openssl/ssl at c30465847b1e493f43a53c6b0d000b1101e40384 - openssl - Atria-soft GIT

generic-library/openssl

History

Emilia Kasper 1a08063abf Fix reachable assert in SSLv2 servers.

This assert is reachable for servers that support SSLv2 and export ciphers.
Therefore, such servers can be DoSed by sending a specially crafted
SSLv2 CLIENT-MASTER-KEY.

Also fix s2_srvr.c to error out early if the key lengths are malformed.
These lengths are sent unencrypted, so this does not introduce an oracle.

CVE-2015-0293

This issue was discovered by Sean Burford (Google) and Emilia Käsper of
the OpenSSL development team.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

2015-03-19 13:00:11 +00:00

..

.cvsignore

Add emacs cache files to .cvsignore.

2005-04-11 14:17:07 +00:00

bio_ssl.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

d1_both.c

Re-align some comments after running the reformat script.

2015-01-22 09:46:52 +00:00

d1_clnt.c

Re-align some comments after running the reformat script.

2015-01-22 09:46:52 +00:00

d1_enc.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

d1_lib.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

d1_meth.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

d1_pkt.c

Re-align some comments after running the reformat script.

2015-01-22 09:46:52 +00:00

d1_srvr.c

Rerun util/openssl-format-source -v -c .

2015-01-22 09:46:26 +00:00

dtls1.h

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

install-ssl.com

Apply all the changes submitted by Steven M. Schweda <sms@antinode.info>

2011-03-19 09:44:53 +00:00

kssl_lcl.h

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

kssl.c

Re-align some comments after running the reformat script.

2015-01-22 09:46:52 +00:00

kssl.h

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

Makefile

RT3067: simplify patch

2014-09-24 15:58:20 +02:00

s2_clnt.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

s2_enc.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

s2_lib.c

Fix reachable assert in SSLv2 servers.

2015-03-19 13:00:11 +00:00

s2_meth.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

s2_pkt.c

Re-align some comments after running the reformat script.

2015-01-22 09:46:52 +00:00

s2_srvr.c

Fix reachable assert in SSLv2 servers.

2015-03-19 13:00:11 +00:00

s3_both.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

s3_cbc.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

s3_clnt.c

Re-align some comments after running the reformat script.

2015-01-22 09:46:52 +00:00

s3_enc.c

Cleanse buffers

2015-03-11 10:54:35 +00:00

s3_lib.c

Rerun util/openssl-format-source -v -c .

2015-01-22 09:46:26 +00:00

s3_meth.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

s3_pkt.c

Re-align some comments after running the reformat script.

2015-01-22 09:46:52 +00:00

s3_srvr.c

Re-align some comments after running the reformat script.

2015-01-22 09:46:52 +00:00

s23_clnt.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

s23_lib.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

s23_meth.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

s23_pkt.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

s23_srvr.c

Re-align some comments after running the reformat script.

2015-01-22 09:46:52 +00:00

ssl2.h

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

ssl3.h

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

ssl23.h

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

ssl_algs.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

ssl_asn1.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

ssl_cert.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

ssl_ciph.c

Remove export ciphers from the DEFAULT cipher list

2015-03-07 23:12:32 +01:00

ssl_err2.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

ssl_err.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

ssl_lib.c

Re-align some comments after running the reformat script.

2015-01-22 09:46:52 +00:00

ssl_locl.h

fix warning

2015-03-08 22:44:10 +00:00

ssl_rsa.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

ssl_sess.c

Rerun util/openssl-format-source -v -c .

2015-01-22 09:46:26 +00:00

ssl_stat.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

ssl_task.c

Re-align some comments after running the reformat script.

2015-01-22 09:46:52 +00:00

ssl_txt.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

ssl-lib.com

Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces

2014-10-15 11:32:17 +02:00

ssl.h

Remove export ciphers from the DEFAULT cipher list

2015-03-07 23:12:32 +01:00

ssltest.c

Fix error handling in ssltest

2015-02-06 10:12:43 +00:00

t1_clnt.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

t1_enc.c

Cleanse buffers

2015-03-11 10:54:35 +00:00

t1_lib.c

Re-align some comments after running the reformat script.

2015-01-22 09:46:52 +00:00

t1_meth.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

t1_reneg.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

t1_srvr.c

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00

tls1.h

Run util/openssl-format-source -v -c .

2015-01-22 09:46:18 +00:00