:40 +00:00
Dr. Stephen Henson
60553cc209 typo 2011-12-23 15:03:16 +00:00
Dr. Stephen Henson
2d4c9ab518 delete unimplemented function from header file, update ordinals 2011-12-23 14:10:35 +00:00
Dr. Stephen Henson
242f8d644c remove prototype for deleted SRP function 2011-12-22 16:01:23 +00:00
Dr. Stephen Henson
f5575cd167 New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
New function to retrieve compression method from SSL_SESSION structure.

Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.
2011-12-22 15:01:16 +00:00
Ben Laurie
dd0ddc3e78 Fix DTLS. 2011-12-20 15:05:03 +00:00
Dr. Stephen Henson
b8a22c40e0 PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Remove unnecessary code for srp and to add some comments to
s_client.

- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable

- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
2011-12-14 22:18:03 +00:00
Ben Laurie
96fe35e7d4 Remove redundant TLS exporter. 2011-12-13 14:35:12 +00:00
Ben Laurie
e87afb1518 SSL export fixes (from Adam Langley). 2011-12-13 14:25:11 +00:00
Dr. Stephen Henson
7454cba4fa fix error discrepancy 2011-12-07 12:28:50 +00:00
Ben Laurie
a0cf79e841 Fix exporter. 2011-12-02 16:49:32 +00:00
Ben Laurie
825e1a7c56 Fix warnings. 2011-12-02 14:39:41 +00:00
Bodo Möller
9f2b453338 Resolve a stack set-up race condition (if the list of compression
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
2011-12-02 12:51:41 +00:00
Dr. Stephen Henson
2c7d978c2d PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Make SRP conformant to rfc 5054.

Changes are:

- removal of the addition state after client hello
- removal of all pre-rfc srp alert ids
- sending a fatal alert when there is no srp extension but when the
server wants SRP
- removal of unnecessary code in the client.
2011-11-25 00:18:10 +00:00
Ben Laurie
8cd897a42c Don't send NPN during renegotiation. 2011-11-24 18:22:06 +00:00
Ben Laurie
1dc44d3130 Indent. 2011-11-24 16:51:15 +00:00
Dr. Stephen Henson
d7125d8d85 move internal functions to ssl_locl.h 2011-11-21 22:52:01 +00:00
Dr. Stephen Henson
43716567f5 bcmp doesn't exist on all platforms, replace with memcmp 2011-11-21 22:29:16 +00:00
Ben Laurie
b1d7429186 Add TLS exporter. 2011-11-15 23:51:22 +00:00
Ben Laurie
060a38a2c0 Add DTLS-SRTP. 2011-11-15 23:02:16 +00:00
Ben Laurie
68b33cc5c7 Add Next Protocol Negotiation. 2011-11-13 21:55:42 +00:00
Ben Laurie
4c02cf8ecc make depend. 2011-11-13 20:23:34 +00:00
Ben Laurie
271daaf768 Fix one of the no-tlsext build errors (there are more). 2011-11-13 20:19:21 +00:00
Dr. Stephen Henson
efbb7ee432 PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
2011-11-13 13:13:14 +00:00
Dr. Stephen Henson
5372f5f989 PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
2011-10-27 13:06:43 +00:00
Dr. Stephen Henson
6d24c09a69 PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix for ECC keys and DTLS.
2011-10-27 13:01:20 +00:00
Dr. Stephen Henson
1f713e0106 Use correct tag for SRP username. 2011-10-25 12:52:47 +00:00
Bodo Möller
f72c1a58cb In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-13 13:05:35 +00:00
Dr. Stephen Henson
06afa6eb94 add GCM ciphers in SSL_library_init 2011-10-10 12:56:11 +00:00
Dr. Stephen Henson
58e4205d6c disable GCM if not available 2011-10-10 12:40:13 +00:00
Dr. Stephen Henson
6bd173fced Don't disable TLS v1.2 by default any more. 2011-10-09 23:28:25 +00:00
Dr. Stephen Henson
b08b158b44 use client version when eliminating TLS v1.2 ciphersuites in client hello 2011-10-07 15:07:36 +00:00
Dr. Stephen Henson
928bd9a149 fix signed/unsigned warning 2011-09-26 17:04:41 +00:00
Dr. Stephen Henson
e53113b8ac make sure eivlen is initialised 2011-09-24 23:06:35 +00:00
Dr. Stephen Henson
56f5ab43c2 PR: 2602
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting
2011-09-23 13:35:05 +00:00
Bodo Möller
3c3f025923 Fix session handling. 2011-09-05 13:36:55 +00:00
Bodo Möller
5ff6e2dfbb Fix d2i_SSL_SESSION. 2011-09-05 13:31:07 +00:00
Bodo Möller
61ac68f9f6 (EC)DH memory handling fixes.
Submitted by: Adam Langley
2011-09-05 10:25:27 +00:00
Dr. Stephen Henson
ec5d74f868 PR: 2573
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS buffering and decryption bug.
2011-09-01 14:02:14 +00:00
Andy Polyakov
84e7485bfb Add RC4-MD5 and AESNI-SHA1 "stitched" implementations [from HEAD]. 2011-08-23 20:53:34 +00:00
Dr. Stephen Henson
cf199fec52 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
2011-08-14 13:47:30 +00:00
Dr. Stephen Henson
aed53d6c5a Backport GCM support from HEAD. 2011-08-04 11:13:28 +00:00
Dr. Stephen Henson
c8c6e9ecd9 Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and
prohibit use of these ciphersuites for TLS < 1.2
2011-07-25 21:45:17 +00:00
Andy Polyakov
90f3e4cf05 Back-port TLS AEAD framework [from HEAD]. 2011-07-21 19:22:57 +00:00
Dr. Stephen Henson
f1c8db9f8c PR: 2555
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS sequence number bug
2011-07-20 15:17:42 +00:00
Dr. Stephen Henson
2c9abbd554 PR: 2550
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS HelloVerifyRequest Timer bug
2011-07-20 15:13:43 +00:00
Dr. Stephen Henson
6abc406a69 PR: 2543
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Correctly handle errors in DTLSv1_handle_timeout()
2011-06-22 15:30:04 +00:00
Dr. Stephen Henson
4bea454021 set FIPS allow before initialising ctx 2011-06-14 15:25:41 +00:00
Dr. Stephen Henson
8e2f3c1c83 fix memory leak 2011-06-08 15:55:57 +00:00
Dr. Stephen Henson
a6dc77822b Set SSL_FIPS flag in ECC ciphersuites. 2011-06-06 14:14:14 +00:00
Dr. Stephen Henson
f610a516a0 Backport from HEAD:
New option to disable characteristic two fields in EC code.

