generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,400 Commits 16 Branches 258 Tags
Commit Graph

966 Commits

Author SHA1 Message Date
Dr. Stephen Henson
e643112dd8 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 18:54:17 +00:00
Dr. Stephen Henson
21c4b25959 Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 18:52:18 +00:00
Dr. Stephen Henson
0c214e0153 Submitted by: Adam Langley <agl@chromium.org> 
Reviewed by: steve

Fix memory leaks.
 2012-01-04 14:25:10 +00:00
Dr. Stephen Henson
6c61cfbe03 PR: 2326 
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve

Fix incorrect comma expressions and goto f_err as alert has been set.
 2011-12-26 19:38:28 +00:00
Bodo Möller
740da44f20 Resolve a stack set-up race condition (if the list of compression 
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
 2011-12-02 12:50:44 +00:00
Dr. Stephen Henson
8794569a08 PR: 2628 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
 2011-10-27 13:06:26 +00:00
Bodo Möller
dacd94b9c8 Oops: this change (http://cvs.openssl.org/chngview?cn=21503) 
wasn't right for 0.9.8-stable (it's actually a fix for
http://cvs.openssl.org/chngview?cn=14494, which introduced
SSL_CTRL_SET_MAX_SEND_FRAGMENT).
 2011-10-19 13:53:41 +00:00
Bodo Möller
f7d514f449 In ssl3_clear, preserve s3->init_extra along with s3->rbuf. 
Submitted by: Bob Buckholz <bbuckholz@google.com>
 2011-10-13 13:04:40 +00:00
Dr. Stephen Henson
3cf0a38b3e fix signed/unsigned warning 2011-09-26 17:05:00 +00:00
Dr. Stephen Henson
fc4015329f PR: 2602 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting
 2011-09-23 13:35:32 +00:00
Bodo Möller
db45308477 (EC)DH memory handling fixes. 
Submitted by: Adam Langley
 2011-09-05 10:25:15 +00:00
Dr. Stephen Henson
6a662a45f3 PR: 2573 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS buffering and decryption bug.
 2011-09-01 14:01:36 +00:00
Dr. Stephen Henson
ac02a4b68a PR: 2555 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS sequence number bug
 2011-07-20 15:17:20 +00:00
Dr. Stephen Henson
4ba063d3c5 PR: 2550 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS HelloVerifyRequest Timer bug
 2011-07-20 15:12:58 +00:00
Dr. Stephen Henson
cc0931e36b PR: 2543 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Correctly handle errors in DTLSv1_handle_timeout()
 2011-06-22 15:29:36 +00:00
Dr. Stephen Henson
c4b2eb24b3 PR: 2529 
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.
 2011-05-25 15:15:43 +00:00
Dr. Stephen Henson
2c77c5c8db Oops use up to date patch for PR#2506 2011-05-25 14:29:39 +00:00
Dr. Stephen Henson
1eb38c563f PR: 2506 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.
 2011-05-25 12:28:42 +00:00
Dr. Stephen Henson
fa657871ed PR: 2505 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.
 2011-05-25 12:24:03 +00:00
Dr. Stephen Henson
be70b3adce set encodedPoint to NULL after freeing it 2011-05-19 16:18:39 +00:00
Dr. Stephen Henson
7116a41129 PR: 2462 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug
 2011-04-03 17:15:23 +00:00
Dr. Stephen Henson
7143acab25 PR: 2458 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Don't change state when answering DTLS ClientHello.
 2011-04-03 16:26:33 +00:00
Dr. Stephen Henson
11d4086d8e PR: 2457 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS fragment reassembly bug.
 2011-04-03 15:49:26 +00:00
Bodo Möller
957ebe98fb OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) 
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
 2011-02-08 17:10:47 +00:00
Bodo Möller
9d09fc8485 Assorted bugfixes: 
- RLE decompression boundary case
- SSL 2.0 key arg length check

