mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-03 05:41:46 +08:00
Code Issues Packages Projects Releases Wiki Activity
c1ddd392cf
openssl/crypto
History
Matt Caswell d9461cbe87 Fix the RSA_SSLV23_PADDING padding type 
This also fixes the public function RSA_padding_check_SSLv23.

Commit 6555a89 changed the padding check logic in RSA_padding_check_SSLv23
so that padding is rejected if the nul delimiter byte is not immediately
preceded by at least 8 bytes containing 0x03. Prior to that commit the
padding is rejected if it *is* preceded by at least 8 bytes containing 0x03.

Presumably this change was made to be consistent with what it says in
appendix E.3 of RFC 5246. Unfortunately that RFC is in error, and the
original behaviour was correct. This is fixed in later errata issued for
that RFC.

This has no impact on libssl for modern versions of OpenSSL because
there is no protocol support for SSLv2 in these versions. However
applications that call RSA_paddin_check_SSLv23 directly, or use the
RSA_SSLV23_PADDING mode may still be impacted. The effect of the original
error is that an RSA message encrypted by an SSLv2 only client will fail to
be decrypted properly by a TLS capable server, or a message encrypted by a
TLS capable client will fail to decrypt on an SSLv2 only server. Most
significantly an RSA message encrypted by a TLS capable client will be
successfully decrypted by a TLS capable server. This last case should fail
due to a rollback being detected.

Thanks to D. Katz and Joel Luellwitz (both from Trustwave) for reporting
this issue.

