Skip to content
  1. Jan 26, 2017
    • Richard Levitte's avatar
      Better check of DH parameters in TLS data · 26505153
      Richard Levitte authored
      
      
      When the client reads DH parameters from the TLS stream, we only
      checked that they all are non-zero.  This change updates the check to
      use DH_check_params()
      
      DH_check_params() is a new function for light weight checking of the p
      and g parameters:
      
          check that p is odd
          check that 1 < g < p - 1
      
      Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
      26505153
    • Andy Polyakov's avatar
      crypto/evp: harden AEAD ciphers. · 2198b3a5
      Andy Polyakov authored
      
      
      Originally a crash in 32-bit build was reported CHACHA20-POLY1305
      cipher. The crash is triggered by truncated packet and is result
      of excessive hashing to the edge of accessible memory. Since hash
      operation is read-only it is not considered to be exploitable
      beyond a DoS condition. Other ciphers were hardened.
      
      Thanks to Robert Święcki for report.
      
      CVE-2017-3731
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      2198b3a5
    • Andy Polyakov's avatar
      crypto/evp: harden RC4_MD5 cipher. · 8e204996
      Andy Polyakov authored
      
      
      Originally a crash in 32-bit build was reported CHACHA20-POLY1305
      cipher. The crash is triggered by truncated packet and is result
      of excessive hashing to the edge of accessible memory (or bogus
      MAC value is produced if x86 MD5 assembly module is involved). Since
      hash operation is read-only it is not considered to be exploitable
      beyond a DoS condition.
      
      Thanks to Robert Święcki for report.
      
      CVE-2017-3731
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      8e204996
  2. Jan 25, 2017
  3. Jan 24, 2017
  4. Jan 23, 2017