Skip to content
  1. May 05, 2015
  2. May 04, 2015
  3. May 03, 2015
  4. May 02, 2015
  5. May 01, 2015
  6. Apr 30, 2015
    • Matt Caswell's avatar
      Fix buffer overrun in RSA signing · 34166d41
      Matt Caswell authored
      
      
      The problem occurs in EVP_PKEY_sign() when using RSA with X931 padding.
      It is only triggered if the RSA key size is smaller than the digest length.
      So with SHA512 you can trigger the overflow with anything less than an RSA
      512 bit key. I managed to trigger a 62 byte overflow when using a 16 bit RSA
      key. This wasn't sufficient to cause a crash, although your mileage may
      vary.
      
      In practice RSA keys of this length are never used and X931 padding is very
      rare. Even if someone did use an excessively short RSA key, the chances of
      them combining that with a longer digest and X931 padding is very
      small. For these reasons I do not believe there is a security implication to
      this. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
      Solutions) for reporting this issue.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      34166d41
    • Matt Caswell's avatar
      Add sanity check to print_bin function · 3deeeeb6
      Matt Caswell authored
      
      
      Add a sanity check to the print_bin function to ensure that the |off|
      argument is positive. Thanks to Kevin Wojtysiak (Int3 Solutions) and
      Paramjot Oberoi (Int3 Solutions) for reporting this issue.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      3deeeeb6
    • Matt Caswell's avatar
      Add sanity check to ssl_get_prev_session · cb0f400b
      Matt Caswell authored
      
      
      Sanity check the |len| parameter to ensure it is positive. Thanks to Kevin
      Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for
      reporting this issue.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      cb0f400b
    • Matt Caswell's avatar
      Sanity check the return from final_finish_mac · c427570e
      Matt Caswell authored
      
      
      The return value is checked for 0. This is currently safe but we should
      really check for <= 0 since -1 is frequently used for error conditions.
      Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
      Solutions) for reporting this issue.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      c427570e