Skip to content
  1. Jun 18, 2018
  2. Jun 15, 2018
  3. Jun 13, 2018
    • Matt Caswell's avatar
      Add blinding to an ECDSA signature · 0c27d793
      Matt Caswell authored
      
      
      Keegan Ryan (NCC Group) has demonstrated a side channel attack on an
      ECDSA signature operation. During signing the signer calculates:
      
      s:= k^-1 * (m + r * priv_key) mod order
      
      The addition operation above provides a sufficient signal for a
      flush+reload attack to derive the private key given sufficient signature
      operations.
      
      As a mitigation (based on a suggestion from Keegan) we add blinding to
      the operation so that:
      
      s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order
      
      Since this attack is a localhost side channel only no CVE is assigned.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      0c27d793
  4. Jun 12, 2018
  5. Jun 11, 2018
  6. Jun 09, 2018
  7. Jun 08, 2018
  8. Jun 07, 2018
    • Marcus Huewe's avatar
      Do not free a session before calling the remove_session_cb · 6849421c
      Marcus Huewe authored
      If the remove_session_cb accesses the session's data (for instance,
      via SSL_SESSION_get_protocol_version), a potential use after free
      can occur. For this, consider the following scenario when adding
      a new session via SSL_CTX_add_session:
      
      - The session cache is full
        (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx))
      - Only the session cache has a reference to ctx->session_cache_tail
        (that is, ctx->session_cache_tail->references == 1)
      
      Since the cache is full, remove_session_lock is called to remove
      ctx->session_cache_tail from the cache. That is, it
      SSL_SESSION_free()s the session, which free()s the data. Afterwards,
      the free()d session is passed to the remove_session_cb. If the callback
      accesses the session's data, we have a use after free.
      
      The free before calling the callback behavior was introduced in
      commit e4612d02
      
       ("Remove sessions
      from external cache, even if internal cache not used.").
      
      CLA: trivial
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/6222)
      
      (cherry picked from commit c0a58e03)
      6849421c
  9. Jun 05, 2018
  10. Jun 02, 2018
  11. May 31, 2018
  12. May 30, 2018
  13. May 29, 2018
  14. May 26, 2018
  15. May 24, 2018
  16. May 23, 2018
    • Viktor Dukhovni's avatar
      Skip CN DNS name constraint checks when not needed · 6d3cfd13
      Viktor Dukhovni authored
      
      
      Only check the CN against DNS name contraints if the
      `X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` flag is not set, and either the
      certificate has no DNS subject alternative names or the
      `X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT` flag is set.
      
      Add pertinent documentation, and touch up some stale text about
      name checks and DANE.
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      6d3cfd13
    • Viktor Dukhovni's avatar
      Limit scope of CN name constraints · c2c2c7b3
      Viktor Dukhovni authored
      
      
      Don't apply DNS name constraints to the subject CN when there's a
      least one DNS-ID subjectAlternativeName.
      
      Don't apply DNS name constraints to subject CN's that are sufficiently
      unlike DNS names.  Checked name must have at least two labels, with
      all labels non-empty, no trailing '.' and all hyphens must be
      internal in each label.  In addition to the usual LDH characters,
      we also allow "_", since some sites use these for hostnames despite
      all the standards.
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      c2c2c7b3
  17. May 21, 2018
  18. May 20, 2018
  19. May 19, 2018
  20. May 18, 2018
  21. May 17, 2018
  22. May 16, 2018
  23. May 15, 2018
  24. May 14, 2018
  25. May 12, 2018