This repository was archived by the owner on May 6, 2022. It is now read-only.
Update to OpenSSL 1.0.2o #56
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Reviewed-by: Andy Polyakov <[email protected]>
Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#4866)
Fixes openssl#4865 Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#4866)
Fixes openssl#2533 The call to FIPS_crypto_set_id_callback() was added in revision a43cfd7, but there is no prototype for it in <openssl/fips.h>. Signed-off-by: Dr. Matthias St. Pierre <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#4870)
Some compilers react badly to non-ASCII characters Fixes openssl#4877 Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#4879)
Pointer 'o' is set inside a local buffer, so it can't be NULL. Also fix coding style and add comments Reviewed-by: Tim Hudson <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#4754) (cherry picked from commit cef115f)
Reviewed-by: Andy Polyakov <[email protected]> (Merged from openssl#4875)
They are from the 1.1.0 or master branches Fixes openssl#4863 Reviewed-by: Tim Hudson <[email protected]> (Merged from openssl#4887)
Looking for 'gcc' and 'clang' in the output from the C compiler is uncertain. Some versions report argv[0], which might be /usr/bin/cc (for example), and others might mention gcc without being gcc or a derivate. Better then to fetch predefined macros and checking if __GNUC__ and __clang__ are defined. Reviewed-by: Andy Polyakov <[email protected]> (Merged from openssl#4755)
SSL_trace() has a case which was inadvertently falling through. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#4888) (cherry picked from commit 5bfb357)
Also documented X509_V_FLAG_TRUSTED_FIRST Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Rich Salz <[email protected]>
Reviewed-by: Ben Kaduk <[email protected]> Reviewed-by: Paul Dale <[email protected]>
…our. Reviewed-by: Kurt Roeckx <[email protected]> (Merged from openssl#4974) (cherry picked from commit 8af7e94)
A backport of openssl#4997. Fixes openssl#4996. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Bernd Edlinger <[email protected]> (Merged from openssl#5020)
Thanks to Douglas Fyfe @ VSI for making me aware of this Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#5017)
Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#5017)
Reviewed-by: Ben Kaduk <[email protected]> (Merged from openssl#4906) (cherry picked from commit 794bf5f)
In the case of a protocol version alert being sent by a peer the record version number may not be what we are expecting. In DTLS records with an unexpected version number are silently discarded. This probably isn't appropriate for alerts, so we tolerate a mismatch in the minor version number. This resolves an issue reported on openssl-users where an OpenSSL server chose DTLS1.0 but the client was DTLS1.2 only and sent a protocol_version alert with a 1.2 record number. This was silently ignored by the server. Reviewed-by: Viktor Dukhovni <[email protected]> (Merged from openssl#5019)
Commit 9f94429 changed the semantics of BN_copy() to additionally copy the BN_FLG_CONSTTIME flag if it is set. This turns out to be ill advised as it has unintended consequences. For example calling BN_mod_inverse_no_branch() can sometimes return a result with the flag set and sometimes not as a result. This can lead to later failures if we go down code branches that do not support constant time, but check for the presence of the flag. The original commit was made due to an issue in BN_MOD_CTX_set(). The original PR fixed the problem in that function, but it was changed in review to fix it in BN_copy() instead. The solution seems to be to revert the BN_copy() change and go back to the originally proposed way. Reviewed-by: Paul Dale <[email protected]> (Merged from openssl#5080) (cherry picked from commit 7d46173)
Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#5121) (cherry picked from commit 7c24f9d)
Misconfiguration (e.g. an empty policy section in the config file) can lead to an empty Subject. Since certificates should have unique Subjects this should not be allowed. Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#5115)
An index.txt entry which has an empty Subject name field will cause ca to crash. Therefore check it when we load it to make sure its not empty. Fixes openssl#5109 Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#5115)
CLA: trivial Signed-off-by: Cristian Stoica <[email protected]> Reviewed-by: Rich Salz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#1449)
CLA: trivial Signed-off-by: Cristian Stoica <[email protected]> Reviewed-by: Rich Salz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#1449)
If tlsext ticket decrypt callback returns error, cleanup ctxs Reviewed-by: Rich Salz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#3273)
…mtime. Updated uses of gmtime to now call OPENSSL_gmtime instead. Used similar preprocessor logic to make sure localtime_r is called instead of localtime when applicable. Reviewed-by: Rich Salz <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl#3609)
Reviewed-by: Bernd Edlinger <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#5142) (cherry picked from commit a26dd46)
