This repository was archived by the owner on May 6, 2022. It is now read-only.
Update to OpenSSL 1.0.2o #56
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#4866)
Fixes openssl#4865 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#4866)
Fixes openssl#2533 The call to FIPS_crypto_set_id_callback() was added in revision a43cfd7, but there is no prototype for it in <openssl/fips.h>. Signed-off-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#4870)
Some compilers react badly to non-ASCII characters Fixes openssl#4877 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#4879)
Pointer 'o' is set inside a local buffer, so it can't be NULL. Also fix coding style and add comments Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#4754) (cherry picked from commit cef115f)
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from openssl#4875)
They are from the 1.1.0 or master branches Fixes openssl#4863 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from openssl#4887)
Looking for 'gcc' and 'clang' in the output from the C compiler is uncertain. Some versions report argv[0], which might be /usr/bin/cc (for example), and others might mention gcc without being gcc or a derivate. Better then to fetch predefined macros and checking if __GNUC__ and __clang__ are defined. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from openssl#4755)
SSL_trace() has a case which was inadvertently falling through. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#4888) (cherry picked from commit 5bfb357)
Also documented X509_V_FLAG_TRUSTED_FIRST Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <paul.dale@oracle.com>
…our. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from openssl#4974) (cherry picked from commit 8af7e94)
A backport of openssl#4997. Fixes openssl#4996. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from openssl#5020)
Thanks to Douglas Fyfe @ VSI for making me aware of this Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#5017)
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#5017)
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from openssl#4906) (cherry picked from commit 794bf5f)
In the case of a protocol version alert being sent by a peer the record version number may not be what we are expecting. In DTLS records with an unexpected version number are silently discarded. This probably isn't appropriate for alerts, so we tolerate a mismatch in the minor version number. This resolves an issue reported on openssl-users where an OpenSSL server chose DTLS1.0 but the client was DTLS1.2 only and sent a protocol_version alert with a 1.2 record number. This was silently ignored by the server. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from openssl#5019)
Commit 9f94429 changed the semantics of BN_copy() to additionally copy the BN_FLG_CONSTTIME flag if it is set. This turns out to be ill advised as it has unintended consequences. For example calling BN_mod_inverse_no_branch() can sometimes return a result with the flag set and sometimes not as a result. This can lead to later failures if we go down code branches that do not support constant time, but check for the presence of the flag. The original commit was made due to an issue in BN_MOD_CTX_set(). The original PR fixed the problem in that function, but it was changed in review to fix it in BN_copy() instead. The solution seems to be to revert the BN_copy() change and go back to the originally proposed way. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from openssl#5080) (cherry picked from commit 7d46173)
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#5121) (cherry picked from commit 7c24f9d)
Misconfiguration (e.g. an empty policy section in the config file) can lead to an empty Subject. Since certificates should have unique Subjects this should not be allowed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#5115)
An index.txt entry which has an empty Subject name field will cause ca to crash. Therefore check it when we load it to make sure its not empty. Fixes openssl#5109 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#5115)
CLA: trivial Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#1449)
CLA: trivial Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#1449)
If tlsext ticket decrypt callback returns error, cleanup ctxs Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#3273)
…mtime. Updated uses of gmtime to now call OPENSSL_gmtime instead. Used similar preprocessor logic to make sure localtime_r is called instead of localtime when applicable. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#3609)
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#5142) (cherry picked from commit a26dd46)
Backport from openssl#5141 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from openssl#5151) (cherry picked from commit 8b2124a)
Thanks to Yun Jiang for pointing this out. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#5164)
In TLS we have a check to make sure an incoming reneg ClientHello is acceptable. The equivalent check is missing in the DTLS code. This means that if a client does not signal the ability to handle secure reneg in the initial handshake, then a subsequent reneg handshake should be rejected by the server. In the DTLS case the reneg was being allowed if the the 2nd ClientHello had a renegotiation_info extension. This is incorrect. While incorrect, this does not represent a security issue because if the renegotiation_info extension is present in the second ClientHello it also has to be *correct*. Therefore this will only work if both the client and server believe they are renegotiating, and both know the previous Finished result. This is not the case in an insecure rengotiation attack. I have also tidied up the check in the TLS code and given a better check for determining whether we are renegotiating or not. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#5192)
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from openssl#5504)
99bb59d at ssl_scan_clienthello_tlsext Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from openssl#5507)
BIO_get_mem_data() and BIO_get_mem_ptr() assign to *pp, not pp Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#5544)
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from openssl#5566)
Reviewed-by: Andy Polyakov <appro@openssl.org> GH: openssl#5582
If a mem allocation failed we would ignore it. This commit fixes it to always check. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#5596) (cherry picked from commit 4718f44)
We should be using ASN1_OBJECT_free() not OPENSSL_free(). Fixes openssl#5568 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#5599)
The void* needs to be cast to a char* first. Fixes openssl#5614 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from openssl#5615)
This reverts commit dd37f6f. Empty Subjects are permissible. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#5445)
This reverts commit a3d684f. Empty Subjects are permissible Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#5445)
Commit 87e8fec (16 years ago!) introduced a bug where if we are attempting to insert a cert with a duplicate subject name, and duplicate subject names are not allowed (which is the default), then we get an unhelpful error message back (error number 2). Prior to that commit we got a helpful error message which displayed details of the conflicting entry in the database. That commit was itself attempting to fix a bug with the noemailDN option where we were setting the subject field in the database too early (before extensions had made any amendments to it). This PR moves the check for a conflicting Subject name until after all changes to the Subject have been made by extensions etc. This also, co-incidentally Fixes the ca crashing bug described in issue 5109. Fixes openssl#5109 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#5445)
It is quite likely for there to be multiple certificates with empty subjects, which are still distinct because of subjectAltName. Therefore we allow multiple certificates with an empty Subject even if unique_subject is set to yes. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#5445)
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#5445)
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#5450)
…nnel attacks on RSA key generation Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#5170) (cherry picked from commit 9db724c)
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#5170) (cherry picked from commit 011f82e)
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#5170) (cherry picked from commit 7150a47)
Fixes openssl#5711 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#5712) (cherry picked from commit ab0a391)
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#5741) (cherry picked from commit 4bdc25b)
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from openssl#5744) (cherry picked from commit 5281435)
Constructed types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. Therefore we limit the stack depth. CVE-2018-0739 Credit to OSSFuzz for finding this issue. Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
…1_0_2_WinRT-stable
Author
Closed
|
Thanks a lot @MouriNaruto, I've validated and merged the changes. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
16 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
First, I read the #54 .
So I merge OpenSSL 1.0.2o to my branch and I hope Microsoft's fork can merge it.
Mouri