generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/ssl
History
Matt Caswell e659eff2c0 Fix for SRTP Memory Leak 
CVE-2014-3513

This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-15 08:56:16 -04:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_ssl.c
OPENSSL_NO_SOCK fixes.
2012-04-16 17:42:36 +00:00
d1_both.c
RT3301: Discard too-long heartbeat requests
2014-09-08 11:22:35 -04:00
d1_clnt.c
DTLS/SCTP Finished Auth Bug
2013-11-01 21:41:52 +00:00
d1_enc.c
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
d1_lib.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:03:28 +02:00
d1_meth.c
Dual DTLS version methods.
2013-04-09 14:02:48 +01:00
d1_pkt.c
RT3023: Redundant logical expressions
2014-08-15 10:45:00 -04:00
d1_srtp.c
Fix for SRTP Memory Leak
2014-10-15 08:56:16 -04:00
d1_srvr.c
Fix DTLS certificate requesting code.
2014-07-15 18:23:13 +01:00
dtls1.h
Support TLS_FALLBACK_SCSV.
2014-10-15 04:03:28 +02:00
heartbeat_test.c
Add conditional unit testing interface.
2014-07-24 19:41:29 +01:00
install-ssl.com
Install srtp.h
2012-07-05 13:20:19 +00:00
kssl_lcl.h
Merge from 1.0.0-stable branch.
2009-04-23 16:32:42 +00:00
kssl.c
RT2848: Remove extra NULL check
2014-08-19 12:43:58 -04:00
kssl.h
Fix for WIN32 builds with KRB5
2014-02-26 15:33:11 +00:00
Makefile
RT3067: simplify patch
2014-09-24 15:35:02 +02:00
s2_clnt.c
RT2842: Remove spurious close-comment marker.
2014-09-08 10:50:08 -04:00
s2_enc.c
Experimental encrypt-then-mac support.
2013-09-08 13:14:03 +01:00
s2_lib.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:03:28 +02:00
s2_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s2_pkt.c
Add and use a constant-time memcmp.
2013-02-06 14:16:55 +00:00
s2_srvr.c
Security framework.
2014-03-28 14:56:30 +00:00
s3_both.c
Security framework.
2014-03-28 14:56:30 +00:00
s3_cbc.c
RT3066: rewrite RSA padding checks to be slightly more constant time.
2014-09-24 12:45:42 +02:00
s3_clnt.c
Fixed error introduced in commit f2be92b94dad3c6cbdf79d99a324804094cf1617
2014-09-21 21:54:31 +10:00
s3_enc.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:03:28 +02:00
s3_lib.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:03:28 +02:00
s3_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s3_pkt.c
RT 3060: amend patch
2014-08-22 15:35:42 +02:00
s3_srvr.c
RT3067: simplify patch
2014-09-24 15:35:02 +02:00
s23_clnt.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:03:28 +02:00
s23_lib.c
Don't advertise ECC ciphersuits in SSLv2 compatible client hello.
2014-06-27 16:51:26 +01:00
s23_meth.c
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
2011-04-29 22:56:51 +00:00
s23_pkt.c
Reorder inclusion of header files:
2002-07-10 07:01:54 +00:00
s23_srvr.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:03:28 +02:00
srtp.h
RT2724: Remove extra declaration
2014-08-19 09:38:43 -04:00
ssl2.h
Initial "opaque SSL" framework. If an application defines
2011-04-29 22:37:12 +00:00
ssl3.h
Support TLS_FALLBACK_SCSV.
2014-10-15 04:03:28 +02:00
ssl23.h
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
ssl_algs.c
Add AES-SHA256 stitch.
2013-05-13 22:49:58 +02:00
ssl_asn1.c
fix coverity issue 966597 - error line is not always initialised
2014-05-07 23:54:25 +01:00
ssl_cert.c
Custom extension revision.
2014-08-28 17:06:52 +01:00
ssl_ciph.c
RT1815: More const'ness improvements
2014-08-18 11:49:16 -04:00
ssl_conf.c
Add -no_resumption_on_reneg to SSL_CONF.
2014-03-27 16:12:40 +00:00
ssl_err2.c
Use new-style system-id macros everywhere possible. I hope I haven't
2001-02-20 08:13:47 +00:00
ssl_err.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:03:28 +02:00
ssl_lib.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:03:28 +02:00
ssl_locl.h
New extension callback features.
2014-08-28 17:06:53 +01:00
ssl_rsa.c
Rename some callbacks, fix alignment.
2014-08-28 17:06:53 +01:00
ssl_sess.c
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
2013-09-06 13:59:13 +01:00
ssl_stat.c
Remove all RFC5878 code.
2014-07-04 13:26:35 +01:00
ssl_task.c
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
ssl_txt.c
Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352
2014-05-24 00:02:24 +01:00
ssl_utst.c
Add conditional unit testing interface.
2014-07-24 19:41:29 +01:00
ssl-lib.com
Add d1_srtp and t1_trce.
2012-07-05 13:20:02 +00:00
ssl.h
Support TLS_FALLBACK_SCSV.
2014-10-15 04:03:28 +02:00
ssltest.c
RT3506: typo's in ssltest
2014-09-09 13:57:58 -04:00
t1_clnt.c
Use appropriate versions of SSL3_ENC_METHOD
2013-03-18 14:53:59 +00:00
t1_enc.c
Support TLS_FALLBACK_SCSV.
2014-10-15 04:03:28 +02:00
t1_ext.c
Rename some callbacks, fix alignment.
2014-08-28 17:06:53 +01:00
t1_lib.c
Fix for SRTP Memory Leak
2014-10-15 08:56:16 -04:00
t1_meth.c
Use appropriate versions of SSL3_ENC_METHOD
2013-03-18 14:53:59 +00:00
t1_reneg.c
Update RI to match latest spec.
2009-12-27 22:58:55 +00:00
t1_srvr.c
Use appropriate versions of SSL3_ENC_METHOD
2013-03-18 14:53:59 +00:00
t1_trce.c
Adding padding extension to trace code.
2014-05-20 11:09:04 +01:00
tls1.h
Support TLS_FALLBACK_SCSV.
2014-10-15 04:03:28 +02:00
tls_srp.c
Check SRP parameters early.
2014-08-06 20:36:41 +01:00