Skip to content
  1. Nov 01, 2017
  2. Oct 26, 2017
  3. Oct 25, 2017
    • Matt Caswell's avatar
      Don't make any changes to the lhash structure if we are going to fail · 1aa0fcfb
      Matt Caswell authored
      
      
      The lhash expand() function can fail if realloc fails. The previous
      implementation made changes to the structure and then attempted to do a
      realloc. If the realloc failed then it attempted to undo the changes it
      had just made. Unfortunately changes to lh->p were not undone correctly,
      ultimately causing subsequent expand() calls to increment num_nodes to a
      value higher than num_alloc_nodes, which can cause out-of-bounds reads/
      writes. This is not considered a security issue because an attacker cannot
      cause realloc to fail.
      
      This commit moves the realloc call to near the beginning of the function
      before any other changes are made to the lhash structure. That way if a
      failure occurs we can immediately fail without having to undo anything.
      
      Thanks to Pavel Kopyl (Samsung) for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4551)
      1aa0fcfb
  4. Oct 24, 2017
  5. Oct 23, 2017
  6. Oct 19, 2017
  7. Oct 13, 2017
  8. Oct 11, 2017
    • Matt Caswell's avatar
      Ensure we test all parameters for BN_FLG_CONSTTIME · 86ccadf5
      Matt Caswell authored
      
      
      RSA_setup_blinding() calls BN_BLINDING_create_param() which later calls
      BN_mod_exp() as follows:
      
      BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)
      
      ret->mod will have BN_FLG_CONSTTIME set, but ret->e does not. In
      BN_mod_exp() we only test the third param for the existence of this flag.
      We should test all the inputs.
      
      Thanks to Samuel Weiser (samuel.weiser@iaik.tugraz.at) for reporting this
      issue.
      
      This typically only happens once at key load, so this is unlikely to be
      exploitable in any real scenario.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4477)
      
      (cherry picked from commit e913d11f)
      86ccadf5
  9. Oct 03, 2017
  10. Oct 02, 2017
  11. Sep 29, 2017
  12. Sep 27, 2017
  13. Sep 26, 2017
  14. Sep 19, 2017
  15. Sep 11, 2017
  16. Sep 07, 2017
  17. Aug 28, 2017
  18. Aug 25, 2017
  19. Aug 24, 2017
  20. Aug 23, 2017
  21. Aug 22, 2017
  22. Aug 18, 2017
  23. Aug 17, 2017
  24. Aug 15, 2017
  25. Aug 09, 2017
  26. Aug 07, 2017
  27. Aug 04, 2017
  28. Jul 31, 2017