Make no-ec2m work on Win32 build.
2011-06-06 11:49:36 +00:00
Dr. Stephen Henson
7978dc989d fix error discrepancy 2011-06-03 18:50:49 +00:00
Dr. Stephen Henson
9ddc574f9a typo 2011-06-01 11:10:50 +00:00
Dr. Stephen Henson
2dd9e67874 set FIPS permitted flag before initalising digest 2011-05-31 16:24:06 +00:00
Dr. Stephen Henson
f93b03a5e6 Don't round up partitioned premaster secret length if there is only one
digest in use: this caused the PRF to fail for an odd premaster secret
length.
2011-05-31 10:35:22 +00:00
Dr. Stephen Henson
55a47cd30f Output supported curves in preference order instead of numerically. 2011-05-30 17:58:29 +00:00
Dr. Stephen Henson
9c34782478 Don't advertise or use MD5 for TLS v1.2 in FIPS mode 2011-05-25 15:33:29 +00:00
Dr. Stephen Henson
20e6d22709 PR: 2533
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes
the program to crash. This is due to missing version checks and is fixed with
this patch.
2011-05-25 15:21:01 +00:00
Dr. Stephen Henson
24dd0c61ef PR: 2529
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.
2011-05-25 15:16:01 +00:00
Dr. Stephen Henson
4159ac43aa Oops use up to date patch for PR#2506 2011-05-25 14:30:05 +00:00
Dr. Stephen Henson
88530f6b76 PR: 2506
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.
2011-05-25 12:28:16 +00:00
Dr. Stephen Henson
a8cb8177f6 PR: 2505
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.
2011-05-25 12:24:43 +00:00
Dr. Stephen Henson
277f8a34f4 use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS 2011-05-25 11:43:17 +00:00
Dr. Stephen Henson
4dde470865 Add tls12_sigalgs which somehow didn't get added to the backport. 2011-05-21 17:40:23 +00:00
Dr. Stephen Henson
b81fde02aa Add server client certificate support for TLS v1.2 . This is more complex
than client side as we need to keep the handshake record cache frozen when
it contains all the records need to process the certificate verify message.
(backport from HEAD).
2011-05-20 14:58:45 +00:00
Dr. Stephen Henson
7043fa702f add FIPS support to ssl: doesn't do anything on this branch yet as there is no FIPS compilation support 2011-05-19 18:22:16 +00:00
Dr. Stephen Henson
74bf705ea8 set encodedPoint to NULL after freeing it 2011-05-19 16:18:11 +00:00
Dr. Stephen Henson
4fe4c00eca Provisional support for TLS v1.2 client authentication: client side only.
Parse certificate request message and set digests appropriately.

Generate new TLS v1.2 format certificate verify message.

Keep handshake caches around for longer as they are needed for client auth.
2011-05-12 17:49:15 +00:00
Dr. Stephen Henson
376838a606 Process signature algorithms during TLS v1.2 client authentication.
Make sure message is long enough for signature algorithms.

(backport from HEAD).
2011-05-12 17:44:59 +00:00
Dr. Stephen Henson
766e0cb7d1 SRP fixes from HEAD which weren't in 1.0.1-stable. 2011-05-12 13:46:40 +00:00
Dr. Stephen Henson
39348038df make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:52:34 +00:00
Dr. Stephen Henson
9472baae0d Backport TLS v1.2 support from HEAD.
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
2011-05-11 13:37:52 +00:00
Dr. Stephen Henson
74096890ba Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN
all ssl related structures are opaque and internals cannot be directly
accessed. Many applications will need some modification to support this and
most likely some additional functions added to OpenSSL.

The advantage of this option is that any application supporting it will still
be binary compatible if SSL structures change.

