wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto
History
Dr. Stephen Henson ec2fede946 Fix various certificate fingerprint issues. 
By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.

1. Reject signatures with non zero unused bits.

If the BIT STRING containing the signature has non zero unused bits reject
the signature. All current signature algorithms require zero unused bits.

2. Check certificate algorithm consistency.

Check the AlgorithmIdentifier inside TBS matches the one in the
certificate signature. NB: this will result in signature failure
errors for some broken certificates.

3. Check DSA/ECDSA signatures use DER.

Reencode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.

This will reject various cases including garbage after signature
(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
(negative or with leading zeroes).

CVE-2014-8275
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(cherry picked from commit 208a6012be)

Conflicts:
	crypto/dsa/dsa_vrf.c
2015-01-05 16:37:10 +00:00
..
aes fix bug in AES_unwrap() 2010-08-30 23:57:03 +00:00
asn1 Fix various certificate fingerprint issues. 2015-01-05 16:37:10 +00:00
bf Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
bio Fix memory leak in BIO_free if there is no destroy function. 2014-07-09 23:38:23 +01:00
bn Don't try 1**0 test with FIPS. 2014-10-16 04:40:50 +01:00
buffer The fix for CVE-2012-2110 did not take into account that the 2012-04-23 20:35:55 +00:00
camellia Make it build, plus make depend. 2009-09-27 14:04:33 +00:00
cast Constify crypto/cast. 2009-12-22 11:45:57 +00:00
cms Set version number correctly. 2014-05-29 14:12:11 +01:00
comp Assorted bugfixes: 2011-02-03 12:04:48 +00:00
conf fix warn_unused_result warnings 2014-08-06 21:59:15 +01:00
des PR: 2266 2010-05-26 23:23:53 +00:00
dh Change old obsolete email address... 2008-11-05 18:36:57 +00:00
dsa Fix various certificate fingerprint issues. 2015-01-05 16:37:10 +00:00
dso Prevent aliasing warning 2009-10-04 14:02:35 +00:00
ec Fixed double inclusion of string.h 2014-08-29 21:40:15 +01:00
ecdh Fix EC_KEY initialization race. 2012-10-05 20:51:47 +00:00
ecdsa Fix various certificate fingerprint issues. 2015-01-05 16:37:10 +00:00
engine Fixes for no-static-engine and Windows builds. 2013-11-21 15:49:34 +00:00
err Fix SSL_R naming inconsistency. 2014-10-15 14:39:17 +02:00
evp Revert "RT3425: constant-time evp_enc" 2014-12-17 14:57:16 +01:00
hmac Fix gcc 4.6 warnings. Check TLS server hello extension length. 2010-06-12 13:18:58 +00:00
idea Fix typo in ideatest.c 2014-06-28 00:07:02 +01:00
jpake Backport J-PAKE fix. 2010-11-26 16:03:23 +00:00
krb5 Merge changes to build system from fips branch. 2008-09-16 21:44:57 +00:00
lhash PR: 2124 2009-12-09 13:41:50 +00:00
md2 Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
md4 Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
md5 PR: 2094 2009-11-13 14:14:46 +00:00
mdc2 Merge changes to build system from fips branch. 2008-09-16 21:44:57 +00:00
objects Fix OID handling: 2014-08-06 22:02:00 +01:00
ocsp Handle IPv6 addresses in OCSP_parse_url. 2014-06-27 17:31:55 +01:00
pem Fix gcc 4.6 warnings. Check TLS server hello extension length. 2010-06-12 13:18:58 +00:00
perlasm perlasm/cbc.pl: fix tail processing bug [from HEAD]. 2011-07-13 06:25:15 +00:00
pkcs7 Remove ancient obsolete files under pkcs7. 2014-06-27 14:04:35 +01:00
pkcs12 Fix memory leak. 2014-05-29 14:12:11 +01:00
pqueue Fix gcc 4.6 warnings. Check TLS server hello extension length. 2010-06-12 13:18:58 +00:00
rand rand_nw.c: compensate for gcc bug (using %edx instead of %eax at -O3) 2010-07-08 09:15:14 +00:00
rc2 Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
rc4 rc4_skey.c [0.9.8]: at some point rc4_skey and x86[_64]cpuid were modified 2011-06-06 19:58:21 +00:00
rc5 Merge changes to build system from fips branch. 2008-09-16 21:44:57 +00:00
ripemd PR: 1835 2009-02-14 21:50:14 +00:00
rsa Include "constant_time_locl.h" rather than "../constant_time_locl.h". 2014-10-17 14:03:57 +02:00
seed Merge changes to build system from fips branch. 2008-09-16 21:44:57 +00:00
sha Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda). 2009-05-15 16:37:29 +00:00
stack PR: 2386 2010-12-02 18:02:02 +00:00
store Make update: delete duplicate error code. 2008-09-17 17:11:09 +00:00
threads Functional VMS changes submitted by sms@antinode.info (Steven M. Schweda). 2009-05-15 16:37:29 +00:00
