forked from openssl/openssl
-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ossl111k merge #298
Merged
Merged
ossl111k merge #298
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#13632) (cherry picked from commit 74c8dd1)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from openssl#13635) (cherry picked from commit 7eea331)
A servername cb may change the available certificates, so if we have one set then we cannot rely on the configured certificates to determine if we are capable of negotiating TLSv1.3 or not. Fixes openssl#13291 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from openssl#13305)
If an SNI callback has been set then we may have no certificuates suitable for TLSv1.3 use configured for the current SSL_CTX. This should not prevent us from negotiating TLSv1.3, since we may change the SSL_CTX by the time we need a suitable certificate. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from openssl#13305)
Define B_ENDIAN on PowerPC because it is a big endian architecture. With this change the BN* related tests pass. Fixes: openssl#12199 Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from openssl#12371) (cherry picked from commit 52c6c12)
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#13686) (cherry picked from commit 4159ebc)
This is a backport of the documentation from openssl#13620. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from openssl#13691)
'check-update' runs a 'make update' to check that it wasn't forgotten. 'check-docs' runs 'make doc-nits'. We have that as a separate job to make it more prominent. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from openssl#13701) (cherry picked from commit 8175476)
When X509_ATTRIBUTE_create() receives an invalid NID (e.g., -1), return failure rather than silently constructing a broken X509_ATTRIBUTE object that might cause NULL pointer accesses later on. This matters because X509_ATTRIBUTE_create() is used by API functions like PKCS7_add_attribute(3) and the NID comes straight from the user. This bug was found while working on LibreSSL documentation. Reviewed-by: Theo Buehler <tb@openbsd.org> CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from openssl#12052) (cherry picked from commit c4b2c53)
Backport of openssl#13394 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from openssl#13637)
This backports openssl#13764. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from openssl#13769)
I.e.: error: out of range immediate fixup value This fix is identical to one of the changes made in 3405db9, which I discovered right after taking a quick stab at fixing this. CLA: trivial Fixes openssl#7878 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from openssl#13757)
Our free functions should be able to deal with the case where the object being freed is NULL. This turns out to not be quite the case for DTLS related objects. Fixes openssl#13649 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from openssl#13655) (cherry picked from commit d0afb30)
Fixes openssl#13183 From the original issue report, before this commit, on master and on 1.1.1, the issue can be detected with the following steps: - Start with a default SSL_CTX, initiate a TLS 1.3 connection with SNI, "Accept" count of default context gets incremented - After servername lookup, "Accept" count of default context gets decremented and that of SNI context is incremented - Server sends a "Hello Retry Request" - Client sends the second "Client Hello", now again "Accept" count of default context is decremented. Hence giving a negative value. This commit fixes it by adding a check on `s->hello_retry_request` in addition to `SSL_IS_FIRST_HANDSHAKE(s)`, to ensure the counter is moved only on the first ClientHello. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from openssl#13297)
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from openssl#13772)
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#13821) (cherry picked from commit b57ec73)
when possible using the getauxval equivalent which has similar ids as Linux, instead of bad instructions catch approach. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#13650) (cherry picked from commit 5eb24fb)
Pull in check from openssl#10878 Move disabling of pic, threads and statics up higher before they are checked. Fixes openssl#12772 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#12773)
Fixes openssl#13840 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#13857) (cherry picked from commit 4369a88)
…o due to invalid cert This is the backport of openssl#13755 to v1.1.1. Fixes openssl#13698 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from openssl#13756)
...in case the candidate issuer cert is identical to the target cert. Fixes openssl#13739 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from openssl#13749)
There were a number of older style references to the pass phrase options section, now streamlined with the current openssl(1). Fixes openssl#13883 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from openssl#13886)
Also add a new no-deprecated CI build to test it. Fixes openssl#13896 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from openssl#13902)
SRP_Calc_client_key calls BN_mod_exp with private data. However it was not setting BN_FLG_CONSTTIME and therefore not using the constant time implementation. This could be exploited in a side channel attack to recover the password. Since the attack is local host only this is outside of the current OpenSSL threat model and therefore no CVE is assigned. Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this issue. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#13889)
Fixes openssl#13910 CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#13911) (cherry picked from commit 6857058)
There are some options that seem to belong to the legacy build. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from openssl#13903) (cherry picked from commit adcaebc)
At this point, we have transitioned completely from Travis to GitHub Actions Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#13941)
This (re-)allows RSA-PSS signers Fixes openssl#13931 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#13982)
Fixes openssl#13815 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#14029) (cherry picked from commit af403db)
Fixes openssl#11940 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from openssl#14388)
CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14469) (cherry picked from commit 1aa7ecd)
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14584) (cherry picked from commit 145f12d)
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14584) (cherry picked from commit b875e0e)
Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14585) (cherry picked from commit 3de7f01)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#14586) (cherry picked from commit 7e7e034)
Some of the callbacks in rand_lib.c were being invoked without the RUN_ONCE for that file being called. We add it during rand_pool_new which should cover all cases. Fixes openssl#7870 Fixes openssl#11144 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#14603)
When encountering a badly coded item, the DER printer (ASN1_print_dump()) sets a flag to ensure that an additional hex dump of the offending content is printed as part of the output. Unfortunately, this flag is never reset, which means that all following items are printed with the extra hex dump, whether they are faulty or not. Resetting the flag after hex dumping ensures that only the faulty contents are printed with the additional hex dump. Fixes openssl#14626 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from openssl#14627) (cherry picked from commit 6e34a10)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14639)
…urve The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates with explicitly encoded elliptic curve parameters in the chain was added to the strict checks. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then a subsequent check that the certificate is consistent with that purpose also checks that it is a valid CA. Therefore where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overriden by an application. Affected applications explicitly set the X509_V_FLAG_X509_STRICT verification flag and either do not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose to make it not set. CVE-2021-3450 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
Previously TLSProxy only knew how to "repack" messages for TLSv1.3. Most of the handshake in <= TLSv1.2 is unencrypted so this hasn't been too much of restriction. However we now want to modify reneg handshakes which are encrypted so we need to add that capability. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
We perform a reneg handshake, where the second ClientHello drops the sig_algs extension. It must also contain cert_sig_algs for the test to work. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
As the variable peer_sigalgslen is not cleared on ssl rehandshake, it's possible to crash an openssl tls secured server remotely by sending a manipulated hello message in a rehandshake. On such a manipulated rehandshake, tls1_set_shared_sigalgs() calls tls12_shared_sigalgs() with the peer_sigalgslen of the previous handshake, while the peer_sigalgs has been freed. As a result tls12_shared_sigalgs() walks over the available peer_sigalgs and tries to access data of a NULL pointer. This issue was introduced by c589c34 (Add support for the TLS 1.3 signature_algorithms_cert extension, 2018-01-11). Signed-off-by: Peter Kästle <peter.kaestle@nokia.com> Signed-off-by: Samuel Sapalski <samuel.sapalski@nokia.com> CVE-2021-3449 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Following on from CVE-2021-3449 which was caused by a non-zero length associated with a NULL buffer, other buffer/length pairs are updated to ensure that they too are always in sync. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
christianpaquin
requested changes
Mar 25, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. We should update our README.md, which still has an old reference:
This fork is currently in sync with the OpenSSL_1_1_1g tag, and adds the following:
Corrected. |
christianpaquin
approved these changes
Mar 26, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #297