- Apr 14, 2015
-
-
Matt Caswell authored
The ClientHello processing is insufficiently rigorous in its checks to make sure that we don't read past the end of the message. This does not have security implications due to the size of the underlying buffer - but still needs to be fixed. With thanks to Qinghao Tang for reporting this issue. Reviewed-by:Rich Salz <rsalz@openssl.org> (cherry picked from commit c9642eb1ff79a30e2c7632ef8267cc34cc2b0d79)
-
- Apr 11, 2015
-
-
Kurt Roeckx authored
It would set gen->d.dirn to a freed pointer in case X509V3_NAME_from_section failed. Reviewed-by:
-
Kurt Roeckx authored
Reviewed-by:
Viktor Dukhovni <openssl-users@dukhovni.org> (cherry picked from commit f49baeff)
-
- Apr 10, 2015
-
-
Dr. Stephen Henson authored
While *pval is usually a pointer in rare circumstances it can be a long value. One some platforms (e.g. WIN64) where sizeof(long) < sizeof(ASN1_VALUE *) this will write past the field. *pval is initialised correctly in the rest of ASN1_item_ex_new so setting it to NULL is unecessary anyway. Thanks to Julien Kauffmann for reporting this issue. Reviewed-by:
Richard Levitte <levitte@openssl.org> (cherry picked from commit f617b496) Conflicts: crypto/asn1/tasn_new.c
-
- Apr 08, 2015
-
-
Richard Levitte authored
Since source reformat, we ended up with some error reason string definitions that spanned two lines. That in itself is fine, but we sometimes edited them to provide better strings than what could be automatically determined from the reason macro, for example: {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"}, However, mkerr.pl didn't treat those two-line definitions right, and they ended up being retranslated to whatever the macro name would indicate, for example: {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "No gost certificate sent by peer"}, Clearly not what we wanted. This change fixes this problem. Reviewed-by:Matt Caswell <matt@openssl.org> (cherry picked from commit 2cfdfe09)
-
Richard Levitte authored
Reviewed-by:
-
Emilia Kasper authored
There is no indication that the timing differences are exploitable in OpenSSL, and indeed there is some indication (Usenix '14) that they are too small to be exploitable. Nevertheless, be careful and apply the same countermeasures as in s3_srvr.c Thanks to Nimrod Aviram, Sebastian Schinzel and Yuval Shavitt for reporting this issue. Reviewed-by:
-
- Apr 07, 2015
-
-
John Foley authored
Resolve a problem when using s_server with ECDHE cipher suites in OpenSSL_1_0_1-stable. Due to an uninitialized variable, SSL_CTX_set_tmp_ecdh() is not always invoked within s_server. This bug appears to have been introduced by 05990777 . Reviewed-by:
Tim Hudson <tjh@openssl.org>
-
- Mar 31, 2015
-
-
Douglas E Engert authored
RFC5915 requires the use of the I2OSP primitive as defined in RFC3447 for storing an EC Private Key. This converts the private key into an OCTETSTRING and retains any leading zeros. This commit ensures that those leading zeros are present if required. Reviewed-by:
Andy Polyakov <appro@openssl.org> (cherry picked from commit 30cd4ff2) Conflicts: crypto/ec/ec_asn1.c
-
- Mar 25, 2015
-
-
Emilia Kasper authored
While a true positive, it's almost harmless because EVP_DecryptInit_ex would have to fail and that doesn't happen under normal operation. Reviewed-by: -
Matt Caswell authored
if CAfile or CApath were also supplied and successfully loaded first. Reviewed-by:
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
create an HMAC Inspired by BoringSSL commit 2fe7f2d0d9a6fcc75b4e594eeec306cc55acd594 Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Ensure all calls to RAND_bytes and RAND_pseudo_bytes have their return value checked correctly Reviewed-by:
-
- Mar 24, 2015
-
-
Kurt Roeckx authored
The certificate already contains the DH parameters in that case. ssl3_send_server_key_exchange() would fail in that case anyway. Reviewed-by:
