Skip to content
  1. Jun 04, 2015
    • Matt Caswell's avatar
      Clean Kerberos pre-master secret · c36d3840
      Matt Caswell authored
      
      
      Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 4e3dbe37)
      c36d3840
    • Matt Caswell's avatar
      Fix off-by-one error in BN_bn2hex · 05bdebb6
      Matt Caswell authored
      
      
      A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
      for this and can allocate a buffer one byte too short in the event of -0
      being used, leading to a one byte buffer overrun. All usage within the
      OpenSSL library is considered safe. Any security risk is considered
      negligible.
      
      With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
      Filip Palian for discovering and reporting this issue.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      (cherry picked from commit c5635307)
      
      Conflicts:
      	crypto/bn/bn_print.c
      05bdebb6
  2. Jun 02, 2015
  3. May 31, 2015
    • Matt Caswell's avatar
      Check the message type requested is the type received in DTLS · f3e85f43
      Matt Caswell authored
      
      
      dtls1_get_message has an |mt| variable which is the type of the message that
      is being requested. If it is negative then any message type is allowed.
      However the value of |mt| is not checked in one of the main code paths, so a
      peer can send a message of a completely different type and it will be
      processed as if it was the message type that we were expecting. This has
      very little practical consequences because the current behaviour will still
      fail when the format of the message isn't as expected.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (cherry picked from commit 8c2b1d87)
      f3e85f43
  4. May 28, 2015
  5. May 26, 2015
  6. May 25, 2015
  7. May 23, 2015
  8. May 22, 2015
    • Matt Caswell's avatar
      Fix off-by-one in BN_rand · b484b040
      Matt Caswell authored
      
      
      If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
      buffer overflow can occur. There are no such instances within the OpenSSL at
      the moment.
      
      Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
      discovering and reporting this issue.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      b484b040
    • Matt Caswell's avatar
      Reject negative shifts for BN_rshift and BN_lshift · 726b5e71
      Matt Caswell authored
      
      
      The functions BN_rshift and BN_lshift shift their arguments to the right or
      left by a specified number of bits. Unpredicatable results (including
      crashes) can occur if a negative number is supplied for the shift value.
      
      Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian
      for discovering and reporting this issue.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      (cherry picked from commit 7cc18d81)
      
      Conflicts:
      	crypto/bn/bn.h
      	crypto/bn/bn_err.c
      726b5e71
    • Lubom's avatar
      Lost alert in DTLS · 0a9f8e06
      Lubom authored
      
      
      If a client receives a bad hello request in DTLS then the alert is not
      sent correctly.
      
      RT#2801
      
      Signed-off-by: default avatarMatt Caswell <matt@openssl.org>
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      (cherry picked from commit 4dc1aa04)
      0a9f8e06
  9. May 20, 2015
  10. May 19, 2015
  11. May 15, 2015
  12. May 13, 2015
    • Rich Salz's avatar
      Add NULL checks from master · 76b49a8a
      Rich Salz authored
      
      
      The big "don't check for NULL" cleanup requires backporting some
      of the lowest-level functions to actually do nothing if NULL is
      given.  This will make it easier to backport fixes to release
      branches, where master assumes those lower-level functions are "safe"
      
      This commit addresses those tickets: 3798 3799 3801.
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (cherry picked from commit f34b095f)
      76b49a8a
    • Hanno Böck's avatar
      Call of memcmp with null pointers in obj_cmp() · 5e0ec901
      Hanno Böck authored
      
      
      The function obj_cmp() (file crypto/objects/obj_dat.c) can in some
      situations call memcmp() with a null pointer and a zero length.
      
      This is invalid behaviour. When compiling openssl with undefined
      behaviour sanitizer (add -fsanitize=undefined to compile flags) this
      can be seen. One example that triggers this behaviour is the pkcs7
      command (but there are others, e.g. I've seen it with the timestamp
      function):
      apps/openssl pkcs7 -in test/testp7.pem
      
      What happens is that obj_cmp takes objects of the type ASN1_OBJECT and
      passes their ->data pointer to memcmp. Zero-sized ASN1_OBJECT
      structures can have a null pointer as data.
      
      RT#3816
      
      Signed-off-by: default avatarMatt Caswell <matt@openssl.org>
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 2b8dc08b)
      5e0ec901