generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/ssl
History
Mark J. Cox 2c0fa03dc6 Fix flaw if 'Server Key exchange message' is omitted from a TLS 
handshake which could lead to a cilent crash as found using the
Codenomicon TLS test suite (CVE-2008-1672)

Reviewed by: openssl-security@openssl.org

Obtained from: mark@awe.com
2008-05-28 07:29:27 +00:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_ssl.c
Fix various incorrect error function codes.
2005-04-26 18:53:22 +00:00
d1_both.c
Don't let DTLS ChangeCipherSpec increment handshake sequence number. From
2007-10-17 21:17:49 +00:00
d1_clnt.c
DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. From HEAD with a
2007-09-30 19:36:32 +00:00
d1_enc.c
backport recent changes from the cvs head
2006-02-08 19:16:33 +00:00
d1_lib.c
Prohibit RC4 in DTLS [from HEAD].
2007-10-05 21:05:27 +00:00
d1_meth.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
d1_pkt.c
Don't let DTLS ChangeCipherSpec increment handshake sequence number. From
2007-10-17 21:17:49 +00:00
d1_srvr.c
Respect cookie length set by app_gen_cookie_cb [from HEAD].
2007-10-09 19:31:53 +00:00
dtls1.h
Oops! This was erroneously left out commit #16633.
2007-10-01 06:28:48 +00:00
install.com
Synchronise more with the Unix build
2005-05-31 20:28:55 +00:00
kssl_lcl.h
To avoid commit wars over dependencies, let's make it so things that
2001-10-10 07:55:02 +00:00
kssl.c
Avoid "initializer not constant" errors when compiling in pedantic mode.
2008-04-02 11:15:05 +00:00
kssl.h
Make kerberos ciphersuite code work with newer header files
2005-04-09 23:55:55 +00:00
Makefile
Make depend.
2007-11-15 13:32:53 +00:00
s2_clnt.c
gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.
2007-09-06 12:43:54 +00:00
s2_enc.c
ensure that the EVP_CIPHER_CTX object is initialized
2007-02-16 20:40:07 +00:00
s2_lib.c
Update from HEAD.
2007-01-21 16:07:25 +00:00
s2_meth.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
s2_pkt.c
Avoid including cryptlib.h, it's not really needed.
2003-12-27 16:10:30 +00:00
s2_srvr.c
gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.
2007-09-06 12:43:54 +00:00
s3_both.c
Add DTLS support.
2005-04-26 16:02:40 +00:00
s3_clnt.c
Fix flaw if 'Server Key exchange message' is omitted from a TLS
2008-05-28 07:29:27 +00:00
s3_enc.c
ensure that the EVP_CIPHER_CTX object is initialized
2007-02-16 20:40:07 +00:00
s3_lib.c
TLS ticket key setting callback: this allows and application to set
2008-04-30 16:11:33 +00:00
s3_meth.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
s3_pkt.c
fix support for receiving fragmented handshake messages
2006-11-29 14:45:14 +00:00
s3_srvr.c
TLS ticket key setting callback: this allows and application to set
2008-04-30 16:11:33 +00:00
s23_clnt.c
Backport certificate status request TLS extension support to 0.9.8.
2007-10-12 00:00:36 +00:00
s23_lib.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
s23_meth.c
make "./configure no-ssl2" work again
2006-01-15 16:57:01 +00:00
s23_pkt.c
Reorder inclusion of header files:
2002-07-10 07:01:54 +00:00
s23_srvr.c
fix support for receiving fragmented handshake messages
2006-11-29 14:45:14 +00:00
ssl2.h
Implement msg_callback for SSL 2.0.
2001-11-10 01:16:28 +00:00
ssl3.h
Backport certificate status request TLS extension support to 0.9.8.
2007-10-12 00:00:36 +00:00
ssl23.h
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
ssl_algs.c
Add SEED encryption algorithm.
2007-04-23 23:50:26 +00:00
ssl_asn1.c
Allow TLS tickets and session ID to both be present if lifetime hint is -1.
2007-10-17 11:27:25 +00:00
ssl_cert.c
gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.
2007-09-06 12:43:54 +00:00
ssl_ciph.c
gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL.
2007-09-06 12:43:54 +00:00
ssl_err2.c
Use new-style system-id macros everywhere possible. I hope I haven't
2001-02-20 08:13:47 +00:00
ssl_err.c
Backport certificate status request TLS extension support to 0.9.8.
2007-10-12 00:00:36 +00:00
ssl_lib.c
Backport certificate status request TLS extension support to 0.9.8.
2007-10-12 00:00:36 +00:00
ssl_locl.h
Backport certificate status request TLS extension support to 0.9.8.
2007-10-12 00:00:36 +00:00
ssl_rsa.c
Reword comment to be much shorter to stop other people from complaining
2008-05-26 06:21:10 +00:00
ssl_sess.c
Don't try to lookup zero length session.
2007-10-17 17:30:15 +00:00
ssl_stat.c
Status strings for ticket states.
2008-04-29 16:38:26 +00:00
ssl_task.c
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
ssl_txt.c
Backport of TLS extension code to OpenSSL 0.9.8.
2007-08-12 18:59:03 +00:00
ssl-lib.com
Synchronise more with the Unix build
2005-05-31 20:28:55 +00:00
ssl.h
TLS ticket key setting callback: this allows and application to set
2008-04-30 16:11:33 +00:00
ssltest.c
fix no-dh configure option; patch supplied by Peter Meerwald
2006-02-24 17:58:35 +00:00
t1_clnt.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
t1_enc.c
Make DTLS1 record layer MAC calculation RFC compliant. From HEAD with a
2007-10-09 19:22:01 +00:00
t1_lib.c
Fix double-free in TLS server name extensions which could lead to a remote
2008-05-28 07:26:33 +00:00
t1_meth.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
t1_srvr.c
Initialize SSL_METHOD structures at compile time. This removes the need
2005-08-05 23:52:08 +00:00
tls1.h
TLS ticket key setting callback: this allows and application to set
2008-04-30 16:11:33 +00:00