openssl/crypto
Tobias Nießen 6894e20b50 Fix infinite verification loops due to has_san_id
Where name constraints apply, X509_verify() would incorrectly report an
internal error in the event that a certificate has no SAN extension.

CVE-2021-4044

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2021-12-14 13:48:34 +00:00
..
aes fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
aria fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
asn1 asn1_item_embed_d2i: fix th return check 2021-11-22 14:43:44 +01:00
async Add return value NULL checks that were missing 2021-11-12 19:53:02 +10:00
bf
bio BIO_s_connect(): Enable BIO_gets() 2021-11-15 14:40:16 +01:00
bn Remove some unnecessary undefs in bn_asm.c 2021-12-14 06:45:18 +01:00
buffer Update copyright year 2021-06-17 13:24:59 +01:00
camellia Update copyright year 2021-07-29 15:41:35 +01:00
cast
chacha aarch64: support BTI and pointer authentication in assembly 2021-10-01 09:35:38 +02:00
cmac EVP_Cipher: fix the incomplete return check 2021-11-16 17:28:23 +01:00
cmp ossl_cmp_msg_check_update(): align recipNone check with improved transactionID check 2021-12-13 09:52:02 +01:00
cms Fix the return check of OBJ_obj2txt 2021-11-22 11:17:48 +01:00
comp Fix coverity 1493364 & 1493375: unchecked return value 2021-11-08 08:55:32 +10:00
conf Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
crmf Fix the return check of OBJ_obj2txt 2021-11-22 11:17:48 +01:00
ct Update copyright year 2021-06-17 13:24:59 +01:00
des Convert the weak key and key parity tests to be constant time. 2021-11-05 09:25:28 +10:00
dh Fix the return check of OBJ_obj2txt 2021-11-22 11:17:48 +01:00
dsa add checks for the return values of BN_new(), sk_RSA_PRIME_INFO_new_reserve(), 2021-10-27 08:36:55 +10:00
dso Fix data race setting default_DSO_meth 2021-11-08 08:58:38 +10:00
ec Don't create an ECX key with short keys 2021-11-16 13:21:06 +00:00
encode_decode CORE: Encure that cached fetches can be done per provider 2021-10-27 12:41:15 +02:00
engine Avoid loading of a dynamic engine twice 2021-11-23 06:08:16 +01:00
err OSSL_HTTP_get(): Fix timeout handling on redirection 2021-12-09 18:10:07 +01:00
ess err: rename err_load_xxx_strings_int functions 2021-05-26 13:01:47 +10:00
evp Fix EVP_PKEY_eq() to be possible to use with strictly private keys 2021-12-13 07:52:53 +01:00
ffc fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
hmac Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac() 2021-06-23 23:00:36 +02:00
http OSSL_HTTP_proxy_connect(): Fix glitch in response HTTP header parsing 2021-12-13 12:13:30 +01:00
idea Update copyright year 2021-04-08 13:04:41 +01:00
kdf
lhash fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
md2
md4
md5 Update copyright year 2021-07-29 15:41:35 +01:00
mdc2
modes aarch64: support BTI and pointer authentication in assembly 2021-10-01 09:35:38 +02:00
objects Minor code cleanup in o_names_init 2021-12-09 19:24:30 +01:00
ocsp OCSP_sendreq_bio: Avoid doublefree of mem BIO 2021-10-25 11:43:10 +02:00
pem Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
perlasm perlasm/ppc-xlate.pl: Fix build on OS X 2021-11-18 13:24:17 +01:00
pkcs7 Update copyright year 2021-06-17 13:24:59 +01:00
pkcs12 fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
poly1305 aarch64: support BTI and pointer authentication in assembly 2021-10-01 09:35:38 +02:00
property Don't write to the globals ossl_property_true and ossl_property_false 2021-11-12 17:16:01 +00:00
rand fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
rc2 Update copyright year 2021-05-06 13:03:23 +01:00
rc4
rc5
ripemd Drop libimplementations.a 2021-05-07 10:17:23 +02:00
rsa check the return value of BN_dup() in rsa_lib.c:1248 2021-12-02 09:51:16 +01:00
seed Update copyright year 2021-06-17 13:24:59 +01:00
sha sha/asm/keccak1600-ppc64.pl: Load data in 8 byte chunks on little endian 2021-11-11 10:58:46 +01:00
siphash Fix a TODO(3.0) in the siphash code 2021-03-17 10:16:21 +10:00
sm2 Add missing check according to SM2 Digital Signature generation algorithm 2021-11-02 12:02:56 +01:00
sm3 Add "origin" field to EVP_CIPHER, EVP_MD 2021-04-18 10:03:07 +02:00
sm4 Update copyright year 2021-04-08 13:04:41 +01:00
srp fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
stack Fix Coverity 1493746: constant expression result 2021-11-17 08:15:35 +10:00
store Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
