Skip to content
  1. Jun 10, 2015
    • Matt Caswell's avatar
      EC_POINT_is_on_curve does not return a boolean · d163a2cc
      Matt Caswell authored
      
      
      The function EC_POINT_is_on_curve does not return a boolean value.
      It returns 1 if the point is on the curve, 0 if it is not, and -1
      on error. Many usages within OpenSSL were incorrectly using this
      function and therefore not correctly handling error conditions.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      (cherry picked from commit 68886be7)
      d163a2cc
    • Matt Caswell's avatar
      Tighten extension handling · 72df35ac
      Matt Caswell authored
      
      
      This adds additional checks to the processing of extensions in a ClientHello
      to ensure that either no extensions are present, or if they are then they
      take up the exact amount of space expected.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarStephen Henson <steve@openssl.org>
      
      Conflicts:
      	ssl/t1_lib.c
      72df35ac
    • Matt Caswell's avatar
      Fix memory leaks in BIO_dup_chain() · f92b1967
      Matt Caswell authored
      
      
      This fixes a memory leak that can occur whilst duplicating a BIO chain if
      the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak
      where if a failure occurs after successfully creating the first BIO in the
      chain, then the beginning of the new chain was not freed.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarStephen Henson <steve@openssl.org>
      
      Conflicts:
      	crypto/bio/bio_lib.c
      f92b1967
    • Matt Caswell's avatar
      Replace memset with OPENSSL_cleanse() · e94118ae
      Matt Caswell authored
      
      
      BUF_MEM_free() attempts to cleanse memory using memset immediately prior
      to a free. This is at risk of being optimised away by the compiler, so
      replace with a call to OPENSSL_cleanse() instead.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarStephen Henson <steve@openssl.org>
      e94118ae
    • Matt Caswell's avatar
      Fix Kerberos issue in ssl_session_dup · 106a9a5d
      Matt Caswell authored
      
      
      The fix for CVE-2015-1791 introduced an error in ssl_session_dup for
      Kerberos.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      (cherry picked from commit dcad51bc)
      106a9a5d
    • Richard Levitte's avatar
      When making libcrypto from apps or test, make sure to include engines · cb972a4f
      Richard Levitte authored
      
      
      For librypto to be complete, the stuff in both crypto/ and engines/
      have to be built.  Doing 'make test' or 'make apps' from a clean
      source tree failed to do so.
      Corrected by using the new 'build_libcrypto' in the top Makefile.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      (cherry picked from commit acaff3b7)
      cb972a4f
    • Richard Levitte's avatar
      Add and rearrange building of libraries · ee2d14be
      Richard Levitte authored
      
      
      There's a need for a target that will build all of libcrypto, so let's
      add 'build_libcrypto' that does this.  For ortogonality, let's also
      add 'build_libssl'.  Have both also depend on 'libcrypto.pc' and
      'libssl.pc' so those get built together with the libraries.
      This makes 'all' depend on fewer things directly.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      (cherry picked from commit 177b5f9c)
      
      Conflicts:
      	Makefile.org
      ee2d14be
  2. Jun 08, 2015
  3. Jun 04, 2015
    • Matt Caswell's avatar
      Remove misleading comment · c22ed559
      Matt Caswell authored
      
      
      Remove a comment that suggested further clean up was required.
      DH_free() performs the necessary cleanup.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit f3d88952)
      c22ed559
    • Matt Caswell's avatar
      Clean premaster_secret for GOST · 4b6f33a5
      Matt Caswell authored
      
      
      Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit b7ee4815)
      
      Conflicts:
      	ssl/s3_srvr.c
      4b6f33a5
    • Matt Caswell's avatar
      Clean Kerberos pre-master secret · c36d3840
      Matt Caswell authored
      
      
      Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 4e3dbe37)
      c36d3840
    • Matt Caswell's avatar
      Fix off-by-one error in BN_bn2hex · 05bdebb6
      Matt Caswell authored
      
      
      A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
      for this and can allocate a buffer one byte too short in the event of -0
      being used, leading to a one byte buffer overrun. All usage within the
      OpenSSL library is considered safe. Any security risk is considered
      negligible.
      
      With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
      Filip Palian for discovering and reporting this issue.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      (cherry picked from commit c5635307)
      
      Conflicts:
      	crypto/bn/bn_print.c
      05bdebb6
  4. Jun 02, 2015
  5. May 31, 2015
    • Matt Caswell's avatar
      Check the message type requested is the type received in DTLS · f3e85f43
      Matt Caswell authored
      
      
      dtls1_get_message has an |mt| variable which is the type of the message that
      is being requested. If it is negative then any message type is allowed.
      However the value of |mt| is not checked in one of the main code paths, so a
      peer can send a message of a completely different type and it will be
      processed as if it was the message type that we were expecting. This has
      very little practical consequences because the current behaviour will still
      fail when the format of the message isn't as expected.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (cherry picked from commit 8c2b1d87)
      f3e85f43
  6. May 28, 2015
  7. May 26, 2015
  8. May 25, 2015
  9. May 23, 2015
  10. May 22, 2015
    • Matt Caswell's avatar
      Fix off-by-one in BN_rand · b484b040
      Matt Caswell authored
      
      
      If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
      buffer overflow can occur. There are no such instances within the OpenSSL at
      the moment.
      
      Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
      discovering and reporting this issue.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      b484b040
    • Matt Caswell's avatar
      Reject negative shifts for BN_rshift and BN_lshift · 726b5e71
      Matt Caswell authored
      
      
      The functions BN_rshift and BN_lshift shift their arguments to the right or
      left by a specified number of bits. Unpredicatable results (including
      crashes) can occur if a negative number is supplied for the shift value.
      
      Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian
      for discovering and reporting this issue.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      (cherry picked from commit 7cc18d81)
      
      Conflicts:
      	crypto/bn/bn.h
      	crypto/bn/bn_err.c
      726b5e71
    • Lubom's avatar
      Lost alert in DTLS · 0a9f8e06
      Lubom authored
      
      
      If a client receives a bad hello request in DTLS then the alert is not
      sent correctly.
      
      RT#2801
      
      Signed-off-by: default avatarMatt Caswell <matt@openssl.org>
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      (cherry picked from commit 4dc1aa04)
      0a9f8e06
  11. May 20, 2015