openssl

mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00

History

Bernd Edlinger e915c3f538 Fix an assertion in the DTLS server code This fixes an internal error alert from the server and an unexpected connection failure in the release version, but a failed assertion and a server crash in the debug version. Reproduce this issue with a DTLS server/client like that: ./openssl s_server -dtls -mtu 1500 ./openssl s_client -dtls -maxfraglen 512 In the debug version a crash happens in the Server now: ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written Aborted (core dumped) While in the release version the handshake exceeds the negotiated max fragment size, and fails because of this: $ ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ERROR 4057152ADA7F0000:error:0A0000C2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826: shutting down SSL CONNECTION CLOSED From the client's point of view the connection fails with an Internal Error Alert: $ ./openssl s_client -dtls -maxfraglen 512 Connecting to ::1 CONNECTED(00000003) 40B76343377F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80 and now the connection attempt fails unexpectedly. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18093)		2022-04-14 16:16:47 +02:00
..
record	KTLS: Handle TLS 1.3 in ssl3_get_record.	2022-04-06 13:15:27 +02:00
statem	Fix an assertion in the DTLS server code	2022-04-14 16:16:47 +02:00
bio_ssl.c	Fix ssl_free() and thus BIO_free() to respect BIO_NOCLOSE	2021-10-04 10:55:39 +02:00
build.info	Do not duplicate symbols between libcrypto and libssl in static builds	2021-06-14 09:21:05 +10:00
d1_lib.c	Move e_os.h to include/internal	2022-02-05 05:31:09 +01:00
d1_msg.c	fix some code with obvious wrong coding style	2021-10-28 13:10:46 +10:00
d1_srtp.c
ktls.c	KTLS: Check for unprocessed receive records in ktls_configure_crypto.	2022-04-06 13:15:27 +02:00
methods.c
pqueue.c
s3_cbc.c	fips module header inclusion fine-tunning	2021-07-06 10:52:27 +10:00
s3_enc.c
s3_lib.c	Add SSL_(CTX_)?get0_(verify\|chain)_cert_store functions	2022-04-06 18:21:11 +02:00
s3_msg.c
ssl_asn1.c	Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests	2021-08-31 12:20:12 +02:00
ssl_cert_table.h
ssl_cert.c	Add SSL_(CTX_)?get0_(verify\|chain)_cert_store functions	2022-04-06 18:21:11 +02:00
ssl_ciph.c	Don't include any TLSv1.3 ciphersuites that are disabled	2021-11-29 12:17:30 +10:00
ssl_conf.c	SSL_conf_cmd: Allow DH Parameters at any position.	2022-04-12 10:39:09 +02:00
ssl_err_legacy.c	Update copyright year	2021-06-17 13:24:59 +01:00
ssl_err.c	Update alert to common protocol	2022-01-08 10:18:26 +01:00
ssl_init.c	Move e_os.h to include/internal	2022-02-05 05:31:09 +01:00
ssl_lib.c	Fix Coverity 1498611 & 1498608: uninitialised read	2022-03-23 11:06:32 +11:00
ssl_local.h	Add SSL_(CTX_)?get0_(verify\|chain)_cert_store functions	2022-04-06 18:21:11 +02:00
ssl_mcnf.c
ssl_rsa_legacy.c
ssl_rsa.c	ssl: replace ;; with ; as statement separator	2022-01-18 15:10:38 +11:00
ssl_sess.c	ssl: better support TSAN operations	2022-01-19 21:51:47 +11:00
ssl_stat.c	Update copyright year	2021-09-07 13:35:43 +02:00
ssl_txt.c	print SSL session, fix build warnings on OpenBSD.	2022-03-18 12:49:09 +01:00
ssl_utst.c
sslerr.h
t1_enc.c	KTLS: Check for unprocessed receive records in ktls_configure_crypto.	2022-04-06 13:15:27 +02:00
t1_lib.c	Add back check for the DH public key size	2022-02-17 13:21:01 +11:00
t1_trce.c	Enable brainpool curves for TLS1.3	2021-11-26 06:45:19 +01:00
tls13_enc.c	KTLS: Enable KTLS for receiving as well in TLS 1.3	2022-04-06 13:15:27 +02:00
tls_depr.c	Replace the AES-128-CBC-HMAC-SHA1 cipher in e_ossltest.c	2021-10-06 15:18:10 +02:00
tls_srp.c