-
Dr. Stephen Henson authored
Reviewed-by:
-
Dr. Stephen Henson authored
If a set of certificates is supplied to OCSP_basic_verify use those in addition to any present in the OCSP response as untrusted CAs when verifying a certificate chain. PR#3668 Reviewed-by:
-
Mike Frysinger authored
Fix compilation failure when SCTP is compiled due to incorrect define. Reported-by:
Conrad Kostecki <ck+gentoobugzilla@bl4ckb0x.de> URL: https://bugs.gentoo.org/543828 RT#3758 Signed-off-by:
-
- Mar 19, 2015
-
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Fix some unsigned/signed warnings introduced as part of the fix for CVE-2015-0293 Reviewed-by:
-
Matt Caswell authored
Reported by the LibreSSL project as a follow on to CVE-2015-0209 Reviewed-by: -
Matt Caswell authored
Update the NEWS file with the latest entries from CHANGES ready for the release. Reviewed-by: -
Matt Caswell authored
Update CHANGES fiel with all the latest fixes ready for the release. Reviewed-by: -
Matt Caswell authored
Remove entries from CHANGES and NEWS from letter releases that occur *after* the next point release. Without this we get duplicate entries for the same issue appearing multiple times. Reviewed-by: -
Emilia Kasper authored
This assert is reachable for servers that support SSLv2 and export ciphers. Therefore, such servers can be DoSed by sending a specially crafted SSLv2 CLIENT-MASTER-KEY. Also fix s2_srvr.c to error out early if the key lengths are malformed. These lengths are sent unencrypted, so this does not introduce an oracle. CVE-2015-0293 This issue was discovered by Sean Burford (Google) and Emilia Käsper of the OpenSSL development team. Reviewed-by:
-
Emilia Kasper authored
In PKCS#7, the ASN.1 content component is optional. This typically applies to inner content (detached signatures), however we must also handle unexpected missing outer content correctly. This patch only addresses functions reachable from parsing, decryption and verification, and functions otherwise associated with reading potentially untrusted data. Correcting all low-level API calls requires further work. CVE-2015-0289 Thanks to Michal Zalewski (Google) for reporting this issue. Reviewed-by:Steve Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. CVE-2015-0286 Reviewed-by:
-
- Mar 18, 2015
-
-
Dr. Stephen Henson authored
CVE-2015-0287 Reviewed-by:
Emilia Käsper <emilia@openssl.org>
-
- Mar 17, 2015
-
-
Matt Caswell authored
Some miscellaneous removal of dead code from apps. Also fix an issue with error handling with pkcs7. Reviewed-by:
-
Matt Caswell authored
Some miscellaneous removal of dead code from lib crypto. Reviewed-by:
-
Matt Caswell authored
Passing a negative value for the "-time" option to s_time results in a seg fault. This commit fixes it so that time has to be greater than 0. Reviewed-by:
-
Matt Caswell authored
The function tls1_PRF counts the number of digests in use and partitions security evenly between them. There always needs to be at least one digest in use, otherwise this is an internal error. Add a sanity check for this. Reviewed-by:
-
Matt Caswell authored
The function sk_zero is supposed to zero the elements held within a stack. It uses memset to do this. However it calculates the size of each element as being sizeof(char **) instead of sizeof(char *). This probably doesn't make much practical difference in most cases, but isn't a portable assumption. Reviewed-by:
-
Matt Caswell authored
Move memory allocation failure checks closer to the site of the malloc in dgst app. Only a problem if the debug flag is set...but still should be fixed. Reviewed-by:
-
Matt Caswell authored
Add some missing checks for memory allocation failures in ca app. Reviewed-by:
-
- Mar 14, 2015
-
-
Andy Polyakov authored
Other curves don't have this problem. Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
