mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 12:04:38 +08:00
Code Issues Packages Projects Releases Wiki Activity
7fab3c7d61
openssl/crypto
History
erbsland-dev 7fab3c7d61 Add Version Check for CSR Verification 
Fixes #5738: This change introduces a check for the version number of a CSR document before its signature is verified. If the version number is not 1 (encoded as zero), the verification function fails with an `X509_R_UNSUPPORTED_VERSION` error.

To minimize impact, this check is only applied when verifying a certificate signing request using the `-verify` argument, resulting in a `X509_REQ_verify` call. This ensures that malformed certificate requests are rejected by a certification authority, enhancing security and preventing potential issues.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24677)
2024-06-21 15:40:45 -04:00
..
aes enable AES-XTS optimization for AIX 2024-05-30 18:46:43 +02:00
aria Change loops conditions to make zero loop risk more obvious. 2022-05-24 14:11:20 +10:00
asn1 ASN1_item_verify_ctx(): Return -1 on fatal errors 2024-06-21 10:03:42 +02:00
async posix_async: FreeBSD also defines {make|swap|get|set}context 2024-04-04 08:45:13 +02:00
bf Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
bio Remove all references to FLOSS for NonStop Builds. 2024-04-24 09:35:29 +02:00
bn Allow group methods to customize initialization for speed 2024-06-05 11:11:52 +02:00
buffer Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
camellia Unable to run asm code on OpenBSD (amd64) 2024-04-17 09:38:06 +02:00
cast Copyright year updates 2023-09-07 09:59:15 +01:00
chacha chacha-riscv64-v-zbb.pl: better format 2024-05-08 11:10:45 +02:00
cmac Copyright year updates 2024-04-09 13:43:26 +02:00
cmp CMP: add support for requesting cert template using genm/genp 2024-06-20 13:38:13 +02:00
cms Fix error handling in CMS_EncryptedData_encrypt 2024-05-06 10:13:20 +02:00
comp Copyright year updates 2023-09-07 09:59:15 +01:00
conf Fix memory leak on error in crypto/conf/conf_mod.c 2024-06-05 13:15:29 +02:00
crmf CMP: add support for requesting cert template using genm/genp 2024-06-20 13:38:13 +02:00
ct Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
des Copyright year updates 2023-09-07 09:59:15 +01:00
dh Copyright year updates 2024-04-09 13:43:26 +02:00
dsa Check DSA parameters for excessive sizes before validating 2024-05-16 15:44:40 +02:00
dso Copyright year updates 2024-04-09 13:43:26 +02:00
ec Allow group methods to customize initialization for speed 2024-06-05 11:11:52 +02:00
encode_decode Copyright year updates 2024-04-09 13:43:26 +02:00
engine Copyright year updates 2024-04-09 13:43:26 +02:00
err Add Version Check for CSR Verification 2024-06-21 15:40:45 -04:00
ess ess_lib.c: Changed ERR_LIB_CMS to ERR_LIB_ESS 2024-04-30 09:21:30 +02:00
evp Fix regression of EVP_PKEY_CTX_add1_hkdf_info() with older providers 2024-06-21 16:41:33 +02:00
ffc fips: zeroization of public security parameters (PSPs) 2024-05-13 11:14:11 +02:00
hashtable Fix coverity-1596616 2024-04-26 17:09:06 +02:00
hmac Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac() 2021-06-23 23:00:36 +02:00
hpke Copyright year updates 2024-04-09 13:43:26 +02:00
http Copyright year updates 2024-04-09 13:43:26 +02:00
idea Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
kdf
lhash Copyright year updates 2024-04-09 13:43:26 +02:00
md2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
md4 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
md5 md5: add assembly implementation for loongarch64 2023-12-27 10:15:29 +01:00
mdc2 Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
modes Unable to run asm code on OpenBSD (amd64) 2024-04-17 09:38:06 +02:00
