Matt Caswell
fb73f12a9c
Follow on from CVE-2014-3571. This fixes the code that was the original source
...
of the crash due to p being NULL. Steve's fix prevents this situation from
occuring - however this is by no means obvious by looking at the code for
dtls1_get_record. This fix just makes things look a bit more sane.
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2015-01-08 15:46:19 +00:00
Dr. Stephen Henson
25d738c3a4
Fix crash in dtls1_get_record whilst in the listen state where you get two
...
separate reads performed - one for the header and one for the body of the
handshake record.
CVE-2014-3571
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-08 11:20:29 +00:00
Matt Caswell
ca88bd4112
Add checks to the return value of EVP_Cipher to prevent silent encryption failure.
...
PR#1767
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit fe78f08d15
)
2014-11-27 21:44:03 +00:00
Matt Caswell
de8a5b523f
Added SSLErr call for internal error in dtls1_buffer_record
2014-06-01 21:40:31 +01:00
David Ramos
8de85b0048
Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362
2014-06-01 21:40:25 +01:00
Dr. Stephen Henson
1dfb1b103c
DTLS version usage fixes.
...
Make DTLS behave like TLS when negotiating version: record layer has
DTLS 1.0, message version is 1.2.
Tolerate different version numbers if version hasn't been negotiated
yet.
(cherry picked from commit 40088d8b81
)
2013-09-18 13:47:05 +01:00
Dr. Stephen Henson
6e1987ca1d
DTLS trace support.
...
Add DTLS record header parsing, different client hello format and add
HelloVerifyRequest message type.
Add code to d1_pkt.c to send message headers to the message callback.
(cherry picked from commit 890f2f8b92
)
Conflicts:
ssl/ssl_locl.h
2013-09-18 13:46:03 +01:00
Dr. Stephen Henson
65a87d3cc3
Dual DTLS version methods.
...
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.
As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
(cherry picked from commit c6913eeb76
)
Conflicts:
CHANGES
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
b60b9e7afe
Enable TLS 1.2 ciphers in DTLS 1.2.
...
Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in
DTLS 1.2 mode too.
(cherry picked from commit 4221c0dd30
)
2013-09-18 13:46:02 +01:00
Michael Tuexen
75b81247a0
DTLS message_sequence number wrong in rehandshake ServerHello
...
This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.
(cherry picked from commit b62f4daac0
)
2013-08-13 18:55:16 +01:00
Michael Tuexen
2c1a5c1039
DTLS handshake fix.
...
Reported by: Prashant Jaikumar <rmstar@gmail.com>
Fix handling of application data received before a handshake.
(cherry picked from commit 0c75eeacd3
)
2013-08-08 13:31:54 +01:00
Dr. Stephen Henson
3c53fd892c
Fix error codes.
...
(cherry picked from commit 388aff08dc
)
2013-02-26 17:05:39 +00:00
Andy Polyakov
b05561c4b7
ssl/[d1|s3]_pkt.c: harmomize orig_len handling.
...
(cherry picked from commit 8545f73b89
)
2013-02-08 10:40:51 +01:00
Andy Polyakov
eeb486a5f4
ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.
...
Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
(cherry picked from commit 8bfd4c659f
)
2013-02-06 13:56:15 +00:00
Ben Laurie
1326a64a33
Update DTLS code to match CBC decoding in TLS.
...
This change updates the DTLS code to match the constant-time CBC
behaviour in the TLS.
(cherry picked from commit 9f27de170d
)
2013-02-06 13:56:13 +00:00
Ben Laurie
e0da2c2ed2
Don't crash when processing a zero-length, TLS >= 1.1 record.
...
The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
(cherry picked from commit 6cb19b7681
)
2013-02-06 13:56:13 +00:00
Ben Laurie
f5cd3561ba
Add and use a constant-time memcmp.
...
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a
)
2013-02-06 13:56:12 +00:00
Dr. Stephen Henson
ce1605b508
PR: 2756
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS timeout handling.
2012-03-09 15:52:20 +00:00
Dr. Stephen Henson
2dc4b0dbe8
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
...
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 18:14:56 +00:00
Dr. Stephen Henson
0044739ae5
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
...
Reviewed by: steve
Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 23:52:05 +00:00
Dr. Stephen Henson
bd6941cfaa
PR: 2658
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
e065e6cda2
PR: 2535
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Add SCTP support for DTLS (RFC 6083).
