Skip to content
  1. Nov 06, 2013
  2. Nov 03, 2013
  3. Nov 01, 2013
    • Robin Seggelmann's avatar
      DTLS/SCTP Finished Auth Bug · 025f7dbd
      Robin Seggelmann authored
      PR: 2808
      
      With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and
      FORWARD-TSN chunks. The key for this extension is derived from the
      master secret and changed with the next ChangeCipherSpec, whenever a new
      key has been negotiated. The following Finished then already uses the
      new key.  Unfortunately, the ChangeCipherSpec and Finished are part of
      the same flight as the ClientKeyExchange, which is necessary for the
      computation of the new secret. Hence, these messages are sent
      immediately following each other, leaving the server very little time to
      compute the new secret and pass it to SCTP before the finished arrives.
      So the Finished is likely to be discarded by SCTP and a retransmission
      becomes necessary. To prevent this issue, the Finished of the client is
      still sent with the old key.
      (cherry picked from commit 9fb523ad)
      (cherry picked from commit b9ef52b0)
      025f7dbd
    • Robin Seggelmann's avatar
      DTLS/SCTP struct authchunks Bug · 44f4934b
      Robin Seggelmann authored
      PR: 2809
      
      DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with
      SCTP-AUTH.  It is checked if this has been activated successfully for
      the local and remote peer. Due to a bug, however, the
      gauth_number_of_chunks field of the authchunks struct is missing on
      FreeBSD, and was therefore not considered in the OpenSSL implementation.
      This patch sets the corresponding pointer for the check correctly
      whether or not this bug is present.
      (cherry picked from commit f596e3c4)
      (cherry picked from commit b8140811)
      44f4934b
  4. Oct 20, 2013
    • Nick Mathewson's avatar
      453ca706
    • Dr. Stephen Henson's avatar
      Don't use RSA+MD5 with TLS 1.2 · 5e1ff664
      Dr. Stephen Henson authored
      Since the TLS 1.2 supported signature algorithms extension is less
      sophisticaed in OpenSSL 1.0.1 this has to be done in two stages.
      
      RSA+MD5 is removed from supported signature algorithms extension:
      any compliant implementation should never use RSA+MD5 as a result.
      
      To cover the case of a broken implementation using RSA+MD5 anyway
      disable lookup of MD5 algorithm in TLS 1.2.
      5e1ff664
  5. Oct 19, 2013
  6. Oct 13, 2013
  7. Oct 12, 2013
  8. Oct 09, 2013
  9. Oct 03, 2013
  10. Oct 01, 2013
  11. Sep 30, 2013
  12. Sep 22, 2013
  13. Sep 16, 2013
  14. Sep 15, 2013
  15. Aug 20, 2013
  16. Aug 13, 2013
    • Michael Tuexen's avatar
      DTLS message_sequence number wrong in rehandshake ServerHello · 83a3af9f
      Michael Tuexen authored
      This fix ensures that
      * A HelloRequest is retransmitted if not responded by a ClientHello
      * The HelloRequest "consumes" the sequence number 0. The subsequent
      ServerHello uses the sequence number 1.
      * The client also expects the sequence number of the ServerHello to
      be 1 if a HelloRequest was received earlier.
      This patch fixes the RFC violation.
      (cherry picked from commit b62f4daa)
      83a3af9f
  17. Aug 08, 2013
    • Michael Tuexen's avatar
      DTLS handshake fix. · 76bf0cf2
      Michael Tuexen authored
      Reported by: Prashant Jaikumar <rmstar@gmail.com>
      
      Fix handling of application data received before a handshake.
      (cherry picked from commit 0c75eeac)
      76bf0cf2
  18. Aug 06, 2013
    • Dr. Stephen Henson's avatar
      Fix verify loop with CRL checking. · 7cf0529b
      Dr. Stephen Henson authored
      PR #3090
      Reported by: Franck Youssef <fry@open.ch>
      
      If no new reason codes are obtained after checking a CRL exit with an
      error to avoid repeatedly checking the same CRL.
      
      This will only happen if verify errors such as invalid CRL scope are
      overridden in a callback.
      (cherry picked from commit 4b26645c)
      7cf0529b
    • Kaspar Brand's avatar
      Fix for PEM_X509_INFO_read_bio. · 6c03af13
      Kaspar Brand authored
      PR: 3028
      Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
      correctly if they appeared first.
      (cherry picked from commit 5ae8d6bc)
      6c03af13
  19. Aug 03, 2013
  20. Jul 31, 2013