summaryrefslogtreecommitdiffstats
path: root/ssl/s2_srvr.c
AgeCommit message (Collapse)Author
2015-04-08Harden SSLv2-supporting servers against Bleichenbacher's attack.Emilia Kasper
There is no indication that the timing differences are exploitable in OpenSSL, and indeed there is some indication (Usenix '14) that they are too small to be exploitable. Nevertheless, be careful and apply the same countermeasures as in s3_srvr.c Thanks to Nimrod Aviram, Sebastian Schinzel and Yuval Shavitt for reporting this issue. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19Fix unsigned/signed warningsMatt Caswell
Fix some unsigned/signed warnings introduced as part of the fix for CVE-2015-0293 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19Fix reachable assert in SSLv2 servers.Emilia Kasper
This assert is reachable for servers that support SSLv2 and export ciphers. Therefore, such servers can be DoSed by sending a specially crafted SSLv2 CLIENT-MASTER-KEY. Also fix s2_srvr.c to error out early if the key lengths are malformed. These lengths are sent unencrypted, so this does not introduce an oracle. CVE-2015-0293 This issue was discovered by Sean Burford (Google) and Emilia Käsper of the OpenSSL development team. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Rerun util/openssl-format-source -v -c .OpenSSL_1_0_2-post-auto-reformatMatt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22More tweaks for comments due indent issuesOpenSSL_1_0_2-pre-auto-reformatMatt Caswell
Conflicts: ssl/ssl_ciph.c ssl/ssl_locl.h Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22Tweaks for comments due to indent's inability to handle themMatt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-13Fix memory leak in s2_srvr.c if BUF_MEM_grow failsMatt Caswell
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2012-06-03Reduce version skew: trivia (I hope).Ben Laurie
2011-02-03Assorted bugfixes:Bodo Möller
- safestack macro changes for C++ were incomplete - RLE decompression boundary case - SSL 2.0 key arg length check Submitted by: Google (Adam Langley, Neel Mehta, Bodo Moeller)
2010-06-15Fix warnings (From HEAD, original patch by Ben).Dr. Stephen Henson
2009-10-01PR: 2055Dr. Stephen Henson
Submitted by: Julia Lawall <julia@diku.dk> Approved by: steve@openssl.org Correct BIO_ctrl error handling in s2_srvr.c
2009-01-07Updatde from stable branch.Dr. Stephen Henson
2008-10-12Type-checked (and modern C compliant) OBJ_bsearch.Ben Laurie
2007-09-07Change safestack reimplementation to match 0.9.8.Dr. Stephen Henson
Fix additional gcc 4.2 value not used warnings.
2007-08-11RFC4507 (including RFC4507bis) TLS stateless session resumption supportDr. Stephen Henson
for OpenSSL.
2007-06-04Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.Dr. Stephen Henson
2005-12-05Avoid warnings on VC++ 2005.Dr. Stephen Henson
2005-08-14Let the TLSv1_method() etc. functions return a const SSL_METHODNils Larsch
pointer and make the SSL_METHOD parameter in SSL_CTX_new, SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
2005-08-05Initialize SSL_METHOD structures at compile time. This removes the needDr. Stephen Henson
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
2005-05-11Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabledBodo Möller
with the SSL_OP_NO_SSLv2 option.
2005-04-29check return value of RAND_pseudo_bytes; backport from the stable branchNils Larsch
2004-03-15Constify d2i, s2i, c2i and r2i functions and other associatedRichard Levitte
functions and macros. This change has associated tags: LEVITTE_before_const and LEVITTE_after_const. Those will be removed when this change has been properly reviewed.
2003-12-27Avoid including cryptlib.h, it's not really needed.Richard Levitte
Check if IDEA is being built or not. This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
2002-11-13Security fixes brought forward from 0.9.7.Ben Laurie
2002-09-25really fix race conditionsBodo Möller
Submitted by: "Patrick McCormick" <patrick@tellme.com> PR: 262 PR: 291
2002-09-23really fix race conditionBodo Möller
PR: 262
2002-08-15use correct function code in error messageBodo Möller
2002-08-02get rid of OpenSSLDieBodo Möller
2002-07-30OpenSSL Security Advisory [30 July 2002]Lutz Jänicke
Changes marked "(CHATS)" were sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.
2002-01-12Prototype info function.Ben Laurie
2001-11-14cast to unsigned int, not to int to avoid the warning -- all theseBodo Möller
values really are unsigned
2001-11-14unsigned int vs. int.Richard Levitte
2001-11-10make code a little more similar to what it looked like before the fixes,Bodo Möller
call ssl2_part_read again to parse error message
2001-11-10Implement msg_callback for SSL 2.0.Bodo Möller
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
2001-10-24Fix SSL handshake functions and SSL_clear() such that SSL_clear()Bodo Möller
never resets s->method to s->ctx->method when called from within one of the SSL handshake functions.
2001-10-16Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()Dr. Stephen Henson
with existing code. Modify library to use digest *_ex() functions.
2001-07-30Really add the EVP and all of the DES changes.Ben Laurie
2001-06-01Fix Bleichenbacher PKCS #1 1.5 countermeasure.Bodo Möller
(The attack against SSL 3.1 and TLS 1.0 is impractical anyway, otherwise this would be a security relevant patch.)
2001-02-20Use new-style system-id macros everywhere possible. I hope I haven'tRichard Levitte
missed any. This compiles and runs on Linux, and external applications have no problems with it. The definite test will be to build this on VMS.
2001-02-09New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to overrideLutz Jänicke
the clients choice; in SSLv2 the client uses the server's preferences.
2000-06-01There have been a number of complaints from a number of sources that namesRichard Levitte
like Malloc, Realloc and especially Free conflict with already existing names on some operating systems or other packages. That is reason enough to change the names of the OpenSSL memory allocation macros to something that has a better chance of being unique, like prepending them with OPENSSL_. This change includes all the name changes needed throughout all C files.
2000-02-20Tolerate fragmentation and interleaving in the SSL 3/TLS record layer.Bodo Möller
2000-02-03ispell (and minor modifications)Ulf Möller
2000-01-21Check RAND_bytes() return value or use RAND_pseudo_bytes().Ulf Möller
2000-01-16Add missing #ifndefs that caused missing symbols when building libsslUlf Möller
as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c. Submitted by: Kris Kennaway <kris@hub.freebsd.org> Modified by Ulf Möller
2000-01-13Precautions against using the PRNG uninitialized: RAND_bytes() nowUlf Möller
returns int (1 = ok, 0 = not seeded). New function RAND_add() is the same as RAND_seed() but takes an estimate of the entropy as an additional argument.
2000-01-08Make NO_RSA compile with pedantic.Ben Laurie
1999-11-16Store verify_result with sessions to avoid potential security hole.Bodo Möller
1999-06-09"extern" is a C++ reserved word.Ulf Möller
Pointed out by: Janez Jere <jj@void.si>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 13:38:16 +0000