wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Dr. Stephen Henson 85cfc188c0 Fix various certificate fingerprint issues. 
By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.

1. Reject signatures with non zero unused bits.

If the BIT STRING containing the signature has non zero unused bits reject
the signature. All current signature algorithms require zero unused bits.

2. Check certificate algorithm consistency.

Check the AlgorithmIdentifier inside TBS matches the one in the
certificate signature. NB: this will result in signature failure
errors for some broken certificates.

3. Check DSA/ECDSA signatures use DER.

Reencode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.

This will reject various cases including garbage after signature
(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
(negative or with leading zeroes).

CVE-2014-8275
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(cherry picked from commit 684400ce19)
2015-01-05 14:36:06 +00:00
..
aes aesni-x86_64.pl: make ECB subroutine Windows ABI compliant. 2014-10-15 11:12:24 +02:00
asn1 Fix various certificate fingerprint issues. 2015-01-05 14:36:06 +00:00
bf
bio Fix incorrect OPENSSL_assert() usage. 2014-12-20 14:46:28 +00:00
bn Clear warnings/errors within BN_CTX_DEBUG code sections 2014-12-17 14:17:54 +01:00
buffer Check length first in BUF_strnlen(). 2014-05-22 10:12:10 +01:00
camellia camellia/asm/cmll-x86_64.pl: fix symptomless bugs (update from master). 2014-02-01 23:14:33 +01:00
cast Please Clang's sanitizer. 2014-07-09 22:45:38 +02:00
cmac
cms Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259). 2014-07-10 17:49:53 +01:00
comp
conf Prevent infinite loop loading config files. 2014-07-07 13:54:11 +01:00
des SPARC T4 assembly pack: treat zero input length in CBC. 2014-03-07 10:48:51 +01:00
dh dh_check.c: check BN_CTX_get's return value. 2014-03-06 14:21:17 +01:00
dsa Fix various certificate fingerprint issues. 2015-01-05 14:36:06 +00:00
dso dlfcn: always define _GNU_SOURCE 2014-12-30 16:53:48 +01:00
ec ecp_nistz256-x86_64.pl: fix occasional failures. 2015-01-04 23:22:06 +01:00
ecdh make update 2013-12-01 23:09:44 +00:00
ecdsa Fix various certificate fingerprint issues. 2015-01-05 14:36:06 +00:00
engine Build fixes 2014-12-17 14:27:49 +01:00
err Fix SSL_R naming inconsistency. 2014-10-15 14:48:00 +02:00
evp Add a comment noting the padding oracle. 2014-12-17 14:55:47 +01:00
hmac RT2626: Change default_bits from 1K to 2K 2014-09-08 17:23:37 -04:00
idea Fix typo in ideatest.c 2014-06-28 00:06:32 +01:00
jpake RT1771: Add string.h include. 2014-09-08 10:38:08 -04:00
krb5
lhash
md2
md4
md5 md5-x86_64.pl: work around warning. 2014-08-30 19:18:12 +02:00
mdc2
modes Harmonize Tru64 and Linux make rules. 2014-09-20 10:22:13 +02:00
objects Fix cross reference table generator. 2014-11-13 13:35:25 +00:00
ocsp RT2560: missing NULL check in ocsp_req_find_signer 2014-09-10 12:20:15 -04:00
pem RT3140: Possibly-unit variable in pem_lib.c 2014-09-02 23:38:15 -04:00
perlasm perlasm/x86_64-xlate.pl: handle inter-bank movd. 2014-09-22 00:07:44 +02:00
pkcs7 Removed duplicate definition of PKCS7_type_is_encrypted 2014-10-06 23:43:49 +01:00
pkcs12 Fix memory leak. 2014-05-29 13:49:50 +01:00
pqueue RT2308: Add extern "C" { ... } wrapper 2014-08-27 21:45:09 -04:00
rand RT2301: GetDIBits, not GetBitmapBits in rand_win 2014-09-18 16:42:07 -04:00
rc2
rc4 Please Clang's sanitizer. 2014-07-09 22:45:38 +02:00
rc5
ripemd
rsa Add additional DigestInfo checks. 2014-09-29 12:24:04 +01:00
seed
