Skip to content
  1. Aug 06, 2014
    • Adam Langley's avatar
      Fix return code for truncated DTLS fragment. · b74d1d26
      Adam Langley authored
      
      
      Previously, a truncated DTLS fragment in
      |dtls1_process_out_of_seq_message| would cause *ok to be cleared, but
      the return value would still be the number of bytes read. This would
      cause |dtls1_get_message| not to consider it an error and it would
      continue processing as normal until the calling function noticed that
      *ok was zero.
      
      I can't see an exploit here because |dtls1_get_message| uses
      |s->init_num| as the length, which will always be zero from what I can
      see.
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      b74d1d26
    • Adam Langley's avatar
      Fix memory leak from zero-length DTLS fragments. · d0a4b7d1
      Adam Langley authored
      
      
      The |pqueue_insert| function can fail if one attempts to insert a
      duplicate sequence number. When handling a fragment of an out of
      sequence message, |dtls1_process_out_of_seq_message| would not call
      |dtls1_reassemble_fragment| if the fragment's length was zero. It would
      then allocate a fresh fragment and attempt to insert it, but ignore the
      return value, leaking the fragment.
      
      This allows an attacker to exhaust the memory of a DTLS peer.
      
      Fixes CVE-2014-3507
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      d0a4b7d1
    • Matt Caswell's avatar
      Fix DTLS handshake message size checks. · 1250f126
      Matt Caswell authored
      
      
      In |dtls1_reassemble_fragment|, the value of
      |msg_hdr->frag_off+frag_len| was being checked against the maximum
      handshake message size, but then |msg_len| bytes were allocated for the
      fragment buffer. This means that so long as the fragment was within the
      allowed size, the pending handshake message could consume 16MB + 2MB
      (for the reassembly bitmap). Approx 10 outstanding handshake messages
      are allowed, meaning that an attacker could consume ~180MB per DTLS
      connection.
      
      In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no
      check was applied.
      
      Fixes CVE-2014-3506
      
      Wholly based on patch by Adam Langley with one minor amendment.
      
      Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      1250f126
    • Matt Caswell's avatar
    • Adam Langley's avatar
      Avoid double free when processing DTLS packets. · bff1ce4e
      Adam Langley authored
      The |item| variable, in both of these cases, may contain a pointer to a
      |pitem| structure within |s->d1->buffered_messages|. It was being freed
      in the error case while still being in |buffered_messages|. When the
      error later caused the |SSL*| to be destroyed, the item would be double
      freed.
      
      Thanks to Wah-Teh Chang for spotting that the fix in 1632ef74
      
       was
      inconsistent with the other error paths (but correct).
      
      Fixes CVE-2014-3505
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
      bff1ce4e
  2. Aug 01, 2014
  3. Jul 24, 2014
  4. Jul 22, 2014
  5. Jul 21, 2014
  6. Jul 20, 2014
  7. Jul 19, 2014
  8. Jul 18, 2014
    • Dr. Stephen Henson's avatar
      RFC 5649 support. · d31fed73
      Dr. Stephen Henson authored
      
      
      Add support for RFC5649 key wrapping with padding.
      
      Add RFC5649 tests to evptests.txt
      
      Based on PR#3434 contribution by Petr Spacek <pspacek@redhat.com>.
      
      EVP support and minor changes added by Stephen Henson.
      
      Doxygen comment block updates by Tim Hudson.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      d31fed73
  9. Jul 17, 2014
  10. Jul 16, 2014
  11. Jul 15, 2014