| Age | Commit message (Collapse) | Author |
|---|
|
|
|
original diff from sven falempin, tweaked a bit by myself;
ok sthen
|
|
|
|
MPLS VPN cluesticks supplied by Dylan Hall
ok claudio@ jmc@
|
|
(Note that the CMS code is currently disabled.)
Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license)
tests from bluhm@
ok jsing
commit e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sun Sep 1 00:16:28 2019 +0200
Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
An attack is simple, if the first CMS_recipientInfo is valid but the
second CMS_recipientInfo is chosen ciphertext. If the second
recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
encryption key will be replaced by garbage, and the message cannot be
decoded, but if the RSA decryption fails, the correct encryption key is
used and the recipient will not notice the attack.
As a work around for this potential attack the length of the decrypted
key must be equal to the cipher default key length, in case the
certifiate is not given and all recipientInfo are tried out.
The old behaviour can be re-enabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9777)
(cherry picked from commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37)
|
|
ok mpi@
|
|
The recent EC group cofactor change results in stricter validation,
which causes the EC_GROUP_set_generator() call to fail.
Issue reported and fix tested by rsadowski@
ok tb@
|
|
These are internal only for now and will be made public at a later date.
The RSA_padding_{add,check}_PKCS1_OAEP() functions become wrappers around
the *_mgf1() variant.
ok tb@ inoguchi@ (as part of a larger diff)
|
|
commit the pending work and therefore start a new worklist. The delayed
commits can cause such situations to happen and there is no reason to
panic because of this.
Problem found by jmc@
OK benno@
|
|
openssl s_server has an arbitrary read vulnerability on Windows when run with
the -WWW or -HTTP options, due to an incomplete path check logic. Thanks to
Jobert Abma for reporting.
ok tb@
|
|
revisit a proper fix post release
committing on behalf of martijn@, ok eric@ and I
|
|
Allows valleyview and cherryview machines to boot without a display connected.
Previously they would get flooded by HPD events. HPD is known to not work on
valleyview and cherryview when powerwells are shut off.
Reported by jan@ on tech@ with valleyview and km at krot.org on bugs@ with
cherryview.
|
|
on html or groff. the solution, to replace the non-standard .nr macros
with a hang list, was provided by ingo - thanks!
ok schwarze
|
|
ip_ether.h is where netinet/ip_ipip.h got the forward declaration
for struct tdb from though, so fix that before cutting ip_ether.h
out of gif.
|
|
|
|
patch from krishnaiah.bommu@intel.com, ok dtucker
|
|
|
|
signature test mode and signing keys in ssh-agent.
From Sebastian Kinne (slightly tweaked)
|
|
krishnaiah.bommu@intel.com, ok djm@
|
|
ok deraadt@
|
|
When I introduced the tsleep loops in r1.23 I screwed it up and introduced
a bug: on EWOULDBLOCK we loop but fail to reset P_SELECT, so the thread
will continue to sleep but miss all relevant descriptor activity after
INT_MAX ticks have elapsed.
Spotted by mpi@ back in July.
ok mpi@
|
|
Based on OpenSSL 1.1.1.
ok tb@, inoguchi@ (on an earlier/larger diff)
|
|
while here, no need for Bk/Ek;
ok dtucker
|
|
with a sleep between. Reorganize the code for a single check.
ok anton beck florian mpi
|
|
of uninitialised memory in the sent icmp echorequest.
Reported by Adarsh Dinesh (adarsh.dinesh at gmail com)
OK florian@ deraadt@
|
|
---
Recent versions of Unbound contain a problem that may cause Unbound to
crash after receiving a specially crafted query. This issue can only be
triggered by queries received from addresses allowed by Unbound's ACL.
---
tested by benno, tb
|
|
While here Xr autoinstall(8).
Prompted by a question from jungle boogie on bugs@
OK deraadt
Input & OK jmc
|
|
doesn't exist in its own structure. This could greatly be improved upon,
but it makes snmp walk on its mib work.
OK claudio@
|
|
elements exists and is a (agentx) registered element. If so, forward the
getnext to the subagent, else get the actual next element.
This is only a partial fix, but lets us at least (together with a different
patch for relayd) walk relayd's elements.
OK claudio@
|
|
|
|
Manpage help jmc@ schwarze@
OK semarie@ claudio@
|
|
Pakosz.
|
|
U-Boot has been built with CONFIG_OF_BOARD for a year now
ok patrick@
|
|
strings because it is only guaranteed to be 256 bytes and even the
default 1024 is not always enough. Reported by Gregory Pakosz.
|
|
|
|
|
|
improvements:
- Tweak the digit '7' for consistency with other sizes (5x8 version)
- Tweak the digit '2' for consistency with other sizes (12x24 version)
- Shift the middle bar of the digit '3' one pixel up, for better
alignement (12x24 version)
- Make the 'Z' and 'z' characters more balanced, as is the case with
other sizes (12x24 version)
- Make the slash inside the digit '0' one pixel thiner (32x64 version)
OK patrick@, "go ahead" kettenis@
|
|
12 bytes of the struct were not touched and left uninitialized which is
not the idea.
Diff from Alexandre Hamada (hamada at registro dot br)
|
|
ip only whereas DTL_LOOP passes the address family of the packet and so
supports more address families.
To make this work umb_decap() prepends the AF to the packet and which is
consumed then by umb_input(). Similar umb_output() sets ph_family in the
mbuf header which is used by umb_start().
OK deraadt@ dlg@
|
|
ok martijn@
|
|
|
|
The existing code did a full recursive walk for O(horrible). Instead,
keep a single list of nodes plus the index of the first node whose
children haven't been scanned; lookup until that index catches the
end, appending the unscanned children of the node at the index. This
also makes the grpsym list order match that calculated by FreeBSD and
glibc in dependency trees with inconsistent ordering of dependent libs.
To make this easier and more cache friendly, convert grpsym_list
to a vector: the size is bounded by the number of objects currently
loaded.
Other, related fixes:
* increment the grpsym generation number _after_ pushing the loading
object onto its grpsym list, to avoid double counting it
* increment the grpsym generation number when building the grpsym list
for an already loaded object that's being dlopen()ed, to avoid
incomplete grpsym lists
* use a more accurate test of whether an object already has a grpsym list
Prompted by a diff from Nathanael Rensen (nathanael (at) list.polymorpheus.com)
that pointed to _dl_cache_grpsym_list() as a performance bottleneck.
Much proding from robert@, sthen@, aja@, jca@
no problem reports after being in snaps
ok mpi@
|
|
|
|
already checked it upfront and wouldn't reach this point if it didn't parse
correctly.
|
|
lived but still
|
|
|
|
be safe than sorry, check upfront
|
|
|
|
|
|
|
