1. 26 3月, 2015 10 次提交
  2. 25 3月, 2015 7 次提交
  3. 24 3月, 2015 5 次提交
  4. 23 3月, 2015 4 次提交
  5. 20 3月, 2015 2 次提交
  6. 19 3月, 2015 4 次提交
    • M
      Fix DHE Null CKE vulnerability · d3cc5e61
      Matt Caswell 提交于
      If client auth is used then a server can seg fault in the event of a DHE
      cipher being used and a zero length ClientKeyExchange message being sent
      by the client. This could be exploited in a DoS attack.
      
      CVE-2015-1787
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      d3cc5e61
    • D
      Fix for CVE-2015-0291 · 34e3edbf
      Dr. Stephen Henson 提交于
      If a client renegotiates using an invalid signature algorithms extension
      it will crash a server with a NULL pointer dereference.
      
      Thanks to David Ramos of Stanford University for reporting this bug.
      
      CVE-2015-0291
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      34e3edbf
    • M
      Fix Seg fault in DTLSv1_listen · e83ee04b
      Matt Caswell 提交于
      The DTLSv1_listen function is intended to be stateless and processes
      the initial ClientHello from many peers. It is common for user code to
      loop over the call to DTLSv1_listen until a valid ClientHello is received
      with an associated cookie. A defect in the implementation of DTLSv1_listen
      means that state is preserved in the SSL object from one invokation to the
      next that can lead to a segmentation fault. Erorrs processing the initial
      ClientHello can trigger this scenario. An example of such an error could
      be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
      server.
      
      CVE-2015-0207
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      e83ee04b
    • M
      Multiblock corrupted pointer fix · 1d2a18dc
      Matt Caswell 提交于
      OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
      feature only applies on 64 bit x86 architecture platforms that support AES
      NI instructions. A defect in the implementation of "multiblock" can cause
      OpenSSL's internal write buffer to become incorrectly set to NULL when
      using non-blocking IO. Typically, when the user application is using a
      socket BIO for writing, this will only result in a failed connection.
      However if some other BIO is used then it is likely that a segmentation
      fault will be triggered, thus enabling a potential DoS attack.
      
      CVE-2015-0290
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      Reviewed-by: NAndy Polyakov <appro@openssl.org>
      1d2a18dc
  7. 17 3月, 2015 1 次提交
    • M
      Add sanity check to PRF · 668f6f08
      Matt Caswell 提交于
      The function tls1_PRF counts the number of digests in use and partitions
      security evenly between them. There always needs to be at least one digest
      in use, otherwise this is an internal error. Add a sanity check for this.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      668f6f08
  8. 16 3月, 2015 1 次提交
  9. 15 3月, 2015 1 次提交
  10. 12 3月, 2015 2 次提交
  11. 11 3月, 2015 3 次提交