Skip to content
  1. Sep 22, 2017
    • David Benjamin's avatar
      Guard against DoS in name constraints handling. · 8545051c
      David Benjamin authored
      
      
      This guards against the name constraints check consuming large amounts
      of CPU time when certificates in the presented chain contain an
      excessive number of names (specifically subject email names or subject
      alternative DNS names) and/or name constraints.
      
      Name constraints checking compares the names presented in a certificate
      against the name constraints included in a certificate higher up in the
      chain using two nested for loops.
      
      Move the name constraints check so that it happens after signature
      verification so peers cannot exploit this using a chain with invalid
      signatures. Also impose a hard limit on the number of name constraints
      check loop iterations to further mitigate the issue.
      
      Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4393)
      8545051c
  2. Sep 21, 2017
  3. Sep 20, 2017
  4. Sep 19, 2017
  5. Sep 18, 2017
  6. Sep 17, 2017
  7. Sep 15, 2017
  8. Sep 14, 2017
  9. Sep 13, 2017
  10. Sep 12, 2017
  11. Sep 11, 2017
  12. Sep 09, 2017
    • Andy Polyakov's avatar
      sha/asm/keccak1600-armv8.pl: fix return value buglet and ... · 236dd463
      Andy Polyakov authored
      
      
      ... script data load.
      
      On related note an attempt was made to merge rotations with logical
      operations. I mean as we know, ARM ISA has merged rotate-n-logical
      instructions which can be used here. And they were used to improve
      keccak1600-armv4 performance. But not here. Even though this approach
      resulted in improvement on Cortex-A53 proportional to reduction of
      amount of instructions, ~8%, it didn't exactly worked out on
      non-Cortex cores. Presumably because they break merged instructions
      to separate μ-ops, which results in higher *operations* count. X-Gene
      and Denver went ~20% slower and Apple A7 - 40%. The optimization was
      therefore dismissed.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      236dd463
  13. Sep 08, 2017