(backport from HEAD).
2011-05-11 12:56:38 +00:00
Dr. Stephen Henson
2ab42de1ec PR: 2462
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug
2011-04-03 17:14:48 +00:00
Dr. Stephen Henson
ac2024ccbf PR: 2458
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Don't change state when answering DTLS ClientHello.
2011-04-03 16:25:54 +00:00
Dr. Stephen Henson
93164a7d64 PR: 2457
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS fragment reassembly bug.
2011-04-03 15:48:32 +00:00
Richard Levitte
ecff2e5ce1 Corrections to the VMS build system.
Submitted by Steven M. Schweda <sms@antinode.info>
2011-03-25 16:21:08 +00:00
Richard Levitte
d135906dbc For VMS, implement the possibility to choose 64-bit pointers with
different options:
"64"		The build system will choose /POINTER_SIZE=64=ARGV if
		the compiler supports it, otherwise /POINTER_SIZE=64.
"64="		The build system will force /POINTER_SIZE=64.
"64=ARGV"	The build system will force /POINTER_SIZE=64=ARGV.
2011-03-25 09:39:46 +00:00
Richard Levitte
9f427a52cb make update (1.0.1-stable)
This meant a slight renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable.  However, since there's been no release on
this branch yet, it should be harmless.
2011-03-23 00:06:04 +00:00
Richard Levitte
e59fb00735 SRP was introduced, add it for OpenVMS. 2011-03-19 09:55:35 +00:00
Richard Levitte
01d2e27a2b Apply all the changes submitted by Steven M. Schweda <sms@antinode.info> 2011-03-19 09:47:47 +00:00
Dr. Stephen Henson
3393e0c02c Fix SRP error codes (from HEAD). 2011-03-16 16:55:12 +00:00
Ben Laurie
a149b2466e Add SRP. 2011-03-16 11:26:40 +00:00
Dr. Stephen Henson
80b3d7a3c9 Remove redundant check to stop compiler warning. 2011-03-12 17:05:58 +00:00
Ben Laurie
4bd48de60c Fix warning. 2011-03-12 12:18:34 +00:00
Dr. Stephen Henson
2eab92f8e3 make no-dsa work again 2011-03-10 18:27:13 +00:00
Bodo Möller
8c93c4dd42 OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
2011-02-08 17:48:41 +00:00
Bodo Möller
a288aaefc4 Assorted bugfixes:
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check

Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
2011-02-03 12:03:57 +00:00
Bodo Möller
346601bc32 CVE-2010-4180 fix (from OpenSSL_1_0_0-stable) 2011-02-03 10:42:00 +00:00
Dr. Stephen Henson
e1435034ae FIPS_allow_md5() no longer exists and is no longer required 2011-01-26 12:25:51 +00:00
Dr. Stephen Henson
4577b38d22 Don't use decryption_failed alert for TLS v1.1 or later. 2011-01-04 19:39:42 +00:00
Dr. Stephen Henson
a8515e2d28 Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
alert.
2011-01-04 19:33:30 +00:00
Richard Levitte
90d02be7c5 First attempt at adding the possibility to set the pointer size for the builds on VMS.
PR: 2393
2010-12-14 19:18:58 +00:00
Dr. Stephen Henson
6c36ca4628 PR: 2240
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve

As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.
2010-11-25 12:27:39 +00:00
Dr. Stephen Henson
9c61c57896 using_ecc doesn't just apply to TLSv1 2010-11-25 11:51:46 +00:00
Dr. Stephen Henson
95eef4df79 use generalised mac API for SSL key generation 2010-11-24 13:17:48 +00:00
Dr. Stephen Henson
a25c98ac73 remove duplicate statement 2010-11-18 17:33:44 +00:00
Dr. Stephen Henson
2d1e9ce753 oops, reinstate TLSv1 string 2010-11-17 18:16:57 +00:00
Dr. Stephen Henson
6e21ce592e fix CVE-2010-3864 2010-11-17 17:36:29 +00:00
Dr. Stephen Henson
1a8ecda3ee Only use explicit IV if cipher is in CBC mode. 2010-11-14 17:47:21 +00:00
Dr. Stephen Henson
d36c7b618d Get correct GOST private key instead of just assuming the last one is
correct: this isn't always true if we have more than one certificate.
2010-11-14 13:50:42 +00:00
Dr. Stephen Henson
3fa29765fd PR: 2314
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
2010-10-10 12:27:19 +00:00
Dr. Stephen Henson
36778eb231 PR: 1833
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix other cases not covered by original patch. (correct patch this time!)
2010-08-27 12:12:07 +00:00
Dr. Stephen Henson
c6dd154b3e oops, revert previous patch 2010-08-27 12:10:12 +00:00
Dr. Stephen Henson
35cae95032 PR: 1833
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix other cases not covered by original patch.
2010-08-27 11:57:42 +00:00
Bodo Möller
02ba02604c Patch from PR #1833 was broken: there's no s->s3->new_session
(only s->new_session).
2010-08-26 14:54:18 +00:00
Dr. Stephen Henson
48ae85b6ff PR: 1833
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Support for abbreviated handshakes when renegotiating.
2010-08-26 14:22:40 +00:00
Dr. Stephen Henson
53e7985c8d PR: 1830
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson

Support for RFC5705 key extractor.
2010-07-18 17:39:46 +00:00
Dr. Stephen Henson
28566b4966 no need for empty fragments with TLS 1.1 and later due to explicit IV 2010-06-27 14:42:43 +00:00
Dr. Stephen Henson
b4b15f68c0 Backport TLS v1.1 support from HEAD, ssl/ changes 2010-06-27 14:22:11 +00:00
Dr. Stephen Henson
e97359435e Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
72240ab31a PR: 2259
Submitted By: Artem Chuprina <ran@cryptocom.ru>

Check return values of HMAC in tls_P_hash and tls1_generate_key_block.

