- Jun 10, 2015
-
-
Matt Caswell authored
This adds additional checks to the processing of extensions in a ClientHello to ensure that either no extensions are present, or if they are then they take up the exact amount of space expected. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson <steve@openssl.org> Conflicts: ssl/t1_lib.c
-
Matt Caswell authored
This fixes a memory leak that can occur whilst duplicating a BIO chain if the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak where if a failure occurs after successfully creating the first BIO in the chain, then the beginning of the new chain was not freed. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson <steve@openssl.org> Conflicts: crypto/bio/bio_lib.c
-
Matt Caswell authored
BUF_MEM_free() attempts to cleanse memory using memset immediately prior to a free. This is at risk of being optimised away by the compiler, so replace with a call to OPENSSL_cleanse() instead. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson <steve@openssl.org>
-
Matt Caswell authored
The fix for CVE-2015-1791 introduced an error in ssl_session_dup for Kerberos. Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Richard Levitte authored
For librypto to be complete, the stuff in both crypto/ and engines/ have to be built. Doing 'make test' or 'make apps' from a clean source tree failed to do so. Corrected by using the new 'build_libcrypto' in the top Makefile. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit acaff3b7)
-
Richard Levitte authored
There's a need for a target that will build all of libcrypto, so let's add 'build_libcrypto' that does this. For ortogonality, let's also add 'build_libssl'. Have both also depend on 'libcrypto.pc' and 'libssl.pc' so those get built together with the libraries. This makes 'all' depend on fewer things directly. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 177b5f9c) Conflicts: Makefile.org
-
- Jun 09, 2015
-
-
Jeffrey Walton authored
Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 82c4d793)
-
- Jun 08, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 0fb99904)
-
Emilia Kasper authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Pointed out by Victor Vasiliev (vasilvv@mit.edu) via Adam Langley (Google). Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 1e4a355d)
-
- Jun 05, 2015
-
-
Ben Laurie authored
flags needed to keep it happy. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jun 04, 2015
-
-
Kurt Roeckx authored
At least in the case of SSLv3 we can't send an extention. Reviewed-by: Matt Caswell <matt@openssl.org> MR #811 (cherry picked from commit 3c06513f)
-
Matt Caswell authored
Remove a comment that suggested further clean up was required. DH_free() performs the necessary cleanup. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f3d88952)
-
Matt Caswell authored
Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit b7ee4815) Conflicts: ssl/s3_srvr.c
-
Matt Caswell authored
Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Matt Caswell authored
A BIGNUM can have the value of -0. The function BN_bn2hex fails to account for this and can allocate a buffer one byte too short in the event of -0 being used, leading to a one byte buffer overrun. All usage within the OpenSSL library is considered safe. Any security risk is considered negligible. With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit c5635307) Conflicts: crypto/bn/bn_print.c
-
Matt Caswell authored
The session object on the client side is initially created during construction of the ClientHello. If the client is DTLS1.2 capable then it will store 1.2 as the version for the session. However if the server is only DTLS1.0 capable then when the ServerHello comes back the client switches to using DTLS1.0 from then on. However the session version does not get updated. Therefore when the client attempts to resume that session the server throws an alert because of an incorrect protocol version. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 7322abf5) Conflicts: ssl/s3_clnt.c
-
- Jun 03, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Sergey Agievich authored
PR#3872 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
-
- Jun 02, 2015
-
-
Matt Caswell authored
Some tool chains (e.g. android) do not define IP_PMTUDISC_PROBE, and so this build breaks. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 133dce44)
-
Annie Yousar authored
objects.pl only looked for a space to see if the name could be used as a C identifier. Improve the test to match the real C rules. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 591b7aef)
-
Richard Levitte authored
This is for consistency. Additionally, have its presence define OPENSSL_SYS_WINDOWS as well. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 3f131556) Conflicts: e_os2.h
-
Olaf Johansson authored
Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 8846adbd)
-
Per Allansson authored
The code in bss_dgram.c checks if IP_MTUDISCOVER is defined, where it should test for IP_MTU_DISCOVER RT#3888 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 0baaff1a)
-
Matt Caswell authored
If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. CVE-2015-1791 This also fixes RT#3808 where a session ID is changed for a session already in the client session cache. Since the session ID is the key to the cache this breaks the cache access. Parts of this patch were inspired by this Akamai change: https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3 Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- May 31, 2015
-
-
Matt Caswell authored
dtls1_get_message has an |mt| variable which is the type of the message that is being requested. If it is negative then any message type is allowed. However the value of |mt| is not checked in one of the main code paths, so a peer can send a message of a completely different type and it will be processed as if it was the message type that we were expecting. This has very little practical consequences because the current behaviour will still fail when the format of the message isn't as expected. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit 8c2b1d87)
-
- May 28, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 2849707f)
-
Dr. Stephen Henson authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit f097f81c)
-
- May 26, 2015
-
-
Emilia Kasper authored
Also add more ciphersuite test coverage, and a negative test for 512-bit DHE. Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 1ee85aab)
-
Matt Caswell authored
The size of the SRP extension can never be negative (the variable |size| is unsigned). Therefore don't check if it is less than zero. RT#3862 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 9c89d290)
-
Matt Caswell authored
The return value of i2d functions can be negative if an error occurs. Therefore don't assign the return value to an unsigned type and *then* check if it is negative. RT#3862 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 90e7cdff)
-
Matt Caswell authored
The members of struct timeval on OpenVMS are unsigned. The logic for calculating timeouts needs adjusting to deal with this. RT#3862 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit fc52ac90)
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
RT#3860 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Billy Brumley authored
RT#3858 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 71f6130b)
-
Andy Polyakov authored
RT#3859 Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 60c268b2)
-
- May 25, 2015
-
-
Matt Caswell authored
If the record received is for a version that we don't support, previously we were sending an alert back. However if the incoming record already looks like an alert then probably we shouldn't do that. So suppress an outgoing alert if it looks like we've got one incoming. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- May 24, 2015
-
-
Andy Polyakov authored
bn_get_bits5 was overstepping array boundary by 1 byte. It was exclusively read overstep and data could not have been used. The only potential problem would be if array happens to end on the very edge of last accesible page. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 69567687)
-
Andy Polyakov authored
RT#3852 Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 86e5d1e3)
-
Andy Polyakov authored
BLKINIT optimization worked on T4, but for some reason appears "too aggressive" for T3 triggering intermiitent EC failures. It's not clear why only EC is affected... Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 579734ce)
-