generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/ssl
History
Dr. Stephen Henson 410e444b71 Fix for CVE-2014-0195 
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Fixed by adding consistency check for DTLS fragments.

Thanks to Jüri Aedla for reporting this issue.
(cherry picked from commit 1632ef744872edc2aa2a53d487d3e79c965a4ad3)
2014-06-05 13:23:05 +01:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_ssl.c
OPENSSL_NO_SOCK fixes.
2012-04-16 17:42:36 +00:00
d1_both.c
Fix for CVE-2014-0195
2014-06-05 13:23:05 +01:00
d1_clnt.c
DTLS/SCTP Finished Auth Bug
2013-11-01 21:41:52 +00:00
d1_enc.c
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
d1_lib.c
Free up s->d1->buffered_app_data.q properly.
2014-06-02 23:55:55 +01:00
d1_meth.c
Dual DTLS version methods.
2013-04-09 14:02:48 +01:00
d1_pkt.c
Added SSLErr call for internal error in dtls1_buffer_record
2014-06-01 21:36:25 +01:00
d1_srtp.c
Submitted by: Eric Rescorla <ekr@rtfm.com>
2012-02-11 22:53:31 +00:00
d1_srvr.c
use SSL_kDHE throughout instead of SSL_kEDH
2014-01-09 15:43:28 +00:00
dtls1.h
Dual DTLS version methods.
2013-04-09 14:02:48 +01:00
heartbeat_test.c
Don't compile heartbeat test code on Windows (for now).
2014-05-31 13:43:02 +01:00
install-ssl.com
Install srtp.h
2012-07-05 13:20:19 +00:00
kssl_lcl.h
Merge from 1.0.0-stable branch.
2009-04-23 16:32:42 +00:00
kssl.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
kssl.h
Fix for WIN32 builds with KRB5
2014-02-26 15:33:11 +00:00
Makefile
Unit/regression test for TLS heartbeats.
2014-05-19 17:39:41 +01:00
s2_clnt.c
Security framework.
2014-03-28 14:56:30 +00:00
s2_enc.c
Experimental encrypt-then-mac support.
2013-09-08 13:14:03 +01:00
s2_lib.c
Add ctrl and utility functions to retrieve raw cipher list sent by client in
2012-09-12 13:57:48 +00:00
s2_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s2_pkt.c
Add and use a constant-time memcmp.
2013-02-06 14:16:55 +00:00
s2_srvr.c
Security framework.
2014-03-28 14:56:30 +00:00
s3_both.c
Security framework.
2014-03-28 14:56:30 +00:00
s3_cbc.c
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
s3_clnt.c
Fix for CVE-2014-0224
2014-06-05 13:22:42 +01:00
s3_enc.c
Experimental encrypt-then-mac support.
2013-09-08 13:14:03 +01:00
s3_lib.c
Security framework.
2014-03-28 14:56:30 +00:00
s3_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s3_pkt.c
Fix for CVE-2014-0224
2014-06-05 13:22:42 +01:00
s3_srvr.c
Fix for CVE-2014-0224
2014-06-05 13:22:42 +01:00
s23_clnt.c
Security framework.
2014-03-28 14:56:30 +00:00
s23_lib.c
Fix warnings.
2010-06-12 14:13:23 +00:00
s23_meth.c
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
2011-04-29 22:56:51 +00:00
s23_pkt.c
Reorder inclusion of header files:
2002-07-10 07:01:54 +00:00
s23_srvr.c
Security framework.
2014-03-28 14:56:30 +00:00
srtp.h
move internal functions to ssl_locl.h
2011-11-21 22:52:13 +00:00
ssl2.h
Initial "opaque SSL" framework. If an application defines
2011-04-29 22:37:12 +00:00
ssl3.h
Fix for CVE-2014-0224
2014-06-05 13:22:42 +01:00
ssl23.h
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
ssl_algs.c
Add AES-SHA256 stitch.
2013-05-13 22:49:58 +02:00
ssl_asn1.c
fix coverity issue 966597 - error line is not always initialised
2014-05-07 23:54:25 +01:00
ssl_cert.c
Fix SSL_CTX_get{first,next}_certificate.
2014-04-21 16:52:28 +01:00
ssl_ciph.c
Set security level in cipher string.
2014-03-28 14:56:43 +00:00
ssl_conf.c
Add -no_resumption_on_reneg to SSL_CONF.
2014-03-27 16:12:40 +00:00
ssl_err2.c
Use new-style system-id macros everywhere possible. I hope I haven't
2001-02-20 08:13:47 +00:00
ssl_err.c
Fixed spelling error in error message. Fix supplied by Marcos Marado
2014-05-01 00:28:00 +01:00
ssl_lib.c
Check sk_SSL_CIPHER_num() after assigning sk.
2014-05-12 22:56:13 +01:00
ssl_locl.h
Security framework.
2014-03-28 14:56:30 +00:00
ssl_rsa.c
Security framework.
2014-03-28 14:56:30 +00:00
ssl_sess.c
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
2013-09-06 13:59:13 +01:00
ssl_stat.c
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
2013-09-06 13:59:13 +01:00
ssl_task.c
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
ssl_txt.c
Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352
2014-05-24 00:02:24 +01:00
ssl-lib.com
Add d1_srtp and t1_trce.
2012-07-05 13:20:02 +00:00
ssl.h
Option to disable padding extension.
2014-06-01 18:15:21 +01:00
ssltest.c
Set security level to zero is ssltest
2014-03-28 14:56:43 +00:00
t1_clnt.c
Use appropriate versions of SSL3_ENC_METHOD
2013-03-18 14:53:59 +00:00
t1_enc.c
Use correct digest when exporting keying material.
2014-05-31 13:43:02 +01:00
t1_lib.c
Check there is enough room for extension.
2014-06-02 23:55:56 +01:00
t1_meth.c
Use appropriate versions of SSL3_ENC_METHOD
2013-03-18 14:53:59 +00:00
t1_reneg.c
Update RI to match latest spec.
2009-12-27 22:58:55 +00:00
t1_srvr.c
Use appropriate versions of SSL3_ENC_METHOD
2013-03-18 14:53:59 +00:00
t1_trce.c
Adding padding extension to trace code.
2014-05-20 11:09:04 +01:00
tls1.h
Set TLS padding extension value.
2014-04-05 20:43:54 +01:00
tls_srp.c
PR: 1794
2011-12-14 22:17:06 +00:00