generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,127 Commits 16 Branches 258 Tags
Commit Graph

211 Commits

Author SHA1 Message Date
Matt Caswell
ec5c25b3b4 Fixed memory leak in the event of a failure of BUF_MEM_grow 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 41bf25013032da0eeb111ce3c8fc0946c0e61c41)
 2014-12-08 16:51:01 +00:00
Emilia Kasper
9a6940a349 RT3067: simplify patch 
(Original commit adb46dbc6dd7347750df2468c93e8c34bcb93a4b)

Use the new constant-time methods consistently in s3_srvr.c

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 455b65dfab0de51c9f67b3c909311770f2b3f801)

Conflicts:
	ssl/Makefile
 2014-09-24 15:58:20 +02:00
Adam Langley
c36ceb0b15 This change alters the processing of invalid, RSA pre-master secrets so 
that bad encryptions are treated like random session keys in constant
time.

(cherry picked from commit adb46dbc6dd7347750df2468c93e8c34bcb93a4b)

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-09-24 15:56:09 +02:00
Dr. Stephen Henson
4054d95eb9 Don't limit message sizes in ssl3_get_cert_verify. 
PR#319 (reoponed version).
(cherry picked from commit 7f6e9578648728478e84246fd3e64026b8b6a48e)

Conflicts:

	ssl/s3_srvr.c
 2014-07-05 13:31:53 +01:00
Dr. Stephen Henson
c97e457d53 Fix for CVE-2014-0224 
Only accept change cipher spec when it is expected instead of at any
time. This prevents premature setting of session keys before the master
secret is determined which an attacker could use as a MITM attack.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
and providing the initial fix this patch is based on.
 2014-06-03 16:30:37 +01:00
David Ramos
268ae49453 Allocate extra space when NETSCAPE_HANG_BUG defined. 
Make sure there is an extra 4 bytes for server done message when
NETSCAPE_HANG_BUG is defined.

PR#3361
(cherry picked from commit 673c42b2380c34e7500f05e7f00c674cc677a065)
 2014-06-01 14:31:30 +01:00
Serguei E. Leontiev
f7c4fe519b Replace manual ASN1 decoder with ASN1_get_object 
Replace manual ASN.1 decoder with ASN1_get object. This
will decode the tag and length properly and check against
it does not exceed the supplied buffer length.

PR#3335
(cherry picked from commit b0308dddd1cc6a8e1de803ef29ba6da25ee072c2)
 2014-05-12 18:41:49 +01:00
Andy Polyakov
71a1ac9398 ssl/s3_[clnt|srvr].c: fix warnings and linking error. 2013-02-09 19:48:34 +01:00
Ben Laurie
bb65e3f22b Backport OCSP Stapling fix. 2012-10-04 15:16:12 +00:00
Andy Polyakov
0041925844 s3_srvr.c: fix typo [from HEAD]. 
PR: 2538
 2012-04-15 17:23:23 +00:00
Dr. Stephen Henson
25128a11fb Fix bug in CVE-2011-4619: check we have really received a client hello 
before rejecting multiple SGC restarts.
 2012-02-16 15:21:46 +00:00
Dr. Stephen Henson
9004c53107 Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 15:27:54 +00:00
Dr. Stephen Henson
22d89c501e Submitted by: Adam Langley <agl@chromium.org> 
Reviewed by: steve

