generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/ssl
History
Dr. Stephen Henson a91be10833 Fix for CVE-2014-0224 
Only accept change cipher spec when it is expected instead of at any
time. This prevents premature setting of session keys before the master
secret is determined which an attacker could use as a MITM attack.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
and providing the initial fix this patch is based on.
(cherry picked from commit bc8923b1ec9c467755cd86f7848c50ee8812e441)
2014-06-05 13:22:42 +01:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_ssl.c
OPENSSL_NO_SOCK fixes.
2012-04-16 17:42:36 +00:00
d1_both.c
Fix CVE-2014-0221
2014-06-05 13:22:03 +01:00
d1_clnt.c
DTLS/SCTP Finished Auth Bug
2013-11-01 21:41:52 +00:00
d1_enc.c
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
d1_lib.c
Free up s->d1->buffered_app_data.q properly.
2014-06-02 23:55:55 +01:00
d1_meth.c
Dual DTLS version methods.
2013-04-09 14:02:48 +01:00
d1_pkt.c
Added SSLErr call for internal error in dtls1_buffer_record
2014-06-01 21:36:25 +01:00
d1_srtp.c
Submitted by: Eric Rescorla <ekr@rtfm.com>
2012-02-11 22:53:31 +00:00
d1_srvr.c
use SSL_kDHE throughout instead of SSL_kEDH
2014-01-09 15:43:28 +00:00
dtls1.h
Dual DTLS version methods.
2013-04-09 14:02:48 +01:00
heartbeat_test.c
Don't compile heartbeat test code on Windows (for now).
2014-05-31 13:43:02 +01:00
install-ssl.com
Install srtp.h
2012-07-05 13:20:19 +00:00
kssl_lcl.h
Merge from 1.0.0-stable branch.
2009-04-23 16:32:42 +00:00
kssl.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
kssl.h
Fix for WIN32 builds with KRB5
2014-02-26 15:33:11 +00:00
Makefile
Unit/regression test for TLS heartbeats.
2014-05-19 17:39:41 +01:00
s2_clnt.c
Security framework.
2014-03-28 14:56:30 +00:00
s2_enc.c
Experimental encrypt-then-mac support.
2013-09-08 13:14:03 +01:00
s2_lib.c
Add ctrl and utility functions to retrieve raw cipher list sent by client in
2012-09-12 13:57:48 +00:00
s2_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s2_pkt.c
Add and use a constant-time memcmp.
2013-02-06 14:16:55 +00:00
s2_srvr.c
Security framework.
2014-03-28 14:56:30 +00:00
s3_both.c
Security framework.
2014-03-28 14:56:30 +00:00
s3_cbc.c
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
s3_clnt.c
Fix for CVE-2014-0224
2014-06-05 13:22:42 +01:00
s3_enc.c
Experimental encrypt-then-mac support.
2013-09-08 13:14:03 +01:00
s3_lib.c
Security framework.
2014-03-28 14:56:30 +00:00
s3_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s3_pkt.c
Fix for CVE-2014-0224
2014-06-05 13:22:42 +01:00
s3_srvr.c
Fix for CVE-2014-0224
2014-06-05 13:22:42 +01:00
s23_clnt.c
Security framework.
2014-03-28 14:56:30 +00:00
s23_lib.c
Fix warnings.
2010-06-12 14:13:23 +00:00
s23_meth.c
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
2011-04-29 22:56:51 +00:00
s23_pkt.c
Reorder inclusion of header files:
2002-07-10 07:01:54 +00:00
s23_srvr.c
Security framework.
2014-03-28 14:56:30 +00:00
srtp.h
move internal functions to ssl_locl.h
2011-11-21 22:52:13 +00:00
ssl2.h
Initial "opaque SSL" framework. If an application defines
2011-04-29 22:37:12 +00:00
ssl3.h
Fix for CVE-2014-0224
2014-06-05 13:22:42 +01:00
ssl23.h
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
ssl_algs.c
Add AES-SHA256 stitch.
2013-05-13 22:49:58 +02:00
ssl_asn1.c
fix coverity issue 966597 - error line is not always initialised
2014-05-07 23:54:25 +01:00
ssl_cert.c
Fix SSL_CTX_get{first,next}_certificate.
2014-04-21 16:52:28 +01:00
ssl_ciph.c
Set security level in cipher string.
2014-03-28 14:56:43 +00:00
ssl_conf.c
Add -no_resumption_on_reneg to SSL_CONF.
2014-03-27 16:12:40 +00:00
ssl_err2.c
Use new-style system-id macros everywhere possible. I hope I haven't
2001-02-20 08:13:47 +00:00
ssl_err.c
Fixed spelling error in error message. Fix supplied by Marcos Marado
2014-05-01 00:28:00 +01:00
ssl_lib.c
Check sk_SSL_CIPHER_num() after assigning sk.
2014-05-12 22:56:13 +01:00
ssl_locl.h
Security framework.
2014-03-28 14:56:30 +00:00
ssl_rsa.c
Security framework.
2014-03-28 14:56:30 +00:00
ssl_sess.c
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
2013-09-06 13:59:13 +01:00
ssl_stat.c
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
2013-09-06 13:59:13 +01:00
ssl_task.c
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
ssl_txt.c
Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352
2014-05-24 00:02:24 +01:00
ssl-lib.com
Add d1_srtp and t1_trce.
2012-07-05 13:20:02 +00:00
ssl.h
Option to disable padding extension.
2014-06-01 18:15:21 +01:00
ssltest.c
Set security level to zero is ssltest
2014-03-28 14:56:43 +00:00
t1_clnt.c
Use appropriate versions of SSL3_ENC_METHOD
2013-03-18 14:53:59 +00:00
t1_enc.c
Use correct digest when exporting keying material.
2014-05-31 13:43:02 +01:00
t1_lib.c
Check there is enough room for extension.
2014-06-02 23:55:56 +01:00
t1_meth.c
Use appropriate versions of SSL3_ENC_METHOD
2013-03-18 14:53:59 +00:00
t1_reneg.c
Update RI to match latest spec.
2009-12-27 22:58:55 +00:00
t1_srvr.c
Use appropriate versions of SSL3_ENC_METHOD
2013-03-18 14:53:59 +00:00
t1_trce.c
Adding padding extension to trace code.
2014-05-20 11:09:04 +01:00
tls1.h
Set TLS padding extension value.
2014-04-05 20:43:54 +01:00
tls_srp.c
PR: 1794
2011-12-14 22:17:06 +00:00