Skip to content
  1. Jun 11, 2015
  2. Jun 10, 2015
  3. Jun 08, 2015
  4. Jun 04, 2015
    • Matt Caswell's avatar
      Remove misleading comment · c22ed559
      Matt Caswell authored
      
      
      Remove a comment that suggested further clean up was required.
      DH_free() performs the necessary cleanup.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit f3d88952)
      c22ed559
    • Matt Caswell's avatar
      Clean premaster_secret for GOST · 4b6f33a5
      Matt Caswell authored
      
      
      Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit b7ee4815)
      
      Conflicts:
      	ssl/s3_srvr.c
      4b6f33a5
    • Matt Caswell's avatar
      Clean Kerberos pre-master secret · c36d3840
      Matt Caswell authored
      
      
      Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it.
      
      With thanks to the Open Crypto Audit Project for reporting this issue.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (cherry picked from commit 4e3dbe37)
      c36d3840
    • Matt Caswell's avatar
      Fix off-by-one error in BN_bn2hex · 05bdebb6
      Matt Caswell authored
      
      
      A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
      for this and can allocate a buffer one byte too short in the event of -0
      being used, leading to a one byte buffer overrun. All usage within the
      OpenSSL library is considered safe. Any security risk is considered
      negligible.
      
      With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
      Filip Palian for discovering and reporting this issue.
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      (cherry picked from commit c5635307)
      
      Conflicts:
      	crypto/bn/bn_print.c
      05bdebb6
  5. Jun 02, 2015
  6. May 31, 2015
    • Matt Caswell's avatar
      Check the message type requested is the type received in DTLS · f3e85f43
      Matt Caswell authored
      
      
      dtls1_get_message has an |mt| variable which is the type of the message that
      is being requested. If it is negative then any message type is allowed.
      However the value of |mt| is not checked in one of the main code paths, so a
      peer can send a message of a completely different type and it will be
      processed as if it was the message type that we were expecting. This has
      very little practical consequences because the current behaviour will still
      fail when the format of the message isn't as expected.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (cherry picked from commit 8c2b1d87)
      f3e85f43
  7. May 28, 2015
  8. May 26, 2015