openbsd/src/lib/libcrypto/cms, branch libressl-v3.3.5A mirror of https://github.com/libressl/openbsd.git
https://git.lua4.win/openbsd/atom?h=libressl-v3.3.52020-06-05T16:51:12+00:00Remove remaining error *_str_functs[]2020-06-05T16:51:12+00:00jsing2020-06-05T16:51:12+00:00urn:sha1:6aa0c4f1ec702bb2c820322709abd9c1767842fa
A number of years ago we dropped the concept of having function names in
errors, since it is not that useful and very quickly gets out of sync when
refactoring. It would seem that some new ones got imported and some missed
the last clean up.
ok tb@ beck@ "kill it with fire"
Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.2019-10-04T18:03:56+00:00tb2019-10-04T18:03:56+00:00urn:sha1:03a0a727a85c64d9828255b797ef2d1d59c061df
(Note that the CMS code is currently disabled.)
Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license)
tests from bluhm@
ok jsing
commit e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sun Sep 1 00:16:28 2019 +0200
Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
An attack is simple, if the first CMS_recipientInfo is valid but the
second CMS_recipientInfo is chosen ciphertext. If the second
recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
encryption key will be replaced by garbage, and the message cannot be
decoded, but if the RSA decryption fails, the correct encryption key is
used and the recipient will not notice the attack.
As a work around for this potential attack the length of the decrypted
key must be equal to the cipher default key length, in case the
certifiate is not given and all recipientInfo are tried out.
The old behaviour can be re-enabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9777)
(cherry picked from commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37)
Provide a local version of X509_get0_subject_key_id()2019-08-12T18:13:13+00:00jsing2019-08-12T18:13:13+00:00urn:sha1:ec1073627f94774923660f4ee69df060acd2c9e0
It seems that the CMS code is currently the only code in existence that
uses this function.
Inline the equivalent of ASN1_TYPE_unpack_sequence().2019-08-12T18:04:57+00:00jsing2019-08-12T18:04:57+00:00urn:sha1:7c8a46223cec99e37573d6038deb91e18e16cad1Use ERR_asprintf_error_data() instead of ERR_add_error_data().2019-08-11T14:51:15+00:00jsing2019-08-11T14:51:15+00:00urn:sha1:babb0afaef354531f817f375069c37e12794eaa9Remove unsupported GOST 2012 NIDs.2019-08-11T14:35:57+00:00jsing2019-08-11T14:35:57+00:00urn:sha1:03082f8ab9daecd6cd479cf03389d86941e9e8faDisable DES3 since we do not currently provide DES3 keywrap.2019-08-11T14:27:01+00:00jsing2019-08-11T14:27:01+00:00urn:sha1:870d64fe8da4ea3ca7ce889baaf5d4b6da3549e0Remove label that is now unused (due to arc4random_buf() returning void).2019-08-11T14:19:09+00:00jsing2019-08-11T14:19:09+00:00urn:sha1:69f3f2221961fd8b29d0dd05bde074dfb9a1cda5Fix loading of CMS error strings.2019-08-11T14:18:38+00:00jsing2019-08-11T14:18:38+00:00urn:sha1:0946db36026818b2168f7bdab9764edc5c1d9a32Include string.h for explicit_bzero().2019-08-11T11:07:40+00:00jsing2019-08-11T11:07:40+00:00urn:sha1:dc29fc5c7d6f8943b8439f40ea45d9d323d04d77