Emilia Kasper f48b83b4fb Fix length checks in X509_cmp_time to avoid out-of-bounds reads. ...

Also tighten X509_cmp_time to reject more than three fractional
seconds in the time; and to reject trailing garbage after the offset.

CVE-2015-1789

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

2015-06-11 11:06:30 +01:00

..

aes

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

asn1

Check ASN1_INTEGER_get for errors.

2015-06-06 13:17:06 +01:00

bf

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

bio

Change BIO_number_read and BIO_number_written() to be 64 bit

2015-06-10 10:40:50 +01:00

bn

Fix off-by-one error in BN_bn2hex

2015-06-04 09:23:02 +01:00

buffer

Replace memset with OPENSSL_clear_free()

2015-06-10 10:09:57 +01:00

camellia

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

cast

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

cmac

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

cms

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

comp

Fix -DZLIB build for opaque COMP types

2015-06-09 12:49:50 -04:00

conf

No fprintf in the txt_db component

2015-06-09 12:39:08 -04:00

des

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

dh

Properly check certificate in case of export ciphers.

2015-06-09 00:46:59 +02:00

dsa

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

dso

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

ec

EC_POINT_is_on_curve does not return a boolean

2015-06-10 10:43:53 +01:00

ecdh

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

ecdsa

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

engine

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

err

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

evp

e_aes_cbc_hmac_sha*.c: address linker warning about OPENSSL_ia32cap_P size mismatch.

2015-06-11 10:12:54 +02:00

hmac

Fix leak in HMAC error path

2015-06-10 11:03:20 +01:00

idea

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

include/internal

Identify and move common internal libcrypto header files

2015-05-14 17:21:40 +02:00

jpake

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

lhash

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

md2

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

md4

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

md5

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

mdc2

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

modes

gcm.c: address linker warning about OPENSSL_ia32cap_P size mismatch.

2015-06-10 23:55:59 +02:00

objects

return correct NID for undefined object

2015-06-08 21:44:56 +01:00

ocsp

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

pem

check for error when creating PKCS#8 structure

2015-05-28 17:58:03 +01:00

perlasm

Add assembly support for 32-bit iOS.

2015-04-20 15:06:22 +02:00

pkcs7

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

pkcs12

Use CRYPTO_memcmp when comparing authenticators

2015-06-08 14:55:50 +02:00

pqueue

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

rand

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

rc2

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

rc4

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

rc5

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

ripemd

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

rsa

Properly check certificate in case of export ciphers.

2015-06-09 00:46:59 +02:00

seed

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

sha

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

srp

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

stack

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

store

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

threads

Server side version negotiation rewrite

2015-05-16 09:19:56 +01:00

ts

Set error code, no fprintf stderr, on errors.

2015-06-04 18:03:33 -04:00

txt_db

No fprintf in the txt_db component

2015-06-09 12:39:08 -04:00

ui

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

whrlpool

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

x509

Fix length checks in X509_cmp_time to avoid out-of-bounds reads.

2015-06-11 11:06:30 +01:00

x509v3

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

alphacpuid.pl

alphacpuid.pl: fix alignment bug.

2011-08-12 12:28:52 +00:00

arm64cpuid.pl

Add assembly support to ios64-cross.

2015-01-23 15:38:41 +01:00

arm_arch.h

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

armcap.c

Add assembly support for 32-bit iOS.

2015-04-20 15:06:22 +02:00

armv4cpuid.pl

Add assembly support for 32-bit iOS.

2015-04-20 15:06:22 +02:00

c64xpluscpuid.pl

C64x+ assembly pack: make it work with older toolchain.

2014-05-04 16:38:32 +02:00

cpt_err.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

cryptlib.c

Identify and move common internal libcrypto header files

2015-05-14 17:21:40 +02:00

crypto-lib.com

Remove remaining Kerberos references

2015-05-13 15:08:10 +01:00

cversion.c

Identify and move common internal libcrypto header files

2015-05-14 17:21:40 +02:00

ebcdic.c

Appease clang -Wempty-translation-unit

2015-04-04 17:05:49 +02:00

ex_data.c

Identify and move common internal libcrypto header files

2015-05-14 17:21:40 +02:00

fips_err.h

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

fips_ers.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

ia64cpuid.S

IA-64 assembler pack: fix typos and make it work on HP-UX.

2011-05-07 20:36:05 +00:00

install-crypto.com

Remove remaining Kerberos references

2015-05-13 15:08:10 +01:00

lock.c

Identify and move common internal libcrypto header files

2015-05-14 17:21:40 +02:00

LPdir_nyi.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

LPdir_unix.c

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

LPdir_vms.c

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

LPdir_win32.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

LPdir_win.c

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

LPdir_wince.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

Makefile

Fix the update target and remove duplicate file updates

2015-05-22 18:44:33 +02:00

mem_clr.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

mem_dbg.c

Identify and move common internal libcrypto header files

2015-05-14 17:21:40 +02:00

mem.c

Identify and move common internal libcrypto header files

2015-05-14 17:21:40 +02:00

o_dir_test.c

Identify and move OpenSSL internal header files

2015-05-14 15:13:49 +02:00

o_dir.c

Identify and move OpenSSL internal header files

2015-05-14 15:13:49 +02:00

o_fips.c

Identify and move common internal libcrypto header files

2015-05-14 17:21:40 +02:00

o_init.c

Dead code cleanup: crypto/*.c, x509v3, demos

2015-02-02 11:08:16 -05:00

o_str.c

Identify and move OpenSSL internal header files

2015-05-14 15:13:49 +02:00

o_time.c

Re-align some comments after running the reformat script.

2015-01-22 09:20:10 +00:00

opensslconf.h.in

RT3548: Remove unsupported platforms

2014-12-28 01:17:52 -05:00

pariscid.pl

PA-RISC assembler pack: switch to bve in 64-bit builds.

2013-06-18 10:37:00 +02:00

ppc_arch.h

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

ppccap.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

ppccpuid.pl

aesp8-ppc.pl: fix typos.

2014-06-04 08:34:18 +02:00

s390xcap.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

s390xcpuid.S

Multiple assembler packs: add experimental memory bus instrumentation.

2011-04-17 12:46:00 +00:00

sparc_arch.h

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

sparccpuid.S

sparccpuid.S: work around emulator bug on T1.

2013-02-11 10:39:50 +01:00

sparcv9cap.c

Dead code cleanup: crypto/*.c, x509v3, demos

2015-02-02 11:08:16 -05:00

thr_id.c

Identify and move common internal libcrypto header files

2015-05-14 17:21:40 +02:00

uid.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

vms_rms.h

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

x86_64cpuid.pl

x86[_64]cpuid.pl: add low-level RDSEED.

2014-02-14 17:24:12 +01:00

x86cpuid.pl

Undo a90081576c94f9f54de1755188a00ccc1760549a

2014-08-09 08:02:20 -04:00