Bodo Möller
d3ddf0228e
Disable SHA-2 ciphersuites in < TLS 1.2 connections.
...
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)
Submitted by: Adam Langley
2012-04-17 15:23:03 +00:00
Dr. Stephen Henson
800e1cd969
Additional workaround for PR#2771
...
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.
Document workarounds in CHANGES.
2012-04-17 15:12:09 +00:00
Dr. Stephen Henson
293706e72c
Partial workaround for PR#2771.
...
Some servers hang when presented with a client hello record length exceeding
255 bytes but will work with longer client hellos if the TLS record version
in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all
cases...
2012-04-17 13:21:19 +00:00
Andy Polyakov
4a1fbd13ee
OPENSSL_NO_SOCK fixes.
...
PR: 2791
Submitted by: Ben Noordhuis
2012-04-16 17:42:36 +00:00
Andy Polyakov
3b1fb1a022
s3_srvr.c: fix typo.
...
PR: 2538
2012-04-15 17:22:57 +00:00
Andy Polyakov
fc90e42c86
e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag
...
countermeasure.
PR: 2778
2012-04-15 14:14:22 +00:00
Dr. Stephen Henson
adfd95c2ac
use different variable for chain iteration
2012-04-11 16:01:08 +00:00
Dr. Stephen Henson
b2284ed34a
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
...
Localize client hello extension parsing in t1_lib.c
2012-04-06 11:18:40 +00:00
Dr. Stephen Henson
a43526302f
Add support for automatic ECDH temporary key parameter selection. When
...
enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.
2012-04-05 13:38:27 +00:00
Andy Polyakov
a20152bdaf
ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444).
...
PR: 2778
2012-04-04 20:45:51 +00:00
Dr. Stephen Henson
fd2b65ce53
Tidy up EC parameter check code: instead of accessing internal structures
...
add utility functions to t1_lib.c to check if EC certificates and parameters
are consistent with peer.
2012-04-04 14:41:01 +00:00
Dr. Stephen Henson
94e9215fbc
PR: 2778(part)
...
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>
Time is always encoded as 4 bytes, not sizeof(Time).
2012-03-31 18:03:02 +00:00
Dr. Stephen Henson
d0595f170c
Initial revision of ECC extension handling.
...
Tidy some code up.
Don't allocate a structure to handle ECC extensions when it is used for
default values.
Make supported curves configurable.
Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
2012-03-28 15:05:04 +00:00
Dr. Stephen Henson
7744ef1ada
use client version when deciding whether to send supported signature algorithms extension
2012-03-21 21:33:23 +00:00
Dr. Stephen Henson
156421a2af
oops, revert unrelated patches
2012-03-14 13:46:50 +00:00
Dr. Stephen Henson
61ad8262a0
update FAQ, NEWS
2012-03-14 13:44:57 +00:00
Andy Polyakov
d2add2efaa
ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER.
2012-03-13 19:20:55 +00:00
Dr. Stephen Henson
15a40af2ed
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
...
Add more extension names in s_cb.c extension printing code.
2012-03-09 18:38:35 +00:00
Dr. Stephen Henson
ea6e386008
PR: 2756
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS timeout handling.
2012-03-09 15:52:33 +00:00
Dr. Stephen Henson
e7f8ff4382
New ctrls to retrieve supported signature algorithms and curves and
...
extensions to s_client and s_server to print out retrieved valued.
Extend CERT structure to cache supported signature algorithm data.
2012-03-06 14:28:21 +00:00
Dr. Stephen Henson
62b6948a27
PR: 2755
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reduce MTU after failed transmissions.
2012-03-06 13:47:43 +00:00
Dr. Stephen Henson
0fbf8b9cea
PR: 2748
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix possible DTLS timer deadlock.
2012-03-06 13:26:15 +00:00
Dr. Stephen Henson
57cb030cea
PR: 2739
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix padding bugs in Heartbeat support.
2012-02-27 16:38:24 +00:00
Dr. Stephen Henson
8f27a92754
ABI fixes from 1.0.1-stable
2012-02-23 22:25:52 +00:00
Dr. Stephen Henson
5421196eca
ABI compliance fixes.
...
