Skip to content
  1. Sep 22, 2016
    • Dmitry Belyavsky's avatar
      Avoid KCI attack for GOST · 92c8d6ae
      Dmitry Belyavsky authored
      
      
      Russian GOST ciphersuites are vulnerable to the KCI attack because they use
      long-term keys to establish the connection when ssl client authorization is
      on. This change brings the GOST implementation into line with the latest
      specs in order to avoid the attack. It should not break backwards
      compatibility.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      92c8d6ae
    • Matt Caswell's avatar
      Fix a mem leak in NPN handling · 38f59bd1
      Matt Caswell authored
      
      
      If a server sent multiple NPN extensions in a single ClientHello then a
      mem leak can occur. This will only happen where the client has requested
      NPN in the first place. It does not occur during renegotiation. Therefore
      the maximum that could be leaked in a single connection with a malicious
      server is 64k (the maximum size of the ServerHello extensions section). As
      this is client side, only occurs if NPN has been requested and does not
      occur during renegotiation this is unlikely to be exploitable.
      
      Issue reported by Shi Lei.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      38f59bd1
    • Matt Caswell's avatar
      Fix OCSP Status Request extension unbounded memory growth · ea39b16b
      Matt Caswell authored
      
      
      A malicious client can send an excessively large OCSP Status Request
      extension. If that client continually requests renegotiation,
      sending a large OCSP Status Request extension each time, then there will
      be unbounded memory growth on the server. This will eventually lead to a
      Denial Of Service attack through memory exhaustion. Servers with a
      default configuration are vulnerable even if they do not support OCSP.
      Builds using the "no-ocsp" build time option are not affected.
      
      I have also checked other extensions to see if they suffer from a similar
      problem but I could not find any other issues.
      
      CVE-2016-6304
      
      Issue reported by Shi Lei.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      ea39b16b
    • Richard Levitte's avatar
      90d6f351
  2. Sep 21, 2016
  3. Sep 20, 2016
  4. Sep 15, 2016
  5. Sep 14, 2016
    • Matt Caswell's avatar
      Add some sanity checks around usage of t_fromb64() · 68f11e82
      Matt Caswell authored
      
      
      The internal SRP function t_fromb64() converts from base64 to binary. It
      does not validate that the size of the destination is sufficiently large -
      that is up to the callers. In some places there was such a check, but not
      in others.
      
      Add an argument to t_fromb64() to provide the size of the destination
      buffer and validate that we don't write too much data. Also add some sanity
      checks to the callers where appropriate.
      
      With thanks to Shi Lei for reporting this issue.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      (cherry picked from commit 73f0df83)
      68f11e82
  6. Sep 13, 2016
  7. Sep 12, 2016
  8. Sep 11, 2016
  9. Sep 09, 2016
  10. Sep 08, 2016
  11. Sep 07, 2016
  12. Sep 06, 2016
  13. Aug 31, 2016
  14. Aug 30, 2016
  15. Aug 26, 2016