mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity
openssl/ssl
History
David Woodhouse 2e94723c1b Fix ubsan 'left shift of negative value -1' error in satsub64be() 
Baroque, almost uncommented code triggers behaviour which is undefined
by the C standard. You might quite reasonably not care that the code was
broken on ones-complement machines, but if we support a ubsan build then
we need to at least pretend to care.

It looks like the special-case code for 64-bit big-endian is going to
behave differently (and wrongly) on wrap-around, because it treats the
values as signed. That seems wrong, and allows replay and other attacks.
Surely you need to renegotiate and start a new epoch rather than
wrapping around to sequence number zero again?

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-04 20:56:24 +01:00
..
record
Fix ubsan 'left shift of negative value -1' error in satsub64be()
2016-08-04 20:56:24 +01:00
statem
Make DTLS1_BAD_VER work with DTLS_client_method()
2016-08-04 20:56:24 +01:00
bio_ssl.c
Fix BIO_pop for SSL BIOs
2016-07-29 14:09:57 +01:00
build.info
Update build.info files for auto-init/de-init
2016-02-09 15:11:38 +00:00
d1_lib.c
Make DTLS1_BAD_VER work with DTLS_client_method()
2016-08-04 20:56:24 +01:00
d1_msg.c
Whitespace cleanup in ssl folder
2016-06-29 09:56:39 -04:00
d1_srtp.c
Add checks on sk_TYPE_push() returned result
2016-06-23 14:03:29 +01:00
methods.c
Make DTLS1_BAD_VER work with DTLS_client_method()
2016-08-04 20:56:24 +01:00
packet_locl.h
Copyright consolidation 01/10
2016-05-17 14:19:19 -04:00
pqueue.c
Copyright consolidation 01/10
2016-05-17 14:19:19 -04:00
s3_cbc.c
check return values for EVP_Digest*() APIs
2016-07-15 14:09:05 +01:00
s3_enc.c
check return values for EVP_Digest*() APIs
2016-07-15 14:09:05 +01:00
s3_lib.c
Fix cipher support for DTLS1_BAD_VER
2016-08-04 20:56:23 +01:00
s3_msg.c
Always use session_ctx when removing a session
2016-06-08 15:22:41 +01:00
ssl_asn1.c
Copyright consolidation 01/10
2016-05-17 14:19:19 -04:00
ssl_cert.c
Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead
2016-07-19 23:49:54 +02:00
ssl_ciph.c
Have load_buildtin_compression in ssl/ssl_ciph.c return RUN_ONCE result
2016-07-22 11:56:45 +02:00
ssl_conf.c
Spelling... and more spelling
2016-06-22 00:26:10 +02:00
ssl_err.c
Check for errors allocating the error strings.
2016-07-20 19:20:53 +02:00
ssl_init.c
Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead
2016-07-19 23:49:54 +02:00
ssl_lib.c
Fix SSL_export_keying_material() for DTLS1_BAD_VER
2016-08-04 20:56:23 +01:00
ssl_locl.h
Make DTLS1_BAD_VER work with DTLS_client_method()
2016-08-04 20:56:24 +01:00
ssl_mcnf.c
Whitespace cleanup in ssl folder
2016-06-29 09:56:39 -04:00
ssl_rsa.c
fix memory leaks
2016-07-16 12:32:34 -04:00
ssl_sess.c
Fix a few if(, for(, while( inside code.
2016-07-20 07:21:53 -04:00
ssl_stat.c
SSL test framework: port NPN and ALPN tests
2016-07-19 14:17:48 +02:00
ssl_txt.c
Enforce and explicit some const casting
2016-07-25 08:20:00 -04:00
ssl_utst.c
Copyright consolidation 01/10
2016-05-17 14:19:19 -04:00
t1_enc.c
Spelling... and more spelling
2016-06-22 00:26:10 +02:00
t1_ext.c
Copyright consolidation 01/10
2016-05-17 14:19:19 -04:00
t1_lib.c
Fix two bugs in clienthello processing
2016-07-19 14:18:03 +02:00
t1_reneg.c
Copyright consolidation 01/10
2016-05-17 14:19:19 -04:00
t1_trce.c
Enforce and explicit some const casting
2016-07-25 08:20:00 -04:00
tls_srp.c
Copyright consolidation 01/10
2016-05-17 14:19:19 -04:00