openssl/ssl
Emilia Kasper 321ba85899 Reject elliptic curve lists of odd lengths.
The Supported Elliptic Curves extension contains a vector of NamedCurves
of 2 bytes each, so the total length must be even. Accepting odd-length
lists was observed to lead to a non-exploitable one-byte out-of-bounds
read in the latest development branches (1.0.2 and master). Released
versions of OpenSSL are not affected.

Thanks to Felix Groebert of the Google Security Team for reporting this issue.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 33d5ba8629)
2014-12-05 16:44:20 +01:00
..
.cvsignore Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
bio_ssl.c OPENSSL_NO_SOCK fixes [from HEAD]. 2012-04-16 17:43:15 +00:00
d1_both.c Remove "#if 0" code 2014-12-03 09:35:25 +00:00
d1_clnt.c Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset 2014-11-20 15:32:08 +01:00
d1_enc.c Add checks to the return value of EVP_Cipher to prevent silent encryption failure. 2014-11-27 21:53:02 +00:00
d1_lib.c Remove incorrect code inadvertently introduced through commit 59669b6ab. 2014-12-04 14:21:50 +00:00
d1_meth.c Let the TLSv1_method() etc. functions return a const SSL_METHOD 2005-08-14 21:48:33 +00:00
d1_pkt.c Add checks to the return value of EVP_Cipher to prevent silent encryption failure. 2014-11-27 21:53:02 +00:00
d1_srtp.c Fix for SRTP Memory Leak 2014-10-15 08:51:49 -04:00
d1_srvr.c Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset 2014-11-20 15:32:08 +01:00
dtls1.h Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) 2014-12-03 09:35:23 +00:00
heartbeat_test.c Add conditional unit testing interface. 2014-07-24 19:43:25 +01:00
install-ssl.com Don't forget to install srtp.h as well 2012-05-10 15:01:22 +00:00
kssl_lcl.h Some fixes for kerberos builds. 2009-04-21 22:20:12 +00:00
kssl.c make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:52:34 +00:00
kssl.h Fix for WIN32 builds with KRB5 2014-02-26 15:33:09 +00:00
Makefile RT3067: simplify patch 2014-09-24 15:52:41 +02:00
s2_clnt.c Add and use a constant-time memcmp. 2013-01-28 17:30:38 +00:00
s2_enc.c Fixed warning in ssl2_enc 2014-11-27 21:53:44 +00:00
s2_lib.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:05:42 +02:00
s2_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s2_pkt.c Check EVP_Cipher return values for SSL2 2014-11-27 21:53:27 +00:00
s2_srvr.c Reduce version skew. 2012-06-08 09:18:47 +00:00
s3_both.c [PR3597] Advance to the next state variant when reusing messages. 2014-11-28 23:31:45 +01:00
s3_cbc.c RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 14:17:41 +02:00
s3_clnt.c Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset 2014-11-20 15:32:08 +01:00
s3_enc.c Add checks to the return value of EVP_Cipher to prevent silent encryption failure. 2014-11-27 21:53:02 +00:00
s3_lib.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:05:42 +02:00
s3_meth.c New option no-ssl3-method which removes SSLv3_*method 2014-11-19 22:57:51 +00:00
s3_pkt.c Add checks to the return value of EVP_Cipher to prevent silent encryption failure. 2014-11-27 21:53:02 +00:00
s3_srvr.c Do not resume a session if the negotiated protocol version does not match 2014-11-20 16:31:42 +01:00
s23_clnt.c Fix no-ssl3 configuration option 2014-10-15 08:51:50 -04:00
s23_lib.c Don't advertise ECC ciphersuits in SSLv2 compatible client hello. 2014-06-27 16:52:05 +01:00
s23_meth.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
s23_pkt.c Reorder inclusion of header files: 2002-07-10 07:01:54 +00:00
s23_srvr.c Keep old method in case of an unsupported protocol 2014-10-21 21:08:14 +02:00
srtp.h Add include of ssl.h which is required by srtp.h 2014-11-27 13:19:23 +00:00
ssl2.h Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN 2011-05-11 12:56:38 +00:00
ssl3.h Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset 2014-11-20 15:32:08 +01:00
ssl23.h Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
ssl_algs.c e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues. 2013-02-02 19:35:09 +01:00
ssl_asn1.c fix coverity issue 966597 - error line is not always initialised 2014-05-08 00:00:08 +01:00
ssl_cert.c Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST 2014-11-27 20:53:58 +00:00
ssl_ciph.c Use more common name for GOST key exchange. 2014-07-14 18:31:54 +01:00
ssl_err2.c Use new-style system-id macros everywhere possible. I hope I haven't 2001-02-20 08:13:47 +00:00
ssl_err.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:05:42 +02:00
ssl_lib.c Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) 2014-12-03 09:35:23 +00:00
ssl_locl.h Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) 2014-12-03 09:35:23 +00:00
ssl_rsa.c Reduce version skew. 2012-06-08 09:18:47 +00:00
ssl_sess.c Tighten session ticket handling 2014-10-28 17:41:49 +01:00
ssl_stat.c Don't disable state strings with no-ssl2 2014-06-28 00:56:42 +01:00
ssl_task.c Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
ssl_txt.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
ssl_utst.c Add conditional unit testing interface. 2014-07-24 19:43:25 +01:00
ssl-lib.com Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces 2014-10-15 10:49:24 +02:00
ssl.h Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) 2014-12-03 09:35:23 +00:00
ssltest.c New option no-ssl3-method which removes SSLv3_*method 2014-11-19 22:57:51 +00:00
t1_clnt.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
t1_enc.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:05:42 +02:00
t1_lib.c Reject elliptic curve lists of odd lengths. 2014-12-05 16:44:20 +01:00
t1_meth.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
t1_reneg.c Update RI to match latest spec. 2009-12-27 22:59:09 +00:00
t1_srvr.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
tls1.h Support TLS_FALLBACK_SCSV. 2014-10-15 04:05:42 +02:00
tls_srp.c Check SRP parameters early. 2014-08-06 20:27:51 +01:00