generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,585 Commits 16 Branches 258 Tags
Commit Graph

1028 Commits

Author SHA1 Message Date
Dr. Stephen Henson
0b1cf4a139 PR: 2778(part) 
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).
 2012-03-31 18:02:23 +00:00
Dr. Stephen Henson
48819f4d54 fix error code 2012-03-12 14:50:55 +00:00
Dr. Stephen Henson
b0cbdd3eba manually patch missing part of PR#2756 2012-03-12 12:46:52 +00:00
Dr. Stephen Henson
5016107550 PR: 2756 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
 2012-03-09 15:51:56 +00:00
Dr. Stephen Henson
725713f74a PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions. [0.9.8 version of patch]
 2012-03-07 15:14:16 +00:00
Dr. Stephen Henson
6720779c7e revert PR#2755: it breaks compilation 2012-03-06 18:25:33 +00:00
Dr. Stephen Henson
b2a2c6af2a PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
 2012-03-06 13:45:47 +00:00
Dr. Stephen Henson
4e7f6d380d PR: 2748 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
 2012-03-06 13:20:20 +00:00
Dr. Stephen Henson
843fc7b681 Fix bug in CVE-2011-4619: check we have really received a client hello 
before rejecting multiple SGC restarts.
 2012-02-16 15:21:17 +00:00
Dr. Stephen Henson
096327a99a Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. 
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
 2012-01-18 13:12:08 +00:00
Bodo Möller
dd016b0570 Fix for builds without DTLS support. 
Submitted by: Brian Carlstrom
 2012-01-05 10:21:49 +00:00
Dr. Stephen Henson
eebefe35e7 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> 
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
 2012-01-04 19:10:16 +00:00
Dr. Stephen Henson
e643112dd8 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 18:54:17 +00:00
Dr. Stephen Henson
21c4b25959 Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 18:52:18 +00:00
Dr. Stephen Henson
0c214e0153 Submitted by: Adam Langley <agl@chromium.org> 
Reviewed by: steve

Fix memory leaks.
 2012-01-04 14:25:10 +00:00
Dr. Stephen Henson
6c61cfbe03 PR: 2326 
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve

Fix incorrect comma expressions and goto f_err as alert has been set.
 2011-12-26 19:38:28 +00:00
Bodo Möller
740da44f20 Resolve a stack set-up race condition (if the list of compression 
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
 2011-12-02 12:50:44 +00:00
Dr. Stephen Henson
8794569a08 PR: 2628 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
 2011-10-27 13:06:26 +00:00
Bodo Möller
dacd94b9c8 Oops: this change (http://cvs.openssl.org/chngview?cn=21503) 
wasn't right for 0.9.8-stable (it's actually a fix for
http://cvs.openssl.org/chngview?cn=14494, which introduced
SSL_CTRL_SET_MAX_SEND_FRAGMENT).
 2011-10-19 13:53:41 +00:00
Bodo Möller
f7d514f449 In ssl3_clear, preserve s3->init_extra along with s3->rbuf. 
Submitted by: Bob Buckholz <bbuckholz@google.com>
 2011-10-13 13:04:40 +00:00
Dr. Stephen Henson
3cf0a38b3e fix signed/unsigned warning 2011-09-26 17:05:00 +00:00
Dr. Stephen Henson
fc4015329f PR: 2602 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting
 2011-09-23 13:35:32 +00:00
Bodo Möller
db45308477 (EC)DH memory handling fixes. 
Submitted by: Adam Langley
 2011-09-05 10:25:15 +00:00
Dr. Stephen Henson
6a662a45f3 PR: 2573 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS buffering and decryption bug.
 2011-09-01 14:01:36 +00:00
Dr. Stephen Henson
ac02a4b68a PR: 2555 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS sequence number bug
 2011-07-20 15:17:20 +00:00
Dr. Stephen Henson
4ba063d3c5 PR: 2550 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS HelloVerifyRequest Timer bug
 2011-07-20 15:12:58 +00:00
Dr. Stephen Henson
cc0931e36b PR: 2543 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Correctly handle errors in DTLSv1_handle_timeout()
 2011-06-22 15:29:36 +00:00
Dr. Stephen Henson
c4b2eb24b3 PR: 2529 
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.
 2011-05-25 15:15:43 +00:00
Dr. Stephen Henson
2c77c5c8db Oops use up to date patch for PR#2506 2011-05-25 14:29:39 +00:00
Dr. Stephen Henson
1eb38c563f PR: 2506 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.
 2011-05-25 12:28:42 +00:00
Dr. Stephen Henson
fa657871ed PR: 2505 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.
 2011-05-25 12:24:03 +00:00
Dr. Stephen Henson
be70b3adce set encodedPoint to NULL after freeing it 2011-05-19 16:18:39 +00:00
Dr. Stephen Henson
7116a41129 PR: 2462 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug
 2011-04-03 17:15:23 +00:00
Dr. Stephen Henson
7143acab25 PR: 2458 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Don't change state when answering DTLS ClientHello.
 2011-04-03 16:26:33 +00:00
Dr. Stephen Henson
11d4086d8e PR: 2457 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS fragment reassembly bug.
 2011-04-03 15:49:26 +00:00
Bodo Möller
957ebe98fb OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) 
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
 2011-02-08 17:10:47 +00:00
Bodo Möller
9d09fc8485 Assorted bugfixes: 
- RLE decompression boundary case
- SSL 2.0 key arg length check

Submitted by: Google (Neel Mehta, Bodo Moeller)
 2011-02-03 12:04:48 +00:00
Dr. Stephen Henson
119e912a83 Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed 
alert.
 2011-01-04 19:33:01 +00:00
Dr. Stephen Henson
7890b562bc fix for CVE-2010-4180 2010-12-02 18:49:28 +00:00
Dr. Stephen Henson
2ae47ddbc2 fix CVE-2010-3864 2010-11-16 14:26:18 +00:00
Dr. Stephen Henson
a073129293 PR: 2314 
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
 2010-10-10 12:21:23 +00:00
Ben Laurie
d886975835 Fix gcc 4.6 warnings. Check TLS server hello extension length. 2010-06-12 13:18:58 +00:00
Dr. Stephen Henson
d24f1cbf35 PR: 2230 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix bug in bitmask macros and stop warnings.
 2010-05-03 13:01:59 +00:00
Dr. Stephen Henson
82687bb4c3 PR: 2230 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fixed various DTLS fragment reassembly bugs patch for 0.9.8.
 2010-04-14 13:26:50 +00:00
Dr. Stephen Henson
2eb8e5e62a fix signed/unsigned comparison warnings 2010-04-14 00:41:25 +00:00
Dr. Stephen Henson
c713a4c04d PR: 2230 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix various DTLS fragment reassembly bugs.
 2010-04-14 00:17:12 +00:00
Dr. Stephen Henson
0cefa0f942 PR: 2229 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Don't drop DTLS connection if mac or decryption failed.
 2010-04-14 00:09:39 +00:00
Dr. Stephen Henson
834c85ef0c PR: 2228 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS buffer record MAC failure bug.
 2010-04-14 00:02:50 +00:00
Richard Levitte
0c8c8eab58 Third argument to dtls1_buffer_record is by reference 2010-04-13 08:42:01 +00:00
Dr. Stephen Henson
bc06baca76 Add SHA2 algorithms to SSL_library_init(). Although these aren't used 
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.

Update docs.
 2010-04-07 13:19:48 +00:00