Move new structure fields to end of structures.
2012-02-22 15:39:54 +00:00
Dr. Stephen Henson
74b4b49494
SSL export fixes (from Adam Langley) [original from 1.0.1]
2012-02-22 15:06:56 +00:00
Dr. Stephen Henson
de2b5b7439
initialise i if n == 0
2012-02-22 15:03:44 +00:00
Dr. Stephen Henson
206310c305
Fix bug in CVE-2011-4619: check we have really received a client hello
...
before rejecting multiple SGC restarts.
2012-02-16 15:26:04 +00:00
Dr. Stephen Henson
11eaec9ae4
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Further fixes for use_srtp extension.
2012-02-11 22:53:31 +00:00
Dr. Stephen Henson
1df80b6561
PR: 2704
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Fix srp extension.
2012-02-10 20:08:36 +00:00
Dr. Stephen Henson
5997efca83
Submitted by: Eric Rescorla <ekr@rtfm.com>
...
Fix encoding of use_srtp extension to be compliant with RFC5764
2012-02-10 00:07:18 +00:00
Dr. Stephen Henson
57559471bf
oops, revert unrelated changes
2012-02-09 15:43:58 +00:00
Dr. Stephen Henson
f4e1169341
Modify client hello version when renegotiating to enhance interop with
...
some servers.
2012-02-09 15:42:10 +00:00
Dr. Stephen Henson
febec8ff23
typo
2012-02-02 19:18:24 +00:00
Dr. Stephen Henson
f71c6e52f7
Add support for distinct certificate chains per key type and per SSL
...
structure.
Before this the only way to add a custom chain was in the parent SSL_CTX
(which is shared by all key types and SSL structures) or rely on auto
chain building (which is performed on each handshake) from the trust store.
2012-01-31 14:00:10 +00:00
Dr. Stephen Henson
9ade64dedf
code tidy
2012-01-27 14:21:38 +00:00
Dr. Stephen Henson
c526ed410c
Revise ssl code to use a CERT_PKEY structure when outputting a
...
certificate chain instead of an X509 structure.
This makes it easier to enhance code in future and the chain
output functions have access to the CERT_PKEY structure being
used.
2012-01-26 16:00:34 +00:00
Dr. Stephen Henson
4379d0e457
Tidy/enhance certificate chain output code.
...
New function ssl_add_cert_chain which adds a certificate chain to
SSL internal BUF_MEM. Use this function in ssl3_output_cert_chain
and dtls1_output_cert_chain instead of partly duplicating code.
2012-01-26 15:47:32 +00:00
Dr. Stephen Henson
08e4ea4884
initialise dh_clnt
2012-01-26 14:37:46 +00:00
Dr. Stephen Henson
0d60939515
add support for use of fixed DH client certificates
2012-01-25 14:51:49 +00:00
Dr. Stephen Henson
1db5f356f5
return error if md is NULL
2012-01-22 13:12:14 +00:00
Dr. Stephen Henson
855d29184e
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
...
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 18:15:27 +00:00
Dr. Stephen Henson
8e1dc4d7ca
Support for fixed DH ciphersuites.
...
The cipher definitions of these ciphersuites have been around since SSLeay
but were always disabled. Now OpenSSL supports DH certificates they can be
finally enabled.
Various additional changes were needed to make them work properly: many
unused fixed DH sections of code were untested.
2012-01-16 18:19:14 +00:00
Bodo Möller
7bb1cc9505
Fix for builds without DTLS support.
...
Submitted by: Brian Carlstrom
2012-01-05 10:22:41 +00:00
Dr. Stephen Henson
59e68615ce
PR: 2671
...
Submitted by: steve
Update maximum message size for certifiate verify messages to support
4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.
2012-01-05 00:28:43 +00:00
Dr. Stephen Henson
192540b522
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
...
Reviewed by: steve
Send fatal alert if heartbeat extension has an illegal value.
2012-01-05 00:23:17 +00:00
Dr. Stephen Henson
e745572493
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
...