objects Typo fixes 2024-05-13 11:10:35 +02:00
ocsp Copyright year updates 2023-09-07 09:59:15 +01:00
pem Copyright year updates 2023-09-28 14:23:29 +01:00
perlasm fix crash in ecp_nistz256_point_add_affine() 2024-05-22 15:15:04 +02:00
pkcs7 Copyright year updates 2024-04-09 13:43:26 +02:00
pkcs12 fix potential memory leak in PKCS12_add_key_ex() 2024-06-18 13:36:56 -04:00
poly1305 poly1305.c: fix typo on POLY1305_BLOCK_SIZE 2024-04-17 09:41:14 +02:00
property Copyright year updates 2024-04-09 13:43:26 +02:00
rand internal/common.h: rename macro (un)likely to ossl_(un)likely 2023-11-03 21:08:22 +01:00
rc2 Copyright year updates 2023-09-07 09:59:15 +01:00
rc4 Copyright year updates 2023-09-07 09:59:15 +01:00
rc5 Copyright year updates 2023-09-07 09:59:15 +01:00
ripemd Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
rsa Removed hard coded value for cap in function ossl_rsa_multip_cap 2024-05-30 14:46:06 +02:00
seed Avoid duplicating symbols in legacy.a with some build options 2023-01-31 11:10:22 +11:00
sha Intentionally break EVP_DigestFinal for SHAKE128 and SHAKE256 2024-05-15 12:10:32 +02:00
siphash crypto/*: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
sm2 fix sm2 encryption implementation bug. 2024-05-15 11:17:14 +02:00
sm3 riscv: Support sm3 on platforms with vlen >= 128. 2023-10-26 15:55:50 +01:00
sm4 Copyright year updates 2024-04-09 13:43:26 +02:00
srp Copyright year updates 2023-09-28 14:23:29 +01:00
stack Copyright year updates 2024-04-09 13:43:26 +02:00
store Adding missing NULL pointer check 2024-04-15 10:29:14 +02:00
thread Copyright year updates 2023-09-07 09:59:15 +01:00
ts ts/ts_rsp_sign.c: Add the check for the EVP_MD_CTX_get_size() 2024-04-09 20:47:00 +02:00
txt_db Copyright year updates 2023-09-07 09:59:15 +01:00
ui Copyright year updates 2023-09-07 09:59:15 +01:00
whrlpool Unable to run asm code on OpenBSD (amd64) 2024-04-17 09:38:06 +02:00
x509 Add Version Check for CSR Verification 2024-06-21 15:40:45 -04:00
alphacpuid.pl
arm64cpuid.pl Update copyright year 2022-05-03 13:34:51 +01:00
arm_arch.h Copyright year updates 2024-04-09 13:43:26 +02:00
armcap.c Copyright year updates 2024-04-09 13:43:26 +02:00
armv4cpuid.pl Copyright year updates 2023-09-07 09:59:15 +01:00
asn1_dsa.c
bsearch.c
build.info Move stack of compression methods from libssl to OSSL_LIB_CTX 2024-05-28 08:56:13 +02:00
c64xpluscpuid.pl
comp_methods.c Move stack of compression methods from libssl to OSSL_LIB_CTX 2024-05-28 08:56:13 +02:00
context.c Move stack of compression methods from libssl to OSSL_LIB_CTX 2024-05-28 08:56:13 +02:00
core_algorithm.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
core_fetch.c "Reserve" the method store when constructing methods 2022-07-20 07:28:17 +01:00
core_namemap.c Copyright year updates 2023-09-07 09:59:15 +01:00
cpt_err.c err: add additional errors 2022-01-12 20:10:21 +11:00
cpuid.c Copyright year updates 2023-09-28 14:23:29 +01:00
cryptlib.c Copyright year updates 2023-09-07 09:59:15 +01:00
ctype.c Copyright year updates 2023-09-07 09:59:15 +01:00
cversion.c
der_writer.c der_writer: Use uint32_t instead of long. 2022-06-27 10:58:40 +02:00
deterministic_nonce.c Correct top for EC/DSA nonces if BN_DEBUG is on 2024-05-02 09:21:30 +02:00
dllmain.c Update copyright year 2022-05-03 13:34:51 +01:00
ebcdic.c
ex_data.c Fix error handling in CRYPTO_get_ex_new_index 2023-09-21 14:43:08 +02:00
getenv.c Update copyright year 2022-05-03 13:34:51 +01:00
ia64cpuid.S
info.c rand: remove unimplemented librandom stub code 2024-05-24 12:03:21 +02:00
init.c Copyright year updates 2024-04-09 13:43:26 +02:00
initthread.c crypto/initthread.c: fix misspelled OSSL_provider_init() in comment 2023-10-26 15:45:41 +01:00
