generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
9,777 Commits 16 Branches 258 Tags
Commit Graph

1160 Commits

Author SHA1 Message Date
Dr. Stephen Henson
8dad8bc465 PR: 2888 
Reported by: Daniel Black <daniel.black@openquery.com>

Support renewing session tickets (backport from HEAD).
 2012-12-10 16:45:19 +00:00
Dr. Stephen Henson
8124ebcd78 reject zero length point format list or supported curves extensions 2012-11-22 14:15:00 +00:00
Dr. Stephen Henson
836a811604 backport OCSP fix enhancement 2012-10-05 13:00:18 +00:00
Ben Laurie
bb65e3f22b Backport OCSP Stapling fix. 2012-10-04 15:16:12 +00:00
Richard Levitte
094fb13876 * ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug. Fortunately in 
debugging code that's seldom used.
 2012-09-21 13:08:26 +00:00
Andy Polyakov
02a23fa309 s2_clnt.c: compensate for compiler bug [from HEAD]. 2012-05-16 18:22:39 +00:00
Dr. Stephen Henson
a969ca5cc8 Sanity check record length before skipping explicit IV in DTLS 
to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
 2012-05-10 14:44:20 +00:00
Andy Polyakov
d079b387a3 OPENSSL_NO_SOCK fixes [from HEAD]. 
PR: 2791
Submitted by: Ben Noordhuis
 2012-04-16 17:43:28 +00:00
Andy Polyakov
0041925844 s3_srvr.c: fix typo [from HEAD]. 
PR: 2538
 2012-04-15 17:23:23 +00:00
Dr. Stephen Henson
7fdccda37d PR: 2778(part) 
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).
 2012-03-31 18:02:35 +00:00
Dr. Stephen Henson
ffbe7cd0c5 fix error code 2012-03-12 14:32:54 +00:00
Dr. Stephen Henson
ad3d95222d PR: 2756 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.
 2012-03-09 15:52:09 +00:00
Dr. Stephen Henson
f4f512a853 PR: 2755 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
 2012-03-06 13:46:52 +00:00
Dr. Stephen Henson
9c2bed0b65 PR: 2748 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
 2012-03-06 13:22:57 +00:00
Dr. Stephen Henson
25128a11fb Fix bug in CVE-2011-4619: check we have really received a client hello 
before rejecting multiple SGC restarts.
 2012-02-16 15:21:46 +00:00
Dr. Stephen Henson
b996cecc32 Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. 
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
 2012-01-18 13:36:04 +00:00
Bodo Möller
02d1a6b3aa Fix for builds without DTLS support. 
Submitted by: Brian Carlstrom
 2012-01-05 10:22:23 +00:00
Dr. Stephen Henson
84c95826de Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> 
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
 2012-01-04 16:51:14 +00:00
Dr. Stephen Henson
63819e6f00 add missing part for SGC restart fix (CVE-2011-4619) 2012-01-04 16:46:10 +00:00
Dr. Stephen Henson
8206dba75c Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) [include source patch this time!] 2012-01-04 15:38:54 +00:00
Dr. Stephen Henson
9004c53107 Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 15:27:54 +00:00
Dr. Stephen Henson
22d89c501e Submitted by: Adam Langley <agl@chromium.org> 
Reviewed by: steve

Fix memory leaks.
 2012-01-04 14:24:48 +00:00
Dr. Stephen Henson
c06916db9f PR: 2326 
Submitted by: Tianjie Mao <tjmao@tjmao.net>
Reviewed by: steve

