| #
d1186c30 |
| 13-Apr-2017 |
Todd Short |
Fix minor compiler issues.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3220)
|
| #
ef6c191b |
| 09-Mar-2017 |
Matt Caswell |
Update end of early data processing for draft-19
The end of early data is now indicated by a new handshake message rather
than an alert.
Reviewed-by: Rich Salz <rsalz@openssl.or
Update end of early data processing for draft-19
The end of early data is now indicated by a new handshake message rather
than an alert.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
show more ...
|
| #
3eaa4170 |
| 27-Feb-2017 |
Matt Caswell |
Make SSL_write_early_finish() an internal only function
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
|
| #
f7e393be |
| 27-Feb-2017 |
Matt Caswell |
Various fixes required to allow SSL_write/SSL_read during early data
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
|
| #
d7f8783f |
| 25-Feb-2017 |
Matt Caswell |
Enable the server to call SSL_write() without stopping the ability to call SSL_read_early()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pul
Enable the server to call SSL_write() without stopping the ability to call SSL_read_early()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
show more ...
|
| #
564547e4 |
| 25-Feb-2017 |
Matt Caswell |
Enable the client to call SSL_read() without stopping the ability to call SSL_write_early()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pul
Enable the client to call SSL_read() without stopping the ability to call SSL_write_early()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
show more ...
|
| #
a832b5ef |
| 24-Feb-2017 |
Matt Caswell |
Skip early_data if appropriate after a HelloRetryRequest
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
|
| #
1ea4d09a |
| 22-Feb-2017 |
Matt Caswell |
Construct the server side early_data extension
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
|
| #
d781d247 |
| 21-Feb-2017 |
Matt Caswell |
Provide an SSL_read_early() function for reading early data
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
|
| #
0a87d0ac |
| 20-Feb-2017 |
Matt Caswell |
Parse the early_data extension
We also skip any early_data that subsequently gets sent. Later commits will
process it if we can.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(
Parse the early_data extension
We also skip any early_data that subsequently gets sent. Later commits will
process it if we can.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
show more ...
|
| #
49e7fe12 |
| 21-Feb-2017 |
Matt Caswell |
Provide functions to write early data
We provide SSL_write_early() which *must* be called first on a connection
(prior to any other IO function including SSL_connect()/SSL_do_handshake()
Provide functions to write early data
We provide SSL_write_early() which *must* be called first on a connection
(prior to any other IO function including SSL_connect()/SSL_do_handshake()).
Also SSL_write_early_finish() which signals the end of early data.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2737)
show more ...
|
|
Revision tags: OpenSSL_1_1_0e |
|
| #
ddf97258 |
| 06-Feb-2017 |
Benjamin Kaduk |
Prepare for WORK_MORE_C
Add the new enum value and case statements as appropriate.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org
Prepare for WORK_MORE_C
Add the new enum value and case statements as appropriate.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)
show more ...
|
|
Revision tags: OpenSSL_1_0_2k, OpenSSL_1_1_0d |
|
| #
c7f47786 |
| 10-Jan-2017 |
Matt Caswell |
Move state machine knowledge out of the record layer
The record layer was making decisions that should really be left to the
state machine around unexpected handshake messages that are r
Move state machine knowledge out of the record layer
The record layer was making decisions that should really be left to the
state machine around unexpected handshake messages that are received after
the initial handshake (i.e. renegotiation related messages). This commit
removes that code from the record layer and updates the state machine
accordingly. This simplifies the state machine and paves the way for
handling other messages post-handshake such as the NewSessionTicket in
TLSv1.3.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
| #
0386aad1 |
| 10-Jan-2017 |
Matt Caswell |
Remove use of the SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag
This flag is never set by anything so remove it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.
Remove use of the SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag
This flag is never set by anything so remove it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
|
Revision tags: OpenSSL-fips-2_0_15 |
|
| #
23573051 |
| 22-Nov-2016 |
Matt Caswell |
Stop server from expecting Certificate message when not requested
In a non client-auth renegotiation where the original handshake *was*
client auth, then the server will expect the clien
Stop server from expecting Certificate message when not requested
In a non client-auth renegotiation where the original handshake *was*
client auth, then the server will expect the client to send a Certificate
message anyway resulting in a connection failure.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1982)
show more ...
|
| #
10305baf |
| 22-Nov-2016 |
Matt Caswell |
Stop client from sending Certificate message when not requested
In a non client-auth renegotiation where the original handshake *was*
client auth, then the client will send a Certificate
Stop client from sending Certificate message when not requested
In a non client-auth renegotiation where the original handshake *was*
client auth, then the client will send a Certificate message anyway
resulting in a connection failure.
