diff options
author | Michael Tuexen <tuexen@fh-muenster.de> | 2018-12-26 12:44:53 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-02-01 12:03:43 +0000 |
commit | 243ff51cc6757ab56cda4a7f69fbdcddf81141b6 (patch) | |
tree | 71177c7b975c9945d27c25356eb4edc0b0be2a8d /doc | |
parent | 1b66fc87da7c3851d7229993219336afa587f325 (diff) |
Fix end-point shared secret for DTLS/SCTP
When computing the end-point shared secret, don't take the
terminating NULL character into account.
Please note that this fix breaks interoperability with older
versions of OpenSSL, which are not fixed.
Fixes #7956
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7957)
(cherry picked from commit 09d62b336d9e2a11b330d45d4f0f3f37cbb0d674)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/s_client.pod | 9 | ||||
-rw-r--r-- | doc/man1/s_server.pod | 9 | ||||
-rw-r--r-- | doc/man3/SSL_CTX_set_mode.pod | 9 |
3 files changed, 27 insertions, 0 deletions
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 85179873c2..58fe37a69b 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -100,6 +100,7 @@ B<openssl> B<s_client> [B<-dtls1>] [B<-dtls1_2>] [B<-sctp>] +[B<-sctp_label_bug>] [B<-fallback_scsv>] [B<-async>] [B<-max_send_frag>] @@ -489,6 +490,14 @@ Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only available where OpenSSL has support for SCTP enabled. +=item B<-sctp_label_bug> + +Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for DTLS/SCTP. This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with B<-sctp>. This option is only +available where OpenSSL has support for SCTP enabled. + =item B<-fallback_scsv> Send TLS_FALLBACK_SCSV in the ClientHello. diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index 57f2405888..254bfe799b 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -173,6 +173,7 @@ B<openssl> B<s_server> [B<-dtls1>] [B<-dtls1_2>] [B<-sctp>] +[B<-sctp_label_bug>] [B<-no_dhe>] [B<-nextprotoneg val>] [B<-use_srtp val>] @@ -685,6 +686,14 @@ Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only available where OpenSSL has support for SCTP enabled. +=item B<-sctp_label_bug> + +Use the incorrect behaviour of older OpenSSL implementations when computing +endpoint-pair shared secrets for DTLS/SCTP. This allows communication with +older broken implementations but breaks interoperability with correct +implementations. Must be used in conjunction with B<-sctp>. This option is only +available where OpenSSL has support for SCTP enabled. + =item B<-no_dhe> If this option is set then no DH parameters will be loaded effectively diff --git a/doc/man3/SSL_CTX_set_mode.pod b/doc/man3/SSL_CTX_set_mode.pod index 76ed717625..4e06eb550a 100644 --- a/doc/man3/SSL_CTX_set_mode.pod +++ b/doc/man3/SSL_CTX_set_mode.pod @@ -105,6 +105,15 @@ Enable asynchronous processing. TLS I/O operations may indicate a retry with SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is used to perform cryptographic operations. See L<SSL_get_error(3)>. +=item SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG + +Older versions of OpenSSL had a bug in the computation of the label length +used for computing the endpoint-pair shared secret. The bug was that the +terminating zero was included in the length of the label. Setting this option +enables this behaviour to allow interoperability with such broken +implementations. Please note that setting this option breaks interoperability +with correct implementations. This option only applies to DTLS over SCTP. + =back All modes are off by default except for SSL_MODE_AUTO_RETRY which is on by |