- Oct 28, 2016
-
-
Matt Caswell authored
A zero return from BIO_read()/BIO_write() could mean that an IO operation is retryable. A zero return from SSL_read()/SSL_write() means that the connection has been closed down (either cleanly or not). Therefore we should not propagate a zero return value from BIO_read()/BIO_write() back up the stack to SSL_read()/SSL_write(). This could result in a retryable failure being treated as fatal. Reviewed-by:Richard Levitte <levitte@openssl.org>
-
- Oct 26, 2016
-
-
Rich Salz authored
Reviewed-by:
Tim Hudson <tjh@openssl.org> (cherry picked from commit 12a7715e)
-
- Oct 25, 2016
-
-
Dr. Matthias St. Pierre authored
A temporary buffer containing g^xy was not cleared in ecdh_compute_key() before freeing it, so the shared secret was leaked in memory. Reviewed-by:
Kurt Roeckx <kurt@openssl.org> Reviewed-by:
Matt Caswell <matt@openssl.org>
-
- Oct 22, 2016
-
-
Rich Salz authored
Unhandled critical CRL extensions were not detected if they appeared after the handled ones. (GitHub issue 1757). Thanks to John Chuah for reporting this. Reviewed-by:
-
- Oct 20, 2016
-
-
Cristian Stoica authored
The structure has already been initialized to zero with memset. See also commit 64b25758 (remove 0 assignments) Signed-off-by:
Cristian Stoica <cristian.stoica@nxp.com> CLA: trivial Reviewed-by:
Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1463)
-
Richard Levitte authored
This avoids failures when configuring with --strict-warnings Reviewed-by:
-
Richard Levitte authored
This removes some #ifndef clutter. Reviewed-by:
-
Richard Levitte authored
In apps/apps.c, one can set up an engine with setup_engine(). However, we freed the structural reference immediately, which means that for engines that don't already have a structural reference somewhere else (because it has registered at least one cipher or digest algorithm method, and therefore gets a functional reference through the ENGINE_set_default() call), we end up returning an invalid reference. Instead, the function release_engine() is added, and called at the end of the routines that call setup_engine(). Originally, the ENGINE API wasn't designed for this to happen, an engine had to register at least one algorithm method, and was especially expected to register the algorithms corresponding to the key types that could be stored and hidden in hardware. However, it turns out that some engines will not register those algorithms with the ENGINE_set_{algo}, ENGINE_set_cipher or ENGINE_set_digest functions, as they only want the methods to be used for keys, not as general crypto accelerator methods. That may cause ENGINE_set_default() to do nothing, and no functional reference is therefore made, leading to a premature deallocation of the engine and it thereby becoming unavailable when trying to fetch a key. Reviewed-by:
-
- Oct 19, 2016
-
-
Richard Levitte authored
Reviewed-by:
-
Richard Levitte authored
Fixes RT#4699 Reviewed-by:
-
- Oct 18, 2016
-
-
Patrick Steuer authored
crypto/evp/e_aes.c: Types of inp and out parameters of AES_xts_en/decrypt functions need to be changed from char to unsigned char to avoid build error due to -Werror=incompatible-pointer-types. crypto/aes/asm/aes-s390x.pl: Comments need to reflect the above change. Signed-off-by:
Patrick Steuer <psteuer@mail.de> Reviewed-by:
-
Patrick Steuer authored
crypto/s390xcap.c: cryptlib.h needs to be included for OPENSSL_cpuid_setup function prototype is located there to avoid build error due to -Werror=missing-prototypes. Signed-off-by:
-
- Oct 15, 2016
-
-
Steven Fackler authored
These are implemented as macros delegating to `EVP_DigestUpdate`, which takes a `size_t` as its third argument, not an `unsigned int`. CLA: trivial Reviewed-by:
-
Matt Caswell authored
If len == 0 in a call to ERR_error_string_n() then we can read beyond the end of the buffer. Really applications should not be calling this function with len == 0, but we shouldn't be letting it through either! Thanks to Agostino Sarubbo for reporting this issue. Agostino's blog on this issue is available here: https://blogs.gentoo.org/ago/2016/10/14/openssl-libcrypto-stack-based-buffer-overflow-in-err_error_string_n-err-c/ Reviewed-by:
