generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/ssl
History
Dr. Stephen Henson 9346c75cb8 Add custom extension sanity checks. 
Reject attempts to use extensions handled internally.

Add flags to each extension structure to indicate if an extension
has been sent or received. Enforce RFC5246 compliance by rejecting
duplicate extensions and unsolicited extensions and only send a
server extension if we have sent the corresponding client extension.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 28ea0a0c6a5e4e217c405340fa22a8503c7a17db)
2014-08-28 18:09:39 +01:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_ssl.c
OPENSSL_NO_SOCK fixes [from HEAD].
2012-04-16 17:43:02 +00:00
d1_both.c
Remove some duplicate DTLS code.
2014-08-06 20:41:24 +01:00
d1_clnt.c
DTLS/SCTP Finished Auth Bug
2013-10-30 14:37:22 +00:00
d1_enc.c
Update DTLS code to match CBC decoding in TLS.
2013-02-06 13:56:13 +00:00
d1_lib.c
Free up s->d1->buffered_app_data.q properly.
2014-06-02 14:40:05 +01:00
d1_meth.c
Dual DTLS version methods.
2013-09-18 13:46:02 +01:00
d1_pkt.c
Added SSLErr call for internal error in dtls1_buffer_record
2014-06-01 21:40:31 +01:00
d1_srtp.c
Submitted by: Eric Rescorla <ekr@rtfm.com>
2012-02-11 22:53:48 +00:00
d1_srvr.c
Fix DTLS certificate requesting code.
2014-07-15 18:23:35 +01:00
dtls1.h
Dual DTLS version methods.
2013-09-18 13:46:02 +01:00
heartbeat_test.c
Add conditional unit testing interface.
2014-07-24 19:42:26 +01:00
install-ssl.com
Don't forget to install srtp.h as well
2012-05-10 15:01:26 +00:00
kssl_lcl.h
Some fixes for kerberos builds.
2009-04-21 22:20:12 +00:00
kssl.c
make kerberos work with OPENSSL_NO_SSL_INTERN
2011-05-11 22:52:34 +00:00
kssl.h
Fix for WIN32 builds with KRB5
2014-02-26 15:33:10 +00:00
Makefile
Custom extension revision.
2014-08-28 18:09:05 +01:00
s2_clnt.c
Add and use a constant-time memcmp.
2013-02-06 13:56:12 +00:00
s2_enc.c
Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.
2007-06-04 17:04:40 +00:00
s2_lib.c
Update strength_bits for 3DES.
2014-06-09 12:09:51 +01:00
s2_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s2_pkt.c
Add and use a constant-time memcmp.
2013-02-06 13:56:12 +00:00
s2_srvr.c
Reduce version skew: trivia (I hope).
2012-06-03 22:03:37 +00:00
s3_both.c
Add fix for CVE-2013-4353
2014-01-07 15:41:11 +00:00
s3_cbc.c
Constant-time utilities
2014-08-28 16:26:01 +02:00
s3_clnt.c
Fixed out-of-bounds read errors in ssl3_get_key_exchange.
2014-08-15 23:28:52 +01:00
s3_enc.c
Fixed incorrect return code handling in ssl3_final_finish_mac.
2014-06-13 15:50:58 +01:00
s3_lib.c
Fix SRP authentication ciphersuites.
2014-08-09 00:09:14 +01:00
s3_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s3_pkt.c
RT3060: Limit the number of empty records.
2014-08-22 15:36:06 +02:00
s3_srvr.c
Fix SRP authentication ciphersuites.
2014-08-09 00:09:14 +01:00
s23_clnt.c
Custom extension revision.
2014-08-28 18:09:05 +01:00
s23_lib.c
Don't advertise ECC ciphersuits in SSLv2 compatible client hello.
2014-06-27 16:52:00 +01:00
s23_meth.c
Backport TLS v1.2 support from HEAD.
2011-05-11 13:37:52 +00:00
s23_pkt.c
Reorder inclusion of header files:
2002-07-10 07:01:54 +00:00
s23_srvr.c
Fix protocol downgrade bug in case of fragmented packets
2014-08-06 20:41:24 +01:00
srtp.h
RT2724: Remove extra declaration
2014-08-26 16:55:54 -04:00
ssl2.h
Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN
2011-05-11 12:56:38 +00:00
ssl3.h
Remove all RFC5878 code.
2014-07-04 13:42:05 +01:00
ssl23.h
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
ssl_algs.c
Add AES-NI+SHA256 stitch registrations (from master).
2014-02-02 00:05:02 +01:00
ssl_asn1.c
fix coverity issue 966597 - error line is not always initialised
2014-05-07 23:57:00 +01:00
ssl_cert.c
Custom extension revision.
2014-08-28 18:09:05 +01:00
ssl_ciph.c
Use more common name for GOST key exchange.
2014-07-14 18:31:55 +01:00
ssl_conf.c
Add -no_resumption_on_reneg to SSL_CONF.
2014-03-27 15:51:25 +00:00
ssl_err2.c
Use new-style system-id macros everywhere possible. I hope I haven't
2001-02-20 08:13:47 +00:00
ssl_err.c
Check SRP parameters early.
2014-08-06 20:41:53 +01:00
ssl_lib.c
Custom extension revision.
2014-08-28 18:09:05 +01:00
ssl_locl.h
Add custom extension sanity checks.
2014-08-28 18:09:39 +01:00
ssl_rsa.c
Fix whitespace, new-style comments.
2014-02-08 16:19:30 -08:00
ssl_sess.c
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
2014-02-08 16:12:15 -08:00
ssl_stat.c
Remove all RFC5878 code.
2014-07-04 13:42:05 +01:00
ssl_task.c
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
ssl_txt.c
Provisional DTLS 1.2 support.
2013-09-18 13:46:02 +01:00
ssl_utst.c
Add conditional unit testing interface.
2014-07-24 19:42:26 +01:00
ssl-lib.com
Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces
2014-06-16 13:25:16 +02:00
ssl.h
Add custom extension sanity checks.
2014-08-28 18:09:39 +01:00
ssltest.c
Remove all RFC5878 code.
2014-07-04 13:42:05 +01:00
t1_clnt.c
Use appropriate versions of SSL3_ENC_METHOD
2013-09-18 13:46:02 +01:00
t1_enc.c
Fix compilation with -DSSL_DEBUG -DTLS_DEBUG -DKSSL_DEBUG
2014-06-28 00:41:31 +01:00
t1_ext.c
Add custom extension sanity checks.
2014-08-28 18:09:39 +01:00
t1_lib.c
Add custom extension sanity checks.
2014-08-28 18:09:39 +01:00
t1_meth.c
Use appropriate versions of SSL3_ENC_METHOD
2013-09-18 13:46:02 +01:00
t1_reneg.c
Update RI to match latest spec.
2009-12-27 22:59:09 +00:00
t1_srvr.c
Use appropriate versions of SSL3_ENC_METHOD
2013-09-18 13:46:02 +01:00
t1_trce.c
Adding padding extension to trace code.
2014-05-20 11:22:15 +01:00
tls1.h
Remove all RFC5878 code.
2014-07-04 13:42:05 +01:00
tls_srp.c
Check SRP parameters early.
2014-08-06 20:41:53 +01:00