Reviewed by: steve
Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 23:52:26 +00:00
Dr. Stephen Henson
27dfffd5b7
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
2012-01-04 23:16:15 +00:00
Dr. Stephen Henson
d0dc991c62
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
2012-01-04 23:15:51 +00:00
Dr. Stephen Henson
25536ea6a7
Submitted by: Adam Langley <agl@chromium.org>
...
Reviewed by: steve
Fix memory leaks.
2012-01-04 14:25:42 +00:00
Dr. Stephen Henson
b3720c34e5
oops, revert wrong patch
2012-01-03 22:06:21 +00:00
Dr. Stephen Henson
5733919dbc
only send heartbeat extension from server if client sent one
2012-01-03 22:03:20 +00:00
Dr. Stephen Henson
4817504d06
PR: 2658
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
2011-12-31 22:59:57 +00:00
Dr. Stephen Henson
84b6e277d4
make update
2011-12-27 14:46:03 +00:00
Dr. Stephen Henson
c79f22c63a
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
- remove some unncessary SSL_err and permit
an srp user callback to allow a worker to obtain
a user verifier.
- cleanup and comments in s_server and demonstration
for asynchronous srp user lookup
2011-12-27 14:21:45 +00:00
Dr. Stephen Henson
f3d781bb43
PR: 2326
...
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve
Fix incorrect comma expressions and goto f_err as alert has been set.
2011-12-26 19:37:58 +00:00
Dr. Stephen Henson
7e159e0133
PR: 2535
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Add SCTP support for DTLS (RFC 6083).
2011-12-25 14:45:15 +00:00
Dr. Stephen Henson
b9e1488865
typo
2011-12-23 15:03:03 +00:00
Dr. Stephen Henson
9c52c3e07c
delete unimplemented function from header file, update ordinals
2011-12-23 14:09:30 +00:00
Dr. Stephen Henson
b646fc409d
remove prototype for deleted SRP function
2011-12-22 16:05:02 +00:00
Dr. Stephen Henson
f9b0b45238
New ctrl values to clear or retrieve extra chain certs from an SSL_CTX.
...
New function to retrieve compression method from SSL_SESSION structure.
Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions
as they duplicate functionality of SSL_SESSION_get_id. Note: these functions
have never appeared in any release version of OpenSSL.
2011-12-22 15:14:32 +00:00
Dr. Stephen Henson
f2fc30751e
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Remove unnecessary code for srp and to add some comments to
s_client.
- the callback to provide a user during client connect is
no longer necessary since rfc 5054 a connection attempt
with an srp cipher and no user is terminated when the
cipher is acceptable
- comments to indicate in s_client the (non-)usefulness of
th primalaty tests for non known group parameters.
2011-12-14 22:17:06 +00:00
Ben Laurie
3c0ff9f939
Remove redundant TLS exporter.
2011-12-13 15:57:39 +00:00
Dr. Stephen Henson
7a2362611f
fix error discrepancy
2011-12-07 12:28:40 +00:00
Bodo Möller
19b0d0e75b
Resolve a stack set-up race condition (if the list of compression
...
methods isn't presorted, it will be sorted on first read).
Submitted by: Adam Langley
2011-12-02 12:52:00 +00:00
Dr. Stephen Henson
ebba6c4895
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Make SRP conformant to rfc 5054.
Changes are:
- removal of the addition state after client hello
- removal of all pre-rfc srp alert ids
- sending a fatal alert when there is no srp extension but when the
server wants SRP
- removal of unnecessary code in the client.
2011-11-25 00:17:44 +00:00
Bodo Möller
6f31dd72d2
Fix NPN implementation for renegotiation.
...
(Problem pointed out by Ben Murphy.)
Submitted by: Adam Langley
2011-11-24 21:07:01 +00:00
Dr. Stephen Henson
1c78c43bd3
move internal functions to ssl_locl.h
2011-11-21 22:52:13 +00:00
Dr. Stephen Henson
21b52dd3eb
bcmp doesn't exist on all platforms, replace with memcmp
2011-11-21 22:28:29 +00:00
Ben Laurie
e0af04056c
Add TLS exporter.
2011-11-15 23:50:52 +00:00
Ben Laurie
333f926d67
Add DTLS-SRTP.
2011-11-15 22:59:20 +00:00
Ben Laurie
ae55176091
Fix some warnings caused by __owur. Temporarily (I hope) remove the more
...
aspirational __owur annotations.
