Skip to content
  1. Oct 29, 2018
  2. Oct 28, 2018
  3. Oct 27, 2018
    • Fraser Tweedale's avatar
      Support GeneralSubtrees with minimum = 0 · c23e497d
      Fraser Tweedale authored
      
      
      The Name Constraints extension contains GeneralSubtree values
      indicating included or excluded subtrees.  It is defined as:
      
        GeneralSubtree ::= SEQUENCE {
          base                    GeneralName,
          minimum         [0]     BaseDistance DEFAULT 0,
          maximum         [1]     BaseDistance OPTIONAL }
      
      RFC 5280 further specifies:
      
        Within this profile, the minimum and maximum fields are not used with
        any name forms, thus, the minimum MUST be zero, and maximum MUST be
        absent.
      
      Because the minimum fields has DEFAULT 0, and certificates should be
      encoded using DER, the situation where minimum = 0 occurs in a
      certificate should not arise.  Nevertheless, it does arise.  For
      example, I have seen certificates issued by Microsoft programs that
      contain GeneralSubtree values encoded thus.
      
      Enhance the Name Constraints matching routine to handle the case
      where minimum is specified.  If present, it must be zero.  The
      maximum field remains prohibited.
      
      Reviewed-by: default avatarPaul Yang <yang.yang@baishancloud.com>
      Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/7039)
      c23e497d
  4. Oct 26, 2018
  5. Oct 25, 2018
    • Richard Levitte's avatar
      Windows: Produce a static version of the public libraries, always · b3023ced
      Richard Levitte authored
      
      
      When building shared libraries on Windows, we had a clash between
      'libcrypto.lib' the static routine library and 'libcrypto.lib' the
      import library.
      
      We now change it so the static versions of our libraries get '_static'
      appended to their names.  These will never get installed, but can
      still be used for our internal purposes, such as internal tests.
      
      When building non-shared, the renaming mechanism doesn't come into
      play.  In that case, the static libraries 'libcrypto.lib' and
      'libssl.lib' are installed, just as always.
      
      Fixes #7492
      
      Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/7496)
      b3023ced
  6. Oct 23, 2018
  7. Oct 22, 2018
    • Pauli's avatar
      RSA security bits calculation · 97b0b713
      Pauli authored
      
      
      NIST has updated their guidelines in appendix D of SP 800-56B rev2 (draft)
      providing a formula for the number of security bits it terms of the length
      of the RSA key.
      
      This is an implementation of this formula using fixed point arithmetic.
      For integers 1 .. 100,000 it rounds down to the next smaller 8 bit strength
      270 times.  It never errs to the high side.  None of the rounded values occur
      near any of the commonly selected lengths.
      
      Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/7352)
      97b0b713
    • Dr. Matthias St. Pierre's avatar
      RAND_add(): fix heap corruption in error path · 5b4cb385
      Dr. Matthias St. Pierre authored
      
      
      This bug was introduced by #7382 which enhanced RAND_add() to
      accept large buffer sizes. As a consequence, RAND_add() now fails
      for buffer sizes less than 32 bytes (i.e. less than 256 bits).
      In addition, rand_drbg_get_entropy() forgets to reset the attached
      drbg->pool in the case of an error, which leads to the heap corruption.
      
      The problem occurred with RAND_load_file(), which reads the file in
      chunks of 1024 bytes each. If the size of the final chunk is less than
      32 bytes, then RAND_add() fails, whence RAND_load_file() fails
      silently for buffer sizes n = k * 1024 + r with r = 1,...,31.
      
      This commit fixes the heap corruption only. The other issues will
      be addressed in a separate pull request.
      
      Thanks to Gisle Vanem for reporting this issue.
      
      Fixes #7449
      
      Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/7455)
      5b4cb385
  8. Oct 21, 2018
  9. Oct 19, 2018