This project is mirrored from https://github.com/openssl/openssl.git.
Pull mirroring failed .
Last successful update .
Last successful update .
- 16 Feb, 2021 9 commits
-
-
Matt Caswell authored
Reviewed-by:Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
Matt Caswell authored
CVE-2021-23840 Reviewed-by:Paul Dale <pauli@openssl.org>
-
Matt Caswell authored
We test all three cases: - An SSLv2 only client talking to a TLS capable server - A TLS capable client talking to an SSLv2 only server - A TLS capable client talking to a TLS capable server (should fail due to detecting a rollback attack) Reviewed-by: -
Matt Caswell authored
This also fixes the public function RSA_padding_check_SSLv23. Commit 6555a894 changed the padding check logic in RSA_padding_check_SSLv23 so that padding is rejected if the nul delimiter byte is not immediately preceded by at least 8 bytes containing 0x03. Prior to that commit the padding is rejected if it *is* preceded by at least 8 bytes containing 0x03. Presumably this change was made to be consistent with what it says in appendix E.3 of RFC 5246. Unfortunately that RFC is in error, and the original behaviour was correct. This is fixed in later errata issued for that RFC. This has no impact on libssl for modern versions of OpenSSL because there is no protocol support for SSLv2 in these versions. However applications that call RSA_paddin_check_SSLv23 directly, or use the RSA_SSLV23_PADDING mode may still be impacted. The effect of the original error is that an RSA message encrypted by an SSLv2 only client will fail to be decrypted properly by a TLS capable server, or a message encrypted by a TLS capable client will fail to decrypt on an SSLv2 only server. Most significantly an RSA message encrypted by a TLS capable client will be successfully decrypted by a TLS capable server. This last case should fail due to a rollback being detected. Thanks to D. Katz and Joel Luellwitz (both from Trustwave) for reporting this issue. CVE-2021-23839 Reviewed-by:
-
Matt Caswell authored
Reduce code copying by factoring out common code into a separate function. Reviewed-by: -
Matt Caswell authored
Provide a certificate with a bad issuer and check that X509_issuer_and_serial_hash doesn't crash. Reviewed-by:
-
Matt Caswell authored
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. CVE-2021-23841 Reviewed-by:
-
- 12 Feb, 2021 2 commits
-
-
Richard Levitte authored
This mostly clarifies details. Fixes #13789 Reviewed-by:
Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13834)
-
Richard Levitte authored
DCL has a total command line limitation that's too easily broken by them. We solve them by creating separate message scripts and using them. Fixes #13789 Reviewed-by:
-
- 10 Feb, 2021 1 commit
-
-
Benjamin Kaduk authored
This field has not been used since #3858 was merged in 2017 when we moved to a table-based lookup for certificate type properties instead of an index-based one. Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/13991) (cherry picked from commit 3bc0b621)
-
- 07 Feb, 2021 2 commits
-
-
Richard Levitte authored
'no-tests' wasn't entirely respected by test/build.info. Reviewed-by:
-
Richard Levitte authored
The options listed in the array @disablables are regular expressions. For most of them, it's not visible, but there are a few. However, configdata.pm didn't quite treat them that way, which meant that the few that are visibly regular expressions, there's a difference between that and the corresponding the key in %disabled, which is never a regular expression. To correctly display the enabled and disabled options with --dump, we must therefore go through a bit of Perl gymnastics to get the output correct enough, primarly so that disabled features don't look enabled. Fixes #13790 Reviewed-by:
-
- 05 Feb, 2021 1 commit
-
-
Jay Satiro authored
CLA: trivial Reviewed-by:
Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/14078)
-
- 04 Feb, 2021 1 commit
-
-
Bernd Edlinger authored
This folder "../apps/include" is accidentally created. This prevents this glitch. Fixes 19b4fe58 ("Add a CMAC test") Reviewed-by:
-
- 03 Feb, 2021 1 commit
-
-
Armin Fuerst authored
Fixes #13944 + changed ASN1_UTCTIME to ASN1_TIME + removed all Y2K code from do_updatedb + changed compare to ASN1_TIME_compare Reviewed-by:
-
- 02 Feb, 2021 1 commit
-
-
Dr. Matthias St. Pierre authored
Fixes #13815 Reviewed-by:
-
- 28 Jan, 2021 1 commit
-
-
Dr. David von Oheimb authored
This (re-)allows RSA-PSS signers Fixes #13931 Reviewed-by:
-
- 25 Jan, 2021 1 commit
-
-
Richard Levitte authored