loongarch64cpuid.pl LoongArch64 assembly pack: Really implement OPENSSL_rdtsc 2023-12-19 18:34:34 +01:00
loongarch_arch.h Copyright year updates 2023-09-07 09:59:15 +01:00
loongarchcap.c Copyright year updates 2023-09-07 09:59:15 +01:00
LPdir_nyi.c
LPdir_unix.c Copyright year updates 2023-09-07 09:59:15 +01:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c Add locking to CRYPTO_secure_used 2023-12-01 09:03:04 -05:00
mem.c Introduce new internal hashtable implementation 2024-04-24 12:03:30 +10:00
mips_arch.h
o_dir.c Update copyright year 2022-05-03 13:34:51 +01:00
o_fopen.c crypto: Fix various typos, repeated words, align some spelling to LDP. 2022-10-12 16:55:01 +11:00
o_init.c Update copyright year 2022-05-03 13:34:51 +01:00
o_str.c Copyright year updates 2024-04-09 13:43:26 +02:00
o_time.c
packet.c Copyright year updates 2023-09-07 09:59:15 +01:00
param_build_set.c ossl_param_build_set_multi_key_bn(): Do not set NULL BIGNUMs 2023-10-18 18:07:13 +02:00
param_build.c params: drop INT_MAX checks 2023-12-29 10:21:10 +01:00
params_dup.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
params_from_text.c Copyright year updates 2024-04-09 13:43:26 +02:00
params_idx.c.in params: provide a faster TRIE based param lookup. 2023-06-02 15:13:20 +10:00
params.c uefi: move variables 2024-05-30 18:38:12 +02:00
pariscid.pl
passphrase.c Stop raising ERR_R_MALLOC_FAILURE in most places 2022-10-05 14:02:03 +02:00
ppccap.c Update copyright year 2022-05-03 13:34:51 +01:00
ppccpuid.pl Update copyright year 2022-05-03 13:34:51 +01:00
provider_child.c Copyright year updates 2023-09-07 09:59:15 +01:00
provider_conf.c Fix remaining provider config settings to be decisive in value 2023-12-27 09:32:48 +01:00
provider_core.c Fix up path generation to use OPENSSL_MODULES 2024-04-18 18:38:56 +02:00
provider_local.h make struct provider_info_st a full type 2021-06-24 14:48:15 +01:00
provider_predefined.c make struct provider_info_st a full type 2021-06-24 14:48:15 +01:00
provider.c Copyright year updates 2023-09-07 09:59:15 +01:00
punycode.c Copyright year updates 2023-09-07 09:59:15 +01:00
quic_vlint.c QUIC: Enable building with QUIC support disabled 2023-01-13 13:20:16 +00:00
rcu_internal.h Copyright year updates 2024-04-09 13:43:26 +02:00
README-sparse_array.md
riscv32cpuid.pl Implement riscv_vlen_asm for riscv32 2024-05-10 17:02:49 +02:00
riscv64cpuid.pl riscv: Add basic vector extension support 2023-10-26 15:55:49 +01:00
riscvcap.c crypto/riscvcap: fix function declaration for hwprobe_to_cap 2024-05-14 15:24:26 +02:00
s390x_arch.h Copyright year updates 2023-09-07 09:59:15 +01:00
s390xcap.c Copyright year updates 2023-09-07 09:59:15 +01:00
s390xcpuid.pl
self_test_core.c Update copyright year 2022-05-03 13:34:51 +01:00
sleep.c For Unix, refactor OSSL_sleep() to use nanosleep() instead of usleep() 2024-05-22 09:59:32 +02:00
sparccpuid.S
sparcv9cap.c Split bignum code out of the sparcv9cap.c 2021-07-15 09:33:04 +02:00
sparse_array.c typo fix 2024-04-04 08:34:17 +02:00
threads_lib.c Define threads_lib.c functions only for OPENSSL_SYS_UNIX 2022-11-14 07:47:53 +00:00
threads_none.c Some minor nit corrections in the thread code for rcu 2024-06-20 16:56:39 +02:00
threads_pthread.c Some minor nit corrections in the thread code for rcu 2024-06-20 16:56:39 +02:00
threads_win.c Some minor nit corrections in the thread code for rcu 2024-06-20 16:56:39 +02:00
time.c Copyright year updates 2023-09-07 09:59:15 +01:00
trace.c "foo * bar" should be "foo *bar" 2023-09-11 10:15:30 +02:00
uid.c Copyright year updates 2023-09-07 09:59:15 +01:00
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl