Skip to content
  1. Jun 04, 2015
    • Matt Caswell's avatar
      Remove misleading comment · da5fab73
      Matt Caswell authored
      
      
      Remove a comment that suggested further clean up was required.
      DH_free() performs the necessary cleanup.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit f3d88952)
      da5fab73
    • Matt Caswell's avatar
      Clean premaster_secret for GOST · efd89aa9
      Matt Caswell authored
      
      
      Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit b7ee4815)
      
      Conflicts:
      	ssl/s3_srvr.c
      efd89aa9
    • Matt Caswell's avatar
      Clean Kerberos pre-master secret · 4e3dbe37
      Matt Caswell authored
      
      
      Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      4e3dbe37
    • Matt Caswell's avatar
      Fix off-by-one error in BN_bn2hex · 36107199
      Matt Caswell authored
      
      
      A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
      for this and can allocate a buffer one byte too short in the event of -0
      being used, leading to a one byte buffer overrun. All usage within the
      OpenSSL library is considered safe. Any security risk is considered
      negligible.
      
      With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
      Filip Palian for discovering and reporting this issue.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      (cherry picked from commit c5635307)
      
      Conflicts:
      	crypto/bn/bn_print.c
      36107199
    • Matt Caswell's avatar
      Fix DTLS session resumption · af3aa2b5
      Matt Caswell authored
      
      
      The session object on the client side is initially created during
      construction of the ClientHello. If the client is DTLS1.2 capable then it
      will store 1.2 as the version for the session. However if the server is only
      DTLS1.0 capable then when the ServerHello comes back the client switches to
      using DTLS1.0 from then on. However the session version does not get
      updated. Therefore when the client attempts to resume that session the
      server throws an alert because of an incorrect protocol version.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      (cherry picked from commit 7322abf5)
      
      Conflicts:
      	ssl/s3_clnt.c
      af3aa2b5
  2. Jun 03, 2015
  3. Jun 02, 2015
  4. May 31, 2015
    • Matt Caswell's avatar
      Check the message type requested is the type received in DTLS · 8744ba5e
      Matt Caswell authored
      
      
      dtls1_get_message has an |mt| variable which is the type of the message that
      is being requested. If it is negative then any message type is allowed.
      However the value of |mt| is not checked in one of the main code paths, so a
      peer can send a message of a completely different type and it will be
      processed as if it was the message type that we were expecting. This has
      very little practical consequences because the current behaviour will still
      fail when the format of the message isn't as expected.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (cherry picked from commit 8c2b1d87)
      8744ba5e
  5. May 28, 2015
  6. May 26, 2015
  7. May 25, 2015
  8. May 24, 2015
  9. May 23, 2015
  10. May 22, 2015
    • Matt Caswell's avatar
      Fix typo setting up certificate masks · e4731f76
      Matt Caswell authored
      
      
      The certificate masks are used to select which ciphersuite we are going to
      use. The variables |emask_k| and |emask_a| relate to export grade key
      exchange and authentication respecitively. The variables |mask_k| and
      |mask_a| are the equivalent versions for non-export grade. This fixes an
      instance where the two usages of export/non-export were mixed up. In
      practice it makes little difference since it still works!
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      (cherry picked from commit fdfe8b06)
      e4731f76
    • Matt Caswell's avatar
      Remove export static DH ciphersuites · 595487ea
      Matt Caswell authored
      
      
      Remove support for the two export grade static DH ciphersuites. These two
      ciphersuites were newly added (along with a number of other static DH
      ciphersuites) to 1.0.2. However the two export ones have *never* worked
      since they were introduced. It seems strange in any case to be adding new
      export ciphersuites, and given "logjam" it also does not seem correct to
      fix them.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      (cherry picked from commit 13f8eb47)
      
      Conflicts:
      	CHANGES
      595487ea
    • Matt Caswell's avatar
      Fix off-by-one in BN_rand · c6eb1cbd
      Matt Caswell authored
      
      
      If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
      buffer overflow can occur. There are no such instances within the OpenSSL at
      the moment.
      
      Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
      discovering and reporting this issue.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      c6eb1cbd
    • Matt Caswell's avatar
      Reject negative shifts for BN_rshift and BN_lshift · 1a9499cf
      Matt Caswell authored
      
      
      The functions BN_rshift and BN_lshift shift their arguments to the right or
      left by a specified number of bits. Unpredicatable results (including
      crashes) can occur if a negative number is supplied for the shift value.
      
      Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian
      for discovering and reporting this issue.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      (cherry picked from commit 7cc18d81)
      
      Conflicts:
      	crypto/bn/bn.h
      	crypto/bn/bn_err.c
      1a9499cf
    • Lubom's avatar
      Lost alert in DTLS · 254c01ed
      Lubom authored
      
      
      If a client receives a bad hello request in DTLS then the alert is not
      sent correctly.
      
      RT#2801
      
      Signed-off-by: default avatarMatt Caswell <matt@openssl.org>
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      (cherry picked from commit 4dc1aa04)
      254c01ed
  11. May 20, 2015