Although the previous version could in theory crash that would only happen if a
digest call failed. The standard software methods can never fail and only one
ENGINE currently uses digests and it is not compiled in by default.
2010-05-17 11:26:56 +00:00
Dr. Stephen Henson
8c1e7de6cb PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix bug in bitmask macros and stop warnings.
2010-05-03 13:01:50 +00:00
Dr. Stephen Henson
9f827ded1c fix signed/unsigned comparison warnings 2010-04-14 00:41:01 +00:00
Dr. Stephen Henson
1507f3abba PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix various DTLS fragment reassembly bugs.
2010-04-14 00:17:29 +00:00
Dr. Stephen Henson
30e8defe52 PR: 2229
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Don't drop DTLS connection if mac or decryption failed.
2010-04-14 00:09:55 +00:00
Dr. Stephen Henson
9f4dd3e3e3 PR: 2228
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS buffer record MAC failure bug.
2010-04-14 00:03:13 +00:00
Richard Levitte
d2f098b33d Spelling 2010-04-13 14:34:48 +00:00
Richard Levitte
0a4fe6c8db Undo the previous change, it was incorrect in this branch. 2010-04-13 11:10:07 +00:00
Richard Levitte
7bba401d5d Third argument to dtls1_buffer_record is by reference 2010-04-13 08:41:58 +00:00
Dr. Stephen Henson
acc9938ba5 Add SHA2 algorithms to SSL_library_init(). Although these aren't used
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
2010-04-07 13:18:30 +00:00
Dr. Stephen Henson
6dfd3cf68e PR: 2218
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS replay bug.
2010-04-06 12:44:55 +00:00
Dr. Stephen Henson
073775cbbb PR: 2219
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS buffering bug.
2010-04-06 12:40:10 +00:00
Dr. Stephen Henson
e995d5044e PR: 2223
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS timeout bug
2010-04-06 12:29:21 +00:00
Bodo Möller
5b5464d525 Fix for "Record of death" vulnerability CVE-2010-0740.
Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010).
2010-03-25 11:22:42 +00:00
Dr. Stephen Henson
7b52778eff PR: 1731 and maybe 2197
Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.
2010-03-24 23:16:49 +00:00
Dr. Stephen Henson
47333a34d5 Submitted by: Tomas Hoger <thoger@redhat.com>
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
2010-03-03 15:41:00 +00:00
Dr. Stephen Henson
90278430d9 make USE_CRYPTODEV_DIGESTS work 2010-03-01 01:19:36 +00:00
Dr. Stephen Henson
79363339b7 algorithms field has changed in 1.0.0 and later: update 2010-02-28 00:24:24 +00:00
Dr. Stephen Henson
fbe2c6b33e Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."
2010-02-27 23:04:10 +00:00
Dr. Stephen Henson
8321bab39c OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved 2010-02-17 19:43:46 +00:00
Dr. Stephen Henson
989238802a Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
2010-02-17 18:38:10 +00:00
Dr. Stephen Henson
45d6a15ae9 PR: 2171
Submitted by: Tomas Mraz <tmraz@redhat.com>

Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.

Also can now use SSL2 compatible client hello because RFC5746 supports it.
2010-02-16 14:20:40 +00:00
Dr. Stephen Henson
8b354e776b PR: 2161
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.

Make no-dsa, no-ecdsa and no-rsa compile again.
2010-02-02 13:36:05 +00:00
Dr. Stephen Henson
868f5e44ca PR: 2160
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Make session tickets work with DTLS.
2010-02-01 16:49:42 +00:00
Dr. Stephen Henson
4e5fdd11ea PR: 2159
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Typo in PR#1949 bug, oops!
2010-02-01 12:44:11 +00:00
Dr. Stephen Henson
57749b1b9f PR: 1949
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
2010-01-26 19:46:30 +00:00
Dr. Stephen Henson
f4f2b52995 oops 2010-01-26 13:56:15 +00:00
Dr. Stephen Henson
c7d5edbf5e export OPENSSL_isservice and make update 2010-01-26 13:55:33 +00:00
Richard Levitte
c8ca769d3b Compile t1_reneg on VMS as well.
Submitted by Steven M. Schweda <sms@antinode.info>
2010-01-25 00:19:33 +00:00
Dr. Stephen Henson
a377811f15 PR: 2153, 2125
Submitted by: steve@openssl.org

The original fix for PR#2125 broke compilation on some Unixware platforms:
revert and make conditional on VMS.
2010-01-24 16:57:38 +00:00
Dr. Stephen Henson
ef1b6b2cf2 The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING
ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.
2010-01-24 13:54:07 +00:00
Dr. Stephen Henson
ad8ee3d7d1 If legacy renegotiation is not permitted then send a fatal alert if a patched
server attempts to renegotiate with an unpatched client.
2010-01-22 18:49:19 +00:00
Dr. Stephen Henson
2a4d0dcb89 The use of NIDs in the password based encryption table can result in
algorithms not found when an application uses PKCS#12 and only calls
SSL_library_init() instead of OpenSSL_add_all_algorithms(). Simple
work around is to add the missing algorithm (40 bit RC2) in
SSL_library_init().
2010-01-19 19:55:47 +00:00
Dr. Stephen Henson
04aa7441ab PR: 2144
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Better fix for PR#2144
2010-01-19 19:11:21 +00:00
Dr. Stephen Henson
ddba003d5e PR: 2144
Submitted by: steve@openssl.org

Fix DTLS connection so new_session is reset if we read second client hello:
new_session is used to detect renegotiation.
2010-01-16 19:45:59 +00:00
Dr. Stephen Henson
e59d9a34c9 PR: 2133
Submitted by: steve@openssl.org

Add missing DTLS state strings.
2010-01-16 19:20:38 +00:00
Dr. Stephen Henson
8043f01b13 PR: 2125
Submitted by: "Alon Bar-Lev" <alon.barlev@gmail.com>

Fix gcc-aix compilation issue.
2010-01-14 17:51:52 +00:00
Dr. Stephen Henson
41c0f68630 Fix version handling so it can cope with a major version >3.
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
2010-01-13 19:08:29 +00:00
Dr. Stephen Henson
73ff97ad76 Simplify RI+SCSV logic:
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
2010-01-07 19:05:03 +00:00
Dr. Stephen Henson
eb17330837 Updates to conform with draft-ietf-tls-renegotiation-03.txt:
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
2010-01-06 17:37:38 +00:00
Dr. Stephen Henson
1f67a3a985 compress_meth should be unsigned 2010-01-05 16:46:39 +00:00
Dr. Stephen Henson
4cba294d79 Client side compression algorithm sanity checks: ensure old compression
algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).
2010-01-01 14:39:51 +00:00
Dr. Stephen Henson
e642fd7a1c Compression handling on session resume was badly broken: it always
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
2010-01-01 00:44:36 +00:00
Dr. Stephen Henson
986093affa Typo 2009-12-27 23:03:25 +00:00
Dr. Stephen Henson
f88e0acb0e Update RI to match latest spec.
MCSV is now called SCSV.