txt_db Merge changes to build system from fips branch. 2008-09-16 21:44:57 +00:00
ui * crypto/ui/ui_lib.c: misplaced brace in switch statement. 2014-07-13 19:17:21 +02:00
x509 Fix various certificate fingerprint issues. 2015-01-05 16:37:10 +00:00
x509v3 PR: 2696 Submitted by: Rob Austein <sra@hactrn.net> 2012-03-06 13:37:52 +00:00
.cvsignore FIPS merge "crypto" functions. 2008-09-16 15:11:50 +00:00
constant_time_locl.h Fix warning about negative unsigned intergers 2014-11-11 15:48:58 +01:00
constant_time_test.c Add missing tests 2014-09-25 13:48:08 +02:00
cpt_err.c Rebuild error file C source files. 2006-11-21 20:14:46 +00:00
cryptlib.c Move CRYPTO_memcmp to o_init.c when compiling with fips: cryptlib.o 2013-02-05 16:50:34 +00:00
cryptlib.h Update CryptoAPI ENGINE from head. Export OPENSSL_isservice(). 2008-06-06 15:52:32 +00:00
crypto-lib.com Have an underscore before <ARCH> to make sure any future architecture 2010-03-25 14:45:22 +00:00
crypto.h Add and use a constant-time memcmp. 2013-02-05 16:50:32 +00:00
cversion.c (oops) Apologies all, that last header-cleanup commit was from the wrong 2004-04-19 18:09:28 +00:00
dyn_lck.c Don't change NUM_LOCKS value for non-FIPS builds. 2008-09-17 15:07:41 +00:00
ebcdic.c Oops, this file already had the "empty source file" workaround but it 2003-10-29 22:25:04 +00:00
ebcdic.h EBCDIC support. 2000-02-01 02:21:16 +00:00
ex_data.c gcc 4.2 fixes to avoid use or function pointer casts in OpenSSL. 2007-09-06 12:43:54 +00:00
fips_err.c Add missing files. 2008-09-16 22:48:18 +00:00
fips_err.h Add missing files. 2008-09-16 22:48:18 +00:00
ia64cpuid.S Cpuid modules updates. 2005-05-03 21:05:06 +00:00
install.com Remove tmdiff.h from EXHEADERS as it doesn't exist. 2009-08-25 07:28:18 +00:00
LPdir_nyi.c Copy a few files from LPlib (a new project of mine), add a wrapper. 2004-07-10 13:16:02 +00:00
LPdir_unix.c Import changed files from LPlib. The changes are logged as follows 2004-09-23 22:11:39 +00:00
LPdir_vms.c Followup on RT3334 fix: make sure that a directory that's the empty 2014-09-03 22:26:24 +02:00
LPdir_win.c Followup on RT3334 fix: make sure that a directory that's the empty 2014-09-03 22:26:24 +02:00
LPdir_win32.c Import changed files from LPlib. The changes are logged as follows 2004-09-23 22:11:39 +00:00
LPdir_wince.c Import changed files from LPlib. The changes are logged as follows 2004-09-23 22:11:39 +00:00
Makefile Add constant_time_locl.h to HEADERS, 2014-10-17 14:04:08 +02:00
md32_common.h md32_common.h: address compiler warning in HOST_c2l. 2014-10-29 10:56:27 +01:00
mem.c Check for potentially exploitable overflows in asn1_d2i_read_bio 2012-04-19 11:36:09 +00:00
mem_clr.c Fix warning. 2007-06-23 19:07:54 +00:00
mem_dbg.c Move new function CRYPTO_strdup to mem_dbg.c because mem.c is excluded in 2008-11-24 17:02:49 +00:00
o_dir.c DJGPP has opendir() and friends, according to Gisle Vanem <giva@bgnett.no>. 2004-08-03 19:15:21 +00:00
o_dir.h Copy a few files from LPlib (a new project of mine), add a wrapper. 2004-07-10 13:16:02 +00:00
o_dir_test.c Copy a few files from LPlib (a new project of mine), add a wrapper. 2004-07-10 13:16:02 +00:00
o_init.c Move CRYPTO_memcmp to o_init.c when compiling with fips: cryptlib.o 2013-02-05 16:50:34 +00:00
o_str.c Update from HEAD. 2009-06-01 12:14:53 +00:00
o_str.h "Overload" SunOS 4.x memcmp, which ruins ASN1_OBJECT table lookups [from HEAD]. 2005-09-20 20:25:17 +00:00
o_time.c Since version 7.0, The C RTL in VMS handles time in terms of UTC 2004-07-19 07:50:43 +00:00
o_time.h Use one address consistently. 2001-07-05 10:20:07 +00:00
opensslconf.h.in Implement Configure option pattern "experimental-foo" 2008-12-02 01:21:06 +00:00
opensslv.h Prepare for 0.9.8zd-dev 2014-10-15 13:49:42 +01:00
ossl_typ.h Avoid conflict with some version of Windows platform SDK. 2008-11-11 12:22:17 +00:00
sparccpuid.S Cpuid modules updates. 2005-05-03 21:05:06 +00:00
symhacks.h Remove duplicate symbol in crypto/symhacks.h 2012-07-05 09:06:20 +00:00
tmdiff.c Netware-specific changes, 2003-11-28 13:10:58 +00:00
tmdiff.h For whatever reason (compiler or header bugs), at least one commonly-used 2003-10-29 04:40:13 +00:00
uid.c Netware-specific changes, 2003-11-28 13:10:58 +00:00
x86_64cpuid.pl x86_64cpuid.pl update [from HEAD]. 2007-11-11 16:25:00 +00:00
x86cpuid.pl x86cpuid.pl: make it work with older CPU. 2013-03-18 20:03:44 +01:00