wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Dr. Stephen Henson 5f57abe2b1 Sanity check PVK file fields. 
PVK files with abnormally large length or salt fields can cause an
integer overflow which can result in an OOB read and heap corruption.
However this is an rarely used format and private key files do not
normally come from untrusted sources the security implications not
significant.

Fix by limiting PVK length field to 100K and salt to 10K: these should be
more than enough to cover any files encountered in practice.

Issue reported by Guido Vranken.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 01:20:04 +00:00
..
aes Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
asn1 GH753: More spelling fix 2016-02-27 10:58:16 -05:00
async Ensure Async is deinited properly 2016-03-02 17:23:42 +00:00
bf Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
bio Fix memory issues in BIO_*printf functions 2016-02-25 22:45:58 +00:00
bn Consistently use arm_arch.h constants in armcap assembly code. 2016-03-02 12:57:28 +01:00
buffer Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
camellia Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
cast Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
chacha Consistently use arm_arch.h constants in armcap assembly code. 2016-03-02 12:57:28 +01:00
cmac Use utility functions for HMAC and CMAC. 2016-03-02 20:57:32 +00:00
cms Remove unused parameters from internal functions 2016-02-22 13:39:44 -05:00
comp Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
conf Remove unused parameters from internal functions 2016-02-22 13:39:44 -05:00
ct CT policy validation 2016-03-01 20:03:25 +00:00
des Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
dh GH715: ENGINE_finish can take NULL 2016-02-25 15:19:42 -05:00
dsa GH715: Missed some null-check-removals. follow commits 412bafdcf5, and 7c96dbcdab 2016-02-28 17:40:08 -05:00
dso GH762: Reuse strdup() 2016-02-29 17:33:44 -05:00
ec Clean up curve25519 build 2016-03-03 16:53:19 +01:00
engine GH715: ENGINE_finish can take NULL 2016-02-25 15:19:42 -05:00
err Add KDF error codes 2016-03-02 21:30:56 +00:00
evp GH355: Implement HKDF 2016-03-03 18:21:20 -05:00
hmac Use utility functions for HMAC and CMAC. 2016-03-02 20:57:32 +00:00
idea Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
include/internal GH355: Implement HKDF 2016-03-03 18:21:20 -05:00
kdf GH355: Implement HKDF 2016-03-03 18:21:20 -05:00
lhash Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
md2 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
md4 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
md5 RT4347: Fix GCC unused-value warnings with HOST_c2l() 2016-03-01 12:10:18 -05:00
mdc2 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
modes modes/asm/ghash-x86_64.pl: refine GNU assembler version detection. 2016-02-27 21:14:18 +01:00
objects GH355: Implement HKDF 2016-03-03 18:21:20 -05:00
ocsp Remove unused parameters from internal functions 2016-02-22 13:39:44 -05:00
pem Sanity check PVK file fields. 2016-03-04 01:20:04 +00:00
perlasm Fix some issues near recent chomp changes. 2016-02-13 02:54:48 -05:00
pkcs7 Add PKCS7_NO_DUAL_CONTENT flag 2016-02-23 08:42:03 -05:00
pkcs12 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
poly1305 poly1305/asm/poly1305-*.pl: flip horizontal add and reduction. 2016-03-02 13:11:38 +01:00
rand GH715: ENGINE_finish can take NULL 2016-02-25 15:19:42 -05:00
rc2 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
rc4 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
rc5 Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
ripemd Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
rsa GH715: Missed some null-check-removals. 2016-02-28 09:41:23 -05:00
seed Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
sha Consistently use arm_arch.h constants in armcap assembly code. 2016-03-02 12:57:28 +01:00
srp CVE-2016-0798: avoid memory leak in SRP 2016-02-25 15:42:48 +01:00
stack Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
