generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
a91be10833
openssl/ssl
History
Dr. Stephen Henson a91be10833 Fix for CVE-2014-0224 
Only accept change cipher spec when it is expected instead of at any
time. This prevents premature setting of session keys before the master
secret is determined which an attacker could use as a MITM attack.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
and providing the initial fix this patch is based on.
(cherry picked from commit bc8923b1ec)
2014-06-05 13:22:42 +01:00
..
.cvsignore Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
bio_ssl.c OPENSSL_NO_SOCK fixes. 2012-04-16 17:42:36 +00:00
d1_both.c Fix CVE-2014-0221 2014-06-05 13:22:03 +01:00
d1_clnt.c DTLS/SCTP Finished Auth Bug 2013-11-01 21:41:52 +00:00
d1_enc.c misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
d1_lib.c Free up s->d1->buffered_app_data.q properly. 2014-06-02 23:55:55 +01:00
d1_meth.c Dual DTLS version methods. 2013-04-09 14:02:48 +01:00
d1_pkt.c Added SSLErr call for internal error in dtls1_buffer_record 2014-06-01 21:36:25 +01:00
d1_srtp.c Submitted by: Eric Rescorla <ekr@rtfm.com> 2012-02-11 22:53:31 +00:00
d1_srvr.c use SSL_kDHE throughout instead of SSL_kEDH 2014-01-09 15:43:28 +00:00
dtls1.h Dual DTLS version methods. 2013-04-09 14:02:48 +01:00
heartbeat_test.c Don't compile heartbeat test code on Windows (for now). 2014-05-31 13:43:02 +01:00
install-ssl.com Install srtp.h 2012-07-05 13:20:19 +00:00
kssl_lcl.h Merge from 1.0.0-stable branch. 2009-04-23 16:32:42 +00:00
kssl.c Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
kssl.h Fix for WIN32 builds with KRB5 2014-02-26 15:33:11 +00:00
Makefile Unit/regression test for TLS heartbeats. 2014-05-19 17:39:41 +01:00
s2_clnt.c Security framework. 2014-03-28 14:56:30 +00:00
s2_enc.c Experimental encrypt-then-mac support. 2013-09-08 13:14:03 +01:00
s2_lib.c Add ctrl and utility functions to retrieve raw cipher list sent by client in 2012-09-12 13:57:48 +00:00
s2_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s2_pkt.c Add and use a constant-time memcmp. 2013-02-06 14:16:55 +00:00
s2_srvr.c Security framework. 2014-03-28 14:56:30 +00:00
s3_both.c Security framework. 2014-03-28 14:56:30 +00:00
s3_cbc.c misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
s3_clnt.c Fix for CVE-2014-0224 2014-06-05 13:22:42 +01:00
s3_enc.c Experimental encrypt-then-mac support. 2013-09-08 13:14:03 +01:00
s3_lib.c Security framework. 2014-03-28 14:56:30 +00:00
s3_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s3_pkt.c Fix for CVE-2014-0224 2014-06-05 13:22:42 +01:00
s3_srvr.c Fix for CVE-2014-0224 2014-06-05 13:22:42 +01:00
s23_clnt.c Security framework. 2014-03-28 14:56:30 +00:00
s23_lib.c Fix warnings. 2010-06-12 14:13:23 +00:00
s23_meth.c Initial incomplete TLS v1.2 support. New ciphersuites added, new version 2011-04-29 22:56:51 +00:00
s23_pkt.c Reorder inclusion of header files: 2002-07-10 07:01:54 +00:00
s23_srvr.c Security framework. 2014-03-28 14:56:30 +00:00
srtp.h move internal functions to ssl_locl.h 2011-11-21 22:52:13 +00:00
ssl2.h Initial "opaque SSL" framework. If an application defines 2011-04-29 22:37:12 +00:00
ssl3.h Fix for CVE-2014-0224 2014-06-05 13:22:42 +01:00
ssl23.h Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
ssl_algs.c Add AES-SHA256 stitch. 2013-05-13 22:49:58 +02:00
ssl_asn1.c fix coverity issue 966597 - error line is not always initialised 2014-05-07 23:54:25 +01:00
ssl_cert.c Fix SSL_CTX_get{first,next}_certificate. 2014-04-21 16:52:28 +01:00
ssl_ciph.c Set security level in cipher string. 2014-03-28 14:56:43 +00:00
ssl_conf.c Add -no_resumption_on_reneg to SSL_CONF. 2014-03-27 16:12:40 +00:00
ssl_err2.c Use new-style system-id macros everywhere possible. I hope I haven't 2001-02-20 08:13:47 +00:00
ssl_err.c Fixed spelling error in error message. Fix supplied by Marcos Marado 2014-05-01 00:28:00 +01:00
ssl_lib.c Check sk_SSL_CIPHER_num() after assigning sk. 2014-05-12 22:56:13 +01:00
ssl_locl.h Security framework. 2014-03-28 14:56:30 +00:00
ssl_rsa.c Security framework. 2014-03-28 14:56:30 +00:00
ssl_sess.c Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) 2013-09-06 13:59:13 +01:00
ssl_stat.c Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) 2013-09-06 13:59:13 +01:00
ssl_task.c Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
ssl_txt.c Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352 2014-05-24 00:02:24 +01:00
ssl-lib.com Add d1_srtp and t1_trce. 2012-07-05 13:20:02 +00:00
ssl.h Option to disable padding extension. 2014-06-01 18:15:21 +01:00
ssltest.c Set security level to zero is ssltest 2014-03-28 14:56:43 +00:00
t1_clnt.c Use appropriate versions of SSL3_ENC_METHOD 2013-03-18 14:53:59 +00:00
t1_enc.c Use correct digest when exporting keying material. 2014-05-31 13:43:02 +01:00
t1_lib.c Check there is enough room for extension. 2014-06-02 23:55:56 +01:00
t1_meth.c Use appropriate versions of SSL3_ENC_METHOD 2013-03-18 14:53:59 +00:00
t1_reneg.c Update RI to match latest spec. 2009-12-27 22:58:55 +00:00
t1_srvr.c Use appropriate versions of SSL3_ENC_METHOD 2013-03-18 14:53:59 +00:00
t1_trce.c Adding padding extension to trace code. 2014-05-20 11:09:04 +01:00
tls1.h Set TLS padding extension value. 2014-04-05 20:43:54 +01:00
tls_srp.c PR: 1794 2011-12-14 22:17:06 +00:00