Fix incorrect comma expressions and goto f_err as alert has been set.
 2011-12-26 19:38:19 +00:00
Bodo Möller
44c854ddb9 Resolve a stack set-up race condition (if the list of compression 
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
 2011-12-02 12:51:05 +00:00
Dr. Stephen Henson
68b5330040 PR: 2628 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Send alert instead of assertion failure for incorrectly formatted DTLS
fragments.
 2011-10-27 13:06:34 +00:00
Dr. Stephen Henson
da7ae62abd PR: 2628 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix for ECC keys and DTLS.
 2011-10-27 13:01:08 +00:00
Bodo Möller
48373e55d1 In ssl3_clear, preserve s3->init_extra along with s3->rbuf. 
Submitted by: Bob Buckholz <bbuckholz@google.com>
 2011-10-13 13:05:12 +00:00
Dr. Stephen Henson
b00fe7ce18 fix signed/unsigned warning 2011-09-26 17:04:49 +00:00
Dr. Stephen Henson
8f0968850b PR: 2602 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS bug which prevents manual MTU setting
 2011-09-23 13:35:19 +00:00
Bodo Möller
e935440ad7 (EC)DH memory handling fixes. 
Submitted by: Adam Langley
 2011-09-05 10:25:21 +00:00
Dr. Stephen Henson
d2650c3a4a PR: 2573 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS buffering and decryption bug.
 2011-09-01 14:02:02 +00:00
Dr. Stephen Henson
e1c3d65f08 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA 
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
 2011-08-14 13:48:42 +00:00
Dr. Stephen Henson
b58ea0b941 PR: 2555 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS sequence number bug
 2011-07-20 15:17:33 +00:00
Dr. Stephen Henson
16067fe5fd PR: 2550 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS HelloVerifyRequest Timer bug
 2011-07-20 15:13:16 +00:00
Dr. Stephen Henson
f59f2fcbff PR: 2543 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Correctly handle errors in DTLSv1_handle_timeout()
 2011-06-22 15:29:55 +00:00
Dr. Stephen Henson
025ee1dbde fix memory leak 2011-06-08 15:56:20 +00:00
Dr. Stephen Henson
dce7b92d0b PR: 2533 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Setting SSL_MODE_RELEASE_BUFFERS should be ignored for DTLS, but instead causes
the program to crash. This is due to missing version checks and is fixed with
this patch.
 2011-05-25 15:21:12 +00:00
Dr. Stephen Henson
db886c2a2b PR: 2529 
Submitted by: Marcus Meissner <meissner@suse.de>
Reviewed by: steve

Call ssl_new() to reallocate SSL BIO internals if we want to replace
the existing internal SSL structure.
 2011-05-25 15:15:52 +00:00
Dr. Stephen Henson
4e5755cd85 Oops use up to date patch for PR#2506 2011-05-25 14:29:55 +00:00
Dr. Stephen Henson
16646b0018 PR: 2506 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fully implement SSL_clear for DTLS.
 2011-05-25 12:28:31 +00:00
Dr. Stephen Henson
320881c25c PR: 2505 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.
 2011-05-25 12:24:26 +00:00
Dr. Stephen Henson
38c42c6eea set encodedPoint to NULL after freeing it 2011-05-19 16:18:25 +00:00
Dr. Stephen Henson
3622d3743e PR: 2462 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS Retransmission Buffer Bug
 2011-04-03 17:15:08 +00:00
Dr. Stephen Henson
fbbf28e7c2 PR: 2458 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Don't change state when answering DTLS ClientHello.
 2011-04-03 16:26:14 +00:00
Dr. Stephen Henson
f5dac77c06 PR: 2457 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS fragment reassembly bug.
 2011-04-03 15:49:03 +00:00
Richard Levitte
067d72a082 Corrections to the VMS build system. 
Submitted by Steven M. Schweda <sms@antinode.info>
 2011-03-25 16:21:39 +00:00
Richard Levitte
f819147028 For VMS, implement the possibility to choose 64-bit pointers with 
different options:
"64"		The build system will choose /POINTER_SIZE=64=ARGV if
		the compiler supports it, otherwise /POINTER_SIZE=64.
"64="		The build system will force /POINTER_SIZE=64.
"64=ARGV"	The build system will force /POINTER_SIZE=64=ARGV.
 2011-03-25 09:40:18 +00:00
Richard Levitte
2d842a90f8 Apply all the changes submitted by Steven M. Schweda <sms@antinode.info> 2011-03-19 09:44:53 +00:00
Bodo Möller
6545372c24 OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) 
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
 2011-02-08 17:10:53 +00:00
Bodo Möller
d48df9a91b Assorted bugfixes: 
- safestack macro changes for C++ were incomplete
- RLE decompression boundary case
- SSL 2.0 key arg length check

Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
 2011-02-03 12:04:40 +00:00