Fixes #1920
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1982)
show more ...
|
|
Revision tags: OpenSSL-fips-2_0_14 |
|
| #
e72040c1 |
| 13-Nov-2016 |
Richard Levitte |
Remove heartbeat support
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669)
|
|
Revision tags: OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a |
|
| #
eda75751 |
| 06-Sep-2016 |
Matt Caswell |
Further libssl size_t-ify of reading
Writing still to be done
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
6392fb8e |
| 30-Sep-2016 |
Matt Caswell |
Move setting of the handshake header up one more level
We now set the handshake header, and close the packet directly in the
write_state_machine. This is now possible because it is commo
Move setting of the handshake header up one more level
We now set the handshake header, and close the packet directly in the
write_state_machine. This is now possible because it is common for all
messages.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
7cea05dc |
| 29-Sep-2016 |
Matt Caswell |
Move init of the WPACKET into write_state_machine()
Instead of initialising, finishing and cleaning up the WPACKET in every
message construction function, we should do it once in
wri
Move init of the WPACKET into write_state_machine()
Instead of initialising, finishing and cleaning up the WPACKET in every
message construction function, we should do it once in
write_state_machine().
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
0d698f66 |
| 23-Sep-2016 |
Matt Caswell |
Fix Use After Free for large message sizes
The buffer to receive messages is initialised to 16k. If a message is
received that is larger than that then the buffer is "realloc'd". This ca
Fix Use After Free for large message sizes
The buffer to receive messages is initialised to 16k. If a message is
received that is larger than that then the buffer is "realloc'd". This can
cause the location of the underlying buffer to change. Anything that is
referring to the old location will be referring to free'd data. In the
recent commit c1ef7c97 (master) and 4b390b6c (1.1.0) the point in the code
where the message buffer is grown was changed. However s->init_msg was not
updated to point at the new location.
CVE-2016-6309
Reviewed-by: Emilia Käsper <emilia@openssl.org>
show more ...
|
| #
f3b3d7f0 |
| 30-Aug-2016 |
Rich Salz |
Add -Wswitch-enum
Change code so when switching on an enumeration, have case's for all
enumeration values.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
| #
a449b47c |
| 22-Sep-2016 |
Richard Levitte |
Fix error message typo, wrong function code
Reviewed-by: Matt Caswell <matt@openssl.org>
|
| #
c1ef7c97 |
| 19-Sep-2016 |
Matt Caswell |
Excessive allocation of memory in tls_get_message_header()
A TLS message includes 3 bytes for its length in the header for the message.
This would allow for messages up to 16Mb in length
Excessive allocation of memory in tls_get_message_header()
A TLS message includes 3 bytes for its length in the header for the message.
This would allow for messages up to 16Mb in length. Messages of this length
are excessive and OpenSSL includes a check to ensure that a peer is sending
reasonably sized messages in order to avoid too much memory being consumed
to service a connection. A flaw in the logic of version 1.1.0 means that
memory for the message is allocated too early, prior to the excessive
message length check. Due to way memory is allocated in OpenSSL this could
mean an attacker could force up to 21Mb to be allocated to service a
connection. This could lead to a Denial of Service through memory
exhaustion. However, the excessive message length check still takes place,
and this would cause the connection to immediately fail. Assuming that the
application calls SSL_free() on the failed conneciton in a timely manner
then the 21Mb of allocated memory will then be immediately freed again.
Therefore the excessive memory allocation will be transitory in nature.
This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the
event that the connection fails
or
2) The application is working in a constrained environment where there
is very little free memory
or
3) The attacker initiates multiple connection attempts such that there
are multiple connections in a state where memory has been allocated for
the connection; SSL_free() has not yet been called; and there is
insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to
be transitory because as soon as the connection fails the memory is
subsequently freed again in the SSL_free() call. However there is an
increased risk during this period of application crashes due to the lack
of memory - which would then mean a more serious Denial of Service.
This issue does not affect DTLS users.
Issue was reported by Shi Lei (Gear Team, Qihoo 360 Inc.).
CVE-2016-6307
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
4f8a5f4d |
| 13-Sep-2016 |
Alessandro Ghedini |
Use switch instead of multiple ifs
Makes the logic a little bit clearer.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged fr
Use switch instead of multiple ifs
Makes the logic a little bit clearer.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1571)
show more ...
|