At this point, we have transitioned completely from Travis to GitHub Actions Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
- 21 Jan, 2021 2 commits
-
-
Tomas Mraz authored
There are some options that seem to belong to the legacy build. Reviewed-by:
Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13903) (cherry picked from commit adcaebc3)
-
Tim Hitchins authored
Fixes #13910 CLA: trivial Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
- 20 Jan, 2021 1 commit
-
-
Matt Caswell authored
SRP_Calc_client_key calls BN_mod_exp with private data. However it was not setting BN_FLG_CONSTTIME and therefore not using the constant time implementation. This could be exploited in a side channel attack to recover the password. Since the attack is local host only this is outside of the current OpenSSL threat model and therefore no CVE is assigned. Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this issue. Reviewed-by:
-
- 19 Jan, 2021 2 commits
-
-
Tomas Mraz authored
Also add a new no-deprecated CI build to test it. Fixes #13896 Reviewed-by:
David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/13902)
-
Richard Levitte authored
There were a number of older style references to the pass phrase options section, now streamlined with the current openssl(1). Fixes #13883 Reviewed-by:
-
- 14 Jan, 2021 6 commits
-
-
Dr. David von Oheimb authored
...in case the candidate issuer cert is identical to the target cert. Fixes #13739 Reviewed-by:
Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13749)
-
Dr. David von Oheimb authored
This is the backport of #13755 to v1.1.1. Fixes #13698 Reviewed-by:
-
Dmitry Belyavskiy authored
Fixes #13840 Reviewed-by:
-
Todd Short authored
Pull in check from #10878 Move disabling of pic, threads and statics up higher before they are checked. Fixes #12772 Reviewed-by:
-
David Carlier authored
when possible using the getauxval equivalent which has similar ids as Linux, instead of bad instructions catch approach. Reviewed-by:
Ben Kaduk <kaduk@mit.edu> Reviewed-by:
-
David Carlier authored
Reviewed-by:
-
- 10 Jan, 2021 1 commit
-
-
Billy Brumley authored
Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13772)
-
- 08 Jan, 2021 2 commits
-
-
anupamam13 authored
Fixes #13183 From the original issue report, before this commit, on master and on 1.1.1, the issue can be detected with the following steps: - Start with a default SSL_CTX, initiate a TLS 1.3 connection with SNI, "Accept" count of default context gets incremented - After servername lookup, "Accept" count of default context gets decremented and that of SNI context is incremented - Server sends a "Hello Retry Request" - Client sends the second "Client Hello", now again "Accept" count of default context is decremented. Hence giving a negative value. This commit fixes it by adding a check on `s->hello_retry_request` in addition to `SSL_IS_FIRST_HANDSHAKE(s)`, to ensure the counter is moved only on the first ClientHello. CLA: trivial Reviewed-by:
Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13297)
-
Matt Caswell authored
Our free functions should be able to deal with the case where the object being freed is NULL. This turns out to not be quite the case for DTLS related objects. Fixes #13649 Reviewed-by:
-
- 07 Jan, 2021 1 commit
-
-
Ole André Vadla Ravnås authored
I.e.: error: out of range immediate fixup value This fix is identical to one of the changes made in 3405db97, which I discovered right after taking a quick stab at fixing this. CLA: trivial Fixes #7878 Reviewed-by:
-
- 04 Jan, 2021 1 commit
-
-
Dr. David von Oheimb authored
This backports #13764. Reviewed-by:
-
- 30 Dec, 2020 1 commit
-
-
David Carlier authored
Backport of #13394 Reviewed-by:
-
- 21 Dec, 2020 1 commit
-
-
Ingo Schwarze authored
When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), return failure rather than silently constructing a broken X509_ATTRIBUTE object that might cause NULL pointer accesses later on. This matters because X509_ATTRIBUTE_create() is used by API functions like PKCS7_add_attribute(3) and the NID comes straight from the user. This bug was found while working on LibreSSL documentation. Reviewed-by:
Theo Buehler <tb@openbsd.org> CLA: trivial Reviewed-by:
-
- 19 Dec, 2020 1 commit
-
-
Richard Levitte authored
'check-update' runs a 'make update' to check that it wasn't forgotten. 'check-docs' runs 'make doc-nits'. We have that as a separate job to make it more prominent. Reviewed-by:
-
- 18 Dec, 2020 1 commit
-
-
Rich Salz authored
This is a backport of the documentation from #13620. Reviewed-by:
-
