Skip to content
  1. Jun 16, 2016
  2. Jun 15, 2016
  3. Jun 14, 2016
  4. Jun 13, 2016
  5. Jun 12, 2016
  6. Jun 10, 2016
  7. Jun 07, 2016
  8. Jun 06, 2016
    • Cesar Pereida's avatar
      Fix DSA, preserve BN_FLG_CONSTTIME · 621eaf49
      Cesar Pereida authored
      
      
      Operations in the DSA signing algorithm should run in constant time in
      order to avoid side channel attacks. A flaw in the OpenSSL DSA
      implementation means that a non-constant time codepath is followed for
      certain operations. This has been demonstrated through a cache-timing
      attack to be sufficient for an attacker to recover the private DSA key.
      
      CVE-2016-2178
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      621eaf49
  9. Jun 03, 2016
  10. Jun 01, 2016
    • Matt Caswell's avatar
      Avoid some undefined pointer arithmetic · a004e72b
      Matt Caswell authored
      
      
      A common idiom in the codebase is:
      
      if (p + len > limit)
      {
          return; /* Too long */
      }
      
      Where "p" points to some malloc'd data of SIZE bytes and
      limit == p + SIZE
      
      "len" here could be from some externally supplied data (e.g. from a TLS
      message).
      
      The rules of C pointer arithmetic are such that "p + len" is only well
      defined where len <= SIZE. Therefore the above idiom is actually
      undefined behaviour.
      
      For example this could cause problems if some malloc implementation
      provides an address for "p" such that "p + len" actually overflows for
      values of len that are too big and therefore p + len < limit!
      
      Issue reported by Guido Vranken.
      
      CVE-2016-2177
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      a004e72b
  11. May 31, 2016
  12. May 26, 2016
  13. May 23, 2016
  14. May 20, 2016
  15. May 19, 2016
    • Viktor Dukhovni's avatar
      Ensure verify error is set when X509_verify_cert() fails · 5553a127
      Viktor Dukhovni authored
      
      
      Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
      continue due to malloc failure.  Similarly for issuer lookup failures
      and caller errors (bad parameters or invalid state).
      
      Also, when X509_verify_cert() returns <= 0 make sure that the
      verification status does not remain X509_V_OK, as a last resort set
      it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns
      an error without setting an appropriate value of ctx->error.
      
      Add new and some missing error codes to X509 error -> SSL alert switch.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      5553a127