CVE-2021-23839

Reviewed-by: Paul Dale <pauli@openssl.org>
2021-02-16 11:36:18 +00:00
..
aes remove unused initialisations 2020-12-03 11:22:06 +10:00
aria
asn1 Update copyright year 2021-01-28 13:54:57 +01:00
async Update copyright year 2021-01-07 13:38:50 +00:00
bf
bio Update copyright year 2021-01-28 13:54:57 +01:00
bn Deprecate BN_pseudo_rand() and BN_pseudo_rand_range() 2021-02-09 13:41:11 +01:00
buffer Update copyright year 2020-11-26 14:18:57 +00:00
camellia
cast Fix logic error for building x86 CAST assembly 2020-06-14 12:35:34 -07:00
chacha Fix aarch64 static linking into shared libraries (see issue #10842 and pull request #11464) 2020-10-22 12:16:49 +10:00
cmac Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
cmp Allow NULL arg to OPENSSL_sk_{dup,deep_copy} returning empty stack 2021-02-04 07:28:11 +01:00
cms dh_cms_set_peerkey: Pad the public key to p size 2021-02-02 16:50:32 +01:00
comp Update copyright year 2020-11-26 14:18:57 +00:00
conf Update copyright year 2021-01-28 13:54:57 +01:00
crmf ERR: Rebuild all generated error headers and source files 2020-11-24 15:22:33 +01:00
ct Use ERR_R_*_LIB instead of ERR_LIB_* as reason code for sub-libraries 2021-02-12 14:02:06 +01:00
des Update copyright year 2021-01-28 13:54:57 +01:00
dh Update copyright year 2021-01-28 13:54:57 +01:00
dsa Update copyright year 2021-01-28 13:54:57 +01:00
dso Update copyright year 2020-11-26 14:18:57 +00:00
ec EC: Reverse the default asn1_flag in a new EC_GROUP 2021-02-03 17:20:56 +01:00
encode_decode Update copyright year 2021-01-28 13:54:57 +01:00
engine Drop OPENSSL_NO_RSA everywhere 2020-12-20 12:19:42 +01:00
err Rename internal providercommonerr.h to less mouthful proverr.h 2021-02-11 09:34:31 +01:00
ess ERR: Rebuild all generated error headers and source files 2020-11-24 15:22:33 +01:00
evp Implement EVP_PKEY_param_check_quick() and use it in libssl 2021-02-15 14:17:36 +10:00
ffc Do not match RFC 5114 groups without q as it is significant 2021-02-16 10:12:02 +00:00
hmac Delete unused PKEY MAC files 2020-08-29 17:40:11 +10:00
http Constify OSSL_HTTP_REQ_CTX_get0_mem_bio() 2021-02-02 07:54:37 +01:00
idea
kdf
lhash Update copyright year 2020-11-26 14:18:57 +00:00
md2
md4
md5 Update copyright year 2020-11-26 14:18:57 +00:00
mdc2
modes Update copyright year 2020-11-26 14:18:57 +00:00
objects Add OID for draft-ietf-opsawg-finding-geofeeds detached CMS signature 2021-02-12 12:34:19 +10:00
ocsp Allow NULL arg to OPENSSL_sk_{dup,deep_copy} returning empty stack 2021-02-04 07:28:11 +01:00
pem Update copyright year 2021-01-28 13:54:57 +01:00
perlasm Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 2020-07-05 11:29:43 +02:00
pkcs7 X509_STORE_CTX_cleanup(): Use internally so no need to call explicitly 2021-02-11 21:34:27 +01:00
pkcs12 Update copyright year 2020-11-26 14:18:57 +00:00
poly1305 crypto/poly1305/asm: fix armv8 pointer authentication 2020-10-29 17:17:21 +01:00
property ERR: Rebuild all generated error headers and source files 2020-11-24 15:22:33 +01:00
rand Refactor RAND_get0_primary() locking 2021-02-02 12:21:21 +00:00
rc2
rc4 rename md5_block_asm_data_order to ossl_md5_block_asm_data_order 2020-11-19 07:38:58 +10:00
rc5
ripemd Diverse build.info: Adjust paths 2020-09-10 09:50:56 +02:00
rsa Fix the RSA_SSLV23_PADDING padding type 2021-02-16 11:36:18 +00:00
seed
sha Update copyright year 2020-11-26 14:18:57 +00:00
siphash Delete unused PKEY MAC files 2020-08-29 17:40:11 +10:00
sm2 Update copyright year 2021-01-28 13:54:57 +01:00
sm3
sm4
srp Deprecate the low level SRP APIs 2021-02-12 08:47:32 +00:00
stack Allow NULL arg to OPENSSL_sk_{dup,deep_copy} returning empty stack 2021-02-04 07:28:11 +01:00
store Update copyright year 2021-01-28 13:54:57 +01:00
ts Allow NULL arg to OPENSSL_sk_{dup,deep_copy} returning empty stack 2021-02-04 07:28:11 +01:00
txt_db
ui ERR: Rebuild all generated error headers and source files 2020-11-24 15:22:33 +01:00
whrlpool Avoid undefined behavior with unaligned accesses 2020-05-27 20:11:20 +02:00
x509 Fix Null pointer deref in X509_issuer_and_serial_hash() 2021-02-16 11:32:32 +00:00
alphacpuid.pl
arm64cpuid.pl Read MIDR_EL1 system register on aarch64 2020-12-09 16:17:17 +01:00
arm_arch.h Read MIDR_EL1 system register on aarch64 2020-12-09 16:17:17 +01:00
armcap.c Update copyright year 2021-01-28 13:54:57 +01:00
armv4cpuid.pl
asn1_dsa.c Update copyright year 2020-10-15 14:10:06 +01:00
bsearch.c
build.info Fix no-threads 2020-12-14 10:45:27 +10:00
c64xpluscpuid.pl
context.c Always ensure we hold ctx->lock when calling CRYPTO_get_ex_data() 2021-02-02 12:21:21 +00:00
core_algorithm.c Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 2020-10-15 11:59:53 +01:00
core_fetch.c Update copyright year 2021-01-28 13:54:57 +01:00
core_namemap.c Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 2020-10-15 11:59:53 +01:00
cpt_err.c openssl_hexstr2buf_sep(): Prevent misleading 'malloc failure' errors on short input 2020-12-10 15:19:55 +01:00
cryptlib.c Update copyright year 2020-10-15 14:10:06 +01:00
ctype.c
cversion.c
der_writer.c der: _ossl prefix DER functions 2020-10-01 11:25:12 +10:00
dllmain.c
ebcdic.c
ex_data.c Always ensure we hold ctx->lock when calling CRYPTO_get_ex_data() 2021-02-02 12:21:21 +00:00
getenv.c Update copyright year 2020-10-15 14:10:06 +01:00
ia64cpuid.S
info.c Print CPUINFO also for s390 processors 2020-06-22 02:35:01 +02:00
init.c Optimise OPENSSL_init_crypto 2020-12-31 13:14:38 +01:00
initthread.c Update copyright year 2021-01-28 13:54:57 +01:00
LPdir_nyi.c
LPdir_unix.c
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c Add MAP_CONCEAL from OpenBSD which has similar purpose but on mmap 2020-12-08 18:27:07 +01:00
mem.c
mips_arch.h
o_dir.c
o_fopen.c Update copyright year 2020-11-26 14:18:57 +00:00
o_init.c
o_str.c openssl_hexstr2buf_sep(): Prevent misleading 'malloc failure' errors on short input 2020-12-10 15:19:55 +01:00
o_time.c Update copyright year 2020-07-16 14:47:04 +02:00
packet.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
param_build_set.c DH: make the private key length importable / exportable 2020-10-19 12:14:11 +02:00
param_build.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
params_from_text.c Enhanced integer parsing in OSSL_PARAM_allocate_from_text 2021-02-09 11:15:55 +01:00
params.c params: allow more variations in integer conversions. 2020-12-12 21:43:07 +10:00
pariscid.pl
passphrase.c CORE: Fix small bug in passphrase caching 2020-09-03 17:48:32 +02:00
ppc_arch.h
ppccap.c Update copyright year 2021-01-28 13:54:57 +01:00
ppccpuid.pl
provider_conf.c CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data() 2020-11-13 09:35:31 +01:00
provider_core.c Prov: add an option to force provider fetches to not be cached. 2021-02-12 12:28:55 +10:00
provider_local.h
provider_predefined.c serialisation: Add a built-in base provider. 2020-07-30 20:15:22 +10:00
provider.c CORE: Separate OSSL_PROVIDER activation from OSSL_PROVIDER reference 2020-12-17 12:02:08 +01:00
punycode.c Update copyright year 2020-10-15 14:10:06 +01:00
README-sparse_array.md Fix many MarkDown issues in {NOTES*,README*,HACKING,LICENSE}.md files 2020-07-05 11:29:43 +02:00
s390x_arch.h
s390xcap.c
s390xcpuid.pl
self_test_core.c Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 2020-10-15 11:59:53 +01:00
sparc_arch.h
sparccpuid.S
sparcv9cap.c
sparse_array.c Update copyright year 2020-10-15 14:10:06 +01:00
threads_lib.c Fix no-threads 2020-12-14 10:45:27 +10:00
threads_none.c Add some more CRYPTO_atomic functions 2020-12-31 13:14:38 +01:00
threads_pthread.c Don't make pthreads mutexes recursive. 2021-02-05 10:29:44 +00:00
threads_win.c Add some more CRYPTO_atomic functions 2020-12-31 13:14:38 +01:00
trace.c ENCODER: Add tracing 2020-11-11 12:43:27 +01:00
uid.c
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl