- Jun 04, 2015
-
-
Matt Caswell authored
Remove a comment that suggested further clean up was required. DH_free() performs the necessary cleanup. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f3d88952)
-
Matt Caswell authored
Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit b7ee4815) Conflicts: ssl/s3_srvr.c
-
Matt Caswell authored
Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 4e3dbe37)
-
Matt Caswell authored
A BIGNUM can have the value of -0. The function BN_bn2hex fails to account for this and can allocate a buffer one byte too short in the event of -0 being used, leading to a one byte buffer overrun. All usage within the OpenSSL library is considered safe. Any security risk is considered negligible. With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit c5635307) Conflicts: crypto/bn/bn_print.c
-
- Jun 02, 2015
-
-
Richard Levitte authored
This is for consistency. Additionally, have its presence define OPENSSL_SYS_WINDOWS as well. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 3f131556) Conflicts: e_os2.h
-
Matt Caswell authored
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. CVE-2015-1791 This also fixes RT#3808 where a session ID is changed for a session already in the client session cache. Since the session ID is the key to the cache this breaks the cache access. Parts of this patch were inspired by this Akamai change: https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 27c76b9b) Conflicts: ssl/ssl.h ssl/ssl_err.c
-
Matt Caswell authored
This is a backport of commit e83ee04b from the master branch (and this has also been applied to 1.0.2). In 1.0.2 this was CVE-2015-0207. For other branches there is no known security issue, but this is being backported as a precautionary measure. The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invokation to the next. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit cce3e4ad)
-
- May 28, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2849707f)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f097f81c)
-
- May 23, 2015
-
-
Richard Levitte authored
Since source reformat, we ended up with some error reason string definitions that spanned two lines. That in itself is fine, but we sometimes edited them to provide better strings than what could be automatically determined from the reason macro, for example: {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"}, However, mkerr.pl didn't treat those two-line definitions right, and they ended up being retranslated to whatever the macro name would indicate, for example: {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "No gost certificate sent by peer"}, Clearly not what we wanted. This change fixes this problem. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 2cfdfe09)
-
Richard Levitte authored
The update: target in engines/ didn't recurse into engines/ccgost. The update: and depend: targets in engines/ccgost needed a fixup. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 8b822d25)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 6f45032f) Conflicts: apps/Makefile
-
Richard Levitte authored
We had updates of certain header files in both Makefile.org and the Makefile in the directory the header file lived in. This is error prone and also sometimes generates slightly different results (usually just a comment that differs) depending on which way the update was done. This removes the file update targets from the top level Makefile, adds an update: target in all Makefiles and has it depend on the depend: or local_depend: targets, whichever is appropriate, so we don't get a double run through the whole file tree. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 0f539dc1) Conflicts: Makefile.org apps/Makefile test/Makefile crypto/cmac/Makefile crypto/srp/Makefile
-
- May 22, 2015
-
-
Matt Caswell authored
If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte buffer overflow can occur. There are no such instances within the OpenSSL at the moment. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Matt Caswell authored
The functions BN_rshift and BN_lshift shift their arguments to the right or left by a specified number of bits. Unpredicatable results (including crashes) can occur if a negative number is supplied for the shift value. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx <kurt@openssl.org> (cherry picked from commit 7cc18d81) Conflicts: crypto/bn/bn.h crypto/bn/bn_err.c
-
- May 20, 2015
-
-
StudioEtrange authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 19, 2015
-
-
Robert Swiecki authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 00d565cf)
-
- May 13, 2015
-
-
Rich Salz authored
The big "don't check for NULL" cleanup requires backporting some of the lowest-level functions to actually do nothing if NULL is given. This will make it easier to backport fixes to release branches, where master assumes those lower-level functions are "safe" This commit addresses those tickets: 3798 3799 3801. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit f34b095f)
-
- May 02, 2015
-
-
Gilles Khouzam authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit bed2edf1)
-
- Apr 22, 2015
-
-
Dr. Stephen Henson authored
Reported by Hanno Böck <hanno@hboeck.de> PR#3800 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit c4137b5e) Conflicts: crypto/asn1/asn1_gen.c
-
Loganaden Velvindron authored
The function CRYPTO_strdup (aka OPENSSL_strdup) fails to check the return value from CRYPTO_malloc to see if it is NULL before attempting to use it. This patch adds a NULL check. RT3786 Signed-off-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 37b0cf936744d9edb99b5dd82cae78a7eac6ad60) Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 20d21389c8b6f5b754573ffb6a4dc4f3986f2ca4)
-
- Apr 18, 2015
-
-
Dr. Stephen Henson authored
Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as negative. Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and Hanno Böck <hanno@hboeck.de> for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit a0eed48d)
-
- Apr 16, 2015
-
-
Viktor Dukhovni authored
Reviewed-by: Matt Caswell <gitlab@openssl.org>
-
Dr. Stephen Henson authored
Reported by Hanno Böck <hanno@hboeck.de> Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 111b60be) Conflicts: crypto/asn1/asn1_gen.c
-
- Apr 14, 2015
-
-
Matt Caswell authored
If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read past the end of the ClientHello message if the session_id length in the ClientHello is invalid. This should not cause any security issues since the underlying buffer is 16k in size. It should never be possible to overrun by that many bytes. This is probably made redundant by the previous commit - but you can never be too careful. With thanks to Qinghao Tang for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 5e0a80c1) Conflicts: ssl/ssl_sess.c
-
Matt Caswell authored
The ClientHello processing is insufficiently rigorous in its checks to make sure that we don't read past the end of the message. This does not have security implications due to the size of the underlying buffer - but still needs to be fixed. With thanks to Qinghao Tang for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit c9642eb1ff79a30e2c7632ef8267cc34cc2b0d79)
-
- Apr 10, 2015
-
-
Dr. Stephen Henson authored
While *pval is usually a pointer in rare circumstances it can be a long value. One some platforms (e.g. WIN64) where sizeof(long) < sizeof(ASN1_VALUE *) this will write past the field. *pval is initialised correctly in the rest of ASN1_item_ex_new so setting it to NULL is unecessary anyway. Thanks to Julien Kauffmann for reporting this issue. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit f617b496) Conflicts: crypto/asn1/tasn_new.c
-
- Mar 24, 2015
-
-
Dr. Stephen Henson authored
If a set of certificates is supplied to OCSP_basic_verify use those in addition to any present in the OCSP response as untrusted CAs when verifying a certificate chain. PR#3668 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 4ca5efc2)
-
- Mar 19, 2015
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Fix some unsigned/signed warnings introduced as part of the fix for CVE-2015-0293 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reported by the LibreSSL project as a follow on to CVE-2015-0209 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Update the NEWS file with the latest entries from CHANGES ready for the release. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Update CHANGES fiel with all the latest fixes ready for the release. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Remove entries from CHANGES and NEWS from letter releases that occur *after* the next point release. Without this we get duplicate entries for the same issue appearing multiple times. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
This assert is reachable for servers that support SSLv2 and export ciphers. Therefore, such servers can be DoSed by sending a specially crafted SSLv2 CLIENT-MASTER-KEY. Also fix s2_srvr.c to error out early if the key lengths are malformed. These lengths are sent unencrypted, so this does not introduce an oracle. CVE-2015-0293 This issue was discovered by Sean Burford (Google) and Emilia Käsper of the OpenSSL development team. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Emilia Kasper authored
In PKCS#7, the ASN.1 content component is optional. This typically applies to inner content (detached signatures), however we must also handle unexpected missing outer content correctly. This patch only addresses functions reachable from parsing, decryption and verification, and functions otherwise associated with reading potentially untrusted data. Correcting all low-level API calls requires further work. CVE-2015-0289 Thanks to Michal Zalewski (Google) for reporting this issue. Reviewed-by: Steve Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. CVE-2015-0286 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 18, 2015
-
-
Dr. Stephen Henson authored
CVE-2015-0287 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-