Skip to content
GitLab
  1. 24 Feb, 2016 1 commit
    • Emilia Kasper's avatar
      CVE-2016-0798: avoid memory leak in SRP · 259b664f
      Emilia Kasper authored 
      The SRP user database lookup method SRP_VBASE_get_by_user had confusing
memory management semantics; the returned pointer was sometimes newly
allocated, and sometimes owned by the callee. The calling code has no
way of distinguishing these two cases.

Specifically, SRP servers that configure a secret seed to hide valid
login information are vulnerable to a memory leak: an attacker
connecting with an invalid username can cause a memory leak of around
300 bytes per connection.

Servers that do not configure SRP, or configure SRP but do not configure
a seed are not vulnerable.

In Apache, the seed directive is known as SSLSRPUnknownUserSeed.

To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user
is now disabled even if the user has configured a seed.

Applications are advised to migrate to SRP_VBASE_get1_by_user. However,
note that OpenSSL makes no strong guarantees about the
indistinguishability of valid and invalid logins. In particular,
computation...
      259b664f
  3. 23 Feb, 2016 3 commits
  5. 22 Feb, 2016 2 commits
  7. 19 Feb, 2016 3 commits
  9. 18 Feb, 2016 1 commit
  11. 16 Feb, 2016 1 commit
  13. 13 Feb, 2016 1 commit
  15. 12 Feb, 2016 2 commits
  17. 11 Feb, 2016 2 commits
  19. 10 Feb, 2016 1 commit
  21. 08 Feb, 2016 1 commit
    • Matt Caswell's avatar
      Handle SSL_shutdown while in init more appropriately #2 · 64193c82
      Matt Caswell authored 
      Previous commit f73c737c attempted to "fix" a problem with the way
SSL_shutdown() behaved whilst in mid-handshake. The original behaviour had
SSL_shutdown() return immediately having taken no action if called mid-
handshake with a return value of 1 (meaning everything was shutdown
successfully). In fact the shutdown has not been successful.

Commit f73c737c

 changed that to send a close_notify anyway and then
return. This seems to be causing some problems for some applications so
perhaps a better (much simpler) approach is revert to the previous
behaviour (no attempt at a shutdown), but return -1 (meaning the shutdown
was not successful).

This also fixes a bug where SSL_shutdown always returns 0 when shutdown
*very* early in the handshake (i.e. we are still using SSLv23_method).

Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
      64193c82
  23. 06 Feb, 2016 1 commit
  25. 05 Feb, 2016 1 commit
    • Viktor Dukhovni's avatar
      Fix missing ok=0 with locally blacklisted CAs · a3baa171
      Viktor Dukhovni authored 
      

Also in X509_verify_cert() avoid using "i" not only as a loop
counter, but also as a trust outcome and as an error ordinal.

Finally, make sure that all "goto end" jumps return an error, with
"end" renamed to "err" accordingly.

[ The 1.1.0 version of X509_verify_cert() is major rewrite,
  which addresses these issues in a more systemic way. ]

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      a3baa171
  27. 04 Feb, 2016 1 commit
  29. 02 Feb, 2016 2 commits
  31. 01 Feb, 2016 2 commits
  33. 30 Jan, 2016 1 commit
  35. 29 Jan, 2016 5 commits
  37. 28 Jan, 2016 9 commits