Skip to content
  1. May 03, 2016
    • Matt Caswell's avatar
      Prevent EBCDIC overread for very long strings · 9f2ccf1d
      Matt Caswell authored
      
      
      ASN1 Strings that are over 1024 bytes can cause an overread in
      applications using the X509_NAME_oneline() function on EBCDIC systems.
      This could result in arbitrary stack data being returned in the buffer.
      
      Issue reported by Guido Vranken.
      
      CVE-2016-2176
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      9f2ccf1d
    • Matt Caswell's avatar
      Fix encrypt overflow · 3ab937bc
      Matt Caswell authored
      
      
      An overflow can occur in the EVP_EncryptUpdate function. If an attacker is
      able to supply very large amounts of input data after a previous call to
      EVP_EncryptUpdate with a partial block then a length check can overflow
      resulting in a heap corruption.
      
      Following an analysis of all OpenSSL internal usage of the
      EVP_EncryptUpdate function all usage is one of two forms.
      
      The first form is like this:
      EVP_EncryptInit()
      EVP_EncryptUpdate()
      
      i.e. where the EVP_EncryptUpdate() call is known to be the first called
      function after an EVP_EncryptInit(), and therefore that specific call
      must be safe.
      
      The second form is where the length passed to EVP_EncryptUpdate() can be
      seen from the code to be some small value and therefore there is no
      possibility of an overflow.
      
      Since all instances are one of these two forms, I believe that there can
      be no overflows in internal code due to this problem.
      
      It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate()
      in certain code paths. Also EVP_CipherUpdate() is a synonym for
      EVP_EncryptUpdate(). Therefore I have checked all instances of these
      calls too, and came to the same conclusion, i.e. there are no instances
      in internal usage where an overflow could occur.
      
      This could still represent a security issue for end user code that calls
      this function directly.
      
      CVE-2016-2106
      
      Issue reported by Guido Vranken.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      (cherry picked from commit 3f358213)
      3ab937bc
  2. May 02, 2016
  3. Apr 29, 2016
  4. Apr 27, 2016
  5. Apr 26, 2016
  6. Apr 25, 2016
  7. Apr 23, 2016
  8. Apr 22, 2016
  9. Apr 07, 2016
  10. Apr 04, 2016
  11. Mar 26, 2016
  12. Mar 18, 2016
  13. Mar 14, 2016
  14. Mar 09, 2016
  15. Mar 08, 2016
  16. Mar 07, 2016
  17. Mar 04, 2016
    • Dr. Stephen Henson's avatar
      Sanity check PVK file fields. · df14e502
      Dr. Stephen Henson authored
      
      
      PVK files with abnormally large length or salt fields can cause an
      integer overflow which can result in an OOB read and heap corruption.
      However this is an rarely used format and private key files do not
      normally come from untrusted sources the security implications not
      significant.
      
      Fix by limiting PVK length field to 100K and salt to 10K: these should be
      more than enough to cover any files encountered in practice.
      
      Issue reported by Guido Vranken.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 5f57abe2)
      df14e502
  18. Mar 01, 2016