- Aug 20, 2014
-
-
Andy Polyakov authored
Reviewed-by: Emilia Kasper <emilia@openssl.org> (cherry picked from commit e608273a)
-
Andy Polyakov authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 2893a302)
-
Andy Polyakov authored
Reviewed-by: Emilia Kasper <emilia@openssl.org> (cherry picked from commit 55eb14da)
-
- Aug 15, 2014
-
-
Matt Caswell authored
PR#3450 Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Istvan Noszticzius authored
Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 5afa57fb7b17aa51cfba1ffa94e900fc7a5f0e04)
-
- Aug 13, 2014
-
-
Bodo Moeller authored
group_order_tests (ectest.c). Also fix the EC_POINTs_mul documentation (ec.h). Reviewed-by: <emilia@openssl.org>
-
- Aug 08, 2014
-
-
Dr. Stephen Henson authored
The addition of SRP authentication needs to be checked in various places to work properly. Specifically: A certificate is not sent. A certificate request must not be sent. Server key exchange message must not contain a signature. If appropriate SRP authentication ciphersuites should be chosen. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 8f5a8805b82d1ae81168b11b7f1506db9e047dec)
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 193c1c07165b0042abd217274a084b49459d4443)
-
- Aug 07, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 1433cac5)
-
- Aug 06, 2014
-
-
Dr. Stephen Henson authored
Check SRP parameters when they are received so we can send back an appropriate alert. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Dr. Stephen Henson authored
Invalid parameters passed to the SRP code can be overrun an internal buffer. Add sanity check that g, A, B < N to SRP code. Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC Group for reporting this issue.
-
Dr. Stephen Henson authored
If a client attempted to use an SRP ciphersuite and it had not been set up correctly it would crash with a null pointer read. A malicious server could exploit this in a DoS attack. Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon for reporting this issue. CVE-2014-2970 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Gabor Tyukasz authored
CVE-2014-3509 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
- Upon parsing, reject OIDs with invalid base-128 encoding. - Always NUL-terminate the destination buffer in OBJ_obj2txt printing function. CVE-2014-3508 Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Emilia Käsper authored
CVE-2014-3510 Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
David Benjamin authored
CVE-2014-3511 Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Bodo Möller <bodo@openssl.org>
-
Adam Langley authored
In a couple of functions, a sequence number would be calculated twice. Additionally, in |dtls1_process_out_of_seq_message|, we know that |frag_len| <= |msg_hdr->msg_len| so the later tests for |frag_len < msg_hdr->msg_len| can be more clearly written as |frag_len != msg_hdr->msg_len|, since that's the only remaining case. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read. Problem identified by Emilia Käsper, based on previous issue/patch by Adam Langley. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Adam Langley authored
Previously, a truncated DTLS fragment in |dtls1_process_out_of_seq_message| would cause *ok to be cleared, but the return value would still be the number of bytes read. This would cause |dtls1_get_message| not to consider it an error and it would continue processing as normal until the calling function noticed that *ok was zero. I can't see an exploit here because |dtls1_get_message| uses |s->init_num| as the length, which will always be zero from what I can see. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Adam Langley authored
The |pqueue_insert| function can fail if one attempts to insert a duplicate sequence number. When handling a fragment of an out of sequence message, |dtls1_process_out_of_seq_message| would not call |dtls1_reassemble_fragment| if the fragment's length was zero. It would then allocate a fresh fragment and attempt to insert it, but ignore the return value, leaking the fragment. This allows an attacker to exhaust the memory of a DTLS peer. Fixes CVE-2014-3507 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
In |dtls1_reassemble_fragment|, the value of |msg_hdr->frag_off+frag_len| was being checked against the maximum handshake message size, but then |msg_len| bytes were allocated for the fragment buffer. This means that so long as the fragment was within the allowed size, the pending handshake message could consume 16MB + 2MB (for the reassembly bitmap). Approx 10 outstanding handshake messages are allowed, meaning that an attacker could consume ~180MB per DTLS connection. In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no check was applied. Fixes CVE-2014-3506 Wholly based on patch by Adam Langley with one minor amendment. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Adam Langley authored
The |item| variable, in both of these cases, may contain a pointer to a |pitem| structure within |s->d1->buffered_messages|. It was being freed in the error case while still being in |buffered_messages|. When the error later caused the |SSL*| to be destroyed, the item would be double freed. Thanks to Wah-Teh Chang for spotting that the fix in 1632ef74 was inconsistent with the other error paths (but correct). Fixes CVE-2014-3505 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Aug 01, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
We can't rename ssleay_rand_bytes to md_rand_bytes_lock as this will cause an error code discrepancy. Instead keep ssleay_rand_bytes and add an extra parameter: since ssleay_rand_bytes is not part of the public API this wont cause any binary compatibility issues. Reviewed-by: Kurt Roeckx <kurt@openssl.org >
-
Bodo Moeller authored
-
Bodo Moeller authored
don't list it again under changes between 1.0.1h and 1.0.2.
-
Bodo Moeller authored
(which didn't always handle value 0 correctly). Reviewed-by: <emilia@openssl.org>
-
- Jul 30, 2014
-
-
Dr. Stephen Henson authored
Don't use multiple locks when SP800-90 DRBG is used outside FIPS mode. PR#3176 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jul 24, 2014
-
-
Dr. Stephen Henson authored
Don't call internal functions directly call them through SSL_test_functions(). This also makes unit testing work on Windows and platforms that don't export internal functions from shared libraries. By default unit testing is not enabled: it requires the compile time option "enable-unit-test". Reviewed-by: Geoff Thorpe <geoff@openssl.org> (cherry picked from commit e0fc7961) Conflicts: ssl/heartbeat_test.c ssl/ssl.h util/mkdef.pl
-
- Jul 22, 2014
-
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
Reviewed-by: Stephen Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Jul 21, 2014
-
-
Billy Brumley authored
PR#2569 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit cba11f57)
-
Tim Hudson authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 62352b81)
-
Andy Polyakov authored
and improve performance by 10% on POWER[78]. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 5c359830)
-
Tim Hudson authored
statement of opinion rather than a fact. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit c8d133e4)
-
- Jul 20, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org>
-