ts Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
txt_db Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
ui Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
whrlpool Always build library object files with shared library cflags 2016-02-20 16:51:31 +01:00
x509 remove old unused oneline name field 2016-03-01 22:25:40 +00:00
x509v3 GH769: Reuse strndup() 2016-03-03 19:44:10 -05:00
alphacpuid.pl
arm64cpuid.pl Add assembly support to ios64-cross. 2015-01-23 15:38:41 +01:00
arm_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
armcap.c Add assembly support for 32-bit iOS. 2015-04-20 15:06:22 +02:00
armv4cpuid.pl ARMv4 assembly pack: implement support for Thumb2. 2015-09-25 13:34:02 +02:00
build.info Make uplink auxiliary source separate from cpuid source 2016-03-02 14:45:02 +01:00
c64xpluscpuid.pl C64x+ assembly pack: make it work with older toolchain. 2014-05-04 16:38:32 +02:00
cpt_err.c After renaming init, update errors. 2016-02-10 15:52:32 -05:00
cryptlib.c Declare DllMain internally 2016-02-14 14:13:53 +01:00
cversion.c Make it possible to get ENGINESDIR info from OpenSSL_versions 2016-02-10 19:36:48 +01:00
ebcdic.c Use NON_EMPTY_TRANSLATION_UNIT, consistently. 2016-02-09 20:13:29 -05:00
ex_data.c GH601: Various spelling fixes. 2016-02-05 15:25:50 -05:00
fips_err.h Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
fips_ers.c Use NON_EMPTY_TRANSLATION_UNIT, consistently. 2016-02-09 20:13:29 -05:00
ia64cpuid.S
init.c Ensure Async is deinited properly 2016-03-02 17:23:42 +00:00
lock.c GH678: Add a few more zalloc 2016-02-22 12:13:37 -05:00
LPdir_nyi.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_unix.c memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
LPdir_vms.c memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
LPdir_win.c memset, memcpy, sizeof consistency fixes 2015-05-05 22:18:59 -04:00
LPdir_win32.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_wince.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
Makefile.in Make uplink auxiliary source separate from cpuid source 2016-03-02 14:45:02 +01:00
mem.c Build fix: remove cleanse_ctr 2016-02-25 10:19:50 -05:00
mem_clr.c RT4116: Change cleanse to just memset 2016-02-25 10:04:00 -05:00
mem_dbg.c Implement the use of heap manipulator implementions 2016-02-17 10:12:49 +01:00
mem_sec.c Remove unused parameters from internal functions 2016-02-22 13:39:44 -05:00
o_dir.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
o_fips.c Identify and move common internal libcrypto header files 2015-05-14 17:21:40 +02:00
o_init.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
o_str.c Fix master compile error 2016-02-26 16:50:59 +00:00
o_time.c GH601: Various spelling fixes. 2016-02-05 15:25:50 -05:00
pariscid.pl PA-RISC assembler pack: switch to bve in 64-bit builds. 2013-06-18 10:37:00 +02:00
ppc_arch.h crypto/ppccap.c: add SIGILL-free processor capability detection code. 2015-12-14 16:08:49 +01:00
ppccap.c Configurations: engage PPC ChaCha20 and Poly1305 modules. 2016-02-13 17:22:20 +01:00
ppccpuid.pl crpyto/ppccpuid.pl: add FPU probe and fix OPENSSL_rdtsc. 2015-12-14 16:09:25 +01:00
s390xcap.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
s390xcpuid.S
sparc_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
sparccpuid.S Conversion to UTF-8 where needed 2015-07-14 01:10:01 +02:00
sparcv9cap.c crypto/sparcv9cap.c: add SIGILL-free feature detection for Solaris. 2015-12-02 10:53:33 +01:00
thr_id.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
threads_none.c Implement new multi-threading API 2016-02-26 10:00:36 +00:00
threads_pthread.c GH773: Possible leak on CRYPTO_THREAD_lock_new failure 2016-03-03 19:47:01 -05:00
threads_win.c GH773: Possible leak on CRYPTO_THREAD_lock_new failure 2016-03-03 19:47:01 -05:00
uid.c Remove /* foo.c */ comments 2016-01-26 16:40:43 -05:00
vms_rms.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
x86_64cpuid.pl x86[_64]cpuid.pl: add low-level RDSEED. 2014-02-14 17:24:12 +01:00
x86cpuid.pl Undo a90081576c 2014-08-09 08:02:20 -04:00