generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/ssl
History
Matt Caswell 1d2a18dc5a Multiblock corrupted pointer fix 
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
feature only applies on 64 bit x86 architecture platforms that support AES
NI instructions. A defect in the implementation of "multiblock" can cause
OpenSSL's internal write buffer to become incorrectly set to NULL when
using non-blocking IO. Typically, when the user application is using a
socket BIO for writing, this will only result in a failed connection.
However if some other BIO is used then it is likely that a segmentation
fault will be triggered, thus enabling a potential DoS attack.

CVE-2015-0290

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-19 11:11:02 +00:00
..
bio_ssl.c
dead code cleanup: #if 0 in ssl
2015-02-06 10:52:12 -05:00
d1_both.c
Fix DTLS1_BAD_VER regression
2015-03-09 10:51:57 +00:00
d1_clnt.c
dead code cleanup: #if 0 in ssl
2015-02-06 10:52:12 -05:00
d1_lib.c
Wrong SSL version in DTLS1_BAD_VER ClientHello
2015-03-09 11:04:39 +00:00
d1_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
d1_pkt.c
Harmonize return values in dtls1_buffer_record
2015-03-10 12:18:18 -07:00
d1_srtp.c
dead code cleanup: #if 0 in ssl
2015-02-06 10:52:12 -05:00
d1_srvr.c
Remove NETSCAPE_HANG_BUG
2015-02-26 23:27:09 +00:00
dtls1.h
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
2015-02-27 20:29:03 +00:00
heartbeat_test.c
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
install-ssl.com
Install srtp.h
2012-07-05 13:20:19 +00:00
kssl_lcl.h
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
kssl.c
dead code cleanup: #if 0 in ssl
2015-02-06 10:52:12 -05:00
kssl.h
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
Makefile
RT478: Add uninstall make target
2015-01-12 10:28:05 -05:00
s3_both.c
OPENSSL_NO_XXX cleanup: OPENSSL_NO_BUF_FREELISTS
2015-01-27 16:43:53 -05:00
s3_cbc.c
OPENSSL_NO_xxx cleanup: SHA
2015-01-27 12:34:45 -05:00
s3_clnt.c
ssl/s3_clnt.c: fix intermittent failures.
2015-03-12 08:54:28 +01:00
s3_enc.c
Cleanse buffers
2015-03-11 10:40:44 +00:00
s3_lib.c
Remove ssl_cert_inst()
2015-03-15 12:15:08 +01:00
s3_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
s3_pkt.c
Multiblock corrupted pointer fix
2015-03-19 11:11:02 +00:00
s3_srvr.c
OPENSSL_NO_EC* merge; missed one file
2015-03-15 14:49:15 -04:00
s23_clnt.c
dead code cleanup: #if 0 in ssl
2015-02-06 10:52:12 -05:00
s23_lib.c
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
s23_meth.c
OPENSSL_NO_XXX cleanup: NO_TLS, NO_TLS1
2015-01-27 15:14:12 -05:00
s23_pkt.c
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
s23_srvr.c
dead code cleanup: #if 0 in ssl
2015-02-06 10:52:12 -05:00
srtp.h
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
ssl2.h
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
ssl3.h
Make libssl opaque. Move all structures that were previously protected by
2015-01-31 18:06:45 +00:00
ssl23.h
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
ssl_algs.c
Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
2015-03-11 09:29:37 -04:00
ssl_asn1.c
Fix d2i_SSL_SESSION for DTLS1_BAD_VER
2015-02-27 20:29:03 +00:00
ssl_cert.c
Remove ssl_cert_inst()
2015-03-15 12:15:08 +01:00
ssl_ciph.c
Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
2015-03-11 09:29:37 -04:00
ssl_conf.c
Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
2015-03-11 09:29:37 -04:00
ssl_err2.c
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
ssl_err.c
Remove ssl_cert_inst()
2015-03-15 12:15:08 +01:00
ssl_lib.c
Remove ssl_cert_inst()
2015-03-15 12:15:08 +01:00
ssl_locl.h
Remove ssl_cert_inst()
2015-03-15 12:15:08 +01:00
ssl_rsa.c
Remove ssl_cert_inst()
2015-03-15 12:15:08 +01:00
ssl_sess.c
Add SSL_SESSION_get0_ticket API function.
2015-02-10 22:54:27 +00:00
ssl_stat.c
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
ssl_task.c
Make the libssl opaque changes compile on VMS
2015-01-31 18:07:32 +00:00
ssl_txt.c
Extended master secret extension support.
2015-02-03 14:50:07 +00:00
ssl_utst.c
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
ssl-lib.com
VMS adjustments:
2015-01-30 14:43:57 +01:00
ssl.h
Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
2015-03-11 09:29:37 -04:00
ssltest.c
ssl/s3_clnt.c: fix intermittent failures.
2015-03-12 08:54:28 +01:00
t1_clnt.c
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
t1_enc.c
Add sanity check to PRF
2015-03-17 13:39:53 +00:00
t1_ext.c
Remove support for opaque-prf
2015-01-28 15:37:16 -05:00
t1_lib.c
SSL_check_chain fix
2015-03-12 09:25:32 +00:00
t1_meth.c
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
t1_reneg.c
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
t1_srvr.c
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00
t1_trce.c
dead code cleanup: #if 0 in ssl
2015-02-06 10:52:12 -05:00
tls1.h
Remove experimental 56bit export ciphers
2015-03-01 16:18:16 -05:00
tls_srp.c
Run util/openssl-format-source -v -c .
2015-01-22 09:20:09 +00:00