2011-12-25 14:45:40 +00:00
Dr. Stephen Henson
ec5d74f868
PR: 2573
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Fix DTLS buffering and decryption bug.
2011-09-01 14:02:14 +00:00
Dr. Stephen Henson
a8515e2d28
Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed
...
alert.
2011-01-04 19:33:30 +00:00
Dr. Stephen Henson
c6dd154b3e
oops, revert previous patch
2010-08-27 12:10:12 +00:00
Dr. Stephen Henson
35cae95032
PR: 1833
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix other cases not covered by original patch.
2010-08-27 11:57:42 +00:00
Dr. Stephen Henson
48ae85b6ff
PR: 1833
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Support for abbreviated handshakes when renegotiating.
2010-08-26 14:22:40 +00:00
Dr. Stephen Henson
e97359435e
Fix warnings (From HEAD, original patch by Ben).
2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
30e8defe52
PR: 2229
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Don't drop DTLS connection if mac or decryption failed.
2010-04-14 00:09:55 +00:00
Dr. Stephen Henson
9f4dd3e3e3
PR: 2228
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix DTLS buffer record MAC failure bug.
2010-04-14 00:03:13 +00:00
Richard Levitte
0a4fe6c8db
Undo the previous change, it was incorrect in this branch.
2010-04-13 11:10:07 +00:00
Richard Levitte
7bba401d5d
Third argument to dtls1_buffer_record is by reference
2010-04-13 08:41:58 +00:00
Dr. Stephen Henson
6dfd3cf68e
PR: 2218
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS replay bug.
2010-04-06 12:44:55 +00:00
Dr. Stephen Henson
073775cbbb
PR: 2219
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fixes for DTLS buffering bug.
2010-04-06 12:40:10 +00:00
Dr. Stephen Henson
ad187f8905
Fix unitialized warnings
2009-10-04 16:52:35 +00:00
Dr. Stephen Henson
af3d4e1b02
PR: 2039
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS listen bug fix,
2009-09-15 22:48:30 +00:00
Dr. Stephen Henson
17f8d8db61
PR: 2006
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Do not use multiple DTLS records for a single user message
2009-08-26 11:51:23 +00:00
Dr. Stephen Henson
a4bade7aac
PR: 1997
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS timeout handling fix.
2009-08-12 13:21:26 +00:00
Dr. Stephen Henson
d7406b1528
PR: 1993
...
Fix from 0.9.8-stable.
2009-07-24 11:52:32 +00:00
Dr. Stephen Henson
cddd00166c
PR: 1984
...
Submitted by: Michael Tüxen <Michael.Tuexen@lurchi.franken.de>
Approved by: steve@openssl.org
Don't concatenate reads in DTLS.
2009-07-13 11:44:04 +00:00
Dr. Stephen Henson
5a03e3ac3f
Fix from HEAD.
2009-07-04 12:05:14 +00:00
Dr. Stephen Henson
08b2097967
Update from HEAD.
2009-07-04 11:44:01 +00:00
Dr. Stephen Henson
2b3cd246e5
PR: 1962
...
Submitted by: Daniel Mentz <daniel.m@sent.com>
Reviewed by: steve@openssl.org
Fix "for dtls1_get_record() returns a bad record in one edge case" bug.
2009-07-01 11:29:01 +00:00
Dr. Stephen Henson
4e63da0669
PR: 1950
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve@openssl.org
DTLS fragment retransmission bug.
2009-06-05 14:46:49 +00:00
Dr. Stephen Henson
88b48dc680
PR: 1930
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Limit size of DTLS record buffer queue.
2009-05-16 16:17:46 +00:00
Dr. Stephen Henson
d6584eba8c
PR: 1922
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
DTLS Timer bug fix.
2009-05-15 22:58:13 +00:00
Dr. Stephen Henson
dfc8e96daa
Fix warning.
2009-04-21 15:11:59 +00:00
Dr. Stephen Henson
b452f43322
PR: 1751
...
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org
Compatibility patches for Cisco VPN client DTLS.
2009-04-19 18:03:13 +00:00
Dr. Stephen Henson
c900a78c99
PR: 1828
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org
Updated DTLS Rentransmission bug patch.
2009-04-15 14:49:36 +00:00
Dr. Stephen Henson
46ffb2dc97
PR #1828 reverted: state save/restore incompatible with 1.0.0-stable.
2009-04-14 15:29:34 +00:00