sha Harmonize Tru64 and Linux make rules. 2014-09-20 10:22:13 +02:00
srp Fix SRP buffer overrun vulnerability. 2014-08-06 20:41:24 +01:00
stack RT2308: Add extern "C" { ... } wrapper 2014-08-27 21:45:09 -04:00
store
threads
ts Correct timestamp output when clock_precision_digits > 0 2014-11-12 20:52:52 +00:00
txt_db
ui * crypto/ui/ui_lib.c: misplaced brace in switch statement. 2014-07-13 19:13:38 +02:00
whrlpool wp-mmx.pl: ~10% performance improvement. 2014-02-01 22:27:07 +01:00
x509 Fix various certificate fingerprint issues. 2015-01-05 14:36:06 +00:00
x509v3 RT3031: Need to #undef some names for win32 2014-09-08 11:06:07 -04:00
.cvsignore
alphacpuid.pl
arm64cpuid.S Add linux-aarch64 taget. 2014-06-10 23:20:55 +02:00
arm_arch.h Add linux-aarch64 taget. 2014-06-10 23:20:55 +02:00
armcap.c Add linux-aarch64 taget. 2014-06-10 23:20:55 +02:00
armv4cpuid.S armv4cpuid.S: fix compilation error in pre-ARMv7 build. 2014-10-30 20:31:50 +01:00
constant_time_locl.h Fix warning about negative unsigned intergers 2014-11-11 15:47:54 +01:00
constant_time_test.c Add missing tests 2014-09-25 13:46:55 +02:00
cpt_err.c
cryptlib.c Avoid Windows 8 Getversion deprecated errors. 2014-02-25 13:41:53 +00:00
cryptlib.h
crypto-lib.com Adjust VMS build to Unix build. Most of all, make it so the disabled 2014-06-18 13:43:09 +02:00
crypto.h Add and use a constant-time memcmp. 2013-02-06 13:56:12 +00:00
cversion.c Fix a problem if CFLAGS is too long cversion.c fails to compile when config 2014-12-19 14:05:25 +00:00
ebcdic.c
ebcdic.h RT2308: Add extern "C" { ... } wrapper 2014-08-27 21:45:09 -04:00
ex_data.c
fips_err.h
fips_ers.c
ia64cpuid.S
install-crypto.com Adjust VMS build to Unix build. Most of all, make it so the disabled 2014-06-18 13:43:09 +02:00
LPdir_nyi.c
LPdir_unix.c
LPdir_vms.c Followup on RT3334 fix: make sure that a directory that's the empty 2014-09-03 22:23:34 +02:00
LPdir_win.c Check for FindNextFile when defining it rather than FindFirstFile 2014-11-28 23:31:28 +01:00
LPdir_win32.c
LPdir_wince.c
Makefile Fix a problem if CFLAGS is too long cversion.c fails to compile when config 2014-12-19 14:05:25 +00:00
md32_common.h md32_common.h: address compiler warning in HOST_c2l. 2014-10-29 10:55:15 +01:00
mem.c Fix datarace reported by valgrind/helgrind 2014-11-10 18:35:50 +01:00
mem_clr.c
mem_dbg.c
o_dir.c
o_dir.h
o_dir_test.c
o_fips.c
o_init.c
o_str.c Improve WINCE support. 2014-02-01 22:48:56 +01:00
o_str.h
o_time.c Time difference functions. 2013-08-19 21:55:07 +01:00
o_time.h Time difference functions. 2013-08-19 21:55:07 +01:00
opensslconf.h.in
opensslv.h Prepare for 1.0.2-beta4-dev 2014-09-25 21:35:35 +01:00
ossl_typ.h RT2308: Add extern "C" { ... } wrapper 2014-08-27 21:45:09 -04:00
pariscid.pl PA-RISC assembler pack: switch to bve in 64-bit builds. 2013-06-30 23:13:23 +02:00
ppc_arch.h Initial POWER8 support from development branch. 2014-07-20 14:36:49 +02:00
ppccap.c Initial POWER8 support from development branch. 2014-07-20 14:36:49 +02:00
ppccpuid.pl Initial POWER8 support from development branch. 2014-07-20 14:36:49 +02:00
s390xcap.c
s390xcpuid.S
sparc_arch.h sparcv9cap.c: update from master. 2013-05-20 00:16:18 +02:00
sparccpuid.S sparcv9cap.c: update from master. 2013-05-20 00:16:18 +02:00
sparcv9cap.c sparcv9cap.c: omit random detection. 2013-12-28 13:32:45 +01:00
symhacks.h Add new VMS hack symbol, update ordinals. 2014-03-02 13:50:06 +00:00
uid.c
vms_rms.h
x86_64cpuid.pl x86[_64]cpuid.pl: add low-level RDSEED. 2014-02-14 17:25:14 +01:00
x86cpuid.pl x86[_64]cpuid.pl: add low-level RDSEED. 2014-02-14 17:25:14 +01:00