ts ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint 2021-08-26 11:06:06 +02:00
txt_db
ui Update copyright year 2021-07-29 15:41:35 +01:00
whrlpool A few cleanups of the provider build.infos 2021-05-12 13:23:33 +02:00
x509 Fix infinite verification loops due to has_san_id 2021-12-14 13:48:34 +00:00
alphacpuid.pl
arm64cpuid.pl aarch64: support BTI and pointer authentication in assembly 2021-10-01 09:35:38 +02:00
arm_arch.h aarch64: support BTI and pointer authentication in assembly 2021-10-01 09:35:38 +02:00
armcap.c Fix detection of ARMv7 and ARM64 CPU features on FreeBSD 2021-11-24 11:00:24 +01:00
armv4cpuid.pl
asn1_dsa.c Update copyright year 2021-04-08 13:04:41 +01:00
bsearch.c
build.info FIPS: don't include crypto/passphrase.c in libfips.a 2021-06-05 10:32:13 +02:00
c64xpluscpuid.pl
context.c Stop receiving child callbacks in a child libctx when appropriate 2021-11-12 17:16:14 +00:00
core_algorithm.c CORE: add a provider argument to ossl_method_construct() 2021-10-27 12:41:10 +02:00
core_fetch.c CORE: Encure that cached fetches can be done per provider 2021-10-27 12:41:15 +02:00
core_namemap.c Fix the return check of OBJ_obj2txt 2021-11-22 11:17:48 +01:00
cpt_err.c Have OSSL_PARAM_allocate_from_text() raise error on unexpected neg number 2021-11-24 19:18:19 +01:00
cpuid.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
cryptlib.c crypto: remove TODOs 2021-06-02 16:30:15 +10:00
ctype.c Use <> for #include openssl/xxx 2021-05-27 09:56:41 +10:00
cversion.c
der_writer.c
dllmain.c
ebcdic.c
ex_data.c Add the ability for ex_data to have a priority 2021-05-11 14:56:55 +01:00
getenv.c
ia64cpuid.S
info.c
init.c Prevent recursive call of OPENSSL_INIT_LOAD_CONFIG 2021-08-05 09:21:00 +10:00
initthread.c Avoid a race in init_thread_stop() 2021-11-12 17:16:14 +00:00
LPdir_nyi.c
LPdir_unix.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c Update copyright year 2021-04-08 13:04:41 +01:00
mem.c
mips_arch.h
o_dir.c
o_fopen.c
o_init.c
o_str.c Update copyright year 2021-04-08 13:04:41 +01:00
o_time.c Update copyright year 2021-03-11 13:27:36 +00:00
packet.c Update copyright year 2021-06-17 13:24:59 +01:00
param_build_set.c Update copyright year 2021-03-11 13:27:36 +00:00
param_build.c Make OSSL_PARAM_BLD_push_BN{,_pad}() return an error on negative numbers 2021-11-23 11:40:29 +01:00
params_dup.c params_dup: fix off by one error that allows array overreach. 2021-04-21 08:57:42 +10:00
params_from_text.c Allow sign extension in OSSL_PARAM_allocate_from_text() 2021-11-24 19:18:19 +01:00
params.c params: fix range check when converting double to uint64_t. 2021-06-19 15:47:57 +10:00
pariscid.pl
passphrase.c Fix pvk encoder to properly query for the passphrase 2021-12-06 16:38:03 +01:00
ppccap.c Add support for BSD-ppc, BSD-ppc64 and BSD-ppc64le configurations 2021-12-09 16:07:14 +11:00
ppccpuid.pl
provider_child.c Stop receiving child callbacks in a child libctx when appropriate 2021-11-12 17:16:14 +00:00
provider_conf.c Refactor: a separate func for provider activation from config 2021-12-01 15:49:38 +01:00
provider_core.c Hold the flag_lock when calling child callbacks 2021-11-12 17:16:14 +00:00
provider_local.h make struct provider_info_st a full type 2021-06-24 14:48:15 +01:00
provider_predefined.c make struct provider_info_st a full type 2021-06-24 14:48:15 +01:00
provider.c Correctly activate the provider in OSSL_PROVIDER_try_load 2021-11-12 17:16:14 +00:00
punycode.c Move more general parts of internal/cryptlib.h to new internal/common.h 2021-11-17 15:48:37 +01:00
README-sparse_array.md
s390x_arch.h Add default provider support for Keccak 224, 256, 384 and 512 2021-09-23 12:07:57 +10:00
s390xcap.c
s390xcpuid.pl
self_test_core.c Update copyright year 2021-05-20 14:22:33 +01:00
sparccpuid.S
sparcv9cap.c Split bignum code out of the sparcv9cap.c 2021-07-15 09:33:04 +02:00
sparse_array.c Update copyright year 2021-04-08 13:04:41 +01:00
threads_lib.c
threads_none.c Update copyright year 2021-04-08 13:04:41 +01:00
threads_pthread.c Defined out MUTEX attributes not available on NonStop SPT Threads. 2021-07-02 12:33:45 +10:00
threads_win.c Explicitly #include <synchapi.h> is unnecessary 2021-09-23 14:07:18 +02:00
trace.c Rework and make DEBUG macros consistent. 2021-05-28 10:04:31 +02:00
uid.c Openssl fails to compile on Debian with kfreebsd kernels 2021-09-02 10:02:32 +10:00
vms_rms.h
x86_64cpuid.pl Update copyright year 2021-04-08 13:04:41 +01:00
x86cpuid.pl