wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11375 commits 20 branches 302 tags 153 MiB
Commit graph

46 commits

Author SHA1 Message Date
Matt Caswell
9a6e994240 Remove incorrect code inadvertently introduced through commit 59669b6ab. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-04 14:18:45 +00:00
Matt Caswell
dfa2762bba Only use the fallback mtu after 2 unsuccessful retransmissions if it is less 
than the mtu we are already using

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 047f21593e)
 2014-12-03 09:31:39 +00:00
Matt Caswell
05e769f269 Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) 
and instead use the value provided by the underlying BIO. Also provide some
new DTLS_CTRLs so that the library user can set the mtu without needing to
know this constant. These new DTLS_CTRLs provide the capability to set the
link level mtu to be used (i.e. including this IP/UDP overhead). The previous
DTLS_CTRLs required the library user to subtract this overhead first.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 59669b6abf)

Conflicts:
	ssl/d1_both.c
 2014-12-03 09:31:35 +00:00
Matt Caswell
3cc0c0d21c The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being 
automatically updated, and we should use the one provided instead.
Unfortunately there are a couple of locations where this is not respected.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 001235778a)
 2014-12-03 09:30:21 +00:00
Matt Caswell
60de554e4f Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask 
PR#3608

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 8a35dbb6d8)
 2014-11-26 10:11:25 +00:00
Bodo Moeller
a46c705214 Support TLS_FALLBACK_SCSV. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-10-15 04:04:55 +02:00
zhu qun-ying
d52eb82781 Free up s->d1->buffered_app_data.q properly. 
PR#3286
(cherry picked from commit 71e95000afb2227fe5cac1c79ae884338bcd8d0b)
 2014-06-02 14:40:05 +01:00
Andy Polyakov
25ebd9e3ce bss_dgram.c,d1_lib.c: make it compile with mingw. 
Submitted by: Roumen Petrov
(cherry picked from commit 972b0dc350)
 2014-03-06 14:07:16 +01:00
Andy Polyakov
2cc5142fb1 Improve WINCE support. 
Submitted by: Pierre Delaage
(cherry picked from commit a006fef78e)

Resolved conflicts:

	crypto/bio/bss_dgram.c
	ssl/d1_lib.c
	util/pl/VC-32.pl
 2014-02-01 22:48:56 +01:00
Dr. Stephen Henson
65a87d3cc3 Dual DTLS version methods. 
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.

As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
(cherry picked from commit c6913eeb76)

Conflicts:

	CHANGES
 2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
b60b9e7afe Enable TLS 1.2 ciphers in DTLS 1.2. 
Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in
DTLS 1.2 mode too.
(cherry picked from commit 4221c0dd30)
 2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
acec5a6244 Provisional DTLS 1.2 support. 
Add correct flags for DTLS 1.2, update s_server and s_client to handle
DTLS 1.2 methods.

Currently no support for version negotiation: i.e. if client/server selects
DTLS 1.2 it is that or nothing.
(cherry picked from commit c3b344e36a)

Conflicts:

	apps/s_server.c
 2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
741c9959f6 DTLS revision. 
Revise DTLS code. There was a *lot* of code duplication in the
DTLS code that generates records. This makes it harder to maintain and
sometimes a TLS update is omitted by accident from the DTLS code.

Specifically almost all of the record generation functions have code like
this:

some_pointer = buffer + HANDSHAKE_HEADER_LENGTH;
... Record creation stuff ...
set_handshake_header(ssl, SSL_MT_SOMETHING, message_len);

...

write_handshake_message(ssl);

Where the "Record creation stuff" is identical between SSL/TLS and DTLS or
in some cases has very minor differences.

By adding a few fields to SSL3_ENC to include the header length, some flags
and function pointers for handshake header setting and handshake writing the
code can cope with both cases.

(cherry picked from commit 173e72e64c)
 2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
e9a3aa9721 Set s->d1 to NULL after freeing it. 
(cherry picked from commit 04638f2fc3)
 2013-04-08 18:39:52 +01:00
Dr. Stephen Henson
f897fe4146 correct error code 2012-04-18 15:17:39 +00:00
Dr. Stephen Henson
ce1605b508 PR: 2756 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
 2012-03-09 15:52:20 +00:00
Dr. Stephen Henson
25bfdca16a PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
 2012-03-06 13:47:27 +00:00
Dr. Stephen Henson
bd6941cfaa PR: 2658 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
 2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
e065e6cda2 PR: 2535 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Add SCTP support for DTLS (RFC 6083).
 2011-12-25 14:45:40 +00:00
Ben Laurie
b1d7429186 Add TLS exporter. 2011-11-15 23:51:22 +00:00
Dr. Stephen Henson
56f5ab43c2 PR: 2602 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting
 2011-09-23 13:35:05 +00:00
Dr. Stephen Henson
6abc406a69 PR: 2543 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Correctly handle errors in DTLSv1_handle_timeout()
 2011-06-22 15:30:04 +00:00
Dr. Stephen Henson
4159ac43aa Oops use up to date patch for PR#2506 2011-05-25 14:30:05 +00:00
Dr. Stephen Henson
88530f6b76 PR: 2506 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.
 2011-05-25 12:28:16 +00:00
Dr. Stephen Henson
2ab42de1ec PR: 2462 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug
 2011-04-03 17:14:48 +00:00
Dr. Stephen Henson
e995d5044e PR: 2223 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS timeout bug
 2010-04-06 12:29:21 +00:00
Dr. Stephen Henson
593222afe1 PR: 2121 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.
 2009-12-08 11:38:18 +00:00
Dr. Stephen Henson
d5b8c46499 PR: 2115 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
 2009-12-01 17:41:42 +00:00
Dr. Stephen Henson
53f062d050 PR: 2033 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS listen support.
 2009-09-09 17:05:42 +00:00
Richard Levitte
3798c36686 Include proper header files for time functions. 
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>
 2009-08-25 07:10:09 +00:00
Dr. Stephen Henson
5a96822f2c Update default dependency flags. 
Make error name discrepancies a fatal error.
Fix error codes.
make update
 2009-08-12 17:08:44 +00:00
Dr. Stephen Henson
a4bade7aac PR: 1997 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS timeout handling fix.
 2009-08-12 13:21:26 +00:00
Dr. Stephen Henson
e1f09dfd84 PR: 1921 
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve@openssl.org

Add ECDHE and PSK support to DTLS.
 2009-05-31 17:11:24 +00:00
Dr. Stephen Henson
661d35dfb2 Disable ECDHE in DTLS in a cleaner way. 2009-05-16 11:16:15 +00:00
Dr. Stephen Henson
f99c9daa39 Make the stuff compile again, fix missing prototype warnings. 2009-05-16 11:14:55 +00:00
Dr. Stephen Henson
d6584eba8c PR: 1922 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Timer bug fix.
 2009-05-15 22:58:13 +00:00
Dr. Stephen Henson
b452f43322 PR: 1751 
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.
 2009-04-19 18:03:13 +00:00
Dr. Stephen Henson
3c0ce01cea PR: 1827 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Updated patch for PR #1827
 2009-04-14 14:20:57 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Andy Polyakov
5d58f1bbfe Prohibit RC4 in DTLS. 2007-10-05 21:04:56 +00:00
Dr. Stephen Henson
42182852f5 Constify version strings is ssl lib. 2007-01-21 16:06:05 +00:00
Nils Larsch
01a9792f05 remove unused internal foo_base_method functions 2005-08-08 19:04:37 +00:00
Dr. Stephen Henson
f3b656b246 Initialize SSL_METHOD structures at compile time. This removes the need 
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
 2005-08-05 23:56:11 +00:00
Andy Polyakov
dffdb56b7f "Liberate" dtls from BN dependency. Fix bug in replay/update. 2005-06-07 22:21:14 +00:00
Richard Levitte
188b05792f pqueue and dtls uses 64-bit values. Unfortunately, OpenSSL doesn't 
have a uniform representation for those over all architectures, so a
little bit of hackery is needed.

Contributed by nagendra modadugu <nagendra@cs.stanford.edu>
 2005-05-30 22:34:37 +00:00
Ben Laurie
36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00