openbsd/src/lib/libcrypto/pkcs7, branch libressl-v3.2.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.2.0 2020-01-21T10:18:52+00:00 Remove redundant ASN1_INTEGER_set call in PKCS7_set_type 2020-01-21T10:18:52+00:00 inoguchi 2020-01-21T10:18:52+00:00 urn:sha1:9d1713eaf0862da800da4850ae07448cb03b393a ok bcook@ Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. 2019-10-04T18:03:56+00:00 tb 2019-10-04T18:03:56+00:00 urn:sha1:03a0a727a85c64d9828255b797ef2d1d59c061df (Note that the CMS code is currently disabled.) Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license) tests from bluhm@ ok jsing commit e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Sun Sep 1 00:16:28 2019 +0200 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack. As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9777) (cherry picked from commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37) Fix a number of ASN1_INTEGER vs ASN1_STRING mixups coming from the 2019-03-13T20:34:00+00:00 tb 2019-03-13T20:34:00+00:00 urn:sha1:5ac8b80c66d7d9f6dab1bfdf23f0578eb05dffa0 mechanical M_ASN1 macro expansion. The ASN1_INTEGER_cmp function takes signs into account while ASN1_STRING_cmp doesn't. The mixups mostly involve serialNumbers, which, in principle, should be positive. However, it is unclear whether that is checked or enforced anywhere in the code, so these are probably bugs. Patch from Holger Mikolon ok jsing use freezero() instead of memset/explicit_bzero + free. Substantially 2017-05-02T03:59:45+00:00 deraadt 2017-05-02T03:59:45+00:00 urn:sha1:5904cc0e04409fde39a97e6580535da34eeb4291 reduces conditional logic (-218, +82). MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and BN_FLG_STATIC_DATA where the condition cannot be collapsed completely. Passes regress. ok beck Send the function codes from the error functions to the bit bucket, 2017-01-29T17:49:23+00:00 beck 2017-01-29T17:49:23+00:00 urn:sha1:d1f47bd292f36094480caa49ada36b99a69c59b0 as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@ Expand ASN1_ITEM_rptr macros - no change in generated assembly. 2016-12-30T15:38:13+00:00 jsing 2016-12-30T15:38:13+00:00 urn:sha1:d4b09bfd41d8d40b82b197b4ec8b0232cd6ee1fa Expand DECLARE_ASN1_{NDEF,PRINT}_FUNCTION macros - no change in 2016-12-27T16:12:47+00:00 jsing 2016-12-27T16:12:47+00:00 urn:sha1:88eca948401bc84800904fce043f4ca513c36349 preprocesssor output. Remove all DECLARE_ASN1_SET_OF macro usage - since 2000 these have been 2016-12-27T16:05:57+00:00 jsing 2016-12-27T16:05:57+00:00 urn:sha1:0bde81f3db44da2391092cc43925c8351096c73c nothing but markers for utils/mkstack.pl... and we removed the code that generated more macros from these markers in 2014. Expand DECLARE_ASN1_ITEM - no change to preprocessor output. 2016-12-27T15:35:59+00:00 jsing 2016-12-27T15:35:59+00:00 urn:sha1:50debf61d5f52106f032525ed745d120470ca545 More X509_STORE_CTX_set_*() return value checks. 2016-11-05T15:19:07+00:00 miod 2016-11-05T15:19:07+00:00 urn:sha1:f72470bc783a016dc0f537ddde0f7868dcf634f4 ok beck@ jsing@