- Aug 06, 2014
-
-
Matt Caswell authored
Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read. Problem identified by Emilia Käsper, based on previous issue/patch by Adam Langley. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Adam Langley authored
Previously, a truncated DTLS fragment in |dtls1_process_out_of_seq_message| would cause *ok to be cleared, but the return value would still be the number of bytes read. This would cause |dtls1_get_message| not to consider it an error and it would continue processing as normal until the calling function noticed that *ok was zero. I can't see an exploit here because |dtls1_get_message| uses |s->init_num| as the length, which will always be zero from what I can see. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Adam Langley authored
The |pqueue_insert| function can fail if one attempts to insert a duplicate sequence number. When handling a fragment of an out of sequence message, |dtls1_process_out_of_seq_message| would not call |dtls1_reassemble_fragment| if the fragment's length was zero. It would then allocate a fresh fragment and attempt to insert it, but ignore the return value, leaking the fragment. This allows an attacker to exhaust the memory of a DTLS peer. Fixes CVE-2014-3507 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
In |dtls1_reassemble_fragment|, the value of |msg_hdr->frag_off+frag_len| was being checked against the maximum handshake message size, but then |msg_len| bytes were allocated for the fragment buffer. This means that so long as the fragment was within the allowed size, the pending handshake message could consume 16MB + 2MB (for the reassembly bitmap). Approx 10 outstanding handshake messages are allowed, meaning that an attacker could consume ~180MB per DTLS connection. In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no check was applied. Fixes CVE-2014-3506 Wholly based on patch by Adam Langley with one minor amendment. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Adam Langley authored
The |item| variable, in both of these cases, may contain a pointer to a |pitem| structure within |s->d1->buffered_messages|. It was being freed in the error case while still being in |buffered_messages|. When the error later caused the |SSL*| to be destroyed, the item would be double freed. Thanks to Wah-Teh Chang for spotting that the fix in 1632ef74 was inconsistent with the other error paths (but correct). Fixes CVE-2014-3505 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Aug 01, 2014
-
-
Bodo Moeller authored
-
Bodo Moeller authored
(If a change is already present in 1.0.1f or 1.0.1h, don't list it again under changes between 1.0.1h and 1.0.2.)
-
Bodo Moeller authored
-
Bodo Moeller authored
(which didn't always handle value 0 correctly). Reviewed-by: <emilia@openssl.org>
-
- Jul 24, 2014
-
-
Dr. Stephen Henson authored
Don't call internal functions directly call them through SSL_test_functions(). This also makes unit testing work on Windows and platforms that don't export internal functions from shared libraries. By default unit testing is not enabled: it requires the compile time option "enable-unit-test". Reviewed-by: Geoff Thorpe <geoff@openssl.org>
-
Dr. Stephen Henson authored
The call to setenv in gost2814789t.c is not portable and may not reflect the location of the GOST ENGINE on all platforms anyway. Instead set OPENSSL_ENGINES in test/Makefile Reviewed-by: Geoff Thorpe <geoff@openssl.org>
-
- Jul 22, 2014
-
-
Geoff Thorpe authored
This has been unmaintained for a long time. If it's still of interest to anyone, it can be obtained easily enough by reverting this commit. (It could join other demo code in some other repository, perhaps.) In any case we don't want it taking up space in the baseline source package, so <snip>. Signed-off-by: Geoff Thorpe <geoff@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Jul 21, 2014
-
-
Billy Brumley authored
PR#2569 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Tim Hudson authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Andy Polyakov authored
and improve performance by 10% on POWER[78]. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Tim Hudson authored
statement of opinion rather than a fact. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jul 20, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
[and split ppccap.c to ppccap.c and ppc_arch.h] Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Jul 19, 2014
-
-
Dr. Stephen Henson authored
Add cmac.h to mkdef.pl Remove ENGINE_load_rsax from engine.h: no longer built. Update ordinals Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
PR#1675 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Mike Bland authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Mike Bland authored
ssl/ssl_locl.h now comes first to ensure that it will compile standalone. test/testutil.h is considered to be in the same directory as the test file, since the test file will be linked into test/ and built there. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Mike Bland authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Mike Bland authored
These help standardize the structure of main() and result reporting. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Jul 18, 2014
-
-
Dr. Stephen Henson authored
Add support for RFC5649 key wrapping with padding. Add RFC5649 tests to evptests.txt Based on PR#3434 contribution by Petr Spacek <pspacek@redhat.com>. EVP support and minor changes added by Stephen Henson. Doxygen comment block updates by Tim Hudson. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Jul 17, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Jeffrey Walton authored
PR#3456 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Jul 16, 2014
-
-
Matt Caswell authored
PR#3442 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Andy Polyakov authored
This reverts commit 927f2e5d.
-
Andy Polyakov authored
This reverts commit 14aaf883.
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Jul 15, 2014
-
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
PR#3452
-
Dr. Stephen Henson authored
Use same logic when determining when to expect a client certificate for both TLS and DTLS. PR#3452
-
Dr. Stephen Henson authored
The options which emulate a web server don't make sense when doing DTLS. Exit with an error if an attempt is made to use them. PR#3453
-