1. 26 Jan, 2017 3 commits
    • Richard Levitte's avatar
      Better check of DH parameters in TLS data · a39aa186
      Richard Levitte authored
      
      
      When the client reads DH parameters from the TLS stream, we only
      checked that they all are non-zero.  This change updates the check to
      use DH_check_params()
      
      DH_check_params() is a new function for light weight checking of the p
      and g parameters:
      
          check that p is odd
          check that 1 < g < p - 1
      
      Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
      a39aa186
    • Andy Polyakov's avatar
      crypto/evp: harden AEAD ciphers. · 00d96547
      Andy Polyakov authored
      
      
      Originally a crash in 32-bit build was reported CHACHA20-POLY1305
      cipher. The crash is triggered by truncated packet and is result
      of excessive hashing to the edge of accessible memory. Since hash
      operation is read-only it is not considered to be exploitable
      beyond a DoS condition. Other ciphers were hardened.
      
      Thanks to Robert Święcki for report.
      
      CVE-2017-3731
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      00d96547
    • Andy Polyakov's avatar
      crypto/evp: harden RC4_MD5 cipher. · f3a7e57c
      Andy Polyakov authored
      
      
      Originally a crash in 32-bit build was reported CHACHA20-POLY1305
      cipher. The crash is triggered by truncated packet and is result
      of excessive hashing to the edge of accessible memory (or bogus
      MAC value is produced if x86 MD5 assembly module is involved). Since
      hash operation is read-only it is not considered to be exploitable
      beyond a DoS condition.
      
      Thanks to Robert Święcki for report.
      
      CVE-2017-3731
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      f3a7e57c
  2. 25 Jan, 2017 6 commits
  3. 24 Jan, 2017 11 commits
  4. 23 Jan, 2017 10 commits
  5. 20 Jan, 2017 1 commit
  6. 19 Jan, 2017 1 commit
  7. 18 Jan, 2017 5 commits
  8. 17 Jan, 2017 1 commit
  9. 16 Jan, 2017 2 commits