- 08 7月, 2015 6 次提交
-
-
由 Matt Caswell 提交于
The -show_chain flag to the verify command line app shows information about the chain that has been built. This commit adds the text "untrusted" against those certificates that have been used from the untrusted list. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Fills in the help text for a number of options to verify that were blank. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
Fills in a couple of verify options that were lacking documentation. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Matt Caswell 提交于
The function X509_verify_cert checks the value of |ctx->chain| at the beginning, and if it is NULL then it initialises it, along with the value of ctx->untrusted. The normal way to use X509_verify_cert() is to first call X509_STORE_CTX_init(); then set up various parameters etc; then call X509_verify_cert(); then check the results; and finally call X509_STORE_CTX_cleanup(). The initial call to X509_STORE_CTX_init() sets |ctx->chain| to NULL. The only place in the OpenSSL codebase where |ctx->chain| is set to anything other than a non NULL value is in X509_verify_cert itself. Therefore the only ways that |ctx->chain| could be non NULL on entry to X509_verify_cert is if one of the following occurs: 1) An application calls X509_verify_cert() twice without re-initialising in between. 2) An application reaches inside the X509_STORE_CTX structure and changes the value of |ctx->chain| directly. With regards to the second of these, we should discount this - it should not be supported to allow this. With regards to the first of these, the documentation is not exactly crystal clear, but the implication is that you must call X509_STORE_CTX_init() before each call to X509_verify_cert(). If you fail to do this then, at best, the results would be undefined. Calling X509_verify_cert() with |ctx->chain| set to a non NULL value is likely to have unexpected results, and could be dangerous. This commit changes the behaviour of X509_verify_cert() so that it causes an error if |ctx->chain| is anything other than NULL (because this indicates that we have not been initialised properly). It also clarifies the associated documentation. This is a follow up commit to CVE-2015-1793. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
This adds a test for CVE-2015-1793. This adds a new test file verify_extra_test.c, which could form the basis for additional verification tests. Reviewed-by: NStephen Henson <steve@openssl.org>
-
由 Matt Caswell 提交于
During certificate verfification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. This occurs where at least one cert is added to the first chain from the trust store, but that chain still ends up being untrusted. In that case ctx->last_untrusted is decremented in error. Patch provided by the BoringSSL project. CVE-2015-1793 Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 07 7月, 2015 3 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
There's no reason why we should default to a output format that is old, and confusing in some cases. This affects the commands "ca", "crl", "req" and "x509". Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 06 7月, 2015 1 次提交
-
-
由 Dr. Stephen Henson 提交于
In CCM mode don't require a tag before initialising decrypt: this allows the tag length to be set without requiring the tag. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 30 6月, 2015 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 29 6月, 2015 4 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Kurt Roeckx 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 25 6月, 2015 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
PR#3923 Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 24 6月, 2015 7 次提交
-
-
由 Rich Salz 提交于
Move #include's inside the #ifdef. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
The PSK identity hint should be stored in the SSL_SESSION structure and not in the parent context (which will overwrite values used by other SSL structures with the same SSL_CTX). Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
We always free the handshake buffer when digests are freed so move it into ssl_free_digest_list() Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Dr. Stephen Henson 提交于
Rewrite ssl3_digest_cached_records handling. Only digest cached records if digest array is NULL: this means it is safe to call ssl3_digest_cached_records multiple times (subsequent calls are no op). Remove flag TLS1_FLAGS_KEEP_HANDSHAKE instead only update handshake buffer if digest array is NULL. Add additional "keep" parameter to ssl3_digest_cached_records to indicate if the handshake buffer should be retained after digesting cached records (needed for TLS 1.2 client authentication). Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Add secure heap for storage of private keys (when possible). Add BIO_s_secmem(), CBIGNUM, etc. Add BIO_CTX_secure_new so all BIGNUM's in the context are secure. Contributed by Akamai Technologies under the Corporate CLA. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 23 6月, 2015 8 次提交
-
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Vitezslav Cizek 提交于
Signed-off-by: NRich Salz <rsalz@akamai.com> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Rich Salz 提交于
Found by Kurt Cancemi. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Russell Webb 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Richard Levitte 提交于
A small rearrangement so the inclusion of rsaz_exp.h would be unconditional, but what that header defines becomes conditional. This solves the weirdness where rsaz_exp.h gets in and out of the dependency list for bn_exp.c, depending on the present architecture. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
由 Rich Salz 提交于
Typo in local variable name; introduced by previous fix. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 22 6月, 2015 6 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
If RSA or DSA is disabled we will never use a ciphersuite with RSA/DSA authentication as it is already filtered out by the cipher list logic. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
As numerous comments indicate the certificate and key array is not an appopriate structure to store the peers certificate: so remove it and just the s->session->peer instead. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-