wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Matt Caswell 9cde5f8122 Don't use strcasecmp and strncasecmp for IA5 strings 
The functions strcasecmp() and strncasecmp() will use locale specific rules
when performing comparison. This could cause some problems in certain
locales. For example in the Turkish locale an 'I' character is not the
uppercase version of 'i'. However IA5 strings should not use locale specific
rules, i.e. for an IA5 string 'I' is uppercase 'i' even if using the
Turkish locale.

This fixes a bug in name constraints checking reported by Thomas Pornin
(NCCGroup).

This is not considered a security issue because it would require both a
Turkish locale (or other locale with similar issues) and malfeasance by
a trusted name-constrained CA for a certificate to pass name constraints
in error. The constraints also have to be for excluded sub-trees which are
extremely rare. Failure to match permitted subtrees is a bug, not a
vulnerability.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4569)
2017-10-26 14:43:57 +01:00
..
aes s390x assembly pack: remove capability double-checking. 2017-10-17 21:55:33 +02:00
aria Fix potential null problem. 2017-09-01 09:30:18 +10:00
asn1 asn1_item_embed_new(): if locking failed, don't call asn1_item_embed_free() 2017-10-24 20:52:12 +02:00
async Add stack space reservations. 2017-09-28 06:53:40 +10:00
bf Remove parentheses of return. 2017-10-18 16:05:06 +01:00
bio Remove parentheses of return. 2017-10-18 16:05:06 +01:00
blake2 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
bn Correct value for BN_security_bits() 2017-10-23 14:00:26 +01:00
buffer Remove parentheses of return. 2017-10-18 16:05:06 +01:00
camellia Remove email addresses from source code. 2017-10-13 10:06:59 -04:00
cast e_os.h removal from other headers and source files. 2017-08-30 07:20:43 +10:00
chacha x86_64 assembly pack: "optimize" for Knights Landing, add AVX-512 results. 2017-07-21 14:07:32 +02:00
cmac Don't use deprecated EVP_CIPHER_CTX_cleanup() internally 2017-03-01 11:42:50 +01:00
cms Code hygiene; initialize some pointers. 2017-10-16 14:46:53 -04:00
comp Remove parentheses of return. 2017-10-18 16:05:06 +01:00
conf Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ct Null pointer used. 2017-09-18 06:52:13 +10:00
des Remove parentheses of return. 2017-10-18 16:05:06 +01:00
dh Remove parentheses of return. 2017-10-18 16:05:06 +01:00
dsa Remove parentheses of return. 2017-10-18 16:05:06 +01:00
dso Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ec Remove parentheses of return. 2017-10-18 16:05:06 +01:00
engine Remove parentheses of return. 2017-10-18 16:05:06 +01:00
err Remove parentheses of return. 2017-10-18 16:05:06 +01:00
evp Remove parentheses of return. 2017-10-18 16:05:06 +01:00
hmac Remove OPENSSL_assert() from crypto/hmac 2017-08-21 08:44:44 +01:00
idea Remove parentheses of return. 2017-10-18 16:05:06 +01:00
include/internal Fix reseeding issues of the public RAND_DRBG 2017-10-18 08:39:20 -05:00
kdf More updates following review feedback 2017-08-21 08:44:44 +01:00
lhash Don't make any changes to the lhash structure if we are going to fail 2017-10-24 10:51:56 +01:00
md2 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
md4 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
md5 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
mdc2 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
modes s390x assembly pack: remove capability double-checking. 2017-10-17 21:55:33 +02:00
objects Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ocsp Remove parentheses of return. 2017-10-18 16:05:06 +01:00
pem Remove parentheses of return. 2017-10-18 16:05:06 +01:00
perlasm perlasm/ppc-xlate.pl: add PowerISA 3.0B instructions. 2017-06-13 18:37:08 +02:00
pkcs7 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
pkcs12 Add checks for alloc failing. 2017-09-06 09:52:16 -04:00
