- Sep 23, 2015
-
-
Matt Caswell authored
The existing implementation of DTLSv1_listen() is fundamentally flawed. This function is used in DTLS solutions to listen for new incoming connections from DTLS clients. A client will send an initial ClientHello. The server will respond with a HelloVerifyRequest containing a unique cookie. The client the responds with a second ClientHello - which this time contains the cookie. Once the cookie has been verified then DTLSv1_listen() returns to user code, which is typically expected to continue the handshake with a call to (for example) SSL_accept(). Whilst listening for incoming ClientHellos, the underlying BIO is usually in an unconnected state. Therefore ClientHellos can come in from *any* peer. The arrival of the first ClientHello without the cookie, and the second one with it, could be interspersed with other intervening messages from different clients. The whole purpose of this mechanism is as a defence against DoS attacks. The idea is to avoid allocating state on the server until the client has verified that it is capable of receiving messages at the address it claims to come from. However the existing DTLSv1_listen() implementation completely fails to do this. It attempts to super-impose itself on the standard state machine and reuses all of this code. However the standard state machine expects to operate in a stateful manner with a single client, and this can cause various problems. A second more minor issue is that the return codes from this function are quite confused, with no distinction made between fatal and non-fatal errors. Most user code treats all errors as non-fatal, and simply retries the call to DTLSv1_listen(). This commit completely rewrites the implementation of DTLSv1_listen() and provides a stand alone implementation that does not rely on the existing state machine. It also provides more consistent return codes. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Matt Caswell authored
Add the ability to peek at a message from the DTLS read BIO. This is needed for the DTLSv1_listen rewrite. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Sep 22, 2015
-
-
Matt Caswell authored
The openssl rehash command is not available on some platforms including Windows. This change skips the associated tests if rehash is not available. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Get rid of the third field that is no longer needed. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Since SSLv3, a CipherSuite is always 2 bytes. The only place where we need 3-byte ciphers is SSLv2-compatible ClientHello processing. So, remove the ssl_put_cipher_by_char indirection. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Emilia Kasper authored
Fix comment, add another overflow check, tidy style Reviewed-by: Matt Caswell <matt@openssl.org>
-
Alessandro Ghedini authored
BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading past the input if the input was not a C string. Make it explicitly part of BUF_strndup's contract to never read more than |siz| input bytes. This augments the standard strndup contract to be safer. The commit also adds a check for siz overflow and some brief documentation for BUF_strndup(). Reviewed-by: Matt Caswell <matt@openssl.org>
-
Rich Salz authored
For all release branches. It adds travis build support. If you don't have a config file it uses the default (because we enabled travis for the project), which uses ruby/rake/rakefiles, and you get confusing "build still failing" messages. Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Move various functions tagged onto t_x509.c to more appropriate places. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Rich Salz authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Sep 21, 2015
-
-
David Woodhouse authored
If we use BIO_new_file(), on Windows it'll jump through hoops to work around their unusual charset/Unicode handling. it'll convert a UTF-8 filename to UCS-16LE and attempt to use _wfopen(). If you use BIO_read_filename(), it doesn't do this. Shouldn't it be consistent? It would certainly be nice if SSL_use_certificate_chain_file() worked. Also made BIO_C_SET_FILENAME work (rsalz) Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Gunnar Kudrjavets authored
There are a couple of minor fixes here: 1) Handle the case when RegisterEventSource() fails (which it may for various reasons) and do the work of logging the event only if it succeeds. 2) Handle the case when ReportEvent() fails and do our best in debug builds to at least attempt somehow indicate that something has gone wrong. The typical situation would be someone running tools like DbMon, DBWin32, DebugView or just having the debugger attached. The intent is to make sure that at least some data will be captured so that we can save hours and days of debugging time. 3) Minor fix to change the MessageBox() flag to MB_ICONERROR. Though the value of MB_ICONERROR is the same value as MB_ICONSTOP, the intent is better conveyed by using MB_ICONERROR. Testing performed: 1) Clean compilation for debug-VC-WIN32 and VC-WIN32. 2) Good test results (nmake -f ms\ntdll.mak test) for debug-VC-WIN32 and VC-WIN32. 3) Stepped through relevant changes using WinDBG and exercised the impacted code paths. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Matt Caswell <matt@openssl.org>
-