Don't send SCSV if renegotiating.

Also note if RI is empty in debug messages.
2009-12-27 22:59:09 +00:00
Dr. Stephen Henson
54bc369ad7 Alert to use is now defined in spec: update code 2009-12-17 15:42:43 +00:00
Dr. Stephen Henson
675564835c New option to enable/disable connection to unpatched servers 2009-12-16 20:28:30 +00:00
Dr. Stephen Henson
2456cd58c4 Allow initial connection (but no renegoriation) to servers which don't support
RI.

Reorganise RI checking code and handle some missing cases.
2009-12-14 13:55:39 +00:00
Ben Laurie
43a107026d Missing error code. 2009-12-12 15:57:53 +00:00
Dr. Stephen Henson
f1784f2fd2 Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL 2009-12-11 00:20:58 +00:00
Dr. Stephen Henson
b41a614686 Check s3 is not NULL 2009-12-09 14:53:51 +00:00
Dr. Stephen Henson
52a08e90d1 Add ctrls to clear options and mode.
Change RI ctrl so it doesn't clash.
2009-12-09 13:25:38 +00:00
Dr. Stephen Henson
6b5f0458fe Send no_renegotiation alert as required by spec. 2009-12-08 19:06:09 +00:00
Dr. Stephen Henson
b52a2738d4 Add ctrl and macro so we can determine if peer support secure renegotiation. 2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
10f99d7b77 Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:15:12 +00:00
Dr. Stephen Henson
593222afe1 PR: 2121
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.
2009-12-08 11:38:18 +00:00
Dr. Stephen Henson
d5b8c46499 PR: 2115
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:41:42 +00:00
Dr. Stephen Henson
3e8e12a6b6 Servers can't end up talking SSLv2 with legacy renegotiation disabled 2009-11-18 15:09:35 +00:00
Dr. Stephen Henson
5ddbb8f41a Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation 2009-11-18 14:45:32 +00:00
Dr. Stephen Henson
3c44e92bcb Include a more meaningful error message when rejecting legacy renegotiation 2009-11-18 14:19:52 +00:00
Dr. Stephen Henson
73582b8117 add missing parts of reneg port, fix apps patch 2009-11-11 14:51:29 +00:00
Dr. Stephen Henson
56327ebe6a make update 2009-11-10 13:23:04 +00:00
Dr. Stephen Henson
ec4346f6f9 oops, add missing prototypes 2009-11-09 18:58:50 +00:00
Dr. Stephen Henson
bc9058d041 First cut of renegotiation extension. (port to 1.0.0-stable) 2009-11-09 18:45:42 +00:00
Dr. Stephen Henson
e3738c49b8 If it is a new session don't send the old TLS ticket: send a zero length
ticket to request a new session.
2009-11-08 14:36:32 +00:00
Dr. Stephen Henson
23b97c6bb5 PR: 2089
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Fragment size bug fix.
2009-11-02 13:37:17 +00:00
Dr. Stephen Henson
036b3f331b Generate stateless session ID just after the ticket is received instead
of when a session is loaded. This will mean that applications that
just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()
will still work.
2009-10-30 14:06:18 +00:00
Dr. Stephen Henson
3d0b604c14 Fix statless session resumption so it can coexist with SNI 2009-10-30 13:22:44 +00:00
Dr. Stephen Henson
257b2bfb6c Don't attempt session resumption if no ticket is present and session
ID length is zero.
2009-10-28 19:52:35 +00:00
Dr. Stephen Henson
a9bb9d0eb4 PR: 2072
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Avoid potential doublefree and reuse of freed handshake_buffer.
2009-10-16 15:24:19 +00:00
Dr. Stephen Henson
cc6688d796 PR: 2073
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Don't access freed SSL_CTX in SSL_free().
2009-10-16 13:41:52 +00:00
Dr. Stephen Henson
ad187f8905 Fix unitialized warnings 2009-10-04 16:52:35 +00:00
Dr. Stephen Henson
3d1dab4404 PR: 2055
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_ctrl error handling in s2_srvr.c
2009-10-01 00:07:10 +00:00
Dr. Stephen Henson
29c2fd46d2 PR: 2054
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_ctrl error handling
2009-10-01 00:03:50 +00:00
Dr. Stephen Henson
af3d4e1b02 PR: 2039
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS listen bug fix,
2009-09-15 22:48:30 +00:00
Dr. Stephen Henson
80afb40ae3 Submitted by: Julia Lawall <julia@diku.dk>
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:27:27 +00:00
Dr. Stephen Henson
a131de9bb2 PR: 2025
Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Constify SSL_CIPHER_description
2009-09-12 23:18:09 +00:00
Dr. Stephen Henson
0ddd002f60 PR: 1411
Submitted by: steve@openssl.org

Allow use of trusted certificates in SSL_CTX_use_chain_file()
2009-09-12 23:09:26 +00:00
Dr. Stephen Henson
53f062d050 PR: 2033
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS listen support.
2009-09-09 17:05:42 +00:00
Dr. Stephen Henson
9769137a43 Typo presumably... 2009-09-06 17:55:40 +00:00
Dr. Stephen Henson
c0688f1aef Make update, deleting bogus DTLS error code 2009-09-06 15:55:54 +00:00
Dr. Stephen Henson
2e9802b7a7 PR: 2028
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.
2009-09-04 17:42:06 +00:00
Dr. Stephen Henson
54ed003ace PR: 2009
Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov@opera.com>
Approved by: steve@openssl.org

Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although
the ticket mentions buffer overruns this isn't a security issue because
the SSL_SESSION structure is generated internally and it should never be
possible to supply its contents from an untrusted application (this would
among other things destroy session cache security).
2009-09-02 13:20:22 +00:00
Dr. Stephen Henson
f18e10253d PR: 2022
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS record header length bug.
2009-09-02 12:53:32 +00:00
Dr. Stephen Henson
17f8d8db61 PR: 2006
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Do not use multiple DTLS records for a single user message
2009-08-26 11:51:23 +00:00
Richard Levitte
3798c36686 Include proper header files for time functions.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
2009-08-25 07:10:09 +00:00
Dr. Stephen Henson
5a96822f2c Update default dependency flags.
Make error name discrepancies a fatal error.
Fix error codes.
make update
2009-08-12 17:08:44 +00:00
Dr. Stephen Henson
a4bade7aac PR: 1997
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.
2009-08-12 13:21:26 +00:00
Dr. Stephen Henson
f45e8c7bdd PR: 2000
Submitted by: 	Vadim Zeitlin <vz-openssl@zeitlins.org>
Approved by: steve@openssl.org

Make no-comp compile without warnings.
2009-08-05 15:29:14 +00:00
Dr. Stephen Henson
d7406b1528 PR: 1993
Fix from 0.9.8-stable.
2009-07-24 11:52:32 +00:00
Dr. Stephen Henson
5135d6b985 Fix error codes and indentation. 2009-07-15 11:32:58 +00:00
Dr. Stephen Henson
c8f759ec74 Stop warning of signed/unsigned compare. 2009-07-14 15:28:44 +00:00
Dr. Stephen Henson
cddd00166c PR: 1984
Submitted by: Michael Tüxen <Michael.Tuexen@lurchi.franken.de>
Approved by: steve@openssl.org

Don't concatenate reads in DTLS.
2009-07-13 11:44:04 +00:00
Dr. Stephen Henson
c155d83f5b Delete MD2 from algorithm tables and default compilation. 2009-07-08 08:50:53 +00:00
Dr. Stephen Henson
5a03e3ac3f Fix from HEAD. 2009-07-04 12:05:14 +00:00
Dr. Stephen Henson
08b2097967 Update from HEAD. 2009-07-04 11:44:01 +00:00
Dr. Stephen Henson
2b3cd246e5 PR: 1962
Submitted by: Daniel Mentz <daniel.m@sent.com>
Reviewed by: steve@openssl.org

Fix "for dtls1_get_record() returns a bad record in one edge case" bug.
2009-07-01 11:29:01 +00:00
Dr. Stephen Henson
76ec9151d1 Update from 0.9.8-stable. 2009-06-30 22:26:28 +00:00
Dr. Stephen Henson
6c24dd9005 Typo. 2009-06-30 20:55:55 +00:00
Dr. Stephen Henson
29b0c4a01c Add "missing" functions for setting all verify parameters for SSL_CTX and SSL
structures.
2009-06-30 11:57:24 +00:00
Dr. Stephen Henson
b824f0f458 Redundant check: s->param is always non-NULL, it is set in SSL_new(). 2009-06-30 11:41:35 +00:00
Dr. Stephen Henson
43ea53a04a Inherit parameters properly in SSL contexts: any parameters set should
replace those in the current list.
2009-06-30 11:21:00 +00:00
Dr. Stephen Henson
dbb834ffeb Update from 0.9.8-stable. 2009-06-28 16:24:11 +00:00
Dr. Stephen Henson
887c250852 Update from 0.9.8-stable. 2009-06-26 15:04:22 +00:00
Dr. Stephen Henson
0cb76e79df PR: 1748
Fix nasty SSL BIO pop bug. Since this changes the behaviour of SSL BIOs and
will break applications that worked around the bug only included in 1.0.0 and
later.
2009-06-25 11:26:45 +00:00
Dr. Stephen Henson
72d668c332 Update from HEAD. 2009-06-24 13:30:07 +00:00
Dr. Stephen Henson
3492c47b18 Update from HEAD. 2009-06-17 11:38:26 +00:00
Dr. Stephen Henson
85d9b02d16 Update from HEAD. 2009-06-16 16:55:01 +00:00
Dr. Stephen Henson
bfd502f027 Updates from HEAD. 2009-06-16 16:39:20 +00:00
Ben Laurie
6cfab29b71 Make depend. 2009-06-14 02:37:22 +00:00
Dr. Stephen Henson
55708796af Update from HEAD. 2009-06-13 20:47:09 +00:00
Dr. Stephen Henson
7074f1df07 Stop gcc bracket warning. 2009-06-05 14:57:10 +00:00
Dr. Stephen Henson
4e63da0669 PR: 1950
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve@openssl.org

DTLS fragment retransmission bug.
2009-06-05 14:46:49 +00:00
Dr. Stephen Henson
4e66723517 Update from HEAD. 2009-06-02 11:23:30 +00:00
Dr. Stephen Henson
e1f09dfd84 PR: 1921
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve@openssl.org

Add ECDHE and PSK support to DTLS.
2009-05-31 17:11:24 +00:00
Dr. Stephen Henson
6e87cc8da6 Need definition of struct timeval for dtls1.h which broke WIN32 builds,
so include winsock.h. (might be a cleaner way to do this...)
2009-05-28 20:53:16 +00:00
Dr. Stephen Henson
cc1cb996f1 Submitted by: Artem Chuprina <ran@cryptocom.ru>
Reviewed by: steve@openssl.org

