#
d1186c30 |
| 13-Apr-2017 |
Todd Short |
Fix minor compiler issues. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3220)
|
#
ef6c191b |
| 09-Mar-2017 |
Matt Caswell |
Update end of early data processing for draft-19 The end of early data is now indicated by a new handshake message rather than an alert. Reviewed-by: Rich Salz <rsalz@openssl.or
Update end of early data processing for draft-19 The end of early data is now indicated by a new handshake message rather than an alert. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2895)
show more ...
|
#
3eaa4170 |
| 27-Feb-2017 |
Matt Caswell |
Make SSL_write_early_finish() an internal only function Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
|
#
f7e393be |
| 27-Feb-2017 |
Matt Caswell |
Various fixes required to allow SSL_write/SSL_read during early data Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
|
#
d7f8783f |
| 25-Feb-2017 |
Matt Caswell |
Enable the server to call SSL_write() without stopping the ability to call SSL_read_early() Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pul
Enable the server to call SSL_write() without stopping the ability to call SSL_read_early() Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
show more ...
|
#
564547e4 |
| 25-Feb-2017 |
Matt Caswell |
Enable the client to call SSL_read() without stopping the ability to call SSL_write_early() Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pul
Enable the client to call SSL_read() without stopping the ability to call SSL_write_early() Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
show more ...
|
#
a832b5ef |
| 24-Feb-2017 |
Matt Caswell |
Skip early_data if appropriate after a HelloRetryRequest Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
|
#
1ea4d09a |
| 22-Feb-2017 |
Matt Caswell |
Construct the server side early_data extension Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
|
#
d781d247 |
| 21-Feb-2017 |
Matt Caswell |
Provide an SSL_read_early() function for reading early data Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
|
#
0a87d0ac |
| 20-Feb-2017 |
Matt Caswell |
Parse the early_data extension We also skip any early_data that subsequently gets sent. Later commits will process it if we can. Reviewed-by: Rich Salz <rsalz@openssl.org> (
Parse the early_data extension We also skip any early_data that subsequently gets sent. Later commits will process it if we can. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
show more ...
|
#
49e7fe12 |
| 21-Feb-2017 |
Matt Caswell |
Provide functions to write early data We provide SSL_write_early() which *must* be called first on a connection (prior to any other IO function including SSL_connect()/SSL_do_handshake()
Provide functions to write early data We provide SSL_write_early() which *must* be called first on a connection (prior to any other IO function including SSL_connect()/SSL_do_handshake()). Also SSL_write_early_finish() which signals the end of early data. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)
show more ...
|
Revision tags: OpenSSL_1_1_0e |
|
#
ddf97258 |
| 06-Feb-2017 |
Benjamin Kaduk |
Prepare for WORK_MORE_C Add the new enum value and case statements as appropriate. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org
Prepare for WORK_MORE_C Add the new enum value and case statements as appropriate. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2279)
show more ...
|
Revision tags: OpenSSL_1_0_2k, OpenSSL_1_1_0d |
|
#
c7f47786 |
| 10-Jan-2017 |
Matt Caswell |
Move state machine knowledge out of the record layer The record layer was making decisions that should really be left to the state machine around unexpected handshake messages that are r
Move state machine knowledge out of the record layer The record layer was making decisions that should really be left to the state machine around unexpected handshake messages that are received after the initial handshake (i.e. renegotiation related messages). This commit removes that code from the record layer and updates the state machine accordingly. This simplifies the state machine and paves the way for handling other messages post-handshake such as the NewSessionTicket in TLSv1.3. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
#
0386aad1 |
| 10-Jan-2017 |
Matt Caswell |
Remove use of the SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag This flag is never set by anything so remove it. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.
Remove use of the SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag This flag is never set by anything so remove it. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
show more ...
|
Revision tags: OpenSSL-fips-2_0_15 |
|
#
23573051 |
| 22-Nov-2016 |
Matt Caswell |
Stop server from expecting Certificate message when not requested In a non client-auth renegotiation where the original handshake *was* client auth, then the server will expect the clien
Stop server from expecting Certificate message when not requested In a non client-auth renegotiation where the original handshake *was* client auth, then the server will expect the client to send a Certificate message anyway resulting in a connection failure. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1982)
show more ...
|
#
10305baf |
| 22-Nov-2016 |
Matt Caswell |
Stop client from sending Certificate message when not requested In a non client-auth renegotiation where the original handshake *was* client auth, then the client will send a Certificate
Stop client from sending Certificate message when not requested In a non client-auth renegotiation where the original handshake *was* client auth, then the client will send a Certificate message anyway resulting in a connection failure. Fixes #1920 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1982)
show more ...
|
Revision tags: OpenSSL-fips-2_0_14 |
|
#
e72040c1 |
| 13-Nov-2016 |
Richard Levitte |
Remove heartbeat support Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1669)
|
Revision tags: OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a |
|
#
eda75751 |
| 06-Sep-2016 |
Matt Caswell |
Further libssl size_t-ify of reading Writing still to be done Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
6392fb8e |
| 30-Sep-2016 |
Matt Caswell |
Move setting of the handshake header up one more level We now set the handshake header, and close the packet directly in the write_state_machine. This is now possible because it is commo
Move setting of the handshake header up one more level We now set the handshake header, and close the packet directly in the write_state_machine. This is now possible because it is common for all messages. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
7cea05dc |
| 29-Sep-2016 |
Matt Caswell |
Move init of the WPACKET into write_state_machine() Instead of initialising, finishing and cleaning up the WPACKET in every message construction function, we should do it once in wri
Move init of the WPACKET into write_state_machine() Instead of initialising, finishing and cleaning up the WPACKET in every message construction function, we should do it once in write_state_machine(). Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
0d698f66 |
| 23-Sep-2016 |
Matt Caswell |
Fix Use After Free for large message sizes The buffer to receive messages is initialised to 16k. If a message is received that is larger than that then the buffer is "realloc'd". This ca
Fix Use After Free for large message sizes The buffer to receive messages is initialised to 16k. If a message is received that is larger than that then the buffer is "realloc'd". This can cause the location of the underlying buffer to change. Anything that is referring to the old location will be referring to free'd data. In the recent commit c1ef7c97 (master) and 4b390b6c (1.1.0) the point in the code where the message buffer is grown was changed. However s->init_msg was not updated to point at the new location. CVE-2016-6309 Reviewed-by: Emilia Käsper <emilia@openssl.org>
show more ...
|
#
f3b3d7f0 |
| 30-Aug-2016 |
Rich Salz |
Add -Wswitch-enum Change code so when switching on an enumeration, have case's for all enumeration values. Reviewed-by: Andy Polyakov <appro@openssl.org>
|
#
a449b47c |
| 22-Sep-2016 |
Richard Levitte |
Fix error message typo, wrong function code Reviewed-by: Matt Caswell <matt@openssl.org>
|
#
c1ef7c97 |
| 19-Sep-2016 |
Matt Caswell |
Excessive allocation of memory in tls_get_message_header() A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length
Excessive allocation of memory in tls_get_message_header() A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if: 1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests. Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service. This issue does not affect DTLS users. Issue was reported by Shi Lei (Gear Team, Qihoo 360 Inc.). CVE-2016-6307 Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
4f8a5f4d |
| 13-Sep-2016 |
Alessandro Ghedini |
Use switch instead of multiple ifs Makes the logic a little bit clearer. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged fr
Use switch instead of multiple ifs Makes the logic a little bit clearer. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1571)
show more ...
|