generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
9346c75cb8
openssl/ssl
History
Dr. Stephen Henson 9346c75cb8 Add custom extension sanity checks. 
Reject attempts to use extensions handled internally.

Add flags to each extension structure to indicate if an extension
has been sent or received. Enforce RFC5246 compliance by rejecting
duplicate extensions and unsolicited extensions and only send a
server extension if we have sent the corresponding client extension.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 28ea0a0c6a)
2014-08-28 18:09:39 +01:00
..
.cvsignore Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
bio_ssl.c OPENSSL_NO_SOCK fixes [from HEAD]. 2012-04-16 17:43:02 +00:00
d1_both.c Remove some duplicate DTLS code. 2014-08-06 20:41:24 +01:00
d1_clnt.c DTLS/SCTP Finished Auth Bug 2013-10-30 14:37:22 +00:00
d1_enc.c Update DTLS code to match CBC decoding in TLS. 2013-02-06 13:56:13 +00:00
d1_lib.c Free up s->d1->buffered_app_data.q properly. 2014-06-02 14:40:05 +01:00
d1_meth.c Dual DTLS version methods. 2013-09-18 13:46:02 +01:00
d1_pkt.c Added SSLErr call for internal error in dtls1_buffer_record 2014-06-01 21:40:31 +01:00
d1_srtp.c Submitted by: Eric Rescorla <ekr@rtfm.com> 2012-02-11 22:53:48 +00:00
d1_srvr.c Fix DTLS certificate requesting code. 2014-07-15 18:23:35 +01:00
dtls1.h Dual DTLS version methods. 2013-09-18 13:46:02 +01:00
heartbeat_test.c Add conditional unit testing interface. 2014-07-24 19:42:26 +01:00
install-ssl.com Don't forget to install srtp.h as well 2012-05-10 15:01:26 +00:00
kssl_lcl.h Some fixes for kerberos builds. 2009-04-21 22:20:12 +00:00
kssl.c make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:52:34 +00:00
kssl.h Fix for WIN32 builds with KRB5 2014-02-26 15:33:10 +00:00
Makefile Custom extension revision. 2014-08-28 18:09:05 +01:00
s2_clnt.c Add and use a constant-time memcmp. 2013-02-06 13:56:12 +00:00
s2_enc.c Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. 2007-06-04 17:04:40 +00:00
s2_lib.c Update strength_bits for 3DES. 2014-06-09 12:09:51 +01:00
s2_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s2_pkt.c Add and use a constant-time memcmp. 2013-02-06 13:56:12 +00:00
s2_srvr.c Reduce version skew: trivia (I hope). 2012-06-03 22:03:37 +00:00
s3_both.c Add fix for CVE-2013-4353 2014-01-07 15:41:11 +00:00
s3_cbc.c Constant-time utilities 2014-08-28 16:26:01 +02:00
s3_clnt.c Fixed out-of-bounds read errors in ssl3_get_key_exchange. 2014-08-15 23:28:52 +01:00
s3_enc.c Fixed incorrect return code handling in ssl3_final_finish_mac. 2014-06-13 15:50:58 +01:00
s3_lib.c Fix SRP authentication ciphersuites. 2014-08-09 00:09:14 +01:00
s3_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s3_pkt.c RT3060: Limit the number of empty records. 2014-08-22 15:36:06 +02:00
s3_srvr.c Fix SRP authentication ciphersuites. 2014-08-09 00:09:14 +01:00
s23_clnt.c Custom extension revision. 2014-08-28 18:09:05 +01:00
s23_lib.c Don't advertise ECC ciphersuits in SSLv2 compatible client hello. 2014-06-27 16:52:00 +01:00
s23_meth.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
s23_pkt.c Reorder inclusion of header files: 2002-07-10 07:01:54 +00:00
s23_srvr.c Fix protocol downgrade bug in case of fragmented packets 2014-08-06 20:41:24 +01:00
srtp.h RT2724: Remove extra declaration 2014-08-26 16:55:54 -04:00
ssl2.h Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN 2011-05-11 12:56:38 +00:00
ssl3.h Remove all RFC5878 code. 2014-07-04 13:42:05 +01:00
ssl23.h Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
ssl_algs.c Add AES-NI+SHA256 stitch registrations (from master). 2014-02-02 00:05:02 +01:00
ssl_asn1.c fix coverity issue 966597 - error line is not always initialised 2014-05-07 23:57:00 +01:00
ssl_cert.c Custom extension revision. 2014-08-28 18:09:05 +01:00
ssl_ciph.c Use more common name for GOST key exchange. 2014-07-14 18:31:55 +01:00
ssl_conf.c Add -no_resumption_on_reneg to SSL_CONF. 2014-03-27 15:51:25 +00:00
ssl_err2.c Use new-style system-id macros everywhere possible. I hope I haven't 2001-02-20 08:13:47 +00:00
ssl_err.c Check SRP parameters early. 2014-08-06 20:41:53 +01:00
ssl_lib.c Custom extension revision. 2014-08-28 18:09:05 +01:00
ssl_locl.h Add custom extension sanity checks. 2014-08-28 18:09:39 +01:00
ssl_rsa.c Fix whitespace, new-style comments. 2014-02-08 16:19:30 -08:00
ssl_sess.c Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) 2014-02-08 16:12:15 -08:00
ssl_stat.c Remove all RFC5878 code. 2014-07-04 13:42:05 +01:00
ssl_task.c Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
ssl_txt.c Provisional DTLS 1.2 support. 2013-09-18 13:46:02 +01:00
ssl_utst.c Add conditional unit testing interface. 2014-07-24 19:42:26 +01:00
ssl-lib.com Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces 2014-06-16 13:25:16 +02:00
ssl.h Add custom extension sanity checks. 2014-08-28 18:09:39 +01:00
ssltest.c Remove all RFC5878 code. 2014-07-04 13:42:05 +01:00
t1_clnt.c Use appropriate versions of SSL3_ENC_METHOD 2013-09-18 13:46:02 +01:00
t1_enc.c Fix compilation with -DSSL_DEBUG -DTLS_DEBUG -DKSSL_DEBUG 2014-06-28 00:41:31 +01:00
t1_ext.c Add custom extension sanity checks. 2014-08-28 18:09:39 +01:00
t1_lib.c Add custom extension sanity checks. 2014-08-28 18:09:39 +01:00
t1_meth.c Use appropriate versions of SSL3_ENC_METHOD 2013-09-18 13:46:02 +01:00
t1_reneg.c Update RI to match latest spec. 2009-12-27 22:59:09 +00:00
t1_srvr.c Use appropriate versions of SSL3_ENC_METHOD 2013-09-18 13:46:02 +01:00
t1_trce.c Adding padding extension to trace code. 2014-05-20 11:22:15 +01:00
tls1.h Remove all RFC5878 code. 2014-07-04 13:42:05 +01:00
tls_srp.c Check SRP parameters early. 2014-08-06 20:41:53 +01:00