Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
11 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
  1. 29 9月, 2016 2 次提交
  3. 28 9月, 2016 1 次提交
  5. 22 9月, 2016 2 次提交
    • M
      Fix a mem leak in NPN handling · c31dbed7
      Matt Caswell 提交于 
      If a server sent multiple NPN extensions in a single ClientHello then a
mem leak can occur. This will only happen where the client has requested
NPN in the first place. It does not occur during renegotiation. Therefore
the maximum that could be leaked in a single connection with a malicious
server is 64k (the maximum size of the ServerHello extensions section). As
this is client side, only occurs if NPN has been requested and does not
occur during renegotiation this is unlikely to be exploitable.

Issue reported by Shi Lei.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      c31dbed7
    • M
      Fix OCSP Status Request extension unbounded memory growth · e408c09b
      Matt Caswell 提交于 
      A malicious client can send an excessively large OCSP Status Request
extension. If that client continually requests renegotiation,
sending a large OCSP Status Request extension each time, then there will
be unbounded memory growth on the server. This will eventually lead to a
Denial Of Service attack through memory exhaustion. Servers with a
default configuration are vulnerable even if they do not support OCSP.
Builds using the "no-ocsp" build time option are not affected.

I have also checked other extensions to see if they suffer from a similar
problem but I could not find any other issues.

CVE-2016-6304

Issue reported by Shi Lei.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      e408c09b
  7. 20 9月, 2016 3 次提交
  9. 14 9月, 2016 2 次提交
  11. 13 9月, 2016 6 次提交
  13. 24 8月, 2016 1 次提交
    • D
      Sanity check ticket length. · e97763c9
      Dr. Stephen Henson 提交于 
      If a ticket callback changes the HMAC digest to SHA512 the existing
sanity checks are not sufficient and an attacker could perform a DoS
attack with a malformed ticket. Add additional checks based on
HMAC size.

Thanks to Shi Lei for reporting this bug.

CVE-2016-6302
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
      e97763c9
  15. 18 8月, 2016 1 次提交
  17. 13 8月, 2016 1 次提交
  19. 19 7月, 2016 1 次提交
    • E
      Fix two bugs in clienthello processing · 70c22888
      Emilia Kasper 提交于 
      - Always process ALPN (previously there was an early return in the
  certificate status handling)
- Don't send a duplicate alert. Previously, both
  ssl_check_clienthello_tlsext_late and its caller would send an
  alert. Consolidate alert sending code in the caller.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      70c22888
  21. 29 6月, 2016 1 次提交
  23. 22 6月, 2016 1 次提交
  25. 19 6月, 2016 1 次提交
  27. 14 6月, 2016 1 次提交
  29. 10 6月, 2016 1 次提交
    • T
      Fix session ticket and SNI · 5c753de6
      Todd Short 提交于 
      When session tickets are used, it's possible that SNI might swtich the
SSL_CTX on an SSL. Normally, this is not a problem, because the
initial_ctx/session_ctx are used for all session ticket/id processes.

However, when the SNI callback occurs, it's possible that the callback
may update the options in the SSL from the SSL_CTX, and this could
cause SSL_OP_NO_TICKET to be set. If this occurs, then two bad things
can happen:

1. The session ticket TLSEXT may not be written when the ticket expected
flag is set. The state machine transistions to writing the ticket, and
the client responds with an error as its not expecting a ticket.
2. When creating the session ticket, if the ticket key cb returns 0
the crypto/hmac contexts are not initialized, and the code crashes when
trying to encrypt the session ticket.

To fix 1, if the ticket TLSEXT is not written out, clear the expected
ticket flag.
To fix 2, consider a return of 0 from the ticket key cb a recoverable
error, and write a 0 length ticket and continue. The client-side code
can explicitly handle this case.

Fix these two cases, and add unit test code to validate ticket behavior.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1098)
      5c753de6
  31. 24 5月, 2016 1 次提交
  33. 18 5月, 2016 1 次提交
  35. 17 5月, 2016 2 次提交
  37. 16 5月, 2016 1 次提交
  39. 10 5月, 2016 1 次提交
  41. 29 4月, 2016 1 次提交
  43. 22 4月, 2016 1 次提交
  45. 18 4月, 2016 1 次提交
  47. 09 4月, 2016 1 次提交
  49. 06 4月, 2016 1 次提交
  51. 05 4月, 2016 2 次提交
  53. 21 3月, 2016 2 次提交