| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
| |
private keys when signing. This is due to BN_mod_inverse() being used
without the constant time flag being set.
This issue was reported by Cesar Pereida Garcia and Billy Brumley
(Tampere University of Technology). The fix was developed by Cesar Pereida
Garcia.
|
| |
|
|
|
|
|
|
| |
records, otherwise a peer can potentially cause us to loop indefinately.
Return with an SSL_ERROR_WANT_READ instead, so that the caller can choose
when they want to handle further processing for this connection.
ok beck@ miod@
|
| | |
|
| |
|
|
| |
libssl.
|
| |
|
|
|
| |
TLS client repeatedly renegotiating and sending OCSP Status Request TLS
extensions.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
generation and parsing of OCSP requests. This remediates a lack of error
checking on time parsing in these functions, and ensures that only
GENERALIZEDTIME formats are accepted for OCSP, as per RFC 6960
Issues reported, and fixes provided by Kazuki Yamaguchi <k@rhe.jp>
and Kinichiro Inoguchi <kinichiro.inoguchi@gmail.com>
|
| |
|
|
| |
Mistake noted by Billy Brumley. Many thanks.
|
| |
|
|
|
|
|
| |
in constant time even if the flag BN_FLG_CONSTTIME is set. This issue
was reported by Cesar Pereida (Aalto University), Billy Brumley
(Tampere University of Technology), and Yuval Yarom (The University of
Adelaide and NICTA). The fix was developed by Cesar Pereida
|
| | |
|
| | |
|
| |
|
|
|
| |
The outer while() loop is missing, so we only read up to chunk_max bytes.
ok tedu
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
missing padding check in aesni functions
overflow in evp encode functions
use of invalid negative asn.1 types
ok beck
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add new root certificates present in Mozilla cert store from CA
organizations who are already in cert.pem (AddTrust, Comodo, DigiCert,
Entrust, GeoTrust, USERTrust).
- Replace Startcom's root with their updated sha256 version present in
Mozilla cert store. (They maintained serial# etc so this is still valid
for existing signed certificates).
- Add two root certificates from CA not previously present:
"C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
"C=PL, O=Unizeto Sp. z o.o., CN=Certum CA" (the latter used by yandex.ru)
We are still listing some certificates that have been removed from
Mozilla's store (1024-bit etc) however these cannot be removed until
cert validation is improved (we don't currently accept a certificate
as valid unless the CA is at the end of a chain).
|
| | |
|
| |
|
|
|
| |
prompted by a mail from jiri navratil
help/ok sthen
|
| | |
|
| |
|
|
| |
improvements sthen@, jmc@. okay millert@, jca@ jmc@
|
| |
|
|
|
|
| |
There is long-standing consensus that err(1, NULL) is the best idiom
after failure of malloc(3) and friends.
Quirk in the manual noticed by tb@.
|
| |
|
|
|
|
|
|
|
|
|
| |
(CN if available, otherwise OU).
Add a comment identifying the org. Now to get an easy-to-read list
of certificates in the file you can use "grep ^[#=] cert.pem".
Prepared with https://spacehopper.org/format-pem.20160201. If you would
like to verify this commit to ensure that I didn't sneak in any other
changes, it will be easier to use the script rather than do it by hand.
|
| |
|
|
|
|
|
|
|
| |
aren't really useful (the information can be obtained by feeding the cert
into "openssl x509 -in filename -text") and add a separator between certs
showing the CA's CN or OU (similar to the display format in web browsers).
Include both SHA1 and SHA256 fingerprints for all certificates.
ok beck@ zhuk@ jung@
|
| |
|
|
| |
from ray@, ok jmc@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
David CARLIER
|
| |
|
|
| |
This is of course a no-op on other platforms. Noted by equalsraf from github.
|
| |
|
|
|
|
|
|
| |
The 'A' option elevated warnings to errors, and has been the default for some
time. Then warnings were effectively eliminated in favor of everything
being an error, but then the 'a' flag turned real errors into warnings!
Remove the 'a' option entirely. You shouldn't have used it anyway.
ok tb tdeval
|
| |
|
|
|
|
|
|
| |
the examples.
Diff from Juuso Lapinlampi < wub () partyvan ! eu >, thanks!
ok schwarze@
|
| |
|
|
| |
fix from Andreas Bartelt <obsd at bartula.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Work around this particular case by reseeding whenever pid=1, but as guenther@
notes, directly calling clone(2), and then forking to match another pid,
provides other ways to bypass new process detection on Linux.
Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and
does not invent a corresponding mechanism to subvert it.
Noted by Sebastian Krahmer and the opmsg team.
See http://stealth.openwall.net/crypto/randup.c for a test program.
ok beck@
|
| | |
|
| | |
|
| |
|
|
| |
validate_junk. from Michal Mazurek
|
| |
|
|
| |
ok and valuable input from millert@
|
| |
|
|
| |
ok beck@
|
| |
|
|
| |
ok beck@
|
| |
|
|
| |
ok tedu@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
