This project is mirrored from https://github.com/openssl/openssl.git.
Pull mirroring failed .
Last successful update .
Last successful update .
- 21 Apr, 2020 5 commits
-
-
Matt Caswell authored
Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: -
Benjamin Kaduk authored
In the tls1_check_sig_alg() helper function, we loop through the list of "signature_algorithms_cert" values received from the client and attempt to look up each one in turn in our internal table that maps wire codepoint to string-form name, digest and/or signature NID, etc., in order to compare the signature scheme from the peer's list against what is used to sign the certificates in the certificate chain we're checking. Unfortunately, when the peer sends a value that we don't support, the lookup returns NULL, but we unconditionally dereference the lookup result for the comparison, leading to an application crash triggerable by an unauthenticated client. Since we will not be able to say anything about algorithms we don't recognize, treat NULL return from lookup as "does not match". We currently only apply the "signature_algorithm_cert" checks on TLS 1.3 connections, so previous TLS versions are unaffected. SSL_check_chain() is not called directly from libssl, but may be used by the application inside a callback (e.g., client_hello or cert callback) to verify that a candidate certificate chain will be acceptable to the client. CVE-2020-1967 Reviewed-by:Matt Caswell <matt@openssl.org>
-
Benjamin Kaduk authored
Add to test_sslsigalgs a TLSProxy test that injects a "signature_algorithms_cert" extension that contains an unallocated codepoint. The test currently fails, since s_server segfaults instead of ignoring the unrecognized value. Since "signature_algorithms" and "signature_algorithms_cert" are very similar, also add the analogous test for "signature_algorithms". Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
- 18 Apr, 2020 2 commits
-
-
Bernd Edlinger authored
Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11411)
-
Bernd Edlinger authored
This adds optional constant time support for AES when building openssl for no-asm. Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME [extended tests] Reviewed-by:
-
- 17 Apr, 2020 3 commits
-
-
Tomas Mraz authored
The s_time command in difference from all the other similar commands supported -cafile option instead of -CAfile. Add the -CAfile option and keep -cafile only for backwards compatibility. Fixes #11552 Reviewed-by:
-
Richard Levitte authored
The UI interface itself is never disabled, but the console backend may be. 'no-ui' is a deprecated backward compatibility alias for 'no-ui-console'. Fixes #11551 Reviewed-by:
Paul Dale <paul.dale@oracle.com> Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11554)
-
Kochise authored
CLA: trivial Reviewed-by:
-
- 14 Apr, 2020 1 commit
-
-
scott authored
`BIO_do_accept` was returning incorrect values when unable to bind to a port. Fixes #7717 CLA: trivial Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> Reviewed-by:
-
- 12 Apr, 2020 1 commit
-
-
Rich Salz authored
Rather than wrapping whole files in "ifndef OPENSSL_NO_xxx" we handle the changes in build.info Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11518)
-
- 11 Apr, 2020 1 commit
-
-
Jake Maynard authored
Fixes #10263 Reviewed-by:
-
- 09 Apr, 2020 2 commits
-
-
Jim Newsome authored
The `add` and `seed` callbacks were changed to return `int` instead of `void` in b6dcdbfc (first included in tag OpenSSL_1_1_0-pre1). The `add` callback was changed to take a `double` instead of an `int` in 853f757e. CLA: trivial Fixes: #10199 Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
-
Pauli authored
The backport of the timing information leak fix uses u32 which is defined in crypto/modes/modes_local.h in 1.1.1 and include/crypto/modes.h for 3.0. Reviewed-by:
-
- 08 Apr, 2020 1 commit
-
-
Patrick Steuer authored
Signed-off-by:
Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by:
-
- 07 Apr, 2020 4 commits
-
-
Pauli authored
Addressing a potential integer overflow condition. Reviewed-by:
-
Billy Brumley authored
Reviewed-by:
Nicola Tuveri <nicola.tuveri@ibm.com> (Merged from https://github.com/openssl/openssl/pull/11439) (cherry picked from commit c61ced5e)
-
Bernd Edlinger authored
This was pointed out by a false-positive -fsanitizer warning ;-) However from the cryptographical POV the code is wrong: A point R^0 on the wrong curve is infinity on the wrong curve. [extended tests] Reviewed-by:
-
William Brawner authored
Fixes #10484 Signed-off-by:
William Brawner <me@wbrawner.com> Reviewed-by:
-
- 06 Apr, 2020 3 commits
-
-
Tomas Mraz authored
Accept verification without -x509_strict and reject it with it. Reviewed-by:
-
Tomas Mraz authored
If we encounter certificate with basic constraints CA:false, pathlen present and X509_V_FLAG_X509_STRICT is set we set X509_V_ERR_INVALID_EXTENSION error. Reviewed-by:
-
Tomas Mraz authored
Do not mark such certificates with EXFLAG_INVALID although they violate the RFC 5280, they are syntactically correct and openssl itself can produce such certificates without any errors with command such as: openssl x509 -req -signkey private.pem -in csr.pem -out cert.pem \ -extfile <(echo "basicConstraints=CA:FALSE,pathlen:0") With the commit ba4356ae the EXFLAG_INVALID causes openssl to not consider such certificate even as leaf self-signed certificate which is breaking existing installations. Fixes: #11456 Reviewed-by:
-
- 03 Apr, 2020 1 commit
-
-
Matt Caswell authored
Explain that XTS does not support streaming, and that the IV value is the tweak. Reviewed-by:
-
- 01 Apr, 2020 2 commits
-
-
Billy Brumley authored
- Convert to affine coords on ladder entry. This lets us use more efficient ladder step formulae. - Convert to affine coords on ladder exit. This prevents the current code awkwardness where conversion happens twice during serialization: first to fetch the buffer size, then again to fetch the coords. - Instead of projectively blinding the input point, blind both accumulators independently. (cherry picked from commit a4a93bbf) Reviewed-by:
-
Billy Brumley authored
Since these are KATs, the trailing randomness consumed by the ec module does not really matter. So make the fake random buffer circular. (cherry picked from commit 09736245) Reviewed-by:
-
- 31 Mar, 2020 3 commits
-
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by:
-
- 29 Mar, 2020 1 commit
-
-
Viktor Szakats authored
The fix consists of putting all destination directories between double-quotes to make the default (and any custom) prefixes containing spaces to work when doing 'make install'. Also enable CI test with x86 mingw cross-build. [extended tests] Reviewed-by:
-
- 25 Mar, 2020 2 commits
-
-
Tomas Mraz authored
Reviewed-by:
-
Tomas Mraz authored
This partially reverts commit db943f43. Reviewed-by:
-
- 24 Mar, 2020 1 commit
-
-
Richard Könning authored
CLA: trivial Reviewed-by:
-
- 22 Mar, 2020 1 commit
-
-
Bernd Edlinger authored
Basically we use EXFLAG_INVALID for all kinds of out of memory and all kinds of parse errors in x509v3_cache_extensions. [extended tests] Reviewed-by:
-
- 20 Mar, 2020 1 commit
-
-
FdaSilvaYY authored
Found by Coverity. Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
- 19 Mar, 2020 4 commits
-
-
Bernd Edlinger authored
BN_generate_prime_ex no longer avoids factors 3..17863 in p-1 when not computing safe primes. Reviewed-by:
-
Bernd Edlinger authored
Reviewed-by:
-
Bernd Edlinger authored
This should avoid half of the trial divisions in probable_prime_dh_safe and avoid bn_probable_prime_dh generating primes with special properties. Reviewed-by:
-
Bernd Edlinger authored
Currently probable_prime makes sure that p-1 does not have any prime factors from 3..17863, which is useful for safe primes, but not necessarily for the general case. Issue was initially reported here: MIRONOV, I. Factoring RSA Moduli II. https://windowsontheory.org/2012/05/17/factoring-rsa-moduli-part-ii/Reviewed-by:
-
- 17 Mar, 2020 1 commit
-
-
Matt Caswell authored
Reviewed-by:Paul Yang <kaishen.yy@antfin.com>
-