Fix memory leaks.
 2012-01-04 14:24:48 +00:00
Bodo Möller
e935440ad7 (EC)DH memory handling fixes. 
Submitted by: Adam Langley
 2011-09-05 10:25:21 +00:00
Dr. Stephen Henson
38c42c6eea set encodedPoint to NULL after freeing it 2011-05-19 16:18:25 +00:00
Dr. Stephen Henson
6d65d44b95 fix for CVE-2010-4180 2010-12-02 18:24:55 +00:00
Dr. Stephen Henson
b3c17a4805 Get correct GOST private key instead of just assuming the last one is 
correct: this isn't always true if we have more than one certificate.
 2010-11-14 13:50:29 +00:00
Dr. Stephen Henson
fbe2c6b33e Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and 
1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos
ciphersuite bugs introduced with PR:1336."
 2010-02-27 23:04:10 +00:00
Dr. Stephen Henson
57749b1b9f PR: 1949 
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
 2010-01-26 19:46:30 +00:00
Dr. Stephen Henson
f4f2b52995 oops 2010-01-26 13:56:15 +00:00
Dr. Stephen Henson
c7d5edbf5e export OPENSSL_isservice and make update 2010-01-26 13:55:33 +00:00
Dr. Stephen Henson
ef1b6b2cf2 The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING 
ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround
call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should
both address the original bug and retain compatibility with the old behaviour.
 2010-01-24 13:54:07 +00:00
Dr. Stephen Henson
ad8ee3d7d1 If legacy renegotiation is not permitted then send a fatal alert if a patched 
server attempts to renegotiate with an unpatched client.
 2010-01-22 18:49:19 +00:00
Dr. Stephen Henson
4cba294d79 Client side compression algorithm sanity checks: ensure old compression 
algorithm matches current and give error if compression is disabled and
server requests it (shouldn't happen unless server is broken).
 2010-01-01 14:39:51 +00:00
Dr. Stephen Henson
e642fd7a1c Compression handling on session resume was badly broken: it always 
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
 2010-01-01 00:44:36 +00:00
Dr. Stephen Henson
10f99d7b77 Add support for magic cipher suite value (MCSV). Make secure renegotiation 
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.

NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.

Change mismatch alerts to handshake_failure as required by spec.

Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
 2009-12-08 13:15:12 +00:00
Dr. Stephen Henson
593222afe1 PR: 2121 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.
 2009-12-08 11:38:18 +00:00
Dr. Stephen Henson
d5b8c46499 PR: 2115 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
 2009-12-01 17:41:42 +00:00
Dr. Stephen Henson
3d0b604c14 Fix statless session resumption so it can coexist with SNI 2009-10-30 13:22:44 +00:00
Dr. Stephen Henson
9769137a43 Typo presumably... 2009-09-06 17:55:40 +00:00
Dr. Stephen Henson
2e9802b7a7 PR: 2028 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Fix DTLS cookie management bugs.
 2009-09-04 17:42:06 +00:00
Dr. Stephen Henson
887c250852 Update from 0.9.8-stable. 2009-06-26 15:04:22 +00:00
Dr. Stephen Henson
72d668c332 Update from HEAD. 2009-06-24 13:30:07 +00:00
Dr. Stephen Henson
bfd502f027 Updates from HEAD. 2009-06-16 16:39:20 +00:00
Dr. Stephen Henson
55708796af Update from HEAD. 2009-06-13 20:47:09 +00:00
Dr. Stephen Henson
b61a84c8e6 Fix WIN32 warnings. 2009-04-22 15:40:54 +00:00
Dr. Stephen Henson
21fb688d26 Some fixes for kerberos builds. 2009-04-21 22:20:12 +00:00
Dr. Stephen Henson
b452f43322 PR: 1751 
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.
 2009-04-19 18:03:13 +00:00
Dr. Stephen Henson
bab534057b Updatde from stable branch. 2009-01-07 23:44:27 +00:00
Ben Laurie
4a94003a51 srvr_ecdh cannot be NULL at this point (Coverity ID 232). 2009-01-02 12:49:07 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should 
test for them!
 2008-12-29 16:11:58 +00:00
Ben Laurie
6ba71a7173 Handle the unlikely event that BIO_get_mem_data() returns -ve. 2008-12-27 02:00:38 +00:00
Dr. Stephen Henson
12bf56c017 PR: 1574 
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org

Ticket override support for EAP-FAST.
 2008-11-15 17:18:12 +00:00
Bodo Möller
837f2fc7a4 Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't 
enable disabled ciphersuites.
 2008-09-22 21:22:47 +00:00
Bodo Möller
fcbdde0dfe oops 2008-09-14 18:16:07 +00:00
Bodo Möller
e65bcbcef0 Fix SSL state transitions. 
Submitted by: Nagendra Modadugu
 2008-09-14 14:02:07 +00:00
Dr. Stephen Henson
305514000c Do not discard cached handshake records during resumed sessions: 
they are used for mac computation.
 2008-09-03 12:36:16 +00:00
Dr. Stephen Henson
8a2062fefe Update from stable branch. 2008-04-30 16:14:02 +00:00
Dr. Stephen Henson
d26c905c67 Update from stable branch. 2008-04-29 16:44:51 +00:00
Dr. Stephen Henson
dc634aff25 Don't send zero length session ID if stateless session resupmtion is 
successful. Check be seeing if there is a cache hit.
 2008-04-25 16:27:04 +00:00