When looking for the issuer of a certificate, if current candidate is
expired, continue looking. Only return an expired certificate if no valid
certificates are found.
OpenSSL is able to generate a certificate with name constraints with any possible
subjectAltName field. The Name Contraint example in x509v3_config(5) even use IP
as an example:
However, until now, the verify code for IP name contraints did not exist. Any
check with a IP Address Name Constraint results in a "unsupported name constraint
type" error.
This patch implements support for IP Address Name Constraint (v4 and v6). This code
validaded correcly certificates with multiple IPv4/IPv6 address checking against
a CA certificate with these constraints:
Mike Bland [Thu, 1 May 2014 14:10:14 +0000 (10:10 -0400)]
Zero-initialize heartbeat test write buffer
The previous calls to memset() were added to tear_down() when I noticed the
test spuriously failing in opt mode, with different results each time. This
appeared to be because the allocator zeros out memory in debug mode, but not
in opt mode. Since the heartbeat functions silently drop the request on error
without modifying the contents of the write buffer, whatever random contents
were in memory before being reallocated to the write buffer used in the test
would cause nondeterministic test failures in the Heartbleed regression cases.
Adding these calls allowed the test to pass in both debug and opt modes.
Ben Laurie notified me offline that the test was aborting in
debug-ben-debug-64-clang mode, configured with GitConfigure and built with
GitMake. Looking into this, I realized the first memset() call was zeroing out
a reference count used by SSL_free() that was checked in
debug-ben-debug-64-clang mode but not in the normal debug mode.
Removing the memset() calls from tear_down() and adding a memset() for the
write buffer in set_up() addresses the issue and allows the test to
successfully execute in debug, opt, and debug-ben-debug-64-clang modes.
Replace manual ASN.1 decoder with ASN1_get object. This
will decode the tag and length properly and check against
it does not exceed the supplied buffer length.
Andy Polyakov [Mon, 12 May 2014 08:35:29 +0000 (10:35 +0200)]
Add "teaser" AES module for PowerISA 2.07.
"Teaser" means that it's not integrated yet and purpose of this
commit is primarily informational, to exhibit design choices,
such as how to handle alignment and endianness. In other words
it's proof-of-concept code that EVP module will build upon.
If the key type does not match any CMS recipient type return
an error instead of using a random key (MMA mitigation). This
does not leak any useful information to an attacker.
The "-unix <path>" argument allows s_server and s_client to use a unix
domain socket in the filesystem instead of IPv4 ("-connect", "-port",
"-accept", etc). If s_server exits gracefully, such as when "-naccept"
is used and the requested number of SSL/TLS connections have occurred,
then the domain socket file is removed. On ctrl-C, it is likely that
the stale socket file will be left over, such that s_server would
normally fail to restart with the same arguments. For this reason,
s_server also supports an "-unlink" option, which will clean up any
stale socket file before starting.
If you have any reason to want encrypted IPC within an O/S instance,
this concept might come in handy. Otherwise it just demonstrates that
there is nothing about SSL/TLS that limits it to TCP/IP in any way.
(There might also be benchmarking and profiling use in this path, as
unix domain sockets are much lower overhead than connecting over local
IP addresses).
Geoff Thorpe [Sun, 4 May 2014 20:19:22 +0000 (16:19 -0400)]
bignum: allow concurrent BN_MONT_CTX_set_locked()
The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
noted by Daniel Sands and co at Sandia. This was to handle the case that
2 or more threads race to lazy-init the same context, but stunted all
scalability in the case where 2 or more threads are doing unrelated
things! We favour the latter case by punishing the former. The init work
gets done by each thread that finds the context to be uninitialised, and
we then lock the "set" logic after that work is done - the winning
thread's work gets used, the losing threads throw away what they've done.
Even though the meat of dso_vms.c is compiled out on non-VMS builds,
the (pre-)compiler still traverses some of the macro handling. This
trips up at least one non-VMS build configuration, so this commit
makes the skip-VMS case more robust.
bignum: fix boundary condition in montgomery logic
It's not clear whether this inconsistency could lead to an actual
computation error, but it involved a BIGNUM being passed around the
montgomery logic in an inconsistent state. This was found using flags
-DBN_DEBUG -DBN_DEBUG_RAND, and working backwards from this assertion
in 'ectest';