2011-11-14 00:36:10 +00:00
Dr. Stephen Henson
0c58d22ad9
PR: 1794
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve
Document unknown_psk_identify alert, remove pre-RFC 5054 string from
ssl_stat.c
2011-11-13 13:13:01 +00:00
Dr. Stephen Henson
930e801214
PR: 2628
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
2011-10-27 13:06:52 +00:00
Dr. Stephen Henson
fe0e302dff
PR: 2628
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix for ECC keys and DTLS.
2011-10-27 13:01:33 +00:00
Dr. Stephen Henson
45906fe63b
Use correct tag for SRP username.
2011-10-25 12:51:22 +00:00
Dr. Stephen Henson
ffbfbef943
more vxworks patches
2011-10-14 22:04:14 +00:00
Bodo Möller
3ddc06f082
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
...
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-13 13:05:58 +00:00
Dr. Stephen Henson
eb47b2fb13
add GCM ciphers in SSL_library_init
2011-10-10 12:56:18 +00:00
Dr. Stephen Henson
a0f21307e0
disable GCM if not available
2011-10-10 12:41:11 +00:00
Dr. Stephen Henson
7d7c13cbab
Don't disable TLS v1.2 by default now.
2011-10-09 23:26:39 +00:00
Dr. Stephen Henson
6dd547398a
use client version when eliminating TLS v1.2 ciphersuites in client hello
2011-10-07 15:07:19 +00:00
Dr. Stephen Henson
fca38e350b
fix signed/unsigned warning
2011-09-26 17:04:32 +00:00
Dr. Stephen Henson
d18a0df0a6
make sure eivlen is initialised
2011-09-24 23:06:20 +00:00
Dr. Stephen Henson
1d7392f219
PR: 2602
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS bug which prevents manual MTU setting
2011-09-23 13:34:48 +00:00
Bodo Möller
c519e89f5c
Fix session handling.
2011-09-05 13:36:23 +00:00
Bodo Möller
612fcfbd29
Fix d2i_SSL_SESSION.
2011-09-05 13:31:17 +00:00
Bodo Möller
e7928282d0
(EC)DH memory handling fixes.
...
Submitted by: Adam Langley
2011-09-05 10:25:31 +00:00
Dr. Stephen Henson
d41ce00b8c
PR: 2573
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS buffering and decryption bug.
2011-09-01 14:02:23 +00:00
Andy Polyakov
c608171d9c
Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.
2011-08-23 20:51:38 +00:00
Dr. Stephen Henson
1f59a84308
Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
...
using OBJ xref utilities instead of string comparison with OID name.
This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
2011-08-14 13:45:19 +00:00
Dr. Stephen Henson
28dd49faec
Expand range of ctrls for AES GCM to support retrieval and setting of
...
invocation field.
Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.
2011-08-03 15:37:22 +00:00
Dr. Stephen Henson
31475a370c
oops, remove debug option
2011-07-25 21:38:41 +00:00
Dr. Stephen Henson
d09677ac45
Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and
...
prohibit use of these ciphersuites for TLS < 1.2
2011-07-25 20:41:32 +00:00
Dr. Stephen Henson
0445ab3ae0
PR: 2555
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS sequence number bug
2011-07-20 15:17:51 +00:00
Dr. Stephen Henson
bb48f4ce6e
PR: 2550
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS HelloVerifyRequest Timer bug
2011-07-20 15:14:24 +00:00
Andy Polyakov
146e1fc7b3
ssl/ssl_ciph.c: allow to switch to predefined "composite" cipher/mac
...
combos that can be implemented as AEAD ciphers.
2011-07-11 14:00:43 +00:00
Andy Polyakov
7532071aa3
ssl/t1_enc.c: initial support for AEAD ciphers.
2011-07-11 13:58:59 +00:00
Dr. Stephen Henson
861a7e5c9f
PR: 2543
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Correctly handle errors in DTLSv1_handle_timeout()
2011-06-22 15:30:14 +00:00
Dr. Stephen Henson
70051b1d88
set FIPS allow before initialising ctx
2011-06-14 15:25:21 +00:00