Backport from openssl#5141 Reviewed-by: Viktor Dukhovni <[email protected]> Reviewed-by: Bernd Edlinger <[email protected]> (Merged from openssl#5151) (cherry picked from commit 8b2124a)
Thanks to Yun Jiang for pointing this out. Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl#5164)
In TLS we have a check to make sure an incoming reneg ClientHello is acceptable. The equivalent check is missing in the DTLS code. This means that if a client does not signal the ability to handle secure reneg in the initial handshake, then a subsequent reneg handshake should be rejected by the server. In the DTLS case the reneg was being allowed if the the 2nd ClientHello had a renegotiation_info extension. This is incorrect. While incorrect, this does not represent a security issue because if the renegotiation_info extension is present in the second ClientHello it also has to be *correct*. Therefore this will only work if both the client and server believe they are renegotiating, and both know the previous Finished result. This is not the case in an insecure rengotiation attack. I have also tidied up the check in the TLS code and given a better check for determining whether we are renegotiating or not. Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#5192)
Reviewed-by: Tim Hudson <[email protected]> (Merged from openssl#5504)
99bb59d at ssl_scan_clienthello_tlsext Reviewed-by: Rich Salz <[email protected]> Reviewed-by: Kurt Roeckx <[email protected]> (Merged from openssl#5507)
BIO_get_mem_data() and BIO_get_mem_ptr() assign to *pp, not pp Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#5544)
Reviewed-by: Andy Polyakov <[email protected]> (Merged from openssl#5566)
Reviewed-by: Andy Polyakov <[email protected]> GH: openssl#5582
If a mem allocation failed we would ignore it. This commit fixes it to always check. Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#5596) (cherry picked from commit 4718f44)
We should be using ASN1_OBJECT_free() not OPENSSL_free(). Fixes openssl#5568 Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#5599)
The void* needs to be cast to a char* first. Fixes openssl#5614 Reviewed-by: Tim Hudson <[email protected]> (Merged from openssl#5615)
This reverts commit dd37f6f. Empty Subjects are permissible. Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl#5445)
This reverts commit a3d684f. Empty Subjects are permissible Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl#5445)
Commit 87e8fec (16 years ago!) introduced a bug where if we are attempting to insert a cert with a duplicate subject name, and duplicate subject names are not allowed (which is the default), then we get an unhelpful error message back (error number 2). Prior to that commit we got a helpful error message which displayed details of the conflicting entry in the database. That commit was itself attempting to fix a bug with the noemailDN option where we were setting the subject field in the database too early (before extensions had made any amendments to it). This PR moves the check for a conflicting Subject name until after all changes to the Subject have been made by extensions etc. This also, co-incidentally Fixes the ca crashing bug described in issue 5109. Fixes openssl#5109 Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl#5445)
It is quite likely for there to be multiple certificates with empty subjects, which are still distinct because of subjectAltName. Therefore we allow multiple certificates with an empty Subject even if unique_subject is set to yes. Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl#5445)
Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl#5445)
Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#5450)
…nnel attacks on RSA key generation Reviewed-by: Rich Salz <[email protected]> Reviewed-by: Kurt Roeckx <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#5170) (cherry picked from commit 9db724c)
Reviewed-by: Rich Salz <[email protected]> Reviewed-by: Kurt Roeckx <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#5170) (cherry picked from commit 011f82e)
Reviewed-by: Rich Salz <[email protected]> Reviewed-by: Kurt Roeckx <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#5170) (cherry picked from commit 7150a47)
Fixes openssl#5711 Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#5712) (cherry picked from commit ab0a391)
Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#5741) (cherry picked from commit 4bdc25b)
Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#5744) (cherry picked from commit 5281435)
Constructed types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. Therefore we limit the stack depth. CVE-2018-0739 Credit to OSSFuzz for finding this issue. Reviewed-by: Rich Salz <[email protected]>
Reviewed-by: Richard Levitte <[email protected]>
Reviewed-by: Richard Levitte <[email protected]>
Reviewed-by: Richard Levitte <[email protected]>
Reviewed-by: Richard Levitte <[email protected]>
…1_0_2_WinRT-stable
Author
Closed
|
Thanks a lot @MouriNaruto, I've validated and merged the changes. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
16 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
First, I read the #54 .
So I merge OpenSSL 1.0.2o to my branch and I hope Microsoft's fork can merge it.
Mouri