generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
d64b6c980c
openssl/ssl
History
Matt Caswell d64b6c980c Fix for SRTP Memory Leak 
CVE-2014-3513

This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-15 08:54:26 -04:00
..
.cvsignore Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
bio_ssl.c OPENSSL_NO_SOCK fixes [from HEAD]. 2012-04-16 17:43:02 +00:00
d1_both.c RT3301: Discard too-long heartbeat requests 2014-09-08 11:23:02 -04:00
d1_clnt.c DTLS/SCTP Finished Auth Bug 2013-10-30 14:37:22 +00:00
d1_enc.c Update DTLS code to match CBC decoding in TLS. 2013-02-06 13:56:13 +00:00
d1_lib.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
d1_meth.c Dual DTLS version methods. 2013-09-18 13:46:02 +01:00
d1_pkt.c Added SSLErr call for internal error in dtls1_buffer_record 2014-06-01 21:40:31 +01:00
d1_srtp.c Fix for SRTP Memory Leak 2014-10-15 08:54:26 -04:00
d1_srvr.c Fix DTLS certificate requesting code. 2014-07-15 18:23:35 +01:00
dtls1.h Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
heartbeat_test.c Add conditional unit testing interface. 2014-07-24 19:42:26 +01:00
install-ssl.com Don't forget to install srtp.h as well 2012-05-10 15:01:26 +00:00
kssl_lcl.h Some fixes for kerberos builds. 2009-04-21 22:20:12 +00:00
kssl.c make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:52:34 +00:00
kssl.h Fix for WIN32 builds with KRB5 2014-02-26 15:33:10 +00:00
Makefile RT3067: simplify patch 2014-09-24 15:54:51 +02:00
s2_clnt.c RT2842: Remove spurious close-comment marker. 2014-09-08 10:50:33 -04:00
s2_enc.c Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. 2007-06-04 17:04:40 +00:00
s2_lib.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
s2_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s2_pkt.c Add and use a constant-time memcmp. 2013-02-06 13:56:12 +00:00
s2_srvr.c Reduce version skew: trivia (I hope). 2012-06-03 22:03:37 +00:00
s3_both.c Add fix for CVE-2013-4353 2014-01-07 15:41:11 +00:00
s3_cbc.c RT3066: rewrite RSA padding checks to be slightly more constant time. 2014-09-24 12:47:19 +02:00
s3_clnt.c Fixed error introduced in commit f2be92b94d 2014-09-22 06:35:57 +10:00
s3_enc.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
s3_lib.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
s3_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s3_pkt.c RT3060: Limit the number of empty records. 2014-08-22 15:36:06 +02:00
s3_srvr.c RT3067: simplify patch 2014-09-24 15:54:51 +02:00
s23_clnt.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
s23_lib.c Don't advertise ECC ciphersuits in SSLv2 compatible client hello. 2014-06-27 16:52:00 +01:00
s23_meth.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
s23_pkt.c Reorder inclusion of header files: 2002-07-10 07:01:54 +00:00
s23_srvr.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
srtp.h RT2724: Remove extra declaration 2014-08-26 16:55:54 -04:00
ssl2.h Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN 2011-05-11 12:56:38 +00:00
ssl3.h Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
ssl23.h Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
ssl_algs.c Add AES-NI+SHA256 stitch registrations (from master). 2014-02-02 00:05:02 +01:00
ssl_asn1.c fix coverity issue 966597 - error line is not always initialised 2014-05-07 23:57:00 +01:00
ssl_cert.c Custom extension revision. 2014-08-28 18:09:05 +01:00
ssl_ciph.c Use more common name for GOST key exchange. 2014-07-14 18:31:55 +01:00
ssl_conf.c Add -no_resumption_on_reneg to SSL_CONF. 2014-03-27 15:51:25 +00:00
ssl_err2.c Use new-style system-id macros everywhere possible. I hope I haven't 2001-02-20 08:13:47 +00:00
ssl_err.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
ssl_lib.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
ssl_locl.h New extension callback features. 2014-08-28 18:10:21 +01:00
ssl_rsa.c Rename some callbacks, fix alignment. 2014-08-28 18:10:21 +01:00
ssl_sess.c Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) 2014-02-08 16:12:15 -08:00
ssl_stat.c Remove all RFC5878 code. 2014-07-04 13:42:05 +01:00
ssl_task.c Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
ssl_txt.c Provisional DTLS 1.2 support. 2013-09-18 13:46:02 +01:00
ssl_utst.c Add conditional unit testing interface. 2014-07-24 19:42:26 +01:00
ssl-lib.com Add t1_ext and ssl_utst to the VMS build as well. 2014-08-31 18:22:02 +02:00
ssl.h Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
ssltest.c RT3506: typo's in ssltest 2014-09-09 13:58:33 -04:00
t1_clnt.c Use appropriate versions of SSL3_ENC_METHOD 2013-09-18 13:46:02 +01:00
t1_enc.c Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
t1_ext.c Rename some callbacks, fix alignment. 2014-08-28 18:10:21 +01:00
t1_lib.c Fix for SRTP Memory Leak 2014-10-15 08:54:26 -04:00
t1_meth.c Use appropriate versions of SSL3_ENC_METHOD 2013-09-18 13:46:02 +01:00
t1_reneg.c Update RI to match latest spec. 2009-12-27 22:59:09 +00:00
t1_srvr.c Use appropriate versions of SSL3_ENC_METHOD 2013-09-18 13:46:02 +01:00
t1_trce.c Adding padding extension to trace code. 2014-05-20 11:22:15 +01:00
tls1.h Support TLS_FALLBACK_SCSV. 2014-10-15 04:04:55 +02:00
tls_srp.c Check SRP parameters early. 2014-08-06 20:41:53 +01:00