Re: [openssl.org #1929] DTLS MTU bug

2009-05-16 Thread Michael Tüxen
On May 16, 2009, at 2:16 PM, Dr. Stephen Henson wrote: On Sat, May 16, 2009, Michael Txen wrote: Dear all, we will revise this patch on Monday. Please do not commit. I need to play with the IP_MTU option on a Linux system and have a discussion with Robin. It has already been committed but

[openssl.org #1922] [PATCH] DTLS Timer Bug

2009-05-16 Thread Stephen Henson via RT
> [seggelm...@fh-muenster.de - Sat May 16 12:13:35 2009]: > > > Patch applied to 1.0.0 and HEAD. Should this go into 0.9.8 too? > > Thanks for applying. Yes, this is important for 0.9.8, too. Every > patch for DTLS I submitted concerns both branches, there are no > differences so far. > The

Re: [openssl.org #1929] DTLS MTU bug

2009-05-16 Thread Dr. Stephen Henson
On Sat, May 16, 2009, Michael Txen wrote: > Dear all, > > we will revise this patch on Monday. Please do not commit. > I need to play with the IP_MTU option on a Linux system > and have a discussion with Robin. > It has already been committed but that can be reverted. I've reopened the ticket. C

[openssl.org #1931] [PATCH] DTLS fragment handling memory leak

2009-05-16 Thread Robin Seggelmann via RT
In dtls1_process_out_of_seq_message() the check if the current message is already buffered was missing. For every new message was memory allocated, allowing an attacker to perform an denial of service attack with sending out of seq handshake messages until there is no memory left. Additiona

[openssl.org #1930] [PATCH] DTLS record buffer limitation bug

2009-05-16 Thread Robin Seggelmann via RT
Records are buffered if they arrive with a future epoch to be processed after finishing the corresponding handshake. There is currently no limitation to this buffer allowing an attacker to perform a DOS attack with sending records with future epochs until there is no memory left. This patch

Re: [openssl.org #1929] DTLS MTU bug

2009-05-16 Thread Michael Tüxen
Dear all, we will revise this patch on Monday. Please do not commit. I need to play with the IP_MTU option on a Linux system and have a discussion with Robin. Best regards Michael On May 15, 2009, at 8:22 PM, Robin Seggelmann via RT wrote: On May 12, 2009, at 8:24 PM, Daniel Mentz wrote: I

Error in openssl-1.0.0-stable-SNAP-20090516

2009-05-16 Thread The Doctor
make making all in crypto... making all in crypto/objects... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto/mdc2... making all in crypto/hmac... making all in crypto/ripemd... making all in crypto/whrlpool... making all in crypto/des... mak

Re: [openssl.org #1922] [PATCH] DTLS Timer Bug

2009-05-16 Thread Robin Seggelmann via RT
> Patch applied to 1.0.0 and HEAD. Should this go into 0.9.8 too? Thanks for applying. Yes, this is important for 0.9.8, too. Every patch for DTLS I submitted concerns both branches, there are no differences so far. Robin _