- 08 1月, 2015 3 次提交
-
-
由 Matt Caswell 提交于
ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion. Thanks to Chris Mueller for reporting this issue and providing initial analysis and a patch. Further analysis and the final patch was performed by Matt Caswell from the OpenSSL development team. CVE-2015-0206 Reviewed-by: NDr Stephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. Reviewed-by: NDr Stephen Henson <steve@openssl.org>
-
由 Dr. Stephen Henson 提交于
separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3571 Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 31 12月, 2014 1 次提交
-
-
由 Tim Hudson 提交于
indent will not alter them when reformatting comments Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 28 11月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
PR#1767 Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 15 8月, 2014 1 次提交
-
-
由 Hans Wennborg 提交于
Remove some redundant logical expressions Reviewed-by: NEmilia Kasper <emilia@silkandcyanide.net>
-
- 02 6月, 2014 2 次提交
-
-
由 Matt Caswell 提交于
-
由 David Ramos 提交于
Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362
-
- 18 9月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Make DTLS behave like TLS when negotiating version: record layer has DTLS 1.0, message version is 1.2. Tolerate different version numbers if version hasn't been negotiated yet.
-
- 14 8月, 2013 1 次提交
-
-
由 Michael Tuexen 提交于
This fix ensures that * A HelloRequest is retransmitted if not responded by a ClientHello * The HelloRequest "consumes" the sequence number 0. The subsequent ServerHello uses the sequence number 1. * The client also expects the sequence number of the ServerHello to be 1 if a HelloRequest was received earlier. This patch fixes the RFC violation.
-
- 08 8月, 2013 1 次提交
-
-
由 Michael Tuexen 提交于
Reported by: Prashant Jaikumar <rmstar@gmail.com> Fix handling of application data received before a handshake.
-
- 09 4月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
-
- 28 3月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in DTLS 1.2 mode too.
-
- 11 3月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add DTLS record header parsing, different client hello format and add HelloVerifyRequest message type. Add code to d1_pkt.c to send message headers to the message callback.
-
- 27 2月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 08 2月, 2013 1 次提交
-
-
由 Andy Polyakov 提交于
Revert is appropriate because binary compatibility is not an issue in 1.1.
-
- 06 2月, 2013 4 次提交
-
-
由 Andy Polyakov 提交于
Kludge alert. This is arranged by passing padding length in unused bits of SSL3_RECORD->type, so that orig_len can be reconstructed. (cherry picked from commit 8bfd4c659f180a6ce34f21c0e62956b362067fba)
-
由 Ben Laurie 提交于
This change updates the DTLS code to match the constant-time CBC behaviour in the TLS. (cherry picked from commit 9f27de170d1b7bef3d46d41382dc4dafde8b3900)
-
由 Ben Laurie 提交于
The previous CBC patch was bugged in that there was a path through enc() in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left at the previous value which could suggest that the packet was a sufficient length when it wasn't. (cherry picked from commit 6cb19b7681f600b2f165e4adc57547b097b475fd)
-
由 Ben Laurie 提交于
This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. (cherry picked from commit 2ee798880a246d648ecddadc5b91367bee4a5d98)
-
- 09 3月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS timeout handling.
-
- 19 1月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050)
-
- 05 1月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson.
-
- 01 1月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Support for TLS/DTLS heartbeats.
-
- 25 12月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Add SCTP support for DTLS (RFC 6083).
-
- 01 9月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS buffering and decryption bug.
-
- 05 1月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
alert.
-
- 26 8月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Support for abbreviated handshakes when renegotiating.
-
- 12 6月, 2010 1 次提交
-
-
由 Ben Laurie 提交于
-
- 14 4月, 2010 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Don't drop DTLS connection if mac or decryption failed.
-
由 Dr. Stephen Henson 提交于
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS buffer record MAC failure bug.
-
- 06 4月, 2010 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS replay bug.
-
由 Dr. Stephen Henson 提交于
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Fixes for DTLS buffering bug.
-
- 05 10月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 16 9月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS listen bug fix,
-
- 26 8月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Do not use multiple DTLS records for a single user message
-
- 12 8月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS timeout handling fix.
-
- 24 7月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix from 0.9.8-stable.
-
- 13 7月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 04 7月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-