Skip to content
GitLab
  1. 19 Aug, 2016 1 commit
    • Matt Caswell's avatar
      Fix DTLS unprocessed records bug · fa755697
      Matt Caswell authored 
      

During a DTLS handshake we may get records destined for the next epoch
arrive before we have processed the CCS. In that case we can't decrypt or
verify the record yet, so we buffer it for later use. When we do receive
the CCS we work through the queue of unprocessed records and process them.

Unfortunately the act of processing wipes out any existing packet data
that we were still working through. This includes any records from the new
epoch that were in the same packet as the CCS. We should only process the
buffered records if we've not got any data left.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      fa755697
  3. 16 Aug, 2016 1 commit
  5. 15 Aug, 2016 3 commits
  7. 05 Aug, 2016 2 commits
  9. 04 Aug, 2016 3 commits
  11. 03 Aug, 2016 1 commit
  13. 02 Aug, 2016 3 commits
  15. 22 Jul, 2016 1 commit
    • Dr. Stephen Henson's avatar
      Fix OOB read in TS_OBJ_print_bio(). · 6adf409c
      Dr. Stephen Henson authored 
      

TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(cherry picked from commit 0ed26acc)
      6adf409c
  17. 30 Jun, 2016 1 commit
  19. 29 Jun, 2016 3 commits
  21. 27 Jun, 2016 1 commit
  23. 07 Jun, 2016 1 commit
  25. 06 Jun, 2016 1 commit
    • Cesar Pereida's avatar
      Fix DSA, preserve BN_FLG_CONSTTIME · d168705e
      Cesar Pereida authored 
      

Operations in the DSA signing algorithm should run in constant time in
order to avoid side channel attacks. A flaw in the OpenSSL DSA
implementation means that a non-constant time codepath is followed for
certain operations. This has been demonstrated through a cache-timing
attack to be sufficient for an attacker to recover the private DSA key.

CVE-2016-2178

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(cherry picked from commit 621eaf49)
      d168705e
  27. 03 Jun, 2016 1 commit
  29. 01 Jun, 2016 1 commit
    • Matt Caswell's avatar
      Avoid some undefined pointer arithmetic · 6f35f6de
      Matt Caswell authored 
      

A common idiom in the codebase is:

if (p + len > limit)
{
    return; /* Too long */
}

Where "p" points to some malloc'd data of SIZE bytes and
limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS
message).

The rules of C pointer arithmetic are such that "p + len" is only well
defined where len <= SIZE. Therefore the above idiom is actually
undefined behaviour.

For example this could cause problems if some malloc implementation
provides an address for "p" such that "p + len" actually overflows for
values of len that are too big and therefore p + len < limit!

Issue reported by Guido Vranken.

CVE-2016-2177

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      6f35f6de
  31. 26 May, 2016 2 commits
  33. 23 May, 2016 1 commit
  35. 19 May, 2016 1 commit
  37. 11 May, 2016 2 commits
  39. 09 May, 2016 1 commit
  41. 06 May, 2016 3 commits
  43. 05 May, 2016 2 commits
  45. 04 May, 2016 3 commits
  47. 03 May, 2016 1 commit