Fix to match latest GOST in TLS draft.
2009-05-28 18:10:47 +00:00
Dr. Stephen Henson
0454f2c490 PR: 1929
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Approved by: steve@openssl.org

Updated DTLS MTU bug fix.
2009-05-17 16:04:21 +00:00
Dr. Stephen Henson
abda7c1147 PR: 1931
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix fragment handling memory leak.
2009-05-16 16:22:11 +00:00
Dr. Stephen Henson
88b48dc680 PR: 1930
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Limit size of DTLS record buffer queue.
2009-05-16 16:17:46 +00:00
Dr. Stephen Henson
661d35dfb2 Disable ECDHE in DTLS in a cleaner way. 2009-05-16 11:16:15 +00:00
Dr. Stephen Henson
f99c9daa39 Make the stuff compile again, fix missing prototype warnings. 2009-05-16 11:14:55 +00:00
Dr. Stephen Henson
d6584eba8c PR: 1922
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Timer bug fix.
2009-05-15 22:58:13 +00:00
Richard Levitte
006c7c6bb1 Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda).
Thank you\!
(note: not tested for now, a few nightly builds should give indications though)
2009-05-15 16:37:08 +00:00
Dr. Stephen Henson
b3620451b2 PR: 1921
Submitted by: steve@openssl.org

Our DTLS implementation doesn't currently handle ECDHE so don't include
unsupported ciphers in client hello.
2009-05-13 16:25:35 +00:00
Dr. Stephen Henson
d2f17d9615 Print out DTLS versions too. 2009-05-13 16:24:12 +00:00
Dr. Stephen Henson
561cbe5678 PR: 1923
Submitted by: Daniel Mentz <daniel.m@sent.com>, Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Don't access freed data structure.
2009-05-13 11:51:30 +00:00
Dr. Stephen Henson
4e50f02638 If an SSLv2 method is explicitly asked for use the SSLv2 cipher string:
assume an application *really* wants SSLv2 if they do that.

Otherwise stick with the default which excludes all SSLv2 cipher suites.
2009-04-29 14:12:54 +00:00
Dr. Stephen Henson
174ea15647 Typo. 2009-04-28 22:35:42 +00:00
Dr. Stephen Henson
18f8258a87 PR: 1629
Submitted by: Kaspar Brand <ossl-rt@velox.ch>
Approved by: steve@openssl.org

Don't use extensions if using SSLv3: this chokes some broken servers.
2009-04-28 22:01:53 +00:00
Dr. Stephen Henson
82ae57136b Some no-ec fixes (not complete yet). 2009-04-23 15:24:27 +00:00
Dr. Stephen Henson
b61a84c8e6 Fix WIN32 warnings. 2009-04-22 15:40:54 +00:00
Dr. Stephen Henson
a543ea44bc Fix WIN32 warning. 2009-04-22 12:17:02 +00:00
Dr. Stephen Henson
b0dd3d1b94 Another kerberos fix. 2009-04-21 22:30:54 +00:00
Dr. Stephen Henson
21fb688d26 Some fixes for kerberos builds. 2009-04-21 22:20:12 +00:00
Dr. Stephen Henson
dfc8e96daa Fix warning. 2009-04-21 15:11:59 +00:00
Dr. Stephen Henson
b452f43322 PR: 1751
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.
2009-04-19 18:03:13 +00:00
Dr. Stephen Henson
9990cb75c1 PR: 1894
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Fix various typos and stuff.
2009-04-16 17:22:51 +00:00
Dr. Stephen Henson
a5cc69c7ae PR: 1900
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Remove unnecessary included header file.
2009-04-16 16:42:02 +00:00
Dr. Stephen Henson
c900a78c99 PR: 1828
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Updated DTLS Rentransmission bug patch.
2009-04-15 14:49:36 +00:00
Dr. Stephen Henson
46ffb2dc97 PR #1828 reverted: state save/restore incompatible with 1.0.0-stable. 2009-04-14 15:29:34 +00:00
Dr. Stephen Henson
aab790a656 PR: 1829
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Timer Bug fix.
2009-04-14 14:33:12 +00:00
Dr. Stephen Henson
1319aad994 PR: 1647
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Update patch for PR#1647.
2009-04-14 14:22:26 +00:00
Dr. Stephen Henson
3c0ce01cea PR: 1827
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Updated patch for PR #1827
2009-04-14 14:20:57 +00:00
Dr. Stephen Henson
9fcbefebdb PR: 1828
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Update from 0.9.8-stable.
2009-04-14 14:19:46 +00:00
Dr. Stephen Henson
017d2a887f PR: 1838
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Updated patch from 0.9.8-stable.
2009-04-14 14:18:16 +00:00
Dr. Stephen Henson
9ae5743515 Disable SSLv2 cipher suites by default and avoid SSLv2 compatible client
hello if no SSLv2 cipher suites are included. This effectively disables
the broken SSLv2 use by default.
2009-04-07 17:01:07 +00:00
Dr. Stephen Henson
c184b140df Update from 0.9.8-stable. 2009-04-07 16:30:32 +00:00
Dr. Stephen Henson
9d80aa7e3f Update from 0.9.8-stable 2009-04-07 12:10:59 +00:00
Dr. Stephen Henson
c9a1778134 Fix error codes. 2009-04-05 11:54:34 +00:00
Dr. Stephen Henson
2dd5ca1fbc Make no-ssl2 work including on Win32 builds. 2009-04-04 17:57:34 +00:00
Dr. Stephen Henson
c6196da587 Update from 0.9.8-stable. 2009-04-02 22:28:52 +00:00
Dr. Stephen Henson
78625cac82 Submitted by: Victor Duchovni <Victor.Duchovni@morganstanley.com>
Reviewed by: steve@openssl.org

