Commit graph

47 commits

Author SHA1 Message Date
Dr. Stephen Henson
34b087c9d0 Fix null pointer errors.
PR#3394
(cherry picked from commit 7a9d59c148)
2014-06-10 14:48:12 +01:00
Dr. Stephen Henson
519c977c47 Fix CVE-2014-0221
Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
2014-06-03 16:30:37 +01:00
Dr. Stephen Henson
f4e6ed09e4 Fix for CVE-2014-0195
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Fixed by adding consistency check for DTLS fragments.

Thanks to Jüri Aedla for reporting this issue.
2014-06-03 16:30:37 +01:00
Sami Farin
bffbaf92bf Typo: set i to -1 before goto.
PR#3302
(cherry picked from commit 9717f01951f976f76dd40a38d9fc7307057fa4c4)
2014-06-02 13:53:51 +01:00
Dr. Stephen Henson
2d64b51d20 Fix DTLS retransmission from previous session.
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1)

Conflicts:

	ssl/ssl_locl.h
2013-12-20 23:20:24 +00:00
Michael Tuexen
a1a45c59ec Avoid unnecessary fragmentation.
(cherry picked from commit 80ccc66d7e)
2013-03-18 14:33:15 +00:00
Dr. Stephen Henson
f4f512a853 PR: 2755
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
2012-03-06 13:46:52 +00:00
Dr. Stephen Henson
68b5330040 PR: 2628
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
2011-10-27 13:06:34 +00:00
Dr. Stephen Henson
8f0968850b PR: 2602
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting
2011-09-23 13:35:19 +00:00
Dr. Stephen Henson
3622d3743e PR: 2462
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug
2011-04-03 17:15:08 +00:00
Dr. Stephen Henson
fbbf28e7c2 PR: 2458
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Don't change state when answering DTLS ClientHello.
2011-04-03 16:26:14 +00:00
Dr. Stephen Henson
f5dac77c06 PR: 2457
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS fragment reassembly bug.
2011-04-03 15:49:03 +00:00
Dr. Stephen Henson
8c1e7de6cb PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix bug in bitmask macros and stop warnings.
2010-05-03 13:01:50 +00:00
Dr. Stephen Henson
9f827ded1c fix signed/unsigned comparison warnings 2010-04-14 00:41:01 +00:00
Dr. Stephen Henson
1507f3abba PR: 2230
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix various DTLS fragment reassembly bugs.
2010-04-14 00:17:29 +00:00
Dr. Stephen Henson
7b52778eff PR: 1731 and maybe 2197
Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.
2010-03-24 23:16:49 +00:00
Dr. Stephen Henson
d5b8c46499 PR: 2115
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
2009-12-01 17:41:42 +00:00
Dr. Stephen Henson
23b97c6bb5 PR: 2089
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Fragment size bug fix.
2009-11-02 13:37:17 +00:00
Dr. Stephen Henson
29c2fd46d2 PR: 2054
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org

Correct BIO_ctrl error handling
2009-10-01 00:03:50 +00:00
Dr. Stephen Henson
a4bade7aac PR: 1997
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.
2009-08-12 13:21:26 +00:00
Dr. Stephen Henson
5135d6b985 Fix error codes and indentation. 2009-07-15 11:32:58 +00:00
Dr. Stephen Henson
dbb834ffeb Update from 0.9.8-stable. 2009-06-28 16:24:11 +00:00
Dr. Stephen Henson
7074f1df07 Stop gcc bracket warning. 2009-06-05 14:57:10 +00:00
Dr. Stephen Henson
4e63da0669 PR: 1950
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve@openssl.org

DTLS fragment retransmission bug.
2009-06-05 14:46:49 +00:00
Dr. Stephen Henson
abda7c1147 PR: 1931
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix fragment handling memory leak.
2009-05-16 16:22:11 +00:00
Dr. Stephen Henson
d6584eba8c PR: 1922
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Timer bug fix.
2009-05-15 22:58:13 +00:00
Dr. Stephen Henson
561cbe5678 PR: 1923
Submitted by: Daniel Mentz <daniel.m@sent.com>, Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Don't access freed data structure.
2009-05-13 11:51:30 +00:00
Dr. Stephen Henson
a543ea44bc Fix WIN32 warning. 2009-04-22 12:17:02 +00:00
Dr. Stephen Henson
b452f43322 PR: 1751
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.
2009-04-19 18:03:13 +00:00
Dr. Stephen Henson
c900a78c99 PR: 1828
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Updated DTLS Rentransmission bug patch.
2009-04-15 14:49:36 +00:00
Dr. Stephen Henson
46ffb2dc97 PR #1828 reverted: state save/restore incompatible with 1.0.0-stable. 2009-04-14 15:29:34 +00:00
Dr. Stephen Henson
9fcbefebdb PR: 1828
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Update from 0.9.8-stable.
2009-04-14 14:19:46 +00:00
Dr. Stephen Henson
017d2a887f PR: 1838
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Updated patch from 0.9.8-stable.
2009-04-14 14:18:16 +00:00
Andy Polyakov
659f7f3168 Don't let DTLS ChangeCipherSpec increment handshake sequence number.
PR: 1587
2007-10-17 21:15:48 +00:00
Andy Polyakov
e979c039f9 Fix warnings in d1_both.c [from 0.9.8-stable]. 2007-10-13 11:00:52 +00:00
Andy Polyakov
90acf770b5 DTLS fixes from 0.9.8-stable. 2007-10-13 10:57:02 +00:00
Andy Polyakov
89c333e3e5 Make ChangeCipherSpec compliant with DTLS RFC4347. 2007-09-30 21:19:30 +00:00
Andy Polyakov
54ef01b54b Fix indentation in d1_both.c. 2007-09-19 16:38:15 +00:00
Dr. Stephen Henson
81025661a9 Update ssl code to support digests other than MD5+SHA1 in handshake.
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
2007-08-31 12:42:53 +00:00
Dr. Stephen Henson
710069c19e Fix warnings. 2007-08-12 17:44:32 +00:00
Geoff Thorpe
f920c5b590 Fix signed/unsigned warnings. 2005-07-26 04:25:05 +00:00
Andy Polyakov
dffdb56b7f "Liberate" dtls from BN dependency. Fix bug in replay/update. 2005-06-07 22:21:14 +00:00
Richard Levitte
188b05792f pqueue and dtls uses 64-bit values. Unfortunately, OpenSSL doesn't
have a uniform representation for those over all architectures, so a
little bit of hackery is needed.

Contributed by nagendra modadugu <nagendra@cs.stanford.edu>
2005-05-30 22:34:37 +00:00
Dr. Stephen Henson
6c61726b2a Lots of Win32 fixes for DTLS.
1. "unsigned long long" isn't portable changed: to BN_ULLONG.
2. The LL prefix isn't allowed in VC++ but it isn't needed where it is used.
2. Avoid lots of compiler warnings about signed/unsigned mismatches.
3. Include new library directory pqueue in mk1mf build system.
4. Update symbols.
2005-04-27 16:27:14 +00:00
Bodo Möller
beb056b303 fix SSLerr stuff for DTLS1 code;
move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h";
fix silly indentation (a TAB is *not* always 4 spaces)
2005-04-26 18:08:00 +00:00
Dr. Stephen Henson
4e321ffaff Fixes for signed/unsigned warnings and shadows. 2005-04-26 17:43:53 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00