wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Matt Caswell 07afdf3c3a Fix SSL_get0_raw_cipherlist() 
SSL_get0_raw_cipherlist() was a little too "raw" in the case of an SSLv2
compat ClientHello. In 1.0.2 and below, during version negotiation, if
we received an SSLv2 compat ClientHello but actually wanted to do SSLv3+
then we would construct a "fake" SSLv3+ ClientHello. This "fake" ClientHello
would have its ciphersuite list converted to the SSLv3+ format. It was
this "fake" raw list that got saved away to later be returned by a call to
SSL_get0_raw_cipherlist().

In 1.1.0+ version negotiation works differently and we process an SSLv2
compat ClientHello directly without the need for an intermediary "fake"
ClientHello. This meant that the raw ciphersuite list being saved was in
the SSLv2 format. Any caller of this function would not expect that and
potentially overread the returned buffer by one byte.

Fixes #2189

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2280)
2017-01-24 14:26:34 +00:00
..
record Replace div-spoiler hack with simpler code 2017-01-23 11:19:45 -05:00
statem Fix SSL_get0_raw_cipherlist() 2017-01-24 14:26:34 +00:00
bio_ssl.c Test the size_t constant time functions 2016-11-04 12:09:46 +00:00
build.info Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
d1_lib.c Ensure we are in accept state in DTLSv1_listen 2016-11-29 10:01:49 +00:00
d1_msg.c Convert libssl writing for size_t 2016-11-04 12:09:45 +00:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Add the SSL_METHOD for TLSv1.3 and all other base changes required 2016-11-02 13:08:21 +00:00
packet.c Various style fixes from the TLSv1.3 record changes review 2016-12-05 17:05:40 +00:00
packet_locl.h Add an ability to find out the current write location from a WPACKET 2016-12-05 17:05:40 +00:00
pqueue.c Fix a missed size_t variable declaration 2016-11-04 12:09:46 +00:00
s3_cbc.c Provide some constant time functions for dealing with size_t values 2016-11-04 12:09:46 +00:00
s3_enc.c fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_cipher_state 2017-01-23 11:41:59 +01:00
s3_lib.c Review comments 2017-01-09 22:26:47 -05:00
s3_msg.c Fix some missed size_t updates 2016-11-04 12:09:45 +00:00
ssl_asn1.c Move extension data into sub-structs 2017-01-09 22:26:47 -05:00
ssl_cert.c Convert Sigalgs processing to use ints 2017-01-10 23:02:50 +00:00
ssl_ciph.c Remove a hack from ssl_test_old 2016-11-16 10:27:40 +00:00
ssl_conf.c Test mac-then-encrypt 2016-11-28 12:23:36 +01:00
ssl_err.c Add support for key logging callbacks. 2017-01-23 17:07:43 +01:00
ssl_init.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_lib.c Add support for key logging callbacks. 2017-01-23 17:07:43 +01:00
ssl_locl.h Add support for key logging callbacks. 2017-01-23 17:07:43 +01:00
ssl_mcnf.c Fix misc size_t issues causing Windows warnings in 64 bit 2016-11-04 12:09:46 +00:00
ssl_rsa.c Indent ssl/ 2016-08-18 14:02:29 +02:00
ssl_sess.c Fix a ssl session leak due to OOM in lh_SSL_SESSION_insert 2017-01-24 15:05:12 +01:00
ssl_stat.c Add missing debug strings. 2016-09-07 16:08:38 -04:00
ssl_txt.c Move extension data into sub-structs 2017-01-09 22:26:47 -05:00
ssl_utst.c Remove heartbeat support 2016-11-13 16:24:02 -05:00
t1_enc.c Fix EXTMS error introduced by commit 94ed2c6 2016-11-23 09:50:26 +00:00
t1_ext.c Add some missing extensions to SSL_extension_supported() 2016-12-08 17:17:33 +00:00
t1_lib.c If client doesn't send curves list, don't assume all. 2017-01-18 12:24:28 -05:00
t1_trce.c Teach SSL_trace about the new sigalgs 2017-01-10 23:02:50 +00:00
tls13_enc.c Verify that the sig algs extension has been sent for TLSv1.3 2017-01-10 23:02:50 +00:00
tls_srp.c Indent ssl/ 2016-08-18 14:02:29 +02:00