Submitted by: Google (Neel Mehta, Bodo Moeller)
 2011-02-03 12:04:48 +00:00
Dr. Stephen Henson
119e912a83 Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed 
alert.
 2011-01-04 19:33:01 +00:00
Dr. Stephen Henson
7890b562bc fix for CVE-2010-4180 2010-12-02 18:49:28 +00:00
Dr. Stephen Henson
2ae47ddbc2 fix CVE-2010-3864 2010-11-16 14:26:18 +00:00
Dr. Stephen Henson
a073129293 PR: 2314 
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
 2010-10-10 12:21:23 +00:00
Ben Laurie
d886975835 Fix gcc 4.6 warnings. Check TLS server hello extension length. 2010-06-12 13:18:58 +00:00
Dr. Stephen Henson
d24f1cbf35 PR: 2230 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix bug in bitmask macros and stop warnings.
 2010-05-03 13:01:59 +00:00
Dr. Stephen Henson
82687bb4c3 PR: 2230 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixed various DTLS fragment reassembly bugs patch for 0.9.8.
 2010-04-14 13:26:50 +00:00
Dr. Stephen Henson
2eb8e5e62a fix signed/unsigned comparison warnings 2010-04-14 00:41:25 +00:00
Dr. Stephen Henson
c713a4c04d PR: 2230 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix various DTLS fragment reassembly bugs.
 2010-04-14 00:17:12 +00:00
Dr. Stephen Henson
0cefa0f942 PR: 2229 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Don't drop DTLS connection if mac or decryption failed.
 2010-04-14 00:09:39 +00:00
Dr. Stephen Henson
834c85ef0c PR: 2228 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS buffer record MAC failure bug.
 2010-04-14 00:02:50 +00:00
Richard Levitte
0c8c8eab58 Third argument to dtls1_buffer_record is by reference 2010-04-13 08:42:01 +00:00
Dr. Stephen Henson
bc06baca76 Add SHA2 algorithms to SSL_library_init(). Although these aren't used 
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
 2010-04-07 13:19:48 +00:00
Dr. Stephen Henson
5e613d5411 PR: 2218 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS replay bug.
 2010-04-06 12:44:44 +00:00
Dr. Stephen Henson
56e930eb03 PR: 2219 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS buffering bug.
 2010-04-06 12:39:57 +00:00
Dr. Stephen Henson
4a052f0bb9 PR: 2223 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixes for DTLS timeout bug
 2010-04-06 12:29:08 +00:00
Dr. Stephen Henson
f34e79f27b make no-comp compile again 2010-03-30 17:31:58 +00:00
Dr. Stephen Henson
ee91323f52 PR: 1731 and maybe 2197 
Clear error queue in a few places in SSL code where errors are expected
so they don't stay in the queue.
 2010-03-24 23:16:35 +00:00
Dr. Stephen Henson
354f92d66a Submitted by: Bodo Moeller and Adam Langley (Google). 
Fix for "Record of death" vulnerability CVE-2010-0740.
 2010-03-24 13:16:42 +00:00
Dr. Stephen Henson
ede1351997 Submitted by: Tomas Hoger <thoger@redhat.com> 
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
 2010-03-03 15:34:11 +00:00
Richard Levitte
00d1ecb1da Add t1_reneg to the VMS build. 
Hack the symbols with long names.
 2010-02-22 07:05:24 +00:00
Dr. Stephen Henson
bec7184768 OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved 2010-02-17 19:43:08 +00:00
Dr. Stephen Henson
442ac8d259 Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as 
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
 2010-02-17 18:37:47 +00:00
Dr. Stephen Henson
b50ef8b216 PR: 2171 
Submitted by: Tomas Mraz <tmraz@redhat.com>

Since SSLv2 doesn't support renegotiation at all don't reject it if
legacy renegotiation isn't enabled.

Also can now use SSL2 compatible client hello because RFC5746 supports it.
 2010-02-16 14:19:42 +00:00
Dr. Stephen Henson
0484ff5ec1 PR: 2160 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Make session tickets work with DTLS.
 2010-02-01 16:48:40 +00:00