Check return value of sk_SSL_COMP_find() properly.
2009-03-12 17:30:29 +00:00
Ben Laurie
7587347bc4 Fix memory leak. 2009-02-23 16:40:59 +00:00
Ben Laurie
b3f3407850 Use new common flags and fix resulting warnings. 2009-02-15 14:08:51 +00:00
Dr. Stephen Henson
477fd4596f PR: 1835
Submitted by: Damien Miller <djm@mindrot.org>
Approved by: steve@openssl.org

Fix various typos.
2009-02-14 21:49:38 +00:00
Bodo Möller
d8e8fc4803 Put back a variable deleted by the previous revision,
but used in the code.
2009-02-01 01:08:13 +00:00
Richard Levitte
c7ba21493a Hopefully resolve signed vs unsigned issue. 2009-01-28 07:09:23 +00:00
Dr. Stephen Henson
d7ecd42255 Fix warnings properly this time ;-) 2009-01-11 20:34:23 +00:00
Dr. Stephen Henson
211655fcdd Fix sign-compare warnings. 2009-01-11 15:58:51 +00:00
Dr. Stephen Henson
bab534057b Updatde from stable branch. 2009-01-07 23:44:27 +00:00
Lutz Jänicke
fceac0bc74 Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
2009-01-05 14:43:05 +00:00
Ben Laurie
4a94003a51 srvr_ecdh cannot be NULL at this point (Coverity ID 232). 2009-01-02 12:49:07 +00:00
Ben Laurie
d41c785d69 Document dead code. 2008-12-30 13:02:02 +00:00
Ben Laurie
2bd45dc94c Apparently s->ctx could be NULL. (Coverity ID 147). 2008-12-29 16:15:27 +00:00
Ben Laurie
121f9e743c Apparently s->ctx could be NULL at this point (see earlier
test). (Coverity ID 148).
2008-12-29 16:13:49 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should
test for them!
2008-12-29 16:11:58 +00:00
Ben Laurie
8aa02e97a7 Make sure a bad parameter to RSA_verify_PKCS1_PSS() doesn't lead to a crash.
(Coverity ID 135).
2008-12-29 13:35:08 +00:00
Ben Laurie
85e878f224 Die earlier if hash is NULL. (Coverity IDs 137 & 138). 2008-12-29 11:54:56 +00:00
Ben Laurie
fe1c7fecf1 Reverse incorrect earlier fix. 2008-12-29 11:47:08 +00:00
Ben Laurie
0e941da6fa Die earlier if we have no hash function. 2008-12-29 11:46:44 +00:00
Ben Laurie
9b9cb004f7 Deal with the unlikely event that EVP_MD_CTX_size() returns an error.
(Coverity ID 140).
2008-12-27 02:09:24 +00:00
Ben Laurie
6ba71a7173 Handle the unlikely event that BIO_get_mem_data() returns -ve. 2008-12-27 02:00:38 +00:00
Dr. Stephen Henson
70531c147c Make no-engine work again. 2008-12-20 17:04:40 +00:00
Ben Laurie
a9dbe71ee0 Back out pointless change. 2008-12-13 17:45:49 +00:00
Ben Laurie
ecd3370ba0 *** empty log message *** 2008-12-13 17:45:27 +00:00
Dr. Stephen Henson
349e78e2e8 Stop warning about different const qualifiers. 2008-11-24 17:39:42 +00:00
Ben Laurie
f3b7bdadbc Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks. 2008-11-16 12:47:12 +00:00
Dr. Stephen Henson
12bf56c017 PR: 1574
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.
2008-11-15 17:18:12 +00:00
Ben Laurie
774b2fe700 Aftermath of a clashing size_t fix (now only format changes). 2008-11-13 09:48:47 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
7b808412c9 Make -DKSSL_DEBUG work again. 2008-11-10 19:08:37 +00:00
Dr. Stephen Henson
c76fd290be Fix warnings about mismatched prototypes, undefined size_t and value computed
not used.
2008-11-02 12:50:48 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Ben Laurie
bfaead2b12 Fix warning. 2008-10-29 05:10:09 +00:00
Dr. Stephen Henson
ab7e09f59b Win32 fixes... add new directory to build system. Fix warnings. 2008-10-27 12:31:13 +00:00
Dr. Stephen Henson
e19106f5fb Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.

This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Dr. Stephen Henson
606f6c477a Fix a shed load or warnings:
Duplicate const.
Use of ; outside function.
2008-10-20 15:12:00 +00:00
Lutz Jänicke
b8dfde2a36 Remove the DTLS1_BAD_VER thing from 0.9.9-dev. It is present in 0.9.8
but has been omitted from HEAD (0.9.9), see commit
  http://cvs.openssl.org/chngview?cn=16627
by appro.
2008-10-13 06:45:59 +00:00
Lutz Jänicke
570006f3a2 Half of the commit for 0.9.8 as the bitmap handling has changed.
(Firstly... ommitted)

Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-10-13 06:43:03 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Ben Laurie
6665ef303e Add missing DTLS1_BAD_VER (hope I got the value right). 2008-10-12 14:04:34 +00:00
Lutz Jänicke
7e7af0bc51 When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().

The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>
2008-10-10 10:41:35 +00:00
Bodo Möller
837f2fc7a4 Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.
2008-09-22 21:22:47 +00:00
Bodo Möller
96562f2fb3 update comment 2008-09-14 19:50:55 +00:00
Bodo Möller
fcbdde0dfe oops 2008-09-14 18:16:07 +00:00