If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.
PR#3348
This patch resolves RT ticket #2608.
Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
noted by Daniel Sands and co at Sandia. This was to handle the case that
2 or more threads race to lazy-init the same context, but stunted all
scalability in the case where 2 or more threads are doing unrelated
things! We favour the latter case by punishing the former. The init work
gets done by each thread that finds the context to be uninitialised, and
we then lock the "set" logic after that work is done - the winning
thread's work gets used, the losing threads throw away what they've done.
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Even though the meat of dso_vms.c is compiled out on non-VMS builds,
the (pre-)compiler still traverses some of the macro handling. This
trips up at least one non-VMS build configuration, so this commit
makes the skip-VMS case more robust.
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Newer pod2man considers =item [1-9] part of a numbered list, while =item
0 starts an unnumbered list. Add a zero effect formatting mark to override
this.
doc/apps/smime.pod around line 315: Expected text after =item, not a
number
...
PR#3146
When looking for an extension we need to set the last found
position to -1 to properly search all extensions.
PR#3309.
(cherry picked from commit 300b9f0b70)
Treat a zero length passed to ssleay_rand_add a no op: the existing logic
zeroes the md value which is very bad. OpenSSL itself never does this
internally and the actual call doesn't make sense as it would be passing
zero bytes of entropy.
Thanks to Marcus Meissner <meissner@suse.de> for reporting this bug.
A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
Use bufsiz - 1 not BUFSIZ - 1 when prompting for a password in
the openssl utility.
Thanks to Rob Mackinnon, Leviathan Security for reporting this issue.
(cherry picked from commit 7ba08a4d73)
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483)
Conflicts:
CHANGES
