| #
c0ebdaf2 |
| 08-Jul-2024 |
beck <beck@openbsd.org> |
Hide global _it variables in x509v3.h
ok tb@
|
| #
7603ff28 |
| 25-Apr-2023 |
tb <tb@openbsd.org> |
Use proper fix for the recent x400Address issue
From David Benjamin (BoringSSL)
ok beck
|
| #
cedac418 |
| 16-Feb-2023 |
tb <tb@openbsd.org> |
libressl *_namespace.h: adjust *_ALIAS() to require a semicolon
LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most
libressl *_namespace.h: adjust *_ALIAS() to require a semicolon
LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h
fix suggested by & ok jsing
show more ...
|
| #
dbc8ff32 |
| 07-Feb-2023 |
tb <tb@openbsd.org> |
Fix arbitrary memory read in GENERAL_NAME_cmp()
The ASN.1 template for GENERAL_NAME and its corresponding C structure
disagree on the type of the x400Address member. This results in an ASN.1
string
Fix arbitrary memory read in GENERAL_NAME_cmp()
The ASN.1 template for GENERAL_NAME and its corresponding C structure
disagree on the type of the x400Address member. This results in an ASN.1
string to be considered as an ASN.1 type, which allows an attacker to read
(essentially) arbitrary memory. Fix this by forcing comparison as strings.
While the underlying type confusion has been present since time immemorial,
this particular bug came with the EdiPartyName fix (6.8/008_asn1.patch.sig).
Reported by David Benjamin, fix suggested by jsing.
Release date for this was set to be January 31. Unilaterally pushed back to
February 7 by OpenSSL by way of announcement of many completely unrelated
embargoed issues, some of which they had been sitting on since July 2020.
ok beck jsing
show more ...
|
| #
06d31337 |
| 14-Nov-2022 |
beck <beck@openbsd.org> |
Hide public symbols in libcrypto/x509 .c files
ok tb@
|
| #
bb15212c |
| 08-Dec-2020 |
tb <tb@openbsd.org> |
Fix a NULL dereference in GENERAL_NAME_cmp()
Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead
to a crash. This enables a denial of service attack for an attacker who can
con
Fix a NULL dereference in GENERAL_NAME_cmp()
Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead
to a crash. This enables a denial of service attack for an attacker who can
control both sides of the comparison.
Issue reported to OpenSSL on Nov 9 by David Benjamin.
OpenSSL shared the information with us on Dec 1st.
Fix from Matt Caswell (OpenSSL) with a few small tweaks.
ok jsing
show more ...
|
| #
e500e238 |
| 04-Jun-2020 |
jsing <jsing@openbsd.org> |
Collapse the x509v3 directory into x509.
This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.
Discussed with tb@ (who also tested
Collapse the x509v3 directory into x509.
This avoids the need to grep across directories to find functions and
prepares for further rototilling and chainsawing.
Discussed with tb@ (who also tested the release build)
show more ...
|