poly1305 x86_64 assembly pack: "optimize" for Knights Landing, add AVX-512 results. 2017-07-21 14:07:32 +02:00
rand Add missing RAND_DRBG locking 2017-10-18 08:39:20 -05:00
rc2 Remove email addresses from source code. 2017-10-13 10:06:59 -04:00
rc4 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
rc5 Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00
ripemd Remove parentheses of return. 2017-10-18 16:05:06 +01:00
rsa Remove unnecessary #include <openssl/lhash.h> directives. 2017-09-29 07:38:56 +10:00
seed
sha Remove parentheses of return. 2017-10-18 16:05:06 +01:00
siphash Remove email addresses from source code. 2017-10-13 10:06:59 -04:00
srp Remove custom base64 code. 2017-08-22 11:03:32 -04:00
stack Add sk_TYPE_new_reserve() function 2017-10-26 09:35:36 +10:00
store Fix OSSL_STORE's 'file' loader: make sure peekbuf is initialised 2017-09-05 17:07:20 +02:00
ts struct timeval include guards 2017-09-01 09:55:43 +10:00
txt_db Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ui Remove parentheses of return. 2017-10-18 16:05:06 +01:00
whrlpool Remove parentheses of return. 2017-10-18 16:05:06 +01:00
x509 Remove parentheses of return. 2017-10-18 16:05:06 +01:00
x509v3 Don't use strcasecmp and strncasecmp for IA5 strings 2017-10-26 14:43:57 +01:00
alphacpuid.pl
arm64cpuid.pl
arm_arch.h
armcap.c Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
armv4cpuid.pl
build.info This has been added to avoid the situation where some host ctype.h functions 2017-08-22 09:45:25 +10:00
c64xpluscpuid.pl
cpt_err.c make error tables const and separate header file 2017-06-07 15:12:03 -04:00
cryptlib.c crypto/cryptlib.c: mask more capability bits upon FXSR bit flip. 2017-09-01 08:48:32 +02:00
ctype.c Check for EOF in ASCII conversions. 2017-08-25 06:42:17 +10:00
cversion.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
dllmain.c Remove parentheses of return. 2017-10-18 16:05:06 +01:00
ebcdic.c Remove email addresses from source code. 2017-10-13 10:06:59 -04:00
ex_data.c Remove unnecessary #include <openssl/lhash.h> directives. 2017-09-29 07:38:56 +10:00
ia64cpuid.S Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
init.c Fix reseeding issues of the public RAND_DRBG 2017-10-18 08:39:20 -05:00
LPdir_nyi.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_unix.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_vms.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_win32.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
LPdir_wince.c Fix typo (note by oneton@users.github) 2017-06-20 08:15:00 -04:00
mem.c Add CRYPTO_get_alloc_counts. 2017-10-12 22:04:12 -04:00
mem_clr.c
mem_dbg.c Add CRYPTO_get_alloc_counts. 2017-10-12 22:04:12 -04:00
mem_sec.c Add CRYPTO_thread_glock_new 2017-08-31 19:42:03 -04:00
mips_arch.h
o_dir.c Move e_os.h to be the very first include. 2017-08-30 07:20:44 +10:00
o_fips.c Clean up references to FIPS 2017-02-28 15:26:25 +01:00
o_fopen.c
o_init.c Use "" not <> on e_os.h include 2017-08-22 11:07:56 -04:00
o_str.c Revert "GH614: Use memcpy()/strdup() when possible" 2017-09-14 10:26:54 +10:00
o_time.c Fix typo in files in crypto folder 2017-08-05 20:42:06 +02:00
pariscid.pl
ppc_arch.h
ppccap.c crypto/ppccap.c: SIGILL-free processor capabilities detection on MacOS X. 2017-04-02 20:45:59 +02:00
ppccpuid.pl
s390xcap.c
s390xcpuid.S
sparc_arch.h
sparccpuid.S Clean up references to FIPS 2017-02-28 15:26:25 +01:00
sparcv9cap.c
threads_none.c Add atomic write call 2017-10-10 08:45:53 +10:00
threads_pthread.c Return a value from atomic read on Windows. 2017-10-11 09:47:54 +10:00
threads_win.c Return a value from atomic read on Windows. 2017-10-11 09:47:54 +10:00
uid.c Cleaning UEFI Build with additional OPENSSL_SYS_UEFI flags 2017-03-29 07:35:59 +02:00
vms_rms.h
x86_64cpuid.pl Fix comment typo. 2017-07-26 23:10:52 -04:00
x86cpuid.pl Remove filename argument to x86 asm_init. 2017-05-11 17:00:23 -04:00