提交 · b74d1d260f07bf0836610d6b1a53b32101913886 · OpenHarmony / Third Party Openssl

07 8月, 2014 5 次提交

Fix return code for truncated DTLS fragment. · b74d1d26

由 Adam Langley 提交于 6月 06, 2014

Previously, a truncated DTLS fragment in
|dtls1_process_out_of_seq_message| would cause *ok to be cleared, but
the return value would still be the number of bytes read. This would
cause |dtls1_get_message| not to consider it an error and it would
continue processing as normal until the calling function noticed that
*ok was zero.

I can't see an exploit here because |dtls1_get_message| uses
|s->init_num| as the length, which will always be zero from what I can
see.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

b74d1d26

Fix memory leak from zero-length DTLS fragments. · d0a4b7d1

由 Adam Langley 提交于 6月 06, 2014

The |pqueue_insert| function can fail if one attempts to insert a
duplicate sequence number. When handling a fragment of an out of
sequence message, |dtls1_process_out_of_seq_message| would not call
|dtls1_reassemble_fragment| if the fragment's length was zero. It would
then allocate a fresh fragment and attempt to insert it, but ignore the
return value, leaking the fragment.

This allows an attacker to exhaust the memory of a DTLS peer.

Fixes CVE-2014-3507
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

d0a4b7d1

Fix DTLS handshake message size checks. · 1250f126

由 Matt Caswell 提交于 6月 06, 2014

In |dtls1_reassemble_fragment|, the value of
|msg_hdr->frag_off+frag_len| was being checked against the maximum
handshake message size, but then |msg_len| bytes were allocated for the
fragment buffer. This means that so long as the fragment was within the
allowed size, the pending handshake message could consume 16MB + 2MB
(for the reassembly bitmap). Approx 10 outstanding handshake messages
are allowed, meaning that an attacker could consume ~180MB per DTLS
connection.

In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no
check was applied.

Fixes CVE-2014-3506

Wholly based on patch by Adam Langley with one minor amendment.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

1250f126

M
Added comment for the frag->reassembly == NULL case as per feedback from Emilia · 11e7982a
由 Matt Caswell 提交于 7月 24, 2014
```
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
```
11e7982a

Avoid double free when processing DTLS packets. · bff1ce4e

由 Adam Langley 提交于 6月 06, 2014

The |item| variable, in both of these cases, may contain a pointer to a
|pitem| structure within |s->d1->buffered_messages|. It was being freed
in the error case while still being in |buffered_messages|. When the
error later caused the |SSL*| to be destroyed, the item would be double
freed.

Thanks to Wah-Teh Chang for spotting that the fix in 1632ef74 was
inconsistent with the other error paths (but correct).

Fixes CVE-2014-3505
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

bff1ce4e

25 7月, 2014 1 次提交

Add conditional unit testing interface. · e0fc7961

由 Dr. Stephen Henson 提交于 7月 23, 2014

Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.

By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: NGeoff Thorpe <geoff@openssl.org>

e0fc7961

20 7月, 2014 2 次提交

Update heartbeat_test #includes · 50bba685

由 Mike Bland 提交于 6月 18, 2014

ssl/ssl_locl.h now comes first to ensure that it will compile standalone.
test/testutil.h is considered to be in the same directory as the test file,
since the test file will be linked into test/ and built there.
Reviewed-by: NTim Hudson <tjh@openssl.org>

50bba685

M
Use testutil registry in heartbeat_test · 6017a551
由 Mike Bland 提交于 7月 15, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
6017a551

16 7月, 2014 1 次提交
- D
  Fix DTLS certificate requesting code. · c8d710dc
  由 Dr. Stephen Henson 提交于 7月 15, 2014
```
Use same logic when determining when to expect a client
certificate for both TLS and DTLS.

PR#3452
```
  c8d710dc
15 7月, 2014 1 次提交
- D
  
  Use more common name for GOST key exchange. · ec5a992c
  由 Dr. Stephen Henson 提交于 7月 14, 2014
  
  ec5a992c
14 7月, 2014 1 次提交
- P
  Add names of GOST algorithms. · 924e5eda
  由 Peter Mosmans 提交于 7月 13, 2014
```
PR#3440
```
  924e5eda
09 7月, 2014 1 次提交
- A
  Please Clang's sanitizer. · 021e5043
  由 Andy Polyakov 提交于 7月 08, 2014
```
PR: #3424,#3423,#3422
```
  021e5043
06 7月, 2014 1 次提交
- A
  
  s3_pkt.c: fix typo. · 0e7a32b5
  由 Andy Polyakov 提交于 7月 05, 2014
  
  0e7a32b5
05 7月, 2014 2 次提交
- B
  
  Reduce casting nastiness. · d2ab55eb
  由 Ben Laurie 提交于 7月 05, 2014
  
  d2ab55eb
- D
  Don't limit message sizes in ssl3_get_cert_verify. · 7f6e9578
  由 Dr. Stephen Henson 提交于 7月 05, 2014
```
PR#319 (reoponed version).
```
  7f6e9578
04 7月, 2014 1 次提交
- D
  Remove all RFC5878 code. · b948ee27
  由 Dr. Stephen Henson 提交于 7月 04, 2014
```
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
```
  b948ee27
02 7月, 2014 5 次提交
- T
  
  Make disabling last cipher work. · 7cb472bd
  由 Thijs Alkemade 提交于 7月 02, 2014
  
  7cb472bd
- B
  Fix possible buffer overrun. · 22a10c89
  由 Ben Laurie 提交于 4月 23, 2014
```
(cherry picked from commit 2db3ea29298bdc347f15fbfab6d5746022f05101)

Conflicts:
	ssl/t1_lib.c
```
  22a10c89
- R
  
  RT 1528; misleading debug print, "pre-master" should be "master key" · e67ddd19
  由 Rich Salz 提交于 7月 01, 2014
  
  e67ddd19
- R
  
  RT 1530; fix incorrect comment · 04f545a0
  由 Rich Salz 提交于 7月 01, 2014
  
  04f545a0
- R
  
  RT 1229; typo in comment "dont't"->"don't" · df8ef5f3
  由 Rich Salz 提交于 7月 01, 2014
  
  df8ef5f3
01 7月, 2014 1 次提交
- D
  Fix warning. · 2580ab4e
  由 Dr. Stephen Henson 提交于 12月 01, 2013
```
(cherry picked from commit c97ec5631bb08a2171a125008d2f0d2a75687aaa)
```
  2580ab4e
30 6月, 2014 3 次提交
- B
  
  Make depend. · e3ba6a5f
  由 Ben Laurie 提交于 6月 30, 2014
  
  e3ba6a5f
- B
  
  More constification. · 161e0a61
  由 Ben Laurie 提交于 6月 29, 2014
  
  161e0a61
- B
  
  Constification - mostly originally from Chromium. · 8892ce77
  由 Ben Laurie 提交于 6月 29, 2014
  
  8892ce77
29 6月, 2014 1 次提交
- D
  Fix memory leak. · 44724bee
  由 Dr. Stephen Henson 提交于 6月 29, 2014
```
PR#2531
```
  44724bee
28 6月, 2014 4 次提交
- D
  Don't disable state strings with no-ssl2 · 0518a3e1
  由 Dr. Stephen Henson 提交于 6月 28, 2014
```
Some state strings were erronously not compiled when no-ssl2
was set.

PR#3295
```
  0518a3e1
- Y
  Fix compilation with -DSSL_DEBUG -DTLS_DEBUG -DKSSL_DEBUG · d183545d
  由 yogesh nagarkar 提交于 6月 28, 2014
```
PR#3141
```
  d183545d
- K
  Remove redundant check. · 0b33bed9
  由 Ken Ballou 提交于 6月 27, 2014
```
PR#3174
```
  0b33bed9
- P
  Add SHA256 Camellia ciphersuites from RFC5932 · e6332489
  由 PK 提交于 6月 27, 2014
```
PR#2800
```
  e6332489
27 6月, 2014 1 次提交
- T
  Don't advertise ECC ciphersuits in SSLv2 compatible client hello. · 0436369f
  由 Tomas Mraz 提交于 6月 27, 2014
```
PR#3374
```
  0436369f
23 6月, 2014 3 次提交
- M
  Fix off-by-one errors in ssl_cipher_get_evp() · 2841d6ca
  由 Miod Vallat 提交于 6月 04, 2014
```
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

Bug discovered and fixed by Miod Vallat from the OpenBSD team.

PR#3375
```
  2841d6ca
- M
  Revert "Fix off-by-one errors in ssl_cipher_get_evp()" · cf1b08cd
  由 Matt Caswell 提交于 6月 22, 2014
```
This reverts commit abfb989f.

Incorrect attribution
```
  cf1b08cd
- M
  
  Fixed Windows compilation failure · 339da43d
  由 Matt Caswell 提交于 5月 27, 2014
  
  339da43d
18 6月, 2014 1 次提交
- F
  
  Fix signed/unsigned comparisons. · 50cc4f7b
  由 Felix Laurie von Massenbach 提交于 6月 15, 2014
  
  50cc4f7b
15 6月, 2014 1 次提交

Accept CCS after sending finished. · 3b77f017

由 Dr. Stephen Henson 提交于 6月 14, 2014

Allow CCS after finished has been sent by client: at this point
keys have been correctly set up so it is OK to accept CCS from
server. Without this renegotiation can sometimes fail.

PR#3400

3b77f017

13 6月, 2014 4 次提交
- M
  Fixed incorrect return code handling in ssl3_final_finish_mac. · 687721a7
  由 Matt Caswell 提交于 6月 10, 2014
```
Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.
```
  687721a7
- M
  Revert "Fixed incorrect return code handling in ssl3_final_finish_mac" · 043fd646
  由 Matt Caswell 提交于 6月 13, 2014
```
This reverts commit 2f1dffa8.

Missing attribution.
```
  043fd646
- K
  Fix off-by-one errors in ssl_cipher_get_evp() · abfb989f
  由 Kurt Cancemi 提交于 6月 04, 2014
```
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

PR#3375
```
  abfb989f
- M
  
  Added OPENSSL_assert check as per PR#3377 reported by Rainer Jung <rainer.jung@kippdata.de> · d84ba7ea
  由 Matt Caswell 提交于 6月 12, 2014
  
  d84ba7ea

OpenHarmony / Third Party Openssl 12 个月 前同步成功

OpenHarmony / Third Party Openssl
12 个月前同步成功