| Commit message (Collapse) | Author | Files | Lines |
|---|
|
ok tb
from jcs
This is errata/7.2/026_ssl.patch.sig
|
|
from millert@; originally from djm@; OK deraadt@ florian@ bluhm@
this is errata/7.2/022_resolv.patch.sig
|
|
The ASN.1 template for GENERAL_NAME and its corresponding C structure
disagree on the type of the x400Address member. This results in an ASN.1
string to be considered as an ASN.1 type, which allows an attacker to read
(essentially) arbitrary memory. Fix this by forcing comparison as strings.
While the underlying type confusion has been present since time immemorial,
this particular bug came with the EdiPartyName fix (6.8/008_asn1.patch.sig).
Reported by David Benjamin, fix suggested by jsing.
Release date for this was set to be January 31. Unilaterally pushed back to
February 7 by OpenSSL by way of announcement of many completely unrelated
embargoed issues, some of which they had been sitting on since July 2020.
from tb@; OK beck@ jsing@
this is errata/7.2/018_x509.patch.sig
|
|
In r1.25 of tasn_enc.c a check was added to ensure that asn1_ex_i2c()
returned the same value on both calls, however in the ndef case the len
variable gets changed between calls. Keep a copy of the original value to
test against.
Issue reported by niklas, who encountered a test failure in rust-openssl.
ok miod@ tb@; from jsing
This is errata/7.2/002_asn1.patch.sig
|
|
In the case that a verification callback is installed that tells the
verifier to continue when a certificate is invalid (e.g. expired),
any error resulting from the leaf certificate verification is not stored
and made available post verification, resulting in an incorrect error being
returned.
Also perform leaf certificate verification prior to adding the chain, which
avoids a potential memory leak (as noted by tb@).
Issue reported by Ilya Shipitsin, who encountered haproxy regress failures.
ok tb@; from jsing
This is errata/7.2/001_x509.patch.sig
|
|
Symbols.list mistake: undefine aliases (except _cfb block ciphers which
are aliases for historical reasons). Use -Wl,--no-allow-shlib-undefined.
|
|
These functions were renamed in the last bump
#define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf #define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt
They don't appear in the compiled library itself, so no further bump
required.
Fixes libressl-portable/portable#791
Found the hard way by vollkommenheit
ok deraadt jsing
|
|
While RFC 8446 is clear about what legacy session identifiers can be sent
by a TLSv1.3 client and how middlebox compatibility mode is requested, it
is delightfully vague about the circumstances under which a client is
permitted to send CCS messages. While it does not make sense for a client
to send CCS messages when they are not requesting middlebox compatibility
mode, it is not strictly forbidden by the RFC and at least one (unknown)
TLSv1.3 stack has been observed to do this in the wild.
Revert part of the previous change and allow clients to send CCS messages,
even if they are not requesting middlebox compatibility mode.
Found the hard way by florian@
ok tb@
|
|
OK tb
|
|
IANA made a permanent registration in the SMI Security for S/MIME CMS
Content Type registry at
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1
for signed objects conforming to draft-ietf-sidrops-signed-tal.
OK tb@
|
|
These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.
ok tb@
|
|
|
|
Now that EVP_CIPHER is opaque, stop pretending that EVP_CIPHER cleanup can
fail.
ok tb@
|
|
|
|
This is no longer public API. Also remove some comments about i2c and c2i
functions being intentionally undocumented since they are no longer public.
|
|
From Joshua Sing
|
|
|
|
|
|
CID 356777
|
|
CID 356778
|
|
|
|
ok tb@
|
|
ok jsing
|
|
ok jsing
|
|
|
|
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
ok jsing
|
|
Various projects use bio_info_cb and BIO_info_cb interchangeably, for
example mupdf and freerdp. This is because this was changed in OpenSSL
commit fce78bd4 (2017), triggered by new warnings in gcc 8.
https://github.com/openssl/openssl/pull/4493
This results in some scary compiler warnings and useless patches in ports.
Nobody seems to be using the old bio_info_cb() version.
ok jsing
|
|
This removes c2i_ASN1_OBJECT(), {c2i,i2c}_ASN1_BIT_STRING() and
{c2i,i2c}_ASN1_INTEGER(). These are not part of the OpenSSL 1.1
API and should never have been exposed in the first place.
ok jsing
|
|
|
|
Only allow a TLSv1.3 client to request middlebox compatibility mode if
this is permitted. Ensure that the legacy session identifier is either
zero length or 32 bytes in length. Additionally, only allow CCS messages
on the server side if the client actually requested middlebox compatibility
mode.
ok tb@
|
|
Currently the TLSv1.3 client always permits the server to send CCS
messages. Be more strict and only permit this if the client is actually
requesitng middlebox compatibility mode.
ok tb@
|
|
ok tb@
|
|
ok tb@
|
|
because these inspire devotion to cargo cult in developers.
Cleanup suggested by kn@.
|
|
from josiah frentsos, tweaked by schwarze
ok schwarze
|
|
|
|
The length is decremented, however the input is repeatedly read from and
output written to the same position. Correct this by actually incrementing
the input and output pointers.
Found via OpenSSL 604e591ed7,
ok tb@
|
|
The BLOCK_CIPHER_* macros contained a bug where the total length is passed
to the underlying cipher implementation, rather than the length of the
current chunk. Correct this and use the chunk length instead.
Should address the remaining issues reported by Coverity.
ok tb@
|
|
ok tb@
|
