forked from spesmilo/electrum
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This has some important fixes: * Fixed a problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. ([CVE-2021-3450]) * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. ([CVE-2021-3449]) AFAICT we are not affected by CVE-2021-3450, but the Fusion/Shuffle server is affected by CVE-2021-3449.
- Loading branch information
Showing
1 changed file
with
1 addition
and
1 deletion.
There are no files selected for viewing
Submodule openssl
updated
30 files
+21 −0 | .github/workflows/ci.yml | |
+44 −0 | CHANGES | |
+2 −2 | Configurations/unix-Makefile.tmpl | |
+8 −0 | NEWS | |
+2 −2 | README | |
+3 −2 | apps/s_cb.c | |
+3 −2 | apps/s_time.c | |
+2 −1 | crypto/asn1/asn1_par.c | |
+3 −1 | crypto/asn1/bio_ndef.c | |
+15 −2 | crypto/engine/eng_devcrypto.c | |
+1 −1 | crypto/evp/evp_enc.c | |
+5 −3 | crypto/modes/cbc128.c | |
+3 −3 | crypto/modes/gcm128.c | |
+3 −3 | crypto/o_time.c | |
+6 −2 | crypto/rand/rand_lib.c | |
+1 −1 | crypto/rsa/rsa_ssl.c | |
+8 −4 | crypto/x509/x509_vfy.c | |
+1 −1 | fuzz/x509.c | |
+3 −3 | include/openssl/opensslv.h | |
+5 −2 | ssl/s3_lib.c | |
+12 −4 | ssl/ssl_lib.c | |
+4 −0 | ssl/statem/extensions.c | |
+13 −3 | ssl/statem/extensions_clnt.c | |
+7 −1 | ssl/statem/statem_clnt.c | |
+15 −4 | ssl/statem/statem_srvr.c | |
+36 −2 | test/recipes/70-test_renegotiation.t | |
+2 −2 | test/rsa_test.c | |
+14 −2 | test/verify_extra_test.c | |
+2 −2 | tools/c_rehash.in | |
+31 −8 | util/perl/TLSProxy/Message.pm |