wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Matt Caswell ee76349525 Sanity check the ticket length before using key name/IV 
This could in theory result in an overread - but due to the over allocation
of the underlying buffer does not represent a security issue.

Thanks to Fedor Indutny for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5414)
2018-02-21 11:19:11 +00:00
..
record The record version for ClientHello2 should be TLS1.2 2018-02-19 14:02:33 +00:00
statem If s->ctx is NULL then this is an internal error 2018-02-15 15:14:45 +00:00
bio_ssl.c Add comments to NULL func ptrs in bio_method_st 2017-12-18 07:04:48 +10:00
build.info Move ssl/t1_ext.c to ssl/statem/extensions_cust.c 2017-04-07 13:41:04 +01:00
d1_lib.c More record layer conversions to use SSLfatal() 2017-12-08 16:42:02 +00:00
d1_msg.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
d1_srtp.c Move client parsing of ServerHello extensions into new framework 2016-12-08 17:18:25 +00:00
methods.c Drop support for OPENSSL_NO_TLS1_3_METHOD 2017-06-30 09:41:46 +01:00
packet.c Move ossl_assert 2017-08-03 10:48:00 +01:00
packet_locl.h TLS1.3 Padding 2017-05-02 09:44:43 +01:00
pqueue.c Update copyright header 2017-07-30 17:42:00 -04:00
s3_cbc.c Move ossl_assert 2017-08-03 10:48:00 +01:00
s3_enc.c Fix some formatting nits 2017-12-04 13:37:01 +00:00
s3_lib.c Update copyright year 2018-02-13 13:59:25 +00:00
s3_msg.c Update copyright year 2018-02-13 13:59:25 +00:00
ssl_asn1.c ssl/ssl_asn1.c: resolve warnings in VC-WIN32 build, which allows to add /WX. 2017-11-13 10:58:21 +01:00
ssl_cert.c Update copyright years on all files merged since Jan 1st 2018 2018-01-09 05:49:01 +01:00
ssl_cert_table.h Add RSA-PSS key certificate type. 2017-09-20 12:50:23 +01:00
ssl_ciph.c Copyright update of more files that have changed this year 2018-01-19 13:34:03 +01:00
ssl_conf.c Update copyright year 2018-02-13 13:59:25 +00:00
ssl_err.c Add TLSv1.3 post-handshake authentication (PHA) 2018-02-01 17:07:56 +00:00
ssl_init.c In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto() 2017-12-08 16:08:39 +01:00
ssl_lib.c DRBG: make the derivation function the default for ctr_drbg 2018-02-13 17:32:54 +01:00
ssl_locl.h The function ssl_get_min_max_version() can fail 2018-02-12 10:06:39 +00:00
ssl_mcnf.c Fix misc size_t issues causing Windows warnings in 64 bit 2016-11-04 12:09:46 +00:00
ssl_rsa.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_sess.c Consistent formatting for sizeof(foo) 2017-12-07 19:11:49 -05:00
ssl_stat.c Merge HRR into ServerHello 2017-12-14 15:06:37 +00:00
ssl_txt.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ssl_utst.c Remove heartbeat support 2016-11-13 16:24:02 -05:00
t1_enc.c Convert more functions in ssl/statem/statem.c to use SSLfatal() 2017-12-04 13:31:48 +00:00
t1_lib.c Sanity check the ticket length before using key name/IV 2018-02-21 11:19:11 +00:00
t1_trce.c Add TLSv1.3 post-handshake authentication (PHA) 2018-02-01 17:07:56 +00:00
tls13_enc.c Update copyright year 2018-02-13 13:59:25 +00:00
tls_srp.c Convert remaining functions in statem_clnt.c to use SSLfatal() 2017-12-04 13:31:48 +00:00