Matt Caswell
0ae3473e85
Fix race condition in NewSessionTicket
...
If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.
CVE-2015-1791
This also fixes RT#3808 where a session ID is changed for a session already
in the client session cache. Since the session ID is the key to the cache
this breaks the cache access.
Parts of this patch were inspired by this Akamai change:
c0bf69a791rsalz@openssl.org >
(cherry picked from commit 27c76b9b80
2015-06-02 12:49:03 +01:00
Kurt Roeckx
71b0bb764c
Remove export ciphers from the DEFAULT cipher list
...
They are moved to the COMPLEMENTOFDEFAULT instead.
This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT.
Reviewed-by: Rich Salz <rsalz@openssl.org >
(cherry picked from commit bc2e18a3c8
2015-03-07 23:12:32 +01:00
Matt Caswell
a8b966f48f
Run util/openssl-format-source -v -c .
...
Reviewed-by: Tim Hudson <tjh@openssl.org >
2015-01-22 09:46:18 +00:00
Matt Caswell
c583d40678
More tweaks for comments due indent issues
...
Reviewed-by: Tim Hudson <tjh@openssl.org >
2015-01-22 09:46:08 +00:00
Matt Caswell
5011589a0b
Move more comments that confuse indent
...
Conflicts:
crypto/dsa/dsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl_locl.h
Conflicts:
crypto/bn/rsaz_exp.c
crypto/evp/e_aes_cbc_hmac_sha1.c
crypto/evp/e_aes_cbc_hmac_sha256.c
ssl/ssl_locl.h
Conflicts:
crypto/ec/ec2_oct.c
crypto/ec/ecp_nistp256.c
crypto/ec/ecp_nistp521.c
crypto/ec/ecp_nistputil.c
crypto/ec/ecp_oct.c
crypto/modes/gcm128.c
ssl/ssl_locl.h
Reviewed-by: Tim Hudson <tjh@openssl.org >
2015-01-22 09:45:45 +00:00
Matt Caswell
510edea8db
Fix indent comment corruption issue
...
Reviewed-by: Tim Hudson <tjh@openssl.org >
2015-01-22 09:45:01 +00:00
Matt Caswell
e16db4b3d7
indent has problems with comments that are on the right hand side of a line.
...
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.
Conflicts:
crypto/bn/bn.h
crypto/ec/ec_lcl.h
crypto/rsa/rsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl.h
ssl/ssl3.h
Conflicts:
crypto/ec/ec_lcl.h
ssl/tls1.h
Conflicts:
crypto/ec/ecp_nistp224.c
crypto/evp/evp.h
ssl/d1_both.c
ssl/ssl.h
ssl/ssl_lib.c
Reviewed-by: Tim Hudson <tjh@openssl.org >
2015-01-22 09:44:02 +00:00
Matt Caswell
a25d0527b7
Additional comment changes for reformat of 1.0.0
...
Reviewed-by: Tim Hudson <tjh@openssl.org >
2015-01-22 09:41:42 +00:00
Tim Hudson
f326f6544d
mark all block comments that need format preserving so that
...
indent will not alter them when reformatting comments
(cherry picked from commit 1d97c84351tjh@openssl.org >
2015-01-22 09:41:18 +00:00
Dr. Stephen Henson
08a88774bd
Only allow ephemeral RSA keys in export ciphersuites.
...
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.
Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org >
Reviewed-by: Tim Hudson <tjh@openssl.org >
(cherry picked from commit 4b4c1fcc88
2015-01-06 13:18:46 +00:00
Matt Caswell
8ccb44e6f5
Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP)
...
and instead use the value provided by the underlying BIO. Also provide some
new DTLS_CTRLs so that the library user can set the mtu without needing to
know this constant. These new DTLS_CTRLs provide the capability to set the
link level mtu to be used (i.e. including this IP/UDP overhead). The previous
DTLS_CTRLs required the library user to subtract this overhead first.
Reviewed-by: Tim Hudson <tjh@openssl.org >
(cherry picked from commit 59669b6abf
2014-12-03 09:43:47 +00:00
Matt Caswell
c25456633c
Corrected comments in ssl.h about SSLv23_method and friends
...
PR#3574
Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
(cherry picked from commit 3a0765882c
2014-11-25 22:28:42 +00:00
Bodo Moeller
2a303a5834
Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.
...
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-10-21 22:41:07 +02:00
Bodo Moeller
59dcfa21e5
Support TLS_FALLBACK_SCSV.
...
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-10-15 04:05:57 +02:00
Dr. Stephen Henson
6fe498497c
typo
...
(cherry picked from commit a029788b0e
2014-03-10 15:49:35 +00:00
Dr. Stephen Henson
1b0d48126b
Restore SSL_OP_MSIE_SSLV2_RSA_PADDING
...
The flag SSL_OP_MSIE_SSLV2_RSA_PADDING hasn't done anything since OpenSSL
0.9.7h but deleting it will break source compatibility with any software
that references it. Restore it but #define to zero.
(cherry picked from commit b17d6b8d1d
2014-01-04 14:01:05 +00:00
Rob Stradling
6f1c8d45f7
Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
...
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
2013-09-09 14:13:59 +01:00
Dr. Stephen Henson
25590043d1
Fix error codes.
