- Aug 13, 2014
-
-
Bodo Moeller authored
group_order_tests (ectest.c). Also fix the EC_POINTs_mul documentation (ec.h). Reviewed-by: <emilia@openssl.org> Conflicts: crypto/ec/ectest.c
-
- Aug 06, 2014
-
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Gabor Tyukasz authored
CVE-2014-3509 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
- Upon parsing, reject OIDs with invalid base-128 encoding. - Always NUL-terminate the destination buffer in OBJ_obj2txt printing function. CVE-2014-3508 Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Emilia Käsper authored
CVE-2014-3510 Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
David Benjamin authored
CVE-2014-3511 Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Bodo Möller <bodo@openssl.org>
-
Adam Langley authored
In a couple of functions, a sequence number would be calculated twice. Additionally, in |dtls1_process_out_of_seq_message|, we know that |frag_len| <= |msg_hdr->msg_len| so the later tests for |frag_len < msg_hdr->msg_len| can be more clearly written as |frag_len != msg_hdr->msg_len|, since that's the only remaining case. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read. Problem identified by Emilia Käsper, based on previous issue/patch by Adam Langley. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Adam Langley authored
Previously, a truncated DTLS fragment in |dtls1_process_out_of_seq_message| would cause *ok to be cleared, but the return value would still be the number of bytes read. This would cause |dtls1_get_message| not to consider it an error and it would continue processing as normal until the calling function noticed that *ok was zero. I can't see an exploit here because |dtls1_get_message| uses |s->init_num| as the length, which will always be zero from what I can see. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Adam Langley authored
The |pqueue_insert| function can fail if one attempts to insert a duplicate sequence number. When handling a fragment of an out of sequence message, |dtls1_process_out_of_seq_message| would not call |dtls1_reassemble_fragment| if the fragment's length was zero. It would then allocate a fresh fragment and attempt to insert it, but ignore the return value, leaking the fragment. This allows an attacker to exhaust the memory of a DTLS peer. Fixes CVE-2014-3507 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
In |dtls1_reassemble_fragment|, the value of |msg_hdr->frag_off+frag_len| was being checked against the maximum handshake message size, but then |msg_len| bytes were allocated for the fragment buffer. This means that so long as the fragment was within the allowed size, the pending handshake message could consume 16MB + 2MB (for the reassembly bitmap). Approx 10 outstanding handshake messages are allowed, meaning that an attacker could consume ~180MB per DTLS connection. In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no check was applied. Fixes CVE-2014-3506 Wholly based on patch by Adam Langley with one minor amendment. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Adam Langley authored
The |item| variable, in both of these cases, may contain a pointer to a |pitem| structure within |s->d1->buffered_messages|. It was being freed in the error case while still being in |buffered_messages|. When the error later caused the |SSL*| to be destroyed, the item would be double freed. Thanks to Wah-Teh Chang for spotting that the fix in 1632ef74 was inconsistent with the other error paths (but correct). Fixes CVE-2014-3505 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Dr. Stephen Henson authored
(cherry picked from commit 27131fe8 ) Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Aug 01, 2014
-
-
Bodo Moeller authored
(which didn't always handle value 0 correctly). Reviewed-by: <emilia@openssl.org> Conflicts: CHANGES crypto/ec/ectest.c
-
- Jul 21, 2014
-
-
Billy Brumley authored
PR#2569 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit cba11f57)
-
Tim Hudson authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 62352b81)
-
Tim Hudson authored
statement of opinion rather than a fact. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit c8d133e4)
-
- Jul 19, 2014
-
-
Dr. Stephen Henson authored
PR#1675 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 197400c3f0d617d71ad8167b52fb73046d334320)
-
- Jul 17, 2014
-
-
Jeffrey Walton authored
PR#3456 Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit d48e78f0)
-
- Jul 15, 2014
-
-
Matt Caswell authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 3bd54819)
-
Dr. Stephen Henson authored
PR#3452 (cherry picked from commit ca2015a6)
-
Dr. Stephen Henson authored
Use same logic when determining when to expect a client certificate for both TLS and DTLS. PR#3452 (cherry picked from commit c8d710dc)
-
Dr. Stephen Henson authored
PR#3449 (cherry picked from commit 2054eb77)
-
Dr. Stephen Henson authored
The options which emulate a web server don't make sense when doing DTLS. Exit with an error if an attempt is made to use them. PR#3453 (cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)
-
- Jul 14, 2014
-
-
Dr. Stephen Henson authored
PR#3445 (cherry picked from commit 1c3e9a7c)
-
Dr. Stephen Henson authored
(cherry picked from commit 7aabd9c92fe6f0ea2a82869e5171dcc4518cee85)
-
- Jul 13, 2014
-
-
Matt Caswell authored
This is actually ok for this function, but initialised to zero anyway if PURIFY defined. This does have the impact of masking any *real* unitialised data reads in bn though. Patch based on approach suggested by Rich Salz. PR#3415 (cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)
-
Peter Mosmans authored
PR#3440 (cherry picked from commit 924e5eda) Conflicts: ssl/ssl_ciph.c
-
Richard Levitte authored
Detected by dcruette@qualitesys.com (cherry picked from commit 8b5dd340)
-
- Jul 09, 2014
-
-
Matt Caswell authored
Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com> PR#3439 (cherry picked from commit 66816c53)
-
- Jul 07, 2014
-
-
David Lloyd authored
PR#2985 (cherry picked from commit 9d23f422)
-
- Jul 06, 2014
-
-
Dr. Stephen Henson authored
(cherry picked from commit a07f514f)
-
Dr. Stephen Henson authored
Conflicts: doc/apps/s_client.pod doc/apps/s_server.pod (cherry picked from commit b197c770)
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
(cherry picked from commit a23a6e85)
-
- Jul 05, 2014
-
-
Dr. Stephen Henson authored
PR#2277 (cherry picked from commit 733a6c882e92f8221bd03a51643bb47f5f81bb81)
-