Matt Caswell 2ebbe2d7ca Fix SSL_select_next_proto ... Ensure that the provided client list is non-NULL and starts with a valid entry. When called from the ALPN callback the client list should already have been validated by OpenSSL so this should not cause a problem. When called from the NPN callback the client list is locally configured and will not have already been validated. Therefore SSL_select_next_proto should not assume that it is correctly formatted. We implement stricter checking of the client protocol list. We also do the same for the server list while we are about it. CVE-2024-5535 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24716)		2024-06-27 10:30:51 +01:00
..
quic	Fix memory leak in quic_trace.c	2024-06-10 10:45:54 +02:00
record	Set rl->packet to NULL after we've finished using it	2024-05-28 13:28:13 +01:00
rio	QUIC POLLING: Support no-quic builds	2024-02-10 11:37:14 +00:00
statem	Fix handling of max_fragment_length extension for PSK	2024-06-20 16:49:51 +02:00
bio_ssl.c	bio_ssl.c: Do not call SSL_shutdown if not inited	2024-06-25 16:06:17 +02:00
build.info	QUIC RIO: Add frontend SSL_poll implementation	2024-02-10 11:37:14 +00:00
d1_lib.c	Remove SSL_ENC_FLAG_EXPLICIT_IV which is only set and never read.	2024-05-14 15:34:07 +02:00
d1_msg.c	Copyright year updates	2023-09-07 09:59:15 +01:00
d1_srtp.c	Copyright year updates	2024-04-09 13:43:26 +02:00
event_queue.c	Remove a spurious inclusion of the sparse array header file	2023-09-25 07:45:32 +10:00
methods.c	Update some inclusions of <openssl/macros.h>	2019-11-07 11:37:25 +01:00
pqueue.c	Stop raising ERR_R_MALLOC_FAILURE in most places	2022-10-05 14:02:03 +02:00
priority_queue.c	Fix bug in priority queue remove function	2023-11-08 11:09:12 +00:00
s3_enc.c	Copyright year updates	2024-04-09 13:43:26 +02:00
s3_lib.c	Add support for integrity-only cipher suites for TLS v1.3	2024-05-14 15:39:15 +02:00
s3_msg.c	Resolve a TODO in ssl3_dispatch_alert	2022-11-14 10:14:41 +01:00
ssl_asn1.c	RFC7250 (RPK) support	2023-03-28 13:49:54 -04:00
ssl_cert_comp.c	Copyright year updates	2023-09-07 09:59:15 +01:00
ssl_cert_table.h	Make ssl_cert_info read-only	2023-11-27 07:51:33 +00:00
ssl_cert.c	Make ssl_cert_info read-only	2023-11-27 07:51:33 +00:00
ssl_ciph.c	Move stack of compression methods from libssl to OSSL_LIB_CTX	2024-05-28 08:56:13 +02:00
ssl_conf.c	Copyright year updates	2024-04-09 13:43:26 +02:00
ssl_err_legacy.c	Update copyright year	2021-06-17 13:24:59 +01:00
ssl_err.c	Add reason codes with the correct offset for two alerts	2024-05-14 15:27:17 +02:00
ssl_init.c	Move stack of compression methods from libssl to OSSL_LIB_CTX	2024-05-28 08:56:13 +02:00
ssl_lib.c	Fix SSL_select_next_proto	2024-06-27 10:30:51 +01:00
ssl_local.h	Extend mask of ssl_method_st to 64-bit	2024-06-23 10:09:07 -04:00
ssl_mcnf.c	Set SSL_CONF_FLAG_SHOW_ERRORS when conf_diagnostics is enabled	2024-05-09 09:20:58 +02:00
ssl_rsa_legacy.c	Deprecate RSA harder	2020-11-18 23:38:34 +01:00
ssl_rsa.c	Copyright year updates	2023-09-07 09:59:15 +01:00
ssl_sess.c	Incorporate review feedback	2024-06-21 07:57:56 -04:00
ssl_stat.c	SSL_alert_desc_string_long(): Delete unnecessary underline	2024-04-04 08:33:21 +02:00
ssl_txt.c	Move stack of compression methods from libssl to OSSL_LIB_CTX	2024-05-28 08:56:13 +02:00
ssl_utst.c	Remove the old buffer management code	2022-10-20 14:39:33 +01:00
sslerr.h	QUIC APL: Implement optimised FIN API	2024-01-23 14:20:06 +00:00
t1_enc.c	Copyright year updates	2024-04-09 13:43:26 +02:00
t1_lib.c	Fix handling of max_fragment_length extension for PSK	2024-06-20 16:49:51 +02:00
t1_trce.c	Add support for integrity-only cipher suites for TLS v1.3	2024-05-14 15:39:15 +02:00
tls13_enc.c	Add support for integrity-only cipher suites for TLS v1.3	2024-05-14 15:39:15 +02:00
tls_depr.c	SSL object refactoring using SSL_CONNECTION object	2022-07-28 10:04:28 +01:00
tls_srp.c	Stop raising ERR_R_MALLOC_FAILURE in most places	2022-10-05 14:02:03 +02:00