...
(cherry picked from commit 35d732fc2e
2013-02-05 16:46:19 +00:00
Dr. Stephen Henson
ffbe7cd0c5
fix error code
2012-03-12 14:32:54 +00:00
Dr. Stephen Henson
9004c53107
Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
2012-01-04 15:27:54 +00:00
Dr. Stephen Henson
eb17330837
Updates to conform with draft-ietf-tls-renegotiation-03.txt:
...
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
2010-01-06 17:37:38 +00:00
Dr. Stephen Henson
1f67a3a985
compress_meth should be unsigned
2010-01-05 16:46:39 +00:00
Dr. Stephen Henson
4cba294d79
Client side compression algorithm sanity checks: ensure old compression
...
algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).
2010-01-01 14:39:51 +00:00
Dr. Stephen Henson
e642fd7a1c
Compression handling on session resume was badly broken: it always
...
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
2010-01-01 00:44:36 +00:00
Dr. Stephen Henson
675564835c
New option to enable/disable connection to unpatched servers
2009-12-16 20:28:30 +00:00
Ben Laurie
43a107026d
Missing error code.
2009-12-12 15:57:53 +00:00
Dr. Stephen Henson
f1784f2fd2
Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL
2009-12-11 00:20:58 +00:00
Dr. Stephen Henson
52a08e90d1
Add ctrls to clear options and mode.
...
Change RI ctrl so it doesn't clash.
2009-12-09 13:25:38 +00:00
Dr. Stephen Henson
b52a2738d4
Add ctrl and macro so we can determine if peer support secure renegotiation.
2009-12-08 13:42:32 +00:00
Dr. Stephen Henson
3c44e92bcb
Include a more meaningful error message when rejecting legacy renegotiation
2009-11-18 14:19:52 +00:00
Dr. Stephen Henson
bc9058d041
First cut of renegotiation extension. (port to 1.0.0-stable)
2009-11-09 18:45:42 +00:00
Dr. Stephen Henson
a131de9bb2
PR: 2025
...
Submitted by: Tomas Mraz <tmraz@redhat.com >
Approved by: steve@openssl.org
Constify SSL_CIPHER_description
2009-09-12 23:18:09 +00:00
Dr. Stephen Henson
53f062d050
PR: 2033
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de >
Approved by: steve@openssl.org
DTLS listen support.
2009-09-09 17:05:42 +00:00
Dr. Stephen Henson
c0688f1aef
Make update, deleting bogus DTLS error code
2009-09-06 15:55:54 +00:00
Dr. Stephen Henson
17f8d8db61
PR: 2006
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de >
Approved by: steve@openssl.org
Do not use multiple DTLS records for a single user message
2009-08-26 11:51:23 +00:00
Dr. Stephen Henson
5a96822f2c
Update default dependency flags.
...
Make error name discrepancies a fatal error.
Fix error codes.
make update
2009-08-12 17:08:44 +00:00
Dr. Stephen Henson
a4bade7aac
PR: 1997
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de >
Approved by: steve@openssl.org
DTLS timeout handling fix.
2009-08-12 13:21:26 +00:00
Dr. Stephen Henson
5135d6b985
Fix error codes and indentation.
2009-07-15 11:32:58 +00:00
Dr. Stephen Henson
29b0c4a01c
Add "missing" functions for setting all verify parameters for SSL_CTX and SSL
...
structures.
2009-06-30 11:57:24 +00:00
Dr. Stephen Henson
174ea15647
Typo.
2009-04-28 22:35:42 +00:00
Dr. Stephen Henson
b452f43322
PR: 1751
...
Submitted by: David Woodhouse <dwmw2@infradead.org >
Approved by: steve@openssl.org
Compatibility patches for Cisco VPN client DTLS.
2009-04-19 18:03:13 +00:00
Dr. Stephen Henson
9ae5743515
Disable SSLv2 cipher suites by default and avoid SSLv2 compatible client
...
hello if no SSLv2 cipher suites are included. This effectively disables
the broken SSLv2 use by default.
2009-04-07 17:01:07 +00:00
Dr. Stephen Henson
c9a1778134
Fix error codes.
2009-04-05 11:54:34 +00:00
Dr. Stephen Henson
2dd5ca1fbc
Make no-ssl2 work including on Win32 builds.
2009-04-04 17:57:34 +00:00
Ben Laurie
9b9cb004f7
Deal with the unlikely event that EVP_MD_CTX_size() returns an error.
...
(Coverity ID 140).
2008-12-27 02:09:24 +00:00
Ben Laurie
6ba71a7173
Handle the unlikely event that BIO_get_mem_data() returns -ve.
2008-12-27 02:00:38 +00:00
Ben Laurie
f3b7bdadbc
Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks.
2008-11-16 12:47:12 +00:00
Dr. Stephen Henson
12bf56c017
PR: 1574
...
Submitted by: Jouni Malinen <j@w1.fi >
Approved by: steve@openssl.org
Ticket override support for EAP-FAST.
2008-11-15 17:18:12 +00:00
Geoff Thorpe
6343829a39
Revert the size_t modifications from HEAD that had led to more
...
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Ben Laurie
5e4430e70d
More size_tification.
2008-11-01 16:40:37 +00:00