-
- Oct 14, 2016
-
-
Vitezslav Cizek authored
The SWEET32 fix moved 3DES from HIGH to MEDIUM, but omitted SSL2. CLA: trivial Reviewed-by:
-
- Oct 13, 2016
-
-
Rich Salz authored
Reviewed-by:
-
- Oct 11, 2016
-
-
Kurt Cancemi authored
Reviewed-by:
-
- Sep 28, 2016
-
-
Richard Levitte authored
Before loading a key from an engine, it may need to be initialized. When done loading the key, we must de-initialize the engine. (if the engine is already initialized somehow, only the reference counter will be incremented then decremented) Reviewed-by:
Stephen Henson <steve@openssl.org> (cherry picked from commit 49e476a5)
-
Rich Salz authored
This reverts commit 4badd2b3 . This fails to call ENGINE_finish; an alternate fix is coming. Reviewed-by:
-
David Woodhouse authored
Things like 'openssl s_client' only ever worked with keys from an engine which provided a default generic method for some key type — because it called ENGINE_set_default() and that ended up being an implicit initialisation and functional refcount. But an engine which doesn't provide generic methods doesn't get initialised, and then when you try to use it you get an error: cannot load client certificate private key file from engine 140688147056384:error:26096075:engine routines:ENGINE_load_private_key:not initialised:crypto/engine/eng_pkey.c:66: unable to load client certificate private key file cf. https://github.com/OpenSC/libp11/issues/107 (in which we discover that engine_pkcs11 *used* to provide generic methods that OpenSSL would try to use for ephemeral DH keys when negotiating ECDHE cipher suites in TLS, and that didn't work out very well.) Reviewed-by:
-
- Sep 26, 2016
-
-
Matt Caswell authored
The NEWS file referenced the wrong CVE for 1.0.2 Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Note: this was accidentally omitted from OpenSSL 1.0.2 branch. Without this fix any attempt to use CRLs will crash. CVE-2016-7052 Thanks to Bruce Stephens and Thomas Jakobi for reporting this issue. Reviewed-by:
-
- Sep 22, 2016
-
-
Dirk Feytons authored
Add a missing ifdef. Same change is already present in master. Reviewed-by:
-
Rich Salz authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Dmitry Belyavsky authored
Russian GOST ciphersuites are vulnerable to the KCI attack because they use long-term keys to establish the connection when ssl client authorization is on. This change brings the GOST implementation into line with the latest specs in order to avoid the attack. It should not break backwards compatibility. Reviewed-by:
-
Matt Caswell authored
If a server sent multiple NPN extensions in a single ClientHello then a mem leak can occur. This will only happen where the client has requested NPN in the first place. It does not occur during renegotiation. Therefore the maximum that could be leaked in a single connection with a malicious server is 64k (the maximum size of the ServerHello extensions section). As this is client side, only occurs if NPN has been requested and does not occur during renegotiation this is unlikely to be exploitable. Issue reported by Shi Lei. Reviewed-by: -
Matt Caswell authored
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected. I have also checked other extensions to see if they suffer from a similar problem but I could not find any other issues. CVE-2016-6304 Issue reported by Shi Lei. Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
- Sep 21, 2016
-
-
Matt Caswell authored
Certain warning alerts are ignored if they are received. This can mean that no progress will be made if one peer continually sends those warning alerts. Implement a count so that we abort the connection if we receive too many. Issue reported by Shi Lei. Reviewed-by: -
Dr. Stephen Henson authored
Grow TLS/DTLS 16 bytes more than strictly necessary as a precaution against OOB reads. In most cases this will have no effect because the message buffer will be large enough already. Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by: -
Dr. Stephen Henson authored
The overflow check will never be triggered because the the n2l3 result is always less than 2^24. Reviewed-by: -
Rich Salz authored
Reviewed-by:
-